This changes much of the make-disk-image.nix logic (and thus most NixOS
image building) to use LKL to set up the target directory structure rather
than a Linux VM. The only work we still do in a VM is less IO-heavy stuff
that while still time-consuming, is less of the overall load. The goal is
to kill more of that stuff, but that will require deeper changes to NixOS
activation scripts and switch-to-configuration.pl, and I don't want to
bite off too much at once.
* programs.zsh: factor zsh-syntax-highlighting out into its own module
* programs.zsh.syntax-highlighting: add `highlighters` option
* programs.zsh: document BC break introduced by moving zsh-syntax-completion into its own module
This is currently our default display manager, so I'm adding this to the
"tested" job as well to ensure we don't ship broken revisions where X is
most likely not working.
The test uses a custom SLiM theme that's specifically tailored for good
OCR results (mainly white background and black fonts without anything
else), because our default NixOS theme has a very small contrast between
background and fonts in some places.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The main change here is a patch of SLiM to tread a log file of
/dev/stderr specially in that it now uses std::cerr instead of a file
for logging.
This allows us to set the logfile to stderr in NixOS for the generated
SLiM configuration file and we now get logging to the systemd journal.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
* programs.zsh: add enableOhMyZsh option to automate setup of oh-my-zsh in global zshrc
* programs.zsh: make oh-my-zsh plugins configurable
* programs.zsh: add ohMyZshCustom option
* programs.zsh: add ohMyZshTheme option
* programs.zsh: applying minor fixes to evaluate expressions properly
* programs.zsh: fix ordering of oh-my-zsh config and execution
* programs.zsh: move all oh-my-zsh params into its own scope named programs.zsh.oh-my-zsh
The idea is to provide a convenient way to enable most vanilla hardening
features in one go. The hardened profile, then, will serve as a place for
features that enhance security but cannot be enabled for all deployments
because they interfere with legitimate use cases (e.g., using ptrace to
debug problems in an already running process).
Closes https://github.com/NixOS/nixpkgs/pull/24680
This reverts commit 6b7c5ba535.
Unfortunately it seems like this broke slim, lightdm and gdm (see #25068
and #23264). This is already reverted in the 17.03 branch (99dfb6d).
TODO: We need tests for slim and lightdm and fix the test for gdm
(failing since 2016-10-26) to prevent such breakage in the future.
This has surfaced since d990aa7163.
The "simpleUefiGummiboot" installer test fails since this commit,
because that commit introduced a small check to verify whether the store
was altered.
While installing NixOS for the first time, the store is usually in
/mnt/nix/store and without the read-only bind mount that's preventing
programs from altering the store.
So after nixos-install is done creating the system closure and setting
it as the active system profile, the bootloader is written from the
closure inside the chroot. The systemd-boot-builder is invoked during
this step, which adds .pyc files for various Python modules of the
Python 3 store path, which in turn invalidates the hash of the Python 3
store path itself.
At the time the system is booted up again, the nix-store is verified and
fails with something like this:
path /nix/store/zvm545rqc4d97caqq9h7344bnd06jhzb-python3-3.5.3 was
modified! expected hash
b2c975f4b8d197443fbb09690fb3f6545e165dd44c9309d7d6df2fce0579ebeb, got
bccca19f39c9d26d857ccf1fb72818b2b817967e6d497a25a1283e36ed0acf01
Running the interpreter with the -B argument prevents Python from
writing those byte code files:
https://docs.python.org/3/using/cmdline.html#cmdoption-B
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This reverts commit c2b56626f1.
It broke creating the manual. I suspect the descriptions are
auto-wrapped by <para> and </para>.
We've been through this already in 3af715af90.
/cc #24978, @zraexy, @Mic92.
The key distinction I'm drawing is that there's a component that deals
with the store of the machine being built, and another component for
the store building it. The inner part of it assumes nothing from the
builder (doesn't need chroot or root powers) so it can run comfortably
inside a Nix build, as well as nixos-rebuild. I have some upcoming work
that will use that to significantly speed up and streamline image builds
for NixOS, especially on virtualized hosts like EC2, but it's also a
reasonable speedup on native hosts.
bluez no longer recommends spawning "hciconfig <device> up" from a udev rule as
the main bluez daemon now supports automatically enabling power for all devices.
Reference: http://www.bluez.org/release-of-bluez-5-35/
This change fixes two major issues:
1. If you don't use SIGQUIT to stop Plex it will corrupt its own
database :(
2. Newer versions of Plex keep metadata in the
`com.plexapp.plugins.library.db` database. This is the file that
we copy into `/var/lib/plex/.skeleton`. If we copy the empty
database on top of this one the user will lose their entire
library metadata. This change skips the copy if the file
already exists.
* google-cloud-sdk: 150.0.0 -> 151.0.0
- gce/create-gce.sh: rewrite using nix-shell shebang and bash
- allows to run the script without being the same directory
- nix-shell install google-cloud-sdk
- some shellcheck cleanups and scripting best practice
- gce/create-gce.sh: do not clobber NIX_PATH: this allows NIX_PATH to be overwritten to build a different release
- gce/create-gce.sh: remove legacy hydra option