Commit graph

257 commits

Author SHA1 Message Date
zimbatm
31c158ad45 Merge pull request #16189 from zimbatm/usershell-config
User shell config
2016-06-19 23:36:45 +01:00
Joachim Fasting
a53452f3e1
nixos: remove the grsecurity GID
This GID was used to exempt users from Grsecurity's
`/proc` restrictions; we now prefer to rely on
`security.hideProcessInformation`, which uses the `proc` group
for this purpose.  That leaves no use for the grsecurity GID.

More generally, having only a single GID to, presumably, serve as the
default for all of grsecurity's GID based exemption/resriction schemes
would be problematic in any event, so if we decide to enable those
grsecurity features in the future, more specific GIDs should be added.
2016-06-14 03:38:17 +02:00
zimbatm
2974b6f4c8 Use shell packages to select the user's shell
The string type is still available for backward-compatiblity.
2016-06-12 20:35:34 +01:00
Joachim Fasting
4e74479807
networking config: specify resolv.conf options as list of strings 2016-05-28 14:28:13 +02:00
Christian Zagrodnick
14dfdeb31a
networking config: support setting resolv.conf options
Closes: #11372
2016-05-28 14:28:13 +02:00
Joachim Fasting
b24e58a82b
config.fonts.fontdir: use runCommand instead of builderDefs
The primary motivation here is to get rid of builderDefs, but now the
resulting font directory is also linked into /run/current-system/sw,
which fixes #15194.
2016-05-26 22:39:01 +02:00
Joachim Fasting
493cae8756
Revert "Merge pull request #15384 from Shados/fix-preshell-terminfo"
This reverts commit 4e9833d9e8, reversing
changes made to 6194e9d801.

Setting TERMINFO prevents ncurses from reading TERMINFO_DIRS.  See
https://github.com/NixOS/nixpkgs/pull/15384#issuecomment-221205596
2016-05-24 11:13:46 +02:00
Markus Mueller
19ee3baa32 ldap module: fix activationScripts declaration 2016-05-23 22:54:15 +02:00
Joachim Fasting
4e9833d9e8 Merge pull request #15384 from Shados/fix-preshell-terminfo
nixos: ensure TERMINFO is set before user shells are run
2016-05-14 06:21:25 +02:00
Vladimír Čunát
6c2fbfbd77 Merge branch 'master' into staging 2016-05-12 04:53:38 +02:00
Nikolay Amiantov
700e2952be Merge pull request #15012 from abbradar/unixodbc
UnixODBC updates
2016-05-11 17:42:33 +03:00
Shea Levy
67d430096f Add kerberos mappings for MIT exchange server 2016-05-11 09:09:24 -04:00
Alexei Robyn
ce7a544b92 nixos: ensure TERMINFO is set before user shells are run 2016-05-11 22:16:38 +10:00
Domen Kožar
ccbcf1b6c2 nixos: require pkgs.which
This properly implements revert in
0729f60697.

We used to have which='type -P' alias, but really it's best to just
rely on which package, only 88K in size.

cc @edolstra
2016-05-11 10:37:46 +01:00
Nikolay Amiantov
c99b050af0 Merge commit 'refs/pull/14568/head' of git://github.com/NixOS/nixpkgs into staging 2016-05-07 03:44:06 +03:00
Nikolay Amiantov
c4440c9c74 Revert "pulseaudio: select correct outputs"
This reverts commit 5e2bb0b31c.
2016-04-28 17:06:09 +03:00
Nikolay Amiantov
5e2bb0b31c pulseaudio: select correct outputs
Original fixes by ttuegel and peterhoeg.
2016-04-28 16:45:42 +03:00
Nikolay Amiantov
d619a75da1 pulseaudio: select correct outputs
Original fixes by ttuegel and peterhoeg.
2016-04-28 16:42:16 +03:00
Nikolay Amiantov
c5fcab987b pulseaudio service: fix service path 2016-04-27 15:51:28 +03:00
Nikolay Amiantov
5a40332d70 unix-odbc-drivers module: update for new unixODBCDrivers 2016-04-26 23:58:11 +03:00
Thomas Tuegel
b3317a020e nixos/pulseaudio: don't use dev output at runtime 2016-04-20 10:01:06 -05:00
Eric Sagnes
cfe062f2b6 input methods: fix gtk cache 2016-04-16 17:51:32 +09:00
Vladimír Čunát
30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Vladimír Čunát
710573ce6d Merge #12653: rework default outputs 2016-04-07 16:00:09 +02:00
Vladimír Čunát
9a824f2f1d treewide: rename extraOutputs{ToLink,ToInstall}
This is to get more consistent with `meta.outputsToInstall`.
2016-04-07 15:59:44 +02:00
Vladimír Čunát
2995439003 buildEnv: respect meta.outputsToInstall
As a result `systemPackages` now also respect it.
Only nix-env remains and that has a PR filed:
    https://github.com/NixOS/nix/pull/815
2016-04-07 15:59:44 +02:00
Peter Hoeg
ca3f82e258 pulseaudio nixos module: run as systemd user service instead
Most of the desktop environments will spawn pulseaudio, but we can instead simply run it as a systemd service instead.

This patch also makes the system wide service run in foreground as recommended by the systemd projects and allows it to use sd_notify to signal ready instead of reading a pid written to a file. It is now also restarted on failure.

The user version has been tested with KDE and works fine there.

The system-wide version runs, but I haven't actually used it and upstream does not recommend running in this mode.
2016-04-02 23:18:22 +08:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Peter Simons
5391882ebd services.xserver.startGnuPGAgent: remove obsolete NixOS option
GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
longer requires (or even supports) the "start everything as a child of the
agent" scheme we've implemented in NixOS for older versions.

To configure the gpg-agent for your X session, add the following code to
~/.xsession or some other appropriate place that's sourced at start-up:

    gpg-connect-agent /bye
    GPG_TTY=$(tty)
    export GPG_TTY

If you want to use gpg-agent for SSH, too, also add the settings

    unset SSH_AGENT_PID
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"

and make sure that

    enable-ssh-support

is included in your ~/.gnupg/gpg-agent.conf.

The gpg-agent(1) man page has more details about this subject, i.e. in the
"EXAMPLES" section.
2016-03-18 11:06:31 +01:00
Vladimír Čunát
d6b46ecb30 Merge branch 'closure-size' into p/default-outputs 2016-03-14 11:27:15 +01:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Al Zohali
896a70aa52 KDC description fix 2016-03-07 23:24:35 +03:00
Eelco Dolstra
f3d94cfc23 Revert "Add the tool "nixos-typecheck" that can check an option declaration to:"
This reverts commit cad8957eab. It
breaks NixOps, but more importantly, such major changes to the module
system really need to be reviewed.
2016-03-01 20:52:06 +01:00
Thomas Strobel
cad8957eab Add the tool "nixos-typecheck" that can check an option declaration to:
- Enforce that an option declaration has a "defaultText" if and only if the
   type of the option derives from "package", "packageSet" or "nixpkgsConfig"
   and if a "default" attribute is defined.

 - Enforce that the value of the "example" attribute is wrapped with "literalExample"
   if the type of the option derives from "package", "packageSet" or "nixpkgsConfig".

 - Warn if a "defaultText" is defined in an option declaration if the type of
   the option does not derive from "package", "packageSet" or "nixpkgsConfig".

 - Warn if no "type" is defined in an option declaration.
2016-02-29 01:09:00 +01:00
Thomas Tuegel
a91161aa57 nixos: remove qtPlugins and gtkPlugins
Both Qt and GTK load plugins from the active profiles
automatically, so it is sufficient to install input methods
system-wide. Overriding the plugin paths may interfere with correct
operation of other plugins.
2016-02-28 07:12:55 -06:00
Leroy Hopson
3e326efffc nixos/vpnc: fix formatting of example 2016-02-27 22:25:39 +13:00
Vladimír Čunát
d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Vladimír Čunát
a115bff08c Merge branch 'master' into staging 2016-02-07 13:52:42 +01:00
Vladimír Čunát
ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Franz Pletz
65e5a727eb Merge pull request #11737 from MatrixAI/master
Simplified totalmem calculation for zram.nix
2016-01-30 23:14:44 +01:00
Nikolay Amiantov
39b5bc3b2f fontconfig service: add pre-generated fonts caches 2016-01-29 14:41:26 +03:00
Roger Qiu
5d3b1b84f5 zram: simplified totalmem calculation for zram.nix 2016-01-29 22:41:20 +11:00
Vladimír Čunát
ab8a691d05 nixos systemPackages: rework default outputs
- Now `pkg.outputUnspecified = true` but this attribute is missing in
  every output, so we can recognize whether the user chose or not.
  If (s)he didn't choose, we put `pkg.bin or pkg.out or pkg` into
  `systemPackages`.
- `outputsToLink` is replaced by `extraOutputsToLink`.
  We add extra outputs *regardless* of whether the user chose anything.
  It's mainly meant for outputs with docs and debug symbols.
- Note that as a result, some libraries will disappear from system path.
2016-01-28 11:24:18 +01:00
Tobias Geerinckx-Rice
df29b0d23f nixos: fix evaluation
After commit 5e468b9, evaluation failed with:

  error: undefined variable ‘dnsExtensionMechanism’ at
  .../nixpkgs/nixos/modules/config/networking.nix:177:33
2016-01-20 01:19:03 +01:00
Peter Simons
5e468b96b4 nixos: add 'networking.dnsExtensionMechanism' option to enable edns0 (for DNSSEC)
Set this option to 'true' (default: 'false') to enable extension mechanisms for
DNS (EDNS) in your local glibc resolver. This is required for supporting
DNSSEC, for example.

Implementation detail: the patch changes assignments to "resolv_conf_options"
to use "+=" instead of "=" to ensure that multiple users of that variable don't
overwrite each other. The generated config file is a shell script, after all,
so this should work fine.

Closes https://github.com/NixOS/nixpkgs/issues/12470.
2016-01-19 21:54:43 +01:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Thomas Strobel
a04a7272aa Add missing 'type', 'defaultText' and 'literalExample' in module definitions
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
2016-01-17 19:41:23 +01:00
Nikolay Amiantov
9df07753ce swap service: don't restart mkswap.service on switches
Sadly, we can't instruct systemd to properly restart device-name.swap when this service restarts (or I haven't found the way to do so). As of now blindly restarting it would only get you a bunch of errors about device already used -- let's avoid it.
2016-01-12 17:27:21 +03:00
Nikolay Amiantov
8d4bc5c029 nixos/swap: fix stopping mkswap for encrypted device 2016-01-12 14:54:51 +03:00
Jacob Mitchell
7ce9699a6a Fix package name typo 2016-01-02 12:37:20 -08:00