| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
nixops.
(cherry picked from commit 9d810ddcc1938a90090fd60f8924f4e83acbeee2)
|
| |
|
|\
| |
| | |
journalwatch & journalwatch service: init at 1.1.0
|
| | |
|
| |
| |
| | |
* wireguard: allow not storing private keys in world-readable /nix/store
|
| |
| |
| |
| |
| |
| |
| |
| | |
The systemd service file shipped with strongswan has strongswan started after `network-online`. It turns out that this is for good reason: failure to connect on boot otherwise.
See this thread on the mailing list, which my colleague initiated after finding that our NixOS strongswan config wouldn't connect on boot:
https://lists.strongswan.org/pipermail/users/2017-January/010359.html
Tested on a local config (which has the strongswan service config overridden).
|
| |
| |
| | |
Google PageSpeed recommends turning this on to allow proxies to cache
|
|\ \
| | |
| | | |
bitlbee service: Add option to load libpurple plugins into bitlbee
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Otherwise some programmes cannot use the GPG agent, e.g. applications
started from dmenu.
Behaviour was changed in #26888, this reverts that part.
|
| | |
| | |
| | |
| | | |
should not be mistaken
|
|\ \ \
| | | |
| | | | |
pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsa
|
| | | |
| | | |
| | | |
| | | | |
Fixes issue #25790.
|
| | | |
| | | |
| | | | |
NixOS does not boot in VMware guest without these modules
|
|\ \ \ \
| | | | |
| | | | | |
nixos: Force check the filesystem before resizing
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The message buffer of the kernel lists
> Please run 'e2fsck -f /dev/disk/by-label/nixos' first.
as the output of the command `resize2fs "$device"`.
This fixes NixOS/nixpkgs#26910.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Mysql datadir changelog
|
| | |_|/ /
| |/| | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
cups: mount private /tmp
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
printer driver and wrapper are often not written with security in mind.
While reviewing https://github.com/NixOS/nixpkgs/pull/25654 I found
a symlink-race vulnerability within the wrapper code, when writing
unique files in /tmp.
I expect this script to be reused in other models as well
as similar vulnerabilities in the code of other vendors. Therefore
I propose to make /tmp of cups.service private so that only processes
with the same privileges are able to access these files.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos: nix snowflake logo for the nixos manual launcher
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The helper tool had a very early check whether the automatically created
CA key/cert are available and thus it would abort if the key was
unavailable even though we don't need or even want to have the CA key.
Unfortunately our NixOS test didn't catch this, because it was just
switching from a configuration with an automatically created CA to a
manual configuration without deleting the generated keys and certs.
This is done now in the tests and it's also fixed in the helper tool.
Reported-by: @jpotier
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
nginx: make listen addresses configurable
|
| | | | | | | | |
|
| |_|_|_|_|_|/
|/| | | | | |
| | | | | | |
| | | | | | | |
fixes #27154
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Use xmlstarlet to update the OVMF path on each startup, like we do for
<emulator>...qemu-kvm</emulator>.
A libvirt domain using UEFI cannot start if the OVMF path is garbage
collected/missing.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Instead of grep and sed, which is brittle.
(I don't know how to preserve the comment we currently add to say that
this line is auto-updated. But I don't think it adds much value, so I'm
not spending any effort on it.)
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
These just seem to duplicate upstream systemd units, which are already
included in nixos configuration by systemd.packages
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
because it is upstream's recommended mode of operation:
https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
networkd: Allow new MulticastDNS setting
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
which gained an implementation in systemd v233
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Bump slurm, add pyslurm
|
| | |/ / / / / /
| |/| | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nixos-install: quote nixos-prepare-root arguments
|
| |/ / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This prevents the script from breaking when channel_root is empty.
|
|/ / / / / / / |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
vault: 0.6.5 -> 0.7.3 with service
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|