Commit Graph

986 Commits

Author SHA1 Message Date
Bernardo Meurer
b29e3bb892
nixos/console: inird -> initrd 2022-04-30 14:43:09 -07:00
Janne Heß
18363cad97
nixos/console: Allow setting keymap without font 2022-04-30 11:22:08 +02:00
Sandro
6df0dae4f9
Merge pull request #118387 from raboof/document-how-to-disable-nss
Improved error message on disabling NSS modules when disabling nscd
2022-04-16 22:55:40 +02:00
Janne Heß
0efb6720a4
nixos/console: Fix attribute path to fix eval 2022-04-14 22:07:41 +01:00
Janne Heß
6d6c1c341c
nixos/stage-1-systemd: Add keymap support
Makes my life a lot easier with my non-american keyboard layout
2022-04-14 10:25:04 +01:00
Emil Karlson
a03b332b81 nixos/terminfo: add enableAllTerminfo option
Add an option to install all .terminfo packages, normally this should
add no runtime bloat, if caches are used.
2022-04-13 10:04:31 +03:00
Federico Beffa
9fc01af1cc nixos/users-group: Add 'homeMode' option. 2022-04-11 13:16:38 +02:00
Sandro
b9ddfd63b7
Merge pull request #162996 from alyssais/resolvconf-disable 2022-03-27 12:25:14 +02:00
Luna Nova
95077158aa
nixos/fonts: Remove ancient bitmap fonts from defaultXFonts
See https://github.com/NixOS/nixpkgs/issues/160740
2022-03-13 15:37:48 -07:00
Alyssa Ross
70d3697f8c
nixos/resolvconf: allow disabling
For systems without internet connections, it doesn't make sense to
require the existence of an /etc/resolv.conf file to disable
resolvconf, so let's expose networking.resolveconf.enable as a public
option that can be set to false.
2022-03-06 11:47:29 +00:00
eyjhb
db74bf5375
nixos/users: isSystemUser below 1000 above 400
To reflect changes done in 23d920c8f0
2022-02-26 22:53:03 +01:00
Robert Hensing
e3cfad0b9e nixos/users: Fix type error
Fixes what seems to be a programming error that went undetected by
me and @pasqui23

See https://github.com/NixOS/nixpkgs/issues/158279
2022-02-05 22:38:56 +01:00
Pasquale
07abf6942f
nixos/users:added users.allowLoginless
Correct the assertion logic

Fixed indentation

Better wording od allowLoginless' description

Co-authored-by: Eelco Dolstra <edolstra@gmail.com>

Better formatting

Co-authored-by: Eelco Dolstra <edolstra@gmail.com>

allowLoginless -> allowNoPasswordLogin

Clarified users.allowNoPasswordLogin's  description

Clarified assertion expression

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>

Reworded assertion message to gude to safer alternative
2022-02-05 16:00:55 +01:00
Jan Tojnar
d843a692ae
Merge pull request #148344 from pasqui23/portals
nixos/xdg-portals: add portals to systemPackages
2022-01-26 19:22:49 +01:00
Pasquale
e9c4910524
nixos/xdg-portals: add portals' desktop files to XDG_DATA_DIRS 2022-01-26 18:45:42 +01:00
Vladimír Čunát
24bb158cf0
Merge #143715: nixos/malloc: fix scudo on aarch64-linux 2022-01-18 17:39:33 +01:00
Nikolay Amiantov
f2c5970a76 users-groups service: add autoSubUidGidRange option
Previously we allocated subuids automatically for all normal users.
Make this explicitly configurable, so that one can use this for system
users too (or explicitly disable for normal users). Also don't allocate
automatically by default if a user already has ranges specified statically.
2022-01-09 09:43:55 +03:00
Robert Hensing
d75b85c5dc
Merge pull request #147690 from pasqui23/hosts
concatTextFile: init
2022-01-08 20:40:31 +01:00
Graham Christensen
06edb74413
Merge pull request #148785 from pennae/more-option-doc-staticizing
treewide: more defaultText for options
2021-12-17 11:14:08 -05:00
pennae
0eaf46a1dc nixos/system-path: add defaultText for defaultPackages 2021-12-09 01:42:24 +01:00
pennae
e24a8775a8 treewide: set defaultText for options using simple path defaults
adds defaultText for all options that set their default to a path expression
using the ubiquitous `cfg` shortcut bindings.
2021-12-09 01:12:13 +01:00
Artturi
779a657e37
Merge pull request #148649 from Artturin/sgxgid
nixos: add sgx group with gid 304
2021-12-06 17:05:00 +02:00
Artturin
fc4df13e26 nixos: add sgx group with gid 304
fix Unknown group 'sgx', ignoring message from udev
2021-12-05 01:37:43 +02:00
pennae
2512455639 nixos/*: add trivial defaultText for options with simple defaults 2021-12-02 22:35:04 +01:00
Pasquale
f81734f4e6
nixos/networking: using concatTextFile 2021-11-28 01:40:05 +01:00
Artturin
17c61e9772 nixos/swap: remove fallocate and use dd as the main swap creation method
https://github.com/NixOS/nixpkgs/issues/144572
https://github.com/NixOS/nixpkgs/issues/91986

nixos/swap: remove expansion if else because the file is already
recreated if file size is not the same as the configured size

nixos/swap: remove old fixme
2021-11-13 17:49:42 +02:00
bb2020
8a3a429da6 nixos/swap: add randomEncryption.allowDiscards option 2021-11-08 18:17:00 +03:00
06kellyjac
9ac11c0762 nixos/malloc: fix scudo on non-x86_64 machines 2021-10-29 19:56:17 +01:00
Julien Moutinho
661207ce7e nixos/console: fix cross-compiling 2021-10-20 02:15:09 +02:00
Michele Guerini Rocco
02fc8c2367
Merge pull request #140723 from rnhmjoj/pr-fontdir-headless
nixos/fontdir: always link the font directory
2021-10-11 19:42:19 +02:00
rnhmjoj
a27dc95e72
nixos/fontdir: always link the font directory
This fixes the fonts directory availability when not running an xserver,
such as headless machines.
2021-10-06 08:52:39 +02:00
Naïm Favier
2ddc335e6f
nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
Vladimír Čunát
8be5516756
Merge #138918: Fix several NixOS errors in Hydra evaluation
In particular, this should unblock the trunk-combined jobset.
2021-09-22 17:28:37 +02:00
rnhmjoj
88b3c29cf1
nixos: heimdalFull -> heimdal
The package has been renamed in 2018-05-01.
2021-09-22 11:20:30 +02:00
Sandro
bfc38d3d0d
Merge pull request #125966 from ju1m/apparmor 2021-09-21 22:10:10 +02:00
Mikael Voss
5437b17b8e
nixos/malloc: add mimalloc 2021-09-20 19:10:28 +02:00
Michele Guerini Rocco
1cf01b5215
Merge pull request #138207 from rnhmjoj/layouts
nixos/extra-layouts: avoid all rebuilds
2021-09-19 01:10:55 +02:00
figsoda
f181160d4b
Merge pull request #120087 from figsoda/xdg-mime
nixos/xdg/mime: add config for associations between mimetypes and applications
2021-09-17 17:27:46 -04:00
rnhmjoj
e4da1edf8b
nixos/extra-layouts: avoid all rebuilds
Just setting the XKB_CONFIG_ROOT should be enough, so we don't need to
rebuild the xserver, xkbcomp and other packages anymore.
However, the variable has to be passed explicitely to scripts running at
build time: in particular to xkbvalidate and xkb-console-keymap.
2021-09-17 01:48:46 +02:00
Guillaume Girol
3592034595
Merge pull request #133166 from symphorien/nonogroup
Don't default to nogroup for the primary group of users.
2021-09-13 18:29:21 +00:00
figsoda
ec2690c67f nixos/xdg/mime: add config for associations
between mimetypes and applications
2021-09-12 21:02:40 -04:00
Janne Heß
a851b4d20e
nixos/users-groups: Add dry mode 2021-09-07 10:30:42 +02:00
Guillaume Girol
0f15a8f489 nixos/users-groups: don't default users.users.<name>.group to nogroup
this is unsafe, as many distinct services may be running as the same
nogroup group.
2021-09-03 21:22:07 +02:00
rnhmjoj
9e8fcb0184
nixos/fonts: fixup dd38ae1f 2021-08-29 11:03:13 +02:00
Michele Guerini Rocco
296da7b2f8
Merge pull request #133303 from rnhmjoj/cursor
nixos/hidpi: scale X11 core cursor
2021-08-25 21:07:47 +02:00
Silvan Mosberger
1ad73dadd2
Merge pull request #132836 from Infinisil/populate-members
nixos/users: Populate group members option
2021-08-25 20:17:09 +02:00
Jörg Thalheim
9b962429be
Merge pull request #133014 from Mic92/fix-pam
nixos: reduce pam files rebuilds on updates
2021-08-20 23:23:42 +01:00
Jörg Thalheim
1645acf1d3 nixos: reduce pam files rebuilds on updates
Before whenever environment variables changed, pam files had to be
rebuild.

This is expensive since each file needs its own sandbox set up.
2021-08-20 23:43:30 +02:00
Nikolay Amiantov
bd18e491a9 fontconfig service: drop dpi option
Recommend to use services.xserver.dpi option instead. Mention in the
documentation that it's a sledgehammer approach and monitor settings should be
used instead.

Also don't set DPI in fontconfig settings; fontconfig should use Xft settings
by default so let's not override one value in multiple places. For example,
user now can set DPI via ~/.Xresources properly.
2021-08-20 16:55:07 +00:00
Robert Hensing
fbafeb7ad5 treewide: runCommandNoCC -> runCommand
This has been synonymous for ~5y.
2021-08-15 17:36:41 +02:00
rnhmjoj
dd38ae1f2c
nixos/fonts: scale X11 core cursor
Most desktop environments manage the cursor using the Xcursor library
by default; this comes with scalable or multiple-sized cursor themes.
However, when running just a simple WM (twm, bspwm, ...) the cursor
handling is left to the X server, which uses a very simple fixed bitmap
font (this is called a "core" cursor). The font is uncomfortably small
on a high DPI display and must be replaced with a saner default.

Up until recently[1] it used to be possible to change the font on the
xserver command line, however the font name is now hardcoded. It's still
possible to change it, though: here I override the `fontcursormisc`
package and set an alias that points to a vector variant of the original
cursor font. The font size is set to match the standard cursor
dimensions on a 96dpi display. It's not perfect but it's a very simple
and effective solution.

[1]: 56ea4c769c
2021-08-15 12:01:38 +02:00
Silvan Mosberger
ea00f991c0 nixos/users: Populate group members option
This change makes it so that accessing config.users.groups.*.members isn't
empty by default, but instead contains all the users whose `extraGroups`
includes that group, allowing fancy things like

  { config, ... }: {
    users.groups.libvirt.members = config.users.groups.wheel.members;
  }

to add all users in the wheel group to the libvirt group
2021-08-08 18:40:06 +02:00
Ben Siraphob
b63a54f81c
Merge pull request #110742 from siraben/deprecate-fold 2021-07-27 15:13:31 +07:00
Jörg Thalheim
e2561ba61f
Merge pull request #129408 from kurnevsky/swap-luks-discards
nixos/swap: allow luks discards if swap discards are enabled
2021-07-23 11:11:04 +01:00
Robert Hensing
98352288bd
Merge pull request #128032 from Artturin/add-swap-options
nixos/swap: add options option
2021-07-23 10:45:53 +02:00
Artturin
c971de97c4 nixos/swap: add options option 2021-07-20 20:51:27 +03:00
Florian Klink
c1536f5c78 nixos/systemd: fix NSS database ordering
- The order of NSS (host) modules has been brought in line with upstream
  recommendations:

  - The `myhostname` module is placed before the `resolve` (optional) and `dns`
    entries, but after `file` (to allow overriding via `/etc/hosts` /
    `networking.extraHosts`, and prevent ISPs with catchall-DNS resolvers from
    hijacking `.localhost` domains)
  - The `mymachines` module, which provides hostname resolution for local
    containers (registered with `systemd-machined`) is placed to the front, to
    make sure its mappings are preferred over other resolvers.
  - If systemd-networkd is enabled, the `resolve` module is placed before
    `files` and `myhostname`, as it provides the same logic internally, with
    caching.
  - The `mdns(_minimal)` module has been updated to the new priorities.

  If you use your own NSS host modules, make sure to update your priorities
  according to these rules:

  - NSS modules which should be queried before `resolved` DNS resolution should
    use mkBefore.
  - NSS modules which should be queried after `resolved`, `files` and
    `myhostname`, but before `dns` should use the default priority
  - NSS modules which should come after `dns` should use mkAfter.
2021-07-17 23:55:35 +02:00
Evgeny Kurnevsky
11c0384bf0
nixos/swap: allow luks discards if swap discards are enabled 2021-07-06 10:18:58 +03:00
Jacob Hrbek
55a211ae31 Removed wrong comment 2021-06-30 21:32:08 +02:00
Jacob Hrbek
67af267cf7 Update nixos/modules/config/shells-environment.nix
lgtm

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-06-30 21:27:56 +02:00
Jacob Hrbek
9e166662e0 localBinInPath: Initial commit 2021-06-27 07:31:45 +00:00
Minijackson
f4dd218c7c
nixos/xdg/portal/wlr: init 2021-06-20 11:53:45 +02:00
Sandro
2b49e4e735
Merge pull request #107728 from nessdoor/master 2021-06-15 14:40:21 +02:00
Naïm Favier
39bc736382
nixos/console: allow console.font to be a path
As for console.keyMap, all uses of this option are compatible with paths. This allows doing things like `console.font = pkgs.runCommand ...`.
2021-06-12 13:24:32 +02:00
Vladimír Čunát
2ee781417e
nixos/*: replace alsa* aliases
The attributes got renamed in PR #126440 and in some places this caused
evaluation errors, e.g. the tarball job was saying (locally)
> attribute 'alsaUtils' missing, at /build/source/nixos/modules/services/audio/alsa.nix:6:4
and I suspect that trunk-combined jobset's failure to evaluate was also caused.
2021-06-10 09:46:55 +02:00
Julien Moutinho
22e52be3b3 nixos/apparmor: allow closure of selected mallocLib, fixes #125415 2021-06-06 17:51:12 +02:00
Tomas Antonio Lopez
b922fa959b nixos/swap: add discardPolicy option
Add option for activating discards on swap partitions (none, once, pages and both).
2021-05-19 21:23:35 +09:00
Michael Raskin
d04f1c4314
Merge pull request #101071 from ju1m/apparmor
apparmor: try again to fix and improve
2021-04-24 11:24:26 +00:00
davidak
fabdd46503 kbdKeymaps: remove
dvp and neo are now included in kbd

includes documentation in release notes and alias
2021-04-23 16:41:06 +02:00
Julien Moutinho
05d334cfe2 Revert "Revert "apparmor: fix and improve the service""
This reverts commit 420f89ceb2.
2021-04-23 07:17:55 +02:00
Alyssa Ross
9e400a8b93 nixos/users-groups: check format of passwd entries
Things will get quite broken if an /etc/passwd entry contains a
colon (which terminates a field), or a newline (which terminates a
record).  I know because I just accidentally made a user whose home
directory path contained a newline!

So let's make sure that can't happen.
2021-04-22 13:18:38 +00:00
Bernardo Meurer
411d6aeb06
nixos/modules/config/iproute2: avoid using iproute alias 2021-04-20 01:01:33 -07:00
Symphorien Gibol
7a87973b4c nixos/users: require one of users.users.name.{isSystemUser,isNormalUser}
As the only consequence of isSystemUser is that if the uid is null then
it's allocated below 500, if a user has uid = something below 500 then
we don't require isSystemUser to be set.

Motivation: https://github.com/NixOS/nixpkgs/issues/112647
2021-04-14 20:40:00 +02:00
Jan Tojnar
c04a14edd6 Merge branch 'master' into staging-next 2021-04-06 16:01:14 +02:00
Lassulus
e2080b39e6
Merge pull request #89951 from KoviRobi/nixos-user-name-not-attr-name
nixos/users-groups: Use user name not attribute name for /etc/profiles/…
2021-04-05 13:52:25 +02:00
Arnout Engelen
5610ff5ba1
Improved error message on disabling NSS modules when disabling nscd
Move the hint from a comment to the error message, and provide a clearer
example of how to achieve it.
2021-04-03 18:20:11 +02:00
rnhmjoj
61b7cab481
treewide: use perl.withPackages when possible
Since 03eaa48 added perl.withPackages, there is a canonical way to
create a perl interpreter from a list of libraries, for use in script
shebangs or generic build inputs. This method is declarative (what we
are doing is clear), produces short shebangs[1] and needs not to wrap
existing scripts.

Unfortunately there are a few exceptions that I've found:

  1. Scripts that are calling perl with the -T switch. This makes perl
  ignore PERL5LIB, which is what perl.withPackages is using to inform
  the interpreter of the library paths.

  2. Perl packages that depends on libraries in their own path. This
  is not possible because perl.withPackages works at build time. The
  workaround is to add `-I $out/${perl.libPrefix}` to the shebang.

In all other cases I propose to switch to perl.withPackages.

[1]: https://lwn.net/Articles/779997/
2021-03-31 21:35:37 +02:00
Samuel Gräfenstein
e6cd793a74
nixos/config: move nano to defaultPackages
Some people already have another editor installed and may want to
get rid of applications they don't use.
2021-03-30 11:50:03 +02:00
Jaakko Luttinen
099a9e809c nixos/update-users-groups: read access to /etc/shadow for group shadow 2021-03-18 00:08:35 -07:00
Kovacsics Robert
af4adb1dd2 nixos/users-groups: Use user name not attribute name for /etc/profiles/...
This cropped up, because I have a set-up where my work username is
different to my home desktop username, and I am using a parameterized
config for both, so I have something akin to

    config.users.users.default-user = ...;

and using

    config.users.users.default-user.{name, home}

in certain places to cope with this. Noticed my home-manager bought in
packages (which use the users.users.<name>.packages hence NixOS issue
not home-manager) weren't present.
2021-02-27 12:45:49 +00:00
Florian Klink
47589ade46
Merge pull request #113804 from rnhmjoj/no-udev-settle-2
nixos/console: fix console setting reloading
2021-02-22 23:22:04 +01:00
rnhmjoj
9be0529210
nixos/console: fix console setting reloading
It's a dull and boring day, it's cold outside and I'm stuck at home: let
me tell you the story of systemd-vconsole-setup.

In the beginnings of NixOS[1], systemd-vconsole-setup was a powerful
sysinit.target unit, installed and running at boot to set up fonts
keyboard layouts and even colors of the virtual consoles. If needed, the
service would also be restarted after a configuration change, consoles
were happy and everything was good, well, almost.

Since the service had no way to specify the dependency "ttys are ready",
modesetting could sometimes happen *after* systemd-vconsole-setup had
started, leaving the console in a broken state. So abbradar worked
around that by putting a systemd-udev-settle `After=`.

In the meanwhile, probably realizing their mistake, systemd added a
shiny udev rule to start the systemd-udev-settle at the right time[2].
However, the rule bypassed systemd by directly running the binary
`systemd-udev-settle`, and the service - though still installed - fell
into disuse.

Two years would pass before a good samaritan, seeing the poor jobless
systemd-udev-settle service, decided to give it the coup de grâs[3] by
unlisting it from the installed units.
This, combined with another bug, caused quite a commotion[4] in NixOS;
to see why remember the fact that `WantedBy=` in upstream units doesn't
work[5], so it had to be added manually in cc542110, but while systemd
removed it, the NixOS unit continued to install and restart the service,
making a lot of fuss when switching configuration.

After at least thee different tentative fixes, deedrah realised[6] what
the root cause was and fpletz put the final nail[7] in the coffin of
systemd-udev-settle. The service would never see the light of a boot
again, NixOS would not restart it all the time but thanks to udev
consoles would still get their pretty fonts and playful colors.

The En..

..no, wait! You should ask what came of systemd-udev-settle, first.
And why is the service even around if udev is doing all the work?

Udev-settle, like the deceitful snake that he is, laid hidden for years.
He looks innocuous doesn't it? A little hack. Only until it leaves his
den and a poor user[8] drops dead. Obviously, it serves no purpose, as
the service is not part of the boot process anymore, so let's remove it
for good!

About the service, it may not be useful at boot, but it can be started
to pick up changes in vconsole.conf and set the consoles accordingly.
But wait, this doesn't work anymore: the service is never started at
boot (remember f76d2aa6), so switch-to-configuration.pl will not restart
it. Fortunately it can be repaired: here I install a new unit which
does *nothing* on start, but restarts the real service when reloaded.
This perfectly reproduces the original behavior, hopefully without the
original bugs too.

The End?

[1]: cc54211069
[2]: f6ba8671d8 (diff-84849fddcef81458f69725dc18c6614aade5c4f41a032b6908ebcf1ee6740636)
[3]: 8125e8d38e
[4]: https://web.archive.org/web/20180603130107/https://github.com/NixOS/nixpkgs/issues/22470
[5]: https://github.com/NixOS/nixpkgs/issues/81138
[6]: https://web.archive.org/web/20180603130107/https://github.com/NixOS/nixpkgs/issues/22470#issuecomment-330930456
[7]: f76d2aa6e3
[8]: https://github.com/NixOS/nixpkgs/issues/107341
2021-02-21 10:27:34 +01:00
nicoo
c8dcbfc047 nixos/swap: Remove dependency on rngd (module removed) 2021-02-21 01:33:50 +01:00
Lassulus
2489d95c1c
Merge pull request #110627 from 4z3/use-real-user-name-for-per-user-packages
nixos/users: use proper name for per-user packages
2021-02-15 12:45:24 +01:00
Ben Siraphob
1c2a2b0a08 treewide: fold -> foldr 2021-01-26 10:57:07 +07:00
Yorick van Pelt
9df9c1992b
beam-packages: move wxSupport arg up to package set, add beam_nox
This allows us to override the erlang wxSupport argument globally from
an overlay, fixing builds for e.g. rabbitmq with noXlibs set.
2021-01-24 21:04:52 +01:00
volth
bc0d605cf1 treewide: fix double quoted strings in meta.description
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
2021-01-24 19:56:59 +07:00
tv
530d3ffbcc nixos/users: use proper name for per-user packages
Fixes #107353
2021-01-23 21:36:14 +01:00
Scriptkiddi
1572940688
networking, chrony, ntpd, timesyncd: add timeServers option type 2021-01-20 10:54:24 +01:00
WORLDofPEACE
35ad1687a7
Merge pull request #109060 from MetaDark/nixos/xdg/portal
nixos/xdg/portal: fix loading portals from systemd service
2021-01-20 03:29:16 -05:00
Pavol Rusnak
66dc9dbb59
nixos/modules: stdenv.lib -> lib 2021-01-17 21:40:51 +01:00
Kira Bruneau
a13064ae27 nixos/xdg/portal: fix loading portals from systemd service 2021-01-11 19:22:22 -05:00
Masanori Ogino
d1d6403cb5 nixos/networking: make /etc/netgroup by default
This will prevent nscd from complaining /etc/netgroup being absent.

Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
2021-01-10 11:01:48 +09:00
Benjamin Asbach
e02bf0737b nufraw: init at 0.43-3
`nufraw` is used to manipulate raw images.
`nufraw-thumbnailer` is used to generate thumbnails for raw images.

relates #108444
2021-01-07 22:41:34 +01:00
Florian Klink
88738dd72d
Merge pull request #106787 from flokli/console-optional-display-manager
nixos/console: fix Before= on the systemd-vconsole-setup unit
2021-01-02 11:04:14 +01:00
Niklas Hambüchen
9206c0d115
Merge pull request #41966 from aneeshusa/allow-mutable-shells-for-declarative-users
nixos/users: Allow mutable shells for declarative users
2020-12-31 02:03:22 +01:00
rnhmjoj
9728907cd3
console: remove console.extraTTYs option
This closes issue #88085
2020-12-17 21:29:33 +01:00
Klemens Nanni
8833983f26 nixos/users-groups: createHome: Ensure HOME permissions, fix description
configuration.nix(1) states

    users.extraUsers.<name>.createHome
        [...] If [...] the home directory already exists but is not
        owned by the user, directory owner and group will be changed to
        match the user.

i.e. ownership would change only if the user mismatched;  the code
however ignores the owner, it is sufficient to enable `createHome`:

    if ($u->{createHome}) {
        make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
        chown $u->{uid}, $u->{gid}, $u->{home};
    }

Furthermore, permissions are ignored on already existing directories and
therefore may allow others to read private data eventually.

Given that createHome already acts as switch to not only create but
effectively own the home directory, manage permissions in the same
manner to ensure the intended default and cover all primary attributes.

Avoid yet another configuration option to have administrators make a
clear and simple choice between securely managing home directories
and optionally defering management to own code (taking care of custom
location, ownership, mode, extended attributes, etc.).

While here, simplify and thereby fix misleading documentation.
2020-12-16 03:40:29 +01:00
Florian Klink
536988b35e nixos/console: fix Before= on the systemd-vconsole-setup unit
Only set Before=display-manager.service if it is actually present.

On headless systems, `systemctl list-units --state not-found` will
otherwise show display-manager.service.

Reported-In: https://github.com/NixOS/nixpkgs/issues/88597
2020-12-12 21:21:51 +01:00
Linus Heckemann
f448ec3365
Merge pull request #98731 from mayflower/ldap-nss-optional
config.users.ldap: do not include nss module if turned off
2020-12-12 10:53:39 +01:00
Aaron Andersen
9826371e44
Merge pull request #101224 from aanderse/ldap
nixos/ldap: restart nslcd when configuration changes
2020-12-11 17:18:12 -05:00
Luke Granger-Brown
ad62155cb6 nixos/zram: add zramSwap.memoryMax option
This allows capping the total amount of memory that will be used for
zram-swap, in addition to the percentage-based calculation, which is
useful when blanket-applying a configuration to many machines.

This is based off the strategy used by Fedora for their rollout of
zram-swap-by-default in Fedora 33
(https://fedoraproject.org/wiki/Changes/SwapOnZRAM), which caps the
maximum amount of memory used for zram at 4GiB.

In future it might be good to port this to the systemd zram-generator,
instead of using this separate infrastructure.
2020-11-25 13:43:38 +00:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
Joachim F
547d660f64
Merge pull request #104052 from TredwellGit/nixos/malloc
nixos/malloc: fix Scudo
2020-11-21 14:31:58 +00:00
Graham Christensen
75d7828724
Merge pull request #98544 from Mic92/unfuck-update-user-group
nixos/update-user-groups: Fix encoding issues + atomic writes
2020-11-20 10:28:52 -05:00
TredwellGit
fc6948cd47 nixos/malloc: fix Scudo
Fixes segmentation faults.
https://github.com/NixOS/nixpkgs/issues/100799
2020-11-17 09:11:31 -05:00
Gabriel Ebner
753656bbbc
Merge pull request #103225 from gebner/hsphfpd
pulseaudio: add hsphfpd support
2020-11-11 19:56:35 +01:00
WORLDofPEACE
fcef646736
Merge pull request #93431 from sorki/audio/pulseJack
nixos/jack,pulseaudio: fix pulse connection to jackd service
2020-11-09 19:40:12 -05:00
Edmund Wu
0e4d0d95d0 treewide: generate pulseaudio pulseDir 2020-11-09 19:24:42 +01:00
Ivan Tham
f6136d06ff
fontdir: add ttc to font regex
.ttc fonts are used by noto-fonts-cjk
2020-10-26 10:45:22 +08:00
Klemens Nanni
3216b85713 nixos/system-path: Add mkpasswd(1)
Generating password hashes, e.g. when adding new users to the system
configuration, should work out-of-the-box and offline.
2020-10-26 03:40:11 +01:00
Aaron Andersen
ae02e1fe53 nixos/ldap: minor cosmetic fixes 2020-10-20 19:50:18 -04:00
Aaron Andersen
a1acbfbfcb nixos/ldap: add missing types 2020-10-20 19:50:18 -04:00
Aaron Andersen
d89aff670a nixos/ldap: restart nslcd when configuration changes 2020-10-20 19:50:17 -04:00
Florian Klink
6e5ccaa34f
Merge pull request #100657 from flokli/network-manager-sstp
networkmanager-sstp: init at unstable-2020-04-20, bump sstp from 1.0.12 to 1.0.13
2020-10-21 00:33:13 +02:00
Florian Klink
e992089137 nixos/no-x-libs: add networkmanager-sstp 2020-10-21 00:04:02 +02:00
David Reiss
49a749c729 nixos/pam_mount: add pamMount attribute to users
This attribute is a generalized version of cryptHomeLuks for creating an
entry in /etc/security/pam_mount.conf.xml. It lets the configuration
control all the attributes of the <volume> entry, instead of just the
path. The default path remains the value of cryptHomeLuks, for
compatibility.
2020-10-14 22:55:55 -07:00
Frederik Rietdijk
ec28e32c9e Merge master into staging-next 2020-10-08 21:47:26 +02:00
Vladimír Čunát
420f89ceb2
Revert "apparmor: fix and improve the service"
This reverts commit fb6d63f3fd.

I really hope this finally fixes #99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011

Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
2020-10-07 12:22:18 +02:00
Frederik Rietdijk
692d219a93 Merge staging-next into staging 2020-10-06 10:25:58 +02:00
Emilio Perez
52f028f2d9 nixos/xwayland: add new module and allow configuring a default font path
- Add option `programs.xwayland.defaultFontPath`
- Modify sway to enable Xwayland
2020-10-04 14:56:30 +01:00
Emilio Perez
f41f53dc49 nixos/fontdir: add option to decompress fonts
This will let Xwayland use the global font folder as font path
2020-10-04 14:56:30 +01:00
Emilio Perez
c99bd9bedf nixos/fontdir: add group of options for fontDir
Renaming enableFontDir to fontDir.enable
2020-10-04 14:56:29 +01:00
rnhmjoj
eda7e23ea4 nixos/fontdir: add the directory to the xserver font paths 2020-10-04 14:56:29 +01:00
Emilio Perez
a5c0ba4004 nixos/fontdir: use regexp to find font files 2020-10-04 14:56:29 +01:00
Emilio Perez
a5618e6187 nixos/fontdir: gather more font formats
- Fix wrong order in which font indexes are created
mkfontdir requires the file fonts.scale to consider scalable fonts,
thus, mkfontscale should be run before

- Search more font formats, in particular, bit-mapped formats
2020-10-04 14:56:29 +01:00
Jonathan Ringer
46e27bcb16 nixos/tests: fix x11 tests 2020-09-30 09:09:56 -07:00
Jan Tojnar
32b4375f10
Merge branch 'staging-next' into staging 2020-09-29 00:12:29 +02:00
Michael Raskin
31a4e2e28b
Merge pull request #93457 from ju1m/apparmor
apparmor: fix and improve the service
2020-09-27 13:07:38 +00:00
Cole Helbling
937359fcf1
nixos/update-users-groups: /etc/shadow owned by root:shadow 2020-09-25 09:38:35 -07:00
Robin Gloster
a485504740 config.users.ldap: do not include nss module if turned off 2020-09-25 12:03:42 +02:00
Jörg Thalheim
99406adaae
nixos/update-users-groups: write files truly atomic
Having the .tmp suffix is broken w.r.t. to multiple writers,
as they would overwrite existing files. using the atomic flag
will make write_file to create a unique temporary file it gets renamed
to its target.
2020-09-23 10:51:01 +02:00
Jörg Thalheim
f072d4dadc
nixos/update-users-groups: fix encoding of json database
The issue here is that updateFile expects a unicode string while
encode_json returns a binary string unlike to_json.
2020-09-23 10:50:57 +02:00
Jörg Thalheim
52bdb3eb7b
nixos/update-users-group: treat all file as utf-8
Ideally we would treat everything as bytes however our database is
already utf-8 encoded so we need to stay compatible.
2020-09-23 10:50:55 +02:00
Robert Helgesson
fbc5093649
hooks: add moveSystemdUserUnitsHook
This hook moves systemd user service file from `lib/systemd/user` to
`share/systemd/user`. This is to allow systemd to find the user
services when installed into a user profile. The `lib/systemd/user`
path does not work since `lib` is not in `XDG_DATA_DIRS`.
2020-09-12 18:29:46 +02:00
WORLDofPEACE
2ab42dcc9e
Merge pull request #97171 from davidak/defaultPackages
nixos/config: add defaultPackages option
2020-09-08 19:40:45 -04:00
Richard Marko
f54612264e nixos/jack,pulseaudio: fix pulse connection to jackd service
This fixes the case when Jack Audio Daemon is running
as a service via `services.jack.jackd` and Pulseaudio
running as a *user* service.

Two issues prevented connecting `pulse` with `jackd`:
* Missing `JACK_PROMISCUOUS_SERVER` environment variable for `pulse` user service,
  resulting in `pulse` trying to access `jackd` as if it was running as part of
  the users session.
* `jackd` not being able to access socket created by `pulse` due to socket
  created using user ID and `users` group. Change allows `jackd` to access
  the socket created by `pulse` correctly.

`pulse` now also autoloads `module-jack-sink` and `module-jack-source`
if `services.jack.jackd.enable` is set.

The default `pulse` package is now set to `pulseaudioFull` automatically
if `services.jack.jackd.enable` is set.
2020-09-08 08:44:20 +02:00
davidak
74b3d66baf nixos/config: add defaultPackages option
readd perl (used in shell scripts), rsync (needed for NixOps) and strace (common debugging tool)

they where previously removed in https://github.com/NixOS/nixpkgs/pull/91213

Co-authored-by: Timo Kaufmann <timokau@zoho.com>
Co-authored-by: 8573 <8573@users.noreply.github.com>
2020-09-06 18:58:20 +02:00
Julien Moutinho
fb6d63f3fd apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
Jan Tojnar
f0cb5c6a15
Revert "nixos/fontconfig: fix 50-user.conf handling"
This reverts commit 8425726f86.

This should have been reverted in https://github.com/NixOS/nixpkgs/pull/95358
but I forgot about it.
2020-09-06 02:56:31 +02:00
Jan Tojnar
4f0f26771e
Merge pull request #95358 from jtojnar/global-fontconfig 2020-09-05 00:19:38 +02:00
Jan Tojnar
7ecabdc22b
Merge pull request #96992 from jtojnar/fc-dtd-urn
treewide: use URN for fontconfig DTD
2020-09-04 17:12:29 +02:00
Jörg Thalheim
02a2649220
Merge pull request #89748 from heinic/krb5-lists 2020-09-03 07:31:22 +01:00
Jan Tojnar
6dd3b54ccc
treewide: use URN for fontconfig DTD
To match upstream change:

9c46ef4aac
2020-09-03 06:39:00 +02:00
rnhmjoj
20d491a317
treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00
Jan Tojnar
b49a769970
fontconfig: get rid of rest of versioned configs
The incompatibility does not seem to exist any more: programs linked against fc 2.12
on fc 2.14 system seem to at least display text, even while printing tons of errors
(as long as you generate fc cache manually), and same thing the other way around.
Hopefully it will not be an issue in the future.
2020-08-29 19:16:22 +02:00
Nico Heitmann
0bee87c400 nixos/krb5: add list to example configuration
Updated the relevant nixos test to match the example configuration.
2020-08-25 17:18:56 +02:00
Jan Tojnar
2adf17f8c2
Merge pull request #95869 from jtojnar/fc-local-regression
nixos/fontconfig: fix local.conf regression
2020-08-20 23:43:47 +02:00
Jan Tojnar
fe1b9ebaf1
nixos/fontconfig: fix local.conf regression
Another part of edf2541f02 was missed while
rebasing https://github.com/NixOS/nixpkgs/pull/93562, resulting in incorrect path
as described by https://github.com/NixOS/nixpkgs/issues/86601#issuecomment-675462227
2020-08-20 20:09:28 +02:00
davidak
5a3738d22b
nixos/systemPackages: clean up (#91213)
* nixos/systemPackages: clean up

* Update nixos/doc/manual/release-notes/rl-2009.xml

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>

* Update nixos/doc/manual/release-notes/rl-2009.xml

Co-authored-by: 8573 <8573@users.noreply.github.com>

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
Co-authored-by: 8573 <8573@users.noreply.github.com>
2020-08-20 13:45:54 +00:00
Silvan Mosberger
c6aa9e4af6
Merge pull request #95681 from flokli/fontconfig-penultimate-remove
nixos/fonts: remove fontconfig-penultimate
2020-08-17 23:47:52 +02:00
Florian Klink
8425726f86 nixos/fontconfig: fix 50-user.conf handling
Apparently, edf2541f02 was missed while
rebasing https://github.com/NixOS/nixpkgs/pull/93562.

Provide 50-user.conf in fontconfig if includeUserConf is true (the
default), and don't try removing the non-existent one if it's disabled

Fixes https://github.com/NixOS/nixpkgs/issues/95685
Fixes https://github.com/NixOS/nixpkgs/issues/95712
2020-08-17 23:12:57 +02:00
Florian Klink
1d51b526e4 nixos/fonts/fontconfig-penultimate: remove module 2020-08-17 13:25:46 +02:00
Vladimír Čunát
0a3386369c
qemu: fix build with environment.noXlibs = true
In some tests, e.g. -f nixos/release.nix tests.simple.x86_64-linux
we use noXlibs and qemu.ga.  Now that output is tiny but to get it
a full qemu build is done, and some dependencies like gtk3 won't build
with noXlibs due to their dependencies being too stripped down.

Therefore let's reduce qemu features in noXlibs case.
The `sdlSupport = false;` part probably wasn't needed,
but I added it for consistency.
2020-08-16 18:25:31 +02:00
Ben Wolsieffer
8f1de2e7c0 environment.noXlibs: disable X11 support in cairo 2020-08-16 10:33:44 +00:00
Jan Tojnar
0a4a62459a
nixos/fontconfig: Reintroduce unversioned fonts.conf
Turns out lot of software (including Chromium) use bundled fontconfig
so we either need to wrap every one of those, or re-introduce the global unversioned config.
The latter is easier but weakens hermetic configs. But perhaps those are not really worth the effort.
2020-08-13 20:56:43 +02:00
Florian Klink
f527651a67 nixos/fontconfig: stop generating fontconfig_210 config and cache
This fontconfig version isn't used anywhere inside nixpkgs anymore.
2020-08-12 13:40:45 +02:00
Jörg Thalheim
ba930d8679
nixos/modules: remove trailing whitespace
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
2020-08-07 14:45:39 +01:00
Vladimír Čunát
7a5c6fee0f
Merge branch 'master' into staging-next
Some rebuilds, e.g. all of haskell.
Hydra nixpkgs: ?compare=1601713
2020-07-22 08:37:19 +02:00
edef
2e4fb5cf4c nixos/users-groups: don't consider a system with Google OS Login inaccessible
This allows disabling users.mutableUsers without configuring any
authentication mechanisms (passwords, authorized SSH keys) other than
Google OS Login.
2020-07-19 00:28:02 +00:00
Jan Tojnar
821dba740e
Merge branch 'staging-next' into staging 2020-07-15 09:29:01 +02:00
adisbladis
5733967290
nixos.users-groups: Set up subuid/subgid mappings for all normal users
This is required by (among others) Podman to run containers in rootless mode.

Other distributions such as Fedora and Ubuntu already set up these mappings.

The scheme with a start UID/GID offset starting at 100000 and increasing in 65536 increments is copied from Fedora.
2020-07-13 13:15:02 +02:00
Jan Tojnar
09558f1dbf
Merge pull request #73795 from worldofpeace/fontconfig-2.13.92 2020-07-13 03:34:06 +02:00
Raghav Sood
23e259cf7d
nixos/users-groups: fix mkChangedOptionModule for root password hash 2020-07-12 02:06:22 +00:00
Jan Tojnar
edf2541f02
fontconfig: Only read versioned config dirs
Falling back to unversioned `/etc/fonts/conf.d` when versioned one does not exist
is problematic since it only occurs on non-NixOS systems and those are likely
to have a different version of fontconfig. When those versions use incompatible
elements in the config, apps using fontconfig will crash.

Instead, we are now falling back to the in-package `fonts.conf` file that loads
both the versioned global `conf.d` directory and the in-package `conf.d` since using
upstream settings on non-NixOS is preferable to not being able to use apps there.

In fact, we would not even need to link `fonts.conf`, as the in-package `fonts.conf`
will be always used unless someone creates the global one manually (the option is still
retained if one wants to write a custom NixOS module and to avoid unnecessary stat call on NixOS).

Additionally, since the `fonts.conf` will always load `conf.d` from the package, we no longer
need to install them to sytem `/etc` in the module. This needed some mucking with `50-user.conf`
which disables configs in user directories (a good thing IMO, NixOS module will turn it back on)
but otherwise, it is cleaner. The files are still prioritized by their name, regardless of their location.

See https://github.com/NixOS/nixpkgs/pull/73795#issuecomment-634370125 for more information.
2020-07-11 17:05:13 +02:00
rnhmjoj
c37347af7e
nixos/users-groups: handle password hashes with special meaning 2020-07-04 12:21:49 +02:00
rnhmjoj
99899e2e46
nixos/users-groups: add assertion for ":" in hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
751c2ed6e4
nixos/users-groups: do not check validity of empty hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
900ae97569
nixos/users-groups: clearly document special hash values
This explanation was contained in the description of
security.initialRootPassword but got lost when it was deprecated
a long ago (f496c3c) and removed.
2020-07-04 12:21:48 +02:00
rnhmjoj
a6ed7d4845
nixos/users-groups: remove ancient security.initialRootPassword option
This option has been deprecated for a long time because is redundant
(users.users.root.initialHashedPassword exists).
Moreover, being of type string, it required to handle the special value
"!" separately, instead of using just `null`.
2020-07-04 12:14:37 +02:00
Jörg Thalheim
b2aa673d5a
nixos: fix manual build
https://github.com/NixOS/nixpkgs/pull/92240#issuecomment-653740926
2020-07-04 10:23:25 +01:00
Niklas Hambüchen
06b8b96500 docs: Explain how to set password-less logins.
This explains the

    # Allow the user to log in as root without a password.
    users.users.root.initialHashedPassword = "";

that the NixOS installer live systems use in
`profiles/installation-device.nix`.
2020-07-04 02:05:03 +02:00
Profpatsch
517be84135 small treewide: his -> theirs/its
SJW brigade represent. ;)

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
2020-06-23 16:49:50 +02:00
Florian Klink
f5f8b08f16
Merge pull request #91065 from Infinisil/move-fontultimate
nixos/fontconfig: Move deprecated ultimate removals to relevant module
2020-06-19 00:07:46 +02:00
Silvan Mosberger
78453e6ba6
nixos/fontconfig: Move deprecated ultimate removals to relevant module
This was a mistake in https://github.com/NixOS/nixpkgs/pull/61570, this
does not belong to prometheus
2020-06-18 23:12:18 +02:00
rnhmjoj
470ce4784e
nixos/users: validate password hashes 2020-06-15 20:08:36 +02:00
Vladimír Čunát
92aa60918f
nixos i18n.supportedLocales: increase systemPackages priority
https://discourse.nixos.org/t/conflict-between-glibc-and-glibclocales-workaround-inside/7608
2020-06-11 10:22:20 +02:00
Marek Mahut
7b9d7cc05d
Merge pull request #85947 from prusnak/images-zstd
Use zstd for ISO and SD images
2020-06-07 19:09:43 +02:00
Nico Heitmann
2b694b1e9f nixos/krb5: output lists as multiple config entries
Fixes #89626
2020-06-07 16:52:27 +02:00
Nico Heitmann
5ed0924e7b nixos/krb5: refactor indentation generation
mkVal is no longer aware of the indentation depth. Indentation is
added to each line of the result when it is included in nested
entries.
2020-06-07 16:40:40 +02:00
Eelco Dolstra
bbfc47326b Don't enable nix-bash-completions when using Nix 2.4
2.4 has its own completion script which collides with
nix-bash-completions.
2020-06-04 14:18:18 +02:00
Michael Weiss
234d95a6fc
nixos/networking: Add the FQDN and hostname to /etc/hosts
This fixes the output of "hostname --fqdn" (previously the domain name
was not appended). Additionally it's now possible to use the FQDN.

This works by unconditionally adding two entries to /etc/hosts:
127.0.0.1 localhost
::1 localhost

These are the first two entries and therefore gethostbyaddr() will
always resolve "127.0.0.1" and "::1" back to "localhost" [0].
This works because nscd (or rather the nss-files module) returns the
first matching row from /etc/hosts (and ignores the rest).

The FQDN and hostname entries are appended later to /etc/hosts, e.g.:
127.0.0.2 nixos-unstable.test.tld nixos-unstable
::1 nixos-unstable.test.tld nixos-unstable
Note: We use 127.0.0.2 here to follow nss-myhostname (systemd) as close
as possible. This has the advantage that 127.0.0.2 can be resolved back
to the FQDN but also the drawback that applications that only listen to
127.0.0.1 (and not additionally ::1) cannot be reached via the FQDN.
If you would like this to work you can use the following configuration:
```nix
networking.hosts."127.0.0.1" = [
  "${config.networking.hostName}.${config.networking.domain}"
  config.networking.hostName
];
```

Therefore gethostbyname() resolves "nixos-unstable" to the FQDN
(canonical name): "nixos-unstable.test.tld".

Advantages over the previous behaviour:
- The FQDN will now also be resolved correctly (the entry was missing).
- E.g. the command "hostname --fqdn" will now work as expected.
Drawbacks:
- Overrides entries form the DNS (an issue if e.g. $FQDN should resolve
  to the public IP address instead of 127.0.0.1)
  - Note: This was already partly an issue as there's an entry for
    $HOSTNAME (without the domain part) that resolves to
    127.0.1.1 (!= 127.0.0.1).
- Unknown (could potentially cause other unexpected issues, but special
  care was taken).

[0]: Some applications do apparently depend on this behaviour (see
c578924) and this is typically the expected behaviour.

Co-authored-by: Florian Klink <flokli@flokli.de>
2020-05-25 14:06:25 +02:00
zowoq
f4852591c1
nixos/zram: make zstd the default (#87917) 2020-05-21 21:30:03 +03:00
Florian Klink
ea462c742e nixos/resolvconf: always run systemctl of the currently running systemd 2020-05-21 10:29:22 +02:00
Florian Klink
783f40bb70 nixos/power-management: always run systemctl of the currently running systemd 2020-05-21 10:28:29 +02:00
Florian Klink
23ba506113 nixos/nsswitch: improve error message
Show the config option triggering the assertion, so people don't
necessary lookup the nixpkgs source code.
2020-05-11 16:14:51 +02:00
Florian Klink
1df38e2a1d nixos/nsswitch: update comment next to assertion 2020-05-11 16:14:51 +02:00
Florian Klink
1fb6c37597 nixos/samba: move nss database configuration into samba module 2020-05-11 16:14:50 +02:00
Florian Klink
fd21793de6 nixos/avahi: move nss database configuration into avahi module 2020-05-11 16:14:50 +02:00
Florian Klink
4f9c8ef791 nixos/ldap: move nss database configuration into ldap module
now that passwdArray and shadowArray aren't used anymore, these can be
folded.
2020-05-11 16:14:50 +02:00
Florian Klink
c0995d22ee nixos/systemd: move NSS module logic to systemd module
We keep the conditional on only adding if nscd is enabled for now.
2020-05-05 15:59:30 +02:00
Florian Klink
7426bec45e nixos/systemd/resolved: add resolve to nss hosts database if enabled
We keep the "only add the nss module if nscd is enabled" logic for now.

The assertion never was triggered, so it can be removed.
2020-05-05 15:59:30 +02:00
Florian Klink
4b71b6f8fa nixos/google-oslogin: Move nsswitch config into the module
Motivation: #86350
2020-04-30 17:51:13 +02:00
Florian Klink
c01ac3ed12
Merge pull request #85998 from helsinki-systems/make-nsswitch-more-flexible
nixos/nsswitch: Make databases more configurable
2020-04-29 01:28:33 +02:00
Janne Heß
edddc7c82a
nixos/sss: Move nsswitch config into the module 2020-04-28 17:02:46 +02:00
Dominik Xaver Hörl
c10d82358f treewide: add types to boolean / enable options or make use of mkEnableOption 2020-04-27 09:32:01 +02:00
Janne Heß
bc2a4b341a
nixos/nsswitch: Make databases more configurable
Instead of hardcoding all nss modules that are added into nsswitch,
there are now options exposed.
This allows users to add own nss modules (I had this issue with
winbindd, for example).
Also, nss modules could be moved to their NixOS modules which would
make the nsswitch module slimmer.

As the lists are now handled by the modules system, we can use mkOrder
to ensure a proper order as well as mkForce to override one specific
database type instead of the entire file.
2020-04-26 03:16:57 +02:00
Pavol Rusnak
8a67595636
nixos/system-path: add zstd 2020-04-24 18:34:11 +02:00
worldofpeace
90e16f7ed6
Merge pull request #84242 from gnidorah/qt
nixos/qt5: support adwaita-dark theme
2020-04-24 08:47:21 -04:00
Matthew Bauer
7cc40e15e4 treewide/nixos: use stdenv.cc.libc instead of glibc when available
This prevents duplication in cross-compiled nixos machines. The
bootstrapped glibc differs from the natively compiled one, so we get
two glibc’s in the closure. To reduce closure size, just use
stdenv.cc.libc where available.
2020-04-06 16:36:27 -04:00