dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
107,925 Commits 3 Branches 0 Tags 4.3 GiB
bba5b1c434
Commit Graph

7567 Commits

Author SHA1 Message Date
Rickard Nilsson
a92bdc54e3 nixos/luks: Silence killall complain about non-existing cryptsetup processes 2017-05-16 09:50:10 +02:00
jammerful
d9df350695 ssh: Add Newline to KnownHostsText 
SSH expects a new line at the end of known_hosts file.
Without a new line the next entry goes on the same line
as the last entry in known_hosts causing errors.
 2017-05-15 23:49:43 -04:00
Robin Stumm
72e50645a3 znapzend service: fix autostart 2017-05-15 15:09:50 +02:00
Antonio Malara
f1ab9f3175 removing the advise to add virtualbox's guest additions in configuration.nix 
... because `nixos-generate-config` currently understand it's running under virtualbox, and correctly adds the configuration in `/etc/nixos/hardware-configuration.nix`
 2017-05-15 14:23:50 +02:00
Tuomas Tynkkynen
3d79d8c28b sd-image-*.nix: Drop minimal profile 
It's annoying to not have manpages when installing.
 2017-05-14 23:52:47 +03:00
Franz Pletz
0cd0581b75
gitlab-runner service: only depend on docker if enabled 2017-05-14 22:47:35 +02:00
Joachim Fasting
e6c65ecb12
tree-wide: remove uses of features.grsecurity 2017-05-14 15:08:51 +02:00
Jörg Thalheim
ae12ded6bf Merge pull request #25381 from sargon/nullmailer 
nullmailer + service: init at 2.0
 2017-05-13 07:13:07 +01:00
tv
f46b3a038f users-groups module: add per-user packages 2017-05-12 20:30:22 +02:00
Michał Pałka
8aa756b64a gitlab service: fix uploading artifacts from gitlab-runner 
Add the binaries from gitlab-workhorse to the path of the
gitlab-workhorse service, as gitlab-zip-metadata is needed
by the service
 2017-05-12 06:52:33 +00:00
lassulus
fd7a8f1b91 nixos/security/acme: fix acme folder permissions 2017-05-11 18:49:26 +02:00
Michał Pałka
1c7629ce63 xen service: Fix removing netfilter rules while stopping xen-bridge 
This fixes a bug in the stopping script for the xen-bridge service,
which caused the script to crash and fail to remove some
netfilter rules.
 2017-05-11 09:52:36 +00:00
Jörg Thalheim
ad67c286e1 salt-minion: link to configuration documentation 2017-05-11 07:12:04 +01:00
Aneesh Agrawal
e22ccad978 salt: Add minion service module 2017-05-10 21:26:02 -04:00
Jörg Thalheim
e33848568d
systemd-boot: document reasoning behind syncfs(2) 2017-05-10 10:32:26 +01:00
Patrick Callahan
3f6d21bafc
fish: resolve NixOS-related initialization problems 2017-05-10 10:16:10 +01:00
Jörg Thalheim
98ff062ed4 Merge pull request #25650 from Mic92/systemd-boot 
systemd-boot: sync efi filesystem after update
 2017-05-10 09:05:09 +01:00
Jörg Thalheim
7b211da119 Merge pull request #25531 from Infinisil/fix/ipfs-dataDir 
ipfs service: Fix dataDir being ignored
 2017-05-10 07:19:23 +01:00
Eric Sagnes
92bb3e8b9b i3: fix runtime dependencies 
Fixes #25633.
 2017-05-10 02:42:44 +02:00
Jörg Thalheim
9c90ff7e7d Merge pull request #25611 from Lassulus/copytoram-option 
nixos/iso-image: add option for copytoram
 2017-05-09 22:36:59 +01:00
Jörg Thalheim
e697585675
hardware.enableRedistributableFirmware: fix spelling error 2017-05-09 20:13:15 +01:00
Jörg Thalheim
e3beb07108
systemd-boot: sync efi filesystem after update 
Since fat32 provides little recovery facilities after a crash,
it can leave the system in an unbootable state, when a crash/outage
happens shortly after an update. To decrease the likelihood of this
event sync the efi filesystem after each update.
 2017-05-09 19:06:27 +01:00
Aneesh Agrawal
779ae06467 Add salt master module (#25632) 
* salt: 2016.11.2 -> 2016.11.4

* salt: Add master NixOS module
 2017-05-09 18:20:35 +01:00
Jason A. Donenfeld
6e50243d98 wireguard: preshared-key is now an attribute of the peer 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2017-05-09 16:58:39 +02:00
Jörg Thalheim
5385a8e216 Merge pull request #25636 from Mic92/firmware 
hardware: add enableRedistributalFirmware
 2017-05-09 15:57:49 +01:00
Jörg Thalheim
05aa80c06a
hardware: add enableRedistributalFirmware 
Due the recent inclusion of broadcom-bt-firmware in enableAllFirmware,
it was required to set `nixpkgs.config.allowUnfree` to obtain the full
list. To make this dependency more explicit an assertion is added and an
alternative option `enableRedistributalFirmware` is provided to only
obtain firmware with an license allowing redistribution.
 2017-05-09 15:29:08 +01:00
Maximilian Bosch
9d1db321fe
services.xserver.xautolock: add module 2017-05-09 15:02:10 +02:00
Peter Hoeg
112b5556af Merge pull request #25397 from clefru/qemu-OVMF-on-channels 
Introduce virtualisation.libvirtd.qemuOvmf.
 2017-05-09 16:36:45 +08:00
Jörg Thalheim
ddb6d0962e
environment.profileRelativeEnvVars: remove sbin from example 
follow up of https://github.com/NixOS/nixpkgs/pull/25550
 2017-05-09 08:51:04 +01:00
Jörg Thalheim
33cfad8227 Merge pull request #25550 from Mic92/sbin 
environment: remove sbin from PATH
 2017-05-09 08:39:01 +01:00
lassulus
334ac4f043 nixos/iso-image: add option for copytoram 2017-05-08 10:40:00 +02:00
Jörg Thalheim
192f8e7699
broadcom-bt-firmware: revert to unfree 
license was misinterpreted, it is now only conditionally in the all
firmware list included, if `allowUnfree` is set.

fixes #25567
 2017-05-08 09:18:11 +01:00
Franz Pletz
cce8aab9de
mattermost service: PrivateTmp broken with local postgresql 2017-05-08 09:18:32 +02:00
Joachim F
a1dc3fdf23 Merge pull request #25562 from montag451/gnome-disks-dbus 
gnome-disks: add D-Bus service
 2017-05-07 18:54:19 +01:00
Graham Christensen
4d44810fe7 Merge pull request #25365 from armijnhemel/mediawiki 
mediawiki: 1.27.1 -> 1.27.3
 2017-05-07 06:58:32 -04:00
Jörg Thalheim
6b0d8027ef
zfs: zed service is now called zfs-zed 
fixes #25566
 2017-05-07 10:22:14 +01:00
Peter Simons
71ae259627 nixos: revert changes from 3ab45f4b36 in taskserver module 
See 3ab45f4b36 (commitcomment-22029298).

Fixes https://github.com/NixOS/nixpkgs/issues/25529 (I hope).
 2017-05-06 19:50:02 +02:00
montag451
3be53fca60 gnome-disks: add D-Bus service 2017-05-06 19:40:37 +02:00
Joachim F
dc2fc5ed57 Merge pull request #25495 from michalpalka/xen-forward-dns 
xen service: Forward DNS queries from Xen guests
 2017-05-06 13:56:10 +01:00
Joachim F
6ef9875edb Merge pull request #25494 from michalpalka/xendomains 
xen service: Add the possibility to override configuration of xendomains
 2017-05-06 13:55:59 +01:00
Joachim F
e2f9c1b97b Merge pull request #25281 from michalpalka/master 
xen service: fix xen-bridge not setting the configured netmask
 2017-05-06 13:55:50 +01:00
Jörg Thalheim
539b091f6e
environment: remove sbin from PATH 
sbin is a symlink to bin. /run/current-system/sw/sbin and related
profiles only contains packages, which have this symlink. It is a subset
of bin.
 2017-05-06 08:39:27 +01:00
Silvan Mosberger
91ee3530a7 ipfs service: Fix dataDir being ignored 
IPFS uses the environment variable IPFS_PATH to determine where to look for it's data, which wasn't set previously therefore ignoring the dataDir attribute
 2017-05-05 11:25:36 +02:00
Jörg Thalheim
6ad804324f
environment: remove lib/kde4/libexec from PATH 
kde4 is gone and does need to be in $PATH anymore by default
 2017-05-05 07:50:34 +01:00
Joachim F
a2bfdd05ed Merge pull request #25451 from volth/xrdp-dont-restart 
xrdp: do not restart xrdp-sesman on nixos-rebuild
 2017-05-05 00:20:45 +01:00
Jörg Thalheim
3156ef2dfd Merge pull request #25478 from zraexy/zraexy-broadcom-bt-firmware 
broadcom-bt-firmware: init at 12.0.1.1011
 2017-05-04 22:33:06 +01:00
Domen Kožar
14f5a3d760
nixos datadog module: add processConfig option 2017-05-04 13:25:45 +02:00
Rob Vermaas
a9f054c834
dd-agent: Add default config files of dd-agent and auto_conf dir 
to /etc/dd-agent/conf.d by default, and make sure
/etc/dd-agent/conf.d is used.

Before NixOS 17.03, we were using dd-agent 5.5.X which
used configuration from /etc/dd-agent/conf.d

In NixOS 17.03 the default conf.d location is first used relative,
meaning that $out/agent/conf.d was used without NixOS overrides.

This change implements similar functionality as PR #25288, without
breaking backwards compatibility.

(cherry picked from commit 77c85b0ecbc1070d7adff31b339bede92e4193fa)
 2017-05-04 09:47:21 +00:00
Michał Pałka
e7203cb03d xen service: Forward DNS queries from Xen guests 
Provide the option forwardDns in virtualisation.xen.bridge, which
enables forwarding of DNS queries to the default resolver, allowing
outside internet access for the xen guests.
 2017-05-04 08:48:03 +00:00
Michał Pałka
3b0daa1a28 xen service: Add the possibility to override configuration of xendomains 
Add the option virtualisation.xen.domain.extraConfig, which
allows overriding options passed to xendomains.
 2017-05-04 08:31:40 +00:00
zraexy
d900478e3c broadcom-bt-firmware: init at 12.0.1.1011 
broadcom-bt-firmware: init at 12.0.1.1011
 2017-05-03 12:51:32 -08:00
Frederik Rietdijk
9e48fc3268 Merge pull request #24131 from nand0p/buildbot-0.9.5 
buildbot: 0.9.4 -> 0.9.5
 2017-05-03 07:56:29 +02:00
jammerful
d8c1977bb5 shibboleth-sp module: Set Config File Path for FastCGI Units 
Without this environment variable both shibauthorizer and
shibresponder default to ${pkgs.shibboleth-sp}etc/shibboleth/shibboleth2.xml
 2017-05-02 19:58:03 -04:00
aszlig
9dca737d62
Merge pull request #15353 (improve xrandrHeads) 
When you have a setup consisting of multiple monitors, the default is
that the first monitor detected by xrandr is set to the primary monitor.

However this may not be the monitor you need to be set as primary. In
fact this monitor set to primary may in fact be disconnected.

This has happened for the original submitter of the pull request and it
affected these programs:

 * XMonad: Gets confused with Super + {w,e,r}
 * SDDM: Puts the login screen on the wrong monitor, and does not
         currently duplicate the login screen on all monitors
 * XMobar: Puts the XMobar on the wrong monitor, as it only puts the
           taskbar on the primary monitor

These changes should fix that not only by setting a primary monitor in
xrandrHeads but also make it possible to make a different monitor the
primary one.

The changes are also backwards-compatible.
 2017-05-02 23:14:26 +02:00
Volth
9bce416637 xrdp: environment.pathsToLink from xserver.nix 2017-05-02 21:08:07 +00:00
Volth
830669ca05 xrdp: do not restart xrdp-sesman on nixos-rebuild 2017-05-02 21:08:07 +00:00
jammerful
9f18af5991 Add Shibboleth Service Provider Module 2017-05-02 11:29:58 -04:00
Daniel Ehlers
4338f096f5 nullmailer + service: init at 2.0 2017-05-02 01:46:12 +02:00
Jörg Thalheim
4c576fd946 Merge pull request #25323 from Ma27/zsh/support-pattern-highlighters 
programs.zsh.syntax-highlighting: support custom highlighting patterns
 2017-05-01 22:23:36 +02:00
Maximilian Bosch
f6e612bb8f
programs.zsh.syntax-highlighting: support custom highlighting patterns 
see https://github.com/zsh-users/zsh-syntax-highlighting/blob/master/docs/highlighters/pattern.md
for further reference.
 2017-05-01 20:58:56 +02:00
goibhniu
248a06695f Merge pull request #22236 from Baughn/mediawiki 
apache-httpd: Add 'extensions' config option for mediawiki
 2017-05-01 19:17:36 +02:00
Clemens Fruhwirth
df5d588f13 Introduce virtualisation.libvirtd.qemuOvmf. 2017-05-01 18:36:13 +02:00
Renzo Carbonara
9a5916dc47 tarsnap service: add 'verbose' config option (#25353) 2017-05-01 16:09:45 +01:00
Daniel Peebles
daf16b5679 Merge pull request #25391 from Mic92/nixos-prepare-root 
nixos-prepare-root: force symlink at /run
 2017-05-01 10:15:36 -04:00
Jörg Thalheim
361314ca71
nixos-prepare-root: force symlink at /run 
Otherwise a reinstall will fail.
 2017-05-01 16:10:58 +02:00
Michael Raskin
3ecaf3b4b5 Merge pull request #25168 from tadfisher/ups-fix 
ups: fix config generation
 2017-05-01 16:09:18 +02:00
Michael Raskin
938fbf6873 Merge pull request #25116 from rvl/gogs 
Gogs service password handling improvements
 2017-05-01 14:26:22 +02:00
Michael Raskin
b28e2788e2 Merge pull request #25009 from dermetfan/fix-znapzend-service 
znapzend service: fix reload
 2017-05-01 13:24:24 +02:00
Michael Raskin
98a36b2847 Merge pull request #23709 from lheckemann/xserver-layout-existence 
xserver: check that selected layout exists
 2017-05-01 12:16:59 +02:00
Jörg Thalheim
036e0f114a gogs: improve cookieSecure documentation 2017-05-01 11:37:12 +02:00
Michael Raskin
4d2f7b63e0 Merge pull request #24803 from pajowu/master 
browserpass: init at 1.0.2
 2017-05-01 11:27:17 +02:00
Peter Marheine
fd1f1aca9e release notes: incompatible flexget upgrade 2017-05-01 10:10:34 +02:00
Michael Raskin
7e19fcddcc Merge pull request #24366 from rvl/longview-password-file 
longview service: don't write passwords to nix store
 2017-05-01 09:39:35 +02:00
Michael Raskin
90ce1aa28a Merge branch 'master' into clickhouse 2017-05-01 07:33:31 +02:00
Michael Raskin
01ba1a40d3 Merge pull request #24341 from LumiGuide/cadviser-storageDriverPasswordFile 
cadviser: add storageDriverPasswordFile option
 2017-05-01 02:01:49 +02:00
Michael Raskin
6b31de49cf Merge pull request #24005 from ambrop72/xcursor-path 
nixos: Define XCURSOR_PATH environment variable.
 2017-04-30 23:01:57 +02:00
Armijn Hemel
cdebfa80ab mediawiki: 1.27.1 -> 1.27.3 2017-04-30 22:38:00 +02:00
Michael Raskin
1c8d388201 Merge pull request #23865 from volth/xrdp-tests 
xrdp: init at 0.9.2
 2017-04-30 22:35:48 +02:00
Michael Raskin
d5ec7bc748 Merge pull request #23697 from sargon/master 
sshguard + service: init at 2.0.0
 2017-04-30 21:43:12 +02:00
Bjørn Forsman
c282de7103 nixos/munin: remove duplicated /run/current-system/sw/bin path 
A side effect of commit ff21171921
("Fix references to current-system/sw/sbin"). It changed "sbin" to "bin"
but didn't check for duplicates.
 2017-04-30 21:04:51 +02:00
Michael Raskin
eedc0f0a78 Merge pull request #23333 from romildo/upd.qt5ct 
qt5ct: 0.24 -> 0.30
 2017-04-30 19:42:31 +02:00
Michael Raskin
929ae39dbe Merge pull request #22683 from aneeshusa/add-nixos-test-for-radicale 
Add nixos test for radicale
 2017-04-30 18:51:46 +02:00
Michael Raskin
a5d36429dc Merge pull request #22489 from avnik/nixos-locales 
nixos:  allow supply customized locale package
 2017-04-30 18:19:31 +02:00
Joachim Fasting
56e1133d75
nixos/lock-kernel-modules: fix typo in unitConfig 
I managed to miss this one somehow ... meh
 2017-04-30 15:17:29 +02:00
Joachim Fasting
a1678269f9
nixos/hardened profile: disable user namespaces at runtime 2017-04-30 15:17:27 +02:00
Thomas Tuegel
4e0d21edd1 Merge pull request #25285 from ttuegel/qt--fix-plugin-paths 
Qt: purify plugin paths, unify Linux and Darwin builders
 2017-04-30 07:33:50 -05:00
Vladimír Čunát
eb4792a03f
nixos manual: add a note about "nofail" FS option 
Close #1858, as I think the points have been well resolved.
 2017-04-30 14:10:30 +02:00
Michael Raskin
689916b98f Merge pull request #25337 from benley/nm-dnsmasq 
nixos: optional NetworkManager dnsmasq integration
 2017-04-30 12:18:34 +02:00
Joachim Fasting
1dd3ba924b
nixos/hardened profile: disable hibernation 
Recommended by KSPP
 2017-04-30 12:06:11 +02:00
Joachim Fasting
ffa83edf4a
nixos/tests: add tests for exercising various hardening features 
This test exercises the linux_hardened kernel along with the various
hardening features (enabled via the hardened profile).

Move hidepid test from misc, so that misc can go back to testing a vanilla
configuration.
 2017-04-30 12:05:42 +02:00
Joachim Fasting
ab4fa1cce4
tree-wide: prune some dead grsec leaves 
The beginning of pruning grsecurity/PaX from the tree.
 2017-04-30 12:05:41 +02:00
Joachim Fasting
8c98e8ca2f
nixos/hardened profile: use the linux_hardened kernel 2017-04-30 12:05:40 +02:00
Joachim Fasting
6a5a5728ee
nixos/hardened profile: lock kernel modules 2017-04-30 12:05:38 +02:00
Joachim Fasting
878ad1ce6e
nixos: add option to lock kernel modules 
Adds an option `security.lockKernelModules` that, when enabled, disables
kernel module loading once the system reaches its normal operating state.

The rationale for this over simply setting the sysctl knob is to allow
some legitmate kernel module loading to occur; the naive solution breaks
too much to be useful.

The benefit to the user is to help ensure the integrity of the kernel
runtime: only code loaded as part of normal system initialization will be
available in the kernel for the duration of the boot session.  This helps
prevent injection of malicious code or unexpected loading of legitimate
but normally unused modules that have exploitable bugs (e.g., DCCP use
after free CVE-2017-6074, n_hldc CVE-2017-2636, XFRM framework
CVE-2017-7184, L2TPv3 CVE-2016-10200).

From an aestethic point of view, enabling this option helps make the
configuration more "declarative".

Closes https://github.com/NixOS/nixpkgs/pull/24681
 2017-04-30 12:05:37 +02:00
Jörg Thalheim
fa5196e47e Merge pull request #25005 from Lassulus/copytoram 
nixos/stage1: add copytoram support
 2017-04-30 11:22:45 +02:00
Benjamin Staffin
9827d5f95c
nixos: optional NetworkManager dnsmasq integration 2017-04-30 00:44:19 -07:00
Volth
5e8ad49de8 do not create non-deterministic file (rsakeys.ini) in nixstore 2017-04-29 17:23:35 +00:00
volth
dad760061e xrdp: init at 0.9.1 2017-04-29 17:23:35 +00:00
Michael Weiss
852813689a desktop-managers: Use a black BG as fallback 
Use a solid black background when no background image (via
~/.background-image) is provided. In my case this fixes the really
strange behaviour when i3 without a desktop manager starts with the SDDM
login screen as background image.
 2017-04-29 19:03:30 +02:00
Joachim Fasting
63433537ce
nixos/hardened profile: disable legacy virtual syscalls 
This eliminates a theoretical risk of ASLR bypass due to the fixed address
mapping used by the legacy vsyscall mechanism.  Modern glibc use vdso(7)
instead so there is no loss of functionality, but some programs may fail
to run in this configuration.  Programs that fail to run because vsyscall
has been disabled will be logged to dmesg.

For background on virtual syscalls see https://lwn.net/Articles/446528/

Closes https://github.com/NixOS/nixpkgs/pull/25289
 2017-04-29 17:27:11 +02:00