Commit graph

2061 commits

Author SHA1 Message Date
Peter Simons 155495deb2 modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available
Connects from 'localhost' are always considered secure.
2012-09-21 12:29:36 +02:00
Peter Simons 1da16a5ea1 modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file 2012-09-21 12:29:36 +02:00
Eelco Dolstra d4af6edd5e firewall.nix: Allow specifying trusted network interfaces
Trusted network interfaces (such as "lo") will accept any incoming
traffic.
2012-09-20 17:51:44 -04:00
Eelco Dolstra 1e666c10fa Get rid of the last use of mkThenElse 2012-09-20 16:55:32 -04:00
Rickard Nilsson 0de3a0cff3 nscd-invalidate: Invalidate passwd and group databases also
I had some problems with LDAP user lookups not working properly
at boot. I found that invalidating passwd and group on the
ip-up event (when nscd-invalidate starts) helped a bit.
2012-09-19 14:30:55 +02:00
Eelco Dolstra d12dd340b6 firewall.nix: Respect networking.enableIPv6 = false
Reported-by: Pablo Costa <modulistic@gmail.com>
2012-09-18 17:20:46 -04:00
Eelco Dolstra 75583c7984 nixos-rebuild: Support --option 2012-09-14 13:23:19 -04:00
Peter Simons ad65e807bd Add new 'hardware.cpu.amd.updateMicrocode' option. 2012-09-11 18:44:37 +02:00
Ludovic Courtès f7530dc5ee avahi: Never set host-name' to the empty string in avahi-daemon.conf'. 2012-09-07 10:58:53 +02:00
Rob Vermaas 27880ed729 Change logstash job startOn attribute to include networking 2012-09-06 12:31:15 +02:00
Shea Levy f701e8d420 d'oh 2012-09-03 12:11:07 -04:00
Shea Levy 4be367ec47 Damn NixOS lack of laziness... 2012-09-03 10:35:45 -04:00
Mathijs Kwik bce1cdd59c fix kernel 3.4+ early cifs mounting (qemu-vm target)
kernel 3.4+ needs cifs-utils to mount CIFS filesystems.
the kernel itself (and busybox's cifs mount code) are no longer able
to do this in some/most cases and will error out saying:
"CIFS VFS: connecting to DFS root not implemented yet"

Nixos' qemu-vm target is hurt by this, as it wants to mount /nix/store
via cifs very early in the boot process.

This commit makes sure the initrd for affected kernels is built with
cifs-utils if needed.
2012-08-30 18:31:45 +02:00
Mathijs Kwik a502ce1128 networking: add proxy_arp / proxy_ndp options.
proxy_arp (and proxy_ndp for ipv6) can be turned on on a few
interfaces (at least 2).
This is mainly useful for creating pseudo-bridges between a real
interface and a virtual network such as VPN or a virtual machine for
interfaces that don't support real bridging (most wlan interfaces).
As ARP proxying acts slightly above the link-layer, below-ip traffic
isn't bridged, so things like DHCP won't work. The advantage above
using NAT lies in the fact that no IP addresses are shared, so all
hosts are reachable/routeable.
2012-08-29 22:59:36 +02:00
Mathijs Kwik 0dd46d1335 networking: add options for configuring virtual devices (tun/tap)
These are mainly useful for network tunnels (vpn/ipv6) and creating
bridges for virtual machines
2012-08-29 22:59:36 +02:00
Mathijs Kwik d106a8a296 logcheck: make sure directories are writable during merge phase 2012-08-29 22:59:28 +02:00
Peter Simons 51e58dafca spamassassin: use a dedicated user for running spamd 2012-08-28 16:27:28 +02:00
Mathijs Kwik 2769f594f3 add logcheck module 2012-08-26 16:04:49 +02:00
Mathijs Kwik aba9f76105 change permission of /run/lock to allow non-root access to subdirectories 2012-08-26 10:17:22 +02:00
Mathijs Kwik 05262ad35d postfix: allow specifying 'virtual' mappings
mainly useful for having a few local addresses (me@host.domain.com) while the majority of
addresses are on the domain (you@domain.com)
2012-08-24 00:27:07 +02:00
Peter Simons 16713db4e2 modules/programs/bash/bashrc.sh: adapt bash completion for version 2.0 of the package 2012-08-20 16:37:14 +02:00
Petr Rockai 5dc8bc5f2a Do not assume that /dev/console can always be written. 2012-08-18 14:29:09 +02:00
Eelco Dolstra 7e99541afe Fix initrd for the latest lvm2 2012-08-16 15:37:13 -04:00
Eelco Dolstra a025e7e7e2 Provide a common share between VMs to allow easy communication
Every VM now mounts a common SMB share on /tmp/shared.
2012-08-16 10:47:33 -04:00
Eelco Dolstra 0e3f03106f postgresql.nix: Add an option for overriding the PostgreSQL package 2012-08-15 17:02:03 -04:00
Peter Simons a025e848e0 modules/security/sudo.nix: added 'wheelNeedsPassword' option (default: true)
Change this setting to 'false' to allow users in the 'wheel' group to execute
commands as super user without entering a password.
2012-08-13 14:37:32 +02:00
Shea Levy 85997a6692 mingetty: Don't make restartIfChanged optional 2012-08-12 11:44:00 -04:00
aszlig d809a9e6b2 mingetty: Option to not restart on service change.
This especially annoyed me whenver I was doing nixos-rebuild switch and getting
logged out on all consoles. With this there now is services.mingetty.dontRestart
for heavy VT users to deactivate this behaviour.
2012-08-12 13:50:50 +02:00
Shea Levy 15a1efe023 find modules/ -name \*.nix -print0 | xargs -0 sed -i 's/RT73Firmware/RalinkFirmware/g' 2012-08-11 12:34:35 -04:00
Lluís Batlle i Rossell 50350a15f1 Adding a rename line for rt73 -> ralink. 2012-08-11 14:54:43 +02:00
Lluís Batlle i Rossell 9e753f3a46 Removing rt73 module, adding ralink module.
The rt73 fw were a subset of ralink, and the nixpkgs url
for rt73 didn't work either. Ralink should make any rt73 card work.
2012-08-11 14:53:34 +02:00
Lluís Batlle i Rossell 746b572ee6 stage2init: fix respecting 'noatime' mount options for /
We had a "mount -o remount,rw none /" that was setting back 'relatime',
although we had set 'noatime' at initrd mount. Removing the word 'none' fixed
it.

Specifying a device (in this case 'none'), makes mount to forget previous
device options. According to manpage, it says not to read fstab or mtab. But the
effect is that of setting 'relatime', if it was mounted 'noatime.
2012-08-10 20:51:13 +02:00
Eelco Dolstra f31ab09b85 Set uniq type on boot.loader.kernelFile 2012-08-09 11:00:35 -04:00
Shea Levy 20d4dee426 The efi boot stub code should only be run if it is enabled 2012-08-09 10:37:43 -04:00
Eelco Dolstra 6b2a14d698 Fix NixOS evaluation 2012-08-09 10:04:25 -04:00
Eelco Dolstra 5ae6385175 qemu-vm.nix: Use ext4 instead of ext3 2012-08-09 10:00:49 -04:00
Shea Levy da787e3071 efi-boot-stub: List required kernel config 2012-08-08 23:02:46 -04:00
Eelco Dolstra 21da462ad5 Merge pull request #25 from shlevy/required-kernel-config
Required kernel config
2012-08-08 10:33:41 -07:00
Shea Levy c39f493ebb Minor reorganization 2012-08-07 18:09:08 -04:00
Shea Levy d9c03b6447 The kernel needs swap support if swapDevices are enabled 2012-08-07 17:34:10 -04:00
Shea Levy d28876ea70 qemu tests use the virtio console to run commands 2012-08-07 17:04:00 -04:00
Shea Levy 9d8ddd90f9 qemu mounts /nix/store via CIFS 2012-08-07 16:44:15 -04:00
Shea Levy 13d8856a4f qemu requires VIRTIO_NET (and dependencies) for virtio networking 2012-08-07 16:25:11 -04:00
Eelco Dolstra 66ff6a382a stage-1-init: Close temporary file descriptor
Otherwise this fd will be inherited all the way into the Upstart jobs.
2012-08-07 10:05:33 -04:00
Shea Levy 805d37db48 qemu-vm creates an ext3 filesystem 2012-08-07 07:02:08 -04:00
Shea Levy 0ea2643c63 The initrd mounts some tmpfses 2012-08-07 06:57:01 -04:00
Shea Levy 11e5207a2d qemu requires VIRTIO_BLK (and dependencies) for virtio drives 2012-08-06 17:10:54 -04:00
Shea Levy 64d0069be3 udev requires unix sockets and inotify 2012-08-06 17:02:35 -04:00
Rickard Nilsson e33dfa936f Use busybox mount instead of klibc nfsmount for nfs mounts in initrd. 2012-08-06 16:25:22 -04:00
Shea Levy e66bcbd58a The kernel needs SERIAL_8250_CONSOLE when using a real serial port as a console 2012-08-06 08:13:06 -04:00