systemd provides two sysctl snippets, 50-coredump.conf and
50-default.conf.
These enable:
- Loose reverse path filtering
- Source route filtering
- `fq_codel` as a packet scheduler (this helps to fight bufferbloat)
This also configures the kernel to pass coredumps to `systemd-coredump`.
These sysctl snippets can be found in `/etc/sysctl.d/50-*.conf`,
and overridden via `boot.kernel.sysctl`
(which will place the parameters in `/etc/sysctl.d/60-nixos.conf`.
Let's start using these, like other distros already do for quite some
time, and remove those duplicate `boot.kernel.sysctl` options we
previously did set.
In the case of rp_filter (which systemd would set to 2 (loose)), make
our overrides to "1" more explicit.
sysctl.d(5) recommends prefixing all filenames in /etc/sysctl.d with a
two-digit number and a dash, to simplify the ordering of the files.
Some packages provide custom files, often with "50-" prefix.
To ensure user-supplied configuration takes precedence over the one
specified via `boot.kernel.sysctl`, prefix the file generated there with
"60-".
* lib: introduce `foreach` = flip map
The main purpose is to bring attention to `flip map`, which improves
code readablity. It is useful when ad-hoc anonymous function
grows two or more lines in `map` application:
```
map (lcfg:
let port = lcfg.port;
portStr = if port != defaultPort then ":${toString port}" else "";
scheme = if cfg.enableSSL then "https" else "http";
in "${scheme}://cfg.hostName${portStr}"
) (getListen cfg);
```
Compare this to `foreach`-style:
```
foreach (getListen cfg) (lcfg:
let port = lcfg.port;
portStr = if port != defaultPort then ":${toString port}" else "";
scheme = if cfg.enableSSL then "https" else "http";
in "${scheme}://cfg.hostName${portStr}"
);
```
This is similar to Haskell's `for` (http://hackage.haskell.org/package/base-4.12.0.0/docs/Data-Traversable.html#v:for)
* mass replace "flip map -> foreach"
See `foreach`-introduction commit.
```
rg 'flip map ' --files-with-matches | xargs sed -i 's/flip map /foreach /g'
```
* Revert "mass replace "flip map -> foreach""
This reverts commit 3b0534310c.
* mass replace "flip map -> forEach"
See `forEach`-introduction commit.
```
rg 'flip map ' --files-with-matches | xargs sed -i 's/flip map /forEach /g'
```
* rename foreach -> forEach
* and one more place
* add release notes
* tortoisehg: untie from mercurial
When I've added `tortoisehg` package, it turned out that mercurial updates
sometimes broke thg. I've added a comment to `mercurial/default.nix` to
update torotisehg version during mercurial updates, but this worked the other way round:
mercurial stopped to be updated regularly (https://github.com/NixOS/nixpkgs/pull/60993).
And sadly it didn't solve the issue - https://github.com/NixOS/nixpkgs/issues/61759.
Here I'm trying to untie them. Tortoisehg will build a custom mercurial package
if versions don't match. This makes updating tortoisehg more complicated,
but it is still better than current situation.
* expose custom mercurial from thg package
* Regenerated all patches for 1.4.2 and resolved
any conflicts.
* fix-test-paths.patch doesn't copy the whole locale archive
because we have C.UTF8 now.
* nixos/flatpak creates a Flatpak system helper user
Change introduced in 1.3.2.
Changes:
See https://github.com/flatpak/flatpak/releases/tag/1.3.1 through
1.4.2.
