| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Systemd: Allow specifying external generators
|
| | |
|
| | |
|
| |
| |
| |
| | |
Fixes #6429.
|
| |
| |
| |
| | |
Fixes #14594.
|
|\ \
| | |
| | | |
Shout: configure with attrs
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add Caddy and its NixOS module
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Commit 98d9bba introduced this option as a nullOr type and it actually
checks whether null has been set and only appends -dpi if that's the
case. So let's actually set the default to null instead of 0.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This module adds an option `security.hideProcessInformation` that, when
enabled, restricts access to process information such as command-line
arguments to the process owner. The module adds a static group "proc"
whose members are exempt from process information hiding.
Ideally, this feature would be implemented by simply adding the
appropriate mount options to `fileSystems."/proc".fsOptions`, but this
was found to not work in vmtests. To ensure that process information
hiding is enforced, we use a systemd service unit that remounts `/proc`
after `systemd-remount-fs.service` has completed.
To verify the correctness of the feature, simple tests were added to
nixos/tests/misc: the test ensures that unprivileged users cannot see
process information owned by another user, while members of "proc" CAN.
Thanks to @abbradar for feedback and suggestions.
|
|\ \ \ \
| |_|/ /
|/| | | |
minidlna: logging via journalctl, use systemd runtimedirectory, install manpages
|
| | | | |
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
fish: pick up completion files from other packages
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Some packages bring their own completions in
/share/fish/vendor_completions.d. Now they are picked up by fish from
every path in NIX_PROFILES.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
Plex: update plex, plexpass; fix plex module to restart
|
| | |/ / /
| |/| | | |
|
|/ / / / |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
At some point we probably want to replace this with a curated list
of configurations or even an upstreamed repository of examples, but
for now this is just noise.
Fixes NixOS/nixpkgs#14522
|
| |_|/
|/| |
| | |
| | | |
Drop the broken fsRoot option.
|
|\ \ \
| | | |
| | | | |
iodine service: add client mode implimentation
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- services.iodined moved to services.iodine
- configuration file backwards compatable
- old iodine server configuration moved to services.iodine.server
- attribute set services.iodine.clients added to specify any number
of iodine clients
- example:
iodine.clients.home = { server = "iodinesubdomain.yourserver.com"; ... };
- client services names iodine-name where name would be home
|
| | | |
| | | |
| | | |
| | | | |
This is useful when ACME has generated a new TLS certificate.
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The option authzldapauthoritative had been removed in 2.4
I pushed this into 16.03 instead of master first. My fault.
(cherry picked from commit 516f47efefc44a5465266fe4d72f9136147d2caf)
|
|\ \ \ \
| | | | |
| | | | | |
nixos/stage-1: Removed logCommands conditional for resetting the file descriptors after completion of logging
|
| | | | |
| | | | |
| | | | |
| | | | | |
descriptors after completion of logging
|
| | | | | |
|
| |_|_|/
|/| | | |
|
|\ \ \ \
| |_|_|/
|/| | | |
Fix typo in service.syncthing.dataDir description.
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
pulseaudio nixos module: run as systemd user service instead
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Most of the desktop environments will spawn pulseaudio, but we can instead simply run it as a systemd service instead.
This patch also makes the system wide service run in foreground as recommended by the systemd projects and allows it to use sd_notify to signal ready instead of reading a pid written to a file. It is now also restarted on failure.
The user version has been tested with KDE and works fine there.
The system-wide version runs, but I haven't actually used it and upstream does not recommend running in this mode.
|
|\ \ \ \
| | | | |
| | | | | |
dbus nixos module: add units for systemd user session
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch makes dbus launch with any user session instead of
leaving it up to the desktop environment launch script to run it.
It has been tested with KDE, which simply uses the running daemon
instead of launching its own.
This is upstream's recommended way to run dbus.
|
|\ \ \ \
| | | | |
| | | | | |
Crashplan 46 r2
|
| | | | | |
|
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Unetbootin works by altering the image and placing a boot loader on it.
For this reason, it cannot work with UEFI and the installation guides
for other distributions (incl. Debian and Fedora) recommend against
using it.
Since dd writes the image verbatim to the drive, and not just the files,
it is not necessary to change the label after using it for UEFI
installations.
vcunat: tiny changes to the PR. Close #14139.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 45c218f893d38f94cd62fc256117b9fb1a0d1749.
Busybox's modprobe causes numerous "Unknown symbol" errors in the
kernel log, even though the modules do appear to load correctly.
|
|\ \ \ \
| | | | |
| | | | | |
mfi: init at 2.1.11
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This package has some outdated dependencies, so old versions of mongodb
and v8 had to be re-added as well.
|
| | | | | |
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
services: Add Tahoe-LAFS service.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Including systemd configuration and much of the standard storage node and
introducer configuration.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
syncthing: run daemon with dedicated user as default
|
| |/ / / / |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
(cherry picked from commit 216c840ca8c7a3a0e71244be3b739dafa32a0709)
Signed-off-by: Domen Kožar <domen@dev.si>
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
(cherry picked from commit 279557e6d2a1afce8419030ec538c1eb3f42abe4)
Signed-off-by: Domen Kožar <domen@dev.si>
|