[Nix-dev] Fwd: Hardened Linux kernel with grsec/PaX + AppArmor

Hi, I'm attaching a simple patch that allows you to use a kernel with grsecurity, PaX and AppArmor enabled, just in case it's useful to anyone. It requires the following changes to be applied first: https://github.com/NixOS/nixpkgs/pull/802 I am not sending a pull request for this new kernel

Re: [Nix-dev] Fwd: Hardened Linux kernel with grsec/PaX + AppArmor

improvements (process hiding for example) too. However, I've never heard of combining grsec with apparmor. Why would one do that? On Wed, Aug 7, 2013 at 2:59 PM, Ricardo M. Correia rcorr...@wizy.org wrote: Hi, I'm attaching a simple patch that allows you to use a kernel with grsecurity, PaX

Re: [Nix-dev] ZFS root boot

Hi Danny, I use a ZFS root pool with a btrfs /boot partition. I may not have done everything correctly, but it seems to work for me, although my ZFS pool only has 1 disk drive. This is what I did: When installing NixOS, after booting the CD, I added this to the configuration.nix of the install

Re: [Nix-dev] Hardened NixOS

On Tue, Nov 19, 2013 at 2:12 AM, Marc Weber marco-owe...@gmx.de wrote: Securing nixos I guess we all want to be secure :) I'd also like you to start a wiki page talking about - what could be done - what you want to be done - how to verify that the goal has been achieved (if this

Re: [Nix-dev] NixOS (from USB) hangs at boot

Hi Colin, Assuming you are using NixOS release 13.10, you can try using the latest unstable ISO to see if it works better: http://nixos.org/channels/nixos-unstable/ On Mon, Feb 3, 2014 at 1:12 PM, Colin Adams colinpaulad...@gmail.comwrote: I'm trying to install NixOS. I have the 32-bit

Re: [Nix-dev] setfacl: /var/log/journal: Operation not supported

Hi Christian, If the problem is indeed the setfacl failure (as it appears to be), I think you need to enable ACLs in ZFS by doing: zfs set acltype=posixacl fs, where fs is the ZFS dataset/filesystem which contains your systemd journal. I'm not sure if the default ZFS version (0.6.2) contains

Re: [Nix-dev] Grub Install Failure when using boot.loader.devices = [ /dev/sda /dev/sdb ];

Hi Roger, Not sure if it will help, but can you try: NIXOS_INSTALL_GRUB=1 nixos-rebuild switch ? On Wed, Jul 2, 2014 at 12:59 PM, Roger Qiu roger@polycademy.com wrote: Hello everybody, When I run with: ``` boot.loader.device = /dev/sda ``` or ``` boot.loader.device =

Re: [Nix-dev] Will there be a systemd replacement at any time inthefuture?

FWIW, yesterday I've also experienced loss of stderr messages in a service I was trying to debug. In this case, it might have been either because the process exited immediately afterwards or because of rate limiting, I don't know which. I've also always experienced HDD thrashing issues on

Re: [Nix-dev] Bash CVE-2014-6271

On Wed, Sep 24, 2014 at 11:34 PM, Peter Simons sim...@cryp.to wrote: If you are worried about Bash CVE-2014-6271 (you should) and don't want to wait for Hydra to re-build the world, then check out https://github.com/NixOS/nixpkgs/pull/4257#issuecomment-56727114 to see how to replace the

Re: [Nix-dev] Bash CVE-2014-6271

On Sun, Sep 28, 2014 at 10:19 AM, Vladimír Čunát vcu...@gmail.com wrote: On 09/25/2014 03:41 PM, Ricardo M. Correia wrote: Also, I'm not sure if this is expected, but when I first tried to run nixos-rebuild dry-run with this workaround applied, it started to download and compile bash even

Re: [Nix-dev] Bash CVE-2014-6271

: The dry-run thing is likely due to replaceDependency doing an import from a derivation, which requires building at evaluation time. There's not really a good way to work around that, unfortunately. ~Shea On Mon, Sep 29, 2014 at 12:52:10AM +0200, Ricardo M. Correia wrote: On Sun, Sep 28, 2014

Re: [Nix-dev] ZFS on NixOS regarding the `/etc/zfs/zpool.cache` file.

I commented on that commit, but just in case, for future readers: If you add: boot.supportedFilesystems = [ zfs ]; ... to your configuration.nix, then /etc/zfs will be created, and /etc/zfs/zpool.cache will also be created when you import or create a ZFS pool. If you have this option in your

Re: [Nix-dev] Haskell-env (via nix-shell) - am I doing this right?

On Fri, May 22, 2015 at 8:16 PM, Peter Jones mli...@pmade.com wrote: To start out, I'm using HaskellNG and a recent version of nixpkgs where HaskellNG is the default. Here are the components I use with some examples: 1) I write a default.nix that describes my dependencies:

[Nix-commits] [NixOS/nixpkgs] 24d1d1: menhir: 20160303 -> 20160526 (#17343)

Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: 24d1d19bd2f8f55f6740e9495d2b76c1218d2b7b https://github.com/NixOS/nixpkgs/commit/24d1d19bd2f8f55f6740e9495d2b76c1218d2b7b Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-07-29 (Fri, 29 Ju

[Nix-commits] [NixOS/nixpkgs] cbb8ee: rustPackages: 2016-07-26 -> 2016-08-10

Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: cbb8ee28b5725adffb2ad6df738e8117df118a94 https://github.com/NixOS/nixpkgs/commit/cbb8ee28b5725adffb2ad6df738e8117df118a94 Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-08-10 (Wed, 10 Au

[Nix-commits] [NixOS/nixpkgs] 2df3fd: ocamlPackage.ppx_blob: init at 0.2 (#17129)

Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: 2df3fde700daf20a00188de616e677bc57c9794f https://github.com/NixOS/nixpkgs/commit/2df3fde700daf20a00188de616e677bc57c9794f Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-07-21 (Thu, 21 Ju

[Nix-commits] [NixOS/nixpkgs] 0a4178: ponyc: 0.2.1 -> 2016-07-26

Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: 0a417845ef00c6964dd2ecf040055bfc3dc7f1f1 https://github.com/NixOS/nixpkgs/commit/0a417845ef00c6964dd2ecf040055bfc3dc7f1f1 Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-08-02 (Tue, 02 Au

[Nix-commits] [NixOS/nixpkgs] 30c3fd: mkpasswd: make the package high priority

Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: 30c3fdedfefb2ad991f9dc827f282718e4180e3b https://github.com/NixOS/nixpkgs/commit/30c3fdedfefb2ad991f9dc827f282718e4180e3b Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2017-01-25 (Wed, 25 Ja

[Nix-commits] [NixOS/nixpkgs] fca091: pycurl: 7.19.5 -> 7.19.5.1

Branch: refs/heads/staging Home: https://github.com/NixOS/nixpkgs Commit: fca09185d0021256a28b1a2cb710b197e3a08bd6 https://github.com/NixOS/nixpkgs/commit/fca09185d0021256a28b1a2cb710b197e3a08bd6 Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2017-02-18 (Sat, 18 Fe

[Nix-commits] [NixOS/nixpkgs] f78f20: nixos.samba: add enableNmbd and enableWinbindd opt...

Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: f78f207f1775fbf37c67e546b77ba206c107da36 https://github.com/NixOS/nixpkgs/commit/f78f207f1775fbf37c67e546b77ba206c107da36 Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2017-02-18 (Sat, 18 Fe

[Nix-commits] [NixOS/nixpkgs] c19b17: raspberryPi boot loader: fix booting Raspberry Pi ...

Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: c19b17d14ff25a86bc4b563999bfa3569344d16a https://github.com/NixOS/nixpkgs/commit/c19b17d14ff25a86bc4b563999bfa3569344d16a Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2017-02-12 (Sun, 12 Fe

Re: [Nix-dev] Python 3 as default

On Tue, Feb 14, 2017 at 2:34 PM, Profpatsch wrote: > On 17-02-14 01:18pm, Peter Simons wrote: > > I hardly ever use nix-shell and I don't want to, to > > be honest > > Completely off-discussion: Why is that? > Convenience? nix-shell does too many strange things? > >

[Nix-commits] [NixOS/nixpkgs] 4e14fd: nixos.acme: make timer persistent

Branch: refs/heads/release-16.09 Home: https://github.com/NixOS/nixpkgs Commit: 4e14fd5d5aac14a17c28465104b7ffacf27d9579 https://github.com/NixOS/nixpkgs/commit/4e14fd5d5aac14a17c28465104b7ffacf27d9579 Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-10-04 (T

[Nix-commits] [NixOS/nixpkgs] 1cf9bc: zfs: print the output of the zpool command (if any...

Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: 1cf9bcaa3f84e3058a8b48ef36f97d8dee841df6 https://github.com/NixOS/nixpkgs/commit/1cf9bcaa3f84e3058a8b48ef36f97d8dee841df6 Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-08-18 (Thu, 18 Au

[Nix-commits] [NixOS/nixpkgs] 5688c3: zfs: Keep trying root import until it works

Commit: a53bb3ceb173924bdb1f646fe5d6663651897c27 https://github.com/NixOS/nixpkgs/commit/a53bb3ceb173924bdb1f646fe5d6663651897c27 Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-08-18 (Thu, 18 Aug 2016) Changed paths: M nixos/modules/tasks/filesystems/zfs.nix

[Nix-commits] [NixOS/nixpkgs] 98b213: zfs: Keep trying root import until it works

ffbb9f Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-08-18 (Thu, 18 Aug 2016) Changed paths: M nixos/modules/tasks/filesystems/zfs.nix Log Message: --- Merge pull request #16901 from Baughn/zfs-nvme-fix zfs: Keep trying root import until it works Co

[Nix-commits] [NixOS/nixpkgs] 47e619: ocaml-react: fix hash

Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: 47e61969b852a23d9059108b9356dad9ae515616 https://github.com/NixOS/nixpkgs/commit/47e61969b852a23d9059108b9356dad9ae515616 Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-10-14 (Fri, 14 Oc

[Nix-commits] [NixOS/nixpkgs] af01fa: nixos.libvirtd: fix broken VMs due to emulator pat...

Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: af01fa71e0787c66c4f7e6fa88f8ee525959cd26 https://github.com/NixOS/nixpkgs/commit/af01fa71e0787c66c4f7e6fa88f8ee525959cd26 Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-11-03 (Thu, 03 No

[Nix-commits] [NixOS/nixpkgs] 3f6c9c: nixos.libvirtd: fix broken VMs due to emulator pat...

Branch: refs/heads/release-16.09 Home: https://github.com/NixOS/nixpkgs Commit: 3f6c9cceeace789760b17e1998d03aeede16b93f https://github.com/NixOS/nixpkgs/commit/3f6c9cceeace789760b17e1998d03aeede16b93f Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-11-03 (T

[Nix-commits] [NixOS/nixpkgs] 7da48d: ocamlPackages.gen: 0.3 -> 0.4

containers: 0.18 -> 0.20 Commit: 3c6e0f1207193c4395183350d0ef878167da89bd https://github.com/NixOS/nixpkgs/commit/3c6e0f1207193c4395183350d0ef878167da89bd Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-10-31 (Mon, 31 Oct 2016) Changed paths: M pkgs/dev

[Nix-commits] [NixOS/nixpkgs] dcee42: ponyc: 0.9.0 -> 0.10.0

c 2016) Changed paths: M pkgs/development/compilers/ponyc/default.nix Log Message: --- ponyc: 0.9.0 -> 0.10.0 Commit: 6b89121c209c6aa44ef0268ed9462ed89f585393 https://github.com/NixOS/nixpkgs/commit/6b89121c209c6aa44ef0268ed9462ed89f585393 Author: Ricardo M

[Nix-commits] [NixOS/nixpkgs] cda472: rustRegistry: 2016-12-03 -> 2016-12-16

73843af2e Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-12-17 (Sat, 17 Dec 2016) Changed paths: M pkgs/tools/text/ripgrep/default.nix M pkgs/top-level/rust-packages.nix Log Message: --- Merge pull request #21218 from mimadrid/update/ripgrep-0.3.2

[Nix-commits] [NixOS/nixpkgs] 1b7984: ocamlPackages.containers: 0.20 -> 0.22

ac4d6e057 Author: Ricardo M. Correia <rcorr...@wizy.org> Date: 2016-12-21 (Wed, 21 Dec 2016) Changed paths: M pkgs/development/ocaml-modules/containers/default.nix Log Message: --- Merge pull request #21295 from vbgl/containers-0.22 ocamlPackages.containers: 0.20 -&

Re: [Nix-dev] Help wanted with Nixos on ZFS in an encrypted LUKS volume

Hi Vince, NixOS does support ZFS on top of an encrypted LUKS volume (I've been using this configuration myself for years), but I'm not 100% sure it will work fine in your particular situation. The error you are seeing is because ZFS is detecting 2 (or more) ZFS pools with the same name in your