| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
For NVLink topology systems we need fabricmanager. Fabricmanager itself is
dependent on the datacenter driver set and not the regular x11 ones, it is also
tightly tied to the driver version. Furhtermore the current cudaPackages
defaults to version 11.8, which corresponds to the 520 datacenter drivers.
Future improvement should be to switch the main nvidia datacenter driver version
on the `config.cudaVersion` since these are well known from:
> https://docs.nvidia.com/deploy/cuda-compatibility/index.html#use-the-right-compat-package
This adds nixos configuration options `hardware.nvidia.datacenter.enable` and
`hardware.nvidia.datacenter.settings` (the settings configure fabricmanager)
Other interesting external links related to this commit are:
* Fabricmanager download site:
- https://developer.download.nvidia.com/compute/cuda/redist/fabricmanager/linux-x86_64/
* Data Center drivers:
- https://www.nvidia.com/Download/driverResults.aspx/193711/en-us/
Implementation specific details:
* Fabricmanager is added as a passthru package, similar to settings and
presistenced.
* Adds `use{Settings,Persistenced,Fabricmanager}` with defaults to preserve x11
expressions.
* Utilizes mkMerge to split the `hardware.nvidia` module into three comment
delimited sections:
1. Common
2. X11/xorg
3. Data Center
* Uses asserts to make the configurations mutualy exclusive.
Notes:
* Data Center Drivers are `x86_64` only.
* Reuses the `nvidia_x11` attribute in nixpkgs on enable, e.g. doesn't change it
to `nvidia_driver` and sets that to either `nvidia_x11` or `nvidia_dc`.
* Should have a helper function which is switched on `config.cudaVersion` like
`selectHighestVersion` but rather `selectCudaCompatibleVersion`.
|
|
postgresqlPackages.postgis: 3.3.3 -> 3.4.0
|
|
|
|
|
|
nixos/users-groups: rename passwordFile in hashedPasswordFile
|
|
|
|
This is to leverage systemd credentials for variables suffixed by _FILE.
|
|
nixos/sshd: don't validate mock host key, permit `RequiredRSASize`
|
|
healthchecks: add DB, DB_NAME and support for several _FILE options
|
|
mkEnableOption prepends "Whether to enable" to text, so this became
"Whether to enable Enables fscrypt ..."
|
|
nixos/swraid: fix regression for old initrd and add test coverage
|
|
|
|
Because it is dead.
|
|
nixos-rebuild: Add list-generations
|
|
|
|
Include note about systemd default watchdog reboot time
|
|
electron-bin: place electron files in libexec/
|
|
|
|
My system does not use `bcache` and I sould prever my `systemPackages`
not to have bcache tools.
The change does not change the default but proviced usual `enable` knob.
|
|
Add new command `nixos-rebuild list-generations`. It will show an output
like
```
$ nixos-rebuild list-generations
Generation Build-date NixOS version Kernel Configuration Revision Specialisations
52 (current) Fri 2023-08-18 08:17:27 23.11.20230817.0f46300 6.4.10 448160aeccf6a7184bd8a84290d527819f1c552c *
51 Mon 2023-08-07 17:56:41 23.11.20230807.31b1eed 6.4.8 99ef480007ca51e3d440aa4fa6558178d63f9c42 *
```
This also mentions the change in the upcoming release notes
|
|
nixos/galene: do not restrict AF_NETLINK
|
|
|
|
nixos/networkd: Fix incorrectly treating attrset as list
|
|
nixos/security/wrappers: simplifications and a fix for #98863 (respin of #199599)
|
|
This reverses a [change made during PR review][1] that I did not sufficiently
test, causing [this error][2].
[1]: https://github.com/NixOS/nixpkgs/pull/249643#discussion_r1309151135
[2]: https://github.com/NixOS/nixpkgs/pull/249643#issuecomment-1712707336
|
|
|
|
fixes #232505
Implements the new option `security.acme.maxConcurrentRenewals` to limit
the number of certificate generation (or renewal) jobs that can run in
parallel. This avoids overloading the system resources with many
certificates or running into acme registry rate limits and network
timeouts.
Architecture considerations:
- simplicity, lightweight: Concerns have been voiced about making this
already rather complex module even more convoluted. Additionally,
locking solutions shall not significantly increase performance and
footprint of individual job runs.
To accomodate these concerns, this solution is implemented purely in
Nix, bash, and using the light-weight `flock` util. To reduce
complexity, jobs are already assigned their lockfile slot at system
build time instead of dynamic locking and retrying. This comes at the
cost of not always maxing out the permitted concurrency at runtime.
- no stale locks: Limiting concurrency via locking mechanism is usually
approached with semaphores. Unfortunately, both SysV as well as
POSIX-Semaphores are *not* released when the process currently locking
them is SIGKILLed. This poses the danger of stale locks staying around
and certificate renewal being blocked from running altogether.
`flock` locks though are released when the process holding the file
descriptor of the lock file is KILLed or terminated.
- lockfile generation: Lock files could either be created at build time
in the Nix store or at script runtime in a idempotent manner.
While the latter would be simpler to achieve, we might exceed the number
of permitted concurrent runs during a system switch: Already running
jobs are still locked on the existing lock files, while jobs started
after the system switch will acquire locks on freshly created files,
not being blocked by the still running services.
For this reason, locks are generated and managed at runtime in the
shared state directory `/var/lib/locks/`.
nixos/security/acme: move locks to /run
also, move over permission and directory management to systemd-tmpfiles
nixos/security/acme: fix some linter remarks in my code
there are some remarks left for existing code, not touching that
nixos/security/acme: redesign script locking flow
- get rid of subshell
- provide function for wrapping scripts in a locked environment
nixos/acme: improve visibility of blocking on locks
nixos/acme: add smoke test for concurrency limitation
heavily inspired by m1cr0man
nixos/acme: release notes entry on new concurrency limits
nixos/acme: cleanup, clarifications
|
|
|
|
|
|
firefox-esr-102-unwrapped: remove
|
|
|
|
the schema files referenced in the current preStart are empty.
other ones exist, but don't apply cleanly either.
calling update.php with --update-schema works for initial setup and
updates. if the database schema is already up to date, it's idempotent.
|
|
|
|
nixos/buildbot: support reload, buildbot-www-react: init 3.9
|
|
|
|
wstunnel: correct listen option
|
|
nixos/networkd: Reload (not restart) when only .network units change
|
|
nixos/binfmt: improve type annotations
|
|
|
|
|
|
sudo, nixosTests.sudo: refresh set of maintainers
|
|
it should be checking that it is not a broken symlink but bash
conditionals are difficult
-d was causing the directory to not be created if it does not exist
```
$ install -m 0755 -d $PWD/hello
$ ls
hello/
$ ln -s something notexist
'notexist' -> 'something'
$ ls -l
lrwxrwxrwx artturin artturin 9 B Sat Sep 9 06:59:44 2023 notexist@ ⇒ something
drwxr-xr-x artturin artturin 2 B Sat Sep 9 06:59:36 2023 hello/
$ install -m 0755 -d $PWD/notexist
install: cannot change permissions of ‘/home/artturin/nixgits/my-nixpkgs/test/notexist’: No such file or directory
```
|
|
nixos/stalwart-mail: fixed broken link
|
|
|
|
|
|
|
|
|
|
This avoids the possible confusion with `passwordFile` being the file
version of `password`, while it should contain the password hash.
Fixes issue #165858.
|
|
time
I found it very confusing to get an error message on reboot about `10min` when that didn't seem to be the NixOS default.
|
|
jack-example-tools: init at 4
|
