Ricardo M. Correia
a11dc2f0a3
grsecurity: Add denyUSB
option to grsec NixOS module
...
The option had been added to the grsec build-support code,
but it hadn't been added to the grsec module.
After this commit, grsec module users will be able to change
the default value. It also serves to document that this option
exists and that NixOS will disable it by default.
2015-01-20 19:18:06 +01:00
Joachim Fasting
7023e03d77
firewall service: fix pingLimit example value
...
The example uses single dashes, whereas iptables requires double dashes.
2015-01-20 08:47:11 +01:00
lethalman
d957d9e6bc
Merge pull request #5517 from paraseba/bumblebee
...
Bumblebee config to enable multiple monitors
2015-01-19 15:00:11 +01:00
wmertens
d3383e4879
Merge pull request #4394 from wmertens/patch-6
...
setup-etc.pl: Fail when symlink/rename fails
2015-01-19 12:39:41 +01:00
lethalman
9cd9264ef3
Merge pull request #5849 from robberer/systemd/restartassert
...
systemd: extend checkUnitConfig with on-abnormal
2015-01-19 11:48:48 +01:00
Longrin Wischnewski
4b0100774a
systemd: extend checkUnitConfig with on-abnormal
2015-01-19 11:41:18 +01:00
Andrey Arapov
04be7262a6
nixos/dovecot: added configFile option and default Restart on-failure, PR #5845
...
Absolute path is required when one has such postfix configuration
where he/she needs to specify the actual (real) path to active dovecot
config.
Without this commit applied, the dovecot is running in such way:
/nix/store/hashAAA-dovecot-ver/sbin/dovecot -F -c /nix/store/hashBBB-dovecot2.conf
and postfix can't be aware of the value of "hashBBB" via services.postfix.extraConfig = '' ... '';
(it can only be aware of "hashAAA" with ${pkgs.dovecot} parameter)
Also enable Restart on-failure.
Edit: set RestartSec to 1s
2015-01-19 11:05:56 +01:00
William A. Kennington III
130f66b683
nixos/sync-server: Respect the enable option
2015-01-18 14:21:40 -08:00
Domen Kožar
3b174a4024
Merge pull request #5301 from nbp/syncserver
...
Add Firefox Sync service
2015-01-18 17:47:51 +01:00
Nicolas B. Pierron
8196727fad
Improve the documentation of the syncserver module.
2015-01-18 12:21:23 +01:00
Nicolas B. Pierron
0d13ea0131
Change default syncserver listen.port to a safer one.
2015-01-18 12:20:44 +01:00
Domen Kožar
b92a62165d
Merge pull request #5726 from spwhitt/zsh-command-not-found
...
command-not-found: Add ZSH Support
2015-01-17 18:15:35 +01:00
Damien Cassou
a7024cb4b4
Create a nixos module for cups-browsed
2015-01-16 14:10:57 +01:00
Eelco Dolstra
efa8fc2b0a
Paranoia
2015-01-15 18:37:55 +01:00
Eelco Dolstra
b9c4569b6b
nixos-install: Create /root with 700 permission
2015-01-15 18:37:55 +01:00
Eelco Dolstra
3ca275d7ba
NixOS containers: Create /root with 700 permission
...
Systemd-nspawn creates /root with 755 permission if it doesn't exist,
which is bad. So we have to create it ourselves before calling
systemd-nspawn.
2015-01-15 17:51:43 +01:00
Eelco Dolstra
24ce7ff3ea
test-instrumentation.nix: Prevent calling a pager
2015-01-15 14:39:29 +01:00
Edward Tjörnhammar
837cfbb9ea
nixos: adding nylon service with uid,gid
2015-01-14 22:08:47 +01:00
William A. Kennington III
8e5ef7da54
nixos/network-interfaces: Fix rstp support
2015-01-14 10:34:28 -08:00
Luca Bruno
804a958663
pam: add pam_wheel
2015-01-14 18:32:08 +01:00
Luca Bruno
2beb43174f
nixos-rebuild: use reload-or-restart for dbus. Closes #5767
...
Now that dbus reload has been moved before restarting units,
the reload may fail if dbus has been stopped before.
The reload-or-restart will reload dbus if it's active,
otherwise start it.
2015-01-14 16:08:47 +01:00
Rob Vermaas
df7923fa82
Merge pull request #5515 from oconnorr/master
...
GCE updates to ntp server and to fetch all ssh keys
2015-01-14 13:19:38 +01:00
Matej Cotman
4e6efec4b4
enlightenment: fix media preview
2015-01-13 14:56:35 +01:00
mokasin
dd6dfde575
Add auto-start option to containers.
2015-01-12 18:26:22 +01:00
Spencer Whitt
6cba6dc61b
command-not-found: Add ZSH Support
2015-01-12 03:45:48 -05:00
Vladimír Čunát
72d2d59cd4
/etc/ssh/ssh_known_hosts: refactor and fix #5612
...
Generating the file was refactored to be completely in nix.
Functionally it should create the same content as before,
only adding the newlines.
CC recent updaters: @aszlig, @rickynils.
2015-01-11 22:14:25 +01:00
Peter Simons
43bae26b33
Merge pull request #5627 from oxij/update-postfix
...
postfix: make 2.11 the default, nixos: update postfix config for 2.11
2015-01-11 11:28:31 +01:00
Arseniy Seroka
4f596fb93f
Revert "zsh: profile-relative functions path"
...
This reverts commit 766207ca1d
.
We need to solve the problem with `environment.profileRelativeEnvVars`.
The best workaround is to make profileRelativeEnvVars prepend paths.
2015-01-10 22:11:13 +03:00
Shea Levy
cca8bae86e
Merge branch 'rngd-fix' of git://github.com/abbradar/nixpkgs
2015-01-08 09:36:29 -05:00
lethalman
908c47b281
Merge pull request #5550 from abbradar/fprintd
...
add fprintd support
2015-01-08 14:58:22 +01:00
William A. Kennington III
dd7efcbf36
java: More default cleanups
2015-01-07 14:55:41 -08:00
William A. Kennington III
c82410eeda
java: Normalize to the default jre / jdk
2015-01-07 14:55:41 -08:00
William A. Kennington III
9a7766e054
nixos/network-interfaces: Add mstpd support for bridges
2015-01-07 14:49:24 -08:00
Peter Simons
24f5b2a1a0
Merge pull request #5619 from oxij/various-changes-2
...
Various (hopefully) small changes
2015-01-07 16:59:10 +01:00
Jan Malakhovski
265c1c1472
postfix: make 2.11 the default, nixos: update postfix config for 2.11
...
postfix 2.11 is much more humane with respect to disk writes since it uses
sockets (which do not change inodes on accesses) instead of fifos (which do).
2015-01-07 15:43:32 +00:00
Jan Malakhovski
b6646f7ba7
nixos: make zsh use fcntl for locking history files by default
...
Without this zsh creates and then unlinks .lock files at each interactive
input line, which is inhumane with respect to disk.
2015-01-07 15:43:01 +00:00
j-keck
3ced0d94ac
doc: use postgresql94
...
update postgresql module doc to use postgresql94 (was postgresql93)
2015-01-07 13:21:18 +01:00
William A. Kennington III
20d2092ff8
nixos/base: Add efi management utilities
2015-01-07 01:52:47 -08:00
Russell O'Connor
d1a58ef7c6
google-compute-image.nix: Try to download all SSH host keys from metadata server.
2015-01-06 12:06:54 -05:00
Nikolay Amiantov
dbc0395b2b
nixos/rngd: some fixes
2015-01-06 17:27:07 +03:00
Russell O'Connor
3251948029
Generate SSH host public key from the private key.
2015-01-05 15:20:55 -05:00
Russell O'Connor
d1cbbff1e3
Call wget directly in fetch-ssh-keys service.
2015-01-05 15:20:55 -05:00
Russell O'Connor
6382e16014
google-compute-image.nix: unconditionally clean up /root/key.pub /root/authorized-keys-metadata
2015-01-05 15:18:02 -05:00
Russell O'Connor
b19ab1f046
google-comute-image.nix: set umask 077 when downloading private keys from the metadata server.
2015-01-05 15:01:49 -05:00
Russell O'Connor
e548a4330d
google-compute-image.nix: use internal google NTP server.
2015-01-05 12:45:23 -05:00
Peter Simons
ea94a6d653
nixos/modules/services/misc/nix-daemon.nix: document meaning of '0' for the buildCores attribute
2015-01-05 15:38:08 +01:00
Rob Vermaas
c5caa853ec
dd-agent: set SSL_CERT_FILE for dogstatsd.
...
(cherry picked from commit c67204dec2
)
2015-01-05 13:15:22 +01:00
Eelco Dolstra
ae7d79cd61
Fix some bad gids
...
Issue #3727 .
2015-01-05 11:58:17 +01:00
Rob Vermaas
ea9530b5c7
Fix GCE image build.
...
(cherry picked from commit 98af87cd4a
)
2015-01-05 09:35:35 +01:00
William A. Kennington III
8ec82fcb18
nixos/samba: Allow package version setting
2015-01-03 21:45:16 -08:00