A null password allows logging into local PAM services such as "login"
(agetty) and KDM. That's not actually a security problem for EC2
machines, since they do not have "local" logins; for VirtualBox
machines, if you local access, you can do anything anyway. But it's
better to be on the safe side and disable password-based logins for
root.
E.g.
The unique option `fileSystems./.device' is defined multiple times, in `/etc/nixos/configuration.nix' and `/etc/nixos/foo.nix'.
This requires passing file/value tuples to the merge functions.
Now that overriding fileSystems in qemu-vm.nix works again, it's
important that the VM tests that add additional file systems use the
same override priority. Instead of using the same magic constant
everywhere, they can now use mkVMOverride.
http://hydra.nixos.org/build/6695561
For instance, if time.timeZone is defined multiple times, you now get
the error message:
error: user-thrown exception: The unique option `time.timeZone' is defined multiple times, in `/etc/nixos/configurations/misc/eelco/x11vnc.nix' and `/etc/nixos/configuration.nix'.
while previously you got:
error: user-thrown exception: Multiple definitions of string. Only one is allowed for this option.
and only an inspection of the stack trace gave a clue as to what
option caused the problem.
The major changes are:
* The evaluation is now driven by the declared options. In
particular, this fixes the long-standing problem with lack of
laziness of disabled option definitions. Thus, a configuration like
config = mkIf false {
environment.systemPackages = throw "bla";
};
will now evaluate without throwing an error. This also improves
performance since we're not evaluating unused option definitions.
* The implementation of properties is greatly simplified.
* There is a new type constructor "submodule" that replaces
"optionSet". Unlike "optionSet", "submodule" gets its option
declarations as an argument, making it more like "listOf" and other
type constructors. A typical use is:
foo = mkOption {
type = type.attrsOf (type.submodule (
{ config, ... }:
{ bar = mkOption { ... };
xyzzy = mkOption { ... };
}));
};
Existing uses of "optionSet" are automatically mapped to
"submodule".
* Modules are now checked for unsupported attributes: you get an error
if a module contains an attribute other than "config", "options" or
"imports".
* The new implementation is faster and uses much less memory.
Virsh/virt-manager uses ssh to connect to master, there it expects openbsd netcat(which
has support for unix sockets) to be avalible, to make a tunnel.
Close#1087.
It's already set in hardware-configuration.nix so this just confuses
people.
Also get rid of boot.initrd.kernelModules, since
hardware-configuration.nix is supposed to figure that out as well.
Commit 31203732b3 dropped the reference to
<nixos> from NIX_PATH (nixos/modules/programs/environment.nix) and thus
prevents systems that are not using channels from rebuilding.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
So, we get the old behaviour of nixos-hardware-scane if we run the
following command:
nixos-generate-config --no-filesystems --show-hardware-config
This allows to use scripts in order to fetch NixOS specific hardware
information, without the need to duplicate code elsewhere.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
The attributes swapDevices and imports add a space character after the
eqals sign, which is unnecessary. I know, I'm a pedantic douche bag but
it hurts my eyes.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is to get back the old behavior of nixos-hardware-scan, which
didn't include fileSystems and swapDevices.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>