Commit graph

2121 commits

Author SHA1 Message Date
Eelco Dolstra
8cb3e3b864 httpd: Disable insecure protocols/ciphers by default
This makes us resistant to FREAK and similar attacks.
2015-03-09 14:18:12 +01:00
Eelco Dolstra
d31202fba2 sshd: Enable seccomp sandboxing 2015-03-09 11:27:19 +01:00
lethalman
9867f4bdef Merge pull request #6720 from nslqqq/nmhooks
New NetworkManager Dispatcher scripts options
2015-03-09 10:36:10 +01:00
William A. Kennington III
5b059416b8 Merge pull request #6699 from hakuch/fix_samba
Samba: Fixed "syncPasswordsByPam".
2015-03-08 16:09:29 -07:00
obadz
e5d4624420 PAM/eCryptfs now able to mount ecryptfs'd home directories on login 2015-03-08 16:03:51 -07:00
Nikita Mikhailov
579159c72b Add dispatcher configuration options to NetworkManager module 2015-03-08 20:24:53 +01:00
Unai Zalakain
581a90bad8 Optional user and group to run the MPD 2015-03-08 10:18:40 +00:00
Jesse Haber-Kucharsky
5a1950d985 Samba: Fixed "syncPasswordsByPam". 2015-03-07 17:56:46 +00:00
Nikolay Amiantov
b802018482 stage-1: fix hibernation (close #6675)
Fixes #6617.
2015-03-07 13:00:08 +01:00
Eelco Dolstra
3b9b620656 Revert "linux: disable UEVENT_HELPER*"
This reverts commit 9f87f3ccb0 because
it causes /proc/sys/kernel/hotplug to not be cleared on Linux <= 3.14.
2015-03-06 15:59:06 +01:00
Nikolay Amiantov
4fde098eec Merge pull request #6677 from abbradar/sddm
Add SDDM display manager
2015-03-05 21:03:43 +03:00
Nikolay Amiantov
4f317767da lightdm: don't leave a shell running 2015-03-05 20:49:45 +03:00
Nikolay Amiantov
264c6892f2 nixos/uim: capitalize description 2015-03-05 20:49:45 +03:00
Nikolay Amiantov
db5b08cfaf nixos/sddm: add display manager 2015-03-05 20:49:26 +03:00
Eelco Dolstra
9bb586943a Deal with virtualisation.xen.stored in a more standard way 2015-03-05 12:46:50 +01:00
Luca Bruno
b93e8bab3a nixos/xen: do not use derivation in the default values
The xen package is broken on i686, so this would break the generation
of the nixos manual.
2015-03-04 12:05:58 +01:00
Eelco Dolstra
1002fb6433 Add "input" group
This is required by systemd >= 215.
2015-03-03 20:27:09 +01:00
Eelco Dolstra
8546ec7c74 Fix some uid/gid clashes 2015-03-03 20:26:36 +01:00
Eelco Dolstra
a4e0278fcd Create /dev/nvidia-uvm for CUDA support 2015-03-03 20:24:14 +01:00
lethalman
c97d7819ab Merge pull request #6624 from joachifm/grsec-lock
nixos: grsec-lock service fixes
2015-03-02 18:49:39 +01:00
Joachim Fasting
18320d3b21 nixos: fix grsec-lock requires 2015-03-02 18:39:04 +01:00
Joachim Fasting
ccd6f5a313 nixos: make the grsec-lock unit depend on the path it writes to
The grsec-lock unit fails unless /proc/sys/kernel/grsecurity/grsec_lock
exists and so prevents switching into a new configuration after enabling
grsecurity.sysctl.
2015-03-02 18:39:01 +01:00
lethalman
373c4ce0ec Merge pull request #6605 from AndersonTorres/afterstep
Adding Afterstep to nixos window manager modules
2015-03-02 18:00:28 +01:00
Tobias Geerinckx-Rice
9f87f3ccb0 linux: disable UEVENT_HELPER*
Deprecated since 2006: http://lwn.net/Articles/166954/
2015-03-01 03:31:59 +01:00
Eelco Dolstra
307064ceb5 Don't use machinectl to shut down containers
If the host is shutting down, machinectl may fail because it's
bus-activated and D-Bus will be shutting down. So just send a signal
to the leader process directly.

Fixes #6212.
2015-02-28 19:23:00 +01:00
AndersonTorres
929485b645 Adding Afterstep to nixos modules 2015-02-28 11:14:33 -03:00
AndersonTorres
5472af91f2 Fluxbox: update to 1.3.7 2015-02-28 11:04:20 -03:00
Jaka Hudoklin
6dc0938a3e Merge pull request #6591 from lseppala/master
Fix rebooting containers where resolv.conf is a symlink
2015-02-28 12:19:01 +01:00
Joachim Fasting
0473b4ae8d nixos: citerefentry markup in lxc option descriptions 2015-02-28 09:21:48 +01:00
Joachim Fasting
d375550ead nixos: add a few missing type specifiers under boot.* 2015-02-28 09:19:23 +01:00
Lane Seppala
4106a3b74e Fix rebooting containers where resolv.conf is a symlink 2015-02-27 10:27:18 -07:00
Eelco Dolstra
22d2fc3657 Fix "systemctl reload container@"
Fixes #5179.
2015-02-27 14:32:54 +01:00
Rob Vermaas
24e0565407 Only start fetch-keys for GCE image after ip-up. 2015-02-27 10:48:15 +00:00
Rob Vermaas
e4928b8955 GCE image: Pass header to metadata service calls. 2015-02-26 19:20:43 +00:00
Sander van der Burg
7b27af61fb Add NixOS global binaries to the PATH 2015-02-26 17:29:49 +00:00
Eelco Dolstra
6177710ac7 Merge pull request #6046 from ts468/xen
Update: Xen 4.5 + NixOS Xen modules
2015-02-26 10:15:05 +01:00
lethalman
b6672f232a Merge pull request #6283 from mdorman/master
Fix initial-install issues with couchdb.nix.
2015-02-26 10:11:18 +01:00
lethalman
d791335ac2 Merge pull request #6518 from ehmry/u9fs
U9fs
2015-02-26 09:41:18 +01:00
William A. Kennington III
9ce0c1cb71 nixos/consul: Fix timeout bugs and json formatting 2015-02-25 15:42:43 -08:00
Thomas Strobel
3d4fbb874c Update: add new Xen versions + update NixOS Xen modules
Versions of XEN:
- Xen 4.5
- Xen 4.5 + XenServer patches
- Xen 4.4.1
2015-02-25 23:30:44 +01:00
William A. Kennington III
f27fa79aa9 nixos/dnsmasq: Fix service name typo 2015-02-25 09:22:16 -08:00
Eelco Dolstra
36d0f367de ssh-agent: Fix asking for confirmation via $SSH_ASKPASS
This was lost back in
ffedee6ed5. Getting this to work is
slightly tricky because ssh-agent runs as a user unit, and so doesn't
know the user's $DISPLAY.
2015-02-25 14:31:17 +01:00
Eelco Dolstra
93902ea108 nsswitch.conf: Omit ldap unless ldap is enabled
This prevents programs from trying to find nss_ldap.
2015-02-25 14:31:13 +01:00
William A. Kennington III
e453f99446 nixos/networkd: Add an assertion for unsupported rstp 2015-02-24 13:09:34 -08:00
Lluís Batlle i Rossell
b26e939111 fix pam (OATH related)
the pam config was wrong.

Issue #6551
2015-02-24 17:52:41 +01:00
Eelco Dolstra
16cf3ee9da Ensure that the home directory exists even if the user already exists 2015-02-24 11:57:38 +01:00
Jaka Hudoklin
1cddb5be20 mongodb: remove lock file on restart 2015-02-23 20:40:13 +01:00
Eelco Dolstra
b70bd0879b sshd: Generate a ed25519 host key 2015-02-23 17:00:07 +01:00
Emery Hemingway
446580f3cd nixos: u9fs service module 2015-02-22 12:16:58 -05:00
Bjørn Forsman
d5017499a2 nixos/redis: capitalize service description 2015-02-22 16:54:14 +01:00