Commit graph

959 commits

Author SHA1 Message Date
Austin Seipp
4f27ad14a1 grsec: refactor grsecurity packages
This now provides a handful of different grsecurity kernels for slightly
different 'flavors' of packages. This doesn't change the grsecurity
module to use them just yet, however.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:43 -05:00
Austin Seipp
92abc4c610 kernel: enable AppArmor by default
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp
2558fa587b Merge pull request #2629 from letac/master
Phabricator, a web application, snapshot of 2014-05-12
2014-05-14 14:57:36 -05:00
lethalman
8967d2d3b3 Merge pull request #2301 from bjornfor/graphite-fixes
nixos/graphite-service: fix startup
2014-05-14 21:44:43 +02:00
Athan Clark
5fc3df831c Simple typo 2014-05-13 10:35:57 -06:00
lethalman
8051101362 Merge pull request #2375 from lethalman/gnome3
gtkhtml, evolution, gnome-photos, gnome-clocks, zeitgeist, bijiben
2014-05-13 12:04:11 +02:00
Corey O'Connor
5112e6476b resolve issue #2308 2014-05-13 11:11:34 +02:00
Strahinja Popovic
25e0d51a67 Phabricator, a web application, snapshot of 2014-05-12 2014-05-12 19:59:40 +02:00
Wout Mertens
c927cee2c3 dhcpcd: Allow adding hook code 2014-05-12 15:03:42 +02:00
Rob Vermaas
7d3dcd9a8c Set console=ttyS0 for Amazon EC2 instances, as suggested by Amazon. 2014-05-12 12:29:04 +02:00
Emery Hemingway
c96d5fe170 nixos: f2fs filesystem module support (close #2085) 2014-05-11 13:53:26 +02:00
mornfall
456ef924ba Merge pull request #2497 from aristidb/sudo_terminfo
sudo: env_keep TERMINFO for urxvt
2014-05-10 19:34:14 +02:00
Rickard Nilsson
b87b6870f8 When auto-formatting ext devices, use the -F flag to make it work with unpartioned disks 2014-05-09 16:49:03 +02:00
Eelco Dolstra
253bbb8e2b nixos-container: Ensure umask 022
Fixes #2585.
2014-05-09 13:26:02 +02:00
Eelco Dolstra
1c4fd9b25d nixos-install: Run in a separate UTS namespace
This prevents the activation script from clobbering our hostname.
2014-05-09 13:25:53 +02:00
Eelco Dolstra
c06786759c /var/run -> /run 2014-05-09 00:52:02 +02:00
Eelco Dolstra
61bdad6775 nixos-install: Don't bind-mount all of /etc
We only need a copy of /etc/resolv.conf for networking, and
/etc/{passwd,group} for building.
2014-05-09 00:52:02 +02:00
Eelco Dolstra
3ef8d6ad5c nixos-install: Add operation --chroot
"nixos-install --chroot" runs a command (by default a login shell) in
a chroot inside the NixOS installation in /mnt. This might useful for
poking around a new installation.
2014-05-09 00:52:02 +02:00
Eelco Dolstra
4fc151b5a3 nixos-install: Ask the user to set a root password
This removes the need to have an initially empty root password.
2014-05-09 00:52:02 +02:00
Eelco Dolstra
8919d736a0 nixos-install: Don't copy the bootstrap Nix if it's already there
This makes re-running nixos-install a bit faster.
2014-05-09 00:52:02 +02:00
Eelco Dolstra
22f102cbdc nixos-install: Assume the build user group is "nixbld"
The build user group is always "nixbld", so no need to detect it.
2014-05-09 00:52:02 +02:00
Eelco Dolstra
171d43ba4f nixos-install: Run in a private mount namespace
This ensures that all mounts are automatically cleaned up.
2014-05-09 00:52:02 +02:00
Eelco Dolstra
e0e656ef46 nixos-install: Don't pass --show-trace by default 2014-05-09 00:51:48 +02:00
Eelco Dolstra
4b7c606589 nixos-generator-config: Don't emit a double / in bind mounts 2014-05-09 00:51:48 +02:00
Eelco Dolstra
dc78ae327c nixos-generate-config: Don't include /var/setuid-wrappers 2014-05-09 00:51:48 +02:00
Eelco Dolstra
91afe9eb8d nixos-generate-config: Use stable device paths (e.g. /dev/disk/by-uuid/X) 2014-05-09 00:51:48 +02:00
Eelco Dolstra
1bd8ced9c0 Don't enable the NVIDIA driver by default because it's unfree 2014-05-09 00:51:48 +02:00
Vladimír Čunát
2aa3580a5e nixos-generate-config.pl: add new PCI IDs for broadcom_sta
The last ID wasn't in official README,
but it was reported by third3ye on IRC.
2014-05-08 15:24:41 +02:00
Eelco Dolstra
30180e8a24 Fix incorrect comment 2014-05-08 12:29:59 +02:00
Eelco Dolstra
fae135b871 Installer test: Increase amount of RAM
On x86_64, 384 MB is not enough anymore for running "nix-env -i".

http://hydra.nixos.org/build/10865007
2014-05-07 18:24:15 +02:00
Eelco Dolstra
333bfe16c4 Containers: Support setting up macvlan interfaces
By setting a line like

  MACVLANS="eno1"

in /etc/containers/<name>.conf, the container will get an Ethernet
interface named mv-eno1, which represents an additional MAC address on
the physical eno1 interface. Thus the container has direct access to
the physical network. You can specify multiple interfaces in MACVLANS.

Unfortunately, you can't do this with wireless interfaces.

Note that dhcpcd is disabled in containers by default, so you'll
probably want to set

  networking.useDHCP = true;

in the container, or configure a static IP address.

To do: add a containers.* option for this, and a flag for
"nixos-container create".
2014-05-07 17:53:57 +02:00
Eelco Dolstra
6f7aaf10a5 Containers: Use systemd-nspawn's --network-veth flag
Note that this causes the name of the host-side interface to change
from c-<name> to ve-<name>.
2014-05-07 17:53:57 +02:00
Eelco Dolstra
810680bcae Containers: Use systemd-nspawn's --keep-unit flag
This gets rid of some redundant scopes/slices.
2014-05-07 17:53:57 +02:00
Eelco Dolstra
5bfe944907 Don't run hwclock if /dev/rtc doesn't exist
E.g. on EC2 instances.

Backport: 14.04
2014-05-05 16:47:51 +02:00
Eelco Dolstra
4a08f37206 Don't start getty@tty1 on headless machines (like EC2)
Backport: 14.04
2014-05-05 16:47:36 +02:00
Eelco Dolstra
bac68f9747 switch-to-configuration: Honour RefuseManualStop
This prevents spurious errors about systemd-tmpfiles-setup.service.

Backport: 14.04
2014-05-05 16:46:58 +02:00
Rob Vermaas
d056d1d37b Fix users.*.extraGroups for users.mutableUsers = true.
(cherry picked from commit eb222923054fdc895ab73ff5d0260c1e1fc689c7)
2014-05-05 15:35:16 +02:00
Aristid Breitkreuz
204fc0a397 sudo: env_keep TERMINFO for urxvt 2014-05-04 14:42:16 +02:00
Luca Bruno
4ca985a7e3 bijiben: new package
Note editor designed to remain simple to use

https://wiki.gnome.org/Apps/Bijiben
2014-05-02 17:43:18 +02:00
Luca Bruno
b3fe998fdb gnome-clocks: new package
Clock application designed for GNOME 3

https://wiki.gnome.org/Apps/Clocks
2014-05-02 16:04:57 +02:00
Luca Bruno
fbfccea0e8 geoclue2: add dbus service 2014-05-02 16:04:57 +02:00
Luca Bruno
4229053cb0 gnome-photos: new package
Photos is an application to access, organize and share your photos with GNOME 3

https://wiki.gnome.org/Apps/Photos
2014-05-02 16:04:57 +02:00
Luca Bruno
d6206ccceb evolution: new package
Personal information management application that provides integrated mail,
calendaring and address book functionality

https://wiki.gnome.org/Apps/Evolution
2014-05-02 16:04:57 +02:00
Michael Raskin
eef9a8ac2a On my system OpenGL with bumblebee seems to require libudev in LD_LIBRARY_PATH. Fix that, fix bumblebee module loading and make the socket group configurable 2014-05-02 14:32:47 +04:00
Austin Seipp
368a677c97 nixos: overhaul datadog module
This overhauls the Datadog module a bit to be much more useful. In
particular, it adds support for nginx and postgresql monitoring
integrations to dd-agent. These have to exist in separate files under
/etc/dd-agent, so the module just exposes then as separate options. In
the future, more integrations could be added this way.

In the process of doing this, I also had to rename the dd-agent user to
datadog. Note the UIDs did not change, so this is strictly backwards
compatible. The reason for this is to make it easier to create a
'datadog' postgres user with access to pg_stats, as 'dd-agent' typically
isn't a valid username. This allows the out of the box configurations to
be used.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-02 01:24:35 -05:00
Austin Seipp
b553d11616 btsync: Default to no login/password for the Web UI
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-02 00:41:47 -05:00
Austin Seipp
8946e91fad btsync: remove unneeded assertion
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-01 17:00:49 -05:00
Domen Kožar
1a501134e8 Merge pull request #2467 from lethalman/release-notes
Added gnome 3.10 to the release notes
2014-05-01 18:37:08 +02:00
Luca Bruno
ea1a9445bb Added gnome 3.10 to the release notes 2014-05-01 18:32:28 +02:00
Shea Levy
e4630c1d41 grub: Allow setting the boot root explicitly
If /boot is a btrfs subvolume, it will be on a different device than /
but not be at the root from grub's perspective. This should be fixed in
a nicer way by #2449, but that can't go into 14.04.
2014-05-01 10:56:55 -04:00