| Age | Commit message (Collapse) | Author |
|---|
|
(but only if it is set to relaxed. no security hole here.)
Thanks to lilyball for pointing out this omission in the docs.
Change-Id: I2408a943bfe817fe660fe1c8fefef898aaf5f7e9
|
|
It's in the security section, and it was totally outdated anyway.
I took the opportunity to write down the stuff we already believed.
Change-Id: I73e62ae85a82dad13ef846e31f377c3efce13cb0
|
|
Change-Id: I5bdf47e67059ae4099552750a47ae070dbe094df
|
|
Here's my guide so far:
$ rg '((?!(recursive).*) Nix
(?!(daemon|store|expression|Rocks!|Packages|language|derivation|archive|account|user|sandbox|flake).*))'
-g '!doc/' --pcre2
All items from this query have been tackled. For the documentation side:
that's for https://git.lix.systems/lix-project/lix/issues/162.
Additionally, all remaining references to github.com/NixOS/nix which
were not relevant were also replaced.
Fixes: https://git.lix.systems/lix-project/lix/issues/148.
Fixes: https://git.lix.systems/lix-project/lix/issues/162.
Change-Id: Ib3451fae5cb8ab8cd9ac9e4e4551284ee6794545
Signed-off-by: Raito Bezarius <raito@lix.systems>
|
|
Seccomp filtering and the no-new-privileges functionality improve the security
of the sandbox, and have been enabled by default for a long time. In
https://git.lix.systems/lix-project/lix/issues/265 it was decided that they
should be enabled unconditionally. Accordingly, remove the allow-new-privileges
(which had weird behavior anyway) and filter-syscall settings, and force the
security features on. Syscall filtering can still be enabled at build time to
support building on architectures libseccomp doesn't support.
Change-Id: Iedbfa18d720ae557dee07a24f69b2520f30119cb
|
|
This doesn't comprehensively fix everything outdated in the manual, or
make the manual greatly better, but it does note down where at least
jade noticed it was wrong, and it does fix all the instances of
referencing Nix to conform to the style guide to the best of our
ability.
A lot of things have been commented out for being wrong, and there are
three types of FIXME introduced:
- FIXME(Lix): generically Lix needs to fix it
- FIXME(Qyriad): re https://git.lix.systems/lix-project/lix/issues/215
- FIXME(meson): docs got outdated by meson changes and need rewriting
I did fix a bunch of it that I could, but there could certainly be
mistakes and this is definitely just an incremental improvement.
Fixes: https://git.lix.systems/lix-project/lix/issues/266
Change-Id: I5993c4603d7f026a887089fce77db08394362135
|
|
The big ones here are `trim-trailing-whitespace` and `end-of-file-fixer`
(which makes sure that every file ends with exactly one newline
character).
Change-Id: Idca73b640883188f068f9903e013cf0d82aa1123
|
|
Get rid of `bootstrap.sh`
(cherry picked from commit aaef47a08eaf54a8856dd25c784fd85d8d7b0e22)
Change-Id: I1a74bed0c23d6fda06d5dfd8ecad443b9122da12
|
|
|
|
e.g. nix-env -e subversion => nix-env --uninstall subversion
The aim is to make the documentation less cryptic for newcomers and the
long options are more self-documenting.
The change was made with the following script:
<https://github.com/aschmolck/convert-short-nix-opts-to-long-ones>
and sanity checked visually.
|
|
|
|
`/etc/bash.bashrc` is backed up as `/etc/bash.bashrc.backup-before-nix`,
but since other changes might have been introduced in the meantime we can't
just tell the user to revert.
|
|
At least on Ubuntu 22.04, these files are not created as part of a multi-
user installation.
|
|
|
|
At least on Ubuntu 22.04, the Nix installer creates
`/etc/profile.d/nix.sh`, not `/etc/profile/nix.sh`.
|
|
`sudo systemctl disable nix-daemon.socket nix-daemon.service` removes these
files already.
|
|
placed in a subsection of the binary install, the instructions are hard
to find. putting them in a separate page that is shown in the table of
contents should make it easier for users to find what they need when
they need it.
|
|
|
|
This provides a platform-independent way to configure the SSL
certificates file in the Nix daemon. Previously we provided
instructions for overriding the environment variable in launchd, but
that obviously doesn't work with systemd. Now we can just tell users
to add
ssl-cert-file = /etc/ssl/my-certificate-bundle.crt
to their nix.conf.
|
|
|
|
Use a pipe for all install commands
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
|
|
Changes the `quick-start.md` to recommend a multi-user install, since
single-user is not supported on MacOS and https://nixos.org/download.html
recommends multi-user.
Expands `installation.md` to reflect wording on https://nixos.org/download.html
|
|
|
|
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
|
|
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
|
|
Co-authored-by: sequencer <liu@jiuyang.me>
|
|
|
|
|
|
Allow installing multi-user as root on macOS and Linux
|
|
|
|
|
|
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
|
|
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
|
|
Before #5150 the copy-to-store phase of the install was idempotent,
but the recursive cp isn't. This is probably baiting a few people
into trying corrective installs that will fail.
|
|
|
|
|
|
The uninstall instructions used to accidentally remove the nix-darwin
LaunchDaemon, this was dropped. However, the original intent was to
remove the Store volume mounting LaunchDaemon.
|
|
|
|
Clarify that `/nix` being present after the uninstall is normal and it
will only disappear after a reboot.
Co-authored-by: Travis A. Everett <travis.a.everett@gmail.com>
|
|
The multi-user installation on macOS, which is now the only option, has
gotten complicated enough that it discourages some users from checking
Nix out for fear of being left with a "dirty" system. Detailed
uninstallation instructions should make this less of an issue.
|
|
|
|
Resolves #5767
|
|
|
|
`docker -ti run nixos` does not run on docker version 20.10.7 (my machine). This fixes it to read `docker run -ti nixos`.
|
|
Document libsodium, which is now mandatory, as a dependency.
|
|
|
|
|
|
|
|
|
|
|
