Since fat32 provides little recovery facilities after a crash,
it can leave the system in an unbootable state, when a crash/outage
happens shortly after an update. To decrease the likelihood of this
event sync the efi filesystem after each update.
Due the recent inclusion of broadcom-bt-firmware in enableAllFirmware,
it was required to set `nixpkgs.config.allowUnfree` to obtain the full
list. To make this dependency more explicit an assertion is added and an
alternative option `enableRedistributalFirmware` is provided to only
obtain firmware with an license allowing redistribution.
IPFS uses the environment variable IPFS_PATH to determine where to look for it's data, which wasn't set previously therefore ignoring the dataDir attribute
to /etc/dd-agent/conf.d by default, and make sure
/etc/dd-agent/conf.d is used.
Before NixOS 17.03, we were using dd-agent 5.5.X which
used configuration from /etc/dd-agent/conf.d
In NixOS 17.03 the default conf.d location is first used relative,
meaning that $out/agent/conf.d was used without NixOS overrides.
This change implements similar functionality as PR #25288, without
breaking backwards compatibility.
(cherry picked from commit 77c85b0ecbc1070d7adff31b339bede92e4193fa)
Provide the option forwardDns in virtualisation.xen.bridge, which
enables forwarding of DNS queries to the default resolver, allowing
outside internet access for the xen guests.
When you have a setup consisting of multiple monitors, the default is
that the first monitor detected by xrandr is set to the primary monitor.
However this may not be the monitor you need to be set as primary. In
fact this monitor set to primary may in fact be disconnected.
This has happened for the original submitter of the pull request and it
affected these programs:
* XMonad: Gets confused with Super + {w,e,r}
* SDDM: Puts the login screen on the wrong monitor, and does not
currently duplicate the login screen on all monitors
* XMobar: Puts the XMobar on the wrong monitor, as it only puts the
taskbar on the primary monitor
These changes should fix that not only by setting a primary monitor in
xrandrHeads but also make it possible to make a different monitor the
primary one.
The changes are also backwards-compatible.
Adds an option `security.lockKernelModules` that, when enabled, disables
kernel module loading once the system reaches its normal operating state.
The rationale for this over simply setting the sysctl knob is to allow
some legitmate kernel module loading to occur; the naive solution breaks
too much to be useful.
The benefit to the user is to help ensure the integrity of the kernel
runtime: only code loaded as part of normal system initialization will be
available in the kernel for the duration of the boot session. This helps
prevent injection of malicious code or unexpected loading of legitimate
but normally unused modules that have exploitable bugs (e.g., DCCP use
after free CVE-2017-6074, n_hldc CVE-2017-2636, XFRM framework
CVE-2017-7184, L2TPv3 CVE-2016-10200).
From an aestethic point of view, enabling this option helps make the
configuration more "declarative".
Closes https://github.com/NixOS/nixpkgs/pull/24681
Use a solid black background when no background image (via
~/.background-image) is provided. In my case this fixes the really
strange behaviour when i3 without a desktop manager starts with the SDDM
login screen as background image.
This eliminates a theoretical risk of ASLR bypass due to the fixed address
mapping used by the legacy vsyscall mechanism. Modern glibc use vdso(7)
instead so there is no loss of functionality, but some programs may fail
to run in this configuration. Programs that fail to run because vsyscall
has been disabled will be logged to dmesg.
For background on virtual syscalls see https://lwn.net/Articles/446528/
Closes https://github.com/NixOS/nixpkgs/pull/25289
The xsession script was called with inconsistent (depending on the
display managers) and wrong parameters. The main reason for this where
the spaces the parameter syntax. In order to fix this the old syntax:
$1 = '<desktop-manager> + <window-manager>'
Will be replaced with a new syntax:
$1 = "<desktop-manager>+<window-manager>"
This assumes that neither "<desktop-manager>" nor "<window-manager>"
contain the "+" character but this shouldn't be a problem.
This patch also fixes the quoting by using double quotes (") instead of
single quotes (') [0].
Last but not least this'll add some comments for the better
understanding of the script.
[0]: https://specifications.freedesktop.org/desktop-entry-spec/latest/ar01s06.html