Modules built in to the kernel can attempt to load firmware before
init is started. To guarantee the firmware is accessible to them
where they expect, /lib has to exist in the initramfs — it can't be
created later by init, because by that point the module may already
have tried and given up.
The virtualisation.directBoot.initrd option was added for netboot
images, but the assertion to check directBoot enabled if it was used
caused an infinite recursion if it was. Minimal reproduction:
import nixos/tests/make-test-python.nix ({ pkgs, ... }: {
name = "";
nodes = {
machine = { config, ...}: {
imports = [ nixos/modules/installer/netboot/netboot-minimal.nix ];
virtualisation.directBoot = {
enable = true;
initrd = "${config.system.build.netbootRamdisk}/${config.system.boot.loader.initrdFile}";
};
};
};
testScript = "";
}) {}
The fix is to swap the two conditions, so that cfg.directBoot.enable
is checked first, and the initrd comparision will be short circuited.
This wasn't noticed during review because in earlier versions of the
virtualisation.directBoot patch, the assertion was accidentally in the
conditional above, so wasn't evaluated unless port forwarding was in
use.
The PAM service `greetd` creates now autostarts GNOME Keyring when it is
enabled via `services.gnome.gnome-keyring.enable`.
Should cause a lot fewer headaches for people like me who didn't know
why GNOME Keyring was complaining that it was never supplied with login details.
Fixes#246197
In https://github.com/NixOS/nixpkgs/pull/254071, a mismatch between usage of
the Nix language and the NixOS module system was introduced. By merging the
kwin_wayland wrapper attrset into the mkIf representation, the former was
effectively ignored.
As a result, the capability wrapper for kwin_wayland stopped being installed,
leading to realtime scheduling being disabled. The issue was not detected
because the behavioral change is very subtle.
By consistently using language-level constructs, this mismatch is resolved.
The capability wrapper is thus installed again and realtime scheduling is
restored.
When building kexec-based installer every mb saved will reduce the RAM usage and allow to install NixOS on smaller machines.
It also means that less data has to be downloaded from the network.
When using flakes or niv we no longer rely on nix channels beeing present
and when using something like nixos-anywhere, we no longer need to evaluate anything in the installer at all.
[Motivation](NixOS#257817 (comment))
`extraLayouts` was missed in #259891, so moving it to the other xkb
options with this PR.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
