This change adds NixOS tests for the MPD (Music Player Daemon) module.
Tests include:
- Playing audio locally using ALSA directly.
- Playing audio locally using PulseAudio (backed by ALSA).
- Playing audio from an external client.
- Rejecting an external client when it's not explicitly allowed (default configuration).
refs #41772
Kubernetes dashboard currently has cluster admin permissions,
which is not recommended.
- Renamed option "services.kubernetes.addons.dashboard.enableRBAC" to "services.kubernetes.addons.dashboard.rbac.enable"
- Added option "services.kubernetes.addons.dashboard.rbac.clusterAdmin", default = false.
- Setting recommended minimal permissions for the dashboard in accordance with https://github.com/kubernetes/dashboard/wiki/Installation
- Updated release note for 18.09.
- Added option 'cni.configDir' to allow for having CNI config outside of nix-store
Existing behavior (writing verbatim CNI conf-files to nix-store) is still available.
- Removed unused option 'apiserver.publicAddress' and changed 'apiserver.address' to 'bindAddress'
This conforms better to k8s docs and removes existing --bind-address hardcoding to 0.0.0.0
- Fixed c/p mistake in apiserver systemd unit description
- Updated 18.09 release notes to reflect changes to existing options
And fixed some typos from previous PR
- Make docker images for Kubernetes Dashboard and kube-dns configurable
The usage of nixpkgs.config.packageOverrides is deprecated and we do
have overlays since quite a while.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra
This reverts a part of 5bd12c694b.
Apparently there's no way to specify user for RuntimeDirectory in systemd
service file (it's always root) but tor won't create control socket if the dir
is owned by anybody except the tor user.
These hardenings were adopted from the upstream service file, checked
against systemd.service(5) and systemd.exec(5) manuals, and tested to
actually work with all the options enabled.
`PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5),
removed.
`--RunAsDaemon 0` is the default value according to tor(5), removed.
