| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since GnuPG version 2.1.13 (NixOS/nixpkgs@b586b00), there is support for
XDG_RUNTIME_DIR so the sockets are in /run/user/gnupg instead of
~/.gnupg.
The full announcement can be found here:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html
Unfortunately the fix is a bit more complicated, because if GNUPGHOME is
set to a non-default location, the sockets are to be found within the
directory specified in $GNUPGHOME instead.
So we also need to check the version of GnuPG so that we can properly
split up the socket directory from the GNUPGHOME.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
The default (light) package doesn't contain all the modules I need from
time to time, so having te replace the running pulseaudio daemon with
the full one is more of a hassle than worth keeping the light package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
After disabling allowUnfree a while ago, I also decided that I want my
machines to stay clear of proprietary stuff as much as possible.
And as I particularly don't use any of the Microsoft corefonts, I don't
shed a tear if they're gone :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
| |
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
| |
The right name for it is "signingkey" instead of "signkey" and the
reason this has worked for so long was that if there is no signingkey
value set, Git falls back to using the users name and email address
instead, which is accepted by GnuPG as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Regression introduced by fba5c2469bd5e95857c4ffd9db3dd0529f2485f3.
The derivation paths returned by nix-instantiate are usually valid store
paths, except when used with --add-root. In case of the latter, we get
the root symlink back, so we need to do an additional readlink on it.
We also now pass -t to mktemp so that $TMPDIR or /tmp is used instead of
the current working directory.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Time for a new GnuPG key, this time CCID-only :-)
This is the last commit you'll get using my old key (which will soon be
revoked as soon as I moved everything over to use the new key), so if
you're paranoid be sure to check the fingerprint against the signature
of this very commit.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
This is needed to ensure that the .drv file doesn't get garbage
collected while we're transferring it to taalo.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
We need to split off the !output from the derivation name returned by
nix-instantiate, because we can't realize such a path.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
| |
This is needed to access things such as the YubiKey 4.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
| |
I'm doing online banking using FinTS/HBCI via a card reader, so
libchipcard is needed as well.
Another package I've added is gwenhywfar because it contains commands
such as gct-tool, which is useful for debugging.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
Needed for various stuff such as YubiKey and card readers I use for
online banking.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
| |
Contains a fix for lower/greater than operators (LnL7/vim-nix#9).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
Since NixOS/nixpkgs@7cf8daa every chroot*-option has been renamed to
refer to "sandbox", because the name fits better (it's not only chroot).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
| |
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With just taalo-build we can't realize plain .drv files, so let's use
the Perl part to just realize the derivations given by the command line
and provide two shell script wrappers on top of it:
* taalo-build: Similar to nix-build
* taalo-realize: Similar to nix-store -r
Having a command like taalo-realize is very useful if evaluation is done
on a different machine and the closure is just copied over to the local
machine before being sent to taalo.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We already have an "i3wm" test in upstream <nixpkgs> which is much more
thorough than the unfinished test I've made here.
The intention of this test however was to specifically test the Vuizvui
service module. Nevertheless, it's still just a dummy test and the
"i3wm" test works much better, so let's remove it until we have a more
complete implementation.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
Since NixOS/nixpkgs@73f1f5e, we have to refer to imagemagick.out for the
binaries, because we otherwise end up with the .dev output.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The CPU microcode is already excempted from it and unrar is unfree but
redistributable, so let's use our new unfreePkgs module attribute for
that.
Apart from that I haven't found anything else on my machines, but let's
see what happens after Hydra evaluates the jobset.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
The name "profiles" really doesn't match what these modules are for.
Instead they define the very core of Vuizvui and its internal plumbing
and those options are available/enabled to all machines and modules.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This basically provides module arguments with different variations of
the pkgs arguments so that it's easier to allow specific unfree packages
selectively.
Note that I deliberately chose "unfreeAndNonDistributablePkgs", because
we really want to let those packages stand out. We want to avoid
building those packages on Hydra as much as possible.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
I found this quite annoying sometimes if the screen is so dark that you
can't see anything. Just switching to red is pretty much sufficient I'd
say, at least for me.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
It's a lot more controllable running as a user service rather than
having it started with the X session, especially because I occasionally
tend to turn it off.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This test has been introduced by NixOS/nixpkgs@e936f7d and was part of
NixOS/nixpkgs#15275.
The check attribute is always true for this test, because it has to be
run no matter which configuration you're using. It basically makes sure
that boot stage 1 is working correctly.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
| |
The output actually doesn't exist and I got it confused with commit
fdc46c027f3116c7f86fce445798b841bf850f99. The .docdev output for
stdmanpages actually doesn't even make sense because it's *only*
developer documentation.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
It's about time to add these, because using a browser to look up the
definitions from a standard library function is quite annoying.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
With the merge of the closure-size branch, developer manpages are no
longer in the default output of the "man-pages" package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I use FireFox occasionally for whenever I'm forced to run ugly Java
plugins (in particular Hetzner's Lara machines use it).
I hope IcedTea is capable of running the Lara plugin, but even when not,
it's not a big deal-breaker as I didn't have to use Lara consoles for a
whole while now. And if it's the case, I can still look for a "fix" :-)
So another step towards being free of proprietary software.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
| |
Apart from an evaluation error (because ["nixos" "keymap"] results in an
attrset rather than a plain derivation), checking for the active keymap
explicitly makes more sense here. For example a user of a Neo keyboard
layout won't care about a failure of the Dvorak keyboard layout and vice
versa.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the following missing tests which were missing for our
machine-based checks:
* Taskserver
* bridging, IPv4 and IPv6 for containers
* dnscrypt-proxy
* imperative containers
* keymap (only runs if not on qwerty)
* netbooting
These are the tests which were missing in Vuizvui as of current nixpkgs
revision NixOS/nixpkgs@bf8130684878747be7b1cc393f8aa147c500f14f.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 0182e0ca12760da2aecd65de98c85a76ecdcedc6.
With the latest testing kernel, the machine still gets random GPU
lockups which are already fixed in linux-next, so let's get back to
linux-next even though things break from time to time.
We can still pin a specific next version to base our patches on once we
have a base version that's stable enough.
I've also fixed the backlight patch to compile against the latest next
version.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Since the latest upstream version, the directory $out/etc/mpv doesn't
seem to get created anymore, but a quick strace shows that mpv still
tries to open it upon startup, so let's just create the directories
leading to mpv.conf.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is -rc3 + 17 commits ahead.
Configuration is once again just to get it to compile, the only new
configuration option that I really want to consider using is
CONFIG_FS_ENCRYPTION, everything else is just "updating config to latest
kernel".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |/
|
|
|
| |
Draws out the general config for all Labtops in its own module and
creates a structure to specify the setting which are different.
|
| |
|
|
|
|
| |
Add simple fasd integration for fish.
A command `z` directly jumps to the most “frecent” folder fitting its
argument.
|
| |
|
|
|
|
|
|
| |
This fix is more or less because of GCC 5 rather than just against
kernel 4.x, because the number of arguments for rtw_select_queue() have
been changed since 4.0 already.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
This is to not clutter up the hardware/ namespace with patches (we're
going to add one).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently, linux-next-20160408 introduces a few unrelated bugs to the
hardware, so instead of updating to the latest -next version, we're
going for the latest -rc instead.
This should also help a lot in development to focus on the important
parts instead of dealing with completely unrelated bugs/issues.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
I've disabled Flash support via chrome://plugins since quite a while and
I have to say that I'm quite happy without Flash, so let's finally get
rid of that proprietary blob for good :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
It doesn't make sense to pollute the system with additional environment
variables if we're using the defaults anyway, so only set it if it's not
"~/.gnupg".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
| |
We do things such as placing gnupg into environment.systemPackages, so
calling this just "programs.gpg-agent" doesn't fit that. Especially if
we really want to have a way to specify configuration values in case I'm
getting masochistic someday ;-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Latest <nixpkgs> (NixOS/nixpkgs@e899ffc as of my latest pull) causes our
preloader to load fork() from libpthread instead of using the overridden
one from the preload wrapper (without store paths to be easier to read):
binding file gpg-agent [0] to libpthread.so.0 [0]:
normal symbol `fork' [GLIBC_2.2.5]
However, at the time I've committed 8db1803, I was testing it on an
older version (NixOS/nixpkgs@81af597) and it was bound correctly:
binding file gpg-agent [0] to gpg-agent-wrapper [0]:
normal symbol `fork' [GLIBC_2.2.5]
Now after bisecting this against the latest <nixpkgs> master, it
revealed that one of the following commits could be the problem:
* NixOS/nixpkgs@559ecc9: stdenv-linux: Avoid building m4/bison twice
* NixOS/nixpkgs@817145e: binutils: 2.23.1 -> 2.26
* NixOS/nixpkgs@2040a9a: stdenv-linux: Ensure binutils comes before
bootstrapTools in $PATH
So my guess was that the binutils update changed that behaviour somehow,
so I checked against 2.23.1 (reverted NixOS/nixpkgs@817145e) and 2.25
and it worked correctly.
I didn't bisect this against the binutils source tree, but what happens
is that because we depend on libsystemd in our wrapper, libsystemd (and
thus libpthread) is loaded first and thus we can't override things
anymore which get pulled in by RTLD while loading libsystemd.
The reason why I now went with dlopen() is that even if the behaviour is
back to that of binutils 2.25, we want to make sure that even if
something in ld.so should change which affect this as well we're still
not tripping into the same problem again.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
First of all, let's inline the first_fork variable, because we don't
want this variable to be exposed as a symbol, even though it doesn't
hurt (except maybe for a very very very tiny improvement in RTLD lookup
performance).
And apart from the first_fork variable, there were a few other symbols
we don't want to propagate to the RTLD chain as well:
0000000000001465 T accept
000000000000130b T bind
000000000000153e T execv
0000000000001610 T _fini
00000000000013b8 T fork
0000000000000fe0 T get_sd_fd_for
0000000000001420 T get_socket_pid
0000000000000d80 T _init
00000000000012fa T listen
00000000000012b8 T record_sockfd
So in the end we're down to:
00000000000011fb T accept
00000000000010a1 T bind
00000000000012c8 T execv
0000000000001390 T _fini
000000000000114e T fork
0000000000000b68 T _init
0000000000001090 T listen
... which is a lot more clean and even though our staff doesn't collide
with existing libraries in the chain it's better to be safe than sorry.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
I've used this to test compilation of the agent wrapper at an early
state of development and I've accidentally committed this along with
8db1803b5d9865b2355fabdb6bb974d879ce57cc.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
| |
The obsolete option services.xserver.startGnuPGAgent is now no longer
available and we have our own module now, so let's bite the dust and
enable it, especially because I haven't tested it outside of the scope
of the VM test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
