summary refs log tree commit diff
path: root/nixos
Commit message (Collapse)AuthorAge
...
* | | | | | | | Document running nixos-rebuild switch to clear /boot spaceGraham Christensen2018-08-31
| |_|/ / / / / |/| | | | | |
* | | | | | | nixos/gitea: fix pre start script (#44979)Tobias Happ2018-08-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The gitea path is hardcoded in hooks directory in files of paths like: repositories/<user>/<repo>.git/hooks/update.d/gitea
* | | | | | | Merge pull request #45820 from ↵John Ericson2018-08-31
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | | | | | | | | | | | | | | | obsidiansystems/dont-use-obsolete-platform-aliases treewide: Dont use obsolete platform aliases
| * | | | | | reewide: Purge all uses `stdenv.system` and top-level `system`John Ericson2018-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | It is deprecated and will be removed after 18.09.
* | | | | | | Merge pull request #45748 from xeji/p/nfs-232xeji2018-08-31
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | nfs-utils: 2.1.1 -> 2.3.2, integrate libnfsidmap
| * | | | | | | nixos/tests/nfs: fix nfs4 client mount pathUli Baum2018-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | nfs4 exports from a virtual filesystem root, so the client mount path differs from nfs3
* | | | | | | | nixos/zeronet: init (#44842)チルノ2018-08-31
| | | | | | | |
* | | | | | | | Merge pull request #45811 from Nadrieril/fix-usbguard-auditfileSarah Brofeldt2018-08-31
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | nixos/usbguard: ensure the audit log file can be created nixos/usbguard: disable debug output
| * | | | | | | | nixos/usbguard: ensure the audit log file can be createdNadrieril2018-08-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since version 0.7.3, usbguard-daemon won't start if the file cannot be opened.
| * | | | | | | | nixos/usbguard: disable debug outputNadrieril2018-08-30
| | | | | | | | |
* | | | | | | | | Merge pull request #45810 from vincentbernat/fix/nginx-staplingFranz Pletz2018-08-31
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
| * | | | | | | | | nixos/nginx: ensure TLS OCSP stapling works out of the box with LEVincent Bernat2018-08-30
| | |_|/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The recommended TLS configuration comes with `ssl_stapling on` and `ssl_stapling_verify on`. However, this last directive also requires the use of `ssl_trusted_certificate` to verify the received answer. When using `enableACME` or similar, we can help the user by providing the correct value for the directive. The result can be tested with: openssl s_client -connect web.example.com:443 -status 2> /dev/null Without OCSP stapling, we get: OCSP response: no response sent After this change, we get: OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Produced At: Aug 30 20:46:00 2018 GMT
* | | | | | | | | Merge pull request #45638 from aanderse/incronJan Tojnar2018-08-31
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | | incron: init at 0.5.12
| * | | | | | | | changed from forking to simple as recommended by @aszligAaron Andersen2018-08-31
| | | | | | | | |
| * | | | | | | | changes as per requested by @aszligAaron Andersen2018-08-31
| | | | | | | | |
| * | | | | | | | removed quotes when not needed as suggested by @aszligAaron Andersen2018-08-31
| | | | | | | | |
| * | | | | | | | added option to specify which packages are available to the system incrontabAaron Andersen2018-08-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | recommendation by @jtojnar and @maurer
| * | | | | | | | added a check to make sure a situation where a defined configuration ↵Aaron Andersen2018-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | wouldn't be unused as per recommended by @maurer
| * | | | | | | | added a comment about the PATH variable under which incrontab commands will runAaron Andersen2018-08-27
| | | | | | | | |
| * | | | | | | | clarified the descriptions of the allow and deny optionsAaron Andersen2018-08-27
| | | | | | | | |
| * | | | | | | | fixed issue with system jobsAaron Andersen2018-08-27
| | | | | | | | |
| * | | | | | | | initial work on incron serviceAaron Andersen2018-08-25
| | | | | | | | |
* | | | | | | | | Merge pull request #45779 from grahamc/bump-nix-versionSamuel Dionne-Riel2018-08-30
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Nix minimal version: 1.11 -> 2.0
| * | | | | | | | | nixos docs: add release notes for nix 2.0 requiremnt bumpGraham Christensen2018-08-30
| | |/ / / / / / / | |/| | | | | | |
* | | | | | | | | Merge pull request #45058 from michaelpj/imp/freedesktop-modulesJan Tojnar2018-08-30
|\ \ \ \ \ \ \ \ \ | |/ / / / / / / / |/| | | | | | | | freedesktop modules: init
| * | | | | | | | system-path: fix default option valueMichael Peyton Jones2018-08-20
| | | | | | | | |
| * | | | | | | | system-path: allow other modules to provide setup fragmentsMichael Peyton Jones2018-08-16
| | | | | | | | |
| * | | | | | | | xdg: add modules for supporting various XDG specsMichael Peyton Jones2018-08-16
| | | | | | | | |
* | | | | | | | | treewide: fix typo: asumed -> assumedBjørn Forsman2018-08-30
| | | | | | | | |
* | | | | | | | | nixos/zabbix: fix initial database creation (#45750)Johannes Lötzsch2018-08-30
| |_|_|_|/ / / / |/| | | | | | | | | | | | | | | without this fix the database setup fails with „could not connect to database postgres: FATAL: role "root" does not exist“
* | | | | | | | Merge pull request #33686 from samueldr/artwork/isoGraham Christensen2018-08-29
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | (Installation media) Bootloader artwork refresh
| * | | | | | | | Use a themed grub for the installer imageSamuel Dionne-Riel2018-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This replaces systemd-boot with grub, it is at feature parity, as in it can do everything systemd-boot did in the previous commit.
| * | | | | | | | Adds refind to the installer image.Samuel Dionne-Riel2018-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a 277K (as of right now) addition that can greatly help in some last recourse scenarios. The specific rEFInd setup will not be able to boot the installer image, but this is not why it has been added. It has been added to make use of its volumes scanning capabilities to boot existing EFI images on the target computer, which is sometimes necessary with buggy EFI. While is isn't NixOS's job to fix buggy EFI, shipping this small bit with the installer will help the unlucky few. Example scenario: two wildly different EFI implementation I have encountered have fatal flaws in which they sometimes will lose all the settings, this includes boot configuration. This is compounded by the fact that the two specific and distinct implementation do not allow manually adding ESP paths from their interface. The only recourse is to let the EFI boot the default paths, EFI/boot/boot{platform}.efi, which is not a default location used by the NixOS bootloaders. rEFInd is able to scan the volumes and detect the existing efi bootloaders, and boot them successfully.
| * | | | | | | | Fixes isolinux configuration for new artwork.Samuel Dionne-Riel2018-08-24
| | |_|_|/ / / / | |/| | | | | |
* | | | | | | | firewall service: respect marks in rpfilter (#39054)Nikolay Amiantov2018-08-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows one to add rules which change a packet's routing table: iptables -t raw -I PREROUTING 1 -m set --match-set myset src -j MARK --set-mark 2 ip rule add fwmark 2 table 1 priority 1000 ip route add default dev wg0 table 1 to the beginning of raw table PREROUTING chain, and still have rpfilter.
* | | | | | | | nixos/tests/i3wm: prevent non-deterministic failure (#45759)xeji2018-08-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test failed sporadically on Hydra, probably due to timing issues. These changes should make that less likely to occur.
* | | | | | | | nixos/tests/mesos: fix test (#45758)xeji2018-08-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fallout from 39e678e24e38f1f374eaf5463b424ebdf75df9af : dockerTools.buildImage no longer applies default tag "latest"
* | | | | | | | nixos/tests: Set DefaultTimeoutStartSec very high (#44916)Brian Olsen2018-08-29
| |_|_|/ / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | DefaultTimeoutStartSec is normally set to 90 seconds and works fine. But when running NixOS tests on a very slow machine (like a VM without nested virtualisation support) this default is to low and causes systemd units to fail spuriously. One symptom of this issue are tests at times failing with "timed out waiting for the VM to connect". Since the VM connect timeout is 300 seconds I also set DefaultTimeoutStartSec to this which is ridiculously high.
* | | | | | | nixos/networkd: fix range assertions on 32 bit NixBen Wolsieffer2018-08-28
| | | | | | |
* | | | | | | virtualbox: Change the virtualbox tests to not build the unfree tests by ↵Dennis Gosnell2018-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | default. (#45415)
* | | | | | | systemd: ensure fsck Requires/After links are created in mount unitsMatt McHenry2018-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | systemd-fsck-generator only produces these lines if it can find the necessary fsck executable in its PATH. fixes #29139.
* | | | | | | nixos/zabbix-agent: Make the Zabbix package user-configurableTuomas Tynkkynen2018-08-28
| | | | | | |
* | | | | | | virtualization.growPartition -> virtualisation.growPartitionEelco Dolstra2018-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There never was a 'virtualization.growPartition'. This got messed up in eddf30cc93e1. Issue #36590.
* | | | | | | Merge pull request #45659 from vincentbernat/fix/nginx-gzipJörg Thalheim2018-08-28
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Small nginx tweaks
| * | | | | | | nginx: add more gzipped MIME typesVincent Bernat2018-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The additions are: - image/svg+xml for SVG images - application/atom+xml for Atom feeds These types are also present in mime.types. For better readability, the list is sorted and formatted with one type per line.
| * | | | | | | nginx: use a compression level of 5 in recommended configurationVincent Bernat2018-08-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While there is little gain of space to use a compression level of 9, the CPU usage is significant. Many experiments point to use something between 4 and 6. For example: - https://mjanja.ch/2015/03/finding-the-nginx-gzip_comp_level-sweet-spot/ - https://github.com/h5bp/server-configs-nginx/blob/3bda5b93edba147d51760e900c2079828a7dc274/nginx.conf#L93
* | | | | | | | Merge pull request #44990 from Ma27/reload-user-units-during-activationJörg Thalheim2018-08-27
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | nixos/switch-to-configuration: reload user units
| * | | | | | | | nixos/switch-to-configuration: reload user unitsMaximilian Bosch2018-08-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When rebuilding you have to manually run `systemctl --user daemon-reload`. It gathers all authenticated users using `loginctl list-user` and runs `daemon-reload` for each of them. This is a first step towards a `nixos-rebuild` which is able to reload user units from systemd. The entire task is fairly hard, however I consider this patch usable as it allows to restart units without running `daemon-reload` for each authenticated user.
* | | | | | | | | Merge pull request #45281 from Gerschtli/zsh-completionJörg Thalheim2018-08-27
|\ \ \ \ \ \ \ \ \ | |_|/ / / / / / / |/| | | | | | | | nixos/zsh: Adds enableGlobalCompInit option
| * | | | | | | | nixos/zsh: make enableGlobalCompInit description less ambiguousJörg Thalheim2018-08-27
| | | | | | | | |
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-07 12:33:17 +0000