about summary refs log tree commit diff
path: root/nixos/modules/profiles
Commit message (Collapse)AuthorAge
* nixos/profiles/all-hardware: remove unavailable modulesFranz Pletz2017-12-29
|
* nixos/qemu-guest: Ensure virtio_mmio is available in initrdTuomas Tynkkynen2017-11-26
| | | | ARM and AArch64 might use virtio_mmio in some cases.
* nixos: clean up kernel modulesFranz Pletz2017-10-07
| | | | | | | | * the keyboard modules in all-hardware.nix are already defaults of boot.initrd.availableKernelModules * ide modules, hid_lenovo_tpkbd and scsi_wait_scan have been removed because they're not available anymore * i8042 was a duplicate (see few lines abowe)
* nixos/install: disable kernel debug console loggingFranz Pletz2017-09-23
| | | | | | | Add another option for debugging instead. Lots of users have been complaining about this default behaviour. This patch also cleans up the EFI bootloader entries in the ISO.
* fuse3: init at 3.1.1Michael Weiss2017-09-21
| | | | | | | | | | | | | | | | | | | | | | | This includes fuse-common (fusePackages.fuse_3.common) as recommended by upstream. But while fuse(2) and fuse3 would normally depend on fuse-common we can't do that in nixpkgs while fuse-common is just another output from the fuse3 multiple-output derivation (i.e. this would result in a circular dependency). To avoid building fuse3 twice I decided it would be best to copy the shared files (i.e. the ones provided by fuse(2) and fuse3) from fuse-common to fuse (version 2) and avoid collision warnings by defining priorities. Now it should be possible to install an arbitrary combination of "fuse", "fuse3", and "fuse-common" without getting any collision warnings. The end result should be the same and all changes should be backwards compatible (assuming that mount.fuse from fuse3 is backwards compatible as stated by upstream [0] - if not this might break some /etc/fstab definitions but that should be very unlikely). My tests with sshfs (version 2 and 3) didn't show any problems. See #28409 for some additional information. [0]: https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0
* nixos/hardened: blacklist a few obscure net protocolsJoachim Fasting2017-09-09
|
* nixos/hardened: set mmap_min_addrJoachim Fasting2017-09-09
| | | | | This is set in the hardened linux config as well but sysctl is more flexible & works with any boot.kernelPackages
* profiles/graphical.nix: enable libinput over synapticsGraham Christensen2017-08-30
|
* rogue: omit from the installation mediaVladimír Čunát2017-08-29
| | | | | At least for now. It would increase the ISO size by ~10 MB, after the fixup in the parent commit.
* nixos/hardened profile: increase ASLR entropyJoachim Fasting2017-08-13
|
* all-hardware.nix: add VMware support. (#27430)volth2017-07-17
| | | NixOS does not boot in VMware guest without these modules
* nixos: replaced "userns" with "user namespaces" for clarityAndré-Patrick Bubel2017-06-22
| | | "userns" wasn't introduces as an abbreviation elsewhere as far as I can see, and I wasn't sure what was meant at first.
* hardware.enableRedistributableFirmware: fix spelling errorJörg Thalheim2017-05-09
|
* hardware: add enableRedistributalFirmwareJörg Thalheim2017-05-09
| | | | | | | | Due the recent inclusion of broadcom-bt-firmware in enableAllFirmware, it was required to set `nixpkgs.config.allowUnfree` to obtain the full list. To make this dependency more explicit an assertion is added and an alternative option `enableRedistributalFirmware` is provided to only obtain firmware with an license allowing redistribution.
* nixos/hardened profile: disable user namespaces at runtimeJoachim Fasting2017-04-30
|
* nixos/hardened profile: disable hibernationJoachim Fasting2017-04-30
| | | | Recommended by KSPP
* nixos/hardened profile: use the linux_hardened kernelJoachim Fasting2017-04-30
|
* nixos/hardened profile: lock kernel modulesJoachim Fasting2017-04-30
|
* nixos/hardened profile: disable legacy virtual syscallsJoachim Fasting2017-04-29
| | | | | | | | | | | | This eliminates a theoretical risk of ASLR bypass due to the fixed address mapping used by the legacy vsyscall mechanism. Modern glibc use vdso(7) instead so there is no loss of functionality, but some programs may fail to run in this configuration. Programs that fail to run because vsyscall has been disabled will be logged to dmesg. For background on virtual syscalls see https://lwn.net/Articles/446528/ Closes https://github.com/NixOS/nixpkgs/pull/25289
* nixos: add a "hardened" profileJoachim Fasting2017-04-23
| | | | | | | | | | The idea is to provide a convenient way to enable most vanilla hardening features in one go. The hardened profile, then, will serve as a place for features that enhance security but cannot be enabled for all deployments because they interfere with legitimate use cases (e.g., using ptrace to debug problems in an already running process). Closes https://github.com/NixOS/nixpkgs/pull/24680
* nixos: fix renaming warning in graphical profileThomas Tuegel2017-03-03
|
* nixos: update default cases from KDM/KDE4 to SDDM/KDE5Graham Christensen2017-02-09
|
* nixos-generate-config.pl, all-hardware.nix: Add support for Hyper-Vtaku02017-02-05
|
* install-device: correct command to start sshdPascal Bach2017-01-25
|
* install-device: permit root login with passwordPascal Bach2017-01-25
| | | | | | | | | | | | | Allow password login to the installation this allows doing remote installation via SSH. All that need to be done on the local machine is: 1. Boot from the installation media 2. Set a password with passwd 3. Enable SSH with systemctl start sshd It is safe as root doesn't have a password by default and SSH is disabled by default. Fixes #20718
* installer: Include stdenvNoCCTuomas Tynkkynen2017-01-23
| | | | | And don't include ArchiveCpio as that one is no longer needed after 5a8147479 ("make-initrd: create reproducible initrds").
* install-devices: add vimRobin Gloster2017-01-18
| | | | | | This moves vim to the install-device profile to add vim to netboot, too. Fixes #20013 (see discussion there for further information)
* nixos installer: don't log refused packets to consoleFranz Pletz2017-01-09
| | | | Fixes #19764.
* zfs cannot be distributed. Disabling it in the isos.Lluís Batlle i Rossell2016-12-28
| | | | | | | | | | It seems that it is a GPL violation to distribute zfs in the installation ISOs. https://sfconservancy.org/blog/2016/feb/25/zfs-and-linux/ If anyone knows the issue better and has a reason to reenable it legally, feel free to reenable it. I don't know much about it.
* nixos: disable sound for minimal ISOFranz Pletz2016-11-23
| | | | Saves a few megabytes of ALSA stuff.
* w3m-nox: use imlib2 without X11 supportFranz Pletz2016-11-23
| | | | | Also, the minimal live CD previously installed both the X11 and non-X11 versions (through services.nixosManual) of w3m.
* nixos/base: don't include dar & cabextract in ISOFranz Pletz2016-11-23
| | | | | Should free up lots of space due to dependency on gnupg, which dpeends on openldap which pull in gcc.
* treewide: sshfsFuse -> sshfs-fuseBjørn Forsman2016-09-18
|
* Make it possible to disable "info"Eelco Dolstra2016-09-05
|
* modules/profiles/minimal.nix: Disable "man"Eelco Dolstra2016-09-05
|
* documentation: fix start display-manager commandEric Sagnes2016-07-04
| | | | | [Bjørn: The 'start' alias was removed in commit 1d9651e723 ("Remove systemd shell aliases").]
* treewide: Use correct output in ${config.nix.package}/binTuomas Tynkkynen2016-04-25
|
* Remove "which" from base.nixEelco Dolstra2016-04-18
|
* Revert "Revert "Remove which -> type -P alias.""Eelco Dolstra2016-04-18
| | | | | This reverts commit ddd480ac30579d780c8ffa9c590a8c86bb36d8d2. Gave it some more thought.
* Merge 'staging' into closure-sizeVladimír Čunát2016-04-07
|\ | | | | | | | | | | This is mainly to get the update of bootstrap tools. Otherwise there were mysterious segfaults: https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
| * Fix the boot-ec2-config testEelco Dolstra2016-03-30
| |
* | Merge branch 'master' into closure-sizeVladimír Čunát2016-04-01
|\| | | | | | | | | Beware that stdenv doesn't build. It seems something more will be needed than just resolution of merge conflicts.
| * Revert "Remove which -> type -P alias."Eelco Dolstra2016-03-25
| | | | | | | | | | | | | | | | This reverts commit e8e8164f348a0e8655e1d50a7a404bdc62055f4e. I misread the original commit as adding the "which" package, but it only adds it to base.nix. So then the original motivation (making it work in subshells) doesn't hold. Note that we already have some convenience aliases that don't work in subshells either (such as "ll").
* | Merge master into closure-sizeVladimír Čunát2016-03-08
|\| | | | | | | | | The kde-5 stuff still didn't merge well. I hand-fixed what I saw, but there may be more problems.
| * Remove which -> type -P alias.Domen Kožar2016-03-03
| | | | | | | | | | Aliases are not the same as programs. They won't work in subshells. It's better to just use which as it's only 88K.
| * qemu-guest.nix: Disable rngdEelco Dolstra2016-02-23
| | | | | | | | This gets rid of a zillion "rngd[N]: read error" messages during boot.
* | Merge branch 'staging' into closure-sizeVladimír Čunát2016-01-19
|\|
| * wpa_supplicant service: jobs -> systemd.servicesRobin Gloster2016-01-06
| | | | | | | | | | | | Fixes an occurence of `jobs` usage causing tests to fail to evaluate. thanks @domenkozar
| * installation-cd-graphical: Enable the 'synaptics' touchpad driverTuomas Tynkkynen2015-12-24
| | | | | | | | | | This is needed to get touchpad working in the installer on several laptops. Tested on a Thinkpad X250.
* | Merge remote-tracking branch 'origin/master' into closure-sizeLuca Bruno2015-11-25
|\|
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-01 02:40:47 +0000