Bjørn Forsman
8f3e6fdd8c
nixos: add programs.wireshark option
...
To be able to use Wireshark as an ordinary user, the 'dumpcap' program
must be installed setuid root. This module module simplifies such a
configuration to simply:
programs.wireshark.enable = true;
The setuid wrapper is available for users in the 'wireshark' group.
Changes v1 -> v2:
- add "defaultText" to the programs.wireshark.package option (AFAIK,
that prevents the manual from being needlessly rebuilt when the
package changes)
2017-02-17 15:42:54 +01:00
Robin Gloster
070825d443
setcapWrapper: add support for setting permissions
2017-02-17 15:42:54 +01:00
Robin Gloster
6e12406e30
Revert "nginx: Format the config file"
...
This reverts commit e362a3d5c9
.
See #22883
2017-02-16 22:45:00 +01:00
Profpatsch
bb797c1390
networking.networkd: adjust autmatic mapping of bonds
...
Since the bonds interface changed to a lot more possible values we create a
mapping of kernel bond attribute names and values to networkd attributes.
Those match for the most part, but have to transformed slightly.
There is also an assert that unknown options won’t slip through silently.
2017-02-16 21:24:40 +01:00
Profpatsch
9debdaf512
networking.bonds: add support for arbitrary driverOptions
...
Until now the four attributes available very selectively provided a small
subset, while copying upstream documentation.
We make driver options an arbitrary key-value set and point to kernel
documentation, which is always up-to-date. This way every option can be set.
The four already existing options are deprecated with a warning.
2017-02-16 21:24:40 +01:00
Daniel Peebles
19a9099eb2
Merge pull request #22869 from copumpkin/amazon-init-fix
...
amazon-init NixOS module: fix (I think) race condition with network
2017-02-16 12:44:49 -05:00
Thomas Tuegel
7c260ad2cc
Merge pull request #22813 from benley/pam-kwallet
...
nixos: add optional pam_kwallet5 integration
2017-02-16 10:20:47 -06:00
Dan Peebles
b172684c17
amazon-init NixOS module: fix (I think) race condition with network
...
The initialization code is now a systemd service that explicitly
waits for network-online, so the occasional failure I was seeing
because the `nixos-rebuild` couldn't get anything from the binary
cache should stop. I hope!
2017-02-16 16:03:58 +00:00
Nikolay Amiantov
0c81594a29
kbd service: use /dev/tty1 for systemd-vconsole-setup
...
Fixes #22470
2017-02-16 17:08:14 +03:00
Nikolay Amiantov
109ee2a338
kbd service: use systemd-vconsole-setup even with early setup
...
This way we have fonts reloaded on switches.
2017-02-16 17:08:13 +03:00
Benjamin Staffin
463e90273f
pam: add optional pam_kwallet5 integration
2017-02-16 02:26:42 -05:00
Kier Davis
5e3a26e07b
Fix typo introduced by #22677
2017-02-15 23:44:11 +00:00
Bjørn Forsman
d4e5bb34b7
nixos/geoip-updater: run as user 'geoip' instead of 'nobody'
...
That way 'nobody' is prevented from messing with the databases.
2017-02-15 23:25:27 +01:00
Bjørn Forsman
ce0a52f9bf
nixos/security.wrappers: improve documentation
...
* The source attribute is mandatory, not optional
* The program attribute is optional
* Move the info about the mandatory attribute first (most important,
IMHO)
2017-02-15 20:05:27 +01:00
Profpatsch
91d0260feb
modules/filesystems: disallow non-empty fstab fields ( #22803 )
...
It was possible to pass empty strings / strings with only separator characters;
this lead to broken fstab formatting.
2017-02-15 13:22:48 +01:00
Franz Pletz
188526da3d
prometheus.blackboxExporter service: add CAP_NET_RAW
...
The blackbox-exporter for prometheus needs CAP_NET_RAW for sending icmp
probes.
2017-02-15 09:35:27 +01:00
Bjørn Forsman
f9cb2b5640
nixos/security.wrappers: use literalExample in documentation
...
It's much more readable when the example attrset is pretty printed
instead of written as one line.
2017-02-15 09:08:41 +01:00
Bjørn Forsman
a45821e7a8
nixos/cron: unbreak since new security.wrapper
2017-02-15 08:30:58 +01:00
Bjørn Forsman
aaac02f6c4
nixos/atd: unbreak after new security.wrappers
...
* convert list -> attrset
* 'atd' doesn't exist, 'at' does
2017-02-15 08:25:59 +01:00
Bjørn Forsman
b1bfe9d3db
nixos: hint about security.setuidOwners/Programs -> security.wrappers
...
Let users know about the option rename / change during nixos-rebuild
with a useful message instead of an error (with no way forward).
2017-02-15 07:25:33 +01:00
Bjørn Forsman
34c1b74421
nixos/virtualbox: unbreak wrt. new security.wrappers
...
The new option takes an attrset, not a list.
2017-02-15 07:25:33 +01:00
Bjørn Forsman
448acd8e5e
nixos: remove remaining reference to setuidPrograms
...
The option doesn't exist anymore.
2017-02-15 07:25:33 +01:00
Ian-Woo Kim
5ca0f72472
nixos-container: break lines in description of forwardPorts.
2017-02-15 05:12:46 +01:00
Ian-Woo Kim
4f0b663c2e
nixos-container: hostPort -> forwardPort and forwardPort is now a list of (protocol,hostPort,containerPort).
2017-02-15 05:12:46 +01:00
Ian-Woo Kim
0bfc631de2
nixos-container: support multiple port forwarding. change type of hostPort from 'string' to 'listOf str'
2017-02-15 05:12:46 +01:00
Ian-Woo Kim
8684285251
nixos-container: introduce hostPort in declarative container options.
2017-02-15 05:12:46 +01:00
Ian-Woo Kim
a238c8a575
nixos-container: add --port option for nixos-container (forward network ports to systemd-nspawn container)
2017-02-15 05:12:46 +01:00
Parnell Springmeyer
1f83f1c878
security-wrapper: Wrap <para> tags in a <note> tag
2017-02-14 21:30:04 -06:00
Graham Christensen
7483ba0932
Revert "nix-daemon: default useSandbox to true"
...
This reverts commit d0a086770a
.
2017-02-14 14:13:39 -05:00
Graham Christensen
3be1388963
Merge pull request #22767 from grahamc/sandbox-by-default
...
nix-daemon: default useSandbox to true
2017-02-14 13:57:44 -05:00
Eelco Dolstra
14c47bd546
Merge pull request #22758 from dezgeg/pr-nixos-rebuild
...
nixos-rebuild: Don't rebuild nixos-rebuild when --fast is used
2017-02-14 16:35:43 +01:00
Parnell Springmeyer
69794e333a
Using para tags for manual formatting
2017-02-14 08:53:30 -06:00
Parnell Springmeyer
794b3721bc
Syntax wibble
2017-02-14 08:42:08 -06:00
Parnell Springmeyer
e856d6efe8
Default should be to set owner and group to root on setcap wrappers too
2017-02-14 08:40:12 -06:00
Parnell Springmeyer
c01689f8da
Fixing ref to old-wrappersDir
2017-02-14 08:33:07 -06:00
Parnell Springmeyer
f8b8c353ff
Simplifying the wrapper program derivation
2017-02-14 08:27:40 -06:00
Parnell Springmeyer
fb6d13c01a
Addressing feedback and fixing a bug
2017-02-14 07:38:45 -06:00
Parnell Springmeyer
467bb3f674
/run/wrapper is not a filesystem, no need to skip it
2017-02-14 07:32:24 -06:00
Parnell Springmeyer
ba499e3aa0
Removing unused module option old-wrapperDir
2017-02-14 07:30:21 -06:00
Parnell Springmeyer
a27f35993d
Derp, correctly write the source program's path
2017-02-13 18:28:13 -06:00
Parnell Springmeyer
cca2e11556
Resurrecting the single-wrapper read from sibling .real file behavior
2017-02-13 18:03:06 -06:00
Parnell Springmeyer
9e36a58649
Merging against upstream master
2017-02-13 17:16:28 -06:00
Graham Christensen
d0a086770a
nix-daemon: default useSandbox to true
2017-02-13 18:06:01 -05:00
Rickard Nilsson
cda4a4dcfc
nixos/grafana: Don't print password warning if no password has been set
2017-02-13 23:11:40 +01:00
Tuomas Tynkkynen
2000f0941e
nixos-rebuild: Don't build nixos-rebuild with --fast
2017-02-13 21:52:32 +02:00
Tuomas Tynkkynen
23fee8bfbd
nixos-rebuild: Support passing e.g. '-j8'
...
Where there is no space between '-j' and the number.
2017-02-13 21:52:30 +02:00
Graham Christensen
1d2548772e
Merge pull request #22724 from grahamc/pam-oath-fixup
...
pam_oath: require OATH and pam_unix credentials to be valid
2017-02-13 09:36:35 -05:00
Robin Gloster
af9f44dd57
grub: fix capitalisation
...
Missed this occurence while renaming the option
2017-02-13 14:55:36 +01:00
symphorien
0b87efacb1
grub: add grub.useOSProber option ( #22558 )
2017-02-13 14:53:15 +01:00
Eelco Dolstra
a4ec1841da
VM tests: veryloose -> cache=loose
2017-02-13 12:18:10 +01:00