All available options were just enabling
hardware.enableRedistributableFirmware. There were nix files without
modules which weren't referenced anywhere.
This has been broken nearly all the time due to the patches needed to
iproute2 not being compatible with the newer versions we have been
shipping. As long as Ubuntu does not manage to upstream these changes
so they are maintained with iproute2 and we don't have a maintainer
updating these patches to new iproute2 versions it is not feasible to
have this available.
* prometheus-collectd-exporter service: init module
Supports JSON and binary (optional) protocol
of collectd.
* nixos/prometheus-collectd-exporter: submodule is not needed for collectdBinary
This file was removed in 6f0b538044, but sufficient care was not taken
to remove all references to it. Without this change, trying to
rebuild nixos fails.
The latest release of libyamlcpp in nixpkgs does not build because it
uses an older version of boost than the one in nixpkgs and therefore
expects a particular header file which does not exist in the latest
boost anymore. For this reason, a later (git) version of libyamlcpp is
used here (which actually doesn't even require boost).
The substituteInPlace in the prePatch phase is needed because libevdev
places its headers in non-standard places, meaning Nix cannot normally
find them. The `cut` command removes the first two "-I" characters from
the output of `pkg-config`. This needs to be in the prePatch phase
because otherwise Nix will patch these lines to `/var/empty`, meaning
you would have less specific replacement (in case other lines are also
patched to `/var/empty`).
I wrote the patch. (I believe it is NixOS specific.)
* nixos/usbguard: create package and module
No usbguard module or package existed for NixOS previously. USBGuard
will protect you from BadUSB attacks. (assuming configuration is done
correctly)
* nixos/usbguard: remove extra packages
Users can override this by themselves.
* nixos/usbguard: add maintainer and fix style
* modules sks and pgpkeyserver-lite:
runs the sks keyserver with optional nginx proxy for webgui.
* Add calbrecht to maintainers
* module sks: fix default hkpAddress value
* module pgpkeyserver-lite: make hkpAddress a string type option
and use (builtins.head services.sks.hkpAddress) as default value
* module sks: remove leftover service dependencies
#11864 Support Linux audit subsystem
Add the auditd.service as NixOS module to be able to
generate profiles from /var/log/audit/audit.log
with apparmor-utils.
auditd needs the folder /var/log/audit to be present on start
so this is generated in ExecPreStart.
auditd starts with -s nochange so that effective audit processing
is managed by the audit.service.
to /etc/dd-agent/conf.d by default, and make sure
/etc/dd-agent/conf.d is used.
Before NixOS 17.03, we were using dd-agent 5.5.X which
used configuration from /etc/dd-agent/conf.d
In NixOS 17.03 the default conf.d location is first used relative,
meaning that $out/agent/conf.d was used without NixOS overrides.
This change implements similar functionality as PR #25288, without
breaking backwards compatibility.
(cherry picked from commit 77c85b0ecbc1070d7adff31b339bede92e4193fa)
Adds an option `security.lockKernelModules` that, when enabled, disables
kernel module loading once the system reaches its normal operating state.
The rationale for this over simply setting the sysctl knob is to allow
some legitmate kernel module loading to occur; the naive solution breaks
too much to be useful.
The benefit to the user is to help ensure the integrity of the kernel
runtime: only code loaded as part of normal system initialization will be
available in the kernel for the duration of the boot session. This helps
prevent injection of malicious code or unexpected loading of legitimate
but normally unused modules that have exploitable bugs (e.g., DCCP use
after free CVE-2017-6074, n_hldc CVE-2017-2636, XFRM framework
CVE-2017-7184, L2TPv3 CVE-2016-10200).
From an aestethic point of view, enabling this option helps make the
configuration more "declarative".
Closes https://github.com/NixOS/nixpkgs/pull/24681
* programs.zsh: factor zsh-syntax-highlighting out into its own module
* programs.zsh.syntax-highlighting: add `highlighters` option
* programs.zsh: document BC break introduced by moving zsh-syntax-completion into its own module
* programs.zsh: add enableOhMyZsh option to automate setup of oh-my-zsh in global zshrc
* programs.zsh: make oh-my-zsh plugins configurable
* programs.zsh: add ohMyZshCustom option
* programs.zsh: add ohMyZshTheme option
* programs.zsh: applying minor fixes to evaluate expressions properly
* programs.zsh: fix ordering of oh-my-zsh config and execution
* programs.zsh: move all oh-my-zsh params into its own scope named programs.zsh.oh-my-zsh
In order to use qt5ct (Qt5 Configuration Tool) to configure Qt5
settings (theme, font, icons, etc.) under DE/WM without Qt
integration, the environment variable QT_QPA_PLATFORMTHEME should be
set to "qt5ct".
It can be done automatically by this module, or by setting the
variable explicitly in the user or in the system configuration.
This PR adds support for ```iio-sensor-proxy``` used by GNOME v3 and
others for reading data from the accelerometer, gps, compass and similar sensors
built into some relatively recent laptops.
Additionally, there is a NixOS module exposed via hardware.sensor.iio
for enabling services, udev rules and dbus services.
To be able to use Wireshark as an ordinary user, the 'dumpcap' program
must be installed setuid root. This module module simplifies such a
configuration to simply:
programs.wireshark.enable = true;
The setuid wrapper is available for users in the 'wireshark' group.
Changes v1 -> v2:
- add "defaultText" to the programs.wireshark.package option (AFAIK,
that prevents the manual from being needlessly rebuilt when the
package changes)
