catch up lix to pickup 2.92.3 and pasta #257
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original commit: commit 3e855a0 Author: John Carey <[email protected]> Date: Thu Dec 1 10:36:50 2022 -0800 toGNUCommandLine: Unwrap value if set by mkForce/mkOverride mkForce/mkOverride place the desired content in the "content" attribute of an attrset, often changing the type of the option. By default "toGNUCommandLine" will now unwrap such a wrapped value instead of failing, though overrides to "mkOption" option will change this behavior and may add other support for attrsets.
Because we need things like __noChroot
Fixes https://awakesecurity.atlassian.net/browse/MONAPP-27168 `make-disk-image` was hanging in the middle of the `nixos-install` step: https://github.com/NixOS/nixpkgs/blob/41c440bebe969c5fc70c97f6b95536b33d50b152/nixos/lib/make-disk-image.nix#L279-L282 … specifically the `nix-env` sub-step: https://github.com/NixOS/nixpkgs/blob/e6f82bab843bd083cc7b46448a3a73809791713f/nixos/modules/installer/tools/nixos-install.sh#L165-L167 … if an auto-GC was triggered via the min-free option in the middle of that step. The fix is to disable `min-free` during a `nixos-install` to prevent this from happening.
so it depends on grafana
To configure necessary timeouts and parameterize user/group.
To avoid logs like this: ``` nghttpx-start[844]: /usr/bin/env: ‘python’: No such file or directory nghttpx-start[842]: 2023-01-12T02:01:51.382Z 839 839 91150668 WARN (shrpx_connection_handler.cc:613) ocsp query command for /etc/awake/sslkeys/server.crt failed: error=0, rstatus=0x7f00, status=127 ``` Or this: ``` nghttpx-start[904]: failed to invoke ['openssl', 'version']:[Errno 2] No such file or directory: 'openssl' ``` It seems necessary in the ocsp script and would benefit from `patchShebangs` in the nghttp2 derivation itself, but I am hesitant to add python as a buildInput to such a fundamental package.
To avoid the situation where a service unit file may have a [Unit] but no valid [Service]. This warning is explicitly omitted for some services that are generated by packages instead of by the systemd module. Co-authored-by: Parnell Springmeyer <[email protected]> Mel Zuser <[email protected]> Tomas Drtina <[email protected]>
Co-Authored-By: John Soo <[email protected]>
mailsend-go is a rewrite of mailsend in go. mailsend is not receiving feature updates as of 2019-02-11.
Introduces clickhouse-jdbc, liquibase-clickhouse Java modules. Uses liquibase-clickhouse local version to avoid use of obsolete clickhouse-jdbc Make clickhouse users.xml configurable Use `shaded` uberjar for liquibase-clickhouse to avoid managing transitive dependencies.
This change adds a derivation for the [`terraform-cloud-agent`][1] executable and a NixOS module that defines a systemd service for running that agent. [1]: https://developer.hashicorp.com/terraform/cloud-docs/agents. `stripRoot = false` Specify the hash Install tfc-agent binaries to `$out/bin` Declare the `mainProgram` metadata for this package ... so that it can be used with `lib.getExe`. Use `lib.getExe` Suggested by @jsoo1. Use freeformType for NixOS options that are turned into flags Suggested by @jsoo1. No need to guard on whether `cache-dir` and `data-dir` are null Suggested by @jsoo1. Ensure `/etc/terraform-cloud-agent/` Suggested by @jsoo1. Use the systemd-configured configuration directory Use the standard systemd environment identifiers `%S` and `%C` Suggested by @jsoo1. Add `user` and `group` and drop privileges Rider: add sandoxing arguments cribbed from the nginx module. Just give the `flags` attrset as an argument Sequence after `network-online.target` instead ... since that's what we really mean. Add doc strings and examples
workaround for NixOS#293038
- preActivationHook is inserted after: nix-build before: switch-to-configuration - postActivationHook is inserted after: switch-to-configuration before: reboot
Since the configuration assumes nscd.conf exists and nss is configured
This reverts commit 2ffdba9.
This reverts commit d1a97b0.
Change-Id: Ie7ec879d499be1e67982871659f3a414157a329d Signed-off-by: Raito Bezarius <[email protected]>
This reverts commit 01c1efc.
nix-eval-jobs is intimately tied to a specific Nix/Lix release and the Nix specific version includes a passthru attribute so downstream users can easily refer to it. Propagating the same pattern for the Lix version allows it to more readily be used as a drop in replacement.
They are not doing anything right now. This is in preparation for their complete removal from the tree. Note: several changes that affect the derivation inputs (e.g. removal of references to stub paths in build instructions) were left out. They will be cleaned up the next iteration and will require special care. Note: this PR is a result of a mix of ugly regex (not AST) based automation and some manual labor. For reference, the regex automation part was hacked in: https://github.com/booxter/nix-clean-apple_sdk Signed-off-by: Ihar Hrachyshka <[email protected]> partial cherry-pick of dd0f03a
This adds nix-fast-build to the lixPackageSets scope, allowing the use of nix-fast-build with Lix and its version of nix-eval-jobs
This adds nix-direnv to the lixPackageSets scope whose fallback logic for finding a Nix implementation will use Lix
…w meta.teams attribute Follow-up to NixOS#394797. Signed-off-by: Fernando Rodrigues <[email protected]> partial cherry-pick of 05580f4
Similar to nix-fast-build, this provides a version of colmena using Lix
Previously always the top-level lix package would be used, which is obviously not what we want.
…250516_a7634f87aac5
…250621_242a228124f7
Change-Id: I10fedc7098aaddb0df67acb76fe730ddd8883319 Signed-off-by: Raito Bezarius <[email protected]>
Change-Id: I8042bca710f047ca3c312c6fa7c8227d96f328d4 Signed-off-by: Raito Bezarius <[email protected]>
Change-Id: I724ca7bc993594d8b1b262202e423021f6288548 Signed-off-by: Raito Bezarius <[email protected]>
Change-Id: Ie7ec879d499be1e67982871659f3a414157a329d Signed-off-by: Raito Bezarius <[email protected]>
Change-Id: I5990ddd1d7eb16ca5023d4496550d67c4e361bc9 Signed-off-by: Raito Bezarius <[email protected]>
…250624_42e2bd045c9e
This adds also other bugs fixes as a fallout of the CVE fixes. https://lix.systems/blog/2025-06-27-lix-critical-bug/ Change-Id: I3af853f12b8ba9741f2180b82b5fb394b91defbf Signed-off-by: Raito Bezarius <[email protected]>
This adds also other bugs fixes as a fallout of the CVE fixes. https://lix.systems/blog/2025-06-27-lix-critical-bug/ Change-Id: I292c17120064d4af751d0a409511d1041f4bdb51 Signed-off-by: Raito Bezarius <[email protected]>
This adds also other bugs fixes as a fallout of the CVE fixes. https://lix.systems/blog/2025-06-27-lix-critical-bug/ Change-Id: I9949f4a488db0862ff62ef45736358bd4acda341 Signed-off-by: Raito Bezarius <[email protected]>
bacchanalia
force-pushed
the
zz/lix-2.92.3
branch
from
0c12898 to
1a37ae9
Compare
tm-drtina
approved these changes
Jul 2, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.