Before the startup, the matrix-appservice-irc service sets up the
registration file such that it can be used by matrix-synapse. Part of
that setup requires us to change the group of said file so that the home
server can read it. Consequently, we need CAP_CHOWN and require that the
@chown system calls are allowed.
While we supposedly set up both of these, the setup of system calls is
broken as we have both an allow and a deny list of syscalls. But while
the allow list contains "@chown", the deny list contains "@privileged"
which contains "@chown" itself. So ultimately, we end up denying
"@chown".
Fix this issue by specifying "@chown" after the deny list.
Currently the installWrapper warning is issued if sudo (and sudo-rs)
aren't installed. This is fine, except we get the warning even if we
explicitly turn off installWrapper -- say, for this very reason!
Rather than warning on every build until either sudo is installed or
Akkoma is uninstalled, only warn if cfg.installWrapper is true.
Yall won't miss me. The packages I leave orphaned are trivially updated as dependents need the new versions.
But passively endorsing the direction this organization and its leadership is something I can't do.
To those who still have faith in turning this around, you da real MVP 🖖
Fixes issues described in #208242 for this part of the nixpkgs tree.
There are no behavioral changes in this, it only adjusts the code so
that it is easier to understand.
Also updates my information and contact info.
I no longer use The Hedgehog as my github username or online presence
username, so this fixes that. It also matches my github username, so it
should be easier for others to mention me if needed.
Since with the completion of the docbook migration) it seems unclear
what relevance editing xml in generall and docbook in particular with
Emacs still has to NixOS at all, and people interested in the topic
will presumably look to other resources elsewhere (e.g. to the nXML
mode's actual documenation).
- `mount-nvidia-binaries`: this option allows users to avoid mounting
nvidia binaries on the container.
- `mount-nvidia-docker-1-directories`: this option allows users to
avoid mounting `/usr/local/nvidia/lib{,64}` on containers.
Add the NixOS option `hardware.nvidia-container-toolkit-cdi-generator.enable`.
This enables the ability to expose GPU's in containers for container
runtimes that support the Container Device Interface (CDI)
Remove `cdi.static` and `cdi.dynamic.nvidia.enable` attributes.
