1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 03:30:45 +00:00
Commit graph

1914 commits

Author SHA1 Message Date
aszlig 3e49487c1a
virtualbox: Enable hardening by default.
VirtualBox with hardening support requires the main binaries to be
setuid root. Using VBOX_WITH_RUNPATH, we ensure that the RPATHs are
pointing to the libexec directory and we also need to unset
VBOX_WITH_ORIGIN to make sure that the build system is actually setting
those RPATHs.

The hardened.patch implements two things:

 * Set the binary directory to the setuid-wrappers dir so that
   VboxSVC calls them instead of the binaries from the store path. The
   reason behind this is because nothing in the Nix store can have the
   setuid flag.
 * Excempt /nix/store from the group permission check, because while it
   is group-writeable indeed it also has the sticky bit set (and also
   the whole store is mounted read-only on most NixOS systems), so we're
   checking on that as well.

Right now, the hardened.patch uses /nix/store and /var/setuid-wrappers
directly, so someone would ever want to change those on a NixOS system,
please provide a patch to set those paths on build time. However, for
simplicity, it's best to do it when we _really_ need it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
Jaka Hudoklin 8c766dcc90 nixos/kubernetes: fix user id 2014-11-29 16:46:39 +01:00
Jaka Hudoklin bd32da69bc Merge pull request #5088 from offlinehacker/nixos/kubernetes
nixos: add kubernetes module
2014-11-29 16:44:42 +01:00
Jaka Hudoklin 2b261c1edf nixos: add kubernetes module 2014-11-29 02:27:17 +01:00
aszlig c37611f3e5
nixos: Use vendor zones instead of N.pool.ntp.org.
Closes #4824, thanks to @abh for processing my stupidity.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-28 19:37:03 +01:00
Domen Kožar 28a1af6e06 fix printing test 2014-11-27 20:01:18 +01:00
Domen Kožar b4cedc7965 nixos: reverse logic in nixos interactive tests documentation 2014-11-27 20:01:18 +01:00
aszlig 2249474632
nixos/sshd: Fix build if knownHosts is empty.
Introduced by 77ff279f27.

Build failure: https://headcounter.org/hydra/build/583158/nixlog/5/raw

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-27 19:03:41 +01:00
aszlig 14f09e01c1
nixos: Add enable option for programs/virtualbox.
We will simply rename the previous module and add a warning whenever the
module is included directly, pointing the user to the right option and
also enable it as well (in case somebody has missed the option and is
wondering why VirtualBox doesn't work anymore).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-27 18:42:22 +01:00
aszlig 444987193e
nixos: Rename virtualbox to virtualboxGuest.
Especially new users could be confused by this, so we're now marking
services.virtualbox.enable as obsolete and defaulting to
services.virtualboxGuest.enable instead. I believe this now makes it
clear, that this option is for guest additions only.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-27 18:42:22 +01:00
Rickard Nilsson 77ff279f27 nixos/services.openssh: Allow knownHost keys to have multiple lines.
Useful for adding several public keys of different types for the same host.
2014-11-27 18:40:21 +01:00
Eelco Dolstra e7cd18e907 Don't set $MANPATH
The default is derived automatically from $PATH, so it's in fact
better *not* to set it.
2014-11-27 17:36:46 +01:00
wmertens 45c1b9147f Merge pull request #5130 from wmertens/git-ssl-env
Let git use $SSL_CERT_FILE
2014-11-27 13:24:08 +01:00
Domen Kožar 91bdca38a0 NetworkManager.service -> network-manager.service 2014-11-27 12:10:20 +01:00
Matej Cotman 084fb3a0d3 e18: remove old desktop manager 2014-11-26 21:44:23 +01:00
Matej Cotman 959946a5af e17: remove old desktop manager 2014-11-26 21:44:23 +01:00
Igor Pashev 1dd53cc990 Mediawiki: updated for Apache 2.4 2014-11-26 16:51:30 +01:00
Wout Mertens 72b81cf8bb Remove unnecessary $GIT_SSL_CAINFO from sys env 2014-11-26 00:30:07 +01:00
Eelco Dolstra dd2dedafa3 Style fixes 2014-11-25 16:01:27 +01:00
Igor Pashev 4c33004e1f Added strongSwan service 2014-11-25 15:29:34 +01:00
Aristid Breitkreuz 82f2be6a26 containers: add test that stopping and starting a container works (#4989) 2014-11-24 23:19:34 +01:00
Vladimír Čunát d39c6ceffc nvidia_x11: current long-lived becomes a new legacy
CC: #5070.
2014-11-24 22:39:00 +01:00
cillianderoiste 04d62f6643 Merge pull request #5006 from daogames/este/customgitoliteuser
enable different useraccount name for gitolite user
2014-11-24 22:03:20 +01:00
William A. Kennington III f83aa6c0ea nixos/unifi: Properly depend on mountpoints 2014-11-24 12:40:07 -08:00
aszlig cc28e819e4
nixos/cupsd: Ignore collisions in cups-progs.
There currently are collisions between the main CUPS package and the
filters package, which are:

  * $storepath/share/cups/banners/classified
  * $storepath/share/cups/banners/confidential
  * $storepath/share/cups/banners/secret
  * $storepath/share/cups/banners/standard
  * $storepath/share/cups/banners/topsecret
  * $storepath/share/cups/banners/unclassified
  * $storepath/share/cups/data/testprint

And they actually have different content, so let's ignore those for now
until we have a better fix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-24 17:40:03 +01:00
Oliver Charles ac616e17b3 opentsdb: Enable chunked API requests by default 2014-11-24 14:40:48 +00:00
Oliver Charles abd24523f3 scollector: Allow users to specify external collectors 2014-11-24 14:40:48 +00:00
Oliver Charles ced9e83732 OpenTSDB should create its schema on start up 2014-11-24 14:40:48 +00:00
Oliver Charles 5c670c81d5 hbase should use dataDir to specify where to store data 2014-11-24 14:40:48 +00:00
Oliver Charles 1280c6aa64 Add an extraConfig option to bosun 2014-11-24 14:40:48 +00:00
Oliver Charles fb67616588 scollector should talk to Bosun, not OpenTSDB 2014-11-24 14:40:48 +00:00
Oliver Charles 891c262e9a Add a NixOS module to run bosun 2014-11-24 14:40:47 +00:00
Oliver Charles 2ed07c6cc1 scollector: New NixOS module 2014-11-24 14:40:47 +00:00
Oliver Charles 751a2943f4 opentsdb: Upgrade to 2.1.0-RC1 2014-11-24 14:40:47 +00:00
Oliver Charles 764cca613d opentsdb: New package and NixOS module 2014-11-24 14:40:47 +00:00
Oliver Charles 8964667bcd hbase: New package and NixOS module 2014-11-24 14:40:47 +00:00
Arseniy Seroka fd5566da41 Merge pull request #5080 from joachifm/dnscrypt-refactor
dnscrypt-proxy: minor superficial improvements
2014-11-24 15:48:47 +03:00
William A. Kennington III 8309aa04b2 unifi: Actually remove webapps at shutdown 2014-11-24 02:30:04 -08:00
William A. Kennington III 8f0d65e2df unifi: Clean all of webapps at start and stop 2014-11-24 00:22:24 -08:00
William A. Kennington III 3f7b2bc70d unifi: Fix typo 2014-11-24 00:06:42 -08:00
Domen Kožar 23567ac200 cups-pdf-filter -> cups-filters, enable by default for cups 2014-11-23 17:51:55 +01:00
Michael Raskin 48a1b59f6a Remove cups_pdf_filter from the default set - adding to default set is easier than removing... 2014-11-23 16:27:28 +03:00
Aristid Breitkreuz 5ff169f4d7 containers: remove obsolete comment 2014-11-23 12:30:03 +01:00
Jaka Hudoklin 4f592d4f29 nixos/etcd: fix postStart check and make tests deterministic 2014-11-23 12:16:50 +01:00
Jaka Hudoklin 7202121e0e nixos/etcd: only use one cient url by default 2014-11-23 01:25:53 +01:00
Joachim Fasting 119d93e223 dnscrypt-proxy: minor superficial improvements
- Use upstream description and explicitly set platforms = all
- Coding conventions fix
2014-11-22 16:19:06 +01:00
Jaka Hudoklin 73dc767aa0 nixos: add docker-registry module 2014-11-22 12:16:41 +01:00
Jaka Hudoklin 444bda1936 Merge pull request #4991 from offlinehacker/nixos/etcd
nixos: add etcd module
2014-11-22 12:05:35 +01:00
Domen Kožar 85daeeb222 Merge pull request #4639 from lethalman/installer-nm
kde installer: enable networkmanager. Closes #3433
2014-11-21 22:29:10 +01:00
Jaka Hudoklin b02d90969f make zookeeper.nix non-executable 2014-11-21 15:06:51 +01:00