3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

6333 commits

Author SHA1 Message Date
Joachim Fasting 3dcdc2d2b0
privoxy service: remove static uid
The service owns no data, having a static uid serves no purpose.

This frees up uid/gid 32
2016-12-05 13:37:08 +01:00
Joachim Fasting ad88f1040e
privoxy service: additional isolation 2016-12-05 13:21:31 +01:00
Vladimír Čunát a1ae627362
nixos GDM: fix #19896
- As noted on github, GDM needs different parameters for X.
- Making xserverArgs a true list instead of concat-string helps to
  filter it and it feels more correct anyway.
- Tested: gdm+gnome, lightdm+gnome.  There seems to be no logout option
  in gnome, and gdm doesn't offer other sessions, but maybe these are normal.
2016-12-04 14:54:31 +01:00
Jörg Thalheim e00632e200 Merge pull request #20858 from Mic92/lxcfs
lxcfs: init at 2.0.4
2016-12-04 11:33:07 +01:00
Jörg Thalheim 7c7dc15cbf
lxcfs: add module 2016-12-04 11:26:17 +01:00
Franz Pletz 69bee1b361 Merge pull request #20770 from mguentner/more_ipfs
services: IPFS: add test and more config parameters
2016-12-04 01:46:09 +01:00
Franz Pletz 2401f06801
containers: disable dhcpcd on veth bridge interfaces 2016-12-04 01:41:10 +01:00
Graham Christensen d5cb4d8734
ecryptfs test: use TTY output to stabilize test 2016-12-02 19:36:27 -05:00
Jörg Thalheim aa854f192e
cgmanager: add module 2016-12-02 13:52:04 +01:00
lbonn 288e75c5f9 wireguard: remove dependency on ip-up.target
It was deprecated and removed from all modules in the tree by #18319.

The wireguard module PR (#17933) was still in the review at the time and
the deprecated usage managed to slip inside.
2016-12-01 00:11:16 +01:00
Graham Christensen b28d21fd50 Merge pull request #20808 from grahamc/fancy-test-tty
login test: Create and use direct reads of the TTY contents.
2016-11-30 11:27:49 -05:00
Graham Christensen cb74fd75d7
login test: Create and use direct reads of the TTY contents. 2016-11-30 00:17:18 -05:00
Tuomas Tynkkynen 8a4d6516ee Merge remote-tracking branch 'upstream/staging' into master 2016-11-30 00:34:23 +02:00
Franz Pletz 3000ae8602
gitlab service: fix sidekiq queue config 2016-11-29 17:42:46 +01:00
Domen Kožar 75f131da02 acme: ensure nginx challenges directory is writeable 2016-11-29 15:56:01 +01:00
Domen Kožar 69e0740baa Merge pull request #20795 from cleverca22/netboot
make the /nix/store writable under netboot images
2016-11-29 15:47:39 +01:00
michael bishop e710edeecf
make the /nix/store writable under netboot images 2016-11-29 10:31:07 -04:00
Erik Rybakken 2f0cc0d3f0 unclutter-xfixes service: init
Closes #18398
2016-11-29 14:25:32 +01:00
Joachim F 8eefcb5c09 Merge pull request #19900 from michalpalka/xen-fix-xen-bridge2
xen service: fix wrong netmask handed out by xen-bridge.service
2016-11-28 16:31:05 +01:00
Joachim F 944868dd9b Merge pull request #19851 from michalpalka/xen-fix-xen-bridge
xen service: fix iptables race condition in xen-bridge.service
2016-11-28 16:30:16 +01:00
Maximilian Güntner f7c099bd8c
tests: added basic ipfs test
$getter can be used once ipfs supports private/local networks
and or internet gets routed to the VMs

Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-11-28 15:33:58 +01:00
Maximilian Güntner 0526a5c90a
services: add gatewayAddress and apiAddress to ipfs
Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-11-28 15:33:51 +01:00
Aycan iRiCAN 37715d1f46 hydra-module: add cfg.package to hydra-evaluator path 2016-11-28 15:53:44 +02:00
Joachim Fasting e99228db30
grsecurity module: force a known good kernel package set
Previously, we would only set a default value, on the theory that
`boot.kernelPackages` could be used to sanely configure a custom grsec
kernel.  Regrettably, this is not the case and users who expect e.g.,
`boot.kernelPackages = pkgs.linuxPackages_latest` to work will end up
with a non-grsec kernel (this problem has come up twice on the bug
tracker recently).

With this patch, `security.grsecurity.enable = true` implies
`boot.kernelPackages = linuxPackages_grsec_nixos` and any customization
must be done via package override or by eschewing the module.
2016-11-28 12:11:04 +01:00
Sophie Taylor 016fa06c71
cjdns: Improving systemd unit description 2016-11-27 22:07:51 -05:00
Ruben Maher 9c9a21d525 matrix-synapse service: Make url_preview_enabled optional (#20609) 2016-11-28 03:33:48 +01:00
Franz Pletz e394c305a8 Merge pull request #20620 from rnhmjoj/fakeroute
fakeroute: init at 0.3
2016-11-28 03:01:15 +01:00
pngwjpgh bcc9a6ac75 infinoted service: init
Service module for the dedicated gobby server included in libinfinity
2016-11-27 17:23:21 +01:00
Michael Raskin 36010e7046 Merge pull request #20366 from MarcWeber/submit/apache-port-to-listen
apache-httpd
2016-11-26 13:37:02 +00:00
Vladimír Čunát 925b335607
Merge branch 'master' into staging 2016-11-26 11:27:09 +01:00
Vladimír Čunát 8ebfce0eda
display-managers module: improve variable quoting
Fixes #20713, though I'm certain nixpkgs contains loads of places
without proper quoting, as (ba)sh unfortunately encourages that.

The only plus side is that most of such problems in nixpkgs aren't
actually security problems but mere annoyance to those who are foolish
enough to use "weird" characters in critical names.
2016-11-26 11:23:31 +01:00
Robert Helgesson 8a424e3fbd
tahoe service: use ExecStart instead of script
Since only a single command is necessary to start Tahoe it is sufficient
to use ExecStart and thereby skip starting up Bash (and leaving it
running).
2016-11-25 21:49:34 +01:00
Jaka Hudoklin 3b500d37f5 Merge pull request #19023 from offlinehacker/kube-update
WIP: kubernetes update package and module
2016-11-24 23:10:01 +01:00
Frederik Rietdijk 25a9889f0e blivet test: use python2 2016-11-24 22:28:03 +01:00
Corbin Simpson 27f1def068 nixos/collectd: Fix syntax error on some hostnames. (#20694)
Without this, hostnames that e.g. end in digits will cause syntax errors for
collectd.
2016-11-24 21:47:17 +01:00
rnhmjoj 7eb9a03221
fakeroute: add service 2016-11-23 15:23:10 +01:00
Eelco Dolstra d97a379510 Merge pull request #20641 from mayflower/fix/installer-closure-size
Reduce closure size of installer images
2016-11-23 12:49:46 +01:00
Joachim F a6f392abd6 Merge pull request #20385 from ericsagnes/feat/i3-refactor
i3 module: refactor
2016-11-23 05:11:14 +01:00
Franz Pletz 6de991bd95
nixos: compress squashfs with xz 2016-11-23 02:24:13 +01:00
Franz Pletz da600849e3
nixos: disable sound for minimal ISO
Saves a few megabytes of ALSA stuff.
2016-11-23 02:24:13 +01:00
Franz Pletz f983743d75
w3m-nox: use imlib2 without X11 support
Also, the minimal live CD previously installed both the X11 and
non-X11 versions (through services.nixosManual) of w3m.
2016-11-23 02:24:12 +01:00
Franz Pletz ffac67fcf3
nixos/base: don't include dar & cabextract in ISO
Should free up lots of space due to dependency on gnupg, which dpeends on
openldap which pull in gcc.
2016-11-23 02:24:11 +01:00
Eric Sagnes 2b1d67a275 manual: reviewing contributions nixos -> nixpkgs (#20626) 2016-11-22 15:15:02 +01:00
Franz Pletz d94e93ccdf Merge pull request #19588 from Shados/add-dante
Add dante package & accompanying service module
2016-11-22 15:10:46 +01:00
Franz Pletz 2f1be760da
nixos/release: add containers-tmpfs test
cc #20557
2016-11-22 15:05:45 +01:00
Alexei Robyn 49d679d7a8 dante service: init 2016-11-22 21:33:54 +11:00
Kier Davis db50ae78d0
boinc service: init 2016-11-22 01:14:40 +00:00
Christian Kampka 35ecef2c6d containers module: Add tmpfs options (#20557)
Allows one or more directories to be mounted as a read-only file system.

This makes it convenient to run volatile containers that do not retain
application state.
2016-11-22 02:11:33 +01:00
Domen Kožar 49d608ac00 create-amis: use jq instead of json 2016-11-22 01:59:49 +01:00
Nikolay Amiantov 42a180352f bumblebee service: replace bbswitch option with pmMethod
I added this option just today, so I don't think this needs a rename entry.
2016-11-22 02:35:12 +03:00