| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Add spike integration test to nixosTests
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
ibus: fix dconf db installation
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It looks like `terminal_output.serial` is incorrect, according to the
grub documentation:
https://www.gnu.org/software/grub/manual/grub/html_node/Serial-terminal.html
Related PR: #79406
|
| |\ \ \
| |_|/
|/| | |
nixosTests.systemd-confinement: Port to Python
|
| | | | |
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
And add assertion messages
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
nixos/virtualisation.podman: Init module
|
| | | | | | |
|
| | | |_|/
| |/| | |
|
| |/ / / |
|
| |\ \ \
| | | |
| | | | |
nixos/dokuwiki: add support for multi-site, additional plugins and templates
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
`aclFile` and `usersFile` will be set to a default value if `aclUse` is
specified and aclFile is not overriden by `acl`.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adds support for additional plugins and templates similarly to how
wordpress.nix does it.
Plugins and templates need to be packaged as in the example.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Enables multi-site configurations.
This break compatibility with prior configurations that expect options
for a single dokuwiki instance in `services.dokuwiki`.
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
ACME test cleanups
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The resolver is mainly useful for the ACME server, and acme.nix uses its
own DNS server to test DNS-01 challenges.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This lets us get early warning about any bugs or backwards-compatibility
hazards in lego.
Pebble will default to this in the future, but doesn't currently;
see https://github.com/letsencrypt/pebble/blob/v2.3.0/README.md#strict-mode.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Shimming out the Let's Encrypt domain name to reuse client configuration
doesn't work properly (Pebble uses different endpoint URL formats), is
recommended against by upstream,[1] and is unnecessary now that the ACME
module supports specifying an ACME server. This commit changes the tests
to use the domain name acme.test instead, and renames the letsencrypt
node to acme to reflect that it has nothing to do with the ACME server
that Let's Encrypt runs. The imports are renamed for clarity:
* nixos/tests/common/{letsencrypt => acme}/{common.nix => client}
* nixos/tests/common/{letsencrypt => acme}/{default.nix => server}
The test's other domain names are also adjusted to use *.test for
consistency (and to avoid misuse of non-reserved domain names such
as standalone.com).
[1] https://github.com/letsencrypt/pebble/issues/283#issuecomment-545123242
Co-authored-by: Yegor Timoshenko <yegortimoshenko@riseup.net>
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | | |
This was added in aade4e577bbb27f044217c51a006ab6ba544ebb5, but the
implementation of the ACME module has been entirely rewritten since
then, and the test seems to run fine on AArch64.
|
| |\ \ \ \
| | | | |
| | | | | |
Tuptime: Init Package, Module and Test
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
nixosTests.cockroachdb: port to python
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
cockroachdb complained about not enough memory available.
|
| | | | | | | |
|
| | |/ / / / |
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
linux_*_hardened: use linux-hardened patch set
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
linux-hardened sets kernel.unprivileged_userns_clone=0 by default; see
anthraxx/linux-hardened@104f44058f058a395502192c4939645df6f52ecb.
This allows the Nix sandbox to function while reducing the attack
surface posed by user namespaces, which allow unprivileged code to
exercise lots of root-only code paths and have lead to privilege
escalation vulnerabilities in the past.
We can safely leave user namespaces on for privileged users, as root
already has root privileges, but if you're not running builds on your
machine and really want to minimize the kernel attack surface then you
can set security.allowUserNamespaces to false.
Note that Chrome's sandbox requires either unprivileged CLONE_NEWUSER or
setuid, and Firefox's silently reduces the security level if it isn't
allowed (see about:support), so desktop users may want to set:
boot.kernel.sysctl."kernel.unprivileged_userns_clone" = true;
|
| |\ \ \ \ \ |
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | | |
Hydra nixpkgs: ?compare=1582510
|
| | |\ \ \ \ \ \
| | | |_|_|/ /
| | |/| | | | |
|
| | |\ \ \ \ \ \ |
|
| | |\ \ \ \ \ \ \ |
|
| | |\ \ \ \ \ \ \ \ |
|
| | | |\ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|/ / / /
|/| | | | | | | | | | |
|
| | | | | | | | | | | | |
|
| | |_|_|_|_|_|_|/ / /
|/| | | | | | | | | |
|