Commit graph

2110 commits

Author SHA1 Message Date
Nicolas B. Pierron
974edc5056 nixos-option: Use <nixpkgs/nixos> instead of <nixpkgs>. 2014-12-21 01:33:06 +01:00
Nicolas B. Pierron
c9682a22ff nixos-option: Produce nicer error messages in case of typos. 2014-12-20 19:52:28 +01:00
Nicolas B. Pierron
640428d3c5 nixos-option: Handle 'attrsOf submodule' options. 2014-12-20 19:16:43 +01:00
Nicolas B. Pierron
cd2f7ce9f9 nixos-option: Improve error messages to avoid reporting internal location and traces. 2014-12-19 23:00:52 +01:00
Nicolas B. Pierron
b2abfe54b3 nixos-option: Print derivation outPath within attribute sets and list, when the strict mode is used. 2014-12-19 23:00:00 +01:00
Nicolas B. Pierron
9db6a84f0b nixos-option: Print the outPath of derivation for option values. 2014-12-19 22:33:24 +01:00
Eelco Dolstra
80a85541d5 Typo 2014-12-19 14:38:33 +01:00
Eelco Dolstra
5ad3a02938 Shut up a warning from udev
Issue #5260.
2014-12-19 14:37:50 +01:00
Mathijs Kwik
6e728a42ec virtualisation.qemuNetworkingOptions -> virtualisation.qemu.networkingOptions 2014-12-19 11:59:00 +01:00
Mathijs Kwik
6cdacdd4a2 nixos/qemu-vm: make networking options configurable 2014-12-19 08:52:06 +01:00
wmertens
a8c726da56 Merge pull request #5378 from benley/mesos
mesos-slave: add config option for slave attributes
2014-12-19 08:10:07 +01:00
Evgeny Egorochkin
87610ca0fd kde4: enable akonadi by default 2014-12-19 08:59:22 +02:00
Evgeny Egorochkin
939edb1873 synergy: restore autostart option.
closes #5334
2014-12-19 08:25:23 +02:00
Evgeny Egorochkin
9225af50d0 resurrect torsocks-faster 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
eb0874d5ff rename torify to tsocks, to avoid name clashes and make it clear which wrapper library is used 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
633cc58d5c torsocks: enable by default if tor client functionality is enabled 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
824b3b1a99 tor: restore the Privoxy setup, but configure the system Privoxy instead of running a separate instance. 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
1fe5314dc5 tor: restore strong circuit isolation 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
da118cf60b Revert "nixos: Remove torify module"
tsocks is still useful because it's less strict

This reverts commit 1b26faeb69.
2014-12-19 08:05:41 +02:00
Benjamin Staffin
c47cefd05e nixos/mesos: Parameterize mesos slave attributes
Added attributes to nixos/tests/mesos.nix to verify that mesos-slave
attributes work. If the generated attributes are invalid, the daemon
should fail to start.

Change-Id: I5511245add30aba658b1af22cd7355b0bbf5d15c
2014-12-18 14:47:24 -08:00
aszlig
efb2b27a8f
nixos: Add VBox hardening to 14.12 release notes.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 22:58:37 +01:00
wmertens
5f7530a1d7 zfs hostId: Instructions to derive from machine-id 2014-12-18 22:52:29 +01:00
aszlig
f7384b8c75
nixos/virtualbox: Revert disable hardening.
This reverts commit 5d67b17901.

The issues have been resolved by ac603e208c.

Tested this with hostonlyifs and USB support with extension pack.

Conflicts:
	nixos/modules/programs/virtualbox-host.nix

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>
2014-12-18 18:18:32 +01:00
Eelco Dolstra
63c14e259d ssh-agent: Don't have a timeout by default
IMHO, having a short timeout (1h) defeats the point of using
ssh-agent, which is not to have to retype passphrases all the time. Of
course, users who want timeouts can set programs.ssh.agentTimeout.

This restores the 14.04 behaviour.
2014-12-18 15:34:29 +01:00
Eelco Dolstra
bf0f2adbeb Fix container test
http://hydra.nixos.org/build/17989795
2014-12-18 14:18:53 +01:00
aszlig
d45649b415
nixos/tests/virtualbox: Disable debug logging.
Especially if the user isn't in the vboxusers group anymore, this gets
VERY noisy, because the VBoxSVC process emits warnings for every single
USB device noting that it's only possible to access it when the user is
in the vboxusers group.

So, we now have a debug attribute, where we can enable it when
necessary.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
aszlig
ef691d5c30
nixos/tests/virtualbox: Don't use vboxusers group.
At least when we're running in hardening mode, because it's needed there
only for USB support.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
aszlig
2af435b5cd
nixos/tests/blivet: Fix by avoiding "nix-store".
The "nix-store" command within the VM test is running without
NIX_REMOTE=daemon and since Nix 1.8 tries to open the store database in
read-write mode even for nix-store -qR.

Now, we're doing this properly and rely on setup hooks, which is the
same method that's used when you're building a library which depends on
blivet.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
aszlig
ac603e208c
virtualbox: Fix runtime paths in hardening mode.
Because we have to rely on setuid wrappers on NixOS, we can't easily
hardcode the executable paths and set it 4755. So for all calls, we need
to change the runtime path executable directory to /var/setuid-wrappers/
and for verification we need to retain the executable directory.

Also note, that usually VBoxNetAdpCtl, VBoxNetDHCP, VBoxNetNAT, VBoxSDL
and VBoxVolInfo don't reside in directories that are commonly in PATH,
but in /usr/lib/virtualbox in most mainstream distros. But because the
names of these executables are distinctive enough to not cause
collisions with other setuid programs, I'll leave it like that and not
patch up setuid-wrappers.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
Domen Kožar
3d5220e691 release notes: reindent, remove renames (redudant)
(cherry picked from commit 8566f66ea44f7adf050d92bd8dc8de9ba814f0d1)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-18 12:22:22 +01:00
Domen Kožar
44af18f8ae update release notes
(cherry picked from commit 33e9a0503a55aef49c4d8750a712388ab71b6446)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-18 12:22:17 +01:00
Domen Kožar
432490e319 fix users.mutableUsers = false; install in iso
(cherry picked from commit 9bc8bcbbdcc7cac98686877f09315bb749627732)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-18 12:18:49 +01:00
Eelco Dolstra
89697b0fc1 Improve /etc/sudoers message 2014-12-18 11:51:42 +01:00
William A. Kennington III
1036c66d43 nixos/network-interfaces: Add ipv6 gateway support 2014-12-17 17:56:29 -08:00
Eelco Dolstra
c812e45292 switch-to-configuration: Ignore slice units 2014-12-18 01:47:36 +01:00
Eelco Dolstra
bde9ae18cf Revert "enable bash autocomplete by default"
This reverts commit ee8e15fe76. See
discussion at ee8e15fe76.
2014-12-18 00:36:46 +01:00
Eelco Dolstra
d34c600414 Remove udev from /run/opengl-drivers
/run/opengl-drivers should contain only libGL-related libraries, not
stuff like udev. Injecting anything into LD_LIBRARY_PATH is dangerous
because it can break applications that expect a different version of
the library.

Caused by eef9a8ac2a. Fixes #5371.
2014-12-17 17:00:10 +01:00
Rob Vermaas
b8a4095003 It is called Dingo! yes, Dingo! 2014-12-17 16:42:52 +01:00
Domen Kožar
d2462e2957 nixos/tests/gitlab.nix: set TimeoutStartSec to 10min
(cherry picked from commit 5bafb9cf0fea00470be4ff9b342849339297eeb4)
Signed-off-by: Domen Kožar <domen@dev.si>
2014-12-17 16:40:53 +01:00
Luca Bruno
614162ee6c Some lua and awesome improvements
- Move lgi to luaPackages
- Use luaPackages in awesome and passthru lua
- Allow to pass lua modules to the awesome WM so that those can be used in the configuration
2014-12-17 15:08:21 +01:00
Mathijs Kwik
4aebd5ef87 Merge pull request #5358 from bluescreen303/nixos-extra-modules
nixos: allow adding extra modules through environment
2014-12-17 09:48:35 +01:00
wmertens
0d5bd2a0f3 Merge pull request #5254 from ehmry/network-filesystems
nixos: configure samba and rsync shares with sets
2014-12-17 07:07:28 +01:00
wmertens
2fb69f5277 Merge pull request #5196 from madjar/cloud-init
cloud-init: add expression and service
2014-12-17 06:58:54 +01:00
William A. Kennington III
681ae2fa7f nixos/consul: Don't timeout if start job has many retries 2014-12-16 15:42:08 -08:00
Mathijs Kwik
73f18fd42f nixos: allow adding extra modules through environment
This is useful for adding extra functionality or defaults to _every_
nixos evaluation.

My use case is overriding behaviour for all nixos tests, for example
setting packageOverrides to newer versions and changing some default
dependencies/settings.

By making this accessible through an environment variable, this can now
be fully accomplished externally. No more need to fork
nixos/nixpkgs (which becomes a maintenance burden), just use the channel
instead and plug in via this envvar.
2014-12-16 19:13:15 +01:00
Eelco Dolstra
be0e73b938 cups: Build with SERVERROOT set to /etc/cups 2014-12-16 18:23:41 +01:00
Eelco Dolstra
dc6c8b9714 cupsd.nix: Clean up environment.etc 2014-12-16 18:23:41 +01:00
tv@shackspace.de
b71f3c4315 nixos/cupsd: use cups-files.conf 2014-12-16 18:23:40 +01:00
aszlig
e36bec661c
nixos/virtualbox: Fix warning on enableHardening.
The warning was displayed whenever services.virtualboxHost.enable was
true, but if people were to enable hardening, they'd still get that
annoying message.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-16 11:24:55 +01:00
Eelco Dolstra
997531d172 Document screen incompatibility 2014-12-15 19:55:37 +01:00