There are a bunch of components such as incus or LXC that also use
`boot.isContainer`, so we'd have to differentiate between "OS container"
and "actually nspawn".
This became necessary for the file-systems part where nspawn takes care
of setting up special filesystems like `/proc`, `/dev` etc., but others
don't.
To allow for a `boot.isContainer` being less overloaded, this introduces
`boot.isNspawnContainer` that is exclusively used for nspawn-specific
things. When `true`, `boot.isContainer = true;` is implied.
Resolves the installer failing on devices that include this hardware, as
broadcom_sta was marked as insecure due to being unmaintained and having
active CVE's.
This commit be reverted when/if the installer has a mechanism for allowing
insecure packages.
Currently, we generate `/dev/disk/by-uuid` paths for encrypted LUKS
volumes, which makes it impossible to determine that they are waiting
on a Device Mapper device at boot. Using `/dev/mapper` paths ensures
that systemd stage 1 waives its standard mount timeout for these
volumes to allow the user more time to enter the LUKS password.
This is the easiest pick for new users to get their footing on NixOS.
NetworKManager allows managing a wide variety of different network
interface types interactively and with ease. It replaces `useDHCP` since
its default profiles for Ethernet and WLAN come with DHCP enabled by
default.
PR #256638 inadvertently introduced a bug in `nixos-generate-config` whereby it
would never put `bcache` into the `availableKernelModules` for the initrd.
This is because the `qr` operator in Perl returns a regex object, rather than
matching it; the regex object evaluates to true, making the filter expression
effectively `grep(!true, @bcacheDevices)`, which will always return an empty
list.
This script would always "detect" the "powersave" governor as it is available on
practically all CPUs while the "ondemand" governor is only available on some old
CPUs.
IME the "powersave" governor barely provides any power savings but introduces
massive performance deficits, including noticable stuttering. This is not the
default experience we should offer users, even for those who use laptops.
Use the kernel default (currently "performance", CPU makers may change it in
future) instead.
swraid support will now only be enabled by default if stateVersion is
older than 23.11. nixos-generate-config will now generate explicit
config for enabling support if needed.
The single option tries to do too much work, which just ends up confusing people.
So:
- don't force the console font, the kernel can figure this out as of #210205
- don't force the systemd-boot mode, it's an awkward mode that's not supported
on most things and will break flicker-free boot
- add a separate option for the xorg cursor scaling trick and move it under the xorg namespace
- add a general `fonts.optimizeForVeryHighDPI` option that explicitly says what it does
- alias the old option to that
- don't set any of those automatically in nixos-generate-config
Guest operating systems inside VMs or containers can't update the host CPU's microcode for obvious security reasons, so setting the `hardware.cpu.*.updateMicrocode` options is pointless.
The substr solution assumed a newline to be present.
The new solution will not remove the newline if it goes missing in the future.
Apparently this is idiomatic perl.
Thanks pennae for the suggestion!
Currently we're still using scripted networking by default. A problem
with scripted networking is that having `useDHCP` on potentially
non-existing interfaces (e.g. an ethernet interface for USB tethering)
can cause the boot to hang.
Closes#107908
