MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-16 14:54:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
57729 commits 258 branches 124 tags 6 GiB
Commit graph

2342 commits

Author SHA1 Message Date
Ricardo M. Correia
a11dc2f0a3 grsecurity: Add denyUSB option to grsec NixOS module 
The option had been added to the grsec build-support code,
but it hadn't been added to the grsec module.

After this commit, grsec module users will be able to change
the default value. It also serves to document that this option
exists and that NixOS will disable it by default.
 2015-01-20 19:18:06 +01:00
Joachim Fasting
7023e03d77 firewall service: fix pingLimit example value 
The example uses single dashes, whereas iptables requires double dashes.
 2015-01-20 08:47:11 +01:00
Edward Tjörnhammar
5b1c9417a8 Add Kodi desktop-manager 2015-01-19 22:14:36 +01:00
Peter Simons
ec6b82a0c2 Merge branch 'master' into staging. 2015-01-19 18:41:17 +01:00
lethalman
d957d9e6bc Merge pull request #5517 from paraseba/bumblebee 
Bumblebee config to enable multiple monitors
 2015-01-19 15:00:11 +01:00
wmertens
d3383e4879 Merge pull request #4394 from wmertens/patch-6 
setup-etc.pl: Fail when symlink/rename fails
 2015-01-19 12:39:41 +01:00
lethalman
9cd9264ef3 Merge pull request #5849 from robberer/systemd/restartassert 
systemd: extend checkUnitConfig with on-abnormal
 2015-01-19 11:48:48 +01:00
Longrin Wischnewski
4b0100774a systemd: extend checkUnitConfig with on-abnormal 2015-01-19 11:41:18 +01:00
Andrey Arapov
04be7262a6 nixos/dovecot: added configFile option and default Restart on-failure, PR #5845 
Absolute path is required when one has such postfix configuration
where he/she needs to specify the actual (real) path to active dovecot
config.

Without this commit applied, the dovecot is running in such way:
/nix/store/hashAAA-dovecot-ver/sbin/dovecot -F -c /nix/store/hashBBB-dovecot2.conf

and postfix can't be aware of the value of "hashBBB" via services.postfix.extraConfig = '' ... '';
(it can only be aware of "hashAAA" with ${pkgs.dovecot} parameter)

Also enable Restart on-failure.

Edit: set RestartSec to 1s
 2015-01-19 11:05:56 +01:00
William A. Kennington III
130f66b683 nixos/sync-server: Respect the enable option 2015-01-18 14:21:40 -08:00
Domen Kožar
3b174a4024 Merge pull request #5301 from nbp/syncserver 
Add Firefox Sync service
 2015-01-18 17:47:51 +01:00
Nicolas B. Pierron
8196727fad Improve the documentation of the syncserver module. 2015-01-18 12:21:23 +01:00
Nicolas B. Pierron
0d13ea0131 Change default syncserver listen.port to a safer one. 2015-01-18 12:20:44 +01:00
Domen Kožar
b92a62165d Merge pull request #5726 from spwhitt/zsh-command-not-found 
command-not-found: Add ZSH Support
 2015-01-17 18:15:35 +01:00
Damien Cassou
a7024cb4b4 Create a nixos module for cups-browsed 2015-01-16 14:10:57 +01:00
Eelco Dolstra
efa8fc2b0a Paranoia 2015-01-15 18:37:55 +01:00
Eelco Dolstra
b9c4569b6b nixos-install: Create /root with 700 permission 2015-01-15 18:37:55 +01:00
Eelco Dolstra
3ca275d7ba NixOS containers: Create /root with 700 permission 
Systemd-nspawn creates /root with 755 permission if it doesn't exist,
which is bad. So we have to create it ourselves before calling
systemd-nspawn.
 2015-01-15 17:51:43 +01:00
Eelco Dolstra
24ce7ff3ea test-instrumentation.nix: Prevent calling a pager 2015-01-15 14:39:29 +01:00
Eric Seidel
88eae46455 rename occurrences of gcc.gcc to gcc.cc 2015-01-14 20:47:49 -08:00
Edward Tjörnhammar
837cfbb9ea nixos: adding nylon service with uid,gid 2015-01-14 22:08:47 +01:00
William A. Kennington III
8e5ef7da54 nixos/network-interfaces: Fix rstp support 2015-01-14 10:34:28 -08:00
Luca Bruno
804a958663 pam: add pam_wheel 2015-01-14 18:32:08 +01:00
Luca Bruno
2beb43174f nixos-rebuild: use reload-or-restart for dbus. Closes #5767 
Now that dbus reload has been moved before restarting units,
the reload may fail if dbus has been stopped before.
The reload-or-restart will reload dbus if it's active,
otherwise start it.
 2015-01-14 16:08:47 +01:00
Rob Vermaas
df7923fa82 Merge pull request #5515 from oconnorr/master 
GCE updates to ntp server and to fetch all ssh keys
 2015-01-14 13:19:38 +01:00
Matej Cotman
4e6efec4b4 enlightenment: fix media preview 2015-01-13 14:56:35 +01:00
Ryan Mulligan
2e3fa5b849 different wording for adminPubkey description 
Maybe this wording is a slight improvement?
 2015-01-12 21:49:33 -08:00
Matthias Beyer
f64d795950 Add note that administrative public key for gitolite has to be written in one line 2015-01-12 23:10:27 +01:00
mokasin
dd6dfde575 Add auto-start option to containers. 2015-01-12 18:26:22 +01:00
Spencer Whitt
6cba6dc61b command-not-found: Add ZSH Support 2015-01-12 03:45:48 -05:00
Vladimír Čunát
72d2d59cd4 /etc/ssh/ssh_known_hosts: refactor and fix #5612 
Generating the file was refactored to be completely in nix.
Functionally it should create the same content as before,
only adding the newlines.

CC recent updaters: @aszlig, @rickynils.
 2015-01-11 22:14:25 +01:00
Peter Simons
43bae26b33 Merge pull request #5627 from oxij/update-postfix 
postfix: make 2.11 the default, nixos: update postfix config for 2.11
 2015-01-11 11:28:31 +01:00
Arseniy Seroka
4f596fb93f Revert "zsh: profile-relative functions path" 
This reverts commit 766207ca1d.

We need to solve the problem with `environment.profileRelativeEnvVars`.
The best workaround is to make profileRelativeEnvVars prepend paths.
 2015-01-10 22:11:13 +03:00
Shea Levy
cca8bae86e Merge branch 'rngd-fix' of git://github.com/abbradar/nixpkgs 2015-01-08 09:36:29 -05:00
lethalman
908c47b281 Merge pull request #5550 from abbradar/fprintd 
add fprintd support
 2015-01-08 14:58:22 +01:00
William A. Kennington III
dd7efcbf36 java: More default cleanups 2015-01-07 14:55:41 -08:00
William A. Kennington III
c82410eeda java: Normalize to the default jre / jdk 2015-01-07 14:55:41 -08:00
William A. Kennington III
9a7766e054 nixos/network-interfaces: Add mstpd support for bridges 2015-01-07 14:49:24 -08:00
Peter Simons
24f5b2a1a0 Merge pull request #5619 from oxij/various-changes-2 
Various (hopefully) small changes
 2015-01-07 16:59:10 +01:00
Jan Malakhovski
265c1c1472 postfix: make 2.11 the default, nixos: update postfix config for 2.11 
postfix 2.11 is much more humane with respect to disk writes since it uses
sockets (which do not change inodes on accesses) instead of fifos (which do).
 2015-01-07 15:43:32 +00:00
Jan Malakhovski
b6646f7ba7 nixos: make zsh use fcntl for locking history files by default 
Without this zsh creates and then unlinks .lock files at each interactive
input line, which is inhumane with respect to disk.
 2015-01-07 15:43:01 +00:00
j-keck
3ced0d94ac doc: use postgresql94 
update postgresql module doc to use postgresql94 (was postgresql93)
 2015-01-07 13:21:18 +01:00
William A. Kennington III
20d2092ff8 nixos/base: Add efi management utilities 2015-01-07 01:52:47 -08:00
Russell O'Connor
d1a58ef7c6 google-compute-image.nix: Try to download all SSH host keys from metadata server. 2015-01-06 12:06:54 -05:00
Nikolay Amiantov
dbc0395b2b nixos/rngd: some fixes 2015-01-06 17:27:07 +03:00
Domen Kožar
c876f7a25d document options to nixos-install script 2015-01-06 14:49:24 +01:00
Nikolay Amiantov
2aaeacc579 nixos/modprobe: wrap all of kmod 2015-01-06 16:39:00 +03:00
Russell O'Connor
3251948029 Generate SSH host public key from the private key. 2015-01-05 15:20:55 -05:00
Russell O'Connor
d1cbbff1e3 Call wget directly in fetch-ssh-keys service. 2015-01-05 15:20:55 -05:00
Russell O'Connor
6382e16014 google-compute-image.nix: unconditionally clean up /root/key.pub /root/authorized-keys-metadata 2015-01-05 15:18:02 -05:00
Russell O'Connor
b19ab1f046 google-comute-image.nix: set umask 077 when downloading private keys from the metadata server. 2015-01-05 15:01:49 -05:00
Russell O'Connor
e548a4330d google-compute-image.nix: use internal google NTP server. 2015-01-05 12:45:23 -05:00
Peter Simons
ea94a6d653 nixos/modules/services/misc/nix-daemon.nix: document meaning of '0' for the buildCores attribute 2015-01-05 15:38:08 +01:00
Rob Vermaas
c5caa853ec dd-agent: set SSL_CERT_FILE for dogstatsd. 
(cherry picked from commit c67204dec2)
 2015-01-05 13:15:22 +01:00
Eelco Dolstra
ae7d79cd61 Fix some bad gids 
Issue #3727.
 2015-01-05 11:58:17 +01:00
Rob Vermaas
bc09e53343 Minor fixes to EC2 image generation script. Set autoresponder, so no interaction is necessary. Write output in a format that can be easily included in ec2-amis.nix of nixops. 
(cherry picked from commit 96904915d9)
 2015-01-05 09:35:48 +01:00
Rob Vermaas
1a4164b71d Use nixos-images bucket for GCE images. 
(cherry picked from commit bdd3a3bac8)
 2015-01-05 09:35:42 +01:00
Rob Vermaas
357f6a2c97 Fixes for script that builds and uploads EC2 s3 backed images. Mostly credential related. 
(cherry picked from commit 42c0bc4b8f)
 2015-01-05 09:35:38 +01:00
Rob Vermaas
ea9530b5c7 Fix GCE image build. 
(cherry picked from commit 98af87cd4a)
 2015-01-05 09:35:35 +01:00
Khalid Jebbari
b385d14b81 Fix typo in recursive set example 2015-01-04 19:28:16 +01:00
Khalid Jebbari
1d3a592ae0 Bad name for the NixOS download page 2015-01-04 18:33:30 +01:00
Domen Kožar
79a51b0cf3 Add Type information into manual and manpages, fixes #4600 2015-01-04 15:41:32 +01:00
William A. Kennington III
8ec82fcb18 nixos/samba: Allow package version setting 2015-01-03 21:45:16 -08:00
Kirill Elagin
766207ca1d zsh: profile-relative functions path 
This is needed mostly for autocompletion.
 2015-01-04 02:02:59 +03:00
Nikolay Amiantov
a164a0b4c5 nixos/fprintd: add service and pam support 2015-01-03 19:50:40 +03:00
Domen Kožar
3d7ff07258 fix manual 2015-01-03 16:32:07 +01:00
Domen Kožar
1f523bb23d clarify things about hashed passwords and mutableUsers 2015-01-02 17:32:56 +01:00
William A. Kennington III
8627110091 icedtea: Make major version nonspecific attrs 2015-01-02 00:24:49 -08:00
Nicolas B. Pierron
816229593a Merge pull request #5441 from nbp/mkAlias 
modules: Extract mkAliasDefinition from the rename.nix NixOS module.
 2015-01-01 06:59:42 -08:00
Sebastián Bernardo Galkin
24abe2b2b3 Bumblebee config to enable multiple monitors 
Added configurations to `bumblebee` package to easy multiple monitors on Optimus
machines.

The behaviour of the default `bumblebee` package hasn't change, so this change
is backwards compatible. Users who want to connect a monitor to their discrete
card should use the package `bumblebee_display` instead.

Also added new configuration option to nixos bumblebee module:

```
hardware.bumblebee.connectDisplay = true
```

will enable the new configuration, but the default is still false.
 2014-12-30 19:17:42 -08:00
Charles Strahan
94dd4b9721 ruby: WIP 2014-12-30 21:05:00 -05:00
Eelco Dolstra
c2af4f3ea8 Tweak 2014-12-31 01:29:05 +01:00
Vladimír Čunát
13d5f305da nixos/doc release notes: mention intel GPU driver 
(cherry picked from commit 3865ab9e69)
 2014-12-31 01:29:05 +01:00
aszlig
d137ff33e2
nixos/release-notes: Fix typo in VirtualBox notes. 
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-12-30 23:42:14 +01:00
Eelco Dolstra
3370ee6a13 Document small channels 2014-12-30 22:31:27 +01:00
Eelco Dolstra
cf1d9ed317 Release notes tweak 2014-12-30 18:43:13 +01:00
Eelco Dolstra
4df1ca0875 Sort stuff 2014-12-30 18:43:13 +01:00
Eelco Dolstra
512d788a68 Create AMIs in the lb-nixos account 2014-12-30 18:32:45 +01:00
Eelco Dolstra
adf62ba9c1 Drop reference to obsolete ControlGroupAttribute option 2014-12-30 18:32:05 +01:00
Eelco Dolstra
c502369a23 Release notes 2014-12-30 18:25:02 +01:00
Eelco Dolstra
5f2d5fcc12 Release date 2014-12-30 18:12:52 +01:00
Eelco Dolstra
e62cb5585d Merge pull request #5507 from DamienCassou/systemd-user-timers 
Add systemd.user.timers
 2014-12-30 15:40:43 +01:00
Damien Cassou
dcc93abe74 Add systemd.user.timers 2014-12-30 05:46:36 +01:00
Tobias Geerinckx-Rice
c64257b8e5 Fix user-facing typos (mainly in descriptions) 2014-12-30 03:31:03 +01:00
Jaka Hudoklin
1b19b7a3bf Merge pull request #5491 from offlinehacker/cadvisor 
Add cadvisor package and nixos module
 2014-12-29 17:58:43 +01:00
Shea Levy
9245516b46 gummiboot-builder.py: run nix with no build-users-group 
During install, the bootloader script gets run inside a chroot after the
/etc/group bind-mount is unmounted. Since we're not doing any building,
this should be safe, but really nix should just not care if the group
does not exist when no build is needed.

Fixes #5494
 2014-12-29 07:09:10 -05:00
Ricardo M. Correia
1d44322d53 grsecurity: Update stable and test patches 
stable: 3.0-3.14.27-201412211908 -> 3.0-3.14.27-201412280859
test:   3.0-3.17.7-201412211910  -> 3.0-3.18.1-201412281149
 2014-12-29 03:00:47 +01:00
Matej Cotman
9eb24c72ff systemd: fix permissions on /var/log/journal 2014-12-28 22:37:50 +01:00
Charles Strahan
145733c479 Merge branch 'master' of github.com:nixos/nixpkgs into pleasant-ruby 
Conflicts:
	pkgs/applications/version-management/redmine/default.nix
	pkgs/development/interpreters/ruby/gem.nix
	pkgs/development/interpreters/ruby/generated.nix
	pkgs/development/interpreters/ruby/patches.nix
	pkgs/development/tools/vagrant/default.nix
	pkgs/servers/consul/default.nix
 2014-12-28 14:29:52 -05:00
Domen Kožar
43af22b2de Merge pull request #5487 from luke-clifton/lc-btsync-group 
btsync groups
 2014-12-28 20:25:13 +01:00
Charles Strahan
4ed847d81d redmine: fix use of bundler 2014-12-28 14:22:11 -05:00
Jaka Hudoklin
b6198f08e3 nixos: add cadvisor service 2014-12-28 20:21:41 +01:00
Eelco Dolstra
ea9d391bb5 Fix ntpd 
Since the 4.2.8 upgrade, ntpd is broken on NixOS:

  Dec 28 19:06:54 hagbard ntpd[27723]: giving up resolving host 1.nixos.pool.ntp.org: Servname not supported for ai_socktype (-8)

This appears to be because DNS resolution doesn't work in chroots
anymore (due to /etc being missing). So disable chroots for now. It's
probably better to use systemd's containment facilities anyway.
 2014-12-28 19:38:45 +01:00
Alexander Kjeldaas
da1f8578b0 Eradicate gzip -9 without -n 2014-12-28 13:45:27 +01:00
Luke Clifton
3c8914f94e Changed group id to match user id 2014-12-28 19:47:12 +08:00
Luke Clifton
b625c3dd4b Added group id to ids.nix 2014-12-28 18:10:02 +08:00
Vladimír Čunát
61d9f06760 fix a typo from 2627198b0c 2014-12-28 10:44:50 +01:00
Luke Clifton
0c477eb38f Documentation update 2014-12-28 17:26:59 +08:00
Luke Clifton
61ff1b2b0a Moved UMask to correct location 2014-12-28 16:44:27 +08:00
Luke Clifton
5fdd6f6a66 Change umask 2014-12-28 16:39:56 +08:00
William A. Kennington III
2627198b0c nixos/firewall: Add ipset utility 2014-12-28 00:04:49 -08:00
Luke Clifton
5866a9df03 added group 2014-12-28 13:23:10 +08:00
Luke Clifton
fabcc2cf7b Added btsync group to btsync user 2014-12-28 13:17:37 +08:00
Vladimír Čunát
3c050d00a5 upower: use newer version by default 
Tested on KDE4, fixed with xfce, and was used with GNOME before.
CC @lethalman.

I did not test e19, as it won't build, probably due to #5392 @shlevy.
CC maintainer @matejc.

Also removed a forgotten unused patch.
 2014-12-27 22:46:46 +01:00
Domen Kožar
ec5fcfa82c network-manager: specify full path to sytemctl binary 
(cherry picked from commit af8f76c256)
Signed-off-by: Domen Kožar <domen@dev.si>
 2014-12-27 11:53:07 +01:00
Bjørn Forsman
0a8623d6a9 nixos/munin: add /var/setuid-wrappers to PATH 
/var/setuid-wrappers is an extension of the system profile, so it
belongs in PATH for the munin service.
 2014-12-25 15:43:51 +01:00
aszlig
c7e3ddf7ff
nixos/synergy: Fix use of the "optional" function. 
Commit 939edb1 reintroduced autoStart, but instead of creating a list of
units for the wantedBy list with optional it became a list of lists of
units.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-12-24 12:35:57 +01:00
Domen Kožar
a4961f09f6 Merge pull request #5390 from abbradar/nixos-isntall 
nixos-install: fix -I flag
 2014-12-23 18:15:14 +01:00
Nicolas B. Pierron
d7f29acd48 modules: Extract mkAliasDefinition from the rename.nix NixOS module. 2014-12-22 22:38:38 +01:00
Igor Pashev
2b91b9b594 Strongswan: updown script uses ip and iptables utilities 2014-12-22 20:20:52 +00:00
Luca Bruno
79209e30b5 nixos: Add -verbose to xserverArgs example 2014-12-22 21:01:12 +01:00
lethalman
50789593df Merge pull request #5346 from svenkeidel/disable-xserver-verbose-logging 
disable verbose logging for XServer, fixes #4333
 2014-12-22 20:59:06 +01:00
Benno Fünfstück
914b76bad4 services.mpd: use systemd's user option 
For some reason, mpd fails to open the sound card if using mpd's user
option. Starting mpd directly as the mpd user works for me.
 2014-12-22 11:22:14 +00:00
lethalman
d0fdad5f36 Merge pull request #5419 from ehmry/tox-bootstrapd 
tox-bootstrapd
 2014-12-22 11:16:44 +01:00
Nicolas B. Pierron
6a7971bee7 Merge pull request #5416 from nbp/nixos-option-include 
nixos-option: Support -I option
 2014-12-21 15:11:11 -08:00
Nicolas B. Pierron
e4fb4168fc Merge pull request #5415 from nbp/nixos-options-submodules 
nixos-option: Handle submodules
 2014-12-21 15:10:46 -08:00
Nicolas B. Pierron
91cc22e841 Merge pull request #5405 from nbp/nixos-options-derivation 
nixos-option: Print the outPath of derivation for option values.
 2014-12-20 16:51:49 -08:00
Nicolas B. Pierron
c231506b5a Merge pull request #5362 from nbp/update-channels 
Add a script to add git branches for each channel.

To create / update references to remote / local channels, you have to run `./maintainers/scripts/update-channel-branches.sh` while you are at the top-level of nixpkgs work directory.  To make this convenient for Nixpkgs / NixOS developer, one can run the following command:

```
$ git config --add alias.fetch-channels '!sh -c "$(git rev-parse --show-cdup)maintainers/scripts/update-channel-branches.sh"'
```

Which will register the alias fetch-channels such that the script can used from sub-directory of nixpkgs by running `git fetch-channels`.
 2014-12-20 16:49:18 -08:00
Nicolas B. Pierron
974edc5056 nixos-option: Use <nixpkgs/nixos> instead of <nixpkgs>. 2014-12-21 01:33:06 +01:00
Emery Hemingway
01910e84f9 nixos: tox-bootstrapd service 2014-12-20 18:20:27 -05:00
Nicolas B. Pierron
82a5f54c0d nixos-option: Support -I option. 2014-12-20 20:30:19 +01:00
Nicolas B. Pierron
c9682a22ff nixos-option: Produce nicer error messages in case of typos. 2014-12-20 19:52:28 +01:00
Nicolas B. Pierron
640428d3c5 nixos-option: Handle 'attrsOf submodule' options. 2014-12-20 19:16:43 +01:00
Nicolas B. Pierron
cd2f7ce9f9 nixos-option: Improve error messages to avoid reporting internal location and traces. 2014-12-19 23:00:52 +01:00
Nicolas B. Pierron
b2abfe54b3 nixos-option: Print derivation outPath within attribute sets and list, when the strict mode is used. 2014-12-19 23:00:00 +01:00
Nicolas B. Pierron
9db6a84f0b nixos-option: Print the outPath of derivation for option values. 2014-12-19 22:33:24 +01:00
Eelco Dolstra
80a85541d5 Typo 2014-12-19 14:38:33 +01:00
Eelco Dolstra
5ad3a02938 Shut up a warning from udev 
Issue #5260.
 2014-12-19 14:37:50 +01:00
Mathijs Kwik
6e728a42ec virtualisation.qemuNetworkingOptions -> virtualisation.qemu.networkingOptions 2014-12-19 11:59:00 +01:00
Mathijs Kwik
6cdacdd4a2 nixos/qemu-vm: make networking options configurable 2014-12-19 08:52:06 +01:00
wmertens
a8c726da56 Merge pull request #5378 from benley/mesos 
mesos-slave: add config option for slave attributes
 2014-12-19 08:10:07 +01:00
Evgeny Egorochkin
87610ca0fd kde4: enable akonadi by default 2014-12-19 08:59:22 +02:00
Evgeny Egorochkin
939edb1873 synergy: restore autostart option. 
closes #5334
 2014-12-19 08:25:23 +02:00
Evgeny Egorochkin
9225af50d0 resurrect torsocks-faster 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
eb0874d5ff rename torify to tsocks, to avoid name clashes and make it clear which wrapper library is used 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
633cc58d5c torsocks: enable by default if tor client functionality is enabled 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
824b3b1a99 tor: restore the Privoxy setup, but configure the system Privoxy instead of running a separate instance. 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
1fe5314dc5 tor: restore strong circuit isolation 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
da118cf60b Revert "nixos: Remove torify module" 
tsocks is still useful because it's less strict

This reverts commit 1b26faeb69.
 2014-12-19 08:05:41 +02:00
Benjamin Staffin
c47cefd05e nixos/mesos: Parameterize mesos slave attributes 
Added attributes to nixos/tests/mesos.nix to verify that mesos-slave
attributes work. If the generated attributes are invalid, the daemon
should fail to start.

Change-Id: I5511245add30aba658b1af22cd7355b0bbf5d15c
 2014-12-18 14:47:24 -08:00
aszlig
efb2b27a8f
nixos: Add VBox hardening to 14.12 release notes. 
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-12-18 22:58:37 +01:00
wmertens
5f7530a1d7 zfs hostId: Instructions to derive from machine-id 2014-12-18 22:52:29 +01:00
Nicolas B. Pierron
9334085e80 update-channel-branches.sh: Add verbosity to improve the user experience, and update NixOS documentation. 2014-12-18 22:25:21 +01:00
Nikolay Amiantov
22eb0e22d3 nixos-install: fix -I flag 2014-12-18 22:43:40 +03:00
aszlig
f7384b8c75
nixos/virtualbox: Revert disable hardening. 
This reverts commit 5d67b17901.

The issues have been resolved by ac603e208c.

Tested this with hostonlyifs and USB support with extension pack.

Conflicts:
	nixos/modules/programs/virtualbox-host.nix

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>
 2014-12-18 18:18:32 +01:00
Eelco Dolstra
63c14e259d ssh-agent: Don't have a timeout by default 
IMHO, having a short timeout (1h) defeats the point of using
ssh-agent, which is not to have to retype passphrases all the time. Of
course, users who want timeouts can set programs.ssh.agentTimeout.

This restores the 14.04 behaviour.
 2014-12-18 15:34:29 +01:00
Eelco Dolstra
bf0f2adbeb Fix container test 
http://hydra.nixos.org/build/17989795
 2014-12-18 14:18:53 +01:00
aszlig
d45649b415
nixos/tests/virtualbox: Disable debug logging. 
Especially if the user isn't in the vboxusers group anymore, this gets
VERY noisy, because the VBoxSVC process emits warnings for every single
USB device noting that it's only possible to access it when the user is
in the vboxusers group.

So, we now have a debug attribute, where we can enable it when
necessary.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-12-18 14:06:13 +01:00
aszlig
ef691d5c30
nixos/tests/virtualbox: Don't use vboxusers group. 
At least when we're running in hardening mode, because it's needed there
only for USB support.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-12-18 14:06:13 +01:00
aszlig
2af435b5cd
nixos/tests/blivet: Fix by avoiding "nix-store". 
The "nix-store" command within the VM test is running without
NIX_REMOTE=daemon and since Nix 1.8 tries to open the store database in
read-write mode even for nix-store -qR.

Now, we're doing this properly and rely on setup hooks, which is the
same method that's used when you're building a library which depends on
blivet.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-12-18 14:06:13 +01:00