It is not necessary for the intermediate certificate to have a password set,
but currently the intermediatePasswordFile value is always accessed to load the credential.
(cherry picked from commit 8c51e99b96)
We previously only did this for Syslinux, which we don't use on UEFI machines.
Co-authored-by: Lee Bousfield <ljbousfield@gmail.com>
(cherry picked from commit dcb0423368)
Not-cherry-picked-because: On master, I want to remove nixseparatedebuginfod and replace it with nixseparatedebuginfod2 instead. This is done in https://github.com/NixOS/nixpkgs/pull/452053
system-ups.slice conflicts with shutdown.target, so
ups-killpower.service is never queued at shutdown.
The slice isn't doing anything; removing it is a simple fix.
(cherry picked from commit 30aa6b71f2)
We were relying on `composerNoScripts = false` to make sure post-install
command `assets:install` is run. `assets:install` copies assets from
`vendor/` directory into `public/` directory, placing it in appropriate
places.
However, with commit 80bb9aec24 ("kimai: switch to buildComposerProject2
and tag"), we switched to `buildComposerProject2` which has moved
`composer install` step to `composerVendor` derivation. By design,
`composerVendor` ignores anything that happens outside `vendor/`, so
the assets was not copied into final derivation.
So stop relying on `composerNoScripts = false` and run `assets:install`
ourselves in `postInstall` step. A side effect of this is that there is
another post-install step being skipped (`cache:clear`). However we
simply handle caches outside of the derivation (it's handled in the
module), so that's not a problem.
Fixes: https://github.com/NixOS/nixpkgs/issues/442208
(cherry picked from commit 1422ed8801)
A change in Linux 6.12 broke VirtualBox without an added kernel
parameter. VirtualBox version 7.2.2 has a fix, but it only works
for kernels >= 6.16.
(cherry picked from commit b04d39b01c)
When you set the bcachefs userspace tools with:
```nix
boot.bcachefs.package = /* custom pacakge */;
```
This now also changes the kernel package. The NixOS module now calls
on the nested `cfg.package.kernelModule` expression with
`kernelPackages.callPackage`. This will enable overriding both
userspace and kernel space from e.g. upstream git.
(cherry picked from commit 6e331d90bd)
Without this, the service and timer name become like this:
❯ systemctl status bcachefs-scrub--.service
○ bcachefs-scrub--.service - bcachefs scrub on /
Loaded: loaded (/etc/systemd/system/bcachefs-scrub--.service; linked; preset: ignored)
Active: inactive (dead)
TriggeredBy: ● bcachefs-scrub--.timer
(cherry picked from commit 74d1da02aa)
It would match options with those keys as a prefix,
e.g. x-systemd.requires-mounts-for=, and fail to extract a sensible
value.
(cherry picked from commit 9d769b6b9d)
This will allow unlocking to take place *after* all of the devices have
been probed, as indicated by the x-systemd.wants and x-systemd.requires
options. This allows for multi-device bcachefs volumes to be reliably
unlocked.
(cherry picked from commit ca0c35d813)
