This reduces the time window during which IP addresses are gone during
switch-to-configuration. A complication is that with stopIfChanged =
true, preStop would try to delete the *new* IP addresses rather than
the old one (since the preStop script now runs after the switch to the
new configuration). So we now record the actually configured addresses
in /run/nixos/network/addresses/<interface>. This is more robust in
any case.
Issue https://github.com/NixOS/nixops/issues/640.
This also fixes a missing header in the SDK that rtags needs to work
properly. The underlying cause is that C++ headers got shuffled around a
lot in libc++ 3.8 (I believe) and became more standards-compliant, which
led to a lot of C-compatible passthrough header files being added to it
like math.h, which defines some C++-compatible versions of standard
functions like signbit, while #include_next'ing the system math.h. In
this case, including the SDK was stuffing another math.h in front of the
libc++ shim, which led to all sorts of mysterious failures.
Unfortunately, somewhere between 16.09 and 17.03, paravirtualized
instances stopped working. They hang at the pv-grub prompt
("grubdom>"). I tried reverting to a 4.4 kernel, reverting kernel
compression from xz to bzip2 (even though pv-grub is supposed to
support xz), and reverting the only change to initrd generation
(5a8147479e). Nothing worked so I'm
giving up.
Docker socket is world writable. This means any user on the system is
able to invoke docker command. (Which is equal to having a root access
to the machine.)
This commit makes socket group-writable and owned by docker group.
Inspired by
https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.socket
Allows using a different haskell package set to generate the nix
expressions (during eval time) than the one used to actually build the
package (at build time).
