[Nix-commits] [NixOS/nixpkgs] c37e76: nixos-container: Use machinectl shell (#18825)
Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: c37e76b4d2ac59139df8956cc2b1ec6921bea11d https://github.com/NixOS/nixpkgs/commit/c37e76b4d2ac59139df8956cc2b1ec6921bea11d Author: Wilhelm Schuster <w...@wilhelm.re> Date: 2016-09-24 (Sat, 24 Sep 2016) Changed paths: M pkgs/tools/virtualization/nixos-container/default.nix M pkgs/tools/virtualization/nixos-container/nixos-container.pl Log Message: --- nixos-container: Use machinectl shell (#18825) Using nsenter+su was suboptimal since the environment they provided was not quite the same as the real container environment. See [1] for more background. Note that we directly invoke /bin/sh for `nixos-container root-login` since setting the user's shell is quite complex. See [2] for a related systemd issue. [1]: https://github.com/systemd/systemd/issues/825#issuecomment-127917622 [2]: https://github.com/systemd/systemd/issues/1395 ___ nix-commits mailing list nix-comm...@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-commits
[Nix-dev] NixOps - How is the configuration applied when using targetEnv none?
Hi, I’m trying to use NixOps to deploy onto an existing NixOs instance (physical server; targetEnv = “none") and was wondering how the system configuration is applied. Specifically, does my NixOps description of the server get merged with the local configuration (meaning the one on the server itself in /etc/nixos/configuration.nix), or does it completely replace it? The main thing I’m not sure about is if I have to include the parameters set in the hardware-configuration.nix of the server into my NixOps description. Cheers, Wilhelm Schuster. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Including SSL certificates with NixOS configuration
> On Sep 13, 2016, at 20:06, zimbatm <zimb...@zimbatm.com> wrote: > > Another solution is to use a let's encrypt client. Then all your SSL certs > would automatically be generated on the server. I think it only works if you > don't need more than one server per domain. Thanks for the suggestion. I’m definitely considering switching to letsencrypt as it seems to be nicely integrated with the rest of NixOS, though I would like to use it with ACME DNS challenge validation, which doesn’t seem to be supported by NixOS at the moment, so I’m currently sticking to my StartSSL certificates. Cheers, Wilhelm Schuster. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Including SSL certificates with NixOS configuration
> On Sep 13, 2016, at 00:18, Tomasz Czyż <tomasz.c...@gmail.com> wrote: > all files written by nix (or maybe almost all) end up in /nix/store and are > world-readable, not the best way to keep secrets. Oops, that doesn’t sound like a great idea. > You have to deploy secrets manually or you could use NixOps (and > deployment.keys) to deploy server with NixOS and deploy keys/secrets. Thanks for the suggestion. Sorry, I’m new to NixOps. Can I use it to deploy onto an already existing NixOS instance? I’m using a dedicated server and don’t want to run anything “on the cloud” or inside a virtual machine. (I’m planning to run NixOS as a container host.) Cheers, Wilhelm Schuster. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Including SSL certificates with NixOS configuration
Hi, I’m quite new to Nix/NixOS; coming from Archlinux I like being able to configure my system in a declarative manner. I tried setting up a small web server using nginx and I hit an interesting challenge: How would be the a good way to include SSL certificates with the NixOS configuration. I’d like to have all my system configuration inside a couple of nix expressions to easily be able to move between different systems. I figured I’d have a separate .nix file which includes all certificates, dhparams, etc. as strings (PEM) which I import into my main configuration.nix. I found builtins.toFile for writing a certificate file from a string, but there doesn’t seem a way to set permissions, which would be important for private certificates (chmod 400). How would you solve this? Is this even the right approach? Thanks and cheers, Wilhelm Schuster. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-commits] [NixOS/nixpkgs] 5f8d14: Manual: Explicitly mark commands that require to b...
Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: 5f8d14546b6a5a5df8a4768833497a674083dd8e https://github.com/NixOS/nixpkgs/commit/5f8d14546b6a5a5df8a4768833497a674083dd8e Author: Wilhelm Schuster <w...@wilhelm.re> Date: 2016-06-01 (Wed, 01 Jun 2016) Changed paths: M nixos/doc/manual/administration/cleaning-store.xml M nixos/doc/manual/administration/container-networking.xml M nixos/doc/manual/administration/imperative-containers.xml M nixos/doc/manual/administration/maintenance-mode.xml M nixos/doc/manual/administration/network-problems.xml M nixos/doc/manual/administration/rebooting.xml M nixos/doc/manual/administration/rollback.xml M nixos/doc/manual/administration/service-mgmt.xml M nixos/doc/manual/administration/store-corruption.xml M nixos/doc/manual/administration/user-sessions.xml M nixos/doc/manual/configuration/adding-custom-packages.xml M nixos/doc/manual/configuration/linux-kernel.xml M nixos/doc/manual/configuration/luks-file-systems.xml M nixos/doc/manual/configuration/user-mgmt.xml M nixos/doc/manual/configuration/wireless.xml M nixos/doc/manual/configuration/x-windows.xml M nixos/doc/manual/development/building-nixos.xml M nixos/doc/manual/development/building-parts.xml M nixos/doc/manual/development/sources.xml M nixos/doc/manual/development/testing-installer.xml M nixos/doc/manual/installation/changing-config.xml M nixos/doc/manual/installation/installing-uefi.xml M nixos/doc/manual/installation/installing.xml M nixos/doc/manual/installation/upgrading.xml M nixos/doc/manual/man-configuration.xml M nixos/doc/manual/man-nixos-build-vms.xml M nixos/doc/manual/man-nixos-option.xml M nixos/doc/manual/manual.xml Log Message: --- Manual: Explicitly mark commands that require to be run as root (#15589) * manual: Mark commands that require root Mark every command that requires to be run as root by prefixing them with '#' instead of '$'. * manual: Add note about commands that require root ___ nix-commits mailing list nix-comm...@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-commits