Arseniy Seroka
8592c6c004
Merge pull request #7150 from joachifm/grsec-types
...
grsecurity module: use types.enum
2015-04-03 16:03:49 +03:00
Joachim Fasting
3e847d512d
grsecurity module: configure gradm iff RBAC is enabled
2015-04-03 13:45:57 +02:00
Joachim Fasting
ba93a75724
grsecurity module: use types.enum
...
Also
- set desktop as default system
- make virtualisationSoftware nullOr
- make virtualisationConfig nullOr
2015-04-03 13:45:45 +02:00
Joachim Fasting
66c4f51046
grsecurity module: simplify assertion
2015-04-03 13:38:32 +02:00
Joachim Fasting
2e88605a91
grsecurity module: remove reference to systemd-sysctl
...
First, that's not what the service is called, and secondly it's
most likely irrelevant to the user.
2015-04-03 13:38:32 +02:00
Austin Seipp
1c1083345b
Merge pull request #7058 from joachifm/sysctl-kptr-restrict
...
nixos: condition sysctl.kptr_restrict on features.grsecurity
2015-04-03 04:13:19 -05:00
Arseniy Seroka
4fa554e32b
Merge pull request #7017 from obadz/sg+sudo-g
...
Ability to switch groups with sg and sudo -g
2015-04-02 02:11:10 +03:00
William A. Kennington III
ff21171921
Fix references to current-system/sw/sbin
2015-04-01 13:57:36 -07:00
William A. Kennington III
a9f2e107d0
Revert "Remove obsolete .../sbin directories from $PATH"
...
This reverts commit 98cedb3d22
.
2015-04-01 13:57:36 -07:00
aszlig
224ed7e798
nixos/hardware: Add option to enable KSM.
...
This is essentially what's been done for the official NixOS build slaves
and I'm using it as well for a few of my machines and my own Hydra
slaves.
Here's the same implementation from the Delft server configurations:
f47c2fc7f8/delft/common.nix (L91-L101)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-04-01 20:00:27 +02:00
Eelco Dolstra
1c39a47ac8
Reload, don't restart, dbus.service
...
Many bus clients get hopelessly confused when dbus-daemon is
restarted. So let's not do that.
Of course, this is not ideal either, because we end up stuck with a
possibly outdated dbus-daemon. But that issue will become irrelevant
in the glorious kdbus-based future.
Hopefully this also gets rid of systemd getting stuck after
dbus-daemon is restarted:
Apr 01 15:37:50 mandark systemd[1]: Failed to register match for Disconnected message: Connection timed out
Apr 01 15:37:50 mandark systemd[1]: Looping too fast. Throttling execution a little.
Apr 01 15:37:51 mandark systemd[1]: Looping too fast. Throttling execution a little.
...
2015-04-01 16:57:16 +02:00
Eelco Dolstra
98cedb3d22
Remove obsolete .../sbin directories from $PATH
2015-04-01 16:22:12 +02:00
Eelco Dolstra
fdfe4b7cde
Remove unnecessary symlinks in /nix/var/nix/gcroots
2015-04-01 14:45:02 +02:00
William A. Kennington III
8028357084
nixos/mysql: Cleanups
2015-03-31 16:17:55 -07:00
Vladimír Čunát
81fc066900
Merge #4678 : nixos iso-image: support USB booting
...
by using syslinux (i.e. support the dd-method in addition to unetbootin).
@vcunat tidied the PR by squashing closely related changes together.
2015-03-31 15:12:16 +02:00
obadz
be7f104502
sg: add setuid wrapper. (newgrp is a symlink to sg and was already setuid).
...
sudo: add ability for wheel users to change group (as well as user)
2015-03-30 23:50:45 +01:00
Nikolay Amiantov
7c03829024
Merge pull request #7060 from abbradar/nm-l2tp
...
Support L2TP in NetworkManager
2015-03-30 23:05:42 +03:00
Edward Tjörnhammar
1092b9da48
Merge pull request #7066 from edwtjo/xbmc-pruning
...
Remove XBMC expressions in favor of the Kodi ones
2015-03-30 21:46:29 +02:00
Edward Tjörnhammar
1345a65765
Remove XBMC expressions in favor of the Kodi ones
2015-03-30 21:43:32 +02:00
lethalman
f72b0c43f6
Merge pull request #6762 from lethalman/nixos-install
...
nixos-install: support -j, --cores and --option. Closes #6755
2015-03-30 18:06:53 +02:00
lethalman
dc560b5b02
Merge pull request #7031 from cwoac/mediatomb
...
Add MediaTomb service
2015-03-30 17:49:46 +02:00
Luca Bruno
eac32cf697
Revert "Merge pull request #7032 from flosse/change-option-names"
...
This reverts commit c265aafb55
, reversing
changes made to c9bbf2228f
.
Breaks evaluation, see https://github.com/NixOS/nixpkgs/pull/7032#issuecomment-87641471
2015-03-30 13:45:07 +02:00
lethalman
c265aafb55
Merge pull request #7032 from flosse/change-option-names
...
nixos: prosody service - rename 'enabled' to 'enable'
2015-03-30 12:47:11 +02:00
lethalman
321b2e0439
Merge pull request #7073 from oxij/x11support-dbus
...
dbus: rename useX11 option into x11Support, cleanup a bit
2015-03-30 10:28:45 +02:00
William A. Kennington III
113c6c8f6a
nixos/initrd: Do a lazy library copy in hopes to save some space for replaced binaries
2015-03-29 21:53:25 -07:00
William A. Kennington III
6b3cf366d7
nixos/initrd: Allow overriding of binaries
2015-03-29 21:26:39 -07:00
Jan Malakhovski
380ee53fff
dbus: rename useX11 option into x11Support, cleanup a bit
2015-03-29 23:28:30 +00:00
William A. Kennington III
ca149f2be0
nixos/mysql: All versions of mysql have mysqld in /bin
2015-03-29 13:30:05 -07:00
Vladimír Čunát
299da40f9f
iso: make efi FS size adaptive, make deterministic
...
Fixes #6795 .
This was co-authored with @bobvanderlinden.
(cherry picked from commit e19ac248ae59fd327c32b1ae3e37792c22a7c7ac)
Signed-off-by: Domen Kožar <domen@dev.si>
Conflicts:
nixos/modules/installer/cd-dvd/iso-image.nix
2015-03-29 22:25:41 +02:00
William A. Kennington III
553105310a
nixos/stage-1: Fix the initrd builder for shell scripts
2015-03-29 13:20:54 -07:00
Nikolay Amiantov
16f047a60f
nixos/networkmanager: support l2tp
2015-03-29 13:09:02 +03:00
William A. Kennington III
9718561589
nixos/vfat: Readd fsck.reiserfs
2015-03-28 19:07:45 -07:00
William A. Kennington III
c379847fda
nixos/vfat: Readd fsck.vfat
2015-03-28 19:06:43 -07:00
William A. Kennington III
4868649f03
nixos/initrd: Generic library copying
2015-03-28 18:37:29 -07:00
Aristid Breitkreuz
1901f3fe77
fix initrd now that cryptsetup switched to libgcrypt 1.6
2015-03-28 23:59:19 +00:00
Joachim Fasting
5cb2cee954
nixos: condition sysctl.kptr_restrict on features.grsecurity
...
Conditioning `sysctl.kptr_restrict` on `features.grsecurity` supports
any grsecurity enabled kernel without having to enable the grsecurity
module.
2015-03-29 00:42:58 +01:00
Arseniy Seroka
a639c710ae
Merge pull request #6968 from oxij/unquestionably-good
...
Easy to check to be unquestionably good changes
2015-03-28 13:16:13 +03:00
Markus Kohlhase
47aa6725e2
nixos: prosody service - rename virtualHosts option 'enabled' to 'enable'
2015-03-27 21:36:05 +00:00
Oliver Matthews
51b06c5865
Add MediaTomb service
2015-03-27 12:45:25 +01:00
Jaka Hudoklin
d3c6d4175a
Merge pull request #6940 from offlinehacker/pkgs/ripple-data-api/add
...
Add ripple data api package and nixos service
2015-03-26 20:04:51 +01:00
Jaka Hudoklin
75169aabc3
Add ripple data api package and nixos service
2015-03-26 20:02:39 +01:00
Jan Malakhovski
5c6d86540b
nixos: use types.enum instead of ad-hoc check in sshd service
2015-03-26 12:43:42 +00:00
Jan Malakhovski
dc4fa2da8a
nixos: udev: build rules locally
2015-03-26 12:43:42 +00:00
Rob Vermaas
cbb14299c9
GCE image: Remove some unnecessary lib prefixes.
2015-03-26 09:15:09 +00:00
Rob Vermaas
80202fbd25
GCE image: Add some recommended sysctl settings. Disable OS level firewall by default for GCE images (GCE provides external firewall). Disable passwordAuthentication. Related to issue #6991 .
2015-03-26 09:09:40 +00:00
William A. Kennington III
8b3c7af358
Merge pull request #6981 from layus/systemd-escape-colon
...
nixos/systemd: Also escape ':' characters
2015-03-25 15:33:21 -07:00
William A. Kennington III
86666893f0
nixos/microcode-amd: Update to early initrd loader
2015-03-25 14:44:36 -07:00
William A. Kennington III
b4fedf5315
nixos/intel-microcode: Support early initrd ucode loading
2015-03-25 14:14:46 -07:00
William A. Kennington III
f2655e4fa0
makeInitrd: Support prepending other initrds
2015-03-25 14:14:46 -07:00
Guillaume Maudoux
6ca7fb8f73
nixos/systemd: Also escape ':' characters
2015-03-25 22:11:35 +01:00
Bob van der Linden
58112832a7
nixos: iso-image: use label "EFIBOOT" for efi.img
2015-03-24 22:15:32 +01:00
Bob van der Linden
f0fd1c9bcf
nixos: iso-image: use memtest86 params in syslinux
...
See also #6593 .
2015-03-24 22:15:11 +01:00
Bob van der Linden
9ff9949896
nixos: iso-image: removed com32 entries from syslinux menu
...
These entries result in incorrect entries when UNetbootin writes
the image to an USB disk.
2015-03-24 22:09:06 +01:00
Bob van der Linden
af68f24003
nixos: iso-image: solve UNetbootin compatiblity
...
There are a number of hidden restrictions on the syslinux
configuration file that come into play when UNetbootin
compatiblity is desired. With this commit these are documented.
2015-03-24 22:08:52 +01:00
Bob van der Linden
a12ddc1964
nixos: iso-image: use generic boot-loader timeout
...
Syslinux uses different values than grub for timeout.
It uses 1/10 seconds as its unit and it uses 0 to disable timeouts.
In response to PR #5772 .
2015-03-24 22:03:30 +01:00
Bob van der Linden
8d092270d2
nixos: iso-image: use syslinux bootloader for USB booting support
...
This changes the bootloader for iso generation from Grub to
syslinux. In addition this adds USB booting support, so that
"dd" can be used to burn the generated ISO to USB thumbdrives
instead of needing applications like UnetBootin.
2015-03-24 22:01:04 +01:00
Arseniy Seroka
ff22e19fc4
Merge pull request #6893 from hrdinka/nsd-config-options
...
nsd: Fix automatic config options
2015-03-23 13:19:29 +03:00
Jaka Hudoklin
491c8f82b2
Merge pull request #6917 from offlinehacker/rippled/module/awesome
...
rippled: expose more options, make compatible with new rippled version
2015-03-22 23:13:48 +01:00
Jaka Hudoklin
ad10db7617
Merge pull request #6882 from offlinehacker/nixos/fluentd
...
Add fluentd package and module
2015-03-21 22:37:48 +01:00
Jaka Hudoklin
916aab2927
Merge pull request #6875 from offlinehacker/nixos/cadvisor/fix
...
nixos/cadvisor: fixes
2015-03-21 22:36:11 +01:00
William Casarin
ea2baa8abf
spectrwm window manager
2015-03-21 11:02:44 -07:00
Jaka Hudoklin
4947bacd52
rippled: expose more options, make compatible with new rippled version
2015-03-21 12:52:06 +01:00
Edward Tjörnhammar
664592561d
nixos: added aiccu service
2015-03-20 22:01:35 +01:00
Austin Seipp
3ff22a924f
Merge pull request #6871 from joachifm/apparmor-fixups
...
Apparmor fixups
2015-03-20 15:36:42 -05:00
aszlig
ea2fd84ecd
nixos/mpd: Fix creation of "mpd" group.
...
The group is specified using a singleton list, so the loaOf merging is
done by iterating through the list items with imap, so it enumerates
every element and sets that as the default "name" attribute.
From lib/types:143:
name = elem.name or "unnamed-${toString defIdx}.${toString elemIdx}";
So, people get groups like "unnamed-X.Y" instead of "mpd".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: devhell <"^"@regexmail.net>
Tested-by: devhell <"^"@regexmail.net>
2015-03-20 20:58:13 +01:00
Jaka Hudoklin
89f41b90fa
Merge pull request #6874 from offlinehacker/pkgs/kubernetes/update
...
kubernetes: update to 0.12.1, fix module
2015-03-20 11:22:48 +01:00
Ricardo M. Correia
4d2317e6eb
nixos/zfs: Don't default to git version for kernels >= 3.19
...
Stable version 0.6.3-1.3 works with kernels 3.19.x.
2015-03-19 19:37:33 +01:00
Arseniy Seroka
9cfdeba324
Merge pull request #6611 from jagajaga/slurm
...
Slurm module
2015-03-19 21:06:49 +03:00
Christoph Hrdinka
d3a2edb8ce
nsd: Fix automatic config options
2015-03-19 12:10:55 +01:00
Jaka Hudoklin
1b99f0aeb6
Merge pull request #6873 from offlinehacker/pkgs/panamax/update
...
panamax: update, fix module
2015-03-19 09:18:48 +01:00
Arseniy Seroka
15f7afa6b4
Merge pull request #6885 from hrdinka/update-nsd
...
nsd: Update from 4.1.0 -> 4.1.1
2015-03-19 03:15:35 +03:00
Jaka Hudoklin
fca0aa7077
Add fluentd package and module
2015-03-18 21:18:47 +01:00
Rickard Nilsson
bdbdaee3c0
scollector module: Add extraOpts option
2015-03-18 21:16:31 +01:00
Christoph Hrdinka
6db8155e37
nsd: Update from 4.1.0 -> 4.1.1
2015-03-18 21:01:35 +01:00
Luca Bruno
b94b08488f
nixos/pulseaudio: don't put 32bit libs in systemPackages
...
Fixes the useless collisions in the system path.
The 64bit and 32bit variants have the same files, hence
it's pointless to put the 32bit pulseaudio in systemPackages.
2015-03-18 14:10:02 +00:00
Luca Bruno
cb45b7ec3e
Revert "nixos: Multiple service instances, apply to nginx. See #6784 "
...
This reverts commit 7ef59c4fe2
.
Wrong push! Sorry!
2015-03-18 14:09:24 +00:00
Luca Bruno
7ef59c4fe2
nixos: Multiple service instances, apply to nginx. See #6784
2015-03-18 14:07:29 +00:00
Jaka Hudoklin
2482b75eae
kubernetes: update to 0.12.1, fix module
2015-03-18 14:37:03 +01:00
Jaka Hudoklin
079520ced5
panamax: update, fix module
2015-03-18 14:35:24 +01:00
Jaka Hudoklin
536694bcd4
nixos/cadvisor: fixes
...
- run as non root user, because of docker
- run docker by default
2015-03-18 14:31:08 +01:00
Joachim Fasting
532337d673
Cleanup AppArmor module
...
Remove excessive whitespace & comment sections
2015-03-18 12:07:43 +01:00
Eelco Dolstra
224d0d5302
Set stricter permissions on /nix/store
...
The nixbld group doesn't need read permission, it only needs write and
execute permission.
(cherry picked from commit 066758758e7c0768ff8da51d208cdae0f33b368c)
2015-03-18 10:58:08 +01:00
lethalman
cdbeb7143c
Merge pull request #6832 from k0ral/icecast
...
Added icecast module
2015-03-17 16:43:02 +01:00
koral
54857abfc9
Added icecast module.
2015-03-17 14:21:57 +00:00
lethalman
c91ccb4b9c
Merge pull request #6842 from philandstuff/hash-owncloud-admin-password
...
owncloud: don't store plaintext adminPassword in nix store
2015-03-17 12:59:58 +01:00
lethalman
70b059fb59
Merge pull request #5936 from j-keck/nixos-container-usage
...
nixos-container: add missing 'nixos-container update' in usage
2015-03-17 12:43:29 +01:00
lethalman
359bc60ec8
Merge pull request #6448 from eduarrrd/ddclient
...
ddclient module: fix module
2015-03-17 12:38:12 +01:00
Philip Potter
7ad6dac43b
owncloud: don't store plaintext adminPassword in nix store
...
Rather than using openssl to hash the password at build time, and hence
leaving the plaintext password world-readable in the nix store, we can
instead hash the password in the nix expression itself using
builtins.hashString.
2015-03-16 22:42:22 +00:00
Peter Simons
56bb114905
Merge pull request #6722 from joachifm/fix-id-mismatches
...
Fix id mismatches
2015-03-16 18:46:38 +01:00
Joachim Fasting
3518b761ba
TCSD: use tss user/group instead of nginx
...
For some reason TCSD is configured to use the nginx uid/gid.
Use the newly created tss uid/gid instead.
2015-03-16 09:58:16 +01:00
Joachim Fasting
e9cd877921
nixos: resolve uid/gid conflicts
...
This patch resolves all uid/gid conflicts except for nobody/nogroup (seems
to make sense that these are the same).
All conflicts where determined mechanically, but resolutions were manual.
This patch also marks uids/gids with no corresponding group/user as "unused"
(aka. reserved).
Briefly,
- tss group conflicts with dhcpcd
The tss group id conflicts with dhcpcd: assign
a new number and add a corresponding tss user.
- elasticsearch uid conflicts with haproxy gid
- resolve firebird/munin conflict
- fix fourstorehttp{,d} typo
- fix ghostOne typo: the service module refers to gids.ghostone, so use that
in ids
- memcached uid conflicts with users gid
- nagios uid conflicts with disks gid
- nscd uid conflicts with wheel gid
- ntp uid conflicts with tty gid
- resolve postfix/postdrop id uid
- redis uid conflicts with keys gid
- sshd uid conflicts with kmem gid
- tcryptd uid conflicts with openldap gid
- unifi uid conflicts with docker gid
- uptimed uid conflicts with utmp gid
- zope2 uid conflicts with connman gid
- tomcat uid/gid mismatch
2015-03-16 09:58:13 +01:00
Austin Seipp
ef95600372
Merge pull request #6771 from joachifm/apparmor-2.9
...
Apparmor 2.9
2015-03-15 14:16:24 -05:00
Nicolas B. Pierron
05e8a48fb4
Document and rename internal option of modules.
2015-03-15 14:45:42 +01:00
Ricardo M. Correia
7c8247a8c5
grsecurity: Update stable and test patches
...
stable: 3.1-3.14.35-201503071140 -> 3.1-3.14.35-201503092203
test: 3.1-3.18.9-201503071142 -> 3.1-3.19.1-201503122205
2015-03-15 03:49:58 +01:00
William A. Kennington III
c200c1e0a1
Merge pull request #6813 from globin/fix/elantech-trackpoint-scrolling
...
Add Elanthec PS/2 Trackpoint (Thinkpad L430)
2015-03-14 17:01:13 -07:00
Robin Gloster
a8a350e679
Add Elanthec PS/2 Trackpoint (Thinkpad L430)
2015-03-15 00:09:04 +01:00
koral
9c4cbaa553
Fix mpd configuration (enclosing quotes needed).
2015-03-14 12:15:34 +00:00
Joachim Schiele
d74ea7d34f
zef hemels' wordpress.nix adapted to extraSubservices
2015-03-13 14:19:48 +01:00
lethalman
f72d1abb79
Merge pull request #5846 from arno01/nginx
...
nginx service improvements
2015-03-13 11:41:27 +01:00
Nicolas B. Pierron
9f2865515d
Fix infinite loop in fontconfig-ultimate.nix
...
With the new evaluation of arguments, pkgs is now defined by the
configuration, which implies that option declaration with pkgs.lib
will cause an infinite loop.
2015-03-12 23:42:58 +01:00
Shea Levy
3177d37652
Fix import using module args
2015-03-12 23:42:57 +01:00
Shea Levy
f69ce50529
Move most extra args out of eval-config.nix
2015-03-12 23:42:57 +01:00
Shea Levy
e3eff53037
evalModules: Add internal option for the check argument
2015-03-12 23:42:57 +01:00
Shea Levy
e4a06f35b1
nixos: Don't evaluate twice to get the value of config.nixpkgs
2015-03-12 23:42:57 +01:00
Shea Levy
1d62ad4746
modules.nix: Generate the extra argument set from the configuration
...
This allows for module arguments to be handled modularly, in particular
allowing the nixpkgs module to handle the nixpkgs import internally.
This creates the __internal option namespace, which should only be added
to by the module system itself.
2015-03-12 23:42:57 +01:00
Vladimír Čunát
208d1f24db
xfce: more update fallout
...
- forgotten mousepad update, including some wrapping magic
- dealing with panel plugins (either fix or mark as broken)
CC maintainer @AndersonTorres.
- remove some libxfcegui4 occurrences, as it's being phased out
- minor stuff
2015-03-12 23:02:15 +01:00
lethalman
14ed261fc7
Merge pull request #6765 from gebner/ibus-plugins
...
Add ibus-qt and ibus-anthy.
2015-03-12 14:35:23 +01:00
Joachim Fasting
7a9a24a95e
Update AppArmor service module
...
- Use AppArmor 2.9
- Enable PAM support
2015-03-12 11:49:05 +01:00
Kirill Elagin
356810b178
cupsd: rename cupsd.service
to cups.service
2015-03-12 09:00:56 +03:00
Gabriel Ebner
d23ed364b5
Add ibus-qt.
2015-03-11 21:54:04 +01:00
Gabriel Ebner
59da79c733
ibus: Enable XIM support.
...
This allows firefox to use ibus.
2015-03-11 21:54:04 +01:00
Gabriel Ebner
f222abea44
Add programs.ibus config option to enable ibus and plugins.
2015-03-11 21:53:34 +01:00
Thomas Tuegel
61cf7e1265
Merge branch 'kde5'
2015-03-11 11:49:45 -05:00
Thomas Tuegel
f370af91ad
kde5: use ksshaskpass for SSH_ASKPASS
2015-03-11 11:49:29 -05:00
Thomas Tuegel
4b10907152
ssh: make askPassword an option
...
By making askPassword an option, desktop environment modules can
override the default x11_ssh_askpassword with their own equivalent for
better integration. For example, KDE 5 uses plasma5.ksshaskpass instead.
2015-03-11 11:49:29 -05:00
Thomas Tuegel
5b5b7aa951
kde5: add kde-workspace and kde-runtime to systemPackages
2015-03-11 11:49:28 -05:00
Luca Bruno
fe6b0b15e6
nixos-install: support -j, --cores and --option. Closes #6755
2015-03-11 16:47:44 +00:00
lethalman
fe79bf34a5
Merge pull request #6512 from bjornfor/nixos-haproxy-cleanup
...
nixos/haproxy: remove broken default 'config'
2015-03-11 16:29:06 +01:00
lethalman
c8ac069772
Merge pull request #6724 from anderspapitto/local
...
Add x11 service for unclutter
2015-03-11 15:32:40 +01:00
Arseniy Seroka
ef37154c82
Merge pull request #6739 from joachifm/refactor-tarsnap-service
...
nixos: refactor tarsnap backup service module
2015-03-11 11:22:32 +03:00
Arseniy Seroka
1c58c3a772
Merge pull request #6345 from puffnfresh/feature/mtrack-options
...
Add more options to multitouch (mtrack) module
2015-03-11 11:10:51 +03:00
William A. Kennington III
26020cfe8a
nixos/lightdm: Add a background option
2015-03-10 15:57:46 -07:00
William A. Kennington III
e519414e1f
nixos/lightdm: Fix data directory
2015-03-10 14:55:54 -07:00
William A. Kennington III
3a67a51689
nixos/lightdm: Small cleanup
2015-03-10 14:35:49 -07:00
William A. Kennington III
ffed8a85bc
nixos/sddm: Hide users which don't have login shells
2015-03-10 14:32:53 -07:00
William A. Kennington III
5893d2ecd3
nixos/lightdm: More Cleanups
2015-03-10 14:23:43 -07:00
William A. Kennington III
7b6e2e1c68
lightdm: Fix rendering
2015-03-10 14:03:18 -07:00
lethalman
27f3f254d3
Merge pull request #6540 from k0ral/transmission
...
Simplify (and fix) settings for transmission module
2015-03-10 13:26:03 +01:00
lethalman
70527b87a1
Merge pull request #6440 from k0ral/fcgiwrap
...
Updated fcgiwrap's systemd unit to match upstream version.
2015-03-10 13:18:46 +01:00
Joachim Fasting
1bdd12ed69
nixos: refactor tarsnap backup service module
...
Major changes
- Port to systemd timers: for each archive configuration is created a
tarsnap@archive-name.timer which triggers the instanced service unit
- Rename the `config` option to `archives`
Minor/superficial improvements
- Restrict tarsnap service capabilities
- Use dirOf builtin
- Set executable bit for owner of tarsnap cache directory
- Set IOSchedulingClass to idle
- Humanize numbers when printing stats
- Rewrite most option descriptions
- Simplify assertion
2015-03-10 12:35:58 +01:00
William A. Kennington III
4940e643cc
nixos/display-manager: Support configurable hidden users
2015-03-09 18:10:31 -07:00
William A. Kennington III
66bfdf6eb0
nixos/lightdm: We now use a global lightdm.conf
2015-03-09 17:59:21 -07:00
Eelco Dolstra
475df1a350
switch-to-configuration: Don't print already active target units
...
Since we restart all active target units (of which there are many),
it's hard to see the units that actually matter. So don't print that
we're starting target units that are already active.
2015-03-09 16:51:06 +01:00
Eelco Dolstra
a574065a81
nixos-rebuild: Add ‘dry-activate’ command
...
‘nixos-rebuild dry-activate’ builds the new configuration and then
prints what systemd services would be stopped, restarted etc. if the
configuration were actually activated. This could be extended later to
show other activation actions (like uids being deleted).
To prevent confusion, ‘nixos-rebuild dry-run’ has been renamed to
‘nixos-rebuild dry-build’.
2015-03-09 16:50:59 +01:00
Eelco Dolstra
8cb3e3b864
httpd: Disable insecure protocols/ciphers by default
...
This makes us resistant to FREAK and similar attacks.
2015-03-09 14:18:12 +01:00
Eelco Dolstra
d31202fba2
sshd: Enable seccomp sandboxing
2015-03-09 11:27:19 +01:00
lethalman
9867f4bdef
Merge pull request #6720 from nslqqq/nmhooks
...
New NetworkManager Dispatcher scripts options
2015-03-09 10:36:10 +01:00
Anders Papitto
887a547ac9
Add x11 service for unclutter
...
modeled after the redshift service
2015-03-08 20:12:18 -07:00
William A. Kennington III
5b059416b8
Merge pull request #6699 from hakuch/fix_samba
...
Samba: Fixed "syncPasswordsByPam".
2015-03-08 16:09:29 -07:00
obadz
e5d4624420
PAM/eCryptfs now able to mount ecryptfs'd home directories on login
2015-03-08 16:03:51 -07:00
Nikita Mikhailov
579159c72b
Add dispatcher configuration options to NetworkManager module
2015-03-08 20:24:53 +01:00
Unai Zalakain
581a90bad8
Optional user and group to run the MPD
2015-03-08 10:18:40 +00:00
Jesse Haber-Kucharsky
5a1950d985
Samba: Fixed "syncPasswordsByPam".
2015-03-07 17:56:46 +00:00
Nikolay Amiantov
b802018482
stage-1: fix hibernation ( close #6675 )
...
Fixes #6617 .
2015-03-07 13:00:08 +01:00
Arseniy Seroka
30e6f1b4ea
slurm: impl basic configuration
2015-03-07 00:26:57 +03:00
Arseniy Seroka
0b1cc3cd51
slurm: impl simple service
2015-03-07 00:26:57 +03:00
Arseniy Seroka
69e59e9962
munge: add service
2015-03-07 00:26:52 +03:00
Eelco Dolstra
3b9b620656
Revert "linux: disable UEVENT_HELPER*"
...
This reverts commit 9f87f3ccb0
because
it causes /proc/sys/kernel/hotplug to not be cleared on Linux <= 3.14.
2015-03-06 15:59:06 +01:00
Nikolay Amiantov
4fde098eec
Merge pull request #6677 from abbradar/sddm
...
Add SDDM display manager
2015-03-05 21:03:43 +03:00
Nikolay Amiantov
4f317767da
lightdm: don't leave a shell running
2015-03-05 20:49:45 +03:00
Nikolay Amiantov
264c6892f2
nixos/uim: capitalize description
2015-03-05 20:49:45 +03:00
Nikolay Amiantov
db5b08cfaf
nixos/sddm: add display manager
2015-03-05 20:49:26 +03:00
Eelco Dolstra
9bb586943a
Deal with virtualisation.xen.stored in a more standard way
2015-03-05 12:46:50 +01:00
Luca Bruno
b93e8bab3a
nixos/xen: do not use derivation in the default values
...
The xen package is broken on i686, so this would break the generation
of the nixos manual.
2015-03-04 12:05:58 +01:00
Eelco Dolstra
1002fb6433
Add "input" group
...
This is required by systemd >= 215.
2015-03-03 20:27:09 +01:00
Eelco Dolstra
8546ec7c74
Fix some uid/gid clashes
2015-03-03 20:26:36 +01:00
Eelco Dolstra
a4e0278fcd
Create /dev/nvidia-uvm for CUDA support
2015-03-03 20:24:14 +01:00
Arseniy Seroka
7ce77b5752
slurm: add pkg
2015-03-02 22:10:58 +03:00
lethalman
c97d7819ab
Merge pull request #6624 from joachifm/grsec-lock
...
nixos: grsec-lock service fixes
2015-03-02 18:49:39 +01:00
Joachim Fasting
18320d3b21
nixos: fix grsec-lock requires
2015-03-02 18:39:04 +01:00
Joachim Fasting
ccd6f5a313
nixos: make the grsec-lock unit depend on the path it writes to
...
The grsec-lock unit fails unless /proc/sys/kernel/grsecurity/grsec_lock
exists and so prevents switching into a new configuration after enabling
grsecurity.sysctl.
2015-03-02 18:39:01 +01:00
lethalman
373c4ce0ec
Merge pull request #6605 from AndersonTorres/afterstep
...
Adding Afterstep to nixos window manager modules
2015-03-02 18:00:28 +01:00
Tobias Geerinckx-Rice
9f87f3ccb0
linux: disable UEVENT_HELPER*
...
Deprecated since 2006: http://lwn.net/Articles/166954/
2015-03-01 03:31:59 +01:00
Eelco Dolstra
307064ceb5
Don't use machinectl to shut down containers
...
If the host is shutting down, machinectl may fail because it's
bus-activated and D-Bus will be shutting down. So just send a signal
to the leader process directly.
Fixes #6212 .
2015-02-28 19:23:00 +01:00
AndersonTorres
929485b645
Adding Afterstep to nixos modules
2015-02-28 11:14:33 -03:00
AndersonTorres
5472af91f2
Fluxbox: update to 1.3.7
2015-02-28 11:04:20 -03:00
Jaka Hudoklin
6dc0938a3e
Merge pull request #6591 from lseppala/master
...
Fix rebooting containers where resolv.conf is a symlink
2015-02-28 12:19:01 +01:00
Joachim Fasting
0473b4ae8d
nixos: citerefentry markup in lxc option descriptions
2015-02-28 09:21:48 +01:00
Joachim Fasting
d375550ead
nixos: add a few missing type specifiers under boot.*
2015-02-28 09:19:23 +01:00
Lane Seppala
4106a3b74e
Fix rebooting containers where resolv.conf is a symlink
2015-02-27 10:27:18 -07:00
Eelco Dolstra
22d2fc3657
Fix "systemctl reload container@"
...
Fixes #5179 .
2015-02-27 14:32:54 +01:00
Rob Vermaas
24e0565407
Only start fetch-keys for GCE image after ip-up.
2015-02-27 10:48:15 +00:00
koral
c1cefa1a58
Simplify (and fix) settings for transmission module.
2015-02-26 22:21:27 +00:00
Rob Vermaas
e4928b8955
GCE image: Pass header to metadata service calls.
2015-02-26 19:20:43 +00:00
Sander van der Burg
7b27af61fb
Add NixOS global binaries to the PATH
2015-02-26 17:29:49 +00:00
Eelco Dolstra
6177710ac7
Merge pull request #6046 from ts468/xen
...
Update: Xen 4.5 + NixOS Xen modules
2015-02-26 10:15:05 +01:00
lethalman
b6672f232a
Merge pull request #6283 from mdorman/master
...
Fix initial-install issues with couchdb.nix.
2015-02-26 10:11:18 +01:00
lethalman
d791335ac2
Merge pull request #6518 from ehmry/u9fs
...
U9fs
2015-02-26 09:41:18 +01:00
William A. Kennington III
9ce0c1cb71
nixos/consul: Fix timeout bugs and json formatting
2015-02-25 15:42:43 -08:00
Thomas Strobel
3d4fbb874c
Update: add new Xen versions + update NixOS Xen modules
...
Versions of XEN:
- Xen 4.5
- Xen 4.5 + XenServer patches
- Xen 4.4.1
2015-02-25 23:30:44 +01:00
William A. Kennington III
f27fa79aa9
nixos/dnsmasq: Fix service name typo
2015-02-25 09:22:16 -08:00
Eelco Dolstra
36d0f367de
ssh-agent: Fix asking for confirmation via $SSH_ASKPASS
...
This was lost back in
ffedee6ed5
. Getting this to work is
slightly tricky because ssh-agent runs as a user unit, and so doesn't
know the user's $DISPLAY.
2015-02-25 14:31:17 +01:00
Eelco Dolstra
93902ea108
nsswitch.conf: Omit ldap unless ldap is enabled
...
This prevents programs from trying to find nss_ldap.
2015-02-25 14:31:13 +01:00
William A. Kennington III
e453f99446
nixos/networkd: Add an assertion for unsupported rstp
2015-02-24 13:09:34 -08:00
Lluís Batlle i Rossell
b26e939111
fix pam (OATH related)
...
the pam config was wrong.
Issue #6551
2015-02-24 17:52:41 +01:00
Eelco Dolstra
16cf3ee9da
Ensure that the home directory exists even if the user already exists
2015-02-24 11:57:38 +01:00
Eduard Bachmakov
4bf66ba89c
ddclient module: fix module
...
* rewrite to systemd.services
* disable forking to give systemd better control
* verifiably run as ddclient user
* expose ssl option
* unset default value for dyndns server
* rename option "web" to "use" to be consistent with ddclient docs
* add descriptions
* add types to options
* clean up formatting
2015-02-23 22:37:20 -05:00
Jaka Hudoklin
1cddb5be20
mongodb: remove lock file on restart
2015-02-23 20:40:13 +01:00
Eelco Dolstra
b70bd0879b
sshd: Generate a ed25519 host key
2015-02-23 17:00:07 +01:00
Emery Hemingway
446580f3cd
nixos: u9fs service module
2015-02-22 12:16:58 -05:00
Bjørn Forsman
d5017499a2
nixos/redis: capitalize service description
2015-02-22 16:54:14 +01:00
Bjørn Forsman
25a6745310
nixos/fail2ban: capitalize service description
2015-02-22 16:54:14 +01:00
Lluís Batlle i Rossell
4e99901961
nixos: Adding OATH in pam.
...
(cherry picked from commit cb3cba54a1b87c376d0801238cb827eadb18e39e)
Conflicts:
nixos/modules/security/pam.nix
2015-02-22 15:25:38 +01:00
Bjørn Forsman
ffb4797dd3
nixos/haproxy: remove broken default 'config'
...
HAProxy fails to start with the default 'config'. Better disable it and
assert that the user provides a suitable 'config'. (AFAICS, there cannot
really be a default config file for HAProxy.)
2015-02-22 12:30:14 +01:00
Bjørn Forsman
419a4166a7
nixos/haproxy: small cleanup
...
* Add option types
* Rewrite option descriptions
* /var/run/haproxy.pid => /run/haproxy.pid (canonical location)
2015-02-22 12:29:34 +01:00
aszlig
030895f075
nixos/dhcpcd: Only run resume commands if enabled.
...
The networkd implementation sets systemd.services.dhcpcd.enable to
false in nixos/modules/tasks/network-interfaces-systemd.nix. So we need
to respect that in the dhcpcd module.
If we don't, the resumeCommand is set nevertheless, which causes the
post-resume.service to fail after resuming:
Failed to reload dhcpcd.service: Unit dhcpcd.service is masked.
post-resume.service: main process exited, code=exited, status=1/FAILURE
Failed to start Post-Resume Actions.
Dependency failed for Post-Resume Actions.
Unit post-resume.service entered failed state.
post-resume.service failed.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-02-22 08:09:04 +01:00
Thomas Tuegel
d15d0bebc3
kde5: remove file collisions
2015-02-21 20:58:43 -06:00
Thomas Tuegel
68f2db74ff
kde5: always use plasma-nm
2015-02-21 13:59:28 -06:00
Thomas Tuegel
7eb8a9b41f
kde5: install media-player-info udev rules for solid
2015-02-21 11:39:21 -06:00
Thomas Tuegel
532650e4bb
kde5: change notice about default Phonon backend
2015-02-21 11:39:21 -06:00