Commit Graph

1008 Commits

Author SHA1 Message Date
Jan Tojnar
5a3eb4f6fe nixos/users-groups: Fix password scheme validation
0d7cd66652 broke validation for hashes with options
such as those generated with `mkpasswd --method=sha-512 --rounds=1000000`:

    $6$rounds=1000000$xpzZ6Rfg873gZnDY$RxS7lpVnohfDrrKG3lt9UFHED1KoiPGzH7zQv/HzwalZepo/IfFtxw05ap25duEJSKYhC14.Fn9eXszEpWVtF.

This fixes it.
2023-04-03 02:16:07 +02:00
Robert Scott
9a6aabc474
Merge pull request #223548 from enc0urage/fix-graphene-hardened
nixos/malloc: set vm.max_map_count when using graphene-hardened
2023-03-29 22:32:24 +01:00
Garry Filakhtov
d86e9911cd
nixos/modules/config/resolvconf.nix: skip systemPackages if disabled
A change made in #166308 added `networking.resolvconf.package` to the
`environment.systemPackages` list, so it is installed as part of the
system image. However it does so unconditionally, meaning that even if
the `config.networking.resolvconf.enable` is set to false the package
listed in the `networking.resolvconf.package` would still be intalled.

This change makes it so the package installation will depend on the
status of the `config.networking.resolvconf.enable` option instead.
2023-03-29 09:31:09 +11:00
enc0urage
a76bd96e4b nixos/malloc: set vm.max_map_count when using graphene-hardened 2023-03-28 10:18:20 +00:00
github-actions[bot]
f2ead7fbda
Merge master into staging-next 2023-03-24 12:01:43 +00:00
Ryan Lahfa
a119bfc80d
Merge pull request #211603 from farcaller/fish
Assert that fish configuration is enabled if any user has fish as their shell
2023-03-24 12:05:22 +01:00
Vladimír Čunát
12dd95fbb1
Merge branch 'master' into staging-next 2023-03-24 09:07:41 +01:00
K900
c9a74cf40f nixos/fontconfig: time capsule 2023-03-23 22:03:35 +03:00
K900
8454084ffc nixos/hidpi: remove harder
We can't agree on what the right settings are (see #222236), so let's make the users choose.
2023-03-23 21:50:45 +03:00
github-actions[bot]
705ac3185e
Merge master into staging-next 2023-03-23 06:01:22 +00:00
Nick Cao
1285c0a09b
Merge pull request #222205 from NickCao/zram-writeback-device
nixos/zram: add writebackDevice option and corresponding test
2023-03-23 13:14:08 +08:00
github-actions[bot]
797a2b9bcc
Merge master into staging-next 2023-03-21 18:01:07 +00:00
K900
39c344c893 nixos/console: let the kernel pick the default font 2023-03-21 13:29:57 +01:00
K900
4787ebf7ae nixos/hidpi: remove
The single option tries to do too much work, which just ends up confusing people.

So:
- don't force the console font, the kernel can figure this out as of #210205
- don't force the systemd-boot mode, it's an awkward mode that's not supported
  on most things and will break flicker-free boot
- add a separate option for the xorg cursor scaling trick and move it under the xorg namespace
- add a general `fonts.optimizeForVeryHighDPI` option that explicitly says what it does
- alias the old option to that
- don't set any of those automatically in nixos-generate-config
2023-03-21 13:29:57 +01:00
Nick Cao
cd3ffbdfe6
nixos/zram: add writebackDevice option and corresponding test 2023-03-21 09:26:27 +08:00
github-actions[bot]
96f7385465
Merge master into staging-next 2023-03-20 00:02:29 +00:00
Ryan Lahfa
618ba94934
Merge pull request #210205 from 9ary/kernel-fonts
Build the large Terminus font into the kernel
2023-03-19 20:13:25 +01:00
Martin Weinelt
0d7cd66652
nixos/users-groups: Update password scheme validation
Updates the warnings message for statefully set up passwords, now that
weak algorithms have been removed from our libxcrypt package.

Additionall we now add proper validation for hashing schemes used in
`hashedPassword`.

Neither will prevent a rebuiild, but instead issue a warning, that this
requires immediate remediation, or else users will be unable to login.

Reuses the crypt scheme ids as provided by the libxcrypt package.
2023-03-13 07:54:27 +01:00
Artturin
2cbbef006b qt5: use makeScopeWithSplicing
if there is more than one qt5 attr and this file is copied then the arg
to generateSplicesForMkScope should be changed
2023-03-09 21:16:03 +02:00
Sandro
66ee57d44d
Merge pull request #217555 from SuperSandro2000/nox-qt5-no-self 2023-03-06 01:17:25 +01:00
Lily Foster
c56e5ef801 nixos/users-groups: update option description to clarify initial* option precedence 2023-02-25 14:27:35 -05:00
Lily Foster
bfa0bff644 nixos/update-users-groups: let hashedPassword take precedence over initialHashedPassword
Without this change, users that have both `initialHashedPassword` and
`hashedPassword` set will have `initialHashedPassword` take precedence,
but only for the first time `/etc/passwd` is generated. After that,
`hashedPassword` takes precedence. This is surprising behavior as it
would generally be expected for `hashedPassword` to win if both are set.

This wouldn't be a noticeable problem (and an assert could just be made
instead) if the users-groups module did not default the
`root.intialHashedPassword` value to `!`, to prevent login by default.
That means that users who set `root.hashedPassword` and use an ephemeral
rootfs (i.e. `/etc/passwd` is created every boot) are not able to log in
to the root account by default, unless they switch to a new generation
during the same boot (i.e. `/etc/passwd` already exists and
`hashedPassword` is used instead of `initialHashedPassword`) or they set
`root.initialHashedPassword = null` (which is unintuitive and seems
redundant).
2023-02-25 14:27:35 -05:00
Sandro Jäckel
a4f63a6e77
nixos/no-x-libs: hide qt5's self 2023-02-21 21:14:08 +01:00
Will Fancher
bb7cd63150
Merge pull request #215381 from lilyinstarlight/fix/make-initrd-ng-wrapped-executables
make-initrd-ng: support wrapped executables
2023-02-20 14:11:48 -05:00
Lily Foster
1fa1b58c25
nixos/console,nixos/systemd-initrd: remove now-unnecessary wrapped bin inclusions 2023-02-20 07:02:55 -05:00
Sandro
a366e69a12
Merge pull request #214815 from SFrijters/vim-no-x-libs
nixos/no-x-libs: add vim-full
2023-02-17 11:13:47 +01:00
Sandro Jäckel
9e3e928ad4
nixos/no-x-libs: fix infinite recursion with ffmpeg 2023-02-14 23:29:23 +01:00
pennae
bf4c0c1900 nixos/*: remove trailing period in mkEnableOptions
those are added by mkEnableOption, and .. is replaced to … by markdown
processing.
2023-02-08 15:23:34 +01:00
Nick Cao
341770d3f1
nixos/zram: fix default swapDevices 2023-02-07 09:16:16 +08:00
figsoda
a0231c119d
Merge pull request #214705 from Izorkin/update-noxlibs
nixos/no-x-libs: add mc
2023-02-06 09:43:57 -05:00
Florian Klink
5aa52365e7
Merge pull request #214103 from NickCao/zram
nixos/zram: use zram-generator
2023-02-06 12:53:19 +01:00
figsoda
f06b88d6d0
Merge pull request #213785 from SuperSandro2000/nox-neofetch
nixos/no-x-libs: add neofetch
2023-02-05 21:13:07 -05:00
Stefan Frijters
62928668a8
nixos/no-x-libs: add vim-full 2023-02-05 20:55:57 +01:00
Izorkin
686eda4817
nixos/no-x-libs: add mc 2023-02-05 13:46:13 +03:00
Nick Cao
3d26221082
nixos/zram: use zram-generator 2023-02-04 10:33:06 +08:00
Will Fancher
60c6790384 systemd stage 1: Fix gzip wrapping
Necessary since #209371
2023-02-01 16:03:57 -05:00
Sandro Jäckel
1974058edb
nixos/no-x-libs: add neofetch 2023-01-31 14:48:04 +01:00
Sandro
d26c778ade
Merge pull request #153127 from eyJhb/user-uids-fix
nixos/users+nixos/lightdm: fixed users starting at 1000, and system users below 1000
2023-01-30 11:32:10 +01:00
ckie
1859e56a7f
nixos/no-x-libs: don't mask self/super in nested override
From SuperSandro2000's post-merge review of the PR adding this,
nixos/no-x-libs: add qtbase. Sandro added a comment about this after I had
already merged it; self'/super' previously masked the top level self/super.
2023-01-27 19:24:59 +02:00
Yurii Izorkin
e673e90753
nixos/no-x-libs: add qtbase (#212460)
Previously, `services.murmur.enable` would not work with `environment.noXlibs = true;`.
2023-01-24 23:31:59 +02:00
novenary
5bb65387bf console: support using in-kernel fonts 2023-01-24 11:19:46 +02:00
Naïm Favier
363158603a nixos: fix backticks in Markdown descriptions 2023-01-21 18:08:38 +01:00
Artturin
9a34bb217e
nixos/no-x-libs: add more replacements
all-packages: change -nox overrides to callPackage's so there is no
infinite recursion when replacing the package with a overlay
2023-01-20 00:45:37 +01:00
Vladimir Pouzanov
631b7f6f88 Add support for the other shells 2023-01-19 16:59:11 +00:00
Vladimir Pouzanov
59296fbbc3 Assert that fish configuration is enabled if any user has fish as their shell.
Suggested-By: matthiasbeyer
2023-01-19 16:28:54 +00:00
oxalica
87a0c9490d nixos/swap: fix creation on BTRFS and refactor assertions 2023-01-17 06:47:21 +08:00
Nick Cao
7ace936995
Merge pull request #211003 from lilyinstarlight/fix/qt6-plugin-path
nixos/qt: set QT_PLUGIN_PATH and QML2_IMPORT_PATH when enabled
2023-01-16 18:34:23 +08:00
Lily Foster
185874df63
nixos/qt: set QT_PLUGIN_PATH and QML2_IMPORT_PATH when enabled 2023-01-15 22:08:47 -05:00
Martin Weinelt
c1e6c6af69 Merge remote-tracking branch 'origin/master' into staging-next 2023-01-11 03:51:33 +01:00
Artturi
a08b0ed485
Merge pull request #169694 from fortuneteller2k/stevenblock-module 2023-01-10 19:26:24 +02:00