You can now set the forwardX11 config option for the ssh client and server separately.
For server, the option means "allow clients to request X11 forwarding".
For client, the option means "request X11 forwarding by default on all connections".
I don't think it made sense to couple them. I might not even run the server on some machines.
Also, I ssh to a lot of machines, and rarely want X11 forwarding. The times I want it,
I use the -X/-Y option, or set it in my ~/.ssh/config.
I also decoupled the 'XAuthLocation' logic from forwardX11.
For my case where ssh client doesn't want forwarding by default, it still wants to set the path for the cases I do need it.
As this flag is the one that pulls in X11 dependencies, I changed the minimal profile and the no-x-libs config to check that instead now.
svn path=/nixos/trunk/; revision=33407
delete routes and addresses when it quits. This causes those routes
and addresses to stick around forever, since dhcpcd won't delete
them when it runs next (even if it acquires a new lease on the same
interface). This is bad; in particular the stale (default) routes
can break networking.
The downside to removing "persistent" is that you should never ever
do "stop dhcpcd" on a remote machine configured by dhcpcd.
svn path=/nixos/trunk/; revision=33388
The VirtualBox build in Nixpkgs is insecure because it uses the
"--disable-hardened" flag, which disables some checks in the
VirtualBox kernel module. Since getting rid of that flag looks like
too much work, it's better to ensure that only explicitly permitted
users have access to VirtualBox.
* Drop the 666 permission on "sonypi" because it's not clear why that
device should be world-writable.
svn path=/nixos/trunk/; revision=33301
monitor the postgres process directly (so that it can be restarted
if necessary), let Upstart send SIGTERM to postgres to shut it down
gracefully. Also drop the Mediawiki references.
svn path=/nixos/trunk/; revision=33262
It needs udevd to be running because the modules may require
firmware. Thanks to Mathijs and Arie for pointing this out.
svn path=/nixos/trunk/; revision=33234
starts the given job and waits until it's running; "stop_check"
checks that the current job hasn't been asked to stop.
svn path=/nixos/trunk/; revision=33214
modprobe.
* Move the implementation of boot.kernelModules from the udev job to
the activation script. This prevents races with the udev job.
* Drop references to the "capability" kernel module, which no longer
exists.
svn path=/nixos/trunk/; revision=33208
JOB", but it does kill the job's main process. So if the post-start
script if waiting for the job's main process to reach some state, it
may hang forever. Thus, the post-start script should monitor
whether its job has been requested to stop and exit in that case.
svn path=/nixos/trunk/; revision=33176
nfsd, as suggested by the nfs-utils README.
Also, rather than relying on Upstart events (which have all sorts of
problems, especially if you have jobs that have multiple
dependencies), we know just let jobs start their on prerequisites.
That is, nfsd starts mountd in its preStart script; mountd starts
statd; statd starts portmap. Likewise, mountall starts statd to
ensure that it can mount NFS filesystems. This means that doing
something like "start nfsd" from the command line will Do The Right
Thing and start the dependencies of nfsd.
svn path=/nixos/trunk/; revision=33172
actually listening. Otherwise we have a race condition during boot
where statd's start can be delayed, causing NFSv3 mounting to fail.
svn path=/nixos/trunk/; revision=33171
It works but it doesn't respect ignoredInterfaces etc.
Probably I forgotten to create some directories (all of them exist on my
laptop). Feel free to fix this module.
svn path=/nixos/trunk/; revision=33097
reiserfs now have separate modules that are conditional on
boot.supportedFilesystems and boot.initrd.supportedFilesystems.
By default, these include the filesystems specified in the fsType
attribute in fileSystems. Ext2/3/4 support is currently
unconditional.
Also unbreak the installer test (http://hydra.nixos.org/build/2272302).
svn path=/nixos/trunk/; revision=32954
first user job I put in ~/.init caused Upstart to crash with an
assertion failure, taking down the system. Given that Upstart has a
non-trivial attack surface with this feature, it seems best to
disable it.
svn path=/nixos/trunk/; revision=32779
well because elements could be paths, e.g.
users.extraUsers.root.openssh.authorizedKeys.keyFiles =
[ ./id_key.pub ];
So disable the type check for now.
svn path=/nixos/trunk/; revision=32558
will use TCP/IP instead of a Unix domain socket.
* Simplify Zabbix's start condition. Zabbix now retries if the
database is down instead of bailing out.
svn path=/nixos/trunk/; revision=32426
yet). It's smaller than dhclient and has more features
(e.g. automatically detects link status changes, supports
openresolv, does IPv4LL, and supports IPv6 Router Advertisements).
svn path=/nixos/trunk/; revision=32413
currently, only support for fully disabling nvidia is provided, which
is helpful for saving power/heat.
In the future, this should be extended so we can choose:
- nvidia only (choose between nouveau/nvidia driver)
- IGP only
- Hybrid (choose between nouveau/nvidia driver, use the "bumblebee" package/daemon)
svn path=/nixos/trunk/; revision=32085
event is emitted by dhclient and by the network-interfaces job in
case of statically configured interfaces. Invalidating the cache is
necessary to get rid of negative queries.
svn path=/nixos/trunk/; revision=31779