Commit graph

2036 commits

Author SHA1 Message Date
Franz Pletz
41698c9efa Merge branch 'master' into hardened-stdenv 2016-02-15 20:05:29 +01:00
Nikolay Amiantov
a0afc49f0f dspam service: restrict socket access 2016-02-14 10:35:06 +03:00
Nikolay Amiantov
2cee5a42b0 dspam service: set ClientHost 2016-02-14 10:35:04 +03:00
Franz Pletz
6a036d9fca Merge pull request #9913 from chris-martin/synaptics-options
Add synaptics options for palm detection and scroll speed
2016-02-14 06:08:36 +01:00
Markus Wotringer
4bc9e8a785 elasticsearch2: init at 2.2.0
changes by @globin:
 * updated 2.1.0 to 2.2.0
 * moved to a new derivation

closes #11446

Signed-off-by: Robin Gloster <mail@glob.in>
2016-02-13 15:03:09 +00:00
Robin Gloster
c2b578386e kibana: fix pkg and module 2016-02-13 15:03:09 +00:00
Robin Gloster
e1493f2ba7 logstash module: use literalExample 2016-02-13 15:03:09 +00:00
Edward Tjörnhammar
9c249a3adf nixos: i2pd, make config options adhere to version 2.4.0 2016-02-13 15:22:31 +01:00
Nikolay Amiantov
c9d38164b7 dspam service: make maintenance script verbose 2016-02-12 18:00:00 +03:00
Robin Gloster
648e596c5f Merge pull request #12683 from heydojo/bluetooth--plasma5
kde5 bluedevil plasmoid : enable bluez5 bluetooth functionality
2016-02-12 13:49:54 +01:00
Eelco Dolstra
fd8bd17c3e postgresql: Bump default version to 9.5 2016-02-12 13:20:11 +01:00
Peter Simons
7bd6fc90cb Merge pull request #12725 from jerith666/postfix-dns-bl
postfix service: implement DNS blacklist support
2016-02-12 12:43:27 +01:00
Franz Pletz
c29205f965 Merge pull request #12941 from elitak/unifi_fix
unifi: LD_LIBRARY_PATH hack for embedded libsnappyjava.so, fixes #12897
2016-02-12 08:22:20 +01:00
Edward Tjörnhammar
81b5223c97 nixos: gitit, wrong type restriction redacted 2016-02-12 07:00:37 +01:00
Matt McHenry
40c7d554d4 postfix service: implement DNS blacklist support 2016-02-11 22:13:09 -05:00
Eric Litak
fc8a16f4ed unifi: LD_LIBRARY_PATH hack for embedded libsnappyjava.so, fixes #12897 2016-02-11 09:06:33 -08:00
Nikolay Amiantov
ccece1ca88 dspam service: restart on failure 2016-02-11 14:03:34 +03:00
Eelco Dolstra
86c2a0f783 mediawiki: 1.23.9 -> 1.23.13 2016-02-11 11:24:44 +01:00
Nikolay Amiantov
aff38b2040 postgresql service: don't use su 2016-02-10 23:27:33 +00:00
Nikolay Amiantov
1b1ae14512 postfix module: fix link to postfix-files 2016-02-10 23:27:30 +00:00
Nikolay Amiantov
ef92a19fd3 dovecot service: add sendmail_path 2016-02-10 23:27:29 +00:00
Nikolay Amiantov
b12646cb79 postsrsd: fix secret generation 2016-02-10 23:27:29 +00:00
Robin Gloster
c341a01281 Merge pull request #12913 from tg-x/tinc-chroot
tinc: enable chroot
2016-02-10 18:15:39 +01:00
tg(x)
5c19830b77 tinc: chroot option 2016-02-10 17:29:36 +01:00
Eelco Dolstra
652ff6902c Merge pull request #12910 from abbradar/postgresql-no-su
postgresql service: don't use su
2016-02-10 12:01:06 +01:00
tg(x)
c768172919 tinc: enable chroot 2016-02-10 01:49:41 +01:00
Nikolay Amiantov
37bb4855c8 postfix module: fix link to postfix-files 2016-02-10 02:59:15 +03:00
Nikolay Amiantov
90ef11ddcd postgresql service: don't use su 2016-02-10 02:12:05 +03:00
Nikolay Amiantov
0024c10a5c dovecot service: add sendmail_path 2016-02-10 02:06:10 +03:00
Nikolay Amiantov
2202bb9cf5 postsrsd: fix secret generation 2016-02-10 02:05:53 +03:00
Robin Gloster
5969a59052 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-09 16:28:44 +00:00
Robin Gloster
5bfcce9ed9 Merge pull request #12894 from nathan7/raw-psk
wpa_supplicant module: add an option for accepting raw PSKs
2016-02-09 17:23:24 +01:00
Nathan Zadoks
9e986c161b wpa_supplicant module: add an option for accepting raw PSKs
fix #12892
2016-02-09 17:20:35 +01:00
Eric Sagnes
f03ce60bd2 i3service: remove dmenu and i3 from env packages 2016-02-08 13:31:03 +09:00
Robin Gloster
9229e9c656 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-07 11:17:57 +00:00
Robin Gloster
f7aa921773 Merge pull request #12560 from tvestelind/haka
Haka: new package
2016-02-06 20:32:39 +01:00
Nikolay Amiantov
b16b5bcaa3 Merge pull request #12811 from abbradar/pulseaudio-device-manager
Load PulseAudio's module-device-manager only for KDE
2016-02-06 22:10:40 +03:00
Nikolay Amiantov
8ade67e8c1 Merge pull request #12797 from abbradar/udev-reload
udev service: restart on rules change
2016-02-06 18:57:24 +03:00
Rickard Nilsson
5c20877d40 opensmtpd: Add option that can disable adding sendmail to the system path 2016-02-06 11:54:56 +01:00
aszlig
b060d70d7f
nixos/udev: Fix printing impure FHS paths
The test only checked for existence of the rule file in the output path
of the rulefile generator.

However, we also need to check whether the basename of the file is also
the one we're currently searching for.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-05 15:31:04 +01:00
Nikolay Amiantov
ae662cdb11 display-manager module: load pulseaudio's module-device-manager only for KDE 2016-02-04 13:59:17 +03:00
aszlig
c10a17a3eb
nixos/udev: Always fail if rules contain FHS paths
Partially reverts the following commits:

  9f2a61c59c
  9c13fe6604

As @edolstra pointed out, it would make more sense to do this by default
instead of having that allowImpurePaths option. This of course might
break systems which add extra packages to udev, but on the upside it's
hard to miss one of these paths now because it won't get buried in the
ocean of build output lines.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 16:40:41 +01:00
aszlig
9f2a61c59c
nixos/udev: Add an option to fail on FHS paths
So far we were merely printing a warning if there are still references
to (/usr)/s?bin, but we actually want to make sure that we fix those
paths, especially on updates of packages that come with udev rules.

This adds a new option allowImpurePaths, which when set to false will
cause the "udev-rules" derivation to fail.

I've set this to true by default, to not break existing systems too much
and the intention is to set it to false for a few NixOS VM tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 15:48:52 +01:00
aszlig
80983bbe54
nixos/udev: Provide a better warning for FHS paths
We were trying to find FHS references in all of the rules found in
services.udev.packages. Unfortunately we're still fixing up paths in the
same derivation where we are checking those references, so for example
references to /sbin/modprobe were still printed to be needed to fixup
even though they were already fixed at the time.

So now we're printing a more helpful warning message which is also
conditional (before the warning message was printed regardless of
whether there are any rules that need fixup) and is based off the rules
that were already fixed up.

The new warning message not only contains the build-local rule files but
also the original files from other store paths and the FHS path
references that were still found.

With 8ecd3a5e1d reverted, we now get this:

/nix/store/...-udev-rules/63-md-raid-arrays.rules (originally from
 /nix/store/...-mdadm-3.3.4/lib/udev/rules.d/63-md-raid-arrays.rules)
 contains references to /usr/bin/readlink and /usr/bin/basename.

Which is now more accurate to what is not yet fixed and where it's
coming from.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 15:48:52 +01:00
aszlig
ee68bdc42e
nixos/udev: Fix up readlink and basename as well
In 8ecd3a5, we fixed up the FHS paths for stage 1, but unfortunately we
have a similar udev rules generator twice one for the initrd and one
without. So we might need to refactor this in the future.

For now, let's just fix the references to readlink and basename in the
udev module as well until we have properly addressed this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #12722
2016-02-03 15:45:37 +01:00
Eelco Dolstra
20b54bd989 Merge pull request #12724 from abbradar/udev-hwdb
udev service: generate hwdb database from all udev packages
2016-02-03 14:24:11 +01:00
Nikolay Amiantov
6b5f90a1a1 udev service: restart on rules change 2016-02-03 15:44:43 +03:00
Vladimír Čunát
889351af8b Revert "Merge #12357: nixos docs: show references to packages"
The PR wasn't good enough yet.
This reverts commit b2a37ceeea, reversing
changes made to 7fa9a1abce.
2016-02-03 12:16:33 +01:00
Vladimír Čunát
b2a37ceeea Merge #12357: nixos docs: show references to packages 2016-02-03 10:07:27 +01:00
aszlig
ecefd2167a
nixos/connman: Fix assertion for networkmanager
Regression introduced by 5184aaa1ea.

The fix was intended to remove the "x == true/false" assertions, but by
accident a "x == false" was made "x == true" instead of "(!x)".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: devhell <"^"@regexmail.net>
2016-02-01 19:33:50 +01:00