| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
|
|
|
| |
from a discussion on #13293
|
|
|
|
|
|
|
|
|
|
| |
* networkmanager: add information from wiki to docs
Specifically:
* mention nmcli, nmtui
* mention gtk and kde applets
fixes #13273
|
| |
|
| |
|
|\
| |
| | |
manual: automatically generate modules documentation
|
| | |
|
| | |
|
|/ |
|
|\
| |
| | |
grsecurity module: disable EFI runtime services by default
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Enabling EFI runtime services provides a venue for injecting code into
the kernel.
When grsecurity is enabled, we close this by default by disabling access
to EFI runtime services. The upshot of this is that
/sys/firmware/efi/efivars will be unavailable by default (and attempts
to mount it will fail).
This is not strictly a grsecurity related option, it could be made into
a general option, but it seems to be of particular interest to
grsecurity users (for non-grsecurity users, there are other, more
immediate kernel injection attack dangers to contend with anyway).
|
|/
|
|
|
|
|
| |
In light of Emacs packaging improvements such as those mentioned
in #11503, and with the addition of a systemd service (#15807
and #16356), and considering that the wiki page is completely
out of date (#13217), it seems that some documentation is in order.
|
|
|
|
|
| |
Explain the "what", "why", and "how" of grsecurity/PaX
on NixOS.
|
|
|
|
| |
It appears I've cherry-picked wrong commit without this fix.
|
| |
|
|
|
|
|
|
|
|
|
| |
* manual: Mark commands that require root
Mark every command that requires to be run as root by prefixing them
with '#' instead of '$'.
* manual: Add note about commands that require root
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows setting options for the same LUKS device in different
modules. For example, the auto-generated hardware-configuration.nix
can contain
boot.initrd.luks.devices.crypted.device = "/dev/disk/...";
while configuration.nix can add
boot.initrd.luks.devices.crypted.allowDiscards = true;
Also updated the examples/docs to use /disk/disk/by-uuid instead of
/dev/sda, since we shouldn't promote the use of the latter.
|
| |
|
| |
|
| |
|
|
|
|
| |
Closes #15076
|
| |
|
|
|
| |
Closes #15076
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a Taskserver module along with documentation and a small
helper tool which eases managing a custom CA along with Taskserver
organisations, users and groups.
Taskserver is the server component of Taskwarrior, a TODO list
application for the command line.
The work has been started by @matthiasbeyer back in mid 2015 and I have
continued to work on it recently, so this merge contains commits from
both of us.
Thanks particularly to @nbp and @matthiasbeyer for reviewing and
suggesting improvements.
I've tested this with the new test (nixos/tests/taskserver.nix) this
branch adds and it fails because of the changes introduced by the
closure-size branch, so we need to do additional work on base of this.
|
| |
| |
| |
| |
| |
| |
| | |
It's not by any means exhaustive, but we're still going to change the
implementation, so let's just use this as a starting point.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|/ |
|
|
|
|
|
|
| |
This reverts commit a5992ad61b314104aff7e28a41ce101a1b0e7c35. Motivation:
https://github.com/NixOS/nixpkgs/commit/a5992ad61b314104aff7e28a41ce101a1b0e7c35#commitcomment-14986820
|
|
|
|
| |
Fixes #13303.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow usage of list of strings instead of a comma-separated string
for filesystem options. Deprecate the comma-separated string style
with a warning message; convert this to a hard error after 16.09.
15.09 was just released, so this provides a deprecation period during
the 16.03 release.
closes #10518
Signed-off-by: Robin Gloster <mail@glob.in>
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This modification add a way to re-evaluate the module system with a
different version of NixOS, or with a different set of arguments.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is primarily to ensure that
-I nixpkgs=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz
and
-I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz
and
-I nixpkgs=https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz
behave consistently.
It also allows installing packages via "nix-env -iA nixos.<pkg>"
rather than "nixos.pkgs.<pkg>". It would be even better to allow
"nixpkgs.<pkg>", but that requires a change to nix-channel.
Fixes #7659.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
Conflicts:
pkgs/applications/version-management/subversion/default.nix
|
| |\|
| | |
| | |
| | |
| | |
| | | |
Conflicts:
pkgs/development/libraries/ffmpeg/2.x.nix
pkgs/development/libraries/serf/default.nix
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Hydra: ?compare=1149952
Conflicts:
nixos/doc/manual/configuration.xml (changed split file)
nixos/modules/config/users-groups.nix (choosing filterNull instead of inline definition)
pkgs/development/libraries/readline/readline6.3.nix (auto-solved)
|