| Commit message (Collapse) | Author | Age |
... | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fixes #27202.
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Creating and then erasing the key relies on the disk erasing data
correctly, and otherwise allows attackers to simply decrypt swap just
using "secretkey". We don't actually need a LUKS header, so we can save
ourselves some pointless disk writes and identifiability.
In addition, I wouldn't have made the awful mistake of backing up my swap partition's LUKS header instead of my zpool's. May my data rest in peace.
|
| |/ / / / / /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
- Remove useless escape of question mark
- Fix and quoting
- Add some '&&s' for correctness
- Add escapeShellArg
- Remove &&s in preStart
Edited by grahamc: fixed the ${} typo on line 246
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Now user can execute e.g. "sudo tinc.netname dump nodes"
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
nixos/zookeeper: escape cfg.extraCmdLineOptions
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
osquery: init at 2.5.2
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
use replace to make it succeed
|
|\ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|/
|/| | | | | | | | |
coturn: allow use of ports < 1024
|
| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
programs.zsh.ohMyZsh: add `package` option to make package overrides on module-base easier
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
module-base easier
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
The previous package didn't build properly due to a bug in the build
script, and the nixos module didn't evaluate due to missing descriptions
in the options. This fixes both issues.
It also adds missing command-line options that weren't able to be set
and properly converts bools to the strings exhibitor expects.
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
cc #27503
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Initial Exhibitor nix package and nixos module for Netflix's Exhibitor,
which is a manager for Apache Zookeeper.
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Syntax errors prevented important parameters from being passed to
oauth2_proxy, which could have permitted unauthorised access to
services behind the proxy.
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This allows to run the prune job periodically on a machine.
By default the if enabled the job is run once a week.
The structure is similar to how system.autoUpgrade works.
|
| | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
postgresql: fix nixos tests and add xml support
|
| | | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
I suspect these functions aren't widely used, but they are enabled in
PostgreSQL on Ubuntu and Arch.
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
1. Needs to call makeTest or else nothing happens when you run
`nix-build nixos/tests/postgresql.nix`.
2. Tests run as root, so there needs to be a corresponding user in
PostgreSQL.
|
|\ \ \ \ \ \ \ \ \ \ \
| |_|/ / / / / / / / /
|/| | | | | | | | | | |
cyrus-sasl: Add saslauthd service and LDAP support
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Accessing an url like https://gitlab.example.org/group/project/repository/archive.tar.gz?ref=master
requires tar/gzip to be in the path of the gitlab-workhorse service otherwise it fails.
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
Google compute image
|
| | |_|_|_|_|_|_|/ / /
| |/| | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
This adds a few google-specific services to setup the machine.
Accounts are now dynamically created using the google-accounts-daemon,
which allows to click on the "SSH" button in the console and have it
working.
The NixOS image now supports the userdata startup and shutdown scripts.
Misc:
* add all the google services from https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_init/systemd
* add udev rules for disk labels
* synched sysctl rules with https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
cnijfilter: init at 2.80
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
this driver reads support files from lib/bjlib as well as lib/cups,
which is why the path in cupsd.nix is tweaked
|
| | | | | | | | | | | | |
|
| |_|_|_|_|_|_|_|_|_|/
|/| | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
by nixops.
(cherry picked from commit e93f26847ea41cce6633b6a0feb6ce31b0722d5d)
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
nixops.
(cherry picked from commit 9d810ddcc1938a90090fd60f8924f4e83acbeee2)
|
| | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
journalwatch & journalwatch service: init at 1.1.0
|
| | |/ / / / / / / / /
| |/| | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
* wireguard: allow not storing private keys in world-readable /nix/store
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
The systemd service file shipped with strongswan has strongswan started after `network-online`. It turns out that this is for good reason: failure to connect on boot otherwise.
See this thread on the mailing list, which my colleague initiated after finding that our NixOS strongswan config wouldn't connect on boot:
https://lists.strongswan.org/pipermail/users/2017-January/010359.html
Tested on a local config (which has the strongswan service config overridden).
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Google PageSpeed recommends turning this on to allow proxies to cache
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
bitlbee service: Add option to load libpurple plugins into bitlbee
|
| | | | | | | | | | | | |
|
| |_|_|_|_|_|_|_|_|_|/
|/| | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Otherwise some programmes cannot use the GPG agent, e.g. applications
started from dmenu.
Behaviour was changed in #26888, this reverts that part.
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
should not be mistaken
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsa
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Fixes issue #25790.
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
NixOS does not boot in VMware guest without these modules
|
|\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
nixos: Force check the filesystem before resizing
|