lines below a certain marker. This is undesirable because commands
like "ssh-copy-id" add keys to the end of the file. Instead mark
all automatically added lines individually.
svn path=/nixos/trunk/; revision=33918
were obtained from the NixOS channel. "nixos-install" copies this
to the installed system as well.
* In the installation CD, set GC_INITIAL_HEAP_SIZE to a low value for
the benefit of memory-constrained environments.
svn path=/nixos/trunk/; revision=33887
challenge-response is an authentication method that does not need the
plain text password to be emitted over the (encrypted) connection.
This is nice if you don't fully trust the server.
It is enabled (upstream) by default.
To the end user, it still looks like normal password authentication,
but instead of sending it, it is used to hash some challenge.
This means that if you don't want passwords to be used ever at all,
and just stick to public key authentication, you probably want to
disable this option too.
svn path=/nixos/trunk/; revision=33513
wpa_gui or wpa_cli.
Comes with a default wpa_supplicant.conf, which gets updated through
aforementioned utilities.
svn path=/nixos/trunk/; revision=33510
You can now set the forwardX11 config option for the ssh client and server separately.
For server, the option means "allow clients to request X11 forwarding".
For client, the option means "request X11 forwarding by default on all connections".
I don't think it made sense to couple them. I might not even run the server on some machines.
Also, I ssh to a lot of machines, and rarely want X11 forwarding. The times I want it,
I use the -X/-Y option, or set it in my ~/.ssh/config.
I also decoupled the 'XAuthLocation' logic from forwardX11.
For my case where ssh client doesn't want forwarding by default, it still wants to set the path for the cases I do need it.
As this flag is the one that pulls in X11 dependencies, I changed the minimal profile and the no-x-libs config to check that instead now.
svn path=/nixos/trunk/; revision=33407
delete routes and addresses when it quits. This causes those routes
and addresses to stick around forever, since dhcpcd won't delete
them when it runs next (even if it acquires a new lease on the same
interface). This is bad; in particular the stale (default) routes
can break networking.
The downside to removing "persistent" is that you should never ever
do "stop dhcpcd" on a remote machine configured by dhcpcd.
svn path=/nixos/trunk/; revision=33388
The VirtualBox build in Nixpkgs is insecure because it uses the
"--disable-hardened" flag, which disables some checks in the
VirtualBox kernel module. Since getting rid of that flag looks like
too much work, it's better to ensure that only explicitly permitted
users have access to VirtualBox.
* Drop the 666 permission on "sonypi" because it's not clear why that
device should be world-writable.
svn path=/nixos/trunk/; revision=33301
monitor the postgres process directly (so that it can be restarted
if necessary), let Upstart send SIGTERM to postgres to shut it down
gracefully. Also drop the Mediawiki references.
svn path=/nixos/trunk/; revision=33262
It needs udevd to be running because the modules may require
firmware. Thanks to Mathijs and Arie for pointing this out.
svn path=/nixos/trunk/; revision=33234
starts the given job and waits until it's running; "stop_check"
checks that the current job hasn't been asked to stop.
svn path=/nixos/trunk/; revision=33214
modprobe.
* Move the implementation of boot.kernelModules from the udev job to
the activation script. This prevents races with the udev job.
* Drop references to the "capability" kernel module, which no longer
exists.
svn path=/nixos/trunk/; revision=33208