Commit graph

414 commits

Author SHA1 Message Date
Franz Pletz
eb59961855
Revert "pinentry: make GTK3 the default front-end"
This reverts commit 3f7e3db744.

This broke the gpg-agent user service. See #27468.
2017-10-04 02:16:37 +02:00
Jörg Thalheim
0b18fa4f09 Merge pull request #30014 from eqyiel/krb5-fixes
nixos/krb5: complete rewrite
2017-10-03 11:04:58 +01:00
Joerg Thalheim
1406e249b3 krb5: add deprecation date for old configuration 2017-10-03 11:01:05 +01:00
Ruben Maher
06e15e59f9 nixos/krb5: complete rewrite
The `krb5` service was a bit lacking.

Addresses NixOS/nixpkgs#11268, partially addresses NixOS/nixpkgs#29623.
2017-10-02 14:30:19 +10:30
Jan Tojnar
3f7e3db744
pinentry: make GTK3 the default front-end
See: https://github.com/NixOS/nixpkgs/issues/18559
2017-10-01 01:40:03 +02:00
Peter Simons
99f759de1c Revert "nixos: add option for bind to not resolve local queries (#29503)"
This reverts commit 670b4e29ad. The change
added in this commit was controversial when it was originally suggested
in https://github.com/NixOS/nixpkgs/pull/29205. Then that PR was closed
and a new one opened, https://github.com/NixOS/nixpkgs/pull/29503,
effectively circumventing the review process. I don't agree with this
modification. Adding an option 'resolveLocalQueries' to tell the locally
running name server that it should resolve local DNS queries feels
outright nuts. I agree that the current state is unsatisfactory and that
it should be improved, but this is not the right way.

(cherry picked from commit 23a021d12e)
2017-09-23 16:41:34 +02:00
gwitmond
bd52618c9d
nixos: add option for bind to not resolve local queries (#29503)
When the user specifies the networking.nameservers setting in the
configuration file, it must take precedence over automatically
derived settings.

The culprit was services.bind that made the resolver set to
127.0.0.1 and ignore the nameserver setting.

This patch adds a flag to services.bind to override the nameserver
to localhost. It defaults to true. Setting this to false prevents the
service.bind and dnsmasq.resolveLocalQueries settings from
overriding the users' settings.

Also, when the user specifies a domain to search, it must be set in
the resolver configuration, even if the user does not specify any
nameservers.

(cherry picked from commit 670b4e29ad)

This commit was accidentally merged to 17.09 but was intended for
master. This is the cherry-pick to master.
2017-09-18 22:54:29 +02:00
pbogdan
94a4183bda nixos/fontconfig: fix substitutions option (#28895) 2017-09-05 16:20:42 +00:00
Orivej Desh
7803d69b78 nixos: update glibc locales link 2017-09-03 18:00:35 +00:00
Symphorien Gibol
bd54589233 networkmanager_iodine: init at 1.2.0 2017-08-30 02:58:29 +02:00
gnidorah
0e28d3af1d nixos: add pathes for KDE applications 2017-08-06 12:55:10 +03:00
Daniel Fullmer
caaa79f246 nixos/pulseaudio: Fix for missing zeroconf module 2017-08-03 14:21:34 +02:00
Peter Hoeg
72a64ea4f1 nsswitch: add systemd module
In order for DynamicUser = true to work in services, we need the
nss-systemd module to be able to resolve the user and group names
generated dynamically.
2017-08-03 10:51:06 +08:00
aszlig
4f901203e8
nixos/timezone: Fix evaluation error
Evaluation error introduced in a0d464033c.

If the value for timeZone is null it shouldn't be even tried to coerce
it into a string.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @lheckemann, @joachifm
2017-07-31 17:15:30 +02:00
Linus Heckemann
a0d464033c nixos/timezone: support imperative timezone configuration (#26608)
Fixes #26469.
2017-07-31 15:55:24 +01:00
Valentin Shirokov
d30b2eb1c0 Removed networking.fqdn option
Adding it was a mistake which can only lead to problems and confusion.
2017-07-31 13:55:41 +02:00
Valentin Shirokov
a74c0c6652 Removed deprecation warning for networking.extraHosts 2017-07-31 10:04:01 +02:00
Vladimír Čunát
8177561e8f
Merge #27105: more correct form of /etc/hosts 2017-07-30 09:57:41 +02:00
Volth
faac018630 environment.etc: add user/group option
fixes #27546
2017-07-29 23:56:46 +01:00
Valentin Shirokov
635ecd802f Deprecation warning for networking.extraHosts 2017-07-28 00:15:17 +03:00
Martin Wohlert
9be26f81ca change swap.randomEncryption config option to "coercedTo" for backwards compatibility 2017-07-26 20:57:10 +03:00
Martin Wohlert
c3d5cfdc3c swap: extend randomEncryption to plainOpen and ability to select cipher 2017-07-26 20:57:10 +03:00
k0ral
a3e6df6ee2 environment.noXlibs: Disable gnome when noXLibs is set (#27567) 2017-07-26 08:54:42 +02:00
edef
10c6df2e3c nixos/…/swap.nix: don't create a LUKS header for randomEncryption
Creating and then erasing the key relies on the disk erasing data
correctly, and otherwise allows attackers to simply decrypt swap just
using "secretkey". We don't actually need a LUKS header, so we can save
ourselves some pointless disk writes and identifiability.

In addition, I wouldn't have made the awful mistake of backing up my swap partition's LUKS header instead of my zpool's. May my data rest in peace.
2017-07-26 08:45:50 +02:00
Graham Christensen
2b2a6f2070
nixos/ldap: remove tls_checkpeer no when using TLS 2017-07-19 19:23:40 -04:00
Benno Fünfstück
1d78df2729 Merge pull request #27000 from Balletie/fix/pulseaudio-alsa-conf
pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsa
2017-07-17 08:20:38 +02:00
florianjacob
9937f13308 resolved: use resolved's static resolv.conf (#27144)
because it is upstream's recommended mode of operation:
https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
2017-07-13 14:40:31 +01:00
Valentin Shirokov
d29fc731b3 Example of networking.hosts is now literalExample 2017-07-09 23:12:57 +03:00
Valentin Shirokov
163393865f Style optimizations 2017-07-09 08:56:36 +03:00
Valentin Shirokov
2f97993992 Documentation fixes 2017-07-09 00:28:05 +03:00
Valentin Shirokov
396db6493d Style adjustments
Also dangerous typo fix
2017-07-08 23:04:47 +03:00
Valentin Shirokov
ca54c3f1aa Typo fix 2017-07-08 22:30:02 +03:00
Valentin Shirokov
5f2826fbed Added networking.hosts and networking.fqdn options 2017-07-08 21:13:16 +03:00
Valentin Shirokov
f9ec52dedc Added networking.extraLocalHosts option
It adds its contents to '127.0.0.1' line of /etc/hosts
It makes possible to point multiple domains to localhost in correct way
2017-07-04 02:19:11 +03:00
Jörg Thalheim
343ad1697d Merge pull request #26897 from layus/nixos-terminfo
terminfo: symlink terminfo to /etc for ncurses
2017-07-01 09:27:24 +01:00
Balletie
44fadbb9bd
pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsa
Fixes issue #25790.
2017-07-01 00:06:34 +02:00
Guillaume Maudoux
bd562949cf terminfo: symlink terminfo to /etc for ncurses 2017-06-30 11:17:11 +02:00
Florian Jacob
e370e97f3d nsswitch: only add modules to nsswitch.conf if they can be loaded 2017-06-30 02:44:23 +02:00
Florian Jacob
7410b0c82c nsswitch: add assertions for enabled nscd 2017-06-30 02:44:22 +02:00
Florian Jacob
63fa3e7c62 nsswitch: fix typo specifying nss-resolve module
this had the effect of not being able to load nss-resolve
and falling back to dns module in all cases.
2017-06-30 02:40:49 +02:00
Jörg Thalheim
859267f627
systemd-resolved: fix case when dnsmasq is used as local resolver
fixes #25706
2017-05-31 23:30:35 +01:00
Franz Pletz
1e95e114e5
nixos/xsession: use graphical systemd user target
While systemd suggests using the pre-defined graphical-session user
target, I found that this interface is difficult to use. Additionally,
no other major distribution, even in their unstable versions, currently
use this mechanism.

The window or desktop manager is supposed to run in a systemd user service
which activates graphical-session.target and the user services that are
binding to this target. The issue is that we can't elegantly pass the
xsession environment to the window manager session, in particular
whereas the PassEnvironment option does work for DISPLAY, it for some
mysterious reason won't for PATH.

This commit implements a new graphical user target that works just like
default.target. Services which should be run in a graphical session just
need to declare wantedBy graphical.target. The graphical target will be
activated in the xsession before executing the window or display manager.

Fixes #17858.
2017-05-29 15:05:28 +02:00
Jörg Thalheim
323f28d40e
nsswitch: use libnss_resolve if resolved is enabled 2017-05-24 01:10:36 +01:00
Jörg Thalheim
9464df56a0 Merge pull request #25712 from 4z3/per-user-pkgs
users-groups module: add per-user packages
2017-05-17 22:18:19 +01:00
Joachim Fasting
e6c65ecb12
tree-wide: remove uses of features.grsecurity 2017-05-14 15:08:51 +02:00
tv
f46b3a038f users-groups module: add per-user packages 2017-05-12 20:30:22 +02:00
Jörg Thalheim
ddb6d0962e
environment.profileRelativeEnvVars: remove sbin from example
follow up of https://github.com/NixOS/nixpkgs/pull/25550
2017-05-09 08:51:04 +01:00
Michael Raskin
a5d36429dc Merge pull request #22489 from avnik/nixos-locales
nixos:  allow supply customized locale package
2017-04-30 18:19:31 +02:00
Franz Pletz
3ab45f4b36
treewide: use boolToString function 2017-04-11 18:18:53 +02:00
Timofei Kushnir
42e1314727 nixos: remove duplicate wrapperDir PATH addition (#24703) 2017-04-09 13:07:33 +01:00