Commit Graph

184 Commits

Author SHA1 Message Date
Thomas Tuegel
80670a2d13 nixos/environment: don't set Qt 5 paths 2015-10-30 16:10:37 -05:00
Eelco Dolstra
c20403631d Factor out "man" into a separate module and add "man" outputs to system.path
Fixes #10270.
2015-10-30 15:21:12 +01:00
Nikolay Amiantov
7a9982d465 nixos/bash: use simple prompt for dumb terminals 2015-10-22 14:05:49 +03:00
Eelco Dolstra
89e983786a Manual: Remove store path references 2015-09-24 11:50:58 +02:00
Jan Malakhovski
6eadb16022 nixos: fix some types 2015-09-18 18:48:50 +00:00
Tobias Geerinckx-Rice
45b86d6981 nixos: cdemu service: mark up & tweak descriptions 2015-09-07 00:47:18 +02:00
Eelco Dolstra
c090efb9d8 command-not-found: Fix nix-env invocation 2015-09-02 19:49:34 +02:00
Eelco Dolstra
13532ee161 command-not-found: Use attribute name 2015-09-02 17:40:19 +02:00
Eelco Dolstra
f6eece6f8f programs.ssh.knownHosts: Use attribute name
This allows writing:

  programs.ssh.knownHosts."10.1.2.3".publicKey = "bar";

instead of

  programs.ssh.knownHosts = [ { hostNames = [ "10.1.2.3" ]; publicKey = "bar"; } ];
2015-08-27 15:32:46 +02:00
Eelco Dolstra
7c6ff6c1da programs.ssh.knownHosts: Use submodule 2015-08-27 15:32:46 +02:00
Eelco Dolstra
287c08d8a3 Rename services.openssh.knownHosts -> programs.ssh.knownHosts
This option configures the SSH client, not the server.
2015-08-27 15:32:46 +02:00
Eelco Dolstra
401782cb67 Revert "openssh: 6.9p1 -> 7.0p1"
This reverts commit a8eb2a6a81. OpenSSH
7.0 is causing too many interoperability problems so soon before the
15.08 release.

For instance, it causes NixOps EC2 initial deployments to fail with
"REMOTE HOST IDENTIFICATION HAS CHANGED". This is because the client
knows the server's ssh-dss host key, but this key is no longer
accepted by default. Setting "HostKeyAlgorithms" to "+ssh-dss" does
not work because it causes ssh-dss to be ordered after
"ecdsa-sha2-nistp521", which the server also offers. (Normally, ssh
prioritizes host key algorithms for which the client has a known host
key, but not if you set HostKeyAlgorithms.)
2015-08-20 14:08:18 +02:00
Luca Bruno
e53e1c7070 nixos xfs_quota: simplify restartTriggers 2015-08-19 20:04:20 +02:00
Luca Bruno
bc46013ac1 nixos xfs_quota: set default projects to {} 2015-08-19 18:03:42 +02:00
Luca Bruno
d8b9521d64 nixos xfs_quota: add new module for managing xfs_quota projects 2015-08-19 16:09:35 +02:00
Eelco Dolstra
a47fef4d9e Merge pull request #9326 from oxij/fix-info
Documentation indexes
2015-08-19 13:46:47 +02:00
Jan Malakhovski
c6256c0e3e nixos: generate infodirs directly in system-path
`man 1 info` says:

   The first non-option argument, if present, is the menu entry to
   start from; it is searched for in all `dir' files along INFOPATH.
   If it is not present, info merges all `dir' files and shows the
   result. Any remaining arguments are treated as the names of menu
   items relative to the initial node visited.

Which means that this does what previous programs/info did and #8519
(on-the-fly infodir generation for Emacs) wanted to do, but for both
programs.
2015-08-18 18:42:57 +00:00
Eelco Dolstra
1f2eef5ae9 openssh: Re-enable DSA client keys
This was broken by a8eb2a6a81.
2015-08-18 13:11:45 +02:00
Eelco Dolstra
3f1354a3cd Add an option ‘nix.nixPath’ for specifying $NIX_PATH 2015-08-05 14:33:15 +02:00
aszlig
6c50714222
nixos: Give virtualbox-host.nix a better location.
In 14f09e0, I've introduced the module under modules/programs, because
the legacy virtualbox.nix was also under that path. But because we
already have modules/virtualisation/virtualbox-guest.nix, it really
makes sense to put this module alongside of it as well.

This module thus has no change in functionality and I've tested
evaluation against nixos/tests/virtualbox.nix and the manual.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-08-04 03:59:52 +02:00
William A. Kennington III
8e19ac8d7c Merge branch 'master.upstream' into staging.upstream 2015-06-17 11:57:40 -07:00
Eelco Dolstra
6e6a96d42c Some more type cleanup 2015-06-15 18:18:46 +02:00
William A. Kennington III
867d2c5c46 openssl: Remove References to OPENSSL_X509_CERT_FILE 2015-05-31 15:50:51 -07:00
Kranium Gikos Mendoza
6f634e3c3a Add kbdlight package and setuid wrapper
update nixos/modules/programs/kbdlight.nix to use mkEnableOption
2015-05-11 13:23:01 +08:00
Eelco Dolstra
11a9774c75 Use "mkdir -p" when creating ~/.nix-defexpr
Otherwise, simultaneous invocations of /etc/profile can fail, e.g.

  mkdir: cannot create directory ‘/.nix-defexpr’: File exists
2015-04-20 13:03:04 +02:00
Peter Simons
6edc3022ef Merge pull request #7345 from joachifm/conditional-shadow-setuids
nixos: condition shadow setuid-wrappers on mutableUsers
2015-04-14 13:23:19 +02:00
Joachim Fasting
75ab7bf960 nixos: condition shadow setuid-wrappers on mutableUsers
Having junk setuid wrappers in PATH is annoying.
2015-04-14 00:27:11 +02:00
aszlig
5075cbe696
nixos: Put root's channels to the end of NIX_PATH.
My original reason to put it at the beginning of NIX_PATH was to allow
shipping a particular version <nixpkgs> with a channel. But in order to
do that, we can still let the channel expression ship with a custom
version of nixpkgs by something like <channel/nixpkgs> and the builder
of the channel could also rewrite self-references.

So the inconvenience is now shifted towards the maintainer of the
channel rather than the user (which isn't nice, but better err on the
side of the developer rather than on the user), because as @edolstra
pointed out: Having the channels of root at the beginning of NIX_PATH
could have unintended side-effects if there a channel called nixpkgs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-04-13 12:20:58 +02:00
aszlig
65e569cc37
nixos: Add all of root's channels to NIX_PATH.
This is very useful if you want to distribute channels (and thus
expressions as well) in a similar fashion to Debians APT sources (or
PPAs or whatnot).

So, for example if you have a channel with some additional functions
or packages, you simply add that channel with:

sudo nix-channel --add https://example.com/my-nifty-channel foo

And you can access that channel using <foo>, for example in your
configuration.nix:

{
  imports = [ <foo/modules/shiny-little-module> ];
  environment.systemPackages = with import <foo/pkgs> {}; [ bar blah ];
  services.udev.extraRules = import <foo/lib/udev/mkrule.nix> {
    kernel = "eth*";
    attr.address = "00:1D:60:B9:6D:4F";
    name = "my_fast_network_card";
  };
}

Within nixpkgs, we shouldn't have <nixos> used anywhere anymore, so we
shouldn't get into conflicts.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-04-12 23:50:20 +02:00
obadz
be7f104502 sg: add setuid wrapper. (newgrp is a symlink to sg and was already setuid).
sudo: add ability for wheel users to change group (as well as user)
2015-03-30 23:50:45 +01:00
Gabriel Ebner
d23ed364b5 Add ibus-qt. 2015-03-11 21:54:04 +01:00
Gabriel Ebner
59da79c733 ibus: Enable XIM support.
This allows firefox to use ibus.
2015-03-11 21:54:04 +01:00
Gabriel Ebner
f222abea44 Add programs.ibus config option to enable ibus and plugins. 2015-03-11 21:53:34 +01:00
Thomas Tuegel
4b10907152 ssh: make askPassword an option
By making askPassword an option, desktop environment modules can
override the default x11_ssh_askpassword with their own equivalent for
better integration. For example, KDE 5 uses plasma5.ksshaskpass instead.
2015-03-11 11:49:29 -05:00
Nikolay Amiantov
264c6892f2 nixos/uim: capitalize description 2015-03-05 20:49:45 +03:00
Eelco Dolstra
36d0f367de ssh-agent: Fix asking for confirmation via $SSH_ASKPASS
This was lost back in
ffedee6ed5. Getting this to work is
slightly tricky because ssh-agent runs as a user unit, and so doesn't
know the user's $DISPLAY.
2015-02-25 14:31:17 +01:00
Thomas Tuegel
a79936561b environment: use Qt 5 Qml import paths 2015-02-21 11:39:20 -06:00
Luca Bruno
e088fd0314 Revert "Merge pull request #5626 from matthiasbeyer/add-fish_shell_module"
This reverts commit 157d199b33, reversing
changes made to 4c7adddcb7.
2015-02-11 18:31:11 +01:00
lethalman
157d199b33 Merge pull request #5626 from matthiasbeyer/add-fish_shell_module
Add basic nixos module for fish shell
2015-02-11 15:05:03 +01:00
Herwig Hochleitner
983fddcea8 Move cdemu module into programs 2015-02-10 13:14:09 +01:00
Thomas Tuegel
849647a3eb environment: set paths for Qt plugins and QML 2015-01-26 20:59:49 -06:00
Domen Kožar
b92a62165d Merge pull request #5726 from spwhitt/zsh-command-not-found
command-not-found: Add ZSH Support
2015-01-17 18:15:35 +01:00
Spencer Whitt
6cba6dc61b command-not-found: Add ZSH Support 2015-01-12 03:45:48 -05:00
Arseniy Seroka
4f596fb93f Revert "zsh: profile-relative functions path"
This reverts commit 766207ca1d.

We need to solve the problem with `environment.profileRelativeEnvVars`.
The best workaround is to make profileRelativeEnvVars prepend paths.
2015-01-10 22:11:13 +03:00
Matthias Beyer
5e6068d913 Put shell aliases in interactiveShellInit 2015-01-08 15:18:26 +01:00
Matthias Beyer
c5e855e060 Add basic nixos module for fish shell 2015-01-08 15:18:26 +01:00
Jan Malakhovski
b6646f7ba7 nixos: make zsh use fcntl for locking history files by default
Without this zsh creates and then unlinks .lock files at each interactive
input line, which is inhumane with respect to disk.
2015-01-07 15:43:01 +00:00
Kirill Elagin
766207ca1d zsh: profile-relative functions path
This is needed mostly for autocompletion.
2015-01-04 02:02:59 +03:00
aszlig
f7384b8c75
nixos/virtualbox: Revert disable hardening.
This reverts commit 5d67b17901.

The issues have been resolved by ac603e208c.

Tested this with hostonlyifs and USB support with extension pack.

Conflicts:
	nixos/modules/programs/virtualbox-host.nix

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>
2014-12-18 18:18:32 +01:00
Eelco Dolstra
63c14e259d ssh-agent: Don't have a timeout by default
IMHO, having a short timeout (1h) defeats the point of using
ssh-agent, which is not to have to retype passphrases all the time. Of
course, users who want timeouts can set programs.ssh.agentTimeout.

This restores the 14.04 behaviour.
2014-12-18 15:34:29 +01:00
aszlig
ac603e208c
virtualbox: Fix runtime paths in hardening mode.
Because we have to rely on setuid wrappers on NixOS, we can't easily
hardcode the executable paths and set it 4755. So for all calls, we need
to change the runtime path executable directory to /var/setuid-wrappers/
and for verification we need to retain the executable directory.

Also note, that usually VBoxNetAdpCtl, VBoxNetDHCP, VBoxNetNAT, VBoxSDL
and VBoxVolInfo don't reside in directories that are commonly in PATH,
but in /usr/lib/virtualbox in most mainstream distros. But because the
names of these executables are distinctive enough to not cause
collisions with other setuid programs, I'll leave it like that and not
patch up setuid-wrappers.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-18 14:06:13 +01:00
Eelco Dolstra
bde9ae18cf Revert "enable bash autocomplete by default"
This reverts commit ee8e15fe76. See
discussion at ee8e15fe76.
2014-12-18 00:36:46 +01:00
aszlig
e36bec661c
nixos/virtualbox: Fix warning on enableHardening.
The warning was displayed whenever services.virtualboxHost.enable was
true, but if people were to enable hardening, they'd still get that
annoying message.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-16 11:24:55 +01:00
aszlig
d85fabd68c
nixos/virtualbox/hostonlyif: Fix writing to /root.
Creates unnecessary cruft in the root users home directory, which we
really don't need. Except the log, but therefore we now cat the log to
stderr and the private temporary directory is cleaned up afterwards.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 19:16:43 +01:00
aszlig
5d67b17901
nixos/virtualbox: Disable hardening for now.
This should display a big fat warning that people can hardly miss until
we have fixed the issues with the host-only-interfaces that persist when
hardining is enabled.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 18:53:41 +01:00
aszlig
245baeb2f6
nixos/virtualbox: Note about "vboxusers" group.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:19 +01:00
aszlig
e03e0ff42a
nixos/virtualbox: Allow to disable hardening.
Hardening mode in VirtualBox is quite restrictive and on some systems it
could make sense to disable hardening mode, especially while we still
have issues with hostonly networking and other issues[TM] we don't know
or haven't tested yet.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 17:52:18 +01:00
aszlig
0d71ec8a6e
nixos/virtualbox: Fix setuid wrappers.
We only need to have setuid-root wrappers for VBox{Headless,SDL} and
VirtualBox, otherwise VBoxManage will run as root and NOT drop
privileges!

Fixes #5283.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-13 07:52:19 +01:00
ambrop7@gmail.com
65393ca8d3 virtualbox: Unbreak the nixos module. 2014-12-12 00:16:33 +01:00
ambrop7@gmail.com
9fa2c35ec8 virtualbox: Allow disabling the network interface.
The current nixos module for VirtualBox unconditionally configures a vboxnet0
network interface at boot. This may be undesired, especially when the user wants
to manage network interfaces in a centralized manner.
2014-12-11 23:35:03 +01:00
Domen Kožar
ee8e15fe76 enable bash autocomplete by default 2014-12-08 12:06:02 +01:00
aszlig
3e49487c1a
virtualbox: Enable hardening by default.
VirtualBox with hardening support requires the main binaries to be
setuid root. Using VBOX_WITH_RUNPATH, we ensure that the RPATHs are
pointing to the libexec directory and we also need to unset
VBOX_WITH_ORIGIN to make sure that the build system is actually setting
those RPATHs.

The hardened.patch implements two things:

 * Set the binary directory to the setuid-wrappers dir so that
   VboxSVC calls them instead of the binaries from the store path. The
   reason behind this is because nothing in the Nix store can have the
   setuid flag.
 * Excempt /nix/store from the group permission check, because while it
   is group-writeable indeed it also has the sticky bit set (and also
   the whole store is mounted read-only on most NixOS systems), so we're
   checking on that as well.

Right now, the hardened.patch uses /nix/store and /var/setuid-wrappers
directly, so someone would ever want to change those on a NixOS system,
please provide a patch to set those paths on build time. However, for
simplicity, it's best to do it when we _really_ need it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
aszlig
14f09e01c1
nixos: Add enable option for programs/virtualbox.
We will simply rename the previous module and add a warning whenever the
module is included directly, pointing the user to the right option and
also enable it as well (in case somebody has missed the option and is
wondering why VirtualBox doesn't work anymore).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-27 18:42:22 +01:00
Eelco Dolstra
e7cd18e907 Don't set $MANPATH
The default is derived automatically from $PATH, so it's in fact
better *not* to set it.
2014-11-27 17:36:46 +01:00
Aristid Breitkreuz
2fd7e5f39d ssh-agent: use types.nullOr 2014-11-15 12:33:01 +01:00
Aristid Breitkreuz
d57110fabc ssh-agent: make key timeout optional 2014-11-15 12:13:25 +01:00
Aristid Breitkreuz
d70336f37c limit the amount of time ssh-agent keeps a key (default: 1h) 2014-11-15 12:13:25 +01:00
Brian McKenna
a6bacd4d81 Add "light" package and setuid wrapper 2014-11-09 19:45:43 -07:00
Nikolay Amiantov
1b6f0ffb6e ssmtp: add 'root' option 2014-11-05 02:47:59 +03:00
Nikolay Amiantov
292e07689a ssmtp: add types to options 2014-11-05 02:42:48 +03:00
Nathaniel Baxter
ab8ef63ff4 alsa: Add multilib plugin support via "libs" entry in asound config.
alsa: Remove unused $ALSA_PLUGIN_DIRS support.
2014-10-04 14:48:58 +02:00
Shea Levy
f5aaefbb6c More pkgs.lib -> lib fixes 2014-09-29 09:45:59 -04:00
William A. Kennington III
bab5efd237 nixos/ssh: Allow user to configure the package that provides ssh/sshd 2014-09-11 22:07:39 -07:00
Nicolas Pierron
becde6132b Replace environment.profileVariables by environment.profileRelativeEnvVars 2014-09-07 19:41:00 +02:00
Michael Fellinger
d62e848cc9 virtualbox: vboxusers may use /dev/vboxnetctl 2014-09-04 22:44:38 +02:00
Michael Raskin
a3b9bf6c87 Merge pull request #3653 from iyzsong/nixos/xfce4-mixer
nixos: don't set variables for gstreamer-0.10 (fix #3652)
2014-09-04 20:54:57 +04:00
Michael Raskin
419031bcfc Merge pull request #2644 from lethalman/pam_tally
pam: Add logFailures option for adding pam_tally to su
2014-09-02 00:58:30 +04:00
William A. Kennington III
3d037ebb94 Revert "Revert "Merge pull request #3182 from wkennington/master.ipv6""
This reverts commit ea8910652f.
2014-08-31 09:46:16 -07:00
Rob Vermaas
ea8910652f Revert "Merge pull request #3182 from wkennington/master.ipv6"
This reverts commit b23fd65854, reversing
changes made to 43654cba2c.
2014-08-31 10:58:54 +02:00
William A. Kennington III
86c0f8c549 Refactor nixos files relying on the old ipAddress / prefixLength / subnetMask attributes 2014-08-30 07:33:38 -07:00
Michael Raskin
e8badf3c3b Merge pull request #3275 from taku0/gtk-env
uim, gtk-exe-env, qt-plugin-env: Add input method modules for GTK+ and Qt
2014-08-29 01:35:38 +04:00
Michael Raskin
1fd14fa415 Merge pull request #3100 from tailhook/new-shadow
Upgrade "shadow" to 4.2.1
2014-08-29 00:42:57 +04:00
Michael Raskin
0036f4d792 Merge pull request #3047 from chrisfarms/freetds
Simple nixos module to enable configuration of freetds
2014-08-29 00:38:23 +04:00
宋文武
22541ebdaa nixos/environment: do not set GST_PLUGIN_SYSTEM_PATH 2014-08-19 09:34:52 +08:00
Vladimír Čunát
56d9b2cc8a merge #3428: nano: bump and add system-wide config 2014-08-14 23:51:29 +02:00
Luca Bruno
1a29fcae69 gdm: Add very experimental display manager 2014-08-12 11:23:42 +02:00
Paul Colomiets
fb948c4f28 Upgrade shadow package 2014-08-01 21:19:21 +03:00
Joachim Fasting
decb4266f1 nano: support system-wide nanorc
This patch does two things
1. builds nano with sysconfdir=/etc; and
2. adds an option programs.nano.nanorc
2014-08-01 18:19:03 +02:00
taku0
a0c91d66f1 uim, gtk-exe-env, qt-plugin-env: Add input method modules for GTK+ and Qt 2014-07-14 21:33:05 +09:00
Eelco Dolstra
973c9abdbe Fix info command
The "info" command has been broken on NixOS since
457fdb3842 (proving that nobody uses
info).
2014-07-08 15:19:08 +02:00
lethalman
cb86818789 Merge pull request #3079 from wmertens/patch-4
virtualbox: Fix permissions for /dev/vboxdrvu
2014-07-03 15:05:05 +02:00
Shea Levy
b3cfb9084b Get all lib functions from lib, not pkgs.lib, in modules 2014-07-02 12:28:18 -04:00
Jan Malakhovski
37c7d024ef nixos: change EDITOR and PAGER environment variables to mkDefaults
Signed-off-by: Domen Kožar <domen@dev.si>
2014-06-25 17:07:10 +02:00
wmertens
147fd1ff12 virtualbox: Fix permissions for /dev/vboxdrvu
See https://bugs.archlinux.org/task/38314 and https://www.virtualbox.org/browser/vbox/trunk/src/VBox/Installer/linux/installer-common.sh?rev=47894#L28
2014-06-25 15:52:05 +02:00
Bjørn Forsman
4def9a762f nixos: add some missing '.' in option descriptions 2014-06-24 21:25:11 +02:00
Chris Farmiloe
d39684b69b Simple nixos module to enable configuration of freetds and setup the expected environment variables 2014-06-22 14:24:54 +02:00
aszlig
3e64126344
nixos/shadow: Add an example for defaultUserShell.
Thanks to @devhell for the suggestion.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-06-19 01:51:33 +02:00
Eelco Dolstra
f5055e2ef6 Rename environment.systemVariables -> environment.sessionVariables
This makes it clearer that they're part of PAM sessions.
2014-06-13 17:57:04 +02:00
Eelco Dolstra
8ae659f16c Revert "Revert "Merge #2692: Use pam_env to properly setup system-wide env""
This reverts commit 491c088731.
2014-06-10 13:07:10 +02:00
Eelco Dolstra
491c088731 Revert "Merge #2692: Use pam_env to properly setup system-wide env"
This reverts commit 18a0cdd864.
2014-06-10 13:03:44 +02:00