Commit graph

940 commits

Author SHA1 Message Date
Peter Simons
6f052ee62e spamassassin: use virtual user home directories under /var/lib/spamassassin to avoid permission problems
When spamd isn't running as 'root', it cannot access the usual ~/.spamassassin
path where user-specific files normally reside. Instead, we use the path
/var/lib/spamassassin-<user> to store those home directories.
2012-09-28 00:06:52 +02:00
Peter Simons
bcb8038726 spamassassin: add option for running the spamd daemon in debug mode 2012-09-27 17:12:25 +02:00
Peter Simons
9d83b8897b spamassassin: drop obsolete command line options 2012-09-27 16:51:32 +02:00
Rickard Nilsson
65c1c6525b network-manager: Big overhaul
* Add group 'networkmanager' and implement polkit configuration
    that allows users in this group to make persistent, system-wide
    changes to NetworkManager settings.

  * Add support for ModemManager. 3G modems should work out of the
    box now (it does for me...). This introduces a dependency on
    pkgs.modemmanager.

  * Write NetworkManger config file to Nix store, and let the
    daemon use it from there.
2012-09-27 09:26:07 +02:00
Peter Simons
2d6d678bb9 dovecot.nix: correct bogus reference to dovecot in Nixpkgs 2012-09-25 11:24:35 +02:00
Peter Simons
a7700202f2 Rename dovecot2 module to dovecot.
We no longer support more than one version.
2012-09-25 11:23:53 +02:00
Peter Simons
c1949c36e9 Merge pull request #31 from peti/master
Drop service for dovecot 1.x.
2012-09-24 07:31:04 -07:00
Peter Simons
97c74bf050 alsa.nix: initialize the sound card before restoring previously stored settings
The sound card in my ThinkPad won't work unless "init" is run explicitly.
2012-09-23 22:40:19 +02:00
Peter Simons
00e19c91e5 postfix: add option 'extraMasterConf' to extend the default master.cf file 2012-09-23 12:21:48 +02:00
Peter Simons
b8f09be5e0 Remove service for dovecot version 1.x. 2012-09-22 12:51:58 +02:00
Eelco Dolstra
0bd7bdfe0d Merge branch 'master' of github.com:NixOS/nixos 2012-09-21 11:03:25 -04:00
Eelco Dolstra
600d43ba93 Drop xfce-4.6 compatibility 2012-09-21 11:03:07 -04:00
Peter Simons
4476b875fc Add services.dovecot2.extraConfig option to configure arbitrary settings for which NixOS has no direct support. 2012-09-21 16:04:46 +02:00
Peter Simons
0573c7fcae modules/services/mail/dovecot2.nix: update syntax for SSL config options 2012-09-21 12:29:36 +02:00
Peter Simons
155495deb2 modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available
Connects from 'localhost' are always considered secure.
2012-09-21 12:29:36 +02:00
Peter Simons
1da16a5ea1 modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file 2012-09-21 12:29:36 +02:00
Eelco Dolstra
d4af6edd5e firewall.nix: Allow specifying trusted network interfaces
Trusted network interfaces (such as "lo") will accept any incoming
traffic.
2012-09-20 17:51:44 -04:00
Eelco Dolstra
1e666c10fa Get rid of the last use of mkThenElse 2012-09-20 16:55:32 -04:00
Rickard Nilsson
0de3a0cff3 nscd-invalidate: Invalidate passwd and group databases also
I had some problems with LDAP user lookups not working properly
at boot. I found that invalidating passwd and group on the
ip-up event (when nscd-invalidate starts) helped a bit.
2012-09-19 14:30:55 +02:00
Eelco Dolstra
d12dd340b6 firewall.nix: Respect networking.enableIPv6 = false
Reported-by: Pablo Costa <modulistic@gmail.com>
2012-09-18 17:20:46 -04:00
Ludovic Courtès
f7530dc5ee avahi: Never set host-name' to the empty string in avahi-daemon.conf'. 2012-09-07 10:58:53 +02:00
Rob Vermaas
27880ed729 Change logstash job startOn attribute to include networking 2012-09-06 12:31:15 +02:00
Mathijs Kwik
d106a8a296 logcheck: make sure directories are writable during merge phase 2012-08-29 22:59:28 +02:00
Peter Simons
51e58dafca spamassassin: use a dedicated user for running spamd 2012-08-28 16:27:28 +02:00
Mathijs Kwik
2769f594f3 add logcheck module 2012-08-26 16:04:49 +02:00
Mathijs Kwik
05262ad35d postfix: allow specifying 'virtual' mappings
mainly useful for having a few local addresses (me@host.domain.com) while the majority of
addresses are on the domain (you@domain.com)
2012-08-24 00:27:07 +02:00
Eelco Dolstra
0e3f03106f postgresql.nix: Add an option for overriding the PostgreSQL package 2012-08-15 17:02:03 -04:00
Shea Levy
85997a6692 mingetty: Don't make restartIfChanged optional 2012-08-12 11:44:00 -04:00
aszlig
d809a9e6b2 mingetty: Option to not restart on service change.
This especially annoyed me whenver I was doing nixos-rebuild switch and getting
logged out on all consoles. With this there now is services.mingetty.dontRestart
for heavy VT users to deactivate this behaviour.
2012-08-12 13:50:50 +02:00
Eelco Dolstra
21da462ad5 Merge pull request #25 from shlevy/required-kernel-config
Required kernel config
2012-08-08 10:33:41 -07:00
Shea Levy
64d0069be3 udev requires unix sockets and inotify 2012-08-06 17:02:35 -04:00
Peter Simons
d13a3c741a spamassassin: call daemon with complete path 2012-08-03 18:07:06 +02:00
Eelco Dolstra
d5d8acfacd Assign uid/gid 54 to wwwrun 2012-08-03 11:05:25 -04:00
Eelco Dolstra
0a0c28f812 Revert "Add services.httpd.fixUidAndGid option to assign reliable numeric UID and GID for the Apache user."
This reverts commit 0ef085d58a.
2012-08-03 10:52:53 -04:00
Peter Simons
0ef085d58a Add services.httpd.fixUidAndGid option to assign reliable numeric UID and GID for the Apache user.
The option is disabled by default so that previously existing installations
aren't affected.

If you'd like to migrate to the fixed numeric id for Apache, set "fixUidAndGid
= true", edit the file "/etc/groups" and replace the old GID value with 54.
(NixOS can't do that for you because it refuses to change a GID that identifies
the primary group of a user.) Then run

  find / -xdev -uid $oldUID -exec chown 54 {} +
  find / -xdev -gid $oldGID -exec chgrp 54 {} +

to update ownership of all files that are supposed to be owned by Apache.
2012-08-03 16:39:55 +02:00
Eelco Dolstra
29f721ba54 Only create the Apache user/group if it's "wwwrun" 2012-08-03 09:35:06 -04:00
Peter Simons
1b249eaf05 Initial version of a SpamAssassin service.
The configuration is expected to be managed by the user in /etc/spamassassin.
2012-08-03 15:11:28 +02:00
Eelco Dolstra
1fcef0a0e0 Don't use nixUnstable 2012-08-02 13:31:57 -04:00
Mathijs Kwik
52fd5ea6ca gogoclient: setup config and dirs on service start, not on system activation 2012-07-31 20:07:05 +02:00
Eelco Dolstra
2678ff3726 Use /sys/fs/cgroup instead of /dev/cgroup 2012-07-30 13:49:18 -04:00
Eelco Dolstra
a559a2a606 mediawiki.nix: Use the right PHP build 2012-07-30 17:19:23 +02:00
Peter Simons
e988324534 Use a dedicated user ('named') for BIND instead of running the daemon as super user. 2012-07-27 00:08:41 +02:00
Phreedom
cb063afcbf F-Prot virus signaure database updater: package 2012-07-24 10:52:04 +03:00
Peter Simons
e8e19bbb1f modules/services/web-servers/apache-httpd: rename 'apacheHttpd' option to 'package' 2012-07-24 01:01:48 +02:00
Peter Simons
b3627f6c69 modules/services/web-servers/apache-httpd: add apache user to the apache group 2012-07-23 22:00:35 +02:00
Peter Simons
52c97adaba modules/services/web-servers/apache-httpd: make this module more configurable
- The new option 'apacheHttpd' determines the version of the Apache
   HTTP Server that's being used by this module. The default version
   is Apache 2.2.x, as before.

 - The new option 'configFile' allows users specify their own custom
   config file for the web server instead of being limited to the one
   that this module generates.
2012-07-23 21:48:21 +02:00
Phreedom
4f109c8a3d ClamAV: package virus fingerprint database updater. 2012-07-23 17:19:59 +03:00
Marc Weber
7ddea025e4 dont hardcode apache group name when setting permissions for state dir 2012-07-23 03:28:21 +02:00
Eelco Dolstra
1d57489427 Global replace /var/run/opengl-driver -> /run/opengl-driver 2012-07-16 11:34:21 -04:00
Eelco Dolstra
98459eb675 Global replace /var/run/booted-system -> /run/booted-system 2012-07-16 11:34:21 -04:00