Commit graph

228 commits

Author SHA1 Message Date
Wael Nasreddine
f072cfe1eb
nixos/pam: refactor U2F, docs about u2f_keys path (#54756)
* change enableU2F option to u2f.* set
* add few u2f options (not all) to customize pam-u2f module
* document default u2f_keys locations

Co-authored-by: Tomasz Czyż <tomasz.czyz@gmail.com>
Co-authored-by: Arda Xi <arda@ardaxi.com>
2019-01-29 08:45:26 -08:00
(cdep)illabout
46ecec8239
nixos/cpufreq: Remove the alias to set the cpu frequency governor
This PR temporarily fixes the issue with PR 53041 as explained
here:

https://github.com/NixOS/nixpkgs/pull/53041#commitcomment-31825338

The alias `powerManagement.cpufreq.governor` to
`powerManagement.cpuFreqGovernor` has been removed.
2019-01-03 20:57:49 +09:00
(cdep)illabout
b0f10d2d53
cpufreq: add option for setting the cpu max and min frequencies
This adds a NixOS option for setting the CPU max and min frequencies
with `cpufreq`.  The two options that have been added are:

- `powerManagement.cpufreq.max`
- `powerManagement.cpufreq.min`

It also adds an alias to the `powerManagement.cpuFreqGovernor` option as
`powerManagement.cpufreq.governor`.  This updates the installer to use
the new option name.  It also updates the manual with a note about
the new name.
2019-01-01 19:18:12 +09:00
Kier Davis
de009133d4
ckb-next: move option renames to nixos/modules/rename.nix for consistency 2018-11-06 00:50:00 +00:00
Eric Wolf
1b4e3103bf nixos/ddclient: fix #49258 2018-10-30 22:18:59 +01:00
Johan Thomsen
a91c293aaf kubernetes: 1.11.3 -> 1.12.0
- kubelet CAdvisor port has been removed
2018-09-30 14:49:26 +02:00
Jan Malakhovski
0f3b89bbed nixos: doc: move non-service parts of service.nixosManual to documentation.nixos 2018-09-23 20:50:47 +00:00
Eelco Dolstra
c251ec691a
virtualization.growPartition -> virtualisation.growPartition
There never was a 'virtualization.growPartition'. This got messed up
in eddf30cc93.

Issue #36590.
2018-08-28 14:24:39 +02:00
Bas van Dijk
551fec4467 Merge branch 'master' into es6 2018-08-23 23:41:27 +02:00
Jörg Thalheim
43595c7884 zfsLegacyCrypto: remove
This package was only mandatory for migration for people on zfsUnstable
in nixos unstable.
2018-08-13 19:53:50 +02:00
Sander van der Burg
9748d7c60b nixos/disnix: undo dysnomia rename to fix disnix and retain compatibility with previous release 2018-08-06 01:25:38 +02:00
Jörg Thalheim
13db07a092 logstash: update default version to v6 2018-08-03 12:06:45 +01:00
Tuomas Tynkkynen
cad1c18743 nixos/rename: Add temporary aliases for the system.nixos.* rename revert
See the previous commit for motivation.
2018-07-28 00:12:55 +03:00
Tuomas Tynkkynen
96190535e5 Revert "nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1"
This reverts commit 095fe5b43d.

Pointless renames considered harmful. All they do is force people to
spend extra work updating their configs for no benefit, and hindering
the ability to switch between unstable and stable versions of NixOS.

Like, what was the value of having the "nixos." there? I mean, by
definition anything in a NixOS module has something to do with NixOS...
2018-07-28 00:12:55 +03:00
patternspandemic
d9d9200496
nixos/neo4j: Update module, make compatible with neo4j 3.4 2018-07-12 19:28:40 -07:00
volth
88939a1949 nixos: remove option services.xserver.desktopManager.xfce.screenLock 2018-07-12 01:45:41 +00:00
Jörg Thalheim
d63cb0695f
Merge pull request #42133 from markuskowa/pgbackup
nixos/pgbackup: Fix and refactor the postgres backup module
2018-06-20 22:21:52 +01:00
Markus Kowalewski
6dc06fdd28
nixos/pgbackup: rename option period -> startAt 2018-06-20 17:58:48 +02:00
Johan Thomsen
f9ad1cae78 nixos/kubernetes: dashboard lockdown
Kubernetes dashboard currently has cluster admin permissions,
which is not recommended.

- Renamed option "services.kubernetes.addons.dashboard.enableRBAC" to "services.kubernetes.addons.dashboard.rbac.enable"
- Added option "services.kubernetes.addons.dashboard.rbac.clusterAdmin", default = false.
- Setting recommended minimal permissions for the dashboard in accordance with https://github.com/kubernetes/dashboard/wiki/Installation
- Updated release note for 18.09.
2018-06-19 22:28:00 +02:00
Johan Thomsen
8d7ea96a13 nixos/kubernetes: improvements
- Added option 'cni.configDir' to allow for having CNI config outside of nix-store
  Existing behavior (writing verbatim CNI conf-files to nix-store) is still available.

- Removed unused option 'apiserver.publicAddress' and changed 'apiserver.address' to 'bindAddress'
  This conforms better to k8s docs and removes existing --bind-address hardcoding to 0.0.0.0

- Fixed c/p mistake in apiserver systemd unit description

- Updated 18.09 release notes to reflect changes to existing options
  And fixed some typos from previous PR

- Make docker images for Kubernetes Dashboard and kube-dns configurable
2018-06-12 22:47:32 +02:00
Maximilian Bosch
aa46b1ec0e nixos/autosuggestions: add module (#41397)
The `zsh-autosuggestions` package provides several configuration options
such as a different highlight style (like `fg=cyan` which is easier to
read).

With `rename.nix` the old `programs.zsh.enableAutosuggestions` is still
functional, but yields the following warning like this during evaluation:

```
trace: warning: The option `programs.zsh.enableAutosuggestions' defined in `<unknown-file>' has been renamed to `programs.zsh.autosuggestions.enable'.
```

The module provides the most common `zsh-autosuggestions` (highlight
style and strategy) as options that will be written into the interactive
shell init (`/etc/zshrc` by default). Further configuration options can
be declared using the `extraConfig` attr set:

```
{
  programs.zsh.autosuggestions.extraConfig = {
    "ZSH_AUTOSUGGEST_BUFFER_MAX_SIZE" = "buffer_size";
  };
}
```

A full list of available configuration options for `zsh-autosuggestions`
can be viewed here: https://github.com/zsh-users/zsh-autosuggestions/blob/v0.4.3/README.md
2018-06-10 23:08:50 +02:00
Peter Hoeg
d5d3184e24 vmware: move from servers to virtualisation where it belongs 2018-05-28 15:24:29 +08:00
Charles Strahan
996849ab86 kubernetes: update to 1.10 2018-05-25 10:50:36 +02:00
Jan Malakhovski
095fe5b43d nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1 2018-05-12 19:27:09 +00:00
jD91mZM2
6c4c36fcbc
NetworkManager: add noDns option 2018-05-08 13:42:39 +02:00
Joachim F
f442bfc02a
Merge pull request #39048 from oxij/nixos/fix-rename-bugs
nixos: fix rename.nix bugs
2018-04-22 17:46:09 +00:00
Peter Hoeg
740bafa9a0
Merge pull request #36864 from peterhoeg/f/ddclient
nixos ddclient: support multiple domains and run via systemd timer [WIP]
2018-04-19 05:12:29 +00:00
Jan Malakhovski
b57a6e9a5f nixos: rename.nix: fix bugs
Introduced in 286b007bd3 and then
in 2e6b796761.

This a proper fix for what 70c6f6572d tried to do.
Removing the "config" prefix triggers the bug on pure nixos too, not only
on nixops.
2018-04-17 09:05:21 +00:00
Jan Malakhovski
4018d44641 Revert "nixos/version: fix nixops pre 1.6 compatibility"
This reverts commit 70c6f6572d.
2018-04-17 09:05:20 +00:00
Peter Hoeg
642c8a8d8d nixos ddclient: support multiple domains and run via systemd timer
a) Some providers can update multiple domains - support that.

b) Make "zone" and "script" configurable. Some providers require these.

c) Instead of leaving the ddclient daemon running all the time, use a systemd
timer to kick it off.

d) Don't use a predefined user - run everything via DynamicUser

e) Add documentation
2018-04-15 10:17:46 +08:00
Michael Raskin
b07ce1fb74
Merge pull request #38114 from oxij/nixos/doc-module
nixos: doc module
2018-04-05 07:09:32 +00:00
Jan Malakhovski
02da27de52 nixos: dysnomia: move into services subtree 2018-03-30 06:56:12 +00:00
Jan Malakhovski
98fd9b7f86 nixos: doc: introduce documentation config subtree 2018-03-30 06:52:26 +00:00
Jan Malakhovski
6d7854a9a8 nixos: users-groups: cleanup 2018-03-30 06:40:13 +00:00
Franz Pletz
70c6f6572d
nixos/version: fix nixops pre 1.6 compatibility
We should be able to deploy a NixOS 18.03 system with the current nixops
stable release. Some options were renamed, so instead of
`mkRenamedOptionModule` we introduce them as read-only interal options
that won't be rendered in the manual.

Only the options that are needed to make nixops evaluations succeed were
added.

This commit should probably be reverted after or before the 18.09 release,
depending on the nixops 1.6 release.

The user will not get the warning that these have been renamed but
this change is mentioned in the release notes.

Fixes #34253.
2018-03-28 02:30:50 +02:00
WilliButz
f4d03b5c9c
nixos/prometheus-exporters: rewrite and restructure
- prometheus exporters are now configured with
  `services.prometheus.exporters.<name>`
- the exporters are now defined by attribute sets
  from which the options for each exporter are generated
- most of the exporter definitions are used unchanged,
  except for some changes that should't have any impact
  on the functionality.
2018-03-22 14:46:17 +01:00
Florian Jacob
48e449ee70 nixos/piwik: rename to matomo 2018-02-22 22:03:55 +01:00
Jan Malakhovski
2e6b796761 nixos: rename config.system.nixos* -> config.system.nixos.* 2018-02-18 12:56:30 +00:00
Joachim F
faf072166b
Merge pull request #29869 from Nadrieril/syncserver-fup
syncserver service: follow-up of #28189
2018-02-17 10:09:42 +00:00
Jan Malakhovski
0d1a643210 nixos/xen-dom0: add related packages, make it play well with them
This is a custom attribute set example of `relatedPackages` option usage.
2018-02-09 19:51:07 +00:00
rnhmjoj
4ebb9621f4
Revert "nixos/dnscrypt-proxy: remove"
This reverts commit 5dc2853981.
The project has a new maintainer.
2018-01-08 15:09:33 +01:00
Joachim Fasting
5dc2853981 nixos/dnscrypt-proxy: remove
The upstream project ceased.

See https://github.com/NixOS/nixpkgs/issues/33540
2018-01-07 17:00:32 +01:00
zimbatm
eddf30cc93
nixos: introduce boot.growPartition (#33521)
Move it from being a profile
2018-01-06 13:52:51 +00:00
Graham Christensen
b5a61f2c59
Revert "nixos: doc: implement related packages in the manual" 2017-12-23 07:19:45 -05:00
Arseniy Seroka
36e02645eb
Merge pull request #32424 from oxij/nixos/related-packages
nixos: doc: implement related packages in the manual
2017-12-23 03:34:58 +03:00
volth
363cdde475 nixos/libvirt: remove 'virtualisation.libvirtd.enableKVM' option 2017-12-21 03:56:41 +00:00
Nadrieril
9f5d779641 Mark services.firefox.syncserver.{user,group} as removed 2017-12-08 22:23:14 +00:00
Jan Malakhovski
3be0e1bd72 nixos/xen-dom0: add related packages, make it play well with them 2017-12-07 21:27:32 +00:00
rnhmjoj
13bb5ff402
nixos/xserver: fix X.org session script logging 2017-11-27 11:29:37 +01:00
joachim schiele
61089ddcee opendkim: automated key generation (no manual changes for service initialization required anymore) 2017-10-23 15:53:55 +02:00
Franz Pletz
3df126dbf7
nixos/modules: clean up wireless firmware options
All available options were just enabling
hardware.enableRedistributableFirmware. There were nix files without
modules which weren't referenced anywhere.
2017-10-07 01:48:02 +02:00
Jörg Thalheim
1ecf3e862f zfsUnstable: init at 2017-09-12 2017-09-15 17:59:37 +02:00
Joachim Fasting
268eb4adb7
nixos: purge remaining grsecurity bits
:(

Fixes https://github.com/NixOS/nixpkgs/issues/28859
2017-09-02 20:35:24 +02:00
Michael Weiss
ea23f8bb07 cups service: Automatically detect Gutenprint in drivers
Additional CUPS drivers can be added via "services.printing.drivers" but
Gutenprint was an exception. It was possible to add a Gutenprint
derivation to that list and it would work at first but unlike the other
drivers Gutenprint requires a script to be run after each update or any
attempt to print something would simply fail and an error would show up
in the jobs queue (http://localhost:631/jobs/):
"The PPD version (5.2.11) is not compatible with Gutenprint 5.2.13.
Please run
`/nix/store/7762kpyhfkcgmr3q81v1bbyy0bjhym80-gutenprint-5.2.13/sbin/cups-genppdupdate'
as administrator."
This is due to state in "/var/lib/cups/ppd" and one would need to run
"/nix/store/.../bin/cups-genppdupdate -p /var/lib/cups/ppd" manually.
The alternative was to enable the following option:
"services.printing.gutenprint" but this had two disadvantages:
1) It is an exception that one could be unaware of or that could
potentially cause some confusion.
2) One couldn't use a customized Gutenprint derivation in
"services.printing.drivers" but would instead have to overwrite
"pkgs.gutenprint".

This new approach simply detects a Gutenprint derivation in
"services.printing.gutenprint" by checking if the meta set of a
derivation contains "isGutenprint = true". Therefore no special
exception for Gutenprint would be required and it could easily be
applied to other drivers if they would require such a script to be run.
2017-08-29 05:25:12 +04:00
Joachim F
227697bc67 Merge pull request #28562 from oxij/nixos/i2pd
nixos: i2pd: bits and pieces
2017-08-26 10:07:35 +00:00
SLNOS
b42a107bc6 nixos: i2pd: rename extIp -> address to harmonize with tor 2017-08-25 12:49:10 +00:00
SLNOS
2c4a925ab0 nixos: tor: rename portSpec -> port, type all "port"s properly 2017-08-22 14:57:07 +00:00
SLNOS
9226f4886f nixos: tor: more options, no unexpected consequences for default relay operators
Before this commit default relay configuration could produce unexpected
real life consequences. This patch makes those choices explicit and
documents them extensively.
2017-08-22 14:57:06 +00:00
Robin Gloster
2799a94963
zfs, spl: 0.6.5.11 -> 0.7.0 2017-07-27 19:00:54 +02:00
Maximilian Bosch
a549596700
programs.zsh: rename oh-my-zsh to ohMyZsh
This is intended to provide better consistency with other NixOS modules.
Please refer to mayflower/nixpkgs#21 for further information.
2017-05-25 10:51:26 +02:00
Willi Butz
4e4f7a2f66
zsh module: rename option syntax-highlighting
rename zsh-option "syntax-highlighting" -> "syntaxHighlighting"
2017-05-21 01:26:51 +02:00
Maximilian Bosch
0a12aafde4 zsh-syntax-highlighting: Add more configuration options and move to module (#25153)
* programs.zsh: factor zsh-syntax-highlighting out into its own module

* programs.zsh.syntax-highlighting: add `highlighters` option

* programs.zsh: document BC break introduced by moving zsh-syntax-completion into its own module
2017-04-23 21:17:31 +02:00
Thomas Tuegel
03942659ca
nixos/fontconfig: remove renderMonoTTFAsBitmap 2017-04-03 08:24:32 -05:00
Thomas Tuegel
21c9190a5f
nixos/fontconfig: remove forceAutohint option 2017-04-03 08:23:32 -05:00
Vladimír Čunát
c1a9dc3d37
Merge branch 'master' into staging 2017-03-23 13:31:28 +01:00
Thomas Tuegel
a96e047b31
nixos/sddm: replace themes option with package option 2017-03-22 07:44:55 -05:00
Frederik Rietdijk
94eb74eaad Merge remote-tracking branch 'upstream/master' into HEAD 2017-03-21 13:04:37 +01:00
Thomas Tuegel
1b0d9e9ae6 Merge pull request #23819 from ttuegel/freetype
FreeType 2.7.1 and Fontconfig defaults
2017-03-20 11:43:50 -05:00
Franz Pletz
8ab2d2ee27
rmilter service: support only one socket 2017-03-17 23:00:34 +01:00
Thomas Tuegel
65592837b6
freetype: 2.6.5 -> 2.7.1
The Infinality bytecode interpreter is removed in favor of the new v40 TrueType
interpreter. In the past, the Infinality interpreter provided support for
ClearType-style hinting instructions while the default interpreter (then v35)
provided support only for original TrueType-style instructions. The v40
interpreter corrects this deficiency, so the Infinality interpreter is no longer
necessary.

To understand why the Infinality interpreter is no longer necessary, we should
understand how ClearType differs from TrueType and how the v40 interpreter
works. The following is a summary of information available on the FreeType
website [1] mixed with my own editorializing.

TrueType instructions use horizontal and vertical hints to improve glyph
rendering. Before TrueType, fonts were only vertically hinted; horizontal hints
improved rendering by snapping stems to pixel boundaries. Horizontal hinting is
a risk because it can significantly distort glyph shapes and kerning. Extensive
testing at different resolutions is needed to perfect the TrueType
hints. Microsoft invested significant effort to do this with its "Core fonts for
the Web" project, but few other typefaces have seen this level of attention.

With the advent of subpixel rendering, the effective horizontal resolution of
most displays increased significantly. ClearType eschews horizontal hinting in
favor of horizontal supersampling. Most fonts are designed for the Microsoft
bytecode interpreter, which implements a compatibility mode with
TrueType-style (horizontal and vertical) instructions. However, applying the
full horizontal hints to subpixel-rendered fonts leads to color fringes and
inconsistent stem widths. The Infinality interpreter implements several
techniques to mitigate these problems, going so far as to embed font- and
glyph-specific hacks in the interpreter. On the other hand, the v40 interpreter
ignores the horizontal hinting instructions so that glyphs render as they are
intended to on the Microsoft interpreter. Without the horizontal hints, the
problems of glyph and kerning distortion, color fringes, and inconsistent stem
widths--the problems the Infinality interpreter was created to solve--simply
don't occur in the first place.

There are also security concerns which motivate removing the Infinality patches.
Although there is an updated version of the Infinality interpreter for FreeType
2.7, the lack of a consistent upstream maintainer is a security concern. The
interpreter is a Turing-complete virtual machine which has had security
vulnerabilities in the past. While the default interpreter is used in billions
of devices and is maintained by an active developer, the Infinality interpreter
is neither scrutinized nor maintained. We will probably never know if there are
defects in the Infinality interpreter, and if they were discovered they would
likely never be fixed. I do not think that is an acceptable situtation for a
core library like FreeType.

Dropping the Infinality patches means that font rendering will be less
customizable. I think this is an acceptable trade-off. The Infinality
interpreter made many compromises to mitigate the problems with horizontal
hinting; the main purpose of customization is to tailor these compromises to the
user's preferences. The new interpreter does not have to make these compromises
because it renders fonts as their designers intended, so this level of
customization is not necessary.

The Infinality-associated patches are also removed from cairo. These patches
only set the default rendering options in case they aren't set though
Fontconfig. On NixOS, the rendering options are always set in Fontconfig, so
these patches never actually did anything for us!

The Fontconfig test suite is patched to account for a quirk in the way PCF fonts
are named.

The fontconfig option `hintstyle` is no longer configurable in NixOS. This
option selects the TrueType interpreter; the v40 interpreter is `hintslight` and
the older v35 interpreter is `hintmedium` or `hintfull` (which have actually
always been the same thing). The setting may still be changed through the
`localConf` option or by creating a user Fontconfig file.

Users with HiDPI displays should probably disable hinting and antialiasing: at
best they have no visible effect.

The fontconfig-ultimate settings are still available in NixOS, but they are no
longer the default. They still work, but their main purpose is to set rendering
quirks which are no longer necessary and may actually be
detrimental (e.g. setting `hintfull` for some fonts). Also, the vast array of
font substitutions provided is not an appropriate default; the default setting
should be to give the user the font they asked for.

[1]. https://www.freetype.org/freetype2/docs/subpixel-hinting.html
2017-03-12 17:31:33 -05:00
Joachim Fasting
c0a8a9205b
nixos/dnscrypt-proxy: inline option renamings
In an effort to make the module more self-contained.
2017-03-10 18:54:51 +01:00
Thomas Tuegel
286b007bd3
nixos/fontconfig: lift some settings out of fontconfig.ultimate 2017-03-04 14:59:24 -06:00
Thomas Tuegel
f21d4d0015
nixos/plasma5: Rename Plasma 5 desktop
- There is no such thing as KDE 5
2017-02-27 11:49:31 -06:00
Bjørn Forsman
b1bfe9d3db nixos: hint about security.setuidOwners/Programs -> security.wrappers
Let users know about the option rename / change during nixos-rebuild
with a useful message instead of an error (with no way forward).
2017-02-15 07:25:33 +01:00
Parnell Springmeyer
9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Nikolay Amiantov
e0e9fddf56 nfsd service: use upstream systemd units
* Use /etc/nfs.conf as the recommended upstream way to configure services.
* Move server options to nfsd module.
2017-02-01 19:47:33 +03:00
Parnell Springmeyer
6777e6f812
Merging with upstream 2017-01-29 05:54:01 -06:00
Gregor Kleen
cc1ebd1db4 locate: enhance mlocate support 2017-01-26 12:57:02 +01:00
Gregor Kleen
114e738e41 locate: better mlocate support & cleanup 2017-01-26 12:56:53 +01:00
Parnell Springmeyer
a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy 2017-01-26 02:00:04 -08:00
Robin Gloster
117e5547d1 Merge pull request #21311 from makefu/services/logstash
services.logstash: default options, examples and address update
2017-01-25 22:11:40 +01:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Nikolay Amiantov
1158eda66a dhcpd service: add DHCPv6 support 2017-01-15 19:38:53 +03:00
makefu
e9c6cf02e6
services.logstash: rename address to listenAddress 2017-01-13 10:19:32 +01:00
Gregor Kleen
9383b2cf34 postgrey: backwards compatability 2017-01-02 18:01:42 +01:00
Robin Stumm
11fe837758 rename sound.enableMediaKeys to sound.mediaKeys.enable and add volumeStep 2017-01-01 11:44:07 +01:00
Nikolay Amiantov
15567e6d8e tarsnap service: fix multiple simultaneous archives with a single key 2016-11-20 19:15:52 +03:00
Nikolay Amiantov
6bb292d42b parsoid service: update, use declarative configuration
Old configuration format is disabled now (it can still be used, but with
additional steps). This is a backwards incompatible change.
2016-11-20 19:12:14 +03:00
Franz Pletz
9e1e3b2880
clamav service: refactor
* Sync systemd units with upstream. Upstream uses SIGUSR2 instead of SIGHUP
  to reload the clamd service.

* Convert freshclam service to a oneshot service activated by a systemd timer.
  This way we can make clamd wait for freshclam to finish fetching the virus
  database before failing to start if the database doesn't exist yet.

* Fixes console tools to work as expected as they require hardcoded config
  file locations.
2016-11-15 04:47:14 +01:00
Robin Gloster
dabcd7d4c8 dockerRegistry module: re-init with new underlying software 2016-10-12 14:05:09 +02:00
Domen Kožar
50be1a1765 changelog for gnupg bump, fixes #18293
(cherry picked from commit 1ff2b10f282d7ae694b70b713cfefcdee467f873)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00
Wei-Ming Yang
e330807e1f
murmur service: welcome -> welcometext
fixed incorrect option name `welcome` to `welcometext`.

joachifm added a rename for backwards compat.

Closes https://github.com/NixOS/nixpkgs/pull/18570
2016-09-23 16:08:14 +02:00
aszlig
4ac7b7d5de
nixos/modules/rename: Remove docker-registry
This is a follow-up to 9c1cdedcba and
fed3501b07.

Discussion:

https://github.com/NixOS/nixpkgs/issues/18209#issuecomment-245968857

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @domenkozar
Issue: #18209
2016-09-11 16:51:20 +02:00
Parnell Springmeyer
390ab0b3ef everything?: Updating every package that depended on the old setuidPrograms configuration. 2016-09-01 19:17:43 -05:00
obadz
4f299fdd53 nixos/modules/rename.nix: fix eval error
cc @Profpatsch @joachifm  @domenkozar
2016-08-28 14:47:24 +01:00
Domen Kožar
4af09e0031 Merge pull request #14311 from Profpatsch/mkRemovedOptionModule-replacement
mkRemovedOptionModule: add replacement argument
2016-08-28 13:55:28 +02:00
Nikolay Amiantov
e3ab0826c2 fontconfig-ultimate: 2015-12-06 -> 2016-04-23
This removes our hardcoded presets which weren't updated for quite some time.
Infinality now has new hardcoded presets in freetype, which can be overriden if
desired with environment variables (as before). Accordingly, updated NixOS
module to set the hardcoded preset.

Additionally used a more "right" type for substitutions.
2016-08-20 03:21:05 +03:00
Nikolay Amiantov
1e8894f085 unity3d: use chromium-suid-sandbox 2016-08-08 10:49:00 +03:00
Joachim Fasting
0677cc61c8
nixos: rewrite the grsecurity module
The new module is specifically adapted to the NixOS Grsecurity/PaX
kernel.  The module declares the required kernel configurations and
so *should* be somewhat compatible with custom Grsecurity kernels.

The module exposes only a limited number of options, minimising the need
for user intervention beyond enabling the module. For experts,
Grsecurity/PaX behavior may be configured via `boot.kernelParams` and
`boot.kernel.sysctl`.

The module assumes the user knows what she's doing (esp. if she decides
to modify configuration values not directly exposed by the module).

Administration of Grsecurity's role based access control system is yet
to be implemented.
2016-06-14 03:38:12 +02:00
Profpatsch
16c923cef2 modules/mkRemovedOptionModule: add replacement doc
When displaying a warning about a removed Option we should always
include reasoning why it was removed and how to get the same
functionality without it.

Introduces such a description argument and patches occurences (mostly
with an empty string).

startGnuPGAgent: further notes on replacement
2016-05-29 00:42:08 +02:00