Joachim Fasting
a1678269f9
nixos/hardened profile: disable user namespaces at runtime
2017-04-30 15:17:27 +02:00
Joachim Fasting
1dd3ba924b
nixos/hardened profile: disable hibernation
...
Recommended by KSPP
2017-04-30 12:06:11 +02:00
Joachim Fasting
8c98e8ca2f
nixos/hardened profile: use the linux_hardened kernel
2017-04-30 12:05:40 +02:00
Joachim Fasting
6a5a5728ee
nixos/hardened profile: lock kernel modules
2017-04-30 12:05:38 +02:00
Joachim Fasting
63433537ce
nixos/hardened profile: disable legacy virtual syscalls
...
This eliminates a theoretical risk of ASLR bypass due to the fixed address
mapping used by the legacy vsyscall mechanism. Modern glibc use vdso(7)
instead so there is no loss of functionality, but some programs may fail
to run in this configuration. Programs that fail to run because vsyscall
has been disabled will be logged to dmesg.
For background on virtual syscalls see https://lwn.net/Articles/446528/
Closes https://github.com/NixOS/nixpkgs/pull/25289
2017-04-29 17:27:11 +02:00
Joachim Fasting
063ac40304
nixos: add a "hardened" profile
...
The idea is to provide a convenient way to enable most vanilla hardening
features in one go. The hardened profile, then, will serve as a place for
features that enhance security but cannot be enabled for all deployments
because they interfere with legitimate use cases (e.g., using ptrace to
debug problems in an already running process).
Closes https://github.com/NixOS/nixpkgs/pull/24680
2017-04-23 11:00:52 +02:00
Thomas Tuegel
8e6bdcc731
nixos: fix renaming warning in graphical profile
2017-03-03 07:27:41 -06:00
Graham Christensen
b12564cc1b
nixos: update default cases from KDM/KDE4 to SDDM/KDE5
2017-02-09 21:52:00 -05:00
taku0
8dfa60ce73
nixos-generate-config.pl, all-hardware.nix: Add support for Hyper-V
2017-02-05 18:22:26 +09:00
Pascal Bach
01fd86723c
install-device: correct command to start sshd
2017-01-25 21:09:31 +01:00
Pascal Bach
03ef04f0a4
install-device: permit root login with password
...
Allow password login to the installation this allows doing remote installation
via SSH. All that need to be done on the local machine is:
1. Boot from the installation media
2. Set a password with passwd
3. Enable SSH with systemctl start sshd
It is safe as root doesn't have a password by default
and SSH is disabled by default.
Fixes #20718
2017-01-25 21:09:31 +01:00
Tuomas Tynkkynen
b63f97c6e6
installer: Include stdenvNoCC
...
And don't include ArchiveCpio as that one is no longer needed after
5a8147479
("make-initrd: create reproducible initrds").
2017-01-23 23:49:18 +02:00
Robin Gloster
f4f4200d9a
install-devices: add vim
...
This moves vim to the install-device profile to add vim to netboot, too.
Fixes #20013 (see discussion there for further information)
2017-01-18 17:57:31 +01:00
Franz Pletz
88908145ea
nixos installer: don't log refused packets to console
...
Fixes #19764 .
2017-01-09 19:24:41 +01:00
Lluís Batlle i Rossell
33d07c7ea9
zfs cannot be distributed. Disabling it in the isos.
...
It seems that it is a GPL violation to distribute zfs in the
installation ISOs.
https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/
If anyone knows the issue better and has a reason to reenable it
legally, feel free to reenable it. I don't know much about it.
2016-12-28 14:57:06 +01:00
Franz Pletz
da600849e3
nixos: disable sound for minimal ISO
...
Saves a few megabytes of ALSA stuff.
2016-11-23 02:24:13 +01:00
Franz Pletz
f983743d75
w3m-nox: use imlib2 without X11 support
...
Also, the minimal live CD previously installed both the X11 and
non-X11 versions (through services.nixosManual) of w3m.
2016-11-23 02:24:12 +01:00
Franz Pletz
ffac67fcf3
nixos/base: don't include dar & cabextract in ISO
...
Should free up lots of space due to dependency on gnupg, which dpeends on
openldap which pull in gcc.
2016-11-23 02:24:11 +01:00
Bjørn Forsman
32efdb7128
treewide: sshfsFuse -> sshfs-fuse
2016-09-18 17:44:30 +02:00
Eelco Dolstra
ab49ebe6fa
Make it possible to disable "info"
2016-09-05 14:53:27 +02:00
Eelco Dolstra
5e5df88457
modules/profiles/minimal.nix: Disable "man"
2016-09-05 14:53:27 +02:00
Eric Sagnes
9236eedbc3
documentation: fix start display-manager command
...
[Bjørn: The 'start' alias was removed in commit 1d9651e723
("Remove systemd shell aliases").]
2016-07-04 10:25:31 +02:00
Tuomas Tynkkynen
60f5659dad
treewide: Use correct output in ${config.nix.package}/bin
2016-04-25 16:44:37 +02:00
Eelco Dolstra
0729f60697
Remove "which" from base.nix
2016-04-18 14:20:49 +02:00
Eelco Dolstra
cd396076ec
Revert "Revert "Remove which -> type -P alias.""
...
This reverts commit ddd480ac30
. Gave it
some more thought.
2016-04-18 14:20:49 +02:00
Vladimír Čunát
d1df28f8e5
Merge 'staging' into closure-size
...
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Vladimír Čunát
ab15a62c68
Merge branch 'master' into closure-size
...
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Eelco Dolstra
1783e33b06
Fix the boot-ec2-config test
2016-03-30 22:22:40 +02:00
Eelco Dolstra
ddd480ac30
Revert "Remove which -> type -P alias."
...
This reverts commit e8e8164f348a0e8655e1d50a7a404bdc62055f4e. I
misread the original commit as adding the "which" package, but it only
adds it to base.nix. So then the original motivation (making it work
in subshells) doesn't hold. Note that we already have some convenience
aliases that don't work in subshells either (such as "ll").
2016-03-25 17:17:07 +01:00
Vladimír Čunát
09af15654f
Merge master into closure-size
...
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Domen Kožar
73ba0ae2de
Remove which -> type -P alias.
...
Aliases are not the same as programs. They won't work in subshells.
It's better to just use which as it's only 88K.
2016-03-03 16:15:25 +00:00
Eelco Dolstra
806b27a297
qemu-guest.nix: Disable rngd
...
This gets rid of a zillion "rngd[N]: read error" messages during boot.
2016-02-23 11:56:09 +01:00
Vladimír Čunát
716aac2519
Merge branch 'staging' into closure-size
2016-01-19 09:55:31 +01:00
Robin Gloster
391c330042
wpa_supplicant service: jobs -> systemd.services
...
Fixes an occurence of `jobs` usage causing tests to fail to evaluate.
thanks @domenkozar
2016-01-06 03:58:39 +00:00
Tuomas Tynkkynen
9ac80c1f15
installation-cd-graphical: Enable the 'synaptics' touchpad driver
...
This is needed to get touchpad working in the installer on several
laptops. Tested on a Thinkpad X250.
2015-12-24 17:45:51 +02:00
Luca Bruno
a412927924
Merge remote-tracking branch 'origin/master' into closure-size
2015-11-25 21:37:30 +01:00
Roger Qiu
1ddbc20dac
Change the preset networking.hostId to use mkDefault
so it can be easily changed by the user later
2015-11-22 01:03:16 +11:00
Vladimír Čunát
5227fb1dd5
Merge commit staging+systemd into closure-size
...
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
Jan Malakhovski
dddcec21fe
nixos: add xfs support to profiles/minimal
2015-09-18 18:58:18 +00:00
Vladimír Čunát
7dc9450ed2
nixos/ISO profile: fix defaultLocales :-)
...
https://github.com/NixOS/nixpkgs/commit/eb4a88d8fd2#commitcomment-12527102
2015-08-06 12:30:38 +02:00
Eelco Dolstra
91e71725d4
Remove some obsolete references to <nixos>
2015-08-05 17:37:08 +02:00
rushmorem
d9c56c696f
Replaces https://github.com/NixOS/nixpkgs/pull/8368
2015-06-17 19:26:17 +02:00
Rushmore Mushambi
8170e74d9f
Revert "Make it possible to boot NixOS from a SCSI Disk on KVM"
2015-06-17 19:13:08 +02:00
rushmorem
ee3768b9ba
Make it possible to boot NixOS from a SCSI Disk on KVM
...
Currently NixOS can't boot from a SCSI disk as a KVM Guest.
I found this out while installing it on the new [Linode KVM
platform](https://www.linode.com/docs/platform/kvm#custom-kernel-configuration ).
2015-06-17 17:28:07 +02:00
Eelco Dolstra
e5db79a859
Move stuff to modules/profiles/installation-device.nix
2015-06-10 15:28:55 +02:00
Eelco Dolstra
6bf1853387
Don't include 4 editors in the minimal installation CD
...
Emphasis on "minimal".
2015-06-04 11:06:44 +02:00
Eelco Dolstra
2a1c342887
Disable the manual in the minimal profile
2015-05-26 20:20:53 +02:00
Vladimír Čunát
375bc8def7
Merge staging into closure-size
2015-05-05 11:49:03 +02:00
Ricardo M. Correia
f5e7190572
nixos.system_tarball_pc: Fix evaluation
...
It was broken due to 57b05765c9
.
ZFS requires `networking.hostId` to be set.
2015-04-28 17:15:02 +02:00
Eelco Dolstra
19366a10fc
Remove redundant i18n.supportedLocales setting
...
This is already set in profiles/minimal.nix.
Probably fixes #7589 .
2015-04-27 19:21:28 +02:00
Vladimír Čunát
e81e2785c7
xfsprogs: fix outputs and references
2015-04-21 09:02:40 +02:00
Eelco Dolstra
650492c5c8
minimal.nix: Get rid of most Glibc locales
...
This cuts ~100 MB from the system closure.
Issue #7117 .
2015-04-20 11:32:28 +02:00
Eelco Dolstra
3d2b24d161
Remove pciutils and usbutils from the default system path
...
Issue #7117 .
2015-04-20 11:21:20 +02:00
Eelco Dolstra
2b6d011bec
Include cifs-utils only when needed
...
Issue #7117 .
2015-04-19 22:06:45 +02:00
Eelco Dolstra
1cb5583c05
container.nix -> docker-container.nix
2015-04-19 22:06:45 +02:00
Eelco Dolstra
57b05765c9
Don't include ntfs-3g by default
...
Issue #7117 .
2015-04-19 22:06:45 +02:00
Tuomas Tynkkynen
25062f56d4
Installation CD: automatic log in at virtual consoles
2015-04-14 12:51:24 +03:00
William A. Kennington III
20d2092ff8
nixos/base: Add efi management utilities
2015-01-07 01:52:47 -08:00
Jaka Hudoklin
d8ee91cb54
nixos: container profile, fix a few things
2014-12-12 20:28:01 +01:00
Jaka Hudoklin
f2e20fa837
nixos: container profile, update /init symlink on rebuild
2014-12-12 02:55:23 +01:00
Jaka Hudoklin
deb28cf0b1
nixos: container tarball release
...
- Create container nixos profile
- Create lxc-container nixos config using container nixos profile
- Docker nixos image, use nixos profile for its base config
2014-12-11 23:17:27 +01:00
William A. Kennington III
5ae216558f
jfsrec: Remove derivation
2014-11-02 17:22:27 -08:00
Eelco Dolstra
585983bc95
Merge remote-tracking branch 'origin/staging'
...
Conflicts:
pkgs/applications/version-management/subversion/default.nix
2014-09-08 11:42:09 +02:00
Eelco Dolstra
1f7c775910
Remove unrar from the installation CD since it's unfree
2014-09-05 14:25:17 +02:00
Vladimír Čunát
e51f73652d
Merge recent master into staging
...
Hydra: ?compare=1149952
Conflicts:
nixos/doc/manual/configuration.xml (changed split file)
nixos/modules/config/users-groups.nix (choosing filterNull instead of inline definition)
pkgs/development/libraries/readline/readline6.3.nix (auto-solved)
2014-08-30 10:04:02 +02:00
Eelco Dolstra
a323d146b7
Add user attribute isNormalUser
...
This is shorthand for setting group, createHome, home, useDefaultShell
and isSystemUser.
2014-08-15 02:16:04 +02:00
Vladimír Čunát
02cb604fd6
initrd.availableKernelModules: add support for keyboards
...
As explained in #2169 , some keyboards need special drivers,
so these are always added, both on installation and normal systems.
2014-08-12 20:00:01 +02:00
Eelco Dolstra
5e96158234
Remove Subversion from the installation CD
2014-07-30 16:04:15 +02:00
Emery Hemingway
c96d5fe170
nixos: f2fs filesystem module support ( close #2085 )
2014-05-11 13:53:26 +02:00
Eelco Dolstra
4a08f37206
Don't start getty@tty1 on headless machines (like EC2)
...
Backport: 14.04
2014-05-05 16:47:36 +02:00
Eelco Dolstra
be0f5eb45c
qemu-guest.nix: Load virtio_rng
...
This allows the guest to have a paravirtualized RNG, if the host
provides it.
2014-04-30 18:23:42 +02:00
Eelco Dolstra
150d3b0095
no-x-libs.nix: Disable su xauth forwarding, and X11 dependency in dbus
2014-04-16 16:58:06 +02:00
Eelco Dolstra
29027fd1e1
Rewrite ‘with pkgs.lib’ -> ‘with lib’
...
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Shea Levy
452a1f9318
Revert "Turn on user-controlled wpa-cli on the livecd"
...
user-controlled wpa-cli requires explicit interface setting for some
reason
This reverts commit c6797b373f
.
2014-04-08 18:26:52 -04:00
Shea Levy
c6797b373f
Turn on user-controlled wpa-cli on the livecd
...
Fixes #1204
2014-04-04 17:05:57 -04:00
Eelco Dolstra
1c192e1fea
Another attempt to fix the installer test
...
http://hydra.nixos.org/build/9904133
2014-03-30 16:53:23 +02:00
Domen Kožar
ee14f8da9a
remove references to isSystemUser and fix eval of tested job
2014-02-08 21:10:00 +01:00
Eelco Dolstra
657c8d9ea7
Hack to work around the lack of isPath
2013-10-28 22:45:57 +01:00
Eelco Dolstra
5c1f8cbc70
Move all of NixOS to nixos/ in preparation of the repository merge
2013-10-10 13:28:20 +02:00