| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
| |
ARM and AArch64 might use virtio_mmio in some cases.
|
|
|
|
|
|
|
|
| |
* the keyboard modules in all-hardware.nix are already defaults of
boot.initrd.availableKernelModules
* ide modules, hid_lenovo_tpkbd and scsi_wait_scan have been removed
because they're not available anymore
* i8042 was a duplicate (see few lines abowe)
|
|
|
|
|
|
|
| |
Add another option for debugging instead. Lots of users have been
complaining about this default behaviour.
This patch also cleans up the EFI bootloader entries in the ISO.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes fuse-common (fusePackages.fuse_3.common) as recommended by
upstream. But while fuse(2) and fuse3 would normally depend on
fuse-common we can't do that in nixpkgs while fuse-common is just
another output from the fuse3 multiple-output derivation (i.e. this
would result in a circular dependency). To avoid building fuse3 twice I
decided it would be best to copy the shared files (i.e. the ones
provided by fuse(2) and fuse3) from fuse-common to fuse (version 2) and
avoid collision warnings by defining priorities. Now it should be
possible to install an arbitrary combination of "fuse", "fuse3", and
"fuse-common" without getting any collision warnings. The end result
should be the same and all changes should be backwards compatible
(assuming that mount.fuse from fuse3 is backwards compatible as stated
by upstream [0] - if not this might break some /etc/fstab definitions
but that should be very unlikely).
My tests with sshfs (version 2 and 3) didn't show any problems.
See #28409 for some additional information.
[0]: https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0
|
| |
|
|
|
|
|
| |
This is set in the hardened linux config as well but sysctl is more
flexible & works with any boot.kernelPackages
|
| |
|
|
|
|
|
| |
At least for now. It would increase the ISO size by ~10 MB,
after the fixup in the parent commit.
|
| |
|
|
|
| |
NixOS does not boot in VMware guest without these modules
|
|
|
| |
"userns" wasn't introduces as an abbreviation elsewhere as far as I can see, and I wasn't sure what was meant at first.
|
| |
|
|
|
|
|
|
|
|
| |
Due the recent inclusion of broadcom-bt-firmware in enableAllFirmware,
it was required to set `nixpkgs.config.allowUnfree` to obtain the full
list. To make this dependency more explicit an assertion is added and an
alternative option `enableRedistributalFirmware` is provided to only
obtain firmware with an license allowing redistribution.
|
| |
|
|
|
|
| |
Recommended by KSPP
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This eliminates a theoretical risk of ASLR bypass due to the fixed address
mapping used by the legacy vsyscall mechanism. Modern glibc use vdso(7)
instead so there is no loss of functionality, but some programs may fail
to run in this configuration. Programs that fail to run because vsyscall
has been disabled will be logged to dmesg.
For background on virtual syscalls see https://lwn.net/Articles/446528/
Closes https://github.com/NixOS/nixpkgs/pull/25289
|
|
|
|
|
|
|
|
|
|
| |
The idea is to provide a convenient way to enable most vanilla hardening
features in one go. The hardened profile, then, will serve as a place for
features that enhance security but cannot be enabled for all deployments
because they interfere with legitimate use cases (e.g., using ptrace to
debug problems in an already running process).
Closes https://github.com/NixOS/nixpkgs/pull/24680
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow password login to the installation this allows doing remote installation
via SSH. All that need to be done on the local machine is:
1. Boot from the installation media
2. Set a password with passwd
3. Enable SSH with systemctl start sshd
It is safe as root doesn't have a password by default
and SSH is disabled by default.
Fixes #20718
|
|
|
|
|
| |
And don't include ArchiveCpio as that one is no longer needed after
5a8147479 ("make-initrd: create reproducible initrds").
|
|
|
|
|
|
| |
This moves vim to the install-device profile to add vim to netboot, too.
Fixes #20013 (see discussion there for further information)
|
|
|
|
| |
Fixes #19764.
|
|
|
|
|
|
|
|
|
|
| |
It seems that it is a GPL violation to distribute zfs in the
installation ISOs.
https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/
If anyone knows the issue better and has a reason to reenable it
legally, feel free to reenable it. I don't know much about it.
|
|
|
|
| |
Saves a few megabytes of ALSA stuff.
|
|
|
|
|
| |
Also, the minimal live CD previously installed both the X11 and
non-X11 versions (through services.nixosManual) of w3m.
|
|
|
|
|
| |
Should free up lots of space due to dependency on gnupg, which dpeends on
openldap which pull in gcc.
|
| |
|
| |
|
| |
|
|
|
|
|
| |
[Bjørn: The 'start' alias was removed in commit 1d9651e723
("Remove systemd shell aliases").]
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit ddd480ac30579d780c8ffa9c590a8c86bb36d8d2. Gave it
some more thought.
|
|\
| |
| |
| |
| |
| | |
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
|
| | |
|
|\|
| |
| |
| |
| | |
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
|
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit e8e8164f348a0e8655e1d50a7a404bdc62055f4e. I
misread the original commit as adding the "which" package, but it only
adds it to base.nix. So then the original motivation (making it work
in subshells) doesn't hold. Note that we already have some convenience
aliases that don't work in subshells either (such as "ll").
|
|\|
| |
| |
| |
| | |
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
|
| |
| |
| |
| |
| | |
Aliases are not the same as programs. They won't work in subshells.
It's better to just use which as it's only 88K.
|
| |
| |
| |
| | |
This gets rid of a zillion "rngd[N]: read error" messages during boot.
|
|\| |
|
| |
| |
| |
| |
| |
| | |
Fixes an occurence of `jobs` usage causing tests to fail to evaluate.
thanks @domenkozar
|
| |
| |
| |
| |
| | |
This is needed to get touchpad working in the installer on several
laptops. Tested on a Thinkpad X250.
|
|\| |
|