The VirtualBox build in Nixpkgs is insecure because it uses the
"--disable-hardened" flag, which disables some checks in the
VirtualBox kernel module. Since getting rid of that flag looks like
too much work, it's better to ensure that only explicitly permitted
users have access to VirtualBox.
* Drop the 666 permission on "sonypi" because it's not clear why that
device should be world-writable.
svn path=/nixos/trunk/; revision=33301
monitor the postgres process directly (so that it can be restarted
if necessary), let Upstart send SIGTERM to postgres to shut it down
gracefully. Also drop the Mediawiki references.
svn path=/nixos/trunk/; revision=33262
It needs udevd to be running because the modules may require
firmware. Thanks to Mathijs and Arie for pointing this out.
svn path=/nixos/trunk/; revision=33234
starts the given job and waits until it's running; "stop_check"
checks that the current job hasn't been asked to stop.
svn path=/nixos/trunk/; revision=33214
modprobe.
* Move the implementation of boot.kernelModules from the udev job to
the activation script. This prevents races with the udev job.
* Drop references to the "capability" kernel module, which no longer
exists.
svn path=/nixos/trunk/; revision=33208
JOB", but it does kill the job's main process. So if the post-start
script if waiting for the job's main process to reach some state, it
may hang forever. Thus, the post-start script should monitor
whether its job has been requested to stop and exit in that case.
svn path=/nixos/trunk/; revision=33176
nfsd, as suggested by the nfs-utils README.
Also, rather than relying on Upstart events (which have all sorts of
problems, especially if you have jobs that have multiple
dependencies), we know just let jobs start their on prerequisites.
That is, nfsd starts mountd in its preStart script; mountd starts
statd; statd starts portmap. Likewise, mountall starts statd to
ensure that it can mount NFS filesystems. This means that doing
something like "start nfsd" from the command line will Do The Right
Thing and start the dependencies of nfsd.
svn path=/nixos/trunk/; revision=33172
actually listening. Otherwise we have a race condition during boot
where statd's start can be delayed, causing NFSv3 mounting to fail.
svn path=/nixos/trunk/; revision=33171
It works but it doesn't respect ignoredInterfaces etc.
Probably I forgotten to create some directories (all of them exist on my
laptop). Feel free to fix this module.
svn path=/nixos/trunk/; revision=33097
reiserfs now have separate modules that are conditional on
boot.supportedFilesystems and boot.initrd.supportedFilesystems.
By default, these include the filesystems specified in the fsType
attribute in fileSystems. Ext2/3/4 support is currently
unconditional.
Also unbreak the installer test (http://hydra.nixos.org/build/2272302).
svn path=/nixos/trunk/; revision=32954
first user job I put in ~/.init caused Upstart to crash with an
assertion failure, taking down the system. Given that Upstart has a
non-trivial attack surface with this feature, it seems best to
disable it.
svn path=/nixos/trunk/; revision=32779
well because elements could be paths, e.g.
users.extraUsers.root.openssh.authorizedKeys.keyFiles =
[ ./id_key.pub ];
So disable the type check for now.
svn path=/nixos/trunk/; revision=32558
will use TCP/IP instead of a Unix domain socket.
* Simplify Zabbix's start condition. Zabbix now retries if the
database is down instead of bailing out.
svn path=/nixos/trunk/; revision=32426
yet). It's smaller than dhclient and has more features
(e.g. automatically detects link status changes, supports
openresolv, does IPv4LL, and supports IPv6 Router Advertisements).
svn path=/nixos/trunk/; revision=32413
currently, only support for fully disabling nvidia is provided, which
is helpful for saving power/heat.
In the future, this should be extended so we can choose:
- nvidia only (choose between nouveau/nvidia driver)
- IGP only
- Hybrid (choose between nouveau/nvidia driver, use the "bumblebee" package/daemon)
svn path=/nixos/trunk/; revision=32085
event is emitted by dhclient and by the network-interfaces job in
case of statically configured interfaces. Invalidating the cache is
necessary to get rid of negative queries.
svn path=/nixos/trunk/; revision=31779
The CUPS filter has been renamed in GNU Ghostscript 9.x. Fortunately,
Ghostscript ships with a MIME conversions file that informs CUPS about this,
so linking that file into /etc/cups works fine. I'm not sure whether it's a
particularly elegant solution, though.
svn path=/nixos/trunk/; revision=31489
xserver is started on start_xserver event, which is emitted by
check_for_xserver_start if there is no "noX11" on the kernel cmdline.
Thanks to viric for the general idea.
svn path=/nixos/trunk/; revision=31166
pierron recommended the use of types.string over mergeOptionString, as
it is superior but might break things.
For my system the change evaluated to the exactly same.
svn path=/nixos/trunk/; revision=31138
"Permission denied" until I run "restart nfs-kernel-exports". "exportfs -ra" did not help.
I tracked that down to some race condition between loading the module nfsd and
starting the daemons. Therefore, I decided to add nfsd to the boot.kernelModules instead
of using modprove with it.
Now it works for my server. No more Permission denied after reboot.
svn path=/nixos/trunk/; revision=31113