3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

7858 commits

Author SHA1 Message Date
aszlig 6e5d2f8963
nixos/xserver: Properly validate XKB options
Checking the keyboard layout has been a long set of hurdles so far, with
several attempts. Originally, the checking was introduced by @lheckemann
in #23709.

The initial implementation just was trying to check whether the symbols/
directory contained the layout name.

Unfortunately, that wasn't enough and keyboard variants weren't
recognized, so if you set layout to eg. "dvorak" it will fail with an
error (#25526).

So my improvement on that was to use sed to filter rules/base.lst and
match the layout against that. I fucked up twice with this, first
because layout can be a comma-separated list which I didn't account for
and second because I ran into a Nix issue (NixOS/nix#1426).

After fixing this, it still wasn't enough (and this is btw. what
localectl also does), because we were *only* matching rules but not
symbols, so using "eu" as a layout won't work either.

I decided now it's the time to actually use libxkbcommon to try
compiling the keyboard options and see whether it succeeds. This comes
in the form of a helper tool called xkbvalidate.

IMHO this approach is a lot less error-prone and we can be sure that we
don't forget about anything because that's what the X server itself uses
to compile the keymap.

Another advantage of this is that we now validate the full set of XKB
options rather than just the layout.

Tested this against a variety of wrong and correct keyboard
configurations and against the "keymap" NixOS VM tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @lheckemann, @peti, @7c6f434c, @tohl, @vcunat, @lluchs
Fixes: #27597
2017-07-28 12:39:55 +02:00
Robin Gloster 2799a94963
zfs, spl: 0.6.5.11 -> 0.7.0 2017-07-27 19:00:54 +02:00
Volth 688dc4e4c3 tinc_pre: avoid infinite loop with EBADFD on network restart 2017-07-27 18:04:33 +02:00
Mateusz Kowalczyk 93d364f4f5 mongodb: we already set quiet in config 2017-07-27 13:26:36 +01:00
Graham Christensen 107d931b44 Merge pull request #27677 from peterhoeg/u/mcelog
mcelog: 148 -> 153
2017-07-27 06:34:10 -04:00
Peter Hoeg f5c0607f8d mcelog: use .service file from upstream 2017-07-27 13:06:20 +08:00
Graham Christensen d4ef5ac0e9
nixos/tahoe: fixup create-introducer, syntax regression from 90acbe5, improperly patched in 72f85b9e07 2017-07-26 19:13:21 -04:00
Graham Christensen 72f85b9e07
nixos/tahoe: fixup create-introducer, syntax regression from 90acbe5 2017-07-26 19:05:26 -04:00
Martin Wohlert 9be26f81ca change swap.randomEncryption config option to "coercedTo" for backwards compatibility 2017-07-26 20:57:10 +03:00
Martin Wohlert c3d5cfdc3c swap: extend randomEncryption to plainOpen and ability to select cipher 2017-07-26 20:57:10 +03:00
Peter Hoeg 588e3da3f4 Merge pull request #26761 from gnidorah/master3
qt5ct module: expose qtstyleplugins
2017-07-26 22:44:45 +08:00
Nikolay Amiantov 358abce837 autofs service: fix the manual
Fixes #27202.
2017-07-26 15:24:43 +03:00
k0ral a3e6df6ee2 environment.noXlibs: Disable gnome when noXLibs is set (#27567) 2017-07-26 08:54:42 +02:00
edef 10c6df2e3c nixos/…/swap.nix: don't create a LUKS header for randomEncryption
Creating and then erasing the key relies on the disk erasing data
correctly, and otherwise allows attackers to simply decrypt swap just
using "secretkey". We don't actually need a LUKS header, so we can save
ourselves some pointless disk writes and identifiability.

In addition, I wouldn't have made the awful mistake of backing up my swap partition's LUKS header instead of my zpool's. May my data rest in peace.
2017-07-26 08:45:50 +02:00
0xABAB 90acbe5449
Cleanup tahoe module
- Remove useless escape of question mark
- Fix and quoting
- Add some '&&s' for correctness
- Add escapeShellArg
- Remove &&s in preStart

Edited by grahamc: fixed the ${} typo on line 246
2017-07-25 22:09:43 -04:00
Volth 00512470ec tinc service: add CLI tools to the $PATH
Now user can execute e.g. "sudo tinc.netname dump nodes"
2017-07-25 23:13:58 +02:00
Jörg Thalheim 97544a6c38 Merge pull request #27627 from volth/zookeeper-escape-shell
nixos/zookeeper: escape cfg.extraCmdLineOptions
2017-07-25 07:46:05 +01:00
Charles Strahan c1fdf3341b Merge pull request #27347 from cstrahan/osquery-new
osquery: init at 2.5.2
2017-07-24 21:51:10 -04:00
Charles Strahan 53426f6cb9
osquery: init at 2.5.2 2017-07-24 21:47:32 -04:00
Volth f2bfb459c4 nixos/zookeeper: escape cfg.extraCmdLineOptions 2017-07-24 22:27:58 +00:00
Aristid Breitkreuz 63190540a8 wireguard: sometimes module tries to re-add the default route, which fails - use replace to make it succeed 2017-07-23 23:08:39 +02:00
Joachim F 1a768eba2a Merge pull request #26632 from jazmit/nixpkgs
coturn: allow use of ports < 1024
2017-07-23 12:56:05 +01:00
gnidorah 9f61c7f947 qt5ct module: expose qtstyleplugins 2017-07-23 12:56:04 +03:00
Jörg Thalheim b1bff52a5c Merge pull request #27469 from Ma27/oh-my-zsh/make-pkg-configurable
programs.zsh.ohMyZsh: add `package` option to make package overrides on module-base easier
2017-07-22 10:00:35 +01:00
Joel Thompson 9dc51dc00d exhibitor: Fix bugs in previous package
The previous package didn't build properly due to a bug in the build
script, and the nixos module didn't evaluate due to missing descriptions
in the options. This fixes both issues.

It also adds missing command-line options that weren't able to be set
and properly converts bools to the strings exhibitor expects.
2017-07-21 16:14:04 -04:00
Franz Pletz 1697684591
docker module: fix autoPrune.enable description
cc #27503
2017-07-21 16:54:40 +02:00
Joel Thompson 4b42fc4b8a exhibitor: init at 3.4.9
Initial Exhibitor nix package and nixos module for Netflix's Exhibitor,
which is a manager for Apache Zookeeper.
2017-07-21 09:45:37 -04:00
Rhys 8777174d60 nixos/oauth2_proxy: actually pass provider-specific options
Syntax errors prevented important parameters from being passed to
oauth2_proxy, which could have permitted unauthorised access to
services behind the proxy.
2017-07-21 00:27:06 +02:00
Pascal Bach 22acfd0327 docker service: add option to do automatic pruning
This allows to run the prune job periodically on a machine.
By default the if enabled the job is run once a week.

The structure is similar to how system.autoUpgrade works.
2017-07-20 20:33:16 +02:00
Michael Peyton Jones b09c87ab47 Factorio service: fix typo in attribute path 2017-07-20 20:32:25 +02:00
Franz Pletz 226964861f Merge pull request #27405 from rvl/postgresql-xml
postgresql: fix nixos tests and add xml support
2017-07-20 20:31:38 +02:00
Franz Pletz 00b6ac7bd3 Merge pull request #26419 from roblabla/feature-sasl
cyrus-sasl: Add saslauthd service and LDAP support
2017-07-20 20:23:52 +02:00
Maximilian Bosch 95bf0cc1cb
programs.zsh.ohMyZsh: add package option to make package overrides on module-base easier 2017-07-20 08:54:10 +02:00
Graham Christensen 2b2a6f2070
nixos/ldap: remove tls_checkpeer no when using TLS 2017-07-19 19:23:40 -04:00
Rodney Lorrimar 0b027720af nixos tests: run postgresql tests with postgres user 2017-07-19 22:13:02 +01:00
Daiderd Jordan a03d6116ce
gitlab: fix archive urls for gitlab service
Accessing an url like https://gitlab.example.org/group/project/repository/archive.tar.gz?ref=master
requires tar/gzip to be in the path of the gitlab-workhorse service otherwise it fails.
2017-07-19 21:34:17 +02:00
zimbatm 14f53e5251 Merge pull request #26214 from zimbatm/google-compute-image
Google compute image
2017-07-19 09:49:20 +01:00
Benno Fünfstück 99fbd867ef Merge pull request #27031 from jerith666/cnijfilter-2-80
cnijfilter: init at 2.80
2017-07-18 14:37:32 +02:00
Graham Christensen ef95175ba3
manual: update mailing list links 2017-07-18 07:54:36 -04:00
Domen Kožar d03178aae3
Point to the new mailing list by replacing the old link 2017-07-18 13:44:10 +02:00
Rob Vermaas ec313abdce
Add file with Azure image locations, similar to ec2-amis.nix. Will be used by nixops.
(cherry picked from commit e93f26847e)
2017-07-18 09:18:51 +00:00
Rob Vermaas 412bfda422
Add file with GCE image locations, similar to ec2-amis.nix. Will be used by nixops.
(cherry picked from commit 9d810ddcc1)
2017-07-18 09:16:15 +00:00
Eelco Dolstra 17642b5fd0
nix: 1.11.12 -> 1.11.13 2017-07-18 10:54:01 +02:00
Jörg Thalheim 26f85e4253 Merge pull request #27410 from florianjacob/journalwatch
journalwatch & journalwatch service: init at 1.1.0
2017-07-18 08:19:33 +01:00
Aristid Breitkreuz 9b0ff955fd wireguard: allow not storing private keys in world-readable /nix/store (#27433)
* wireguard: allow not storing private keys in world-readable /nix/store
2017-07-17 23:55:31 +02:00
Falco Peijnenburg b09d036342 Strongswan after network-online instead of network
The systemd service file shipped with strongswan has strongswan started after `network-online`. It turns out that this is for good reason: failure to connect on boot otherwise. 

See this thread on the mailing list, which my colleague initiated after finding that our NixOS strongswan config wouldn't connect on boot:
https://lists.strongswan.org/pipermail/users/2017-January/010359.html

Tested on a local config (which has the strongswan service config overridden).
2017-07-17 20:17:58 +02:00
Wout Mertens c4783a982b nginx: add gzip_vary to recommended settings
Google PageSpeed recommends turning this on to allow proxies to cache
2017-07-17 20:15:59 +02:00
Jörg Thalheim 04c944cdb4 Merge pull request #27057 from Nadrieril/bitlbee-libpurple
bitlbee service: Add option to load libpurple plugins into bitlbee
2017-07-17 18:07:43 +01:00
Robin Gloster b8d92a7840
programs.gnupg: use extraInit instead of interactiveShellInit
Otherwise some programmes cannot use the GPG agent, e.g. applications
started from dmenu.

Behaviour was changed in #26888, this reverts that part.
2017-07-17 18:45:37 +02:00
Matt McHenry 67d02cd60a cnijfilter: init at 2.80
this driver reads support files from lib/bjlib as well as lib/cups,
which is why the path in cupsd.nix is tweaked
2017-07-17 07:32:23 -04:00