Commit graph

3782 commits

Author SHA1 Message Date
Mathijs Kwik
a1e86494d0 made challenge-response authentication method configurable for openssh
challenge-response is an authentication method that does not need the
plain text password to be emitted over the (encrypted) connection.
This is nice if you don't fully trust the server.

It is enabled (upstream) by default.

To the end user, it still looks like normal password authentication,
but instead of sending it, it is used to hash some challenge.

This means that if you don't want passwords to be used ever at all,
and just stick to public key authentication, you probably want to
disable this option too.

svn path=/nixos/trunk/; revision=33513
2012-04-01 10:54:17 +00:00
Mathijs Kwik
e216ce07df dhcpcd: ip-up and ip-down emit more info (like wifi access point)
useful to only start certain services (like vpn) on certain networks

svn path=/nixos/trunk/; revision=33512
2012-04-01 10:54:15 +00:00
Mathijs Kwik
7d4fd69b5f dhcpcd: wifi disconnect should also generate ip-down
svn path=/nixos/trunk/; revision=33511
2012-04-01 10:54:13 +00:00
Mathijs Kwik
7ba690add6 optionally allow normal users to control wpa_supplicant through
wpa_gui or wpa_cli.

Comes with a default wpa_supplicant.conf, which gets updated through
aforementioned utilities.

svn path=/nixos/trunk/; revision=33510
2012-04-01 10:54:10 +00:00
Mathijs Kwik
7f84957ff2 mongodb: allow running as a replicaset member
also useful for point-in time backups using mongodump --oplog

svn path=/nixos/trunk/; revision=33509
2012-04-01 10:54:08 +00:00
Mathijs Kwik
de5b437004 assertions '.msg' doesn't exist => .message
svn path=/nixos/trunk/; revision=33508
2012-04-01 10:54:06 +00:00
Joachim Schiele
bc6ca7944f fixed a upstart issue where upsd was never started
svn path=/nixos/trunk/; revision=33494
2012-03-31 11:39:30 +00:00
Lluís Batlle i Rossell
f4883572d8 Making the init interactive shells handle well console kernel parameters
with extra parameters, like console=ttyS0,115200.


svn path=/nixos/trunk/; revision=33458
2012-03-28 19:58:44 +00:00
Eelco Dolstra
1d3c7e2a2d * Added a ‘deployment.ec2.tags’ option.
svn path=/nixos/trunk/; revision=33449
2012-03-28 13:02:55 +00:00
Joachim Schiele
f4d26eb446 added example for GRUB 2
svn path=/nixos/trunk/; revision=33448
2012-03-28 10:34:40 +00:00
Eelco Dolstra
040042b8a5 * Blackhole the address 169.254.169.254 after we've obtained the user
data to prevent non-root processes from getting the private host
  key.

svn path=/nixos/trunk/; revision=33442
2012-03-27 14:51:08 +00:00
Eelco Dolstra
64241a3e90 * Flush nscd when switching to a new configuration.
svn path=/nixos/trunk/; revision=33441
2012-03-27 14:35:45 +00:00
Eelco Dolstra
da6046ef6b * Fix the generation of resolvconf.conf.
svn path=/nixos/trunk/; revision=33435
2012-03-26 22:14:47 +00:00
Lluís Batlle i Rossell
e9d641014d Not everyone runs nscd. Fixing a boot problem for those who don't.
svn path=/nixos/trunk/; revision=33434
2012-03-26 21:01:46 +00:00
Mathijs Kwik
f31fefdfd9 splitted ssh/sshd X11 forwarding logic. Backward compatible change.
You can now set the forwardX11 config option for the ssh client and server separately.

For server, the option means "allow clients to request X11 forwarding".
For client, the option means "request X11 forwarding by default on all connections".

I don't think it made sense to couple them. I might not even run the server on some machines.
Also, I ssh to a lot of machines, and rarely want X11 forwarding. The times I want it,
I use the -X/-Y option, or set it in my ~/.ssh/config.

I also decoupled the 'XAuthLocation' logic from forwardX11.
For my case where ssh client doesn't want forwarding by default, it still wants to set the path for the cases I do need it.

As this flag is the one that pulls in X11 dependencies, I changed the minimal profile and the no-x-libs config to check that instead now.

svn path=/nixos/trunk/; revision=33407
2012-03-25 15:42:05 +00:00
Lluís Batlle i Rossell
9fb07d4036 Making a reference single-quoted for grubDevices, as after substitution, there
will be doublequoted elements.

Suggested by Kirelagin.


svn path=/nixos/trunk/; revision=33403
2012-03-25 12:36:43 +00:00
Eelco Dolstra
70e1958bb6 * New 64-bit AMIs.
svn path=/nixos/trunk/; revision=33390
2012-03-23 21:22:58 +00:00
Eelco Dolstra
326891443c * dhcpcd: Don't use the "persistent" option. With it, dhcpcd won't
delete routes and addresses when it quits.  This causes those routes
  and addresses to stick around forever, since dhcpcd won't delete
  them when it runs next (even if it acquires a new lease on the same
  interface).  This is bad; in particular the stale (default) routes
  can break networking.

  The downside to removing "persistent" is that you should never ever
  do "stop dhcpcd" on a remote machine configured by dhcpcd.

svn path=/nixos/trunk/; revision=33388
2012-03-23 21:00:32 +00:00
Eelco Dolstra
e32640afab * Don't build 32-bit AMIs anymore, since 64-bit AMIs are now supported
on all instance types.
* Bump the pv-grub AKI.

svn path=/nixos/trunk/; revision=33385
2012-03-23 18:09:40 +00:00
Eelco Dolstra
3d87c27c6d svn path=/nixos/trunk/; revision=33383 2012-03-23 14:23:19 +00:00
Eelco Dolstra
43b5ced96c * Ignore SIGHUP and write errors on stderr to ensure that
switch-to-configuration runs to completion (e.g. if the tty we're on
  got killed).

svn path=/nixos/trunk/; revision=33382
2012-03-23 13:37:22 +00:00
Eelco Dolstra
1949a85987 * Do a sync before switching to a new configuration.
svn path=/nixos/trunk/; revision=33381
2012-03-23 12:29:11 +00:00
Eelco Dolstra
7c75b046ea * Fix the permissions on /dev/vboxuser in VirtualBox guests.
svn path=/nixos/trunk/; revision=33372
2012-03-23 11:52:06 +00:00
Eelco Dolstra
b46e911012 * Fix some references to dhclient.
svn path=/nixos/trunk/; revision=33359
2012-03-22 13:02:42 +00:00
Eelco Dolstra
4ae7819c39 * The idmapd job requires the sunrpc kernel module to be loaded.
(http://hydra.nixos.org/build/2315397)

svn path=/nixos/trunk/; revision=33358
2012-03-22 13:01:06 +00:00
Rob Vermaas
a525074f43 increase size of virtualbox image
svn path=/nixos/trunk/; revision=33357
2012-03-22 12:58:45 +00:00
Eelco Dolstra
2a135eb4d4 * Remove the ‘services.nfs.client.enable’ flag; use
‘boot.supportedFilesystems = [ "nfs" ]’ if needed.

svn path=/nixos/trunk/; revision=33356
2012-03-22 12:24:23 +00:00
Eelco Dolstra
293e3a784d * Ensure a consitent umask in the activation script (reported by
Lluís).

svn path=/nixos/trunk/; revision=33347
2012-03-22 10:17:10 +00:00
Eelco Dolstra
89a21f7a7d * GIDs are supposed to match UIDs.
svn path=/nixos/trunk/; revision=33346
2012-03-22 10:11:15 +00:00
Lluís Batlle i Rossell
5ddae4a83a Changing portmap by rpcbind on nfs services.
That could make rpc.statd work.

Patch by Rickard Nilsson.

I'm not sure we need that netconfig file in etc.


svn path=/nixos/trunk/; revision=33342
2012-03-21 20:37:37 +00:00
Eelco Dolstra
a4a355f764 * Make dhcpcd the default DHCP client.
svn path=/nixos/trunk/; revision=33339
2012-03-21 17:49:54 +00:00
Eelco Dolstra
d12339b282 * Doh.
svn path=/nixos/trunk/; revision=33332
2012-03-21 12:38:11 +00:00
Eelco Dolstra
8884d445b7 * VirtualBox: create a vboxnet0 interface by default.
svn path=/nixos/trunk/; revision=33331
2012-03-21 12:28:14 +00:00
Lluís Batlle i Rossell
20edb255bd Adding idmapd, for NFSv4.
Patch by Rickard Nilsson.

This may fix rpc.statd start.


svn path=/nixos/trunk/; revision=33330
2012-03-21 11:58:06 +00:00
Shea Levy
7a9a33e90d efi-boot-stub: Give startup.sh files more descriptive names
svn path=/nixos/trunk/; revision=33321
2012-03-21 02:05:52 +00:00
Eelco Dolstra
6f03065dce * Move the setting of $MODULE_DIR to modprobe.nix.
* Add a slash to the end of $MODULE_DIR, as expected by depmod.  (Not
  that running depmod from the command line is all that useful, since
  you can't use it to update the tree in the Nix store.  But at least
  commands like "depmod -n" work now.)  Reported by Kirill Elagin on
  IRC.

svn path=/nixos/trunk/; revision=33312
2012-03-20 22:02:27 +00:00
Lluís Batlle i Rossell
6af26254ad Adding xfs support at supportedFilesystems
svn path=/nixos/trunk/; revision=33311
2012-03-20 22:00:32 +00:00
Eelco Dolstra
a22bdbaeda * I hate asynchronous commands.
svn path=/nixos/trunk/; revision=33310
2012-03-20 21:45:24 +00:00
Eelco Dolstra
e86427f037 * Remove an obsolete line.
svn path=/nixos/trunk/; revision=33308
2012-03-20 21:43:13 +00:00
Eelco Dolstra
9d72a2a606 * Wait for RAID resync to complete before rebooting. Booting off an
unsynced volume tends to fail.  (http://hydra.nixos.org/build/2310338)

svn path=/nixos/trunk/; revision=33307
2012-03-20 21:38:38 +00:00
Shea Levy
70eb64c025 Pommed: find the 'eject' command in /var/setuid-wrappers:/home/shlevy/.nix-profile/bin:/home/shlevy/.nix-profile/sbin:/home/shlevy/.nix-profile/lib/kde4/libexec:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/nix/var/nix/profiles/default/lib/kde4/libexec:/var/run/current-system/sw/bin:/var/run/current-system/sw/sbin:/var/run/current-system/sw/lib/kde4/libexec
svn path=/nixos/trunk/; revision=33302
2012-03-20 18:28:32 +00:00
Eelco Dolstra
010578d8a4 * Restrict VirtualBox to users in the vboxusers group.
The VirtualBox build in Nixpkgs is insecure because it uses the
  "--disable-hardened" flag, which disables some checks in the
  VirtualBox kernel module.  Since getting rid of that flag looks like
  too much work, it's better to ensure that only explicitly permitted
  users have access to VirtualBox.

* Drop the 666 permission on "sonypi" because it's not clear why that
  device should be world-writable.

svn path=/nixos/trunk/; revision=33301
2012-03-20 16:30:43 +00:00
Shea Levy
11066067f7 Add nouveau xorg video driver
svn path=/nixos/trunk/; revision=33300
2012-03-20 16:29:22 +00:00
Eelco Dolstra
d9e28560d1 * Emit "expect daemon" for the mountall task. Otherwise it may get a
USR1 signal before it has forked into the background (because it
  will be in the start/running state immediately).

svn path=/nixos/trunk/; revision=33288
2012-03-20 10:17:08 +00:00
Shea Levy
0d67d95f32 Add a module for the pommed tool for Apple laptop keyboards.
svn path=/nixos/trunk/; revision=33286
2012-03-20 04:41:13 +00:00
Shea Levy
6435207dd1 Whoops, actually use the mtrack fork
svn path=/nixos/trunk/; revision=33285
2012-03-20 01:56:39 +00:00
Shea Levy
724b5abe42 xf86-input-multitouch seems to be abandoned, update it with the mtrack fork
svn path=/nixos/trunk/; revision=33283
2012-03-20 01:48:09 +00:00
Shea Levy
14dd95b692 xserver.nix: Automatically support xorg's own video drivers
svn path=/nixos/trunk/; revision=33281
2012-03-19 23:57:26 +00:00
Eelco Dolstra
6093b54b73 * Zabbix: use the path attribute.
svn path=/nixos/trunk/; revision=33278
2012-03-19 19:43:31 +00:00
Eelco Dolstra
a51a83bd8c * Drop obsolete line.
svn path=/nixos/trunk/; revision=33276
2012-03-19 19:34:06 +00:00