| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 5d67b17901ff2c9a18647bd9453c6b0d4294b875.
The issues have been resolved by ac603e208c98b260db675fa0c13be94fa95216f4.
Tested this with hostonlyifs and USB support with extension pack.
Conflicts:
nixos/modules/programs/virtualbox-host.nix
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>
|
|
|
|
|
|
|
|
| |
IMHO, having a short timeout (1h) defeats the point of using
ssh-agent, which is not to have to retype passphrases all the time. Of
course, users who want timeouts can set programs.ssh.agentTimeout.
This restores the 14.04 behaviour.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because we have to rely on setuid wrappers on NixOS, we can't easily
hardcode the executable paths and set it 4755. So for all calls, we need
to change the runtime path executable directory to /var/setuid-wrappers/
and for verification we need to retain the executable directory.
Also note, that usually VBoxNetAdpCtl, VBoxNetDHCP, VBoxNetNAT, VBoxSDL
and VBoxVolInfo don't reside in directories that are commonly in PATH,
but in /usr/lib/virtualbox in most mainstream distros. But because the
names of these executables are distinctive enough to not cause
collisions with other setuid programs, I'll leave it like that and not
patch up setuid-wrappers.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
| |
(cherry picked from commit 9bc8bcbbdcc7cac98686877f09315bb749627732)
Signed-off-by: Domen Kožar <domen@dev.si>
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This reverts commit ee8e15fe76a235ae3583d4e8cb4bb370f28c5eae. See
discussion at https://github.com/NixOS/nixpkgs/commit/ee8e15fe76a235ae3583d4e8cb4bb370f28c5eae.
|
|
|
|
|
|
|
|
|
| |
/run/opengl-drivers should contain only libGL-related libraries, not
stuff like udev. Injecting anything into LD_LIBRARY_PATH is dangerous
because it can break applications that expect a different version of
the library.
Caused by eef9a8ac2a30b495ff7184382ed0dbd73b3b88e4. Fixes #5371.
|
| |
|
|
|
|
|
|
| |
- Move lgi to luaPackages
- Use luaPackages in awesome and passthru lua
- Allow to pass lua modules to the awesome WM so that those can be used in the configuration
|
|\
| |
| | |
nixos: configure samba and rsync shares with sets
|
| | |
|
|\ \
| | |
| | | |
cloud-init: add expression and service
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The warning was displayed whenever services.virtualboxHost.enable was
true, but if people were to enable hardening, they'd still get that
annoying message.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Creates unnecessary cruft in the root users home directory, which we
really don't need. Except the log, but therefore we now cat the log to
stderr and the private temporary directory is cleaned up afterwards.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This should display a big fat warning that people can hardly miss until
we have fixed the issues with the host-only-interfaces that persist when
hardining is enabled.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| | |
| | |
| | | |
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Hardening mode in VirtualBox is quite restrictive and on some systems it
could make sense to disable hardening mode, especially while we still
have issues with hostonly networking and other issues[TM] we don't know
or haven't tested yet.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| | |
| | |
| | |
| | | |
Systemd already generates /etc/machine-id. So there is no need to
generate another unique host identifer.
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
Suggested in https://github.com/NixOS/nixpkgs/pull/5332.
|
| | |
| | |
| | |
| | | |
Seems to have been broken by accident in 7d1ddae58e465a1708967c9fee651c33819969c6.
|
| | |
| | |
| | |
| | |
| | | |
The option was incorrectly negated, so that 'allowBitmaps = true'
actually disabled bitmap fonts.
|
| | |
| | |
| | |
| | | |
so that changes in timezone will trigger a restart of cron service.
|
| | | |
|
|\ \ \
| | | |
| | | | |
profile-sync-daemon: refactor nixos module
|
| | | | |
|
| | | |
| | | |
| | | |
| | | | |
Small typo prevented the post resume script to restart network manager
|
| | | |
| | | |
| | | |
| | | |
| | | | |
(cherry picked from commit 78bb17dd22e4da4e3810fbc78185d73bb25ea73e)
Signed-off-by: Domen Kožar <domen@dev.si>
|
|\ \ \ \
| |/ / /
|/| | | |
gitlab: fix i686-linux build and module
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It turns out that installing therubytracer, with dependency on old v8, even
when using source libv8 version is problematic.
(see
http://stackoverflow.com/questions/21666379/problems-installing-gitlab-on-odroid-v8-lib-not-available).
But wait, rails does not even need therubytracer, just any kind of javascript
server side execution framework like nodejs. Well just use that, as also
suggested from different internet sources (look link above), it works just
fine.
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We only need to have setuid-root wrappers for VBox{Headless,SDL} and
VirtualBox, otherwise VBoxManage will run as root and NOT drop
privileges!
Fixes #5283.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | | |
- fix timezone data not found
- fix module, add simple test
- allow to set port
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I had to make several adjustments to make it work with nixos:
* Replace relative config file lookups with ENV variable.
* Modify gitlab-shell to not clear then environment when running
pre-receive.
* Modify gitlab-shell to write some environment variables into
the .authorized_keys file to make sure gitlab-shell reads the
correct config file.
* Log unicorn output to syslog.
I tried various ways of adding a syslog package but the bundler would
not pick them up. Please fix in a better way if possible.
* Gitlab-runner program wrapper.
This is useful to run e.g. backups etc. with the correct
environment set up.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixes #5219 after merging #4995.
(cherry picked from commit 0681d61c3730c686548df3af9a7dc1a59abaf371)
Signed-off-by: Domen Kožar <domen@dev.si>
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since we're using HTTPS for the binary cache (introduced in faf0797) by
default, the binary cache should also be available during installation.
The file that is defined in SSL_CERT_FILE outside of the chroot is
copied over to /tmp/ca-cert.crt inside the chroot, so we have an
absolute path we can reference during nixos-install. However, this might
end up with the file not being cleaned up properly from outside of the
store, but neither would be /tmp/root so the cleanup issue needs to be
solved in another place (or commit to be more exact).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
virtualbox: Allow disabling the network interface.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The current nixos module for VirtualBox unconditionally configures a vboxnet0
network interface at boot. This may be undesired, especially when the user wants
to manage network interfaces in a centralized manner.
|