When installing NixOS in the target filesystem /mnt, paths relative to
configuration.nix in `initrd.secrets` are turned by Nix into absolute
paths that reference /mnt. While building the system derivation works,
installing the bootloader fails because the latter process takes place
inside the chroot environment where /mnt does not exist.
Ideally, we would also build the system within chroot, but this greatly
complicates the matter as it requires manually copying over Nix, its
runtime dependencies and all channels. Possibly, this would also break
several assumptions users have about how nixos-install works.
A simpler and safer (but less neat) solution is to temporarily bind
mount all mount points in /mnt under /mnt/mnt to keep the paths
functional while the bootloader is being installed.
This is essentially the workaround described in issue #73404.
The build of initrd-secrets can routinely fail for old boot entries
if the secrets have been removed or renamed in a later generation.
This always happens for generation 1, because it's built from the
NixOS installer and the paths differs by the mount point (i.e. /mnt).
The error is very confusing because it fails to mention it's about
an older generation and that it's somewhat harmless.
This commit turns the error into a warning for all generations but the
current, adds the name of the failed entry to the message and a note
explaining why it can happen.
This commit fixes a papercut in nixos-rebuild where people wanting to
switch to a specialisation (or test one) were forced to manually figure
out the specialisation's path and run its activation script - since now,
there's a dedicated option to do just that.
This is a backwards-compatible change which doesn't affect the existing
behavior, which - to be fair - might still be considered sus by some
people, the painful scenario here being:
- you boot into specialisation `foo`,
- you run `nixos-rebuild switch`,
- whoops, you're no longer at specialisation `foo`, but you're rather
brought back to the base system.
(it's especially painful for cases where specialisation is used to load
extra drivers, e.g. Nvidia, since then launching `nixos-rebuild switch`,
while forgetting that you're inside a specialisation, can cause some
parts of your system to get accidentally unloaded.)
I've tried to mitigate that by improving specialisations so that they
create a dedicated file somewhere in `/run/current-system` containing
the specialisation's name (which `nixos-rebuild` could then use as the
default value for `--specialisation`), but I haven't been able to come
up with anything working (plus it would be a breaking change then).
Closes https://github.com/NixOS/nixpkgs/issues/174065
If `runtime_dir` is not set, gitaly will use `/tmp` as a place for sockets
and packed binaries like `git2go`. If the gitlab instance does not experience
much traffic and gitlay is not restarted regularly, systemd-tmpfiles will
remove the binaries. This breaks some gitlab functionality until gitaly is
restarted manually.
This is a followup of #148921, to allow local builds when
`--target-host` is used again. It also documents the change in
behavior, regarding the specialty of the `localhost` value.
By removing the special handling of an empty `buildHost` and non empty
`targetHost`, this change also slightly alters the behavior of
`nixos-rebuild`.
Originally by specifying `--target-host target --build-host ""`, the
now removed special case would transform those arguments to
`--target-host target --build-host target`.
Now the empty `--build-host` would result in a local build.
This provides an easy way to specify exclude patterns in config. It was
already possible via extraBackupOptions; this change creates a simpler,
similar to other backup services, way to specify them.
This commit also moves the indicator files out of the directory that's
being backed up, so that the directory remains static throughout the
backup operation.
The agent has not been updated for a very long time. In addition to
updating to the newest tagged version the change creates a package for
it.
The existing version has issues with the new python2.7 package not
containing crypt.so file. And the commit
6910a4eea0 I believe introduced
regression that caused the shebang to not be updated.
apparently pandoc has changed behavior over the past releases, so the
files are no longer in sync. occasionally this requires edits
to the markdown source to not remove an anchor that was there
before (albeit wth a very questionable id), or where things were simply
being misrendered due to syntax errors.
we only have three uses at the moment, all of them in code blocks where
they could just as well (or maybe better) be comments. markdown can't do
callouts without another pandoc filter, so we'll turn them into comments
instead.
synapse would've benefited from inline links, but referencing an
external numbered list as plain text (instead of clickable links, like
callout lists had) seems even worse than putting urls into comments as
plain text.
markdown doesn't really have examples as a first-class construct. we'll
keep all examples that are referenced around for now, but all
unreferenced examples turn into invisible anchors. (turning them into
fourth-level headings in their files, as would be necessary for emacs,
removes them from the TOC anyway.)
productname, application, acronym, guilabel, and guibutton were so far
not rendered specially and can go away completely.
replaceable does render differently, but since it was only used twice
and in places where the intent should be clear without the extra markup
it can go as well.
makes sure that program listing tags are separated from their contents
by exactly a newline character. this makes the markdown translation
easier to verify (since no new newlines need to be inserted), and
there's no rendering difference anyway.
MD can only do the latter, so change them all over now to keeps diffs reviewable.
this also includes <literal><xref> -> <xref> where options are referenced since
the reference will implicitly add an inner literal tag.
markdown cannot represent those links. remove them all now instead of in
each chapter conversion to keep the diff for each chapter small and more
understandable.
