Robin Gloster
e82baf043e
security-wrapper: link old wrapper dir to new one
...
This makes setuid wrappers not fail after upgrading.
references #23641 , #22914 , #19862 , #16654
2017-03-23 15:57:30 +01:00
Robin Gloster
45f486f096
Revert "security-wrapper: Don't remove the old paths yet as that can create migration pain"
...
This reverts commit 4c751ced37
.
This does not fix the issue as /run is now mounted with nosuid.
2017-03-23 15:57:23 +01:00
Symphorien Gibol
a6665adde8
grub module: fix useOSProber when installing grub as EFI
2017-03-23 12:53:44 +01:00
Jörg Thalheim
b2ba188656
Merge pull request #24182 from ndowens/munin
...
munin: 2.0.30 -> 2.0.33; for CVE-2017-6188
2017-03-22 19:21:02 +01:00
Piotr Bogdan
a4b4cd0710
lightdm-greeters service: add extraConfig option ( #24135 )
2017-03-22 15:33:22 +01:00
Thomas Tuegel
a96e047b31
nixos/sddm: replace themes
option with package
option
2017-03-22 07:44:55 -05:00
Thomas Tuegel
7ca62935bb
nixos/plasma5: do not include extra-cmake-modules in sddm
...
Fixes #24126 .
2017-03-22 07:44:55 -05:00
Joachim Fasting
95eaa3aec3
nixos/tor: add missing option type
2017-03-22 02:27:23 +01:00
Jörg Thalheim
b4169bb8dd
munin: fix tests by replacing cron with systemd timer
2017-03-22 00:16:36 +01:00
Eelco Dolstra
86721a5f78
Allow attaching to non-child processes by default
...
The inability to run strace or gdb is the kind of
developer-unfriendliness that we're used to from OS X, let's not do it
on NixOS.
This restriction can be re-enabled by setting
boot.kernel.sysctl."kernel.yama.ptrace_scope" = 1;
It might be nice to have a NixOS module for enabling hardened defaults.
Xref #14392 .
Thanks @abbradar.
2017-03-21 18:48:35 +01:00
Eelco Dolstra
78bb734452
nix-daemon.nix: Make the 1.12 check less strict
2017-03-21 18:48:35 +01:00
Nikolay Amiantov
6555ec03c3
udev module: filter duplicate udev paths
...
Fixes #24174
2017-03-21 20:22:27 +03:00
Nikolay Amiantov
d3e2957c90
octoprint: 1.3.1 -> 1.3.2
...
Fix startup wizard and cleanup dependencies.
2017-03-21 20:22:27 +03:00
Domen Kožar
02129a8788
Merge pull request #23672 from edanaher/nginx-alias
...
Nginx alias directive
2017-03-21 15:04:02 +01:00
Eelco Dolstra
2cb25f8b59
nix: 1.11.7 -> 1.11.8
2017-03-21 14:49:23 +01:00
Robin Gloster
f2ff646e59
Merge pull request #23641 from awakenetworks/parnell/fix-wrapper-migration
...
security-wrapper: Don't remove the old paths yet as that can create migration pain
2017-03-21 13:40:15 +01:00
Franz Pletz
4bd12fa7b2
gitlab module: explicitely create pages shared path
...
Fixes creation of backups.
2017-03-21 13:16:51 +01:00
Franz Pletz
fb50cde71e
nixos/treewide: systemd.time is in manvolume 7
...
cc #23396
2017-03-21 08:28:53 +01:00
Robin Gloster
c808801937
nix-daemon: fix autoOptimiseStore option
2017-03-21 02:17:09 +01:00
Franz Pletz
295a824abc
Merge pull request #21866 from pjones/pjones/rmilter
...
rmilter: Fix a couple of bugs
2017-03-20 20:50:56 +01:00
Franz Pletz
c13922f012
nginx: explicitly use stable version
...
Also updates the documention of the NixOS option `services.nginx.package`
that upstream recommends using the mainline version instead.
Fixes #21665 .
2017-03-20 20:04:09 +01:00
Eelco Dolstra
337f731c2b
Merge pull request #24134 from pstn/nix-auto-optimise
...
Added option and description for nix store auto-optimisation.
2017-03-20 20:01:48 +01:00
Philipp Steinpass
68c6d90417
Added option and description for nix store auto-optimisation.
2017-03-20 19:09:19 +01:00
Franz Pletz
fff8cc79df
Merge pull request #23279 from mbbx6spp/make-nginx-module-less-gross
...
nginx service: add commonHttpConfig option
2017-03-20 19:03:20 +01:00
Thomas Tuegel
020791f7e1
Merge pull request #24125 from ttuegel/disable-kimpanel
...
nixos/plasma5: do not set kimpanel as default IBus panel
2017-03-20 10:23:09 -05:00
Nikolay Amiantov
179fe96a03
Merge pull request #24112 from abbradar/odroid
...
Add ODROID-XU{3,4} support
2017-03-20 17:44:09 +03:00
Thomas Tuegel
d709cdd829
nixos/plasma5: do not set kimpanel as default IBus panel
...
kimpanel does not show installed IBus engines or allow switching input
methods. kimpanel does show configured keyboard layouts through kxkb, so I
believe there is some problem communicating with IBus. No error messages are
produced in the log and I have been unable to discover the cause. I have no
intention of continuing to work on kimpanel at this time, so it should be
disabled. The GTK+ 3-based panel provided by IBus is perfectly serviceable in
the interim.
2017-03-20 09:31:05 -05:00
Thomas Tuegel
4837aba1ee
Merge pull request #24101 from romildo/fix.lumina
...
lumina: fix kwindowsystem and oxygen-icons5 attributes
2017-03-20 09:00:25 -05:00
Kristoffer Søholm
f9e8ef7e6d
nixos/bluetooth: add extraConfig option ( #23427 )
2017-03-20 14:28:02 +01:00
Nikolay Amiantov
15d3f8e783
sd-image-armv7l-multiplatform module: enable ODROID-XU3 console
2017-03-20 11:07:04 +03:00
romildo
501d9c7186
lumina: fix kwindowsystem and oxygen-icons5 attributes
2017-03-19 21:46:35 -03:00
Will Dietz
cb73cb9e62
neo4j service: neo4j-wrapper is deprecated, merge into neo4j.conf
2017-03-19 16:56:53 -05:00
Will Dietz
515fc22263
neo4j service: fix package installed into env to match running service
2017-03-19 16:56:52 -05:00
Michael Walker
b29bc8d41c
vsftpd: Expose the no_anon_password flag.
2017-03-19 01:53:29 +00:00
Daiderd Jordan
a48df6fba6
Merge pull request #22508 from matthewbauer/remove-emacs24macport
...
emacs24macport: remove
2017-03-18 22:19:20 +01:00
Vladimír Čunát
742b120ddc
Merge branch 'master' into staging
...
Nontrivial rebuilds from master, again :-/
2017-03-18 11:00:31 +01:00
Will Dietz
63f1a14ae5
neo4j service: increase file limit, per warning emitted at startup ( #23961 )
2017-03-18 01:03:09 +01:00
Joachim F
9a976c09ba
Merge pull request #23963 from dtzWill/feature/irkerd
...
irker: init at 2017-02-12
2017-03-18 00:35:32 +01:00
Franz Pletz
9536169074
nixos/treewide: remove boolean examples for options
...
They contain no useful information and increase the length of the
autogenerated options documentation.
See discussion in #18816 .
2017-03-17 23:36:19 +01:00
Franz Pletz
00239ce8e9
rmilter/rspamd service: tighten unix socket permissions
2017-03-17 23:01:24 +01:00
Franz Pletz
8ab2d2ee27
rmilter service: support only one socket
2017-03-17 23:00:34 +01:00
Peter Jones
4defb788eb
rmilter service: Fix a couple of bugs
...
* The module uses `stringSplit` but it should be `splitString`
* `rmilter` doesn't actually support binding to multiple sockets.
Therefore, bind to the last one specified if `socketActivation` is
`false`.
I also believe there is a bug in this module related to systemd
`ListenStream`. If `socketActivation` is true, Postfix gets
connection timeouts trying to connect to one of the `ListenStream`
inet addresses. I don't know enough about `ListenStream` passing
connections on to `fd:3` to understand what's going on.
These changes are in production (with `socketActivation = false`) via NixOps.
2017-03-17 20:15:48 +01:00
Joachim F
01f8e2161c
Merge pull request #23962 from oxij/nixos/tor-sec
...
nixos: tor: usability and security fixes
2017-03-17 16:14:41 +01:00
Pascal Bach
3728143cbc
prometheus-unifi-exporter: init at 0.4.0
2017-03-17 15:41:22 +01:00
Will Dietz
2807d75dca
irkerd service: init
2017-03-17 09:16:32 -05:00
Léo Gaspard
66e54f25a1
dhparams module: condition on enable option ( #23661 )
...
Hence, the init/cleanup service only runs when the dhparams module is enabled.
2017-03-17 01:56:13 +01:00
Jan Malakhovski
a04782581a
nixos: torify: disable by default, add some documentation as of why
...
This `tsocks` wrapper leaks DNS requests to clearnet, meanwhile Tor comes with
`torsocks` which doesn't.
Previous commits to this file state that all of this still useful somehow.
Assuming that it's true, at least let's not confuse users with two different tools
and don't clash with the `tsocks` binary from nixpkgs by disabling this by default.
2017-03-16 21:06:12 +00:00
Jan Malakhovski
6d25f77a64
nixos: tor: add enableGeoIP
2017-03-16 21:06:12 +00:00
Daiderd Jordan
00ed0f792e
Merge pull request #22897 from timor/couchdb-2.0.0
...
couchdb: add support for version 2.0.0
2017-03-16 22:03:32 +01:00
Profpatsch
6da60bb101
modules/mlmmj: fix a typo in listaddress folder
2017-03-16 18:47:11 +01:00