This reverts commit 2265160fc0 and
e56db577a1.
Ideally, we shouldn't cause friction for users that bump `stateVersion`,
and I'd consider having to switch and/or manually hardcode a UID/GID
to supress the warning friction. I think it'd be more beneficial to, in
this rare case of an ID being missed, just let it be until more
discussion happens surrounding this overall issue.
See https://github.com/NixOS/nixpkgs/pull/217785 for more context.
This reverts commits f5483464d5 and
6b9583e5e1.
Ideally, we shouldn't cause friction for users that bump `stateVersion`,
and I'd consider having to switch and/or manually hardcode a UID/GID
to supress the warning friction. I think it'd be more beneficial to, in
this rare case of an ID being missed, just let it be until more
discussion happens surrounding this overall issue.
See https://github.com/NixOS/nixpkgs/pull/217785 for more context.
Without this change, users that have both `initialHashedPassword` and
`hashedPassword` set will have `initialHashedPassword` take precedence,
but only for the first time `/etc/passwd` is generated. After that,
`hashedPassword` takes precedence. This is surprising behavior as it
would generally be expected for `hashedPassword` to win if both are set.
This wouldn't be a noticeable problem (and an assert could just be made
instead) if the users-groups module did not default the
`root.intialHashedPassword` value to `!`, to prevent login by default.
That means that users who set `root.hashedPassword` and use an ephemeral
rootfs (i.e. `/etc/passwd` is created every boot) are not able to log in
to the root account by default, unless they switch to a new generation
during the same boot (i.e. `/etc/passwd` already exists and
`hashedPassword` is used instead of `initialHashedPassword`) or they set
`root.initialHashedPassword = null` (which is unintuitive and seems
redundant).
It looks like the systemd-initrd variant of the systemd-shutdown test
(systemd-initrd-shutdown) did not actually enable the systemd-initrd and
so was just evaluating to the same store path before this change.
In general the man pages do not care what OS and manual they are shipped
with, so they don't get to choose the names of them. We were tempted to
do so, as we had inconsistently chosen OS names for the mandoc and
man-db/groff implementations. Since this has been rectified since, we
can just drop this boilerplate from the man pages.
We’ve been having trouble figuring out which kind of token to use and
why our setup would break every few system updates.
This should clarify which options there are, and which ones lead to
better results.
Ideally there would be a manual section that has a step-by-step guide
on how to set up the github runner, with screenshots and everything.
This builds on top of nixpkgs mainline 00d8347180
with the following two PRs cherry-picked:
- https://github.com/NixOS/nixpkgs/pull/192670
- https://github.com/NixOS/nixpkgs/pull/192668
using the following command:
```
nix build -f nixos -L \
-I nixos-config=nixos/modules/installer/sd-card/sd-image-powerpc64le.nix \
config.system.build.sdImage
```
I was able to successfully boot the image, although it boots to a login prompt
rather than a shell, and won't accept the empty password for `root`. I guess
I'll have to figure out why that is.
To boot the image: `zstd`-decompress the it, mount it, and use `kexec`:
```
cd boot/nixos
kexec -l \
*-vmlinux \
--initrd *-initrd \
--dt-no-old-root \
--command-line="$(grep APPEND ../extlinux/extlinux.conf | sed 's_^ *APPEND *__')"
```
The machine I used for testing has only one storage device which is completely
allocated to LVM. It appears that the NixOS ISO loader doesn't look for
partition tables within LVM volumes. To work aroundn this, I had to extract the
`ext4` image within the partition table within the `sd-card` image and put that
in its own LVM volume. This likely won't be an obstacle for users who write the
image to a USB stick or similar.
Upstream has officially abandoned the project as of 2021 [0], there's been
no release since 2016, it uses the EoL Qt 4, and alternatives like
KeePassXC exist.
Also move KeePassXC to its own directory -- it doesn't make sense to
have it in KeePassX's folder anymore.
[0]: https://www.keepassx.org/index.html%3Fp=636.html
GDM and LightDM are already using this approach. It also allows us to
enable Kwallet integration more globally without generating stray PAM
services.
The default configuration of login service includes both options sddm
was setting explicitly.
This removes two unused service configs from /etc/pam.d/ and, more
importantly, reduces confusion.
* kdm no longer exists in nixpkgs
* `pam.d/gdm` is not used by gdm
* `pam.d/lightdm` IS used by lightdm but hardcoded using .text rather
than attrset+template.
the old method of pasting parts of options.json into a markdown document
and hoping for the best no longer works now that options.json contains
more than just docbook. given the infrastructure we have now we can
actually render options.md properly, so we may as well do that.
