| Commit message (Collapse) | Author | Age |
|\
| |
| | |
nixos/installation-device: set GC initial heap size to 1MB
|
| |
| |
| |
| | |
100000 (100kB) is too aggressive (too low) and gets ignored by the GC
See issue #43339
|
|\ \
| |/
|/| |
ova: add cloneConfigExtra option
|
| |
| |
| |
| |
| |
| |
| | |
Customize virtualbox ovas to contain a clone config option giving some
useful hints.
Fixes #38429
|
| |
| |
| |
| | |
Other package additions are there as well.
|
|/
|
|
|
|
|
| |
The nixos-manual service already uses w3m-nographics for a variant that
drops unnecessary junk like various image libraries.
iso_minimal closure (i.e. uncompressed) goes from 1884M -> 1837M.
|
|\
| |
| | |
nixos/security/misc: init
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A module for security options that are too small to warrant their own module.
The impetus for adding this module is to make it more convenient to override
the behavior of the hardened profile wrt user namespaces.
Without a dedicated option for user namespaces, the user needs to
1) know which sysctl knob controls userns
2) know how large a value the sysctl knob needs to allow e.g.,
Nix sandbox builds to work
In the future, other mitigations currently enabled by the hardened profile may
be promoted to options in this module.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduced by 0f3b89bbedc1a33cc1fc3c142e235da2c64614c3.
If services.nixosManual.showManual is enabled and
documentation.nixos.enable is not, there is no
config.system.build.manual available, so evaluation fails. For example
this is the case for the installer tests.
There is however an assertion which should catch exactly this, but it
isn't thrown because the usage of config.system.build.manual is
evaluated earlier than the assertions.
So I split the assertion off into a separate mkIf to make sure it is
shown appropriately and also fixed the installation-device profile to
enable documentation.nixos.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @oxij
|
|\
| |
| | |
nixos: fix fallout from #46193
|
| | |
|
|\ \
| | |
| | | |
ISO/OVA closure size reductions
|
| | |
| | |
| | |
| | |
| | |
| | | |
This is already done in
installer/cd-dvd/installation-cd-graphical-kde.nix but not in
profiles/graphical.nix. Related to #47256.
|
|\ \ \
| | |/
| |/| |
nixos: doc: implement #12542
|
| |/
| |
| |
| | |
`documentation.nixos`
|
|/
|
|
|
|
|
|
|
| |
Without this the graphical installer has no way to open the manual.
You can fix it yourself by installing any HTML browser but this might
be unfamiliar to users new to NixOS and without any other way to open
the manual. The downside is it will also increase download sizes.
Fixes #46537
|
|
|
|
|
|
|
| |
Following up https://github.com/NixOS/nixpkgs/pull/23665
Bootable USB-drives are not limited to ISO-images, there can be "normal" MBR/GPT-partitioned disk connected via USB-rack.
Also, "uas" implies "usb-storage", so there is no need to mention both.
|
|
|
|
|
|
| |
I broke it:
in job ‘nixos.iso_graphical.x86_64-linux’:
The option `services.udisks2.enable' has conflicting definitions, in `/nix/store/bwcjw1ddj94q83vbbnq1nnrs5aisaw59-source/nixos/modules/profiles/installation-device.nix' and `/nix/store/bwcjw1ddj94q83vbbnq1nnrs5aisaw59-source/nixos/modules/services/x11/desktop-managers/plasma5.nix'.
|
|
|
|
|
| |
Due to whoever-knows-what, udisks nowadays pulls in GTK+ et al. But it
shouldn't be needed anyway in the installer, so disable it.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This seems some obsolete software RAID configuration program that hasn't
been updated since 2010.
|
|
|
|
| |
Allows the user to generate password hashes for the installed system easier.
|
|\
| |
| | |
nixos: doc module
|
| | |
|
|\ \
| |/
|/| |
make-system-tarball: allow alternate compression methods
|
| | |
|
|/ |
|
|
|
|
|
| |
also disable upower on virtualbox
Fixes #36348
|
|
|
|
| |
This is required by closureInfo.
|
|
|
|
|
|
| |
Among other things, this will allow *2nix tools to output plain data
while still being composable with the traditional
callPackage/.override interfaces.
|
| |
|
|
|
|
| |
ARM and AArch64 might use virtio_mmio in some cases.
|
|
|
|
|
|
|
|
| |
* the keyboard modules in all-hardware.nix are already defaults of
boot.initrd.availableKernelModules
* ide modules, hid_lenovo_tpkbd and scsi_wait_scan have been removed
because they're not available anymore
* i8042 was a duplicate (see few lines abowe)
|
|
|
|
|
|
|
| |
Add another option for debugging instead. Lots of users have been
complaining about this default behaviour.
This patch also cleans up the EFI bootloader entries in the ISO.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes fuse-common (fusePackages.fuse_3.common) as recommended by
upstream. But while fuse(2) and fuse3 would normally depend on
fuse-common we can't do that in nixpkgs while fuse-common is just
another output from the fuse3 multiple-output derivation (i.e. this
would result in a circular dependency). To avoid building fuse3 twice I
decided it would be best to copy the shared files (i.e. the ones
provided by fuse(2) and fuse3) from fuse-common to fuse (version 2) and
avoid collision warnings by defining priorities. Now it should be
possible to install an arbitrary combination of "fuse", "fuse3", and
"fuse-common" without getting any collision warnings. The end result
should be the same and all changes should be backwards compatible
(assuming that mount.fuse from fuse3 is backwards compatible as stated
by upstream [0] - if not this might break some /etc/fstab definitions
but that should be very unlikely).
My tests with sshfs (version 2 and 3) didn't show any problems.
See #28409 for some additional information.
[0]: https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0
|
| |
|
|
|
|
|
| |
This is set in the hardened linux config as well but sysctl is more
flexible & works with any boot.kernelPackages
|
| |
|
|
|
|
|
| |
At least for now. It would increase the ISO size by ~10 MB,
after the fixup in the parent commit.
|
| |
|
|
|
| |
NixOS does not boot in VMware guest without these modules
|
|
|
| |
"userns" wasn't introduces as an abbreviation elsewhere as far as I can see, and I wasn't sure what was meant at first.
|
| |
|
|
|
|
|
|
|
|
| |
Due the recent inclusion of broadcom-bt-firmware in enableAllFirmware,
it was required to set `nixpkgs.config.allowUnfree` to obtain the full
list. To make this dependency more explicit an assertion is added and an
alternative option `enableRedistributalFirmware` is provided to only
obtain firmware with an license allowing redistribution.
|
| |
|
|
|
|
| |
Recommended by KSPP
|