When you set the bcachefs userspace tools with:
```nix
boot.bcachefs.package = /* custom pacakge */;
```
This now also changes the kernel package. The NixOS module now calls
on the nested `cfg.package.kernelModule` expression with
`kernelPackages.callPackage`. This will enable overriding both
userspace and kernel space from e.g. upstream git.
There are a bunch of components such as incus or LXC that also use
`boot.isContainer`, so we'd have to differentiate between "OS container"
and "actually nspawn".
This became necessary for the file-systems part where nspawn takes care
of setting up special filesystems like `/proc`, `/dev` etc., but others
don't.
To allow for a `boot.isContainer` being less overloaded, this introduces
`boot.isNspawnContainer` that is exclusively used for nspawn-specific
things. When `true`, `boot.isContainer = true;` is implied.
This is a subset of aba55d1b96 (#67336)[1]
that I (Ma27) am using for quite a while in my systemd-nspawn setup
(without `nixos-container`) to have unprivileged containers.
Recently, Linus reminded me that this isn't part of upstream NixOS and
their setup fails like this when activating config in an nspawn
instance (no shared store):
stderr) activating the configuration...
stdout) setting up /etc...
stderr) mount: /dev: permission denied.
stderr) dmesg(1) may have more information after failed mount system call.
stderr) mount: /dev/pts: permission denied.
stderr) dmesg(1) may have more information after failed mount system call.
stderr) mount: /dev/shm: permission denied.
stderr) dmesg(1) may have more information after failed mount system call.
stderr) mount: /run: permission denied.
stderr) dmesg(1) may have more information after failed mount system call.
stdout) Activation script snippet 'specialfs' failed (32)
So I decided to submit this portion again.
[1] Hence I retained the original authorship.
Co-authored-by: Maximilian Bosch <maximilian@mbosch.me>
Without this, the service and timer name become like this:
❯ systemctl status bcachefs-scrub--.service
○ bcachefs-scrub--.service - bcachefs scrub on /
Loaded: loaded (/etc/systemd/system/bcachefs-scrub--.service; linked; preset: ignored)
Active: inactive (dead)
TriggeredBy: ● bcachefs-scrub--.timer
Upstream dropped `sha256_generic` in e96cb9507f
Quoting from upstream:
> sha256_blocks_generic() is moved from lib/crypto/sha256-generic.c into
lib/crypto/sha256.c. It's now a static function marked with
__maybe_unused, so the compiler automatically eliminates it in any
cases where it's not used.
Co-authored-by: dramforever <dramforever@live.com>
Fuse is stil enabled by default so the default behaviour of NixOS
doesn't change. However, now it's possible to actively exclude fuse when
you don't need it.
Ever since fb49d81b25 we set
CONFIG_PSTORE=y in the config because we set CONIFG_ACPI_APEI=y in the
kernel. This means we always have pstore built right into the kernel.
systemd thus always mounts `/sys/fs/pstore` which makes our custom unit
superfluous and redudant.
Fuse is stil enabled by default so the default behaviour of NixOS
doesn't change. However, now it's possible to actively exclude fuse when
you don't need it.
This change rework a bit the documentation on networking.sits to explain
what they actually are. In fact, there are three different protocols
being collectively called "SIT", which itself is a nonstandard term.
Duplicate address detection (DAD) causes newly added IPv6 addresses to
be effectively unusable for an unpredictable amount of time, introducing
race conditions in the network setup.
For example, a "tentative" addresses is not considered a valid source
address, so installing routes can fail unpredictably.
This change disables DAD for static IPv6 addresses, with the assumption
that the user already made sure they are unique when configuring the
network.
There is no canonical way to set a system domain name any longer. The one
we previously used was the NIS/YP one, but that is pointless these days.
The hostname is set up through /etc/hostname, but hostname(5) states that
it should only contain 64 7-bit ASCII characters, so it cannot be used
to cover the domain name.
We still support setting the domain name to complete the `fqdn` option
and as a central option to reference the domain name from. If anyone
wants a NIS/YP domain name set, do it yourself..
We then clarify that the domain option has nothing to do with DNS
resolution anymore and search should be configured instead.
Finally explain the purpose of the ndots option in the context of search
domains, since they decide when we stop considering the search domains
when querying names with more than one dot.
The `domainname` utility uses setdomainname (see getdomainname(2)) to
configure the NIS[1] (also known as YP) domain name.
It provided a central directory for various objects that are resolved via
nsswitch in the late 1990s and early 2000s.
It is however not a safe nor common deployment scenario anymore.
[1] https://en.wikipedia.org/wiki/Network_Information_Service
This is first and foremost to provide compat with scripts that call the
hostname executable to retrieve the hostname, an assumptions we probably
should not be breaking.
This will allow unlocking to take place *after* all of the devices have
been probed, as indicated by the x-systemd.wants and x-systemd.requires
options. This allows for multi-device bcachefs volumes to be reliably
unlocked.
Kernel 6.16-rc1 removed the poly1305 algorithm in
ceef731b0e22df80a13d67773ae9afd55a971f9e
bcachefs switched to the kernel libraries for poly1305 and chacha20 in
6.15 in 4bf4b5046de0ef7f9dc50f3a9ef8a6dcda178a6d
