| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Squeezelite package and service init
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
it can be used without Disnix and remove the hacky/obsolete avahi publisher
|
| |\ \
| | |
| | | |
openldap: add -h urlList in service so LDAP TLS could be enabled
|
| | | | |
|
| | | |
| | |
| | |
| | | |
Closes #15917
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
wpa_supplicant fails to start if the wireless interfaces aren't ready yet,
so we need to add a system ordering directive here to start wpa_supplicant
after the interfaces are ready. Note that Requires= is not enough since
it does not imply ordering.
|
| |\ \ \
| | | |
| | | | |
Fixes #16181 - using bin output for Go services
|
| | | | | |
|
| |\ \ \ \
| |/ / /
|/| | | |
Rework grsecurity support
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
I've failed to figure out what why `paxtest blackhat` hangs the vm, and
have resigned to running individual `paxtest` programs. This provides
limited coverage, but at least verifies that some important features are
in fact working.
Ideas for future work includes a subtest for basic desktop
functionality.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This GID was used to exempt users from Grsecurity's
`/proc` restrictions; we now prefer to rely on
`security.hideProcessInformation`, which uses the `proc` group
for this purpose. That leaves no use for the grsecurity GID.
More generally, having only a single GID to, presumably, serve as the
default for all of grsecurity's GID based exemption/resriction schemes
would be problematic in any event, so if we decide to enable those
grsecurity features in the future, more specific GIDs should be added.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The new module is specifically adapted to the NixOS Grsecurity/PaX
kernel. The module declares the required kernel configurations and
so *should* be somewhat compatible with custom Grsecurity kernels.
The module exposes only a limited number of options, minimising the need
for user intervention beyond enabling the module. For experts,
Grsecurity/PaX behavior may be configured via `boot.kernelParams` and
`boot.kernel.sysctl`.
The module assumes the user knows what she's doing (esp. if she decides
to modify configuration values not directly exposed by the module).
Administration of Grsecurity's role based access control system is yet
to be implemented.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* nixos module included
* install compiled binary
* only one platform now
* limited config options
* relies on providing ssh keys for agent
|
| |\ \ \ \
| | | | |
| | | | | |
xbanish service: init at 1.4
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Update node packages
|
| | | |_|_|/
| |/| | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
mod_auth_mellon: init at 0.12.0 and dependency lasso: init at 2.5.1
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We need to use wrapped modprobe, so that it finds the right
modules. Docker needs modprobe to load overlay kernel module
for example.
This fixes an an error starting docker if the booted system's kernel
version is different from the /run/current-system profile's one.
|
| | |/ / / /
|/| | | | |
|
| |\ \ \ \ \
| |_|_|/ /
|/| | | | |
Postfix: Add an option to enable Submission
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | | |
Adds services.postfix.enableSubmission and services.postfix.extraSubmissionOptions to make it easy to enable submission in master.cf
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
oauth2_proxy: create new module for service
|
| | | | | | | |
|
| |\ \ \ \ \ \ |
|
| | | |/ / / /
| |/| | | |
| | | | | |
| | | | | | |
Fixes #16094.
|
| |/ / / / / |
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
This reverts commit 285061d50c1f0216a420a811d812e31ad4fe88a7.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
frameworkintegration was split with plasma-integration in Plasma 5.6.
|
| | | |_|/ /
| |/| | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
gnome3.20: init at 3.20.0
|
| | |/ / / / |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
openldap: fix example for multiple-outputs and formatting
|
| | | |_|_|/
| |/| | | |
|
| | |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The update-resolve-conf script from the update-resolv-conf
package is very useful and should work in most of the common
cases, so this adds an option to enable it. The option is
disabled by default for backwards compatibility.
|
| |\ \ \ \
| | | | |
| | | | |
| | | | | |
... and fglrxCompat to maintain compatibility.
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
... and add its man page.
Now I seem to be running fine with the new server.
|
| | | | | | |
|
| | | |_|/
| |/| | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
So far the module only allowed for the ccid driver, but there are a lot
of other PCSC driver modules out there, so let's add an option called
"plugins", which boils down to a store path that links together all the
paths specified.
We don't need to create stuff in /var/lib/pcsc anymore, because we
patched pcsclite to allow setting PCSCLITE_HP_DROPDIR.
Another new option is readerConfig, which is especially useful for
non-USB readers that aren't autodetected.
The systemd service now is no longer Type=forking, because we're now
passing the -f (foreground) option to pcscd.
Tested against a YubiKey 4, SCR335 and a REINER SCT USB reader.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @wkennington
|