| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
| |
* Added a note in release notes (incompatibilities)
* Adapt slurm test
* Change user to munge in service.munge
|
| |
|
|
|
|
| |
[x] Support transparent proxying. This means services behind sslh (Apache, sshd and so on) will see the external IP and ports as if the external world connected directly to them.
[x] Run sslh daemon as unprivileged user instead of root (it is not only for security, transparent proxying requires it)
[x] Removed pidFile support (it is not compatible with running sslh daemon as unprivileged user)
[x] listenAddress default changed from "config.networking.hostName" (which resolves to meaningless "127.0.0.1" as with current /etc/hosts production) to "0.0.0.0" (all addresses)
|
| |\
| |
| | |
nixos/programs.mosh: refactor
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds programs.mosh.withUtempter (default: true).
The option enables -with-utempter for mosh, allowing it to write to
/var/run/utmp and thus making connected sessions appear in the output
of `who -a`.
For that, a guid-wrapper is required. Also, the path to the `utempter` was
hardcoded in the resulting binary until now (so it could never been found),
thus, libutempter was patched accordingly to point to
/run/wrappers/bin/utempter which at least works when the wrapper is
configured.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently minio logs with enhanced tty data and journalctl does not include anything useful as a result:
```
Jun 08 11:03:28 alpha minio[17813]: [78B blob data]
Jun 08 11:03:28 alpha minio[17813]: [49B blob data]
Jun 08 11:03:28 alpha minio[17813]: [19B blob data]
Jun 08 11:03:28 alpha minio[17813]: [88B blob data]
Jun 08 11:03:28 alpha minio[17813]: [45B blob data]
Jun 08 11:03:28 alpha minio[17813]: [44B blob data]
Jun 08 11:03:28 alpha minio[17813]: [57B blob data]
```
Indicating that it detected some binary output. With the `--json` flag it logs:
```
Jun 08 11:14:58 alpha minio[18573]: {"level":"FATAL","time":"2018-06-07T23:14:58.770637778Z","error":{"message":"--address input is invalid: address 127.0.0.1: missing port in address","source":["/build/go/src/github.com/minio/minio/cmd/server-main.go:121:cmd.serverHandleCmdArgs()"]}}
```
|
| | |
| |
| |
| | |
This was put together based on feedback from LnL on IRC.
|
| | |
| |
| |
| |
| |
| |
| | |
This reverts commit c06d7950f1b97abf510bc70bd2a2b0445e8d36f2, reversing
changes made to 4c25fbe338212f498a34d2a9b4c2072ac96c0e31.
See https://github.com/NixOS/nixpkgs/issues/41608
|
| |\ \
| | |
| | | |
grub: support initrd secrets
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
grub: Support when boot.loader.grub.font is null
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| |/ / /
|/| | | |
nixos/systemd: Allow to override serviceConfig
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This has been reported by @qknight in his Stack Overflow question:
https://stackoverflow.com/q/50678639
The correct way to override a single value would be to use something
like this:
systemd.services.nagios.serviceConfig.Restart = lib.mkForce "no";
However, this doesn't work because the check is applied for the attrsOf
type and thus the attribute values might still contain the attribute set
created by mkOverride.
The unitOption type however did already account for this, but at this
stage it's already too late.
So now the actual value is unpacked while checking the values of the
attribute set, which should allow us to override values in
serviceConfig.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra, @qknight
|
| |\ \ \ \
| | | | |
| | | | | |
GCE image: properly remove the temporary ssh host keys files/directory
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | | |
the temporary ssh host keys file/directory.
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
It's only half-rebuilt on Hydra, but it brings a security fix.
|
| | |\ \ \ \ \
| | |_|_|_|/
| |/| | | | |
linux: enable support for iGVT-g VGPU
|
| | | | | | | |
|
| | | | | | | |
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/slurm: Improve slurm configuration options and features.
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
propagatedBuildInputs = [ cfg.package etcSlurm ]; had no effect
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* add freeipmi to get power meter readings
* readline support for scontrol
* libssh2 support for X11 supporta
* Add note to enableSrunX11 in module
* fix hwloc support (was detected by configure)
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The nixos module adds a new derivation to
systemPackages to make sure that the binaries
get the generated config file. This derivation
did not contain the man pages so far.
Activating the module now makes the man pages
available in the system environment.
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* Updated SrunX11 option
* Added extraPlugstackConfig parameter
* Added option enableStools
* Add cgroup.conf to module
* Fix some typos
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
morty: init -> 0.2.0
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
prometheus-dnsmasq-exporter: init at 2018-05-05, add module
|
| | | | | | | | | |
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nixos/modules/services/scheduling/fcron: add setuid to fcrontab
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Without fcrontab being setuid, every attempt by an user in the fcron
group to edit their own crontab (via `fcrontab -e`) results in the
following error:
```
2018-05-06 11:29:07 ERROR could not change euid to 273: Operation not permitted
2018-05-06 11:29:07 ERROR fcron child aborted: this does not affect the main fcron daemon, but this may prevent a job from being run or an email from being sent.
```
Adding setuid by hand has resolved this issue and aligns with the way
fcrontab is installed on other distributions.
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
[RDY] openntpd: make -s flag work
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
after seeing
`adjtime failed: Invalid argument` in my syslog, I tried using
`ntpd -s` but it would trigger
`/etc/ntpd.conf: No such file or directory`
see https://github.com/NixOS/nixpkgs/issues/31885
Instead of running the daemon with a specific config file, use the
standard file so that user are able to use the ntp executable without
having to look for the current config file.
|
| |\ \ \ \ \ \ \ \ \ \
| |_|_|_|_|/ / / / /
|/| | | | | | | | | |
sshd: add custom options
|
| | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
nixos/mpd: allow services.mpd.dbFile to be null
|
| | | |_|_|_|_|_|_|/ /
| |/| | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This change allows users to specify an alternative database method. For
example an mpd satellite setup where another mpd on the network shares
it's database with the local instance. The `dbFile` parameter must not be
configured in that case.
|
| |\ \ \ \ \ \ \ \ \ \
| |/ / / / / / / / /
|/| | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This reverts commit 4fe289860888668956b7e79e24efeb101c2f51d1.
This gives a recursion in certain nixpkgs configs.
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This allows tramp to be used correctly when default shell is zsh.
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
nixpkgs module: Fix defaulting of `localSystem` and `system`
|
| | | |/ / / / / / / /
| |/| | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
My c6f7d4367894047592cc412740f0c1f5b2ca2b59 made the mistake of not
having enough defaults. Now both variables are default as the *explicit*
value of the other, or a fallback. The fallback of `system` is the
default of `localSystem.system`. The fallback of `localSystem` is not
the other default (projected), as that would cause a cycle, but `{
system = builtins.currentTime; }` just as nixpkgs itself does it.
|
| |\ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|/ /
|/| | | | | | | | | |
nixos/gitea: fix pre start script
|
| | | |_|_|_|_|_|/ /
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
The hooks directory contains now one level deep subdirectories which
need to be updated as well.
If you use gitea via ssh, ~/.ssh/authorized_keys also needs to be
updated because of the hardcoded path to gitea in the "command" option.
|