Of course, you'll get a bunch of warnings from the activation script:
$ nixos-enter --root /tmp/mnt/
setting up /etc...
mount: /dev: permission denied.
mount: /dev/pts: permission denied.
mount: /dev/shm: permission denied.
mount: /sys: permission denied.
/nix/var/nix/profiles/system/activate: line 74: /proc/sys/kernel/modprobe: Permission denied
chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/dbus-daemon-launch-helper': Invalid argument
NOTE: Under Linux, effective file capabilities must either be empty, or
exactly match the union of selected permitted and inheritable bits.
Failed to set capabilities on file `/run/wrappers/wrappers.0pKlU8JsvV/ping' (Operation not permitted)
chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/unix_chkpwd': Invalid argument
[root@nixos:/]#
Sometimes it's needed to override parts of `vim_configurable`, for
instance when using ENSIME (http://ensime.github.io/), in this case you
need a Python interpreter and the modules `sexpdata` and
`websocket_client`.
However overriding `vim_configurable` is quite hard as we run
`vimUtils.makeCustomizable` over the default comming from
`configurable.nix`. Therefore it's necessary to copy the code from
`all-packages.nix` and alter the parts you need: https://nixos.org/nix-dev/2017-April/023364.html
In order to simplify overriding `vim_configurable` I added an
`override` and an `overrideAttrs` function to `vimutils.makeCustomizable`
to ensure that the customization capabilities won't be lost after
altering the derivation.
Now it's possible to write expressions like this without evaluation
failures:
```
with pkgs;
let
vimPy3 = vim_configurable.override {
python = python3;
};
in vimPy3.customize { ... }
```
l2tp saves its secrets into /etc/ipsec.d but strongswan would not read
them. l2tp checks for /etc/ipsec.secrets includes /etc/ipsec.d and if
not tries to write into it.
Solution:
Have the strongswan module create /etc/ipsec.d and /etc/ipsec.secrets
when networkmanager_l2tp is installed.
Include /etc/ipsec.secrets in
/nix/store/hash-strongswan/etc/ipsec.secrets so that it can find l2tp
secrets.
Also when the ppp 'nopeerdns' option is used, the DNS resolver tries to
write into an alternate file /etc/ppp/resolv.conf. This fails when
/etc/ppp does not exist so the module creates it by default.
the new version brings a new panel in IPsec settings which allows to
reenable old algorithms for IPsec phases 1/2 (dropped in recent libreswan/strongswan etc).
Also updates the homepage with the new one.
http2Support was disabled due to a bootstrapping issue involving xz.
Now that xz is available in the bootstrap environment for all
platforms, http2Support can be enabled globally.
As-is the use of 'configureFlags="..."' breaks cross compilation
as it drops the configure platforms arguments.
Set zprofile separately to handle $out.
