The option services.openssh.hostKeys now allows specifying multiple
host keys. The default value enables both a DSA and ECDSA key.
(Clients by default will use the ECDSA key, unless known_hosts already
has a DSA key for that host.) To use only an ECDSA key, you can say:
services.openssh.hostKeys =
[ { path = "/etc/ssh/ssh_host_ecdsa_key";
type = "ecdsa";
bits = 521;
}
];
If the option is enabled, the DNS servers from networking.nameservers
will be inserted in /etc/resolv.conf after the DNS servers that
NetworkManager receieves by DHCP, or that is configured manually
in the connection settings.
NixOS and Fedora uses .../ca-bundle.crt. Ubuntu uses
.../ca-certificates.crt. Add .../ca-certificates.crt symlink to be
compatible with Ubuntu.
Example use case: Bob has a ~/.msmtprc file that he brings over from
Ubuntu. It also works on NixOS.
If the option is enabled, the DNS servers from networking.nameservers
will be inserted in /etc/resolv.con and override any DNS servers that
NetworkManager receieves by DHCP, or that is configured manually
in the connection settings.
Currently only root has access. But with this patch all users in
"libvirtd" group will have access. This is similar to how it's done on
Ubuntu.
Also, add virtualisation.libvirtd.extraConfig option for further
customization of libvirtd.conf.
With this it's now possible to directly embed a configuration file
using `services.xserver.windowManager.i3.configFile = path`, which then
will be used instead of the one in the users home directory.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Note that since the configuration produced by nixos-hardware-scan
includes not-detected.nix, you get all firmware when following the
regular installation procedure.
Issue #87.
The intel-*.nix modules are obsolete (since you can just say
‘hardware.enableAllFirmware = true’, or equivalently,
‘hardware.firmware = [ pkgs.firmwareLinuxNonfree ]’). But we'll keep
them around for compatibility.
Running at a low priority is generally bad since it runs the risk of
priority inversions, etc. It's really the builders that should run
under a different priority (e.g. in their own cgroup).
