| Commit message (Collapse) | Author | Age |
|\
| |
| | |
nixos: Add more ssh-keygen params
|
| | |
|
| | |
|
|\ \
| | |
| | | |
firejail: add nixos module
|
| | |
| | |
| | |
| | | |
Also add support for wrapping binaries with firejail.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In 0c7c1660f78e4f6befe0a210e1a9efae783a1733 I have set allowSubstitutes
to false, which avoided the substitution of the certificates.
Unfortunately substitution may still happen later when the certificate
is merged with the CA bundle. So the merged CA bundle might be
substituted from a binary cache but the certificate itself is built
locally, which could result in a different certificate in the bundle.
So instead of adding just yet another workaround, I've now hardcoded all
the certificates and keys in a separate file. This also moves
letsencrypt.nix into its own directory so we don't mess up
nixos/tests/common too much.
This was long overdue and should finally make the dependency graph for
the ACME test more deterministic.
Signed-off-by: aszlig <aszlig@nix.build>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since e95f17e2720e67e2eabd59d7754c814d3e27a0b2, Go packages no longer
contain the source tree, however Boulder seems to need that as it
generates a few files during build.
Ideally we would only pick the files that are needed and put it into a
separate output, but I currently don't have time for this so I'm marking
this with XXX to get back to it later.
Signed-off-by: aszlig <aszlig@nix.build>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* nixos/virtualbox: Adds more options to virtualbox-image.nix
Previously you could only set the size of the disk.
This change adds the ability to change the amount of memory
that the image gets, along with the name / derivation name /
file name for the VM.
* Incorporates some review feedback
|
| | | |
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since IP address options were changed for 18.03, eval has failed with:
"The option `networking.interfaces.eth1.subnetMask' is used but not defined."
although this option is not used at all in nixos anymore.
The misleading error message seems to be generated from evaluating warnings
for `mkRemovedOptionModule ["subnetMask"]` which apparently broke here
when this test inherited network.interfaces from one VM config to another.
Cc: @aszlig
|
| |
| |
| |
| |
| |
| | |
Simplifies the module and gets rid of the following error:
The --no-debug option is deprecated and ignored. See '--help
|
|\ \
| | |
| | | |
znc: add uriPrefix option
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allows the ZNC web interface to be hosted behind a reverse proxy as a
subdirectory.
https://wiki.znc.in/Reverse_Proxy#As_subdirectory
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows non-privileged users to configure local DNS
entries by editing hosts files read by NetworkManager's dnsmasq
instance.
Cherry-picked from e6c3d5a507909c4e0c0a5013040684cce89c35ce and
5a566004a2b12c3d91bf0acdb704f1b40770c28f.
|
|\ \ \
| | | |
| | | | |
quagga module: Use a deep merge via imports instead of the shallow merge
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The deep merge caused all the options to be unset when generating docs, unless quagga was enabled.
Using imports, instead, properly allows the documentation to be generated.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
With a config like
{
networking.interfaces."lo".ip4 = [
{ address = "10.8.8.8"; prefixLength = 32; }
];
}
a nixos-rebuild switch would take a long time, and you'd see:
$ systemctl list-jobs
JOB UNIT TYPE STATE
734400 network-interfaces.target start waiting
734450 sys-subsystem-net-devices-lo.device start running
734449 network-link-lo.service start waiting
and:
systemd[1]: sys-subsystem-net-devices-lo.device: Job sys-subsystem-net-devices-lo.device/star>
systemd[1]: sys-subsystem-net-devices-lo.device: Job sys-subsystem-net-devices-lo.device/star>
systemd[1]: Timed out waiting for device sys-subsystem-net-devices-lo.device.
This removes the device dependency for `lo` and fixes this bug.
Closes #7227
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Apparently merging #43021 1bdb1387103 did increase memory usage
in some cases. 1 GiB for a VM memory seems still low enough to me.
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
pipewire (nixos): add socket activation support
|
| | | | | |
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
resolvconf.conf: Remove forced NSCD service restart
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Forcibly restarting NSCD is unnecessary and breaks setups that use SSSD for
authentication. NSCD is capable of detecting changes to /etc/resolv.conf and
invalidating its caches internally. Restarting NSCD/SSSD breaks user name and
UID resolution.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
libinput: add button to scrollMethod
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Close #17840
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
oauth2_proxy: add nginx vhost module
|
| | | | | | | |
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
nixos/autorandr: make default target in systemd service configurable
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The `.service` file defining the `systemd` unit for `autorandr.service`
which is bundled with the package itself uses `--default default` in the
`ExecStart` section. This can be an issue when having multiple layouts
(e.g. `default` as workstation layout I mostly work on and `mobile` when
I go somewhere else).
When the service gets restarted and `--default` can't be applied,
however the current layout can't be detected (e.g. when working with an
unknown beamer) the service silently fails with a message like this:
```
Jun 22 18:44:46 hauptshuhle autorandr[3168]: /nix/store/h83b72ffm68nm8fyjnppljchp456a94r-xrandr-1.5.0/bin/xrandr: ca>
Jun 22 18:44:46 hauptshuhle autorandr[3168]: Failed to apply profile 'default' (line 718):
Jun 22 18:44:46 hauptshuhle autorandr[3168]: Command failed: /nix/store/h83b72ffm68nm8fyjnppljchp456a94r-xrandr-1.>
```
As discussed in the IRC (see https://botbot.me/freenode/nixos/2018-07-05/?msg=101791455&page=6)
it's a bad long-term solution in terms of maintenance to manually patch
the service file bundled with the derivation, instead the service shall
be configured declaratively. Additionally this makes possible overrides
from the user-space way easier.
The `udev` rule (in `$out/etc/udev/rules.d`) won't' be affected, it
simply runs `systemctl start autorandr.service` when e.g. a new display
is added, so now `udev` communicates with the NixOS systemd unit.
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
mpd: add NixOS tests
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This change adds NixOS tests for the MPD (Music Player Daemon) module.
Tests include:
- Playing audio locally using ALSA directly.
- Playing audio locally using PulseAudio (backed by ALSA).
- Playing audio from an external client.
- Rejecting an external client when it's not explicitly allowed (default configuration).
refs #41772
|
| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
murmur service: prevent silent launch failure by waiting until network is available
|
| | |_|_|_|_|/ / /
| |/| | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
nixos/firewall: per-interface port options
|
| | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
nixos/gpsd-service: add services.gpsd.nowait option
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|