nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-01 15:11:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
96,871 Commits 214 Branches 122 Tags 7.6 GiB
e436874ef0
Commit Graph

5501 Commits

Author SHA1 Message Date
Joachim F
e436874ef0 Merge pull request #20919 from joachifm/privoxy-service-improvements 
Privoxy service improvements
 2016-12-06 14:16:28 +01:00
Joachim Fasting
0e765c72e5
grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
Joachim Fasting
31d79afbe5
grsecurity docs: note that pax_sanitize_slab defaults to fast 2016-12-06 01:23:51 +01:00
Joachim Fasting
071fbcda24
grsecurity: enable optional sysfs restrictions 
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
 2016-12-06 01:23:36 +01:00
Joachim Fasting
8c1f5afdf3
grsecurity: delay toggling of sysctls until system is up 
We generally trust init, so there's little point in having these enabled
during early bootup; it accomplishes little except fill our logs with
spam.
 2016-12-06 01:22:53 +01:00
Joachim Fasting
3dcdc2d2b0
privoxy service: remove static uid 
The service owns no data, having a static uid serves no purpose.

This frees up uid/gid 32
 2016-12-05 13:37:08 +01:00
Joachim Fasting
ad88f1040e
privoxy service: additional isolation 2016-12-05 13:21:31 +01:00
Vladimír Čunát
a1ae627362
nixos GDM: fix #19896 
- As noted on github, GDM needs different parameters for X.
- Making xserverArgs a true list instead of concat-string helps to
  filter it and it feels more correct anyway.
- Tested: gdm+gnome, lightdm+gnome.  There seems to be no logout option
  in gnome, and gdm doesn't offer other sessions, but maybe these are normal.
 2016-12-04 14:54:31 +01:00
Jörg Thalheim
e00632e200 Merge pull request #20858 from Mic92/lxcfs 
lxcfs: init at 2.0.4
 2016-12-04 11:33:07 +01:00
Jörg Thalheim
7c7dc15cbf
lxcfs: add module 2016-12-04 11:26:17 +01:00
Franz Pletz
69bee1b361 Merge pull request #20770 from mguentner/more_ipfs 
services: IPFS: add test and more config parameters
 2016-12-04 01:46:09 +01:00
Franz Pletz
2401f06801
containers: disable dhcpcd on veth bridge interfaces 2016-12-04 01:41:10 +01:00
Jörg Thalheim
aa854f192e
cgmanager: add module 2016-12-02 13:52:04 +01:00
lbonn
288e75c5f9 wireguard: remove dependency on ip-up.target 
It was deprecated and removed from all modules in the tree by #18319.

The wireguard module PR (#17933) was still in the review at the time and
the deprecated usage managed to slip inside.
 2016-12-01 00:11:16 +01:00
Franz Pletz
3000ae8602
gitlab service: fix sidekiq queue config 2016-11-29 17:42:46 +01:00
Domen Kožar
75f131da02 acme: ensure nginx challenges directory is writeable 2016-11-29 15:56:01 +01:00
Domen Kožar
69e0740baa Merge pull request #20795 from cleverca22/netboot 
make the /nix/store writable under netboot images
 2016-11-29 15:47:39 +01:00
michael bishop
e710edeecf
make the /nix/store writable under netboot images 2016-11-29 10:31:07 -04:00
Erik Rybakken
2f0cc0d3f0 unclutter-xfixes service: init 
Closes #18398
 2016-11-29 14:25:32 +01:00
Joachim F
8eefcb5c09 Merge pull request #19900 from michalpalka/xen-fix-xen-bridge2 
xen service: fix wrong netmask handed out by xen-bridge.service
 2016-11-28 16:31:05 +01:00
Joachim F
944868dd9b Merge pull request #19851 from michalpalka/xen-fix-xen-bridge 
xen service: fix iptables race condition in xen-bridge.service
 2016-11-28 16:30:16 +01:00
Maximilian Güntner
0526a5c90a
services: add gatewayAddress and apiAddress to ipfs 
Signed-off-by: Maximilian Güntner <code@klandest.in>
 2016-11-28 15:33:51 +01:00
Aycan iRiCAN
37715d1f46 hydra-module: add cfg.package to hydra-evaluator path 2016-11-28 15:53:44 +02:00
Joachim Fasting
e99228db30
grsecurity module: force a known good kernel package set 
Previously, we would only set a default value, on the theory that
`boot.kernelPackages` could be used to sanely configure a custom grsec
kernel.  Regrettably, this is not the case and users who expect e.g.,
`boot.kernelPackages = pkgs.linuxPackages_latest` to work will end up
with a non-grsec kernel (this problem has come up twice on the bug
tracker recently).

With this patch, `security.grsecurity.enable = true` implies
`boot.kernelPackages = linuxPackages_grsec_nixos` and any customization
must be done via package override or by eschewing the module.
 2016-11-28 12:11:04 +01:00
Sophie Taylor
016fa06c71
cjdns: Improving systemd unit description 2016-11-27 22:07:51 -05:00
Ruben Maher
9c9a21d525 matrix-synapse service: Make url_preview_enabled optional (#20609) 2016-11-28 03:33:48 +01:00
Franz Pletz
e394c305a8 Merge pull request #20620 from rnhmjoj/fakeroute 
fakeroute: init at 0.3
 2016-11-28 03:01:15 +01:00
pngwjpgh
bcc9a6ac75 infinoted service: init 
Service module for the dedicated gobby server included in libinfinity
 2016-11-27 17:23:21 +01:00
Michael Raskin
36010e7046 Merge pull request #20366 from MarcWeber/submit/apache-port-to-listen 
apache-httpd
 2016-11-26 13:37:02 +00:00
Vladimír Čunát
8ebfce0eda
display-managers module: improve variable quoting 
Fixes #20713, though I'm certain nixpkgs contains loads of places
without proper quoting, as (ba)sh unfortunately encourages that.

The only plus side is that most of such problems in nixpkgs aren't
actually security problems but mere annoyance to those who are foolish
enough to use "weird" characters in critical names.
 2016-11-26 11:23:31 +01:00
Robert Helgesson
8a424e3fbd
tahoe service: use ExecStart instead of script 
Since only a single command is necessary to start Tahoe it is sufficient
to use ExecStart and thereby skip starting up Bash (and leaving it
running).
 2016-11-25 21:49:34 +01:00
Jaka Hudoklin
3b500d37f5 Merge pull request #19023 from offlinehacker/kube-update 
WIP: kubernetes update package and module
 2016-11-24 23:10:01 +01:00
Corbin Simpson
27f1def068 nixos/collectd: Fix syntax error on some hostnames. (#20694) 
Without this, hostnames that e.g. end in digits will cause syntax errors for
collectd.
 2016-11-24 21:47:17 +01:00
rnhmjoj
7eb9a03221
fakeroute: add service 2016-11-23 15:23:10 +01:00
Eelco Dolstra
d97a379510 Merge pull request #20641 from mayflower/fix/installer-closure-size 
Reduce closure size of installer images
 2016-11-23 12:49:46 +01:00
Joachim F
a6f392abd6 Merge pull request #20385 from ericsagnes/feat/i3-refactor 
i3 module: refactor
 2016-11-23 05:11:14 +01:00
Franz Pletz
da600849e3
nixos: disable sound for minimal ISO 
Saves a few megabytes of ALSA stuff.
 2016-11-23 02:24:13 +01:00
Franz Pletz
f983743d75
w3m-nox: use imlib2 without X11 support 
Also, the minimal live CD previously installed both the X11 and
non-X11 versions (through services.nixosManual) of w3m.
 2016-11-23 02:24:12 +01:00
Franz Pletz
ffac67fcf3
nixos/base: don't include dar & cabextract in ISO 
Should free up lots of space due to dependency on gnupg, which dpeends on
openldap which pull in gcc.
 2016-11-23 02:24:11 +01:00
Franz Pletz
d94e93ccdf Merge pull request #19588 from Shados/add-dante 
Add dante package & accompanying service module
 2016-11-22 15:10:46 +01:00
Alexei Robyn
49d679d7a8 dante service: init 2016-11-22 21:33:54 +11:00
Kier Davis
db50ae78d0
boinc service: init 2016-11-22 01:14:40 +00:00
Christian Kampka
35ecef2c6d containers module: Add tmpfs options (#20557) 
Allows one or more directories to be mounted as a read-only file system.

This makes it convenient to run volatile containers that do not retain
application state.
 2016-11-22 02:11:33 +01:00
Nikolay Amiantov
42a180352f bumblebee service: replace bbswitch option with pmMethod 
I added this option just today, so I don't think this needs a rename entry.
 2016-11-22 02:35:12 +03:00
Daiderd Jordan
c531cc2303 Merge pull request #20606 from mdaiter/riak_extraAdvancedConfig 
riak: added extraAdvancedConfig option to service module
 2016-11-21 18:22:01 +01:00
Joachim Fasting
f9f354faad
nixos/modules: use defaultText where applicable 
Primarily to fix rendering of these default values in the manual but
it's also nice to avoid having to eval these things just to build the
manual.
 2016-11-21 16:35:15 +01:00
Eelco Dolstra
d69dce080d
Fix setting programs.ssh.setXAuthLocation 
The configuration { services.openssh.enable = true;
services.openssh.forwardX11 = false; } caused
programs.ssh.setXAuthLocation to be set to false, which was not the
intent. The intent is that programs.ssh.setXAuthLocation should be
automatically enabled if needed or if xauth is already available.
 2016-11-21 16:19:51 +01:00
Matthew Daiter
f11899798e riak: added extraAdvancedConfig option to service module 2016-11-21 15:46:04 +01:00
Nikolay Amiantov
f10ec922e0 bumblebee service: make bbswitch optional 2016-11-21 17:29:31 +03:00
Nikolay Amiantov
44808cac65 bumblebee service: fix service dependencies 2016-11-21 17:29:26 +03:00