nixpkgs

Author	SHA1	Message	Date
Silvan Mosberger	1a3b9e1bd2	Merge pull request #44556 from johanot/certmgr-module-init nixos/certmgr: init	2018-08-10 15:11:26 +02:00
Johan Thomsen	004e7fb6fd	nixos/certmgr: init	2018-08-10 09:56:25 +02:00
Daiderd Jordan	d113c02563	services-vault: make package configurable and add extraConfig option	2018-08-09 23:22:53 +02:00
Johan Thomsen	7d7c36f8be	nixos/cfssl: init - based on module originally written by @srhb - complies with available options in cfssl v1.3.2 - uid and gid 299 reserved in ids.nix - added simple nixos test case	2018-08-03 09:40:32 +02:00
volth	2e979e8ceb	[bot] nixos/*: remove unused arguments in lambdas	2018-07-20 20:56:59 +00:00
Yegor Timoshenko	1bb95d8409	Merge pull request #42775 from mkaito/oauth2_proxy-virtualHosts oauth2_proxy: add nginx vhost module	2018-07-05 22:15:50 +03:00
Florian Klink	fff5923686	nixos/modules: users.(extraUsers\|extraGroup->users\|group)	2018-06-30 03:02:58 +02:00
Michishige Kaito	2fec848254	fixup! oauth2_proxy: add nginx vhost module	2018-06-29 16:23:24 +01:00
Michishige Kaito	4a72999c75	oauth2_proxy: add nginx vhost module	2018-06-29 15:36:03 +01:00
Yegor Timoshenko	5e5bdfa6ad	Merge pull request #41098 from mkaito/oauth2_proxy oauth2_proxy: Handle attributes being derivations	2018-06-18 20:47:55 +03:00
Joachim Fasting	c449f0b55c	nixos/tor: grammer fix, advise -> advice Seems to me that the noun form is more appropriate here.	2018-06-18 12:40:09 +02:00
SLNOS	adab27a352	nixos/tor: use ControlPort for controlSocket for simplicity	2018-06-11 15:52:24 +00:00
SLNOS	2de3c4bd78	nixos/tor: add tor-init service to fix directory ownerships, fix hardenings This reverts a part of `5bd12c694b`. Apparently there's no way to specify user for RuntimeDirectory in systemd service file (it's always root) but tor won't create control socket if the dir is owned by anybody except the tor user. These hardenings were adopted from the upstream service file, checked against systemd.service(5) and systemd.exec(5) manuals, and tested to actually work with all the options enabled. `PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5), removed. `--RunAsDaemon 0` is the default value according to tor(5), removed.	2018-06-11 15:52:24 +00:00
markuskowa	96af022af5	nixos/munge: run munge as user munge instead of root. (#41509 ) * Added a note in release notes (incompatibilities) * Adapt slurm test * Change user to munge in service.munge	2018-06-09 00:50:28 +02:00
Michishige Kaito	170223fe64	Handle attributes being derivations	2018-05-26 12:05:04 +01:00
bricewge	21b926003d	sshguard: service creates /var/lib/sshguard	2018-05-05 00:29:44 -05:00
Yegor Timoshenko	e71c36369f	Merge pull request #39002 from serokell/oauth2_proxy_mod oauth2_proxy: refactor service	2018-04-27 22:15:50 +03:00
Yorick van Pelt	048c991eb0	oauth2_proxy: use explicit upstream default for setXauthrequest	2018-04-27 16:45:38 +02:00
Robert Schütz	5bd12c694b	nixos/tor: use RuntimeDirectory, StateDirectory (#39083 )	2018-04-18 09:42:45 +02:00
Yorick van Pelt	a037cbd46b	oauth2_proxy: add keyFile, make some options optional	2018-04-16 14:06:22 +02:00
Yorick van Pelt	b901c40a8e	oauth2_proxy: update module for extraConfig support	2018-04-16 13:10:31 +02:00
Joachim F	1c889be474	Merge pull request #37827 from oxij/pull/28938-tor-control-port nixos/tor: expose control socket	2018-03-26 13:05:27 +00:00
Jaka Hudoklin	cb9c1c63c9	nixos/tor: expose control socket	2018-03-26 00:41:10 +00:00
Dan Peebles	6fa9d9cdbd	hologram-server module: add cache timeout option The version of hologram we're using has supported this option for a while, but we didn't expose it through the NixOS module	2018-03-21 12:58:25 -04:00
Joel Thompson	fe2e4d6fb9	hologram: Enable configuring LDAP authorization In AdRoll/hologram#62 support was added to hologram to configure LDAP-based authorization of which roles a user was allowed to get credentials for. This adds the ability to configure that. Additionally, AdRoll/hologram/#94 added support to customize the LDAP group query, so this also feeds that configuration through. fixes #37393	2018-03-20 07:36:23 +00:00
Shea Levy	fec543436d	nixos: Move uses of stdenv.shell to runtimeShell.	2018-03-01 14:38:53 -05:00
Nadrieril	297fac40ca	nixos/usbguard: Do not check permissions on rules file (using undocumented -P flag)	2018-02-27 18:34:02 +00:00
rnhmjoj	e81811a579	nixos/modules: rename IP addresses/routes options	2018-02-17 14:57:07 +01:00
Jörg Thalheim	9fab083b79	Merge pull request #34524 from Infinisil/physlock-allowAnyUser nixos/physlock: add allowAnyUser option	2018-02-10 09:58:36 +00:00
Robert Schütz	355de06fe4	nixos/tor: add hiddenServices.<name>.authorizeClient	2018-02-08 10:02:22 +01:00
Silvan Mosberger	cfd22b733b	physlock: add allowAnyUser option	2018-02-02 14:03:00 +01:00
Léo Gaspard	7b878a443a	nixos/clamav: replace mkIf [] with optional	2018-01-06 16:52:14 +01:00
Nadrieril	95fde40b71	usbguard service: `rules` option should be of type 'lines'	2017-12-29 03:19:36 +01:00
Jaka Hudoklin	bc557912a1	Merge pull request #28939 from xtruder/nixos/tor/trans_proxy tor module: add support for transparent proxy and dns	2017-12-03 21:47:11 +01:00
Léo Gaspard	652842d82e	clamav module: make services.clamav.daemon.enable actually work	2017-11-28 13:45:13 +01:00
Joachim F	815bebf9e8	Merge pull request #30173 from dmjio/patch-1 oauth2_proxy: default address updated	2017-10-20 16:28:40 +00:00
Peter Hoeg	3211098632	Revert "sshguard: make it run" This reverts commit `69d8b81b4b`.	2017-10-14 14:42:49 +08:00
Peter Hoeg	69d8b81b4b	sshguard: make it run	2017-10-14 14:38:04 +08:00
Dan Peebles	56e18c50cc	Revert "Simple proof of concept for how to do other types of services" This reverts commit `7c3253e519`. I included this in another push by accident and never intended for it to be in mainline. See https://github.com/NixOS/nixpkgs/pull/26075 if you want more.	2017-10-13 09:17:13 -04:00
David Johnson	5b530d4568	oauth2_proxy: default address updated Go will fail to parse this otherwise. https://github.com/golang/go/issues/19297	2017-10-06 16:52:22 -07:00
Jaka Hudoklin	78a86c9072	nixos/tor: add support for transparent proxy and dns	2017-09-23 20:13:08 +02:00
Rob Vermaas	1b71376cf2	Make sure dummy kernel module is loaded for hologram-agent. (cherry picked from commit eb873f6c78e1c5306956b4c9fd651b25a6b9c40c)	2017-09-20 10:58:24 +00:00
Jörg Thalheim	bb5b084986	tor: skip ControlPort in torrc, if not set.	2017-09-13 23:33:46 +01:00
timor	ae87a30a83	physlock: 0.5 -> 11-dev Update physlock to a more current version which supports PAM and systemd-logind. Amongst others, this should work now with the slim login manager without any additional configuration, because it does not rely on the utmp mechanism anymore.	2017-09-10 22:43:05 +02:00
Tim Steinbach	ae742fa495	frandom: Remove	2017-08-29 20:01:25 -04:00
Phil	4f2935390e	nixos/usbguard: create package and module (#28363 ) * nixos/usbguard: create package and module No usbguard module or package existed for NixOS previously. USBGuard will protect you from BadUSB attacks. (assuming configuration is done correctly) * nixos/usbguard: remove extra packages Users can override this by themselves. * nixos/usbguard: add maintainer and fix style	2017-08-25 23:35:18 +01:00
Joachim F	9447b8b9cd	Merge pull request #28338 from oxij/nixos/better-tor nixos: better tor config	2017-08-24 08:12:59 +00:00
SLNOS	2c4a925ab0	nixos: tor: rename portSpec -> port, type all "port"s properly	2017-08-22 14:57:07 +00:00
SLNOS	30a3cccd07	nixos: tor: better submodule for hidden services Rebased onto master with a different implementation. Originally: "add support for serving hidden services".	2017-08-22 14:57:07 +00:00
SLNOS	9226f4886f	nixos: tor: more options, no unexpected consequences for default relay operators Before this commit default relay configuration could produce unexpected real life consequences. This patch makes those choices explicit and documents them extensively.	2017-08-22 14:57:06 +00:00

1 2 3

123 commits