* A dns_resolver entry is needed for a NFSv4 client to
resolve hostnames of NFS referrals and replicas.
* Make request-key.conf customizable, by moving
content from separate file into
`environment.etc."request-key.conf".text`
```
error: A definition for option `boot.initrd.systemd.extraBin.mount' is not of type `absolute path'. Definition values:
- In `/nix/store/h259dzilgbvpfsnlcyims14jrcdnx8fk-source/nixos/modules/tasks/filesystems/zfs.nix':
{
zfs = "/nix/store/hxg3s5l92y9n9m48p872i62dn5ck33hx-zfs-user-2.4.0-rc3/sbin/mount.zfs";
}
```
Fixes https://github.com/NixOS/nixpkgs/pull/414391#issuecomment-3448084329
When you set the bcachefs userspace tools with:
```nix
boot.bcachefs.package = /* custom pacakge */;
```
This now also changes the kernel package. The NixOS module now calls
on the nested `cfg.package.kernelModule` expression with
`kernelPackages.callPackage`. This will enable overriding both
userspace and kernel space from e.g. upstream git.
There are a bunch of components such as incus or LXC that also use
`boot.isContainer`, so we'd have to differentiate between "OS container"
and "actually nspawn".
This became necessary for the file-systems part where nspawn takes care
of setting up special filesystems like `/proc`, `/dev` etc., but others
don't.
To allow for a `boot.isContainer` being less overloaded, this introduces
`boot.isNspawnContainer` that is exclusively used for nspawn-specific
things. When `true`, `boot.isContainer = true;` is implied.
This is a subset of aba55d1b960b4b1817bc2a32deeba447ae51f0a3 (#67336)[1]
that I (Ma27) am using for quite a while in my systemd-nspawn setup
(without `nixos-container`) to have unprivileged containers.
Recently, Linus reminded me that this isn't part of upstream NixOS and
their setup fails like this when activating config in an nspawn
instance (no shared store):
stderr) activating the configuration...
stdout) setting up /etc...
stderr) mount: /dev: permission denied.
stderr) dmesg(1) may have more information after failed mount system call.
stderr) mount: /dev/pts: permission denied.
stderr) dmesg(1) may have more information after failed mount system call.
stderr) mount: /dev/shm: permission denied.
stderr) dmesg(1) may have more information after failed mount system call.
stderr) mount: /run: permission denied.
stderr) dmesg(1) may have more information after failed mount system call.
stdout) Activation script snippet 'specialfs' failed (32)
So I decided to submit this portion again.
[1] Hence I retained the original authorship.
Co-authored-by: Maximilian Bosch <maximilian@mbosch.me>
Without this, the service and timer name become like this:
❯ systemctl status bcachefs-scrub--.service
○ bcachefs-scrub--.service - bcachefs scrub on /
Loaded: loaded (/etc/systemd/system/bcachefs-scrub--.service; linked; preset: ignored)
Active: inactive (dead)
TriggeredBy: ● bcachefs-scrub--.timer
Upstream dropped `sha256_generic` in e96cb9507f
Quoting from upstream:
> sha256_blocks_generic() is moved from lib/crypto/sha256-generic.c into
lib/crypto/sha256.c. It's now a static function marked with
__maybe_unused, so the compiler automatically eliminates it in any
cases where it's not used.
Co-authored-by: dramforever <dramforever@live.com>
Fuse is stil enabled by default so the default behaviour of NixOS
doesn't change. However, now it's possible to actively exclude fuse when
you don't need it.
Ever since fb49d81b25 we set
CONFIG_PSTORE=y in the config because we set CONIFG_ACPI_APEI=y in the
kernel. This means we always have pstore built right into the kernel.
systemd thus always mounts `/sys/fs/pstore` which makes our custom unit
superfluous and redudant.
Fuse is stil enabled by default so the default behaviour of NixOS
doesn't change. However, now it's possible to actively exclude fuse when
you don't need it.
This change rework a bit the documentation on networking.sits to explain
what they actually are. In fact, there are three different protocols
being collectively called "SIT", which itself is a nonstandard term.
Duplicate address detection (DAD) causes newly added IPv6 addresses to
be effectively unusable for an unpredictable amount of time, introducing
race conditions in the network setup.
For example, a "tentative" addresses is not considered a valid source
address, so installing routes can fail unpredictably.
This change disables DAD for static IPv6 addresses, with the assumption
that the user already made sure they are unique when configuring the
network.
