| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
wrapper library is used
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
running a separate instance.
|
| | | | | | | | |
|
| |/ / / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
tsocks is still useful because it's less strict
This reverts commit 1b26faeb6994151b8f8842f340fe4c1b820f09fb.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |_|_|/ /
|/| | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit 5d67b17901ff2c9a18647bd9453c6b0d4294b875.
The issues have been resolved by ac603e208c98b260db675fa0c13be94fa95216f4.
Tested this with hostonlyifs and USB support with extension pack.
Conflicts:
nixos/modules/programs/virtualbox-host.nix
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
IMHO, having a short timeout (1h) defeats the point of using
ssh-agent, which is not to have to retype passphrases all the time. Of
course, users who want timeouts can set programs.ssh.agentTimeout.
This restores the 14.04 behaviour.
|
| | | | | |
| | | | |
| | | | |
| | | | | |
http://hydra.nixos.org/build/17989795
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Especially if the user isn't in the vboxusers group anymore, this gets
VERY noisy, because the VBoxSVC process emits warnings for every single
USB device noting that it's only possible to access it when the user is
in the vboxusers group.
So, we now have a debug attribute, where we can enable it when
necessary.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
At least when we're running in hardening mode, because it's needed there
only for USB support.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The "nix-store" command within the VM test is running without
NIX_REMOTE=daemon and since Nix 1.8 tries to open the store database in
read-write mode even for nix-store -qR.
Now, we're doing this properly and rely on setup hooks, which is the
same method that's used when you're building a library which depends on
blivet.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Because we have to rely on setuid wrappers on NixOS, we can't easily
hardcode the executable paths and set it 4755. So for all calls, we need
to change the runtime path executable directory to /var/setuid-wrappers/
and for verification we need to retain the executable directory.
Also note, that usually VBoxNetAdpCtl, VBoxNetDHCP, VBoxNetNAT, VBoxSDL
and VBoxVolInfo don't reside in directories that are commonly in PATH,
but in /usr/lib/virtualbox in most mainstream distros. But because the
names of these executables are distinctive enough to not cause
collisions with other setuid programs, I'll leave it like that and not
patch up setuid-wrappers.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
(cherry picked from commit 8566f66ea44f7adf050d92bd8dc8de9ba814f0d1)
Signed-off-by: Domen Kožar <domen@dev.si>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
(cherry picked from commit 33e9a0503a55aef49c4d8750a712388ab71b6446)
Signed-off-by: Domen Kožar <domen@dev.si>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
(cherry picked from commit 9bc8bcbbdcc7cac98686877f09315bb749627732)
Signed-off-by: Domen Kožar <domen@dev.si>
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit ee8e15fe76a235ae3583d4e8cb4bb370f28c5eae. See
discussion at https://github.com/NixOS/nixpkgs/commit/ee8e15fe76a235ae3583d4e8cb4bb370f28c5eae.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
/run/opengl-drivers should contain only libGL-related libraries, not
stuff like udev. Injecting anything into LD_LIBRARY_PATH is dangerous
because it can break applications that expect a different version of
the library.
Caused by eef9a8ac2a30b495ff7184382ed0dbd73b3b88e4. Fixes #5371.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
(cherry picked from commit 5bafb9cf0fea00470be4ff9b342849339297eeb4)
Signed-off-by: Domen Kožar <domen@dev.si>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Move lgi to luaPackages
- Use luaPackages in awesome and passthru lua
- Allow to pass lua modules to the awesome WM so that those can be used in the configuration
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
nixos: allow adding extra modules through environment
|
| | | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This is useful for adding extra functionality or defaults to _every_
nixos evaluation.
My use case is overriding behaviour for all nixos tests, for example
setting packageOverrides to newer versions and changing some default
dependencies/settings.
By making this accessible through an environment variable, this can now
be fully accomplished externally. No more need to fork
nixos/nixpkgs (which becomes a maintenance burden), just use the channel
instead and plug in via this envvar.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
nixos: configure samba and rsync shares with sets
|
| | | | | | | |
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
cloud-init: add expression and service
|
| | | | | | | |
|
| | |_|_|/ /
|/| | | | |
|
| | | | | | |
|
| | | | | | |
|
| | |_|/ /
|/| | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The warning was displayed whenever services.virtualboxHost.enable was
true, but if people were to enable hardening, they'd still get that
annoying message.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This also makes showvminfo obsolete, as we get the same information from
the hosts log.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Creates unnecessary cruft in the root users home directory, which we
really don't need. Except the log, but therefore we now cat the log to
stderr and the private temporary directory is cleaned up afterwards.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |_|/
|/| |
| | |
| | |
| | |
| | |
| | |
| | | |
This should display a big fat warning that people can hardly miss until
we have fixed the issues with the host-only-interfaces that persist when
hardining is enabled.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Essentially adds two more VirtualBox VMs to the test and also increases
the memory size of the qemu VM to 768 MB to make sure we don't run out
of memory too soon.
We're testing whether those two VMs can talk to either each other
(currently via ICMP only) or to/from the host via TCP/IP.
Also, this restructures the VM test a bit, so that we now pass in a
custom stage2Init script that has access to the store via a private
mount over the /nix/store that's already in the initrd. The reason why
this is a private mount is that we don't want to shadow the Nix store of
the initrd, essentially breaking cleanup functionality after the custom
stage 2 script (currently this is only "poweroff -f").
Note that setting the hostname inside the VirtualBox VM is *not* for
additional fanciness but to produce a different store path for the VM
image, so that VirtualBox doesn't bail out when trying to use an image
which is already attached to another VM.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Hardening mode in VirtualBox is quite restrictive and on some systems it
could make sense to disable hardening mode, especially while we still
have issues with hostonly networking and other issues[TM] we don't know
or haven't tested yet.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We're going to create more than one VirtualBox VM, so let's dynamically
generate subs specific to a particular VirtualBox VM, merging everything
into the testScript and machine expressions.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | |
| | |
| | |
| | |
| | | |
Systemd already generates /etc/machine-id. So there is no need to
generate another unique host identifer.
|
| | | | |
|
| | | |
| | |
| | |
| | | |
https://github.com/NixOS/nixpkgs/pull/5332
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Suggested in https://github.com/NixOS/nixpkgs/pull/5332.
|