Joachim F
e436874ef0
Merge pull request #20919 from joachifm/privoxy-service-improvements
...
Privoxy service improvements
2016-12-06 14:16:28 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening
2016-12-06 01:23:58 +01:00
Joachim Fasting
31d79afbe5
grsecurity docs: note that pax_sanitize_slab defaults to fast
2016-12-06 01:23:51 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions
...
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up
...
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
2016-12-06 01:22:53 +01:00
Joachim Fasting
3dcdc2d2b0
privoxy service: remove static uid
...
The service owns no data, having a static uid serves no purpose.
This frees up uid/gid 32
2016-12-05 13:37:08 +01:00
Joachim Fasting
ad88f1040e
privoxy service: additional isolation
2016-12-05 13:21:31 +01:00
Vladimír Čunát
a1ae627362
nixos GDM: fix #19896
...
- As noted on github, GDM needs different parameters for X.
- Making xserverArgs a true list instead of concat-string helps to
filter it and it feels more correct anyway.
- Tested: gdm+gnome, lightdm+gnome. There seems to be no logout option
in gnome, and gdm doesn't offer other sessions, but maybe these are normal.
2016-12-04 14:54:31 +01:00
Jörg Thalheim
e00632e200
Merge pull request #20858 from Mic92/lxcfs
...
lxcfs: init at 2.0.4
2016-12-04 11:33:07 +01:00
Jörg Thalheim
7c7dc15cbf
lxcfs: add module
2016-12-04 11:26:17 +01:00
Franz Pletz
69bee1b361
Merge pull request #20770 from mguentner/more_ipfs
...
services: IPFS: add test and more config parameters
2016-12-04 01:46:09 +01:00
Franz Pletz
2401f06801
containers: disable dhcpcd on veth bridge interfaces
2016-12-04 01:41:10 +01:00
Graham Christensen
d5cb4d8734
ecryptfs test: use TTY output to stabilize test
2016-12-02 19:36:27 -05:00
Jörg Thalheim
aa854f192e
cgmanager: add module
2016-12-02 13:52:04 +01:00
lbonn
288e75c5f9
wireguard: remove dependency on ip-up.target
...
It was deprecated and removed from all modules in the tree by #18319 .
The wireguard module PR (#17933 ) was still in the review at the time and
the deprecated usage managed to slip inside.
2016-12-01 00:11:16 +01:00
Graham Christensen
b28d21fd50
Merge pull request #20808 from grahamc/fancy-test-tty
...
login test: Create and use direct reads of the TTY contents.
2016-11-30 11:27:49 -05:00
Graham Christensen
cb74fd75d7
login test: Create and use direct reads of the TTY contents.
2016-11-30 00:17:18 -05:00
Tuomas Tynkkynen
8a4d6516ee
Merge remote-tracking branch 'upstream/staging' into master
2016-11-30 00:34:23 +02:00
Franz Pletz
3000ae8602
gitlab service: fix sidekiq queue config
2016-11-29 17:42:46 +01:00
Domen Kožar
75f131da02
acme: ensure nginx challenges directory is writeable
2016-11-29 15:56:01 +01:00
Domen Kožar
69e0740baa
Merge pull request #20795 from cleverca22/netboot
...
make the /nix/store writable under netboot images
2016-11-29 15:47:39 +01:00
michael bishop
e710edeecf
make the /nix/store writable under netboot images
2016-11-29 10:31:07 -04:00
Erik Rybakken
2f0cc0d3f0
unclutter-xfixes service: init
...
Closes #18398
2016-11-29 14:25:32 +01:00
Joachim F
8eefcb5c09
Merge pull request #19900 from michalpalka/xen-fix-xen-bridge2
...
xen service: fix wrong netmask handed out by xen-bridge.service
2016-11-28 16:31:05 +01:00
Joachim F
944868dd9b
Merge pull request #19851 from michalpalka/xen-fix-xen-bridge
...
xen service: fix iptables race condition in xen-bridge.service
2016-11-28 16:30:16 +01:00
Maximilian Güntner
f7c099bd8c
tests: added basic ipfs test
...
$getter can be used once ipfs supports private/local networks
and or internet gets routed to the VMs
Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-11-28 15:33:58 +01:00
Maximilian Güntner
0526a5c90a
services: add gatewayAddress and apiAddress to ipfs
...
Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-11-28 15:33:51 +01:00
Aycan iRiCAN
37715d1f46
hydra-module: add cfg.package to hydra-evaluator path
2016-11-28 15:53:44 +02:00
Joachim Fasting
e99228db30
grsecurity module: force a known good kernel package set
...
Previously, we would only set a default value, on the theory that
`boot.kernelPackages` could be used to sanely configure a custom grsec
kernel. Regrettably, this is not the case and users who expect e.g.,
`boot.kernelPackages = pkgs.linuxPackages_latest` to work will end up
with a non-grsec kernel (this problem has come up twice on the bug
tracker recently).
With this patch, `security.grsecurity.enable = true` implies
`boot.kernelPackages = linuxPackages_grsec_nixos` and any customization
must be done via package override or by eschewing the module.
2016-11-28 12:11:04 +01:00
Sophie Taylor
016fa06c71
cjdns: Improving systemd unit description
2016-11-27 22:07:51 -05:00
Ruben Maher
9c9a21d525
matrix-synapse service: Make url_preview_enabled optional ( #20609 )
2016-11-28 03:33:48 +01:00
Franz Pletz
e394c305a8
Merge pull request #20620 from rnhmjoj/fakeroute
...
fakeroute: init at 0.3
2016-11-28 03:01:15 +01:00
pngwjpgh
bcc9a6ac75
infinoted service: init
...
Service module for the dedicated gobby server included in libinfinity
2016-11-27 17:23:21 +01:00
Michael Raskin
36010e7046
Merge pull request #20366 from MarcWeber/submit/apache-port-to-listen
...
apache-httpd
2016-11-26 13:37:02 +00:00
Vladimír Čunát
925b335607
Merge branch 'master' into staging
2016-11-26 11:27:09 +01:00
Vladimír Čunát
8ebfce0eda
display-managers module: improve variable quoting
...
Fixes #20713 , though I'm certain nixpkgs contains loads of places
without proper quoting, as (ba)sh unfortunately encourages that.
The only plus side is that most of such problems in nixpkgs aren't
actually security problems but mere annoyance to those who are foolish
enough to use "weird" characters in critical names.
2016-11-26 11:23:31 +01:00
Robert Helgesson
8a424e3fbd
tahoe service: use ExecStart instead of script
...
Since only a single command is necessary to start Tahoe it is sufficient
to use ExecStart and thereby skip starting up Bash (and leaving it
running).
2016-11-25 21:49:34 +01:00
Jaka Hudoklin
3b500d37f5
Merge pull request #19023 from offlinehacker/kube-update
...
WIP: kubernetes update package and module
2016-11-24 23:10:01 +01:00
Frederik Rietdijk
25a9889f0e
blivet test: use python2
2016-11-24 22:28:03 +01:00
Corbin Simpson
27f1def068
nixos/collectd: Fix syntax error on some hostnames. ( #20694 )
...
Without this, hostnames that e.g. end in digits will cause syntax errors for
collectd.
2016-11-24 21:47:17 +01:00
rnhmjoj
7eb9a03221
fakeroute: add service
2016-11-23 15:23:10 +01:00
Eelco Dolstra
d97a379510
Merge pull request #20641 from mayflower/fix/installer-closure-size
...
Reduce closure size of installer images
2016-11-23 12:49:46 +01:00
Joachim F
a6f392abd6
Merge pull request #20385 from ericsagnes/feat/i3-refactor
...
i3 module: refactor
2016-11-23 05:11:14 +01:00
Franz Pletz
6de991bd95
nixos: compress squashfs with xz
2016-11-23 02:24:13 +01:00
Franz Pletz
da600849e3
nixos: disable sound for minimal ISO
...
Saves a few megabytes of ALSA stuff.
2016-11-23 02:24:13 +01:00
Franz Pletz
f983743d75
w3m-nox: use imlib2 without X11 support
...
Also, the minimal live CD previously installed both the X11 and
non-X11 versions (through services.nixosManual) of w3m.
2016-11-23 02:24:12 +01:00
Franz Pletz
ffac67fcf3
nixos/base: don't include dar & cabextract in ISO
...
Should free up lots of space due to dependency on gnupg, which dpeends on
openldap which pull in gcc.
2016-11-23 02:24:11 +01:00
Eric Sagnes
2b1d67a275
manual: reviewing contributions nixos -> nixpkgs ( #20626 )
2016-11-22 15:15:02 +01:00
Franz Pletz
d94e93ccdf
Merge pull request #19588 from Shados/add-dante
...
Add dante package & accompanying service module
2016-11-22 15:10:46 +01:00
Franz Pletz
2f1be760da
nixos/release: add containers-tmpfs test
...
cc #20557
2016-11-22 15:05:45 +01:00