nixpkgs/nixos/modules/module-list.nix

338 lines
11 KiB
Nix
Raw Normal View History

[
./config/fonts/corefonts.nix
./config/fonts/fontconfig.nix
./config/fonts/fontdir.nix
./config/fonts/fonts.nix
./config/fonts/ghostscript.nix
./config/gnu.nix
./config/i18n.nix
./config/krb5.nix
./config/ldap.nix
./config/networking.nix
./config/no-x-libs.nix
./config/nsswitch.nix
./config/power-management.nix
./config/pulseaudio.nix
./config/shells-environment.nix
./config/system-environment.nix
./config/swap.nix
./config/sysctl.nix
./config/system-path.nix
./config/timezone.nix
./config/unix-odbc-drivers.nix
./config/users-groups.nix
./config/zram.nix
./hardware/all-firmware.nix
./hardware/cpu/intel-microcode.nix
./hardware/cpu/amd-microcode.nix
2012-07-14 05:54:41 +02:00
./hardware/network/b43.nix
./hardware/network/intel-2100bg.nix
./hardware/network/intel-2200bg.nix
./hardware/network/intel-3945abg.nix
./hardware/network/ralink.nix
./hardware/network/rtl8192c.nix
./hardware/opengl.nix
./hardware/pcmcia.nix
./hardware/video/bumblebee.nix
./hardware/video/nvidia.nix
./installer/tools/nixos-checkout.nix
./installer/tools/tools.nix
./misc/assertions.nix
./misc/check-config.nix
./misc/crashdump.nix
./misc/ids.nix
./misc/lib.nix
./misc/locate.nix
./misc/nixpkgs.nix
./misc/passthru.nix
./misc/version.nix
./programs/atop.nix
./programs/bash/bash.nix
./programs/bash/command-not-found.nix
./programs/blcr.nix
./programs/environment.nix
./programs/info.nix
./programs/shadow.nix
./programs/shell.nix
./programs/ssh.nix
./programs/ssmtp.nix
2013-07-23 22:41:52 +02:00
./programs/venus.nix
./programs/wvdial.nix
./programs/zsh/zsh.nix
2013-11-04 09:00:34 +01:00
./programs/screen.nix
./rename.nix
2012-07-17 01:47:41 +02:00
./security/apparmor.nix
./security/apparmor-suid.nix
./security/ca.nix
./security/duosec.nix
nixos: add grsecurity module (#1875) This module implements a significant refactoring in grsecurity configuration for NixOS, making it far more usable by default and much easier to configure. - New security.grsecurity NixOS attributes. - All grsec kernels supported - Allows default 'auto' grsec configuration, or custom config - Supports custom kernel options through kernelExtraConfig - Defaults to high-security - user must choose kernel, server/desktop mode, and any virtualisation software. That's all. - kptr_restrict is fixed under grsecurity (it's unwriteable) - grsecurity patch creation is now significantly abstracted - only need revision, version, and SHA1 - kernel version requirements are asserted for sanity - built kernels can have the uname specify the exact grsec version for development or bug reports. Off by default (requires `security.grsecurity.config.verboseVersion = true;`) - grsecurity sysctl support - By default, disabled. - For people who enable it, NixOS deploys a 'grsec-lock' systemd service which runs at startup. You are expected to configure sysctl through NixOS like you regularly would, which will occur before the service is started. As a result, changing sysctl settings requires a reboot. - New default group: 'grsecurity' - Root is a member by default - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID, making it possible to easily add users to this group for /proc access - AppArmor is now automatically enabled where it wasn't before, despite implying features.apparmor = true The most trivial example of enabling grsecurity in your kernel is by specifying: security.grsecurity.enable = true; security.grsecurity.testing = true; # testing 3.13 kernel security.grsecurity.config.system = "desktop"; # or "server" This specifies absolutely no virtualisation support. In general, you probably at least want KVM host support, which is a little more work. So: security.grsecurity.enable = true; security.grsecurity.stable = true; # enable stable 3.2 kernel security.grsecurity.config = { system = "server"; priority = "security"; virtualisationConfig = "host"; virtualisationSoftware = "kvm"; hardwareVirtualisation = true; } This module has primarily been tested on Hetzner EX40 & VQ7 servers using NixOps. Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-06 21:18:12 +02:00
./security/grsecurity.nix
./security/pam.nix
./security/pam_usb.nix
./security/polkit.nix
./security/prey.nix
./security/rngd.nix
./security/rtkit.nix
./security/setuid-wrappers.nix
./security/sudo.nix
2013-02-25 16:50:10 +01:00
./services/amqp/activemq/default.nix
./services/amqp/rabbitmq.nix
./services/audio/alsa.nix
./services/audio/fuppes.nix
./services/audio/mpd.nix
2013-03-27 11:47:28 +01:00
./services/backup/almir.nix
2013-03-15 16:10:21 +01:00
./services/backup/bacula.nix
./services/backup/mysql-backup.nix
./services/backup/postgresql-backup.nix
2013-10-06 22:22:25 +02:00
./services/backup/rsnapshot.nix
./services/backup/sitecopy-backup.nix
./services/backup/tarsnap.nix
./services/continuous-integration/jenkins/default.nix
./services/continuous-integration/jenkins/slave.nix
./services/databases/4store-endpoint.nix
./services/databases/4store.nix
./services/databases/couchdb.nix
./services/databases/firebird.nix
2013-06-10 22:45:24 +02:00
./services/databases/memcached.nix
./services/databases/mongodb.nix
./services/databases/redis.nix
./services/databases/mysql.nix
./services/databases/openldap.nix
./services/databases/postgresql.nix
./services/databases/virtuoso.nix
2014-04-01 19:20:33 +02:00
./services/databases/monetdb.nix
2014-05-27 22:54:43 +02:00
./services/databases/influxdb.nix
./services/desktops/accountservice.nix
2014-04-24 23:32:32 +02:00
./services/desktops/geoclue2.nix
./services/desktops/gnome3/at-spi2-core.nix
./services/desktops/gnome3/evolution-data-server.nix
./services/desktops/gnome3/gnome-documents.nix
2014-04-11 00:41:51 +02:00
./services/desktops/gnome3/gnome-keyring.nix
./services/desktops/gnome3/gnome-online-accounts.nix
./services/desktops/gnome3/gnome-online-miners.nix
./services/desktops/gnome3/gnome-user-share.nix
./services/desktops/gnome3/gvfs.nix
./services/desktops/gnome3/seahorse.nix
./services/desktops/gnome3/sushi.nix
./services/desktops/gnome3/tracker.nix
./services/desktops/telepathy.nix
./services/games/ghost-one.nix
./services/games/minecraft-server.nix
./services/hardware/acpid.nix
./services/hardware/amd-hybrid-graphics.nix
./services/hardware/bluetooth.nix
./services/hardware/nvidia-optimus.nix
./services/hardware/pcscd.nix
./services/hardware/pommed.nix
./services/hardware/sane.nix
./services/hardware/udev.nix
./services/hardware/udisks2.nix
./services/hardware/upower.nix
2013-04-06 23:35:04 +02:00
./services/hardware/thinkfan.nix
./services/logging/klogd.nix
2012-08-25 11:11:37 +02:00
./services/logging/logcheck.nix
./services/logging/logrotate.nix
./services/logging/logstash.nix
./services/logging/syslogd.nix
./services/logging/rsyslogd.nix
./services/mail/dovecot.nix
./services/mail/freepops.nix
./services/mail/mail.nix
2013-07-30 10:20:56 +02:00
./services/mail/opensmtpd.nix
./services/mail/postfix.nix
./services/mail/spamassassin.nix
#./services/misc/autofs.nix
2013-06-16 18:20:22 +02:00
./services/misc/cgminer.nix
2012-10-27 23:11:54 +02:00
./services/misc/dictd.nix
./services/misc/disnix.nix
./services/misc/felix.nix
./services/misc/folding-at-home.nix
./services/misc/gpsd.nix
./services/misc/nix-daemon.nix
./services/misc/nix-gc.nix
./services/misc/nix-ssh-serve.nix
./services/misc/nixos-manual.nix
./services/misc/rippled.nix
./services/misc/rogue.nix
./services/misc/svnserve.nix
./services/misc/synergy.nix
./services/monitoring/apcupsd.nix
2013-01-08 22:19:51 +01:00
./services/monitoring/dd-agent.nix
./services/monitoring/graphite.nix
./services/monitoring/monit.nix
./services/monitoring/munin.nix
./services/monitoring/nagios/default.nix
./services/monitoring/smartd.nix
./services/monitoring/statsd.nix
./services/monitoring/systemhealth.nix
./services/monitoring/ups.nix
./services/monitoring/uptime.nix
./services/monitoring/zabbix-agent.nix
./services/monitoring/zabbix-server.nix
./services/network-filesystems/drbd.nix
./services/network-filesystems/nfsd.nix
./services/network-filesystems/openafs-client/default.nix
./services/network-filesystems/rsyncd.nix
./services/network-filesystems/samba.nix
./services/networking/amuled.nix
./services/networking/avahi-daemon.nix
./services/networking/bind.nix
./services/networking/bitlbee.nix
./services/networking/btsync.nix
./services/networking/cjdns.nix
./services/networking/connman.nix
./services/networking/cntlm.nix
./services/networking/chrony.nix
./services/networking/ddclient.nix
./services/networking/dhcpcd.nix
./services/networking/dhcpd.nix
./services/networking/dnsmasq.nix
./services/networking/ejabberd.nix
./services/networking/firewall.nix
2013-10-29 15:55:25 +01:00
./services/networking/haproxy.nix
./services/networking/tcpcrypt.nix
./services/networking/flashpolicyd.nix
2013-04-21 09:27:41 +02:00
./services/networking/freenet.nix
./services/networking/git-daemon.nix
./services/networking/gnunet.nix
./services/networking/gogoclient.nix
./services/networking/gvpe.nix
2012-10-06 06:39:56 +02:00
./services/networking/hostapd.nix
./services/networking/ifplugd.nix
2013-08-05 00:03:42 +02:00
./services/networking/iodined.nix
./services/networking/ircd-hybrid/default.nix
2014-01-11 23:15:11 +01:00
./services/networking/kippo.nix
./services/networking/minidlna.nix
./services/networking/murmur.nix
./services/networking/nat.nix
./services/networking/networkmanager.nix
2014-03-20 03:04:35 +01:00
./services/networking/ngircd.nix
./services/networking/notbit.nix
./services/networking/nsd.nix
./services/networking/ntopng.nix
./services/networking/ntpd.nix
./services/networking/oidentd.nix
./services/networking/openfire.nix
./services/networking/openvpn.nix
./services/networking/prayer.nix
./services/networking/privoxy.nix
./services/networking/quassel.nix
./services/networking/radvd.nix
./services/networking/rdnssd.nix
./services/networking/rpcbind.nix
./services/networking/sabnzbd.nix
2014-03-07 20:09:59 +01:00
./services/networking/searx.nix
./services/networking/spiped.nix
2013-08-01 00:36:15 +02:00
./services/networking/supybot.nix
./services/networking/syncthing.nix
./services/networking/ssh/lshd.nix
./services/networking/ssh/sshd.nix
./services/networking/teamspeak3.nix
./services/networking/tftpd.nix
./services/networking/unbound.nix
./services/networking/vsftpd.nix
./services/networking/wakeonlan.nix
2013-02-15 03:50:41 +01:00
./services/networking/websockify.nix
./services/networking/wicd.nix
./services/networking/wpa_supplicant.nix
./services/networking/xinetd.nix
./services/printing/cupsd.nix
./services/scheduling/atd.nix
./services/scheduling/cron.nix
./services/scheduling/fcron.nix
./services/search/elasticsearch.nix
./services/search/solr.nix
./services/security/clamav.nix
./services/security/haveged.nix
./services/security/fprot.nix
./services/security/frandom.nix
./services/security/tor.nix
./services/security/torify.nix
./services/security/torsocks.nix
./services/system/dbus.nix
./services/system/kerberos.nix
./services/system/nscd.nix
./services/system/uptimed.nix
2013-02-24 17:33:48 +01:00
./services/torrent/deluge.nix
./services/torrent/transmission.nix
./services/ttys/gpm.nix
2012-06-18 23:55:27 +02:00
./services/ttys/agetty.nix
./services/ttys/kmscon.nix
./services/web-servers/apache-httpd/default.nix
./services/web-servers/fcgiwrap.nix
./services/web-servers/jboss/default.nix
./services/web-servers/lighttpd/default.nix
./services/web-servers/lighttpd/cgit.nix
./services/web-servers/lighttpd/gitweb.nix
2013-03-02 23:40:56 +01:00
./services/web-servers/nginx/default.nix
2014-03-11 23:46:57 +01:00
./services/web-servers/phpfpm.nix
./services/web-servers/tomcat.nix
2013-05-15 14:36:17 +02:00
./services/web-servers/varnish/default.nix
./services/web-servers/winstone.nix
2013-10-02 15:14:35 +02:00
./services/web-servers/zope2.nix
./services/x11/desktop-managers/default.nix
./services/x11/display-managers/auto.nix
./services/x11/display-managers/default.nix
./services/x11/display-managers/kdm.nix
./services/x11/display-managers/slim.nix
./services/x11/display-managers/lightdm.nix
./services/x11/hardware/multitouch.nix
./services/x11/hardware/synaptics.nix
./services/x11/hardware/wacom.nix
./services/x11/window-managers/awesome.nix
#./services/x11/window-managers/compiz.nix
./services/x11/window-managers/default.nix
./services/x11/window-managers/icewm.nix
./services/x11/window-managers/metacity.nix
./services/x11/window-managers/none.nix
./services/x11/window-managers/twm.nix
./services/x11/window-managers/wmii.nix
./services/x11/window-managers/xmonad.nix
2013-10-21 18:08:42 +02:00
./services/x11/redshift.nix
./services/x11/xfs.nix
./services/x11/xserver.nix
./system/activation/activation-script.nix
./system/activation/top-level.nix
./system/boot/kernel.nix
./system/boot/kexec.nix
./system/boot/loader/efi.nix
./system/boot/loader/generations-dir/generations-dir.nix
./system/boot/loader/grub/grub.nix
./system/boot/loader/grub/memtest.nix
Add support for lightweight NixOS containers You can now say: systemd.containers.foo.config = { services.openssh.enable = true; services.openssh.ports = [ 2022 ]; users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-dss ..." ]; }; which defines a NixOS instance with the given configuration running inside a lightweight container. You can also manage the configuration of the container independently from the host: systemd.containers.foo.path = "/nix/var/nix/profiles/containers/foo"; where "path" is a NixOS system profile. It can be created/updated by doing: $ nix-env --set -p /nix/var/nix/profiles/containers/foo \ -f '<nixos>' -A system -I nixos-config=foo.nix The container configuration (foo.nix) should define boot.isContainer = true; to optimise away the building of a kernel and initrd. This is done automatically when using the "config" route. On the host, a lightweight container appears as the service "container-<name>.service". The container is like a regular NixOS (virtual) machine, except that it doesn't have its own kernel. It has its own root file system (by default /var/lib/containers/<name>), but shares the Nix store of the host (as a read-only bind mount). It also has access to the network devices of the host. Currently, if the configuration of the container changes, running "nixos-rebuild switch" on the host will cause the container to be rebooted. In the future we may want to send some message to the container so that it can activate the new container configuration without rebooting. Containers are not perfectly isolated yet. In particular, the host's /sys/fs/cgroup is mounted (writable!) in the guest.
2013-11-27 16:54:20 +01:00
./system/boot/loader/gummiboot/gummiboot.nix
2012-07-25 17:30:16 +02:00
./system/boot/loader/init-script/init-script.nix
Add support for lightweight NixOS containers You can now say: systemd.containers.foo.config = { services.openssh.enable = true; services.openssh.ports = [ 2022 ]; users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-dss ..." ]; }; which defines a NixOS instance with the given configuration running inside a lightweight container. You can also manage the configuration of the container independently from the host: systemd.containers.foo.path = "/nix/var/nix/profiles/containers/foo"; where "path" is a NixOS system profile. It can be created/updated by doing: $ nix-env --set -p /nix/var/nix/profiles/containers/foo \ -f '<nixos>' -A system -I nixos-config=foo.nix The container configuration (foo.nix) should define boot.isContainer = true; to optimise away the building of a kernel and initrd. This is done automatically when using the "config" route. On the host, a lightweight container appears as the service "container-<name>.service". The container is like a regular NixOS (virtual) machine, except that it doesn't have its own kernel. It has its own root file system (by default /var/lib/containers/<name>), but shares the Nix store of the host (as a read-only bind mount). It also has access to the network devices of the host. Currently, if the configuration of the container changes, running "nixos-rebuild switch" on the host will cause the container to be rebooted. In the future we may want to send some message to the container so that it can activate the new container configuration without rebooting. Containers are not perfectly isolated yet. In particular, the host's /sys/fs/cgroup is mounted (writable!) in the guest.
2013-11-27 16:54:20 +01:00
./system/boot/loader/raspberrypi/raspberrypi.nix
./system/boot/luksroot.nix
./system/boot/modprobe.nix
./system/boot/shutdown.nix
./system/boot/stage-1.nix
./system/boot/stage-2.nix
./system/boot/systemd.nix
./system/etc/etc.nix
./system/upstart/upstart.nix
./tasks/cpu-freq.nix
./tasks/filesystems.nix
./tasks/filesystems/btrfs.nix
./tasks/filesystems/ext.nix
./tasks/filesystems/f2fs.nix
./tasks/filesystems/nfs.nix
./tasks/filesystems/reiserfs.nix
./tasks/filesystems/unionfs-fuse.nix
./tasks/filesystems/vfat.nix
./tasks/filesystems/xfs.nix
2012-12-04 19:17:54 +01:00
./tasks/filesystems/zfs.nix
./tasks/encrypted-devices.nix
./tasks/kbd.nix
./tasks/lvm.nix
./tasks/network-interfaces.nix
./tasks/scsi-link-power-management.nix
./tasks/swraid.nix
./tasks/trackpoint.nix
./testing/service-runner.nix
./virtualisation/container-config.nix
Add support for lightweight NixOS containers You can now say: systemd.containers.foo.config = { services.openssh.enable = true; services.openssh.ports = [ 2022 ]; users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-dss ..." ]; }; which defines a NixOS instance with the given configuration running inside a lightweight container. You can also manage the configuration of the container independently from the host: systemd.containers.foo.path = "/nix/var/nix/profiles/containers/foo"; where "path" is a NixOS system profile. It can be created/updated by doing: $ nix-env --set -p /nix/var/nix/profiles/containers/foo \ -f '<nixos>' -A system -I nixos-config=foo.nix The container configuration (foo.nix) should define boot.isContainer = true; to optimise away the building of a kernel and initrd. This is done automatically when using the "config" route. On the host, a lightweight container appears as the service "container-<name>.service". The container is like a regular NixOS (virtual) machine, except that it doesn't have its own kernel. It has its own root file system (by default /var/lib/containers/<name>), but shares the Nix store of the host (as a read-only bind mount). It also has access to the network devices of the host. Currently, if the configuration of the container changes, running "nixos-rebuild switch" on the host will cause the container to be rebooted. In the future we may want to send some message to the container so that it can activate the new container configuration without rebooting. Containers are not perfectly isolated yet. In particular, the host's /sys/fs/cgroup is mounted (writable!) in the guest.
2013-11-27 16:54:20 +01:00
./virtualisation/containers.nix
./virtualisation/libvirtd.nix
#./virtualisation/nova.nix
./virtualisation/virtualbox-guest.nix
#./virtualisation/xen-dom0.nix
]