mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Code Activity
733 commits 3 branches 0 tags 18 MiB
Commit graph

733 commits

This branch
This branch
All branches
Author SHA1 Message Date
Daiderd Jordan
0a8785c61b
lnl: start tmux panes in a sandbox by default 2019-02-16 21:33:17 +01:00
Daiderd Jordan
58a2956870
tmux: add defaultCommand option 2019-02-16 21:05:32 +01:00
Daiderd Jordan
1464d9efd3
lnl: sandbox fetch-nixpkgs-updates service 2019-02-16 17:47:29 +01:00
Daiderd Jordan
1e67f6a2bc
sandbox: add module for sandbox profiles 
This could be used outside of nix-darwin, but this is mainly useful for
services since all of the inputs are known there.

	{
	  # $ /usr/bin/sandbox-exec -f $profile $coreutils/bin/ls /
	  # ls: cannot access '/': Operation not permitted
	  security.sandbox.profiles.example.closure = [ pkgs.coreutils ];
	}
 2019-02-16 16:55:07 +01:00
Daiderd Jordan
10c34f1277
lnl: add tmp and var/tmp to sandbox paths 2019-02-12 23:23:04 +01:00
Daiderd Jordan
e61dcc1024
lnl: (re)enable sandboxing with extra-sandbox-paths 
There are still some problems with frameworks, this opens up the sandbox
enough by default to work around that and make it work like expected in
most cases.
 2019-02-12 20:25:29 +01:00
Daiderd Jordan
e812130e5d
system-packages: fix test 2019-01-18 23:36:15 +01:00
Daiderd Jordan
a1c56d5492
system-packages: verify libraries are not linked 
By default environment.pathsToLink does not include /lib so libraries
should not be exposed directly in the system output.
 2019-01-18 23:18:45 +01:00
Daiderd Jordan
236d9b0c2d system-packages: make test actually check the expected behaviour 2019-01-18 23:13:42 +01:00
Daiderd Jordan
629fa53498
nix-daemon: use system NIX_SSL_CERT_FILE 
Otherwise the daemon wouldn't honor extra certificates from the
security.pki options.
 2019-01-16 22:47:19 +01:00
Daiderd Jordan
655b66975f
lnl: disable cachix 2019-01-16 22:38:54 +01:00
Daiderd Jordan
c50ba6a354
security.pki: add test for ca-certificates.crt 2019-01-15 22:14:56 +01:00
Daiderd Jordan
2e525a93da
security.pki: add module to configure ca certificates 
This makes NIX_SSL_CERT_FILE configurable and makes
/etc/ssl/certs/ca-certificates.crt available like nixos.
 2019-01-15 21:55:08 +01:00
Daiderd Jordan
61e30229cc
lnl: cleanup and configure nixbld users 2019-01-07 20:18:03 +01:00
Daiderd Jordan
9cd9232a4a
Merge pull request #119 from kirelagin/zsh-vendor-completions 
zsh: Add vendor-completions to fpath
 2019-01-07 19:52:42 +01:00
Kirill Elagin
644d6acb7a
zsh: Add vendor-completions to fpath 2019-01-04 15:50:48 +03:00
Daiderd Jordan
462ec30cb3
checks: add test for nix-gc user validation 2019-01-04 00:50:14 +01:00
Daiderd Jordan
458d09882e
checks: actually fix gc condition 
Introduced in 28710738a3, the check should
_only_ run if the user is not configured not the other way around.
 2019-01-04 00:40:10 +01:00
Daiderd Jordan
aedd304983
nix-gc: fix evaluation 2019-01-03 20:59:23 +01:00
Daiderd Jordan
f05d6a858f
nix-gc: add test 2019-01-03 20:59:23 +01:00
Daiderd Jordan
28710738a3
checks: fix gc condition 
Don't fail if the user is configured properly.
 2019-01-03 19:29:49 +01:00
Daiderd Jordan
918492f3ef
add changelog entry for the verifyNixPath option 2019-01-02 21:19:24 +01:00
Daiderd Jordan
8a6c783616
checks: generalize and make them more configurable 
All the checks are now aggregated in system.checks.text making it easy
to allow certain checks to be disabled as well as disabling them
alltogether if desired. eg.

    # Disable all checks.
    system.checks.text = mkForce "";

Fixes #117
 2019-01-02 21:13:45 +01:00
Daiderd Jordan
72b3648fa0
nix-gc: add check for nix.gc.automatic 
This hopefully avoids problems for people that try to enable the service
with a single-user install.

Fixes #118
 2019-01-02 20:46:39 +01:00
Daiderd Jordan
f5116b0f4d
nix-gc: add user option 
This configures the user that runs the garbage collector, particularly
useful for single-user installs.  Otherwise it runs as root resulting in
permission issues afterwards.
 2019-01-02 20:24:00 +01:00
Daiderd Jordan
0a8741be9c
Merge pull request #97 from peel/patch-1 
[services.emacs] use `fg-daemon` flag for service
 2019-01-02 20:02:27 +01:00
Daiderd Jordan
7f4a9ecb4d
lnl: add nix-daemon objc workaround 2018-12-18 23:32:18 +01:00
Daiderd Jordan
5f7c0b6f56
lnl: fix reexec aliases 2018-12-18 23:21:21 +01:00
Daiderd Jordan
bd1ad9fd60
lnl: enable gnupg agent 2018-12-18 23:21:20 +01:00
Daiderd Jordan
255da174c8
lnl: add awscli 2018-12-18 23:21:18 +01:00
Daiderd Jordan
2412c7f9f9
Merge pull request #111 from thefloweringash/shell-child-env 
Unify environment configuration and don't run in child shells
 2018-10-29 11:32:10 +00:00
Andrew Childs
b5fc279d1b Combine system environment tests and add zsh 2018-10-29 09:12:20 +09:00
Daiderd Jordan
34a6eca033
Revert "installer: add NIX_PATH fallback in <darwin> lookup" 
This reverts commit 06f8d83f60.
 2018-10-27 00:14:38 +01:00
Daiderd Jordan
0146366b21
Revert "nix: make channel entries for NIX_PATH dynamic" 
This reverts commit 95fb1cb2aa, 1324ccf2c1 and e5c988edf1.
 2018-10-26 18:05:33 +01:00
Daiderd Jordan
63dfbc93d5
installer: include channels in bootstrap NIX_PATH 2018-10-26 17:47:45 +01:00
Daiderd Jordan
e5c988edf1
checks: include channel paths for NIX_PATH checks 2018-10-26 17:26:14 +01:00
Daiderd Jordan
06f8d83f60
installer: add NIX_PATH fallback in <darwin> lookup 
The nix.nixPath option doesn't include everything, some paths are added
dynamically now.
 2018-10-26 17:09:19 +01:00
Daiderd Jordan
1324ccf2c1
add changelog entry for nix.enableChannels 
This should have the same behaviour but it changed slightly when
overriding the defaults.
 2018-10-26 16:01:14 +01:00
Daiderd Jordan
95fb1cb2aa
nix: make channel entries for NIX_PATH dynamic 
This avoids warnings like this if the root or user channel profiles
don't exist.

    warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
 2018-10-26 15:49:24 +01:00
Daiderd Jordan
79d356909b
installer: don't use pure PATH for editor 
For the rest of the installer we want to make sure nothing installed by
the user interferes, however a user's editor might be installed
anywhere.
 2018-10-26 09:10:28 +01:00
Andrew Childs
676ef10377 Unify environment configuration and don't run in child shells 
This should enable `nix run` to work under shells like fish and zsh,
as well as making child shells not needlessly reset any environment
that should be inherited.

Implementation adapted from NixOS.
 2018-10-25 01:00:52 +09:00
Daiderd Jordan
e6a698a701
Merge pull request #109 from marsam/feature/update-bashrc-config 
Do not evaluate /etc/bashrc on non-interactive shells
 2018-10-17 19:04:48 +02:00
Mario Rodas
1a786eb088 bash: place bashrc early non-interactive return below system setup 
Setting PATH and environment setup is required in non-interactive shells
 2018-10-16 19:54:07 -05:00
Mario Rodas
dff88ee954 bash: do not evaluate completions on dumb terminals 2018-10-14 10:38:48 -05:00
Mario Rodas
b82bc64a0e bash: do not evaluate /etc/bashrc on non-interactive shells 2018-10-14 10:38:40 -05:00
Daiderd Jordan
5fa894c90a
tests: avoid depending on an actual font package 2018-10-12 22:03:40 +02:00
Daiderd Jordan
9a04aea8ea
tmux: remove reattach-to-user-namespace 
It's not been needed anymore for a few macOS releases now.
 2018-10-12 21:59:41 +02:00
Daiderd Jordan
9a192471bb
Merge pull request #108 from thefloweringash/dock-show-recents 
system.defaults.dock: add `show-recents` option
 2018-10-11 19:29:04 +02:00
Daiderd Jordan
166560ca76
Merge pull request #102 from peel/f-fonts-module 
initialise fonts module
 2018-10-11 19:10:42 +02:00
Andrew Childs
4cfb4b084e system.defaults.dock: add show-recents option 2018-10-11 11:58:17 +09:00