We ran into this issue wherein GitHub's `actions/checkout` would fail
because `git-config` would fail to include additional configuration.
The symptom was:
```
Error: fatal: could not read Username for 'https://github.com': terminal prompts disabled
```
And is caused by `git config --local includeIf.gitdir:/var/lib/github-runners/_work/…`.
Wherein `git` apparently resolves (canonicalizes) the current repository
path which then does not match the argument for `includeIf.gitdir` which
then means the configuration that `actions/checkout` is trying to apply
does not get pulled in, which then prevents git from authenticating with
GitHub and fails the build.
Ngl, gemini 3 found that out for me.
We could prefix `/private` everywhere, but changing the user's home
directory is going to [be tricky], not sure what do to about that.
[be tricky]: 7e22bf538a/modules/users/default.nix (L208)
Adds a new `services.dnsmasq.servers` option to configure upstream DNS servers. This allows users to specify which DNS servers dnsmasq should forward queries to, supporting domain-specific routing and custom ports.
When empty (default), dnsmasq uses servers from /etc/resolv.conf.
Signed-off-by: Wigger Boelens <me@wigger.email>
The conditional override was intended to be backwards-compatible with older runner packages without the `nodeRuntimes` argument.
However, `override` doesn't yield default arguments, so the override was never applied.
This commit removes the conditional entirely since `nodeRuntimes` was added back in 24.05.
I’m not *completely* certain that this handles user agents
correctly. There is a deprecated command, `launchctl asuser`, that
executes a command in the Mach bootstrap context of another user`.
<https://scriptingosx.com/2020/08/running-a-command-as-another-user/>
claims that this is required when loading and unloading user agents,
but I haven’t tested this. Our current launchd agent logic is pretty
weird and broken already anyway, so unless this actively regresses
things I’d lean towards keeping it like this until we can move
over entirely to `launchctl bootstrap`/`launchctl kickstart`, which
aren’t deprecated and can address individual users directly. Someone
should definitely test it more extensively than I have, though.
The previous command would fail because of datetimes not being
representable as JSON, wiping the config entirely because of the
`sponge` invocation that doesn't care whether the program piped in
fails.
This backs out commit 3b738c765d.
Setting a `umask` made the parent directory have too conservative of
permissions making it so `_github-runner` couldn't access the child
directories.
When `nix.enable` is off, we don’t necessarily have an active
Nix installation, so there won’t necessarily be an active
`/nix/var/nix/gcroots` directory to link things into. NixOS just skips
this unconditionally when `nix.enable` is off, but that doesn’t
work well with a context in which we usually expect `nix.enable`
to be coupled with an unmanaged system installation of Nix.
We now assume the daemon is used unconditionally when we manage the
Nix installation.
The `nix.gc` and `nix.optimise` services lose their `$NIX_REMOTE`
setting rather than making it unconditional, as the NixOS `nix.gc`
module does not set it. Possibly it should, but I think uniformity
between the two systems is better than diverging, even though I kind
of hate that the non‐daemon method of access is even a thing.
This is an equivalent of the `nix.enable` option from NixOS
and Home Manager. On NixOS, it mostly serves to allow building
fixed‐configuration systems without any Nix installation at
all. It should work for that purpose with nix-darwin too, and the
implementation is largely the same, but the main use case is more
similar to the Home Manager option: to allow the use of nix-darwin
with an unmanaged system installation of Nix, including when there
is another service expecting to manage it, as with Determinate.
By providing an escape hatch to opt out of Nix management entirely,
this will also allow us to consolidate and simplify our existing Nix
installation management, by being more opinionated about things like
taking ownership of the daemon and the build users. Porting one option
from NixOS lets us drop two that only ever existed in nix-darwin and
reduce overall complexity.
This shouldn’t actually be split out from the Plan because of the
current use of `$HOME` in the defaults for channel‐based setups.
This reverts commit 4bff4bc8ae.
This ensures that system activation does not depend on various
details of its process environment, ensuring uniformity across various
invocation contexts and with the `activate-system` daemon. This becomes
more important in a post‐user‐activation world to avoid problematic
dependencies like `$SUDO_USER`, but is a good idea in general.
The `sudoers(5)` defaults on my Sequoia system are:
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
Defaults env_keep += "HOME MAIL"
Of these preserved environment variables, the ones that are set in
practice when I run `sudo env` that aren’t set in the activation
script here are:
* `$COLORTERM`
* `$DISPLAY`
* `$EDITOR`
* `$MAIL`
* `$SSH_AUTH_SOCK`
* `$TERM`
* `$__CF_USER_TEXT_ENCODING`
Most of these seem either pointless or actively harmful to set for
the purpose of the system activation script.
This will mean that tools run during activation won’t print output
in the user’s preferred language, but that’s probably the right
trade‐off overall, as that is likely to break activation scripts
that parse command output anyway.
trying to fix#1142
testing requested changes
adding workspace to monitor force assignment
remove formatting
tests pass
proper tests
undo formatting
tests for on-window-detected and workspace-to-monitor-force-assignment
testing submodules
cleanup n if fiz
checking
final
toml null field aerospace callback issue
custom null filter for submodule list
check for no presense of window-regex and if.workspace config check
aerospace: add workspace-to-monitor-force-assignment option and fix
on-window-detected type #1208
trying to fix#1142
testing requested changes
adding workspace to monitor force assignment
remove formatting
tests pass
proper tests
undo formatting
tests for on-window-detected and workspace-to-monitor-force-assignment
testing submodules
cleanup n if fiz
checking
final
toml null field aerospace callback issue
custom null filter for submodule list
check for no presense of window-regex and if.workspace config check
error
formatting mishap
space left
small fix
formatting mishaps
