3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

449 commits

Author SHA1 Message Date
Craig Younkins 8b12b17df3
treewide: Fix broken Gmane URLs 2018-12-25 22:34:55 -05:00
Florian Klink 3539f3875a release-notes/rl-1903: add security.googleOsLogin 2018-12-21 18:01:36 +01:00
Florian Klink d180bf3862 security.pam: make pam_unix.so required, not sufficient
Having pam_unix set to "sufficient" means early-succeeding account
management group, as soon as pam_unix.so is succeeding.

This is not sufficient. For example, nixos modules might install nss
modules for user lookup, so pam_unix.so succeeds, and we end the stack
successfully, even though other pam account modules might want to do
more extensive checks.

Other distros seem to set pam_unix.so to 'required', so if there are
other pam modules in that management group, they get a chance to do some
validation too.

For SSSD, @PsyanticY already added a workaround knob in
https://github.com/NixOS/nixpkgs/pull/31969, while stating this should
be the default anyway.

I did some thinking in what could break - after this commit, we require
pam_unix to succeed, means we require `getent passwd $username` to
return something.
This is the case for all local users due to the passwd nss module, and
also the case for all modules installing their nss module to
nsswitch.conf - true for ldap (if not explicitly disabled) and sssd.

I'm not so sure about krb5, cc @eqyiel for opinions. Is there some nss
module loaded? Should the pam account module be placed before pam_unix?

We don't drop the `security.pam.services.<name?>.sssdStrictAccess`
option, as it's also used some lines below to tweak error behaviour
inside the pam sssd module itself (by changing it's 'control' field).

This is also required to get admin login for Google OS Login working
(#51566), as their pam_oslogin_admin accounts module takes care of sudo
configuration.
2018-12-21 15:31:07 +01:00
Florian Klink 91c65721f7 owncloud: remove server
pkgs.owncloud still pointed to owncloud 7.0.15 (from May 13 2016)

Last owncloud server update in nixpkgs was in Jun 2016.
At the same time Nextcloud forked away from it, indicating users
switched over to that.

cc @matej (original maintainer)
2018-12-16 15:05:53 +01:00
Arian van Putten ef6ed03e2f nixos/nscd: Address doc feedback 2018-12-12 15:35:40 +01:00
Arian van Putten 335b41b3fb nixos/nscd: Add release note entry about nscd changes 2018-12-12 15:35:40 +01:00
Jörg Thalheim 91a7848fe2
nixos/release-notes: mention removal of quassel-webserver 2018-12-08 16:31:28 +00:00
Tobias Happ 95cbb71abe nixos/nm-applet: add nm-applet program 2018-12-02 12:18:47 +01:00
Florian Klink 3caeeabb14 gitlab: stop regenerating the authorized_keys file 2018-11-28 23:09:23 +01:00
Brandon Black dacbd5a61a nixos/ntp: use upstream default restrictions to avoid DDoS (#50762)
Fixes #50732
2018-11-28 10:15:25 +00:00
Jörg Thalheim d3aeed389c
Merge pull request #50641 from blaxill/firewallMerge
nixos/firewall: Always use global firewall.allowed rules
2018-11-23 11:42:16 +00:00
Ben Blaxill 308ab4ea25 Rename back to default and better release notes 2018-11-22 19:24:23 -05:00
Ben Blaxill b48c6d051b Add release notes 2018-11-21 17:08:12 -05:00
Craig Younkins a629f967f7 Fix release notes XML para closing tag 2018-11-20 18:46:52 +00:00
Frederik Rietdijk 63c6875f26 Merge master into staging-next 2018-11-18 10:32:12 +01:00
Tobias Happ 4839403dd6 nixos/{lightdm,sddm,xpra}: remove enabling of logToFile 2018-11-13 21:52:37 +01:00
Robert Hensing dd3aca2d0b
Merge pull request #49256 from roberth/nixos-nixpkgs-pkgs-use-overlays
NixOS: use overlays when nixpkgs.pkgs is set
2018-11-13 09:55:24 +01:00
Frederik Rietdijk 53d00c3351 Merge master into staging-next 2018-11-10 11:08:54 +01:00
Samuel Dionne-Riel 2f668e3248
Merge pull request #40043 from kierdavis/ckb-update-and-cleanup
ckb/ckb-next: 0.2.9 -> 0.3.2, and cleanup
2018-11-09 23:59:58 +00:00
rnhmjoj 21dfccd93d
nixos/manual: move syncthing notice in the right position 2018-11-07 08:32:03 +01:00
Sarah Brofeldt 81de3e39b0
Merge pull request #49516 from johanot/kubedns-to-coredns
nixos/kubernetes: KubeDNS -> CoreDNS
2018-11-06 10:30:49 +01:00
Kier Davis 3b7984dd51
Merge branch 'master' into ckb-update-and-cleanup 2018-11-06 00:47:14 +00:00
Robert Hensing 03fc1167e8
Merge branch 'master' into nixos-nixpkgs-pkgs-use-overlays 2018-11-04 14:19:33 +01:00
Andreas Rammhold c891dac82f
Merge pull request #49283 from aanderse/solr
solr: 4.10.3 -> 7.5.0, refactor service to reflect major changes in version bump
2018-11-04 13:24:15 +01:00
Frederik Rietdijk cb4ff927a1 Merge master into staging-next 2018-11-04 08:49:24 +01:00
Robert Hensing 5341e145c3 release-notes/19.03: nixpkgs.pkgs and nixpkgs.overlays now combine 2018-11-03 19:48:42 +01:00
Niklas Hambüchen 32c2d48524 nixos manual: Add changelog for consul
Signed-off-by: Niklas Hambüchen <mail@nh2.me>
2018-11-03 18:44:48 +01:00
Aaron Andersen 1b725def23 solr: 4.10.3 -> 7.5.0, refactor service to reflect major changes in version bump, NixOS test included 2018-11-03 13:14:13 -04:00
Vladimír Čunát a92a2c8e15
Merge branch 'master' into staging
Conflict: rename of pythondaemon -> python-daemon.
2018-11-02 14:40:14 +01:00
Joachim F 2dc0fc6516
Merge pull request #47526 from rnhmjoj/syncthing
nixos/syncthing: move configuration to condigDir
2018-11-02 12:02:51 +00:00
Johan Thomsen eea2db1240 nixos/kubernetes: Added rl-1903 entry documenting kubedns -> coredns 2018-10-31 13:41:04 +01:00
Frederik Rietdijk 1d196d99be Merge staging-next into staging 2018-10-30 20:35:15 +01:00
Markus Kowalewski d2799d1835
nixos/slurm: node/partitionName option -> list
Make the node and partitionname options lists.
There can be more than paratition or set of nodes.

Add changes to release notes
2018-10-30 19:50:52 +01:00
Markus Kowalewski 111d4eb090
nixos/slurm: run ctld as user and fix spool dir
* run as user 'slurm' per default instead of root
* add user/group slurm to ids.nix
* fix default location for the state dir of slurmctld:
  (/var/spool -> /var/spool/slurmctld)
* Update release notes with the above changes
2018-10-30 19:50:46 +01:00
Alyssa Ross 5bde0f6002
release notes: update for postgres rename 2018-10-30 14:33:36 +00:00
Eric Wolf 30d2792091 nixos/release-notes for 18.09: fix missing entry
- the addition of the groups kvm and render breaks the configuration of
   users, which added them
2018-10-30 08:41:13 +01:00
xeji 21a7ca7c08
Merge pull request #49074 from c0bw3b/pkg/veracrypt
veracrypt: 1.22 -> 1.23 / truecrypt: remove and alias to veracrypt
2018-10-29 23:53:29 +01:00
Léo Gaspard 58f701ab74 opensmtpd: 6.0.3p1 -> 6.4.0p1 2018-10-27 12:15:09 +09:00
c0bw3b b47fccff0a truecrypt: remove and alias to veracrypt
TrueCrypt has been retired for a while now and the source archive we
pointed to is gone. Moreover the VeraCrypt fork is available, maintained
and fixes issues previous audits found in TrueCrypt.
2018-10-24 20:34:17 +02:00
Frederik Rietdijk 0f38d9669f python3 is now python37 instead of python36
With Python 3.7 now at 3.7.1, and Python 3.6 at it's final maintenance
mode release, it is time to move on to 3.7 as the default interpreter.
2018-10-24 20:05:44 +02:00
Kier Davis 81178785c9
ckb, ckb module: rename to ckb-next
The upstream package has officially changed its name to ckb-next.
2018-10-22 13:23:30 +01:00
Léo Gaspard 5cd6c65054 wasm: remove alias to unbreak the channel
Nixpkgs' channel currently can't move forward so long as there is a
trace in evaluating the top-level arguments. Which means that it isn't
possible to add a warning message to warn users of future package
removal.

So the only way forward appears to be just removing the alias
altogether.

(cherry picked from commit b4133ebc17)
2018-10-22 09:58:00 +02:00
Silvan Mosberger e443bbf6fd
Merge pull request #45470 from Infinisil/znc-config
nixos/znc: More flexible module, cleanups
2018-10-17 03:01:30 +02:00
rnhmjoj 16f67637ba
nixos/syncthing: move configuration to condigDir
fixes #47513 following the upstream recommended settings:
https://github.com/syncthing/syncthing/issues/3434#issuecomment-235401876
2018-10-15 20:34:50 +02:00
Graham Christensen 94c6f1ba0e
Merge pull request #48463 from Ekleog/release-notes-license
release-notes/18-09: add licenses marked as unfree
2018-10-15 10:33:31 -04:00
Léo Gaspard 861b70f483
nixos manual: automatic reflow 2018-10-15 23:10:55 +09:00
Léo Gaspard 2a2c99673b
release-notes/18-09: add licenses marked as unfree 2018-10-15 23:10:54 +09:00
Silvan Mosberger 7e31678043
nixos/znc: Add release note entry for removed options 2018-10-14 20:39:50 +02:00
Yegor Timoshenko 6e4d0c4a8a
Merge pull request #47691 from florianjacob/matomo-choose-package
nixos/matomo: introduce services.matomo.package option
2018-10-13 15:27:00 +00:00
Florian Jacob a1825aecfc
nixos/matomo: introduce services.matomo.package option 2018-10-13 15:25:12 +00:00