Commit graph

3039 commits

Author SHA1 Message Date
Eelco Dolstra
5332480454 nixos-install: Fix copying from the CD
Nix 1.6 doesn't run the copy-from-other-stores substituter by default
anymore, so turn it on explicitly.

http://hydra.nixos.org/build/6144173
2013-09-16 13:30:34 +02:00
Bjørn Forsman
0192c02720 /etc/profile: try all nix profiles for ASPELL_CONF
Aspell can only handle one dict-dir directive and currently we hardocde
that to
  ASPELL_CONF="dict-dir $HOME/.nix-profile/lib/aspell"

This means that aspell doesn't work if it is installed to the system or
default nix profile -- it only works in the user profile.

With this change, aspell can be installed to any of the nix profiles. If
it is installed in more than one profile, the most "local" profile wins
(i.e. sysadmin can set up a default, users can override it).
2013-09-14 13:05:11 +02:00
Oliver Charles
3a1024478a lightdm: Use xserver.nix environment variables when starting X
This reduces code duplication, but more importantly means that the
DRI modules can be found by X enabling hardware acceleration.

Close #249; the PR also refers to more about DRI modules.
2013-09-12 10:09:53 +02:00
Peter Simons
1103ba84fd modules/misc/ids.nix: patch tcpcrypt to use our uid
The default uid 666 exceeds SYS_UID_MAX (499), so it might not be available
anyway.
2013-09-11 18:58:37 +02:00
Peter Simons
4a7d8a84bc modules/services/networking/tcpcrypt.nix: specify start-up dependencies in systemd style
Thanks, Eelco, for pointing this out.
2013-09-11 18:56:09 +02:00
Peter Simons
b6501c0097 modules/misc/ids.nix: add a comment explaining why tcpcryptd has uid 666. 2013-09-11 11:09:30 +02:00
Peter Simons
0afcc637d7 Add support for opportunistic TCP encryption.
Set "networking.tcpcrypt.enable = true;" to enable opportunistic TCP encryption
based on the user-space tools available from <http://tcpcrypt.org>.

Network attackers come in two varieties: passive and active (man-in-the-middle).
Passive attacks are much simpler to execute because they just require listening
on the network. Active attacks are much harder as they require listening and
modifying network traffic, often requiring very precise timing that can make
some attacks impractical.

Opportunistic encryption cannot protect against active attackers, but it *does*
protect against passive attackers. Furthermore, Tcpcrypt is powerful enough to
stop active attacks, too, if the application using it performs authentication.

A complete description of the protocol extension can be found at
<http://tools.ietf.org/html/draft-bittau-tcp-crypt-00>.
2013-09-10 23:32:55 +02:00
Eelco Dolstra
c4092f2a8d firewall.nix: Less verbosity 2013-09-10 15:17:52 +02:00
Eelco Dolstra
94bb48be78 firewall.nix: Don't make missing rpfilter support a fatal error
This makes upgrading from Linux 3.2 to 3.4 a bit nicer.
2013-09-10 15:17:52 +02:00
Bjørn Forsman
8a01d244b1 Add services.samba.nsswins option
This option allows for seamless WINS/NetBIOS name lookup, using
nsswitch.
2013-09-07 15:09:44 +02:00
Eelco Dolstra
40342e975d types.list -> types.listOf 2013-09-04 15:12:07 +02:00
Eelco Dolstra
25bd880472 Get firmware from lib/firmware 2013-09-04 14:22:52 +02:00
Eelco Dolstra
17457297cb Update all legacy-style modules
I.e., modules that use "require = [options]".  Nowadays that should be
written as

  {
    options = { ... };
    config = { ... };
  };

Also, use "imports" instead of "require" in places where we actually
import another module.
2013-09-04 13:05:09 +02:00
Jack Cummings
f2523c08e4 fixiup zfs binaries in initrd
Previously, the zfs binaries were put in $out/sbin where the stage-1
patchelf wouldn't fix them up. This would fail the allowedReferences
test.

Move the zfs binaries to $out/bin.
2013-09-02 13:53:28 +03:00
Antono Vasiljev
16c0a24cad Openbox 2013-09-01 21:18:48 +03:00
Mathijs Kwik
388f1d48fb do not activate hybrid-sleep during config switches 2013-08-31 12:05:50 +02:00
Domen Kožar
e45e62e078 merge 2013-08-30 18:05:08 +02:00
Moritz Ulrich
f8d1aac7d8 minidlna: Start after networking.target.
Signed-off-by: Moritz Ulrich <moritz@tarn-vedra.de>
2013-08-27 20:51:34 +02:00
Jaka Hudoklin
c613ae7b82 Add elasticsearch, a powerful open source search and analytics engine 2013-08-27 20:42:59 +02:00
Mathijs Kwik
2dd8b19eac Fix description for PowerManagement units. 2013-08-27 08:06:53 +02:00
Evgeny Egorochkin
7021b07a8d Move the compose-cache code from kde4 to xsession since it is supposedly useful for all X-based stuff. 2013-08-26 17:06:05 +03:00
Rickard Nilsson
b0b5e08e86 Add some more missing uids/gids 2013-08-26 15:20:25 +02:00
Eelco Dolstra
3395e4398f Build 32-bit VirtualBox image
Issue #200.
2013-08-26 14:06:00 +02:00
Eelco Dolstra
40c6f6252e Fix spelling
Also, it's not necessary to order a unit after "sysinit.target" since
that's implied.
2013-08-26 12:18:26 +02:00
Eelco Dolstra
8bfbe7ef84 Don't try to guess the location of the NixOS config file
The NixOS config need not be $NIXOS_CONFIG, it can also be set through
-I nixos-config=... or not exist in a separate file at all (e.g. in a
NixOps deployment).

Issue #212.
2013-08-26 12:14:14 +02:00
Bjørn Forsman
c3931d2e42 Add programs.ssh.extraConfig option 2013-08-25 21:54:21 +02:00
Mathijs Kwik
d860f9f78e power management: provide a post-resume target and unify
suspend/hibernate/hybrid-sleep handling
2013-08-25 13:58:09 +02:00
Mathijs Kwik
651686626f convert bbswitch job to systemd unit
dramatically speeds up my boot time because it was the last
service (for me) that depended on udev-settle.service

udev-settle isn't needed for modern system initialization but some
oldschool services (mdadm/lvm/cryptsetup) depend on it so they can
just enumerate devices instead of having to react to changes
dynamically. In NixOS these things are usually already taken care of
during stage 1 (early ramdisk) if you use them.
2013-08-25 13:58:09 +02:00
Lluís Batlle i Rossell
48cdd60e02 Fixing handling of parameters with spaces in torsocks/torify 2013-08-24 23:23:48 +02:00
Eelco Dolstra
9771f0c96c sshd: Support multiple host keys
The option services.openssh.hostKeys now allows specifying multiple
host keys.  The default value enables both a DSA and ECDSA key.
(Clients by default will use the ECDSA key, unless known_hosts already
has a DSA key for that host.)  To use only an ECDSA key, you can say:

  services.openssh.hostKeys =
    [ { path = "/etc/ssh/ssh_host_ecdsa_key";
        type = "ecdsa";
        bits = 521;
      }
    ];
2013-08-24 01:01:10 +02:00
Evgeny Egorochkin
f8a6fa774e SSH daemon: change default key size for RSA, add alert for weak keys. 2013-08-23 14:50:14 +03:00
Rickard Nilsson
f420726936 Add several missing uids and gids to modules/misc/ids.nix 2013-08-23 11:37:17 +02:00
Evgeny Egorochkin
bfc75e73ae Update zip to zipAttrsWith since zip is obsolete. 2013-08-22 10:40:50 +03:00
Jaka Hudoklin
5894f26c81 Add statsd, simple daemon for easy stats aggregation 2013-08-21 11:52:25 +02:00
Eelco Dolstra
eefe0786f9 nixos-help: Use xdg-open if available 2013-08-20 17:11:47 +02:00
Rickard Nilsson
1ff7584a30 networkmanager: Add option for appending DNS settings
If the option is enabled, the DNS servers from networking.nameservers
will be inserted in /etc/resolv.conf after the DNS servers that
NetworkManager receieves by DHCP, or that is configured manually
in the connection settings.
2013-08-20 13:36:01 +02:00
Rob Vermaas
71a21704dc Fix typoe in graphite module (cabon -> carbon). 2013-08-19 10:21:31 +02:00
Domen Kožar
6004b28af8 merge 2013-08-19 09:06:31 +02:00
Jaka Hudoklin
4628fd8434 graphite: Refactor options, serve with waitress 2013-08-19 04:22:46 +02:00
Bjørn Forsman
d17d1636b1 Revert "Add /etc/ssl/certs/ca-certificates.crt symlink for Ubuntu compatibility"
This reverts commit 10133f0b5b.

See discussion at https://github.com/NixOS/nixos/pull/224
2013-08-18 17:46:07 +02:00
Bjørn Forsman
10133f0b5b Add /etc/ssl/certs/ca-certificates.crt symlink for Ubuntu compatibility
NixOS and Fedora uses .../ca-bundle.crt. Ubuntu uses
.../ca-certificates.crt. Add .../ca-certificates.crt symlink to be
compatible with Ubuntu.

Example use case: Bob has a ~/.msmtprc file that he brings over from
Ubuntu. It also works on NixOS.
2013-08-17 13:13:02 +02:00
Bjørn Forsman
7e7a153cd6 libvirtd-service: document that users in "libvirtd" group have access 2013-08-16 21:25:00 +02:00
Rickard Nilsson
d1095e1bd4 Add libvirtd gid 2013-08-16 00:47:21 +02:00
Rickard Nilsson
e36e979d38 networkmanager: Add option for overriding DNS settings
If the option is enabled, the DNS servers from networking.nameservers
will be inserted in /etc/resolv.con and override any DNS servers that
NetworkManager receieves by DHCP, or that is configured manually
in the connection settings.
2013-08-16 00:35:57 +02:00
Bjørn Forsman
f7d11af98a libvirtd-service: give access to users in the "libvirtd" group
Currently only root has access. But with this patch all users in
"libvirtd" group will have access. This is similar to how it's done on
Ubuntu.

Also, add virtualisation.libvirtd.extraConfig option for further
customization of libvirtd.conf.
2013-08-15 21:50:16 +02:00
Eelco Dolstra
2dca8421f9 xfce: Add tango-icon-theme
The Rodent icon theme depends on ("inherits") Tango.
2013-08-15 18:02:55 +02:00
Eelco Dolstra
e6fa5cd8f2 Fix mousepad 2013-08-15 16:37:53 +02:00
Eelco Dolstra
35e2bac069 Remove $mountPoint
I just don't see the reason for setting this globally, given that /mnt
is the default.
2013-08-15 13:22:41 +02:00
Eelco Dolstra
b22e735d2b "with pkgs.lib.types; X" -> types.X 2013-08-15 13:21:49 +02:00
Marc Weber
2fcd1195e6 bash: change shell script option types from string to lines
installation-cd-base: export mountPoint=/mnt. This doesn't change the default behavior, but an explicit
mount point specification is cleaner.
2013-08-15 09:28:44 +03:00