summary refs log tree commit diff
path: root/nixos
Commit message (Collapse)AuthorAge
* Add file with GCE image locations, similar to ec2-amis.nix. Will be used by ↵Rob Vermaas2017-07-18
| | | | | | nixops. (cherry picked from commit 9d810ddcc1938a90090fd60f8924f4e83acbeee2)
* nix: 1.11.12 -> 1.11.13Eelco Dolstra2017-07-18
|
* Merge pull request #27410 from florianjacob/journalwatchJörg Thalheim2017-07-18
|\ | | | | journalwatch & journalwatch service: init at 1.1.0
| * journalwatch & journalwatch service: init at 1.1.0Florian Jacob2017-07-16
| |
* | wireguard: allow not storing private keys in world-readable /nix/store (#27433)Aristid Breitkreuz2017-07-17
| | | | | | * wireguard: allow not storing private keys in world-readable /nix/store
* | Strongswan after network-online instead of networkFalco Peijnenburg2017-07-17
| | | | | | | | | | | | | | | | The systemd service file shipped with strongswan has strongswan started after `network-online`. It turns out that this is for good reason: failure to connect on boot otherwise. See this thread on the mailing list, which my colleague initiated after finding that our NixOS strongswan config wouldn't connect on boot: https://lists.strongswan.org/pipermail/users/2017-January/010359.html Tested on a local config (which has the strongswan service config overridden).
* | nginx: add gzip_vary to recommended settingsWout Mertens2017-07-17
| | | | | | Google PageSpeed recommends turning this on to allow proxies to cache
* | Merge pull request #27057 from Nadrieril/bitlbee-libpurpleJörg Thalheim2017-07-17
|\ \ | | | | | | bitlbee service: Add option to load libpurple plugins into bitlbee
| * | bitlbee service: Add option to load libpurple plugins into bitlbeeNadrieril2017-07-16
| | |
* | | programs.gnupg: use extraInit instead of interactiveShellInitRobin Gloster2017-07-17
| | | | | | | | | | | | | | | | | | | | | Otherwise some programmes cannot use the GPG agent, e.g. applications started from dmenu. Behaviour was changed in #26888, this reverts that part.
* | | tinc service: BindToAddress and ListenAddress are different options, they ↵Nadrieril2017-07-17
| | | | | | | | | | | | should not be mistaken
* | | Merge pull request #27000 from Balletie/fix/pulseaudio-alsa-confBenno Fünfstück2017-07-17
|\ \ \ | | | | | | | | pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsa
| * | | pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsaBalletie2017-07-01
| | | | | | | | | | | | | | | | Fixes issue #25790.
* | | | all-hardware.nix: add VMware support. (#27430)volth2017-07-17
| | | | | | | | | | | | NixOS does not boot in VMware guest without these modules
* | | | Merge pull request #26912 from knedlsepp/fix-autoResizeGraham Christensen2017-07-16
|\ \ \ \ | | | | | | | | | | nixos: Force check the filesystem before resizing
| * | | | Force check the filesystem before resizingJosef Kemetmueller2017-06-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The message buffer of the kernel lists > Please run 'e2fsck -f /dev/disk/by-label/nixos' first. as the output of the command `resize2fs "$device"`. This fixes NixOS/nixpkgs#26910.
* | | | | Merge pull request #26259 from bachp/mysql-datadir-changelogGraham Christensen2017-07-16
|\ \ \ \ \ | | | | | | | | | | | | Mysql datadir changelog
| * | | | | mysql service: add changelog for changed dataDirPascal Bach2017-07-08
| | |_|/ / | |/| | |
* | | | | Merge pull request #25670 from Mic92/cups-hardeningGraham Christensen2017-07-16
|\ \ \ \ \ | | | | | | | | | | | | cups: mount private /tmp
| * | | | | cups: mount private /tmpJörg Thalheim2017-05-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | printer driver and wrapper are often not written with security in mind. While reviewing https://github.com/NixOS/nixpkgs/pull/25654 I found a symlink-race vulnerability within the wrapper code, when writing unique files in /tmp. I expect this script to be reused in other models as well as similar vulnerabilities in the code of other vendors. Therefore I propose to make /tmp of cups.service private so that only processes with the same privileges are able to access these files.
* | | | | | Merge pull request #23964 from benley/nixos-manual-launcherGraham Christensen2017-07-16
|\ \ \ \ \ \ | | | | | | | | | | | | | | nixos: nix snowflake logo for the nixos manual launcher
| * | | | | | nixos: nix snowflake logo for the nixos manual launcherBenjamin Staffin2017-03-16
| | | | | | |
* | | | | | | nixos/taskserver: Fix manual PKI managementaszlig2017-07-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The helper tool had a very early check whether the automatically created CA key/cert are available and thus it would abort if the key was unavailable even though we don't need or even want to have the CA key. Unfortunately our NixOS test didn't catch this, because it was just switching from a configuration with an automatically created CA to a manual configuration without deleting the generated keys and certs. This is done now in the tests and it's also fixed in the helper tool. Reported-by: @jpotier Signed-off-by: aszlig <aszlig@redmoonstudios.org>
* | | | | | | Merge pull request #27403 from rnhmjoj/nginxFranz Pletz2017-07-16
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | nginx: make listen addresses configurable
| * | | | | | | nginx: make listen addresses configurablernhmjoj2017-07-14
| | | | | | | |
* | | | | | | | snapper: add nixos moduleChristian Kögler2017-07-16
| |_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | fixes #27154
* | | | | | | nixos/libvirt: prevent OVMF path from being garbage collectedBjørn Forsman2017-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use xmlstarlet to update the OVMF path on each startup, like we do for <emulator>...qemu-kvm</emulator>. A libvirt domain using UEFI cannot start if the OVMF path is garbage collected/missing.
* | | | | | | nixos/libvirt: modify xml with xmlstarletBjørn Forsman2017-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of grep and sed, which is brittle. (I don't know how to preserve the comment we currently add to say that this line is auto-updated. But I don't think it adds much value, so I'm not spending any effort on it.)
* | | | | | | nixos/lighttpd: fix indent (tab -> space)Bjørn Forsman2017-07-14
| | | | | | |
* | | | | | | postfix: complete remake of postfix service (#27276)Joachim Schiele2017-07-14
| | | | | | |
* | | | | | | nixos/spice-vdagentd: remove needless shellBjørn Forsman2017-07-14
| | | | | | |
* | | | | | | gnupg agent module: Only set tty for interactive shellsDaniel Fullmer2017-07-14
| | | | | | |
* | | | | | | gnupg agent module: Fix dirmngr.enable optionDaniel Fullmer2017-07-14
| | | | | | |
* | | | | | | gnupg agent module: Remove unnecessary unit configurationDaniel Fullmer2017-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These just seem to duplicate upstream systemd units, which are already included in nixos configuration by systemd.packages
* | | | | | | nix: 1.11.11 -> 1.11.12Eelco Dolstra2017-07-13
| | | | | | |
* | | | | | | resolved: use resolved's static resolv.conf (#27144)florianjacob2017-07-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | because it is upstream's recommended mode of operation: https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
* | | | | | | Merge pull request #27142 from florianjacob/resolved-multicastdns-supportJörg Thalheim2017-07-13
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | networkd: Allow new MulticastDNS setting
| * | | | | | | networkd: Allow new MulticastDNS settingFlorian Jacob2017-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | which gained an implementation in systemd v233
* | | | | | | | Merge pull request #27350 from veprbl/slurmJörg Thalheim2017-07-13
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Bump slurm, add pyslurm
| * | | | | | | | slurm: 15-08-5-1 -> 17.02.6, slurm-llnl -> slurmDmitry Kalinkin2017-07-13
| | |/ / / / / / | |/| | | | | |
* | | | | | | | Merge pull request #27341 from lheckemann/installer-fixesDaniel Peebles2017-07-13
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | nixos-install: quote nixos-prepare-root arguments
| * | | | | | | | nixos-install: quote nixos-prepare-root argumentsLinus Heckemann2017-07-12
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | This prevents the script from breaking when channel_root is empty.
* / / / / / / / systemd: paths and slices are supported for user units tooPeter Hoeg2017-07-13
|/ / / / / / /
* | | | | | | Merge pull request #26907 from volth/vaultCharles Strahan2017-07-11
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | vault: 0.6.5 -> 0.7.3 with service
| * | | | | | | vault: do not restart the service on "nixos-rebuild switch"Volth2017-07-03
| | | | | | | |
| * | | | | | | vault: services.vault.storagePath for the file backendVolth2017-06-29
| | | | | | | |
| * | | | | | | removed generation of self-signed certificateVolth2017-06-28
| | | | | | | |
| * | | | | | | vault: add unitConfig.RequiresMountsFor to systemd configVolth2017-06-28
| | | | | | | |
| * | | | | | | vault: start after consul if consul is used as storage backendVolth2017-06-28
| | | | | | | |
| * | | | | | | create directory only for "file" storageVolth2017-06-27
| | | | | | | |
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-29 05:32:48 +0000