Added extra option to enable unprivileged containers. This includes a
patch to remove the hard-coded path to `lxc-user-nic` and a new security
wrapper to set SUID to `lxc-user-nic`.
Use the store directory for the devicetree package containing the
desired DTB when installing to the ESP. This allows for more than one
NixOS generation containing differing DTBs to coexist on the same ESP
(similar to how we can have multiple kernels & initrds). This change
removes the assumption that the filepath passed to `copy_from_file` is a
file that lives at the toplevel of a nix output path (which prior to the
systemd-boot DTB support was the case for the kernel and initrd
derivations).
This adds a new `imageStream` option that can be used in conjunction
with `pkgs.dockerTools.streamLayeredImage` so that the image archive
never needs to be materialized in the `/nix/store`. This greatly
improves the disk utilization for systems that use container images
built using Nix because they only need to store image layers instead of
the full image. Additionally, when deploying the new system and only
new layers need to be built/copied.
Test out both nix upgrade-nix and a NixOS upgrade.
Inject a fake fallback-paths.nix assuming a stable -> latest upgrade.
The NixOS upgrade does not use nixos-rebuild switch due to the
cost+annoyance of the instantiation needing
system.includeBuildDependencies.
provision # [ 8.223448] (kanidmd)[819]: kanidm.service: Failed to set up mount namespacing: /ofborg/checkout/repo/38dca4e3aa6bca43ea96d2fcc04e8229/builder/ofborg-evaluator-1/nixos/tests/common/acme/server:
No such file or directory
- Split desktop into desktop-basics (basic keybind & app launching) and
desktop-appinteractions (one applications triggering something in another) due to timeouts
- Wrap machine.wait_for_text to wait 10 seconds before starting
The 10 second delay improves runtime dramatically on weaker hardware. In desktop-ayatana-indicators
on my aarch64 laptop, runtime was cut down by 818,41 seconds (~ 14 minutes).
Hopefully helps abit with timeout issues on ARM :(
