| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
nixos/network: replace deprecated DHCP=both by DHCP=yes
|
| | |
|
|\ \
| |/
|/| |
nixos/gitlab: Update release notes and documentation
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The state path now, since the transition from initialization in
preStart to using systemd-tmpfiles, has the following restriction: no
parent directory can be owned by any other user than root or the user
specified in services.gitlab.user. This is a potentially breaking
change and the cause of the error isn't immediately obvious, so
document it both in the release notes and statePath description.
|
| |
| |
| |
| |
| | |
Document the breaking secret option transition from literal secrets to
file-based ones.
|
|\ \
| | |
| | | |
treewide: fix string escapes
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Yubico local auth
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
using challenge response
see https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html
|
| |_|/
|/| |
| | | |
useful in case of network disruption
|
|\ \ \
| | | |
| | | | |
qemu-guest: allow to override security.rngd
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
... otherwise enabling it causes a merge conflict.
Enabling it was necessary to give enough entropy for the sshd daemon in
my libvirt/nixops VM to generate keys see
https://github.com/NixOS/nixops/issues/1199.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In #68792 it was discovered that /dev/fuse doesn't have
wordl-read-writeable permissions anymore. The cause of this is that the
tmpfiles examples in systemd were reorganized and split into more files.
We thus lost some of the configuration we were depending on.
In this commit some of the new tmpfiles configuration that are
applicable to us are added which also makes wtmp/lastlog in the pam
module not necessary anymore.
Rationale for the new tmpfile configs:
- `journal-nowcow.conf`: Contains chattr +C for journald logs which
makes sense on copy-on-write filesystems like Btrfs. Other filesystems
shouldn't do anything funny when that flag is set.
- `static-nodes-permissions.conf`: Contains some permission overrides
for some device nodes like audio, loop, tun, fuse and kvm.
- `systemd-nspawn.conf`: Makes sure `/var/lib/machines` exists and old
snapshots are properly removed.
- `systemd-tmp.conf`: Removes systemd services related private tmp
folders and temporary coredump files.
- `var.conf`: Creates some useful directories in `/var` which we would
create anyway at some point. Also includes
`/var/log/{wtmp,btmp,lastlog}`.
Fixes #68792.
|
|\ \ \ \
| | | | |
| | | | | |
nixos/gitlab: Add gnutar and gzip to gitlab-sidekiq's path
|
| | | | |
| | | | |
| | | | |
| | | | | |
Tar and gzip are needed when importing GitLab project exports.
|
|\ \ \ \ \
| | | | | |
| | | | | | |
nixos/mailcatcher: add bind capabilities
|
| | | | | | |
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
nixos/networkmanager: tiny cleanups
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
These are the leftovers of an older PR.
a. Send messages to auditd if auditing is enabled.
b. Add missing dbus configuration if dnsmasq is used for DNS
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Use /dev/urandom to generate keys and salts instead of downloading them
from https://api.wordpress.org/secret-key/1.1/salt/
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos: improve the example that shows how to include nvidia_x11 in boot.extraModulePackages
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
boot.extraModulePackages
Fixes https://github.com/NixOS/nixpkgs/issues/68931.
|
| | | | | | | |
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This reverts commit 41af38f3728bd64b80721c44ed1fb019978cbc1b, reversing
changes made to f0fec244ca380b9d3e617ee7b419c59758c8b0f1.
Let's delay this. We have some serious regressions.
|
| | | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
|\ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ \ \
| | | |_|_|_|_|_|_|_|/
| | |/| | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Fixes problems such as:
systemd[1]: Failed to put bus name to hashmap: File exists
systemd[1]: dbus-org.freedesktop.nm-dispatcher.service: Two services allocated for the same bus name org.freedesktop.nm_dispatcher, refusing operation.
Problem is that systemd treats symlinks to files outside the service
path differently, causing our old workaround to look like two separate services.
These symlinks are intended to be a means for manually emulating
the behavior of the `Alias=` directive in these services.
Unfortunately even making these symlinks relative isn't enough,
since they don't make it to where it matters--
that only makes the links in /etc/static/systemd/system/*
relative, with systemd still being shown non-relative links
in /etc/systemd/system/*.
To fix this, drop all of this at the package level
and instead simply specify the aliases in the NixOS modules.
Also handle the same for modemmanager,
since the networkmanager NixOS module also handles that.
|
|\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
nixos/gitea: fix dump
|
| | |/ / / / / / / / / /
| |/| | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|/ / / /
|/| | | | | | | | | | | |
sdImage: use findmnt to get root device when resizing
|
| | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Touchups for nixos/xfce4-14 for 19.09
|
| | | | | | | | | | | | | |
|
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
We added
- parole
- pavucontrol
- xfce4-taskmanager
- xfwm4-themes
to the default packages.
|
| | | | | | | | | | | | | |
|
| | |_|_|_|_|_|_|/ / / /
| |/| | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Xfce 4.14 deprecated this.
It had many gtk2 themes that don't work that confused users #68977.
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
This reverts commit ea6e8775bd69e4676c623a85c39f1da540d29ad1. The new
format is not an improvement.
|
|\ \ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|/ / / /
|/| | | | | | | | | | | |
nixos/xterm: Set default to xserver.enable
|