On some systems bootctl cannot write the `LoaderSystemToken` EFI variable
during installation, which results in a failure to install the boot
loader. Upstream provides a flag (--graceful) to ignore such write failures -
this change exposes it as a configuration option.
As the exact semantics of this option appear to be somewhat volatile it
should be used only if systemd-boot otherwise fails to install.
The multipath-tools package had existed in Nixpkgs for some time but
without a nixos module to configure/drive it. This module provides
attributes to drive the majority of multipath configuration options
and is being successfully used in stage-1 and stage-2 boot to mount
/nix from a multipath-serviced iSCSI volume.
Credit goes to @grahamc for early contributions to the module and
authoring the NixOS module test.
This change is strictly functionally equivalent because we're just
lifting the transformation of `source` out of `mapAttrs` to the single point of
use (in escapeShellArgs).
This is also much faster because we can skip a map over all `etc` items.
Fixes:
```
activating the configuration...
warning: user ‘systemd-coredump’ has unknown group ‘systemd-coredump’
setting up /etc...
```
Oversight of #133166
When cross-compiling, we can't run the runtime shell to check syntax
if it's e.g. for a different architecture. We have two options here.
We can disable syntax checking when cross compiling, but that risks
letting errors through. Or, we can do what I've done here, and change
the syntax check to use stdenv's shell instead of the runtime shell.
This requires the stdenv shell and runtime shell to be broadly
compatible, but I think that's so ingrained in Nixpkgs anyway that
it's fine. And this way we avoid conditionals that check for cross.
The primary use case is tools like sops-nix and agenix to restart units
when secrets change. There's probably other reasons to restart units as
well and a nice thing to have in general.
The treatment of the "source" parameter changed
with eb7120dc79, breaking stuff.
Before that commit, the source parameter was converted to a
string by implicit coercion, which would copy the file to the
store and yield an string containing the store path. Now, by
the virtue of escapeShellArg, toString is called explicitly on
that path, which will yield an string containing the absolute
path of the file.
This commit restores the old behavior.
- boost 167 removed on staging-next (7915d1e03f) × boost attributes are inherited on staging (d20aa4955d)
- linux kernels were moved to linux-kernels.nix on staging-next (c62f911507) × hardened kernels are versioned on staging (a5341beb78) + removed linux_5_12 (e55554491d)
- conflict in node-packages – I regenerated it using node2nix from nixos-unstable (does not build on staging)
The main goal of this commit is to replace the rather fragile passing of
multiple arrays which could break in cases like #130935.
While I could have just added proper shell escaping to the variables
being passed, I opted for the more painful approach of replacing the
fragile and somewhat strange construct with the 5 bash lists. While
there are currently no more problems present with the current approach
(at least none that I know of), the new approach seems more solid and
might get around problems that could arise in the future stemming from
either the multiple-lists situation or from the absence of proper shell
quoting all over the script.
