* Allow packages to be added to the system path like so:
environment = {
extraPackages = pkgs: [
pkgs.firefox
pkgs.thunderbird
];
};
This approach is often actually nicer than adding to the default
profile using nix-env, since it's declarative, and all packages
declared here will be updated automatically when you run
nixos-rebuild.
* Allow additional setuid programs to be specified in
security.extraSetuidPrograms.
svn path=/nixos/trunk/; revision=8548
This commit is contained in:
Eelco Dolstra
parent
6113da3ce1
commit
3ab4e0f17f
@ -790,11 +790,23 @@
|
|||||||
default = ["passwd" "su" "crontab" "ping" "ping6"];
|
default = ["passwd" "su" "crontab" "ping" "ping6"];
|
||||||
description = "
|
description = "
|
||||||
Only the programs listed here will be made setuid root (through
|
Only the programs listed here will be made setuid root (through
|
||||||
a wrapper program).
|
a wrapper program). It's better to set
|
||||||
|
<option>security.extraSetuidPrograms</options>.
|
||||||
";
|
";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
{
|
||||||
|
name = ["security" "extraSetuidPrograms"];
|
||||||
|
default = [];
|
||||||
|
example = ["fusermount"];
|
||||||
|
description = "
|
||||||
|
This option lists additional programs that must be made setuid
|
||||||
|
root.
|
||||||
|
";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
{
|
{
|
||||||
name = ["users" "ldap" "enable"];
|
name = ["users" "ldap" "enable"];
|
||||||
default = false;
|
default = false;
|
||||||
@ -890,4 +902,22 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
{
|
||||||
|
name = ["environment" "extraPackages"];
|
||||||
|
default = pkgs: [];
|
||||||
|
example = pkgs: [pkgs.firefox pkgs.thunderbird];
|
||||||
|
description = "
|
||||||
|
This option allows you to add additional packages to the system
|
||||||
|
path. These packages are automatically available to all users,
|
||||||
|
and they are automatically updated every time you rebuild the
|
||||||
|
system configuration. (The latter is the main difference with
|
||||||
|
installing them in the default profile,
|
||||||
|
<filename>/nix/var/nix/profiles/default</filename>. The value
|
||||||
|
of this option must be a function that returns a list of
|
||||||
|
packages. The function will be called with the Nix Packages
|
||||||
|
collection as its argument for convenience.
|
||||||
|
";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
]
|
]
|
||||||
|
|||||||
@ -210,7 +210,8 @@ rec {
|
|||||||
nixosCheckout
|
nixosCheckout
|
||||||
setuidWrapper
|
setuidWrapper
|
||||||
]
|
]
|
||||||
++ pkgs.lib.concatLists (map (job: job.extraPath) upstartJobs.jobs);
|
++ pkgs.lib.concatLists (map (job: job.extraPath) upstartJobs.jobs)
|
||||||
|
++ (config.get ["environment" "extraPackages"]) pkgs;
|
||||||
|
|
||||||
|
|
||||||
# We don't want to put all of `startPath' and `path' in $PATH, since
|
# We don't want to put all of `startPath' and `path' in $PATH, since
|
||||||
@ -239,7 +240,9 @@ rec {
|
|||||||
inherit (pkgs) kernel;
|
inherit (pkgs) kernel;
|
||||||
readOnlyRoot = config.get ["boot" "readOnlyRoot"];
|
readOnlyRoot = config.get ["boot" "readOnlyRoot"];
|
||||||
hostName = config.get ["networking" "hostName"];
|
hostName = config.get ["networking" "hostName"];
|
||||||
setuidPrograms = config.get ["security" "setuidPrograms"];
|
setuidPrograms =
|
||||||
|
config.get ["security" "setuidPrograms"] ++
|
||||||
|
config.get ["security" "extraSetuidPrograms"];
|
||||||
maxJobs = config.get ["nix" "maxJobs"];
|
maxJobs = config.get ["nix" "maxJobs"];
|
||||||
|
|
||||||
path = [
|
path = [
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user