per lorri's readme:
lorri creates an indirect garbage collection root for each .drv in
$XDG_CACHE_HOME/lorri (~/.cache/lorri/ by default) each time it
evaluates your project.
... so it doesn't make sense to have ProtectHome enabled for
lorri.service. lorri also needs to be able to modify
/nix/var/nix/gcroots/per-user/, so ProtectSystem can't be 'strict';
'full' is the next strongest.
fixes:
lorri: ERRO IO error binding to socket: Read-only file system (os error 30)
bisecting this error leads to a range of unbuildable commits including
'a31429165204 Merge pull request #243242 from
RaitoBezarius/systemd-254', so it's likely that systemd update changed
the behaviour of ProtectHome somehow (though the release notes don't
have any obvious culprits).
the conversion procedure is simple:
- find all things that look like options, ie calls to either `mkOption`
or `lib.mkOption` that take an attrset. remember the attrset as the
option
- for all options, find a `description` attribute who's value is not a
call to `mdDoc` or `lib.mdDoc`
- textually convert the entire value of the attribute to MD with a few
simple regexes (the set from mdize-module.sh)
- if the change produced a change in the manual output, discard
- if the change kept the manual unchanged, add some text to the
description to make sure we've actually found an option. if the
manual changes this time, keep the converted description
this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
most likely, people enabling the lorri module also want to use it,
without explicitly having to add it to users.users.<username>.packages.
cc @curiousleo @Profpatsch
