3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

212 commits

Author SHA1 Message Date
Eric Sagnes 52dd53373f ibus service: refactoring 2016-02-17 20:44:29 +09:00
Vladimír Čunát d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Vladimír Čunát a115bff08c Merge branch 'master' into staging 2016-02-07 13:52:42 +01:00
Vladimír Čunát 54299b60c4 Merge #12779: Mass replace pkg}/bin-style strings
... to refer to correct outputs
2016-02-03 17:25:22 +01:00
Vladimír Čunát 4fede53c09 nixos manuals: bring back package references
This reverts most of 89e983786a, as those references are sanitized now.
Fixes #10039, at least most of it.

The `sane` case wasn't fixed, as it calls a *function* in pkgs to get
the default value.
2016-02-03 14:47:14 +01:00
Guillaume Maudoux 9f358f809d Configure a default trust store for openssl 2016-02-03 12:42:01 +01:00
Vladimír Čunát 889351af8b Revert "Merge #12357: nixos docs: show references to packages"
The PR wasn't good enough yet.
This reverts commit b2a37ceeea, reversing
changes made to 7fa9a1abce.
2016-02-03 12:16:33 +01:00
Vladimír Čunát b2a37ceeea Merge #12357: nixos docs: show references to packages 2016-02-03 10:07:27 +01:00
Tuomas Tynkkynen 33e7a2549a treewide: Mass replace 'xfsprogs}/bin' to refer the 'bin' output 2016-02-01 20:46:23 +02:00
Eelco Dolstra a7b7ac8bfb openssh: Enable DSA host/client keys
This applies a patch from Fedora to make HostKeyAlgorithms do the
right thing, fixing the issue described in
401782cb67.
2016-02-01 16:31:43 +01:00
Eelco Dolstra bfebc7342e Fix some references to deprecated /etc/ssl/certs/ca-bundle.crt 2016-01-29 02:32:05 +01:00
Vladimír Čunát ab8a691d05 nixos systemPackages: rework default outputs
- Now `pkg.outputUnspecified = true` but this attribute is missing in
  every output, so we can recognize whether the user chose or not.
  If (s)he didn't choose, we put `pkg.bin or pkg.out or pkg` into
  `systemPackages`.
- `outputsToLink` is replaced by `extraOutputsToLink`.
  We add extra outputs *regardless* of whether the user chose anything.
  It's mainly meant for outputs with docs and debug symbols.
- Note that as a result, some libraries will disappear from system path.
2016-01-28 11:24:18 +01:00
Reno Reckling 312bae7fc0 nixos-ssh: set SSH_ASKPASS globally and not just on interactive shells
If we limit SSH_ASKPASS to interactive shells, users are unable to trigger
the ssh-passphrase dialog from their desktop environment autostart scripts.
Usecase: I call ssh-add during my desktop environment autostart and want to have
the passphrase dialog immediately after startup.
For this to work, SSH_ASKPASS needs to be propagated properly on
non-interactive shells.
2016-01-24 11:18:30 +01:00
Thomas Strobel a04a7272aa Add missing 'type', 'defaultText' and 'literalExample' in module definitions
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
2016-01-17 19:41:23 +01:00
Franz Pletz cac1041ced Merge pull request #12328 from makefu/zsh-allow-override-history-defaults
programs.zsh: allow override of history defaults
2016-01-16 17:25:20 +01:00
makefu ed83b8a61c programs.zsh: allow override of history defaults 2016-01-16 16:55:30 +01:00
Vladimír Čunát 3bcf8ae879 nixos manuals: bring back package references
This reverts most of 89e983786a, as those references are sanitized now.
Fixes #10039, at least most of it.

The `sane` case wasn't fixed, as it calls a *function* in pkgs to get
the default value.
2016-01-13 12:04:31 +01:00
Nikolay Amiantov d82c0f9790 nixos/cdemu: use system kernel modules 2016-01-12 14:44:41 +03:00
Arseniy Seroka 1fc685ae64 Merge pull request #11945 from jgillich/fish
fish: add module to support it as default shell
2016-01-06 01:25:37 +03:00
Arda Xi e60c4995fd command-not-found: pass all of argv to helper 2015-12-28 15:09:48 +01:00
Nathan Zadoks 254eebd8a0 command-not-found: add NIX_AUTO_RUN 2015-12-28 15:09:48 +01:00
Jakob Gillich ac7e923104 fish: add module to support it as default shell
* Patched fish to load /etc/fish/config.fish if it exists (by default,
  it only loads config relative to itself)
* Added fish-foreign-env package to parse the system environment

closes #5331
2015-12-26 06:25:23 +01:00
Spencer Whitt bf14849534 zsh module: add /share/zsh to pathsToLink
Needed for completion functions
abbradar: replaced optionals with optional
2015-11-26 04:33:07 +03:00
Spencer Whitt ff58711bda zsh module: add enableCompletion option 2015-11-25 10:32:58 -05:00
lethalman 8099d8189b Merge pull request #11108 from ericsagnes/ibus-dconf
ibus: fix dconf dependency
2015-11-24 10:16:08 +01:00
Peter Simons 0ccc515b48 nixos: remove debug code accidentally checked in with 833a597156 2015-11-18 16:37:38 +01:00
Peter Simons 833a597156 nixos: configure bash prompt in Emacs' shell-mode, even if TERM=dumb
The idea that the interactive bash prompt isn't set in case of TERM=dumb
is intended to fix problems when other machines log remotely into a
NixOS installation via Tramp. A side-effect that change was, however,
that Emacs' shell-mode no longer had a correct prompt. I suppose the
presence of

  INSIDE_EMACS=24.5.2,comint

is a sufficiently unique indication that the current interactive shell
is running inside of an Emacs and that the prompt can thus be configured
safely.
2015-11-18 16:27:41 +01:00
Eric Sagnes 7cead2e990 ibus: fix dconf dependency 2015-11-18 11:29:31 +09:00
Thomas Tuegel 80670a2d13 nixos/environment: don't set Qt 5 paths 2015-10-30 16:10:37 -05:00
Eelco Dolstra c20403631d Factor out "man" into a separate module and add "man" outputs to system.path
Fixes #10270.
2015-10-30 15:21:12 +01:00
Nikolay Amiantov 7a9982d465 nixos/bash: use simple prompt for dumb terminals 2015-10-22 14:05:49 +03:00
Eelco Dolstra 89e983786a Manual: Remove store path references 2015-09-24 11:50:58 +02:00
Jan Malakhovski 6eadb16022 nixos: fix some types 2015-09-18 18:48:50 +00:00
Tobias Geerinckx-Rice 45b86d6981 nixos: cdemu service: mark up & tweak descriptions 2015-09-07 00:47:18 +02:00
Eelco Dolstra c090efb9d8 command-not-found: Fix nix-env invocation 2015-09-02 19:49:34 +02:00
Eelco Dolstra 13532ee161 command-not-found: Use attribute name 2015-09-02 17:40:19 +02:00
Eelco Dolstra f6eece6f8f programs.ssh.knownHosts: Use attribute name
This allows writing:

  programs.ssh.knownHosts."10.1.2.3".publicKey = "bar";

instead of

  programs.ssh.knownHosts = [ { hostNames = [ "10.1.2.3" ]; publicKey = "bar"; } ];
2015-08-27 15:32:46 +02:00
Eelco Dolstra 7c6ff6c1da programs.ssh.knownHosts: Use submodule 2015-08-27 15:32:46 +02:00
Eelco Dolstra 287c08d8a3 Rename services.openssh.knownHosts -> programs.ssh.knownHosts
This option configures the SSH client, not the server.
2015-08-27 15:32:46 +02:00
Eelco Dolstra 401782cb67 Revert "openssh: 6.9p1 -> 7.0p1"
This reverts commit a8eb2a6a81. OpenSSH
7.0 is causing too many interoperability problems so soon before the
15.08 release.

For instance, it causes NixOps EC2 initial deployments to fail with
"REMOTE HOST IDENTIFICATION HAS CHANGED". This is because the client
knows the server's ssh-dss host key, but this key is no longer
accepted by default. Setting "HostKeyAlgorithms" to "+ssh-dss" does
not work because it causes ssh-dss to be ordered after
"ecdsa-sha2-nistp521", which the server also offers. (Normally, ssh
prioritizes host key algorithms for which the client has a known host
key, but not if you set HostKeyAlgorithms.)
2015-08-20 14:08:18 +02:00
Luca Bruno e53e1c7070 nixos xfs_quota: simplify restartTriggers 2015-08-19 20:04:20 +02:00
Luca Bruno bc46013ac1 nixos xfs_quota: set default projects to {} 2015-08-19 18:03:42 +02:00
Luca Bruno d8b9521d64 nixos xfs_quota: add new module for managing xfs_quota projects 2015-08-19 16:09:35 +02:00
Eelco Dolstra a47fef4d9e Merge pull request #9326 from oxij/fix-info
Documentation indexes
2015-08-19 13:46:47 +02:00
Jan Malakhovski c6256c0e3e nixos: generate infodirs directly in system-path
`man 1 info` says:

   The first non-option argument, if present, is the menu entry to
   start from; it is searched for in all `dir' files along INFOPATH.
   If it is not present, info merges all `dir' files and shows the
   result. Any remaining arguments are treated as the names of menu
   items relative to the initial node visited.

Which means that this does what previous programs/info did and #8519
(on-the-fly infodir generation for Emacs) wanted to do, but for both
programs.
2015-08-18 18:42:57 +00:00
Eelco Dolstra 1f2eef5ae9 openssh: Re-enable DSA client keys
This was broken by a8eb2a6a81.
2015-08-18 13:11:45 +02:00
Eelco Dolstra 3f1354a3cd Add an option ‘nix.nixPath’ for specifying $NIX_PATH 2015-08-05 14:33:15 +02:00
aszlig 6c50714222
nixos: Give virtualbox-host.nix a better location.
In 14f09e0, I've introduced the module under modules/programs, because
the legacy virtualbox.nix was also under that path. But because we
already have modules/virtualisation/virtualbox-guest.nix, it really
makes sense to put this module alongside of it as well.

This module thus has no change in functionality and I've tested
evaluation against nixos/tests/virtualbox.nix and the manual.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-08-04 03:59:52 +02:00
William A. Kennington III 8e19ac8d7c Merge branch 'master.upstream' into staging.upstream 2015-06-17 11:57:40 -07:00
Eelco Dolstra 6e6a96d42c Some more type cleanup 2015-06-15 18:18:46 +02:00
William A. Kennington III 867d2c5c46 openssl: Remove References to OPENSSL_X509_CERT_FILE 2015-05-31 15:50:51 -07:00
Kranium Gikos Mendoza 6f634e3c3a Add kbdlight package and setuid wrapper
update nixos/modules/programs/kbdlight.nix to use mkEnableOption
2015-05-11 13:23:01 +08:00
Eelco Dolstra 11a9774c75 Use "mkdir -p" when creating ~/.nix-defexpr
Otherwise, simultaneous invocations of /etc/profile can fail, e.g.

  mkdir: cannot create directory ‘/.nix-defexpr’: File exists
2015-04-20 13:03:04 +02:00
Peter Simons 6edc3022ef Merge pull request #7345 from joachifm/conditional-shadow-setuids
nixos: condition shadow setuid-wrappers on mutableUsers
2015-04-14 13:23:19 +02:00
Joachim Fasting 75ab7bf960 nixos: condition shadow setuid-wrappers on mutableUsers
Having junk setuid wrappers in PATH is annoying.
2015-04-14 00:27:11 +02:00
aszlig 5075cbe696
nixos: Put root's channels to the end of NIX_PATH.
My original reason to put it at the beginning of NIX_PATH was to allow
shipping a particular version <nixpkgs> with a channel. But in order to
do that, we can still let the channel expression ship with a custom
version of nixpkgs by something like <channel/nixpkgs> and the builder
of the channel could also rewrite self-references.

So the inconvenience is now shifted towards the maintainer of the
channel rather than the user (which isn't nice, but better err on the
side of the developer rather than on the user), because as @edolstra
pointed out: Having the channels of root at the beginning of NIX_PATH
could have unintended side-effects if there a channel called nixpkgs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-04-13 12:20:58 +02:00
aszlig 65e569cc37
nixos: Add all of root's channels to NIX_PATH.
This is very useful if you want to distribute channels (and thus
expressions as well) in a similar fashion to Debians APT sources (or
PPAs or whatnot).

So, for example if you have a channel with some additional functions
or packages, you simply add that channel with:

sudo nix-channel --add https://example.com/my-nifty-channel foo

And you can access that channel using <foo>, for example in your
configuration.nix:

{
  imports = [ <foo/modules/shiny-little-module> ];
  environment.systemPackages = with import <foo/pkgs> {}; [ bar blah ];
  services.udev.extraRules = import <foo/lib/udev/mkrule.nix> {
    kernel = "eth*";
    attr.address = "00:1D:60:B9:6D:4F";
    name = "my_fast_network_card";
  };
}

Within nixpkgs, we shouldn't have <nixos> used anywhere anymore, so we
shouldn't get into conflicts.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-04-12 23:50:20 +02:00
obadz be7f104502 sg: add setuid wrapper. (newgrp is a symlink to sg and was already setuid).
sudo: add ability for wheel users to change group (as well as user)
2015-03-30 23:50:45 +01:00
Gabriel Ebner d23ed364b5 Add ibus-qt. 2015-03-11 21:54:04 +01:00
Gabriel Ebner 59da79c733 ibus: Enable XIM support.
This allows firefox to use ibus.
2015-03-11 21:54:04 +01:00
Gabriel Ebner f222abea44 Add programs.ibus config option to enable ibus and plugins. 2015-03-11 21:53:34 +01:00
Thomas Tuegel 4b10907152 ssh: make askPassword an option
By making askPassword an option, desktop environment modules can
override the default x11_ssh_askpassword with their own equivalent for
better integration. For example, KDE 5 uses plasma5.ksshaskpass instead.
2015-03-11 11:49:29 -05:00
Nikolay Amiantov 264c6892f2 nixos/uim: capitalize description 2015-03-05 20:49:45 +03:00
Eelco Dolstra 36d0f367de ssh-agent: Fix asking for confirmation via $SSH_ASKPASS
This was lost back in
ffedee6ed5. Getting this to work is
slightly tricky because ssh-agent runs as a user unit, and so doesn't
know the user's $DISPLAY.
2015-02-25 14:31:17 +01:00
Thomas Tuegel a79936561b environment: use Qt 5 Qml import paths 2015-02-21 11:39:20 -06:00
Luca Bruno e088fd0314 Revert "Merge pull request #5626 from matthiasbeyer/add-fish_shell_module"
This reverts commit 157d199b33, reversing
changes made to 4c7adddcb7.
2015-02-11 18:31:11 +01:00
lethalman 157d199b33 Merge pull request #5626 from matthiasbeyer/add-fish_shell_module
Add basic nixos module for fish shell
2015-02-11 15:05:03 +01:00
Herwig Hochleitner 983fddcea8 Move cdemu module into programs 2015-02-10 13:14:09 +01:00
Thomas Tuegel 849647a3eb environment: set paths for Qt plugins and QML 2015-01-26 20:59:49 -06:00
Domen Kožar b92a62165d Merge pull request #5726 from spwhitt/zsh-command-not-found
command-not-found: Add ZSH Support
2015-01-17 18:15:35 +01:00
Spencer Whitt 6cba6dc61b command-not-found: Add ZSH Support 2015-01-12 03:45:48 -05:00
Arseniy Seroka 4f596fb93f Revert "zsh: profile-relative functions path"
This reverts commit 766207ca1d.

We need to solve the problem with `environment.profileRelativeEnvVars`.
The best workaround is to make profileRelativeEnvVars prepend paths.
2015-01-10 22:11:13 +03:00
Matthias Beyer 5e6068d913 Put shell aliases in interactiveShellInit 2015-01-08 15:18:26 +01:00
Matthias Beyer c5e855e060 Add basic nixos module for fish shell 2015-01-08 15:18:26 +01:00
Jan Malakhovski b6646f7ba7 nixos: make zsh use fcntl for locking history files by default
Without this zsh creates and then unlinks .lock files at each interactive
input line, which is inhumane with respect to disk.
2015-01-07 15:43:01 +00:00
Kirill Elagin 766207ca1d zsh: profile-relative functions path
This is needed mostly for autocompletion.
2015-01-04 02:02:59 +03:00
aszlig f7384b8c75
nixos/virtualbox: Revert disable hardening.
This reverts commit 5d67b17901.

The issues have been resolved by ac603e208c.

Tested this with hostonlyifs and USB support with extension pack.

Conflicts:
	nixos/modules/programs/virtualbox-host.nix

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>
2014-12-18 18:18:32 +01:00
Eelco Dolstra 63c14e259d ssh-agent: Don't have a timeout by default
IMHO, having a short timeout (1h) defeats the point of using
ssh-agent, which is not to have to retype passphrases all the time. Of
course, users who want timeouts can set programs.ssh.agentTimeout.

This restores the 14.04 behaviour.
2014-12-18 15:34:29 +01:00
aszlig ac603e208c
virtualbox: Fix runtime paths in hardening mode.
Because we have to rely on setuid wrappers on NixOS, we can't easily
hardcode the executable paths and set it 4755. So for all calls, we need
to change the runtime path executable directory to /var/setuid-wrappers/
and for verification we need to retain the executable directory.

Also note, that usually VBoxNetAdpCtl, VBoxNetDHCP, VBoxNetNAT, VBoxSDL
and VBoxVolInfo don't reside in directories that are commonly in PATH,
but in /usr/lib/virtualbox in most mainstream distros. But because the
names of these executables are distinctive enough to not cause
collisions with other setuid programs, I'll leave it like that and not
patch up setuid-wrappers.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
Eelco Dolstra bde9ae18cf Revert "enable bash autocomplete by default"
This reverts commit ee8e15fe76. See
discussion at ee8e15fe76.
2014-12-18 00:36:46 +01:00
aszlig e36bec661c
nixos/virtualbox: Fix warning on enableHardening.
The warning was displayed whenever services.virtualboxHost.enable was
true, but if people were to enable hardening, they'd still get that
annoying message.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-16 11:24:55 +01:00
aszlig d85fabd68c
nixos/virtualbox/hostonlyif: Fix writing to /root.
Creates unnecessary cruft in the root users home directory, which we
really don't need. Except the log, but therefore we now cat the log to
stderr and the private temporary directory is cleaned up afterwards.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 19:16:43 +01:00
aszlig 5d67b17901
nixos/virtualbox: Disable hardening for now.
This should display a big fat warning that people can hardly miss until
we have fixed the issues with the host-only-interfaces that persist when
hardining is enabled.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 18:53:41 +01:00
aszlig 245baeb2f6
nixos/virtualbox: Note about "vboxusers" group.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:19 +01:00
aszlig e03e0ff42a
nixos/virtualbox: Allow to disable hardening.
Hardening mode in VirtualBox is quite restrictive and on some systems it
could make sense to disable hardening mode, especially while we still
have issues with hostonly networking and other issues[TM] we don't know
or haven't tested yet.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:18 +01:00
aszlig 0d71ec8a6e
nixos/virtualbox: Fix setuid wrappers.
We only need to have setuid-root wrappers for VBox{Headless,SDL} and
VirtualBox, otherwise VBoxManage will run as root and NOT drop
privileges!

Fixes #5283.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-13 07:52:19 +01:00
ambrop7@gmail.com 65393ca8d3 virtualbox: Unbreak the nixos module. 2014-12-12 00:16:33 +01:00
ambrop7@gmail.com 9fa2c35ec8 virtualbox: Allow disabling the network interface.
The current nixos module for VirtualBox unconditionally configures a vboxnet0
network interface at boot. This may be undesired, especially when the user wants
to manage network interfaces in a centralized manner.
2014-12-11 23:35:03 +01:00
Domen Kožar ee8e15fe76 enable bash autocomplete by default 2014-12-08 12:06:02 +01:00
aszlig 3e49487c1a
virtualbox: Enable hardening by default.
VirtualBox with hardening support requires the main binaries to be
setuid root. Using VBOX_WITH_RUNPATH, we ensure that the RPATHs are
pointing to the libexec directory and we also need to unset
VBOX_WITH_ORIGIN to make sure that the build system is actually setting
those RPATHs.

The hardened.patch implements two things:

 * Set the binary directory to the setuid-wrappers dir so that
   VboxSVC calls them instead of the binaries from the store path. The
   reason behind this is because nothing in the Nix store can have the
   setuid flag.
 * Excempt /nix/store from the group permission check, because while it
   is group-writeable indeed it also has the sticky bit set (and also
   the whole store is mounted read-only on most NixOS systems), so we're
   checking on that as well.

Right now, the hardened.patch uses /nix/store and /var/setuid-wrappers
directly, so someone would ever want to change those on a NixOS system,
please provide a patch to set those paths on build time. However, for
simplicity, it's best to do it when we _really_ need it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
aszlig 14f09e01c1
nixos: Add enable option for programs/virtualbox.
We will simply rename the previous module and add a warning whenever the
module is included directly, pointing the user to the right option and
also enable it as well (in case somebody has missed the option and is
wondering why VirtualBox doesn't work anymore).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-27 18:42:22 +01:00
Eelco Dolstra e7cd18e907 Don't set $MANPATH
The default is derived automatically from $PATH, so it's in fact
better *not* to set it.
2014-11-27 17:36:46 +01:00
Aristid Breitkreuz 2fd7e5f39d ssh-agent: use types.nullOr 2014-11-15 12:33:01 +01:00
Aristid Breitkreuz d57110fabc ssh-agent: make key timeout optional 2014-11-15 12:13:25 +01:00
Aristid Breitkreuz d70336f37c limit the amount of time ssh-agent keeps a key (default: 1h) 2014-11-15 12:13:25 +01:00
Brian McKenna a6bacd4d81 Add "light" package and setuid wrapper 2014-11-09 19:45:43 -07:00
Nikolay Amiantov 1b6f0ffb6e ssmtp: add 'root' option 2014-11-05 02:47:59 +03:00
Nikolay Amiantov 292e07689a ssmtp: add types to options 2014-11-05 02:42:48 +03:00
Nathaniel Baxter ab8ef63ff4 alsa: Add multilib plugin support via "libs" entry in asound config.
alsa: Remove unused $ALSA_PLUGIN_DIRS support.
2014-10-04 14:48:58 +02:00
Shea Levy f5aaefbb6c More pkgs.lib -> lib fixes 2014-09-29 09:45:59 -04:00