only whitespace changes (mostly empty descriptions rendered as literal
line breaks and trailing space toPretty generates, but that were dropped
by mistune).
don't generate docbook for related packages, generate markdown instead.
this could be extended further to not even generate markdown but have
mergeJSON handle all of the rendering. markdown will work fine for now
though.
only whitespace changes to rendered outputs, all in the vicinity or body
of admonitions. previously admonitions would not receive paragraph
breaks even when they should have because the description postprocessing
did not match on their contents.
markdown-it-py creates different whitespace leaders/trailers than are
currently emitted, and when we convert examples and defaults to render
via markdown the spacing will change too. this has no effect on rendered
output.
mistune already does escaping. it does escaping for html, but the
difference is small enough that can just ignore that we're actually
targeting docbook here.
this was done only to make the conversion to MD easier to verify. we no
longer need it, and not keeping whitespace does not affect rendered outputs.
stripping will have to stay for now because description postprocessing
would add empty paragraphs otherwise.
`autosuspend` is a daemon that periodically runs user-defined checks to
verify whether the system should be suspended. It's already available
in nixpkgs. This adds a NixOS module which starts the daemon as a
systemd service.
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
following the plan in https://github.com/NixOS/nixpkgs/pull/189318#discussion_r961764451
also adds an activation script to print the warning during activation
instead of during build, otherwise folks using the new CLI that hides
build logs by default might never see the warning.
checkInputs used to be added to nativeBuildInputs. Now we have
nativeCheckInputs to do that instead. Doing this treewide change allows
to keep hashes identical to before the introduction of
nativeCheckInputs.
This reverts commit a768871934.
This is too fragile, it breaks at least on:
* ssl dh params
* hostnames in proxypass and upstreams are resolved in the sandbox
On some systems, EFI variables are not supported or otherwise wonky.
bootctl attempting to access them causes failures during bootloader
installations and updates. For such systems, NixOS provides the options
`boot.loader.efi.canTouchEfiVariables` and
`boot.loader.systemd-boot.graceful` which pass flags to bootctl that
change whether and how EFI variables are accessed.
Previously, these flags were only passed to bootctl during an install
operation. However, they also apply during an update operation, which
can cause the same sorts of errors. This change passes the flags during
update operations as well to prevent those errors.
Fixes https://github.com/NixOS/nixpkgs/issues/151336
The update test patches the systemd-boot binary to report a known
version then tests that this is the version updated from. The previous
patch would also search the kernel and initrd binaries, which would
cause sed to write out a temporary file that might cause the disk
to run out of space and the test to fail.
Only attempt to patch binaries which contain systemd-boot (usually
`BOOT<arch>.EFI` and `systemd-boot<arch>.efi` to avoid this problem.
As a bonus, this reduces test time by 20-30%.
The aarch64-linux kernel and initrd recently eclipsed 60M, causing the
boot disk image build to run out of space and fail. Double the size of
the image to 120M to fix the issue.
The disk image is stored in expandable qcow2 format, so only the space
actually used by files in the image is consumed. Therefore, other
architectures are not unfairly penalized, and the output size does not
suddenly double.
This also fixes NixOS tests which use this option, like systemd-boot's.
At some point many months ago, the systemd-boot update script stopped
outputting parentheses around the version being upgraded from, causing
the test to fail. Remove the parentheses from the expected message to
fix the test.
This moves the creation of the bind mount inside the `nixos-enter`
invocation. The command are executed in an unshared mount namespace, so
they can be run as an unprivileged user.
Although we don't really need HTML documentation in the minimal installer,
not including it may cause annoying cache misses in the case of the NixOS manual.
When installing NixOS in the target filesystem /mnt, paths relative to
configuration.nix in `initrd.secrets` are turned by Nix into absolute
paths that reference /mnt. While building the system derivation works,
installing the bootloader fails because the latter process takes place
inside the chroot environment where /mnt does not exist.
Ideally, we would also build the system within chroot, but this greatly
complicates the matter as it requires manually copying over Nix, its
runtime dependencies and all channels. Possibly, this would also break
several assumptions users have about how nixos-install works.
A simpler and safer (but less neat) solution is to temporarily bind
mount all mount points in /mnt under /mnt/mnt to keep the paths
functional while the bootloader is being installed.
This is essentially the workaround described in issue #73404.
The build of initrd-secrets can routinely fail for old boot entries
if the secrets have been removed or renamed in a later generation.
This always happens for generation 1, because it's built from the
NixOS installer and the paths differs by the mount point (i.e. /mnt).
The error is very confusing because it fails to mention it's about
an older generation and that it's somewhat harmless.
This commit turns the error into a warning for all generations but the
current, adds the name of the failed entry to the message and a note
explaining why it can happen.
This commit fixes a papercut in nixos-rebuild where people wanting to
switch to a specialisation (or test one) were forced to manually figure
out the specialisation's path and run its activation script - since now,
there's a dedicated option to do just that.
This is a backwards-compatible change which doesn't affect the existing
behavior, which - to be fair - might still be considered sus by some
people, the painful scenario here being:
- you boot into specialisation `foo`,
- you run `nixos-rebuild switch`,
- whoops, you're no longer at specialisation `foo`, but you're rather
brought back to the base system.
(it's especially painful for cases where specialisation is used to load
extra drivers, e.g. Nvidia, since then launching `nixos-rebuild switch`,
while forgetting that you're inside a specialisation, can cause some
parts of your system to get accidentally unloaded.)
I've tried to mitigate that by improving specialisations so that they
create a dedicated file somewhere in `/run/current-system` containing
the specialisation's name (which `nixos-rebuild` could then use as the
default value for `--specialisation`), but I haven't been able to come
up with anything working (plus it would be a breaking change then).
Closes https://github.com/NixOS/nixpkgs/issues/174065
* Will make it so that GHC.Paths's docdir NIX_GHC_DOCDIR points to an
actual directory.
* Documentation of all packages in the environment is available in
`$out/share/doc`.
This has previously been attempted in #76842 and reverted in #77442,
since documentation can collide when the libraries wouldn't (thanks to
the hash in the lib filename). `symlinkJoin` allows collision, so this
solution should be akin to #77523 (minus `buildEnv`, one step at a
time). `installDocumentation = false` restores the old behavior.
Collision in the documentation only happen if the dependency closure of
the given packages has more than one different derivation for the same
library of the very same version. I'm personally inclined not to claim
that our infrastructure does anything sensible in this case.
Additionally, the documentation is likely largely the same in such
cases (unless it is heavily patched).
Resolves#150666.
Resolves#76837.
Closes#150968.
Closes#77523.
If `runtime_dir` is not set, gitaly will use `/tmp` as a place for sockets
and packed binaries like `git2go`. If the gitlab instance does not experience
much traffic and gitlay is not restarted regularly, systemd-tmpfiles will
remove the binaries. This breaks some gitlab functionality until gitaly is
restarted manually.
This is a followup of #148921, to allow local builds when
`--target-host` is used again. It also documents the change in
behavior, regarding the specialty of the `localhost` value.
By removing the special handling of an empty `buildHost` and non empty
`targetHost`, this change also slightly alters the behavior of
`nixos-rebuild`.
Originally by specifying `--target-host target --build-host ""`, the
now removed special case would transform those arguments to
`--target-host target --build-host target`.
Now the empty `--build-host` would result in a local build.
This provides an easy way to specify exclude patterns in config. It was
already possible via extraBackupOptions; this change creates a simpler,
similar to other backup services, way to specify them.
This commit also moves the indicator files out of the directory that's
being backed up, so that the directory remains static throughout the
backup operation.
The agent has not been updated for a very long time. In addition to
updating to the newest tagged version the change creates a package for
it.
The existing version has issues with the new python2.7 package not
containing crypt.so file. And the commit
6910a4eea0 I believe introduced
regression that caused the shebang to not be updated.
