3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

187 commits

Author SHA1 Message Date
Joachim Fasting 2bce0b13e7
nixos/hardened: set mmap_min_addr
This is set in the hardened linux config as well but sysctl is more
flexible & works with any boot.kernelPackages
2017-09-09 17:37:15 +02:00
Graham Christensen 1b68193167
profiles/graphical.nix: enable libinput over synaptics 2017-08-30 20:25:11 -04:00
Vladimír Čunát dc93744273
rogue: omit from the installation media
At least for now.  It would increase the ISO size by ~10 MB,
after the fixup in the parent commit.
2017-08-29 16:15:15 +02:00
Joachim Fasting c0769dc6ef
nixos/hardened profile: increase ASLR entropy 2017-08-13 21:44:13 +02:00
volth 870375e19d all-hardware.nix: add VMware support. (#27430)
NixOS does not boot in VMware guest without these modules
2017-07-17 02:38:10 +02:00
André-Patrick Bubel d859769f26 nixos: replaced "userns" with "user namespaces" for clarity
"userns" wasn't introduces as an abbreviation elsewhere as far as I can see, and I wasn't sure what was meant at first.
2017-06-22 22:04:34 +02:00
Jörg Thalheim e697585675
hardware.enableRedistributableFirmware: fix spelling error 2017-05-09 20:13:15 +01:00
Jörg Thalheim 05aa80c06a
hardware: add enableRedistributalFirmware
Due the recent inclusion of broadcom-bt-firmware in enableAllFirmware,
it was required to set `nixpkgs.config.allowUnfree` to obtain the full
list. To make this dependency more explicit an assertion is added and an
alternative option `enableRedistributalFirmware` is provided to only
obtain firmware with an license allowing redistribution.
2017-05-09 15:29:08 +01:00
Joachim Fasting a1678269f9
nixos/hardened profile: disable user namespaces at runtime 2017-04-30 15:17:27 +02:00
Joachim Fasting 1dd3ba924b
nixos/hardened profile: disable hibernation
Recommended by KSPP
2017-04-30 12:06:11 +02:00
Joachim Fasting 8c98e8ca2f
nixos/hardened profile: use the linux_hardened kernel 2017-04-30 12:05:40 +02:00
Joachim Fasting 6a5a5728ee
nixos/hardened profile: lock kernel modules 2017-04-30 12:05:38 +02:00
Joachim Fasting 63433537ce
nixos/hardened profile: disable legacy virtual syscalls
This eliminates a theoretical risk of ASLR bypass due to the fixed address
mapping used by the legacy vsyscall mechanism.  Modern glibc use vdso(7)
instead so there is no loss of functionality, but some programs may fail
to run in this configuration.  Programs that fail to run because vsyscall
has been disabled will be logged to dmesg.

For background on virtual syscalls see https://lwn.net/Articles/446528/

Closes https://github.com/NixOS/nixpkgs/pull/25289
2017-04-29 17:27:11 +02:00
Joachim Fasting 063ac40304
nixos: add a "hardened" profile
The idea is to provide a convenient way to enable most vanilla hardening
features in one go.  The hardened profile, then, will serve as a place for
features that enhance security but cannot be enabled for all deployments
because they interfere with legitimate use cases (e.g., using ptrace to
debug problems in an already running process).

Closes https://github.com/NixOS/nixpkgs/pull/24680
2017-04-23 11:00:52 +02:00
Thomas Tuegel 8e6bdcc731
nixos: fix renaming warning in graphical profile 2017-03-03 07:27:41 -06:00
Graham Christensen b12564cc1b
nixos: update default cases from KDM/KDE4 to SDDM/KDE5 2017-02-09 21:52:00 -05:00
taku0 8dfa60ce73 nixos-generate-config.pl, all-hardware.nix: Add support for Hyper-V 2017-02-05 18:22:26 +09:00
Pascal Bach 01fd86723c install-device: correct command to start sshd 2017-01-25 21:09:31 +01:00
Pascal Bach 03ef04f0a4 install-device: permit root login with password
Allow password login to the installation this allows doing remote installation
via SSH. All that need to be done on the local machine is:
1. Boot from the installation media
2. Set a password with passwd
3. Enable SSH with systemctl start sshd

It is safe as root doesn't have a password by default
and SSH is disabled by default.

Fixes #20718
2017-01-25 21:09:31 +01:00
Tuomas Tynkkynen b63f97c6e6 installer: Include stdenvNoCC
And don't include ArchiveCpio as that one is no longer needed after
5a8147479 ("make-initrd: create reproducible initrds").
2017-01-23 23:49:18 +02:00
Robin Gloster f4f4200d9a
install-devices: add vim
This moves vim to the install-device profile to add vim to netboot, too.

Fixes #20013 (see discussion there for further information)
2017-01-18 17:57:31 +01:00
Franz Pletz 88908145ea
nixos installer: don't log refused packets to console
Fixes #19764.
2017-01-09 19:24:41 +01:00
Lluís Batlle i Rossell 33d07c7ea9 zfs cannot be distributed. Disabling it in the isos.
It seems that it is a GPL violation to distribute zfs in the
installation ISOs.

https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/

If anyone knows the issue better and has a reason to reenable it
legally, feel free to reenable it. I don't know much about it.
2016-12-28 14:57:06 +01:00
Franz Pletz da600849e3
nixos: disable sound for minimal ISO
Saves a few megabytes of ALSA stuff.
2016-11-23 02:24:13 +01:00
Franz Pletz f983743d75
w3m-nox: use imlib2 without X11 support
Also, the minimal live CD previously installed both the X11 and
non-X11 versions (through services.nixosManual) of w3m.
2016-11-23 02:24:12 +01:00
Franz Pletz ffac67fcf3
nixos/base: don't include dar & cabextract in ISO
Should free up lots of space due to dependency on gnupg, which dpeends on
openldap which pull in gcc.
2016-11-23 02:24:11 +01:00
Bjørn Forsman 32efdb7128 treewide: sshfsFuse -> sshfs-fuse 2016-09-18 17:44:30 +02:00
Eelco Dolstra ab49ebe6fa Make it possible to disable "info" 2016-09-05 14:53:27 +02:00
Eelco Dolstra 5e5df88457 modules/profiles/minimal.nix: Disable "man" 2016-09-05 14:53:27 +02:00
Eric Sagnes 9236eedbc3 documentation: fix start display-manager command
[Bjørn: The 'start' alias was removed in commit 1d9651e723
("Remove systemd shell aliases").]
2016-07-04 10:25:31 +02:00
Tuomas Tynkkynen 60f5659dad treewide: Use correct output in ${config.nix.package}/bin 2016-04-25 16:44:37 +02:00
Eelco Dolstra 0729f60697 Remove "which" from base.nix 2016-04-18 14:20:49 +02:00
Eelco Dolstra cd396076ec Revert "Revert "Remove which -> type -P alias.""
This reverts commit ddd480ac30. Gave it
some more thought.
2016-04-18 14:20:49 +02:00
Vladimír Čunát d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Eelco Dolstra 1783e33b06 Fix the boot-ec2-config test 2016-03-30 22:22:40 +02:00
Eelco Dolstra ddd480ac30 Revert "Remove which -> type -P alias."
This reverts commit e8e8164f34. I
misread the original commit as adding the "which" package, but it only
adds it to base.nix. So then the original motivation (making it work
in subshells) doesn't hold. Note that we already have some convenience
aliases that don't work in subshells either (such as "ll").
2016-03-25 17:17:07 +01:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Domen Kožar 73ba0ae2de Remove which -> type -P alias.
Aliases are not the same as programs. They won't work in subshells.
It's better to just use which as it's only 88K.
2016-03-03 16:15:25 +00:00
Eelco Dolstra 806b27a297 qemu-guest.nix: Disable rngd
This gets rid of a zillion "rngd[N]: read error" messages during boot.
2016-02-23 11:56:09 +01:00
Vladimír Čunát 716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Robin Gloster 391c330042 wpa_supplicant service: jobs -> systemd.services
Fixes an occurence of `jobs` usage causing tests to fail to evaluate.

thanks @domenkozar
2016-01-06 03:58:39 +00:00
Tuomas Tynkkynen 9ac80c1f15 installation-cd-graphical: Enable the 'synaptics' touchpad driver
This is needed to get touchpad working in the installer on several
laptops. Tested on a Thinkpad X250.
2015-12-24 17:45:51 +02:00
Luca Bruno a412927924 Merge remote-tracking branch 'origin/master' into closure-size 2015-11-25 21:37:30 +01:00
Roger Qiu 1ddbc20dac Change the preset networking.hostId to use mkDefault so it can be easily changed by the user later 2015-11-22 01:03:16 +11:00
Vladimír Čunát 5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
Jan Malakhovski dddcec21fe nixos: add xfs support to profiles/minimal 2015-09-18 18:58:18 +00:00
Vladimír Čunát 7dc9450ed2 nixos/ISO profile: fix defaultLocales :-)
https://github.com/NixOS/nixpkgs/commit/eb4a88d8fd2#commitcomment-12527102
2015-08-06 12:30:38 +02:00
Eelco Dolstra 91e71725d4 Remove some obsolete references to <nixos> 2015-08-05 17:37:08 +02:00
rushmorem d9c56c696f Replaces https://github.com/NixOS/nixpkgs/pull/8368 2015-06-17 19:26:17 +02:00
Rushmore Mushambi 8170e74d9f Revert "Make it possible to boot NixOS from a SCSI Disk on KVM" 2015-06-17 19:13:08 +02:00
rushmorem ee3768b9ba Make it possible to boot NixOS from a SCSI Disk on KVM
Currently NixOS can't boot from a SCSI disk as a KVM Guest.
I found this out while installing it on the new [Linode KVM
platform](https://www.linode.com/docs/platform/kvm#custom-kernel-configuration).
2015-06-17 17:28:07 +02:00
Eelco Dolstra e5db79a859 Move stuff to modules/profiles/installation-device.nix 2015-06-10 15:28:55 +02:00
Eelco Dolstra 6bf1853387 Don't include 4 editors in the minimal installation CD
Emphasis on "minimal".
2015-06-04 11:06:44 +02:00
Eelco Dolstra 2a1c342887 Disable the manual in the minimal profile 2015-05-26 20:20:53 +02:00
Vladimír Čunát 375bc8def7 Merge staging into closure-size 2015-05-05 11:49:03 +02:00
Ricardo M. Correia f5e7190572 nixos.system_tarball_pc: Fix evaluation
It was broken due to 57b05765c9.

ZFS requires `networking.hostId` to be set.
2015-04-28 17:15:02 +02:00
Eelco Dolstra 19366a10fc Remove redundant i18n.supportedLocales setting
This is already set in profiles/minimal.nix.

Probably fixes #7589.
2015-04-27 19:21:28 +02:00
Vladimír Čunát e81e2785c7 xfsprogs: fix outputs and references 2015-04-21 09:02:40 +02:00
Eelco Dolstra 650492c5c8 minimal.nix: Get rid of most Glibc locales
This cuts ~100 MB from the system closure.

Issue #7117.
2015-04-20 11:32:28 +02:00
Eelco Dolstra 3d2b24d161 Remove pciutils and usbutils from the default system path
Issue #7117.
2015-04-20 11:21:20 +02:00
Eelco Dolstra 2b6d011bec Include cifs-utils only when needed
Issue #7117.
2015-04-19 22:06:45 +02:00
Eelco Dolstra 1cb5583c05 container.nix -> docker-container.nix 2015-04-19 22:06:45 +02:00
Eelco Dolstra 57b05765c9 Don't include ntfs-3g by default
Issue #7117.
2015-04-19 22:06:45 +02:00
Tuomas Tynkkynen 25062f56d4 Installation CD: automatic log in at virtual consoles 2015-04-14 12:51:24 +03:00
William A. Kennington III 20d2092ff8 nixos/base: Add efi management utilities 2015-01-07 01:52:47 -08:00
Jaka Hudoklin d8ee91cb54 nixos: container profile, fix a few things 2014-12-12 20:28:01 +01:00
Jaka Hudoklin f2e20fa837 nixos: container profile, update /init symlink on rebuild 2014-12-12 02:55:23 +01:00
Jaka Hudoklin deb28cf0b1 nixos: container tarball release
- Create container nixos profile
- Create lxc-container nixos config using container nixos profile
- Docker nixos image, use nixos profile for its base config
2014-12-11 23:17:27 +01:00
William A. Kennington III 5ae216558f jfsrec: Remove derivation 2014-11-02 17:22:27 -08:00
Eelco Dolstra 585983bc95 Merge remote-tracking branch 'origin/staging'
Conflicts:
	pkgs/applications/version-management/subversion/default.nix
2014-09-08 11:42:09 +02:00
Eelco Dolstra 1f7c775910 Remove unrar from the installation CD since it's unfree 2014-09-05 14:25:17 +02:00
Vladimír Čunát e51f73652d Merge recent master into staging
Hydra: ?compare=1149952

Conflicts:
	nixos/doc/manual/configuration.xml (changed split file)
	nixos/modules/config/users-groups.nix (choosing filterNull instead of inline definition)
	pkgs/development/libraries/readline/readline6.3.nix (auto-solved)
2014-08-30 10:04:02 +02:00
Eelco Dolstra a323d146b7 Add user attribute isNormalUser
This is shorthand for setting group, createHome, home, useDefaultShell
and isSystemUser.
2014-08-15 02:16:04 +02:00
Vladimír Čunát 02cb604fd6 initrd.availableKernelModules: add support for keyboards
As explained in #2169, some keyboards need special drivers,
so these are always added, both on installation and normal systems.
2014-08-12 20:00:01 +02:00
Eelco Dolstra 5e96158234 Remove Subversion from the installation CD 2014-07-30 16:04:15 +02:00
Emery Hemingway c96d5fe170 nixos: f2fs filesystem module support (close #2085) 2014-05-11 13:53:26 +02:00
Eelco Dolstra 4a08f37206 Don't start getty@tty1 on headless machines (like EC2)
Backport: 14.04
2014-05-05 16:47:36 +02:00
Eelco Dolstra be0f5eb45c qemu-guest.nix: Load virtio_rng
This allows the guest to have a paravirtualized RNG, if the host
provides it.
2014-04-30 18:23:42 +02:00
Eelco Dolstra 150d3b0095 no-x-libs.nix: Disable su xauth forwarding, and X11 dependency in dbus 2014-04-16 16:58:06 +02:00
Eelco Dolstra 29027fd1e1 Rewrite ‘with pkgs.lib’ -> ‘with lib’
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Shea Levy 452a1f9318 Revert "Turn on user-controlled wpa-cli on the livecd"
user-controlled wpa-cli requires explicit interface setting for some
reason

This reverts commit c6797b373f.
2014-04-08 18:26:52 -04:00
Shea Levy c6797b373f Turn on user-controlled wpa-cli on the livecd
Fixes #1204
2014-04-04 17:05:57 -04:00
Eelco Dolstra 1c192e1fea Another attempt to fix the installer test
http://hydra.nixos.org/build/9904133
2014-03-30 16:53:23 +02:00
Domen Kožar ee14f8da9a remove references to isSystemUser and fix eval of tested job 2014-02-08 21:10:00 +01:00
Eelco Dolstra 657c8d9ea7 Hack to work around the lack of isPath 2013-10-28 22:45:57 +01:00
Eelco Dolstra 5c1f8cbc70 Move all of NixOS to nixos/ in preparation of the repository merge 2013-10-10 13:28:20 +02:00