3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

297 commits

Author SHA1 Message Date
Peter Hoeg 62f2f72e98 tmux module: do not override keys by default in VI mode (#17330)
We want to stick to upstream defaults as much as possible.

As pointed out by @8573 in #16999, this was not the case.
2016-07-28 13:10:42 +02:00
Nathan Bijnens bb528e714d Fix #9759 SSMTP sendmail wrapper - cfg instead of full path 2016-07-23 20:58:58 +02:00
Nathan Bijnens cf3867a5ef Fix #9759 SSMTP sendmail wrapper 2016-07-23 18:00:10 +02:00
Rok Garbas 760da3e3f3 nixos: init programs.xonsh 2016-07-21 00:55:36 +02:00
Luca Bruno 977e0c6599 nixos/bash: enable colors during completion 2016-07-09 20:51:31 +01:00
Bjørn Forsman f8560212ca nixos/spacefm: unbreak manual build
Fixup regression introduced in commit 1bbcd91b2e
("spacefm: sudo and gksu fixes #15758 and license update").

A missing </filename> end tag caused this:

  $ nixos-rebuild build
  ...
  options-db.xml:4402: parser error : Opening and ending tag mismatch: filename line 4401 and para
  </para><para><emphasis>Type:</emphasis> boolean</para><para><emphasis>Default:</
         ^
  options-db.xml:4406: parser error : Opening and ending tag mismatch: filename line 4401 and listitem
              </filename></member></simplelist></listitem></varlistentry><varliste
                                                          ^
  options-db.xml:4406: parser error : Opening and ending tag mismatch: para line 4401 and varlistentry
              </filename></member></simplelist></listitem></varlistentry><varliste
                                                                         ^
  options-db.xml:28430: parser error : Opening and ending tag mismatch: listitem line 4401 and variablelist
         </filename></member></simplelist></listitem></varlistentry></variablelist
                                                                                 ^
  options-db.xml:28432: parser error : Premature end of data in tag varlistentry line 4401
2016-07-05 13:27:17 +02:00
Ram Kromberg 1bbcd91b2e spacefm: sudo and gksu fixes #15758 and license update 2016-07-03 01:43:34 +03:00
zimbatm 2974b6f4c8 Use shell packages to select the user's shell
The string type is still available for backward-compatiblity.
2016-06-12 20:35:34 +01:00
Nikolay Amiantov 281db6bbc3 unity3d service: init 2016-05-29 17:38:36 +03:00
Joachim Fasting 44548c8a9e Merge pull request #15596 from rnhmjoj/master
fish: 2.2.0 -> 2.3.0
2016-05-28 00:53:12 +02:00
Peter Hoeg 5404595b55 tmux module: set TMUX_TMPDIR via environment instead of wrapper 2016-05-27 17:29:19 +08:00
rnhmjoj 17ec9368cd
fish: 2.2.0 -> 2.3.0 2016-05-26 00:10:22 +02:00
Vladimír Čunát b9df4311dc man-db: make it the default man provider
For now, leave the old implementation under `man-old` attribute.

Small warning: I had a leftover ~/.nix-profile/man from an old package,
which caused man-db's man prefer it and ignore ~/.nix-profile/share/man.
The PATH->MANPATH code just selects the first match for each PATH item.
2016-05-23 19:53:05 +02:00
Peter Hoeg 60025e3524 tmux module: add additional variables for configuring tmux
Also wraps the tmux binary, so that sockets are stored under /run
2016-05-18 19:24:03 +08:00
Benjamin Staffin 850ffee9fa Merge pull request #14212 from aneeshusa/add-mosh-service
mosh service: init
2016-04-18 14:31:59 -07:00
Eelco Dolstra cd396076ec Revert "Revert "Remove which -> type -P alias.""
This reverts commit ddd480ac30. Gave it
some more thought.
2016-04-18 14:20:49 +02:00
Aneesh Agrawal 77a4bd1a58 mosh program: init 2016-04-18 06:31:11 +00:00
Vladimír Čunát 30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Profpatsch a011083cda fish: pick up completion files from other packages
Some packages bring their own completions in
/share/fish/vendor_completions.d. Now they are picked up by fish from
every path in NIX_PROFILES.
2016-04-09 00:08:48 +02:00
Vladimír Čunát 710573ce6d Merge #12653: rework default outputs 2016-04-07 16:00:09 +02:00
Vladimír Čunát 9a824f2f1d treewide: rename extraOutputs{ToLink,ToInstall}
This is to get more consistent with `meta.outputsToInstall`.
2016-04-07 15:59:44 +02:00
Eelco Dolstra 3fb1708427 ssh: Fix support for ssh-dss host keys 2016-04-01 15:54:52 +02:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
joachifm f807cce1eb Merge pull request #14175 from peterhoeg/tmux
tmux nixos module: add nixos program module for tmux
2016-03-29 20:26:42 +00:00
joachifm e496e5cd75 Merge pull request #14176 from peterhoeg/vbox
virtualbox service: fix use of deprecated option names
2016-03-28 13:54:16 +00:00
Peter Hoeg 8d1660ce14 virtualbox service: fix use of deprecated option names 2016-03-28 14:22:18 +08:00
Peter Hoeg a314814c19 tmux nixos module: add nixos program module for tmux
This basic module allows you to specify the tmux configuration.

As great as tmux is, some of the defaults are pretty awful, so having a
way to specify the config really helps.
2016-03-27 13:24:09 +08:00
Eelco Dolstra ddd480ac30 Revert "Remove which -> type -P alias."
This reverts commit e8e8164f34. I
misread the original commit as adding the "which" package, but it only
adds it to base.nix. So then the original motivation (making it work
in subshells) doesn't hold. Note that we already have some convenience
aliases that don't work in subshells either (such as "ll").
2016-03-25 17:17:07 +01:00
Vladimír Čunát d6b46ecb30 Merge branch 'closure-size' into p/default-outputs 2016-03-14 11:27:15 +01:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Domen Kožar 73ba0ae2de Remove which -> type -P alias.
Aliases are not the same as programs. They won't work in subshells.
It's better to just use which as it's only 88K.
2016-03-03 16:15:25 +00:00
Thomas Tuegel c62bf00442 nixos: remove top-level uim option 2016-02-28 07:12:55 -06:00
Domen Kožar 04422bb3ca Merge pull request #8630 from lihop/nixos/fix-formatting
nixos: fix formatting of option examples
2016-02-27 10:08:37 +00:00
Vladimír Čunát 3cf9cd8bc3 Merge #12796: nixos docs: show references to packages
(version 2) A better implementation of #10039, after #12357.
This time I did more thorough checking.

See commit messages for details.
2016-02-27 10:48:12 +01:00
Leroy Hopson 3fc6470515 nixos/freetds: fix formatting of example 2016-02-27 22:25:39 +13:00
Eric Sagnes 52dd53373f ibus service: refactoring 2016-02-17 20:44:29 +09:00
Vladimír Čunát d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Vladimír Čunát a115bff08c Merge branch 'master' into staging 2016-02-07 13:52:42 +01:00
Vladimír Čunát 54299b60c4 Merge #12779: Mass replace pkg}/bin-style strings
... to refer to correct outputs
2016-02-03 17:25:22 +01:00
Vladimír Čunát 4fede53c09 nixos manuals: bring back package references
This reverts most of 89e983786a, as those references are sanitized now.
Fixes #10039, at least most of it.

The `sane` case wasn't fixed, as it calls a *function* in pkgs to get
the default value.
2016-02-03 14:47:14 +01:00
Guillaume Maudoux 9f358f809d Configure a default trust store for openssl 2016-02-03 12:42:01 +01:00
Vladimír Čunát 889351af8b Revert "Merge #12357: nixos docs: show references to packages"
The PR wasn't good enough yet.
This reverts commit b2a37ceeea, reversing
changes made to 7fa9a1abce.
2016-02-03 12:16:33 +01:00
Vladimír Čunát b2a37ceeea Merge #12357: nixos docs: show references to packages 2016-02-03 10:07:27 +01:00
Tuomas Tynkkynen 33e7a2549a treewide: Mass replace 'xfsprogs}/bin' to refer the 'bin' output 2016-02-01 20:46:23 +02:00
Eelco Dolstra a7b7ac8bfb openssh: Enable DSA host/client keys
This applies a patch from Fedora to make HostKeyAlgorithms do the
right thing, fixing the issue described in
401782cb67.
2016-02-01 16:31:43 +01:00
Eelco Dolstra bfebc7342e Fix some references to deprecated /etc/ssl/certs/ca-bundle.crt 2016-01-29 02:32:05 +01:00
Vladimír Čunát ab8a691d05 nixos systemPackages: rework default outputs
- Now `pkg.outputUnspecified = true` but this attribute is missing in
  every output, so we can recognize whether the user chose or not.
  If (s)he didn't choose, we put `pkg.bin or pkg.out or pkg` into
  `systemPackages`.
- `outputsToLink` is replaced by `extraOutputsToLink`.
  We add extra outputs *regardless* of whether the user chose anything.
  It's mainly meant for outputs with docs and debug symbols.
- Note that as a result, some libraries will disappear from system path.
2016-01-28 11:24:18 +01:00
Reno Reckling 312bae7fc0 nixos-ssh: set SSH_ASKPASS globally and not just on interactive shells
If we limit SSH_ASKPASS to interactive shells, users are unable to trigger
the ssh-passphrase dialog from their desktop environment autostart scripts.
Usecase: I call ssh-add during my desktop environment autostart and want to have
the passphrase dialog immediately after startup.
For this to work, SSH_ASKPASS needs to be propagated properly on
non-interactive shells.
2016-01-24 11:18:30 +01:00
Thomas Strobel a04a7272aa Add missing 'type', 'defaultText' and 'literalExample' in module definitions
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
2016-01-17 19:41:23 +01:00
Franz Pletz cac1041ced Merge pull request #12328 from makefu/zsh-allow-override-history-defaults
programs.zsh: allow override of history defaults
2016-01-16 17:25:20 +01:00
makefu ed83b8a61c programs.zsh: allow override of history defaults 2016-01-16 16:55:30 +01:00
Vladimír Čunát 3bcf8ae879 nixos manuals: bring back package references
This reverts most of 89e983786a, as those references are sanitized now.
Fixes #10039, at least most of it.

The `sane` case wasn't fixed, as it calls a *function* in pkgs to get
the default value.
2016-01-13 12:04:31 +01:00
Nikolay Amiantov d82c0f9790 nixos/cdemu: use system kernel modules 2016-01-12 14:44:41 +03:00
Arseniy Seroka 1fc685ae64 Merge pull request #11945 from jgillich/fish
fish: add module to support it as default shell
2016-01-06 01:25:37 +03:00
Arda Xi e60c4995fd command-not-found: pass all of argv to helper 2015-12-28 15:09:48 +01:00
Nathan Zadoks 254eebd8a0 command-not-found: add NIX_AUTO_RUN 2015-12-28 15:09:48 +01:00
Jakob Gillich ac7e923104 fish: add module to support it as default shell
* Patched fish to load /etc/fish/config.fish if it exists (by default,
  it only loads config relative to itself)
* Added fish-foreign-env package to parse the system environment

closes #5331
2015-12-26 06:25:23 +01:00
Spencer Whitt bf14849534 zsh module: add /share/zsh to pathsToLink
Needed for completion functions
abbradar: replaced optionals with optional
2015-11-26 04:33:07 +03:00
Spencer Whitt ff58711bda zsh module: add enableCompletion option 2015-11-25 10:32:58 -05:00
lethalman 8099d8189b Merge pull request #11108 from ericsagnes/ibus-dconf
ibus: fix dconf dependency
2015-11-24 10:16:08 +01:00
Peter Simons 0ccc515b48 nixos: remove debug code accidentally checked in with 833a597156 2015-11-18 16:37:38 +01:00
Peter Simons 833a597156 nixos: configure bash prompt in Emacs' shell-mode, even if TERM=dumb
The idea that the interactive bash prompt isn't set in case of TERM=dumb
is intended to fix problems when other machines log remotely into a
NixOS installation via Tramp. A side-effect that change was, however,
that Emacs' shell-mode no longer had a correct prompt. I suppose the
presence of

  INSIDE_EMACS=24.5.2,comint

is a sufficiently unique indication that the current interactive shell
is running inside of an Emacs and that the prompt can thus be configured
safely.
2015-11-18 16:27:41 +01:00
Eric Sagnes 7cead2e990 ibus: fix dconf dependency 2015-11-18 11:29:31 +09:00
Thomas Tuegel 80670a2d13 nixos/environment: don't set Qt 5 paths 2015-10-30 16:10:37 -05:00
Eelco Dolstra c20403631d Factor out "man" into a separate module and add "man" outputs to system.path
Fixes #10270.
2015-10-30 15:21:12 +01:00
Nikolay Amiantov 7a9982d465 nixos/bash: use simple prompt for dumb terminals 2015-10-22 14:05:49 +03:00
Eelco Dolstra 89e983786a Manual: Remove store path references 2015-09-24 11:50:58 +02:00
Jan Malakhovski 6eadb16022 nixos: fix some types 2015-09-18 18:48:50 +00:00
Tobias Geerinckx-Rice 45b86d6981 nixos: cdemu service: mark up & tweak descriptions 2015-09-07 00:47:18 +02:00
Eelco Dolstra c090efb9d8 command-not-found: Fix nix-env invocation 2015-09-02 19:49:34 +02:00
Eelco Dolstra 13532ee161 command-not-found: Use attribute name 2015-09-02 17:40:19 +02:00
Eelco Dolstra f6eece6f8f programs.ssh.knownHosts: Use attribute name
This allows writing:

  programs.ssh.knownHosts."10.1.2.3".publicKey = "bar";

instead of

  programs.ssh.knownHosts = [ { hostNames = [ "10.1.2.3" ]; publicKey = "bar"; } ];
2015-08-27 15:32:46 +02:00
Eelco Dolstra 7c6ff6c1da programs.ssh.knownHosts: Use submodule 2015-08-27 15:32:46 +02:00
Eelco Dolstra 287c08d8a3 Rename services.openssh.knownHosts -> programs.ssh.knownHosts
This option configures the SSH client, not the server.
2015-08-27 15:32:46 +02:00
Eelco Dolstra 401782cb67 Revert "openssh: 6.9p1 -> 7.0p1"
This reverts commit a8eb2a6a81. OpenSSH
7.0 is causing too many interoperability problems so soon before the
15.08 release.

For instance, it causes NixOps EC2 initial deployments to fail with
"REMOTE HOST IDENTIFICATION HAS CHANGED". This is because the client
knows the server's ssh-dss host key, but this key is no longer
accepted by default. Setting "HostKeyAlgorithms" to "+ssh-dss" does
not work because it causes ssh-dss to be ordered after
"ecdsa-sha2-nistp521", which the server also offers. (Normally, ssh
prioritizes host key algorithms for which the client has a known host
key, but not if you set HostKeyAlgorithms.)
2015-08-20 14:08:18 +02:00
Luca Bruno e53e1c7070 nixos xfs_quota: simplify restartTriggers 2015-08-19 20:04:20 +02:00
Luca Bruno bc46013ac1 nixos xfs_quota: set default projects to {} 2015-08-19 18:03:42 +02:00
Luca Bruno d8b9521d64 nixos xfs_quota: add new module for managing xfs_quota projects 2015-08-19 16:09:35 +02:00
Eelco Dolstra a47fef4d9e Merge pull request #9326 from oxij/fix-info
Documentation indexes
2015-08-19 13:46:47 +02:00
Jan Malakhovski c6256c0e3e nixos: generate infodirs directly in system-path
`man 1 info` says:

   The first non-option argument, if present, is the menu entry to
   start from; it is searched for in all `dir' files along INFOPATH.
   If it is not present, info merges all `dir' files and shows the
   result. Any remaining arguments are treated as the names of menu
   items relative to the initial node visited.

Which means that this does what previous programs/info did and #8519
(on-the-fly infodir generation for Emacs) wanted to do, but for both
programs.
2015-08-18 18:42:57 +00:00
Eelco Dolstra 1f2eef5ae9 openssh: Re-enable DSA client keys
This was broken by a8eb2a6a81.
2015-08-18 13:11:45 +02:00
Eelco Dolstra 3f1354a3cd Add an option ‘nix.nixPath’ for specifying $NIX_PATH 2015-08-05 14:33:15 +02:00
aszlig 6c50714222
nixos: Give virtualbox-host.nix a better location.
In 14f09e0, I've introduced the module under modules/programs, because
the legacy virtualbox.nix was also under that path. But because we
already have modules/virtualisation/virtualbox-guest.nix, it really
makes sense to put this module alongside of it as well.

This module thus has no change in functionality and I've tested
evaluation against nixos/tests/virtualbox.nix and the manual.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-08-04 03:59:52 +02:00
William A. Kennington III 8e19ac8d7c Merge branch 'master.upstream' into staging.upstream 2015-06-17 11:57:40 -07:00
Eelco Dolstra 6e6a96d42c Some more type cleanup 2015-06-15 18:18:46 +02:00
William A. Kennington III 867d2c5c46 openssl: Remove References to OPENSSL_X509_CERT_FILE 2015-05-31 15:50:51 -07:00
Kranium Gikos Mendoza 6f634e3c3a Add kbdlight package and setuid wrapper
update nixos/modules/programs/kbdlight.nix to use mkEnableOption
2015-05-11 13:23:01 +08:00
Eelco Dolstra 11a9774c75 Use "mkdir -p" when creating ~/.nix-defexpr
Otherwise, simultaneous invocations of /etc/profile can fail, e.g.

  mkdir: cannot create directory ‘/.nix-defexpr’: File exists
2015-04-20 13:03:04 +02:00
Peter Simons 6edc3022ef Merge pull request #7345 from joachifm/conditional-shadow-setuids
nixos: condition shadow setuid-wrappers on mutableUsers
2015-04-14 13:23:19 +02:00
Joachim Fasting 75ab7bf960 nixos: condition shadow setuid-wrappers on mutableUsers
Having junk setuid wrappers in PATH is annoying.
2015-04-14 00:27:11 +02:00
aszlig 5075cbe696
nixos: Put root's channels to the end of NIX_PATH.
My original reason to put it at the beginning of NIX_PATH was to allow
shipping a particular version <nixpkgs> with a channel. But in order to
do that, we can still let the channel expression ship with a custom
version of nixpkgs by something like <channel/nixpkgs> and the builder
of the channel could also rewrite self-references.

So the inconvenience is now shifted towards the maintainer of the
channel rather than the user (which isn't nice, but better err on the
side of the developer rather than on the user), because as @edolstra
pointed out: Having the channels of root at the beginning of NIX_PATH
could have unintended side-effects if there a channel called nixpkgs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-04-13 12:20:58 +02:00
aszlig 65e569cc37
nixos: Add all of root's channels to NIX_PATH.
This is very useful if you want to distribute channels (and thus
expressions as well) in a similar fashion to Debians APT sources (or
PPAs or whatnot).

So, for example if you have a channel with some additional functions
or packages, you simply add that channel with:

sudo nix-channel --add https://example.com/my-nifty-channel foo

And you can access that channel using <foo>, for example in your
configuration.nix:

{
  imports = [ <foo/modules/shiny-little-module> ];
  environment.systemPackages = with import <foo/pkgs> {}; [ bar blah ];
  services.udev.extraRules = import <foo/lib/udev/mkrule.nix> {
    kernel = "eth*";
    attr.address = "00:1D:60:B9:6D:4F";
    name = "my_fast_network_card";
  };
}

Within nixpkgs, we shouldn't have <nixos> used anywhere anymore, so we
shouldn't get into conflicts.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-04-12 23:50:20 +02:00
obadz be7f104502 sg: add setuid wrapper. (newgrp is a symlink to sg and was already setuid).
sudo: add ability for wheel users to change group (as well as user)
2015-03-30 23:50:45 +01:00
Gabriel Ebner d23ed364b5 Add ibus-qt. 2015-03-11 21:54:04 +01:00
Gabriel Ebner 59da79c733 ibus: Enable XIM support.
This allows firefox to use ibus.
2015-03-11 21:54:04 +01:00
Gabriel Ebner f222abea44 Add programs.ibus config option to enable ibus and plugins. 2015-03-11 21:53:34 +01:00
Thomas Tuegel 4b10907152 ssh: make askPassword an option
By making askPassword an option, desktop environment modules can
override the default x11_ssh_askpassword with their own equivalent for
better integration. For example, KDE 5 uses plasma5.ksshaskpass instead.
2015-03-11 11:49:29 -05:00
Nikolay Amiantov 264c6892f2 nixos/uim: capitalize description 2015-03-05 20:49:45 +03:00
Eelco Dolstra 36d0f367de ssh-agent: Fix asking for confirmation via $SSH_ASKPASS
This was lost back in
ffedee6ed5. Getting this to work is
slightly tricky because ssh-agent runs as a user unit, and so doesn't
know the user's $DISPLAY.
2015-02-25 14:31:17 +01:00
Thomas Tuegel a79936561b environment: use Qt 5 Qml import paths 2015-02-21 11:39:20 -06:00
Luca Bruno e088fd0314 Revert "Merge pull request #5626 from matthiasbeyer/add-fish_shell_module"
This reverts commit 157d199b33, reversing
changes made to 4c7adddcb7.
2015-02-11 18:31:11 +01:00
lethalman 157d199b33 Merge pull request #5626 from matthiasbeyer/add-fish_shell_module
Add basic nixos module for fish shell
2015-02-11 15:05:03 +01:00
Herwig Hochleitner 983fddcea8 Move cdemu module into programs 2015-02-10 13:14:09 +01:00
Thomas Tuegel 849647a3eb environment: set paths for Qt plugins and QML 2015-01-26 20:59:49 -06:00
Domen Kožar b92a62165d Merge pull request #5726 from spwhitt/zsh-command-not-found
command-not-found: Add ZSH Support
2015-01-17 18:15:35 +01:00
Spencer Whitt 6cba6dc61b command-not-found: Add ZSH Support 2015-01-12 03:45:48 -05:00
Arseniy Seroka 4f596fb93f Revert "zsh: profile-relative functions path"
This reverts commit 766207ca1d.

We need to solve the problem with `environment.profileRelativeEnvVars`.
The best workaround is to make profileRelativeEnvVars prepend paths.
2015-01-10 22:11:13 +03:00
Matthias Beyer 5e6068d913 Put shell aliases in interactiveShellInit 2015-01-08 15:18:26 +01:00
Matthias Beyer c5e855e060 Add basic nixos module for fish shell 2015-01-08 15:18:26 +01:00
Jan Malakhovski b6646f7ba7 nixos: make zsh use fcntl for locking history files by default
Without this zsh creates and then unlinks .lock files at each interactive
input line, which is inhumane with respect to disk.
2015-01-07 15:43:01 +00:00
Kirill Elagin 766207ca1d zsh: profile-relative functions path
This is needed mostly for autocompletion.
2015-01-04 02:02:59 +03:00
aszlig f7384b8c75
nixos/virtualbox: Revert disable hardening.
This reverts commit 5d67b17901.

The issues have been resolved by ac603e208c.

Tested this with hostonlyifs and USB support with extension pack.

Conflicts:
	nixos/modules/programs/virtualbox-host.nix

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>
2014-12-18 18:18:32 +01:00
Eelco Dolstra 63c14e259d ssh-agent: Don't have a timeout by default
IMHO, having a short timeout (1h) defeats the point of using
ssh-agent, which is not to have to retype passphrases all the time. Of
course, users who want timeouts can set programs.ssh.agentTimeout.

This restores the 14.04 behaviour.
2014-12-18 15:34:29 +01:00
aszlig ac603e208c
virtualbox: Fix runtime paths in hardening mode.
Because we have to rely on setuid wrappers on NixOS, we can't easily
hardcode the executable paths and set it 4755. So for all calls, we need
to change the runtime path executable directory to /var/setuid-wrappers/
and for verification we need to retain the executable directory.

Also note, that usually VBoxNetAdpCtl, VBoxNetDHCP, VBoxNetNAT, VBoxSDL
and VBoxVolInfo don't reside in directories that are commonly in PATH,
but in /usr/lib/virtualbox in most mainstream distros. But because the
names of these executables are distinctive enough to not cause
collisions with other setuid programs, I'll leave it like that and not
patch up setuid-wrappers.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
Eelco Dolstra bde9ae18cf Revert "enable bash autocomplete by default"
This reverts commit ee8e15fe76. See
discussion at ee8e15fe76.
2014-12-18 00:36:46 +01:00
aszlig e36bec661c
nixos/virtualbox: Fix warning on enableHardening.
The warning was displayed whenever services.virtualboxHost.enable was
true, but if people were to enable hardening, they'd still get that
annoying message.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-16 11:24:55 +01:00
aszlig d85fabd68c
nixos/virtualbox/hostonlyif: Fix writing to /root.
Creates unnecessary cruft in the root users home directory, which we
really don't need. Except the log, but therefore we now cat the log to
stderr and the private temporary directory is cleaned up afterwards.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 19:16:43 +01:00
aszlig 5d67b17901
nixos/virtualbox: Disable hardening for now.
This should display a big fat warning that people can hardly miss until
we have fixed the issues with the host-only-interfaces that persist when
hardining is enabled.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 18:53:41 +01:00
aszlig 245baeb2f6
nixos/virtualbox: Note about "vboxusers" group.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:19 +01:00
aszlig e03e0ff42a
nixos/virtualbox: Allow to disable hardening.
Hardening mode in VirtualBox is quite restrictive and on some systems it
could make sense to disable hardening mode, especially while we still
have issues with hostonly networking and other issues[TM] we don't know
or haven't tested yet.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:18 +01:00
aszlig 0d71ec8a6e
nixos/virtualbox: Fix setuid wrappers.
We only need to have setuid-root wrappers for VBox{Headless,SDL} and
VirtualBox, otherwise VBoxManage will run as root and NOT drop
privileges!

Fixes #5283.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-13 07:52:19 +01:00
ambrop7@gmail.com 65393ca8d3 virtualbox: Unbreak the nixos module. 2014-12-12 00:16:33 +01:00
ambrop7@gmail.com 9fa2c35ec8 virtualbox: Allow disabling the network interface.
The current nixos module for VirtualBox unconditionally configures a vboxnet0
network interface at boot. This may be undesired, especially when the user wants
to manage network interfaces in a centralized manner.
2014-12-11 23:35:03 +01:00
Domen Kožar ee8e15fe76 enable bash autocomplete by default 2014-12-08 12:06:02 +01:00
aszlig 3e49487c1a
virtualbox: Enable hardening by default.
VirtualBox with hardening support requires the main binaries to be
setuid root. Using VBOX_WITH_RUNPATH, we ensure that the RPATHs are
pointing to the libexec directory and we also need to unset
VBOX_WITH_ORIGIN to make sure that the build system is actually setting
those RPATHs.

The hardened.patch implements two things:

 * Set the binary directory to the setuid-wrappers dir so that
   VboxSVC calls them instead of the binaries from the store path. The
   reason behind this is because nothing in the Nix store can have the
   setuid flag.
 * Excempt /nix/store from the group permission check, because while it
   is group-writeable indeed it also has the sticky bit set (and also
   the whole store is mounted read-only on most NixOS systems), so we're
   checking on that as well.

Right now, the hardened.patch uses /nix/store and /var/setuid-wrappers
directly, so someone would ever want to change those on a NixOS system,
please provide a patch to set those paths on build time. However, for
simplicity, it's best to do it when we _really_ need it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
aszlig 14f09e01c1
nixos: Add enable option for programs/virtualbox.
We will simply rename the previous module and add a warning whenever the
module is included directly, pointing the user to the right option and
also enable it as well (in case somebody has missed the option and is
wondering why VirtualBox doesn't work anymore).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-27 18:42:22 +01:00
Eelco Dolstra e7cd18e907 Don't set $MANPATH
The default is derived automatically from $PATH, so it's in fact
better *not* to set it.
2014-11-27 17:36:46 +01:00
Aristid Breitkreuz 2fd7e5f39d ssh-agent: use types.nullOr 2014-11-15 12:33:01 +01:00
Aristid Breitkreuz d57110fabc ssh-agent: make key timeout optional 2014-11-15 12:13:25 +01:00
Aristid Breitkreuz d70336f37c limit the amount of time ssh-agent keeps a key (default: 1h) 2014-11-15 12:13:25 +01:00
Brian McKenna a6bacd4d81 Add "light" package and setuid wrapper 2014-11-09 19:45:43 -07:00
Nikolay Amiantov 1b6f0ffb6e ssmtp: add 'root' option 2014-11-05 02:47:59 +03:00
Nikolay Amiantov 292e07689a ssmtp: add types to options 2014-11-05 02:42:48 +03:00
Nathaniel Baxter ab8ef63ff4 alsa: Add multilib plugin support via "libs" entry in asound config.
alsa: Remove unused $ALSA_PLUGIN_DIRS support.
2014-10-04 14:48:58 +02:00
Shea Levy f5aaefbb6c More pkgs.lib -> lib fixes 2014-09-29 09:45:59 -04:00
William A. Kennington III bab5efd237 nixos/ssh: Allow user to configure the package that provides ssh/sshd 2014-09-11 22:07:39 -07:00
Nicolas Pierron becde6132b Replace environment.profileVariables by environment.profileRelativeEnvVars 2014-09-07 19:41:00 +02:00
Michael Fellinger d62e848cc9 virtualbox: vboxusers may use /dev/vboxnetctl 2014-09-04 22:44:38 +02:00
Michael Raskin a3b9bf6c87 Merge pull request #3653 from iyzsong/nixos/xfce4-mixer
nixos: don't set variables for gstreamer-0.10 (fix #3652)
2014-09-04 20:54:57 +04:00
Michael Raskin 419031bcfc Merge pull request #2644 from lethalman/pam_tally
pam: Add logFailures option for adding pam_tally to su
2014-09-02 00:58:30 +04:00
William A. Kennington III 3d037ebb94 Revert "Revert "Merge pull request #3182 from wkennington/master.ipv6""
This reverts commit ea8910652f.
2014-08-31 09:46:16 -07:00
Rob Vermaas ea8910652f Revert "Merge pull request #3182 from wkennington/master.ipv6"
This reverts commit b23fd65854, reversing
changes made to 43654cba2c.
2014-08-31 10:58:54 +02:00
William A. Kennington III 86c0f8c549 Refactor nixos files relying on the old ipAddress / prefixLength / subnetMask attributes 2014-08-30 07:33:38 -07:00
Michael Raskin e8badf3c3b Merge pull request #3275 from taku0/gtk-env
uim, gtk-exe-env, qt-plugin-env: Add input method modules for GTK+ and Qt
2014-08-29 01:35:38 +04:00
Michael Raskin 1fd14fa415 Merge pull request #3100 from tailhook/new-shadow
Upgrade "shadow" to 4.2.1
2014-08-29 00:42:57 +04:00
Michael Raskin 0036f4d792 Merge pull request #3047 from chrisfarms/freetds
Simple nixos module to enable configuration of freetds
2014-08-29 00:38:23 +04:00
宋文武 22541ebdaa nixos/environment: do not set GST_PLUGIN_SYSTEM_PATH 2014-08-19 09:34:52 +08:00
Vladimír Čunát 56d9b2cc8a merge #3428: nano: bump and add system-wide config 2014-08-14 23:51:29 +02:00
Luca Bruno 1a29fcae69 gdm: Add very experimental display manager 2014-08-12 11:23:42 +02:00
Paul Colomiets fb948c4f28 Upgrade shadow package 2014-08-01 21:19:21 +03:00