| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
x86_64,aarch64-linux -- exclude i686
|
|\
| |
| | |
nixos/release-small: add amazonImage
|
| |
| |
| |
| | |
fixup breakage from #104193
|
|\ \
| | |
| | | |
NixOS EC2 AMI: Support IMDSv2
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
According to Freenode's ##AWS, the metadata server can sometimes
take a few moments to get its shoes on, and the very first boot
of a machine can see failed requests for a few moments.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
AWS's metadata service has two versions. Version 1 allowed plain HTTP
requests to get metadata. However, this was frequently abused when a
user could trick an AWS-hosted server in to proxying requests to the
metadata service. Since the metadata service is frequently used to
generate AWS access keys, this is pretty gnarly. Version two is
identical except it requires the caller to request a token and provide
it on each request.
Today, starting a NixOS AMI in EC2 where the metadata service is
configured to only allow v2 requests fails: the user's SSH key is not
placed, and configuration provided by the user-data is not applied.
The server is useless. This patch addresses that.
Note the dependency on curl is not a joyful one, and it expand the
initrd by 30M. However, see the added comment for more information
about why this is needed. Note the idea of using `echo` and `nc` are
laughable. Don't do that.
|
| | |
| | |
| | |
| | | |
These two APIs have diverged over time and are no longer compatible.
|
|\ \ \
| |_|/
|/| | |
dockerTools.buildLayeredImage: Fix cross compilation
|
| | | |
|
|\ \ \
| |/ /
|/| | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
fcitx: Add test (Unicode input, table input, m17n)
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
nixos/nfs: add idmapd.settings option
|
| | | | |
| | | | |
| | | | |
| | | | | |
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
|
| | | | | |
|
| | | | | |
|
| |_|_|/
|/| | |
| | | |
| | | | |
it's also not needed given that empty list covers all use cases.
|
| |_|/
|/| |
| | |
| | |
| | | |
The tools used to create iso9660 images and tarballs are independent of
the platform of the closure contained within.
|
|\ \ \
| | | |
| | | |
| | | | |
... to new implementation - and a couple other improvements.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Beware: extraFeatures are not needed *for this* anymore,
but their removal may still cause a regression in some configs
(example: prefill module).
|
|\ \ \ \
| | | | |
| | | | | |
xterm: 353 -> 362, add test, add update script
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
nano: Update script, test
|
| | | | | | |
|
| | | | | | |
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
nixos/lvm2-activation-generator: fix warnings on activation
|
| |/ / / / |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
kernel config: explicitly enable CONFIG_IPV6
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
We currently build CONFIG_IPV6=m.
This seems to be not really well-supported in mainline kernels - see
https://lore.kernel.org/netdev/20201115224509.2020651-1-flokli@flokli.de/T/#u
Compiling it as a module doesn't give too much benefit - even for people
who did explicitly set `enableIPv6` to false, the `ipv6` module was
still loaded, as soon as another module was loaded that requires it
(bridge,br_netfilter,wireguard,ip6table_mangle,sctp,…).
By compiling it in, we only loose the possibility to not add it to
`boot.kernelModules` anymore (as it's part of the kernel directly). The
space savings are negligible.
People wanting to disable IPv6 still get the appropriate sysctls and
options set (while having the kernel code loaded), nothing is really
changing here.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Staging next
|
| |\| | | | |
|
| |\ \ \ \ \ |
|
| |\ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Due to being unused, and seemingly unusable, added appropriate release
notes.
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
nixos/codimd: add package option, refactor prettyJSON
|
| | |_|_|/ / / / /
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This adds a `package` option to allow for easier overriding of the used
CodiMD version and `runCommandLocal` with `nativeBuildInputs` is now
used to pretty print the configuration.
|
|\ \ \ \ \ \ \ \ \
| |_|_|_|_|/ / / /
|/| | | | | | | | |
nixos-help: fixup .desktop file & smaller refactoring
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This is to ensure that whenever we install the desktop item we also have
the script installed. Prior to b02719a we always had the reference to
the script in the desktop item. Since desktop items are being copied to
home directories and thus "bit rod" over time that absolute path was
removed.
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
derivation
See db236e588de "steam: Do $PATH lookup in steam.desktop [...]".
tl;dr: Otherwise widget/panel/desktop icons in DEs like KDE break.
|
|\ \ \ \ \ \ \ \ \
| |_|/ / / / / / /
|/| | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This allows to split up configuration into multiple modules
|
| | | | | | | | | |
|
| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
Add note about installing NixOS from distributions with /usr/sbin and…
|