Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2023-05-20 | nixos/pam_mount: fix cryptmount options (#232873) | Jenny | 1 | -1/+13 | |
There was a bug in the pam_mount module that crypt mount options were not passed to the mount.crypt command. This is now fixed and additionally, a cryptMountOptions NixOS option is added to define mount options that should apply to all crypt mounts. Fixes #230920 | |||||
2023-05-15 | Merge pull request #231316 from hercules-ci/nixos-system.checks | Robert Hensing | 1 | -1/+1 | |
NixOS: add `system.checks` | |||||
2023-05-15 | Merge pull request #231954 from mac-chaffee/acme-ipv6 | Nick Cao | 1 | -1/+1 | |
nixos/security/acme: Fix listenHTTP bug with IPv6 addresses | |||||
2023-05-15 | nixos/pam: fix ZFS support assertion | Raito Bezarius | 1 | -1/+1 | |
It was always complaining even if you didn't enable PAM ZFS. | |||||
2023-05-15 | nixos/pam: assert ZFS support for PAM module | Nicola Squartini | 1 | -0/+6 | |
2023-05-15 | nixos/pam: improve documentation of ZFS module | Nicola Squartini | 1 | -3/+3 | |
2023-05-15 | nixos/pam: enable unlocking ZFS home dataset | Nicola Squartini | 1 | -2/+53 | |
2023-05-14 | security/acme: Fix listenHTTP bug with IPv6 addresses | Mac Chaffee | 1 | -1/+1 | |
2023-05-11 | nixos: Use checks instead of extraDependencies | Robert Hensing | 1 | -1/+1 | |
... as appropriate. This drops a few unnecessary store paths from the system closure. | |||||
2023-05-10 | Merge pull request #230857 from s1341/bugfix_pam_sssd | Ryan Lahfa | 1 | -1/+1 | |
nixos/pam: Allow password changing via sssd | |||||
2023-05-09 | nixos/tpm2: fix typo | fetsorn | 1 | -1/+1 | |
"acess" -> "access" | |||||
2023-05-09 | nixos/apparmor: fix typo | fetsorn | 1 | -1/+1 | |
"usualy" -> "usually" | |||||
2023-05-09 | pam: remove unused try_first_pass | s1341 | 1 | -1/+1 | |
2023-05-09 | nixos/pam: allow changing password using sssd | s1341 | 1 | -1/+1 | |
2023-04-24 | Merge pull request #227232 from datafoo/nixos-acme-fix-options-type | Nick Cao | 1 | -2/+2 | |
nixos/acme: fix options type | |||||
2023-04-20 | Merge pull request #222080 from Stunkymonkey/nixos-optionalString | Artturi | 1 | -2/+2 | |
2023-04-20 | nixos/acme: fix options type | datafoo | 1 | -2/+2 | |
null is a possible default so the type must reflect that. | |||||
2023-04-07 | treewide: use more lib.optionalString | Felix Buehler | 1 | -2/+2 | |
2023-03-30 | Merge pull request #207115 from s1341/init_freeipa | Benjamin Staffin | 1 | -0/+258 | |
freeipa: init at 4.10.1 | |||||
2023-03-17 | Merge master into staging-next | github-actions[bot] | 1 | -5/+9 | |
2023-03-17 | doas: refactor config generation | Savyasachee Jha | 1 | -5/+9 | |
According to Ted Unangst, since doas evaluates rules in a last matched manner, it is prudent to have the "permit root to do everything without a password at the end of the file. Source: https://flak.tedunangst.com/post/doas-mastery | |||||
2023-03-16 | Merge master into staging-next | github-actions[bot] | 2 | -5/+5 | |
2023-03-16 | nixos/freeipa: init | s1341 | 1 | -0/+258 | |
2023-03-13 | treewide: Make yescrypt the default algorithm for pam_unix.so | Martin Weinelt | 1 | -1/+1 | |
This ensures `passwd` will default to yescrypt for newly generated passwords. | |||||
2023-03-06 | treewide: deprecate isNull | Felix Buehler | 2 | -5/+5 | |
https://nixos.org/manual/nix/stable/language/builtins.html#builtins-isNull | |||||
2023-02-25 | Revert "nixos/polkit: guard static gid for polkituser behind state version" | Winter | 1 | -3/+1 | |
This reverts commit 2265160fc0b4cc9a38b392ec3b3a3fe18c2e5413 and e56db577a1f69c02e80d8bc26d514c01a2c5cc61. Ideally, we shouldn't cause friction for users that bump `stateVersion`, and I'd consider having to switch and/or manually hardcode a UID/GID to supress the warning friction. I think it'd be more beneficial to, in this rare case of an ID being missed, just let it be until more discussion happens surrounding this overall issue. See https://github.com/NixOS/nixpkgs/pull/217785 for more context. | |||||
2023-02-23 | nixos/polkit: guard static gid for polkituser behind state version | Nick Cao | 1 | -1/+3 | |
2023-02-22 | nixos/polkit: set static gid for polkituser | 1sixth | 1 | -1/+1 | |
polkituser needs a group since https://github.com/NixOS/nixpkgs/pull/130522. | |||||
2023-02-08 | nixos/*: remove trailing period in mkEnableOptions | pennae | 1 | -1/+1 | |
those are added by mkEnableOption, and .. is replaced to … by markdown processing. | |||||
2023-01-27 | nixos/manual: render module chapters with nixos-render-docs | pennae | 2 | -396/+1 | |
this converts meta.doc into an md pointer, not an xml pointer. since we no longer need xml for manual chapters we can also remove support for manual chapters from md-to-db.sh since pandoc converts smart quotes to docbook quote elements and our nixos-render-docs does not we lose this distinction in the rendered output. that's probably not that bad, our stylesheet didn't make use of this anyway (and pre-23.05 versions of the chapters didn't use quote elements either). also updates the nixpkgs manual to clarify that option docs support all extensions (although it doesn't support headings at all, so heading anchors don't work by extension). | |||||
2023-01-22 | Merge pull request #211830 from sorpaas/patch-11 | Nick Cao | 1 | -1/+0 | |
nixos/systemd-confinement: remove unused rootName | |||||
2023-01-21 | nixos: fix backticks in Markdown descriptions | Naïm Favier | 2 | -2/+2 | |
2023-01-20 | nixos/systemd-confinement: remove unused rootName | Wei Tang | 1 | -1/+0 | |
2023-01-13 | Merge master into staging-next | github-actions[bot] | 4 | -415/+750 | |
2023-01-10 | nixos/manual: move "edit the MD file" comments to generated XML | pennae | 2 | -1/+2 | |
2023-01-10 | nixos/manual: generate module chapters with md-to-db.sh | pennae | 3 | -15/+14 | |
2023-01-10 | nixos/manual: enable smart quotes for all MD chapters | pennae | 2 | -15/+14 | |
2023-01-10 | nixos/acme: convert manual chapter to MD | pennae | 3 | -254/+591 | |
2023-01-10 | nixos/manual: normalize <literal><link> -> <link><literal> | pennae | 1 | -6/+6 | |
MD can only do the latter, so change them all over now to keeps diffs reviewable. this also includes <literal><xref> -> <xref> where options are referenced since the reference will implicitly add an inner literal tag. | |||||
2023-01-10 | nixos/manual: remove links from program listings | pennae | 1 | -57/+56 | |
markdown cannot represent those links. remove them all now instead of in each chapter conversion to keep the diff for each chapter small and more understandable. | |||||
2022-12-23 | Merge pull request #205121 from alaviss/homed | Florian Klink | 1 | -3/+24 | |
nixos: systemd-homed support | |||||
2022-12-17 | nixos: fix typos | figsoda | 5 | -7/+7 | |
2022-12-15 | nixos/pam: allow backing the motd with a file | Markus Napierkowski | 1 | -2/+18 | |
2022-12-09 | nixos: add systemd-homed support | Leorize | 1 | -3/+24 | |
As a start, it's not very configurable, but works pretty well. | |||||
2022-11-14 | Merge pull request #199587 from lorenz/fscrypt | Franz Pletz | 1 | -0/+30 | |
nixos/pam: support fscrypt login protectors | |||||
2022-11-11 | nixos/pam: support fscrypt login protectors | Lorenz Brun | 1 | -0/+30 | |
fscrypt can automatically unlock directories with the user's login password. To do this it ships a PAM module which reads the user's password and loads the respective keys into the user's kernel keyring. Significant inspiration was taken from the ecryptfs implementation. | |||||
2022-11-07 | Merge pull request #186628 from ocfox/pam_faildelay | Bobby Rong | 1 | -0/+22 | |
nixos/pam: add option failDelay | |||||
2022-11-07 | nixos/pam: add option failDelay | ocfox | 1 | -0/+22 | |
Co-authored-by: Bobby Rong <rjl931189261@126.com> | |||||
2022-11-01 | Merge pull request #174951 from dpausp/fix-pam-tty-audit | Naïm Favier | 1 | -6/+6 | |
2022-10-28 | treewide: convert fake octal ints to strings | Yorick van Pelt | 1 | -4/+4 | |
These were being cast to strings later and then reinterpreted as octal. |