cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
111918 commits 1 branch 0 tags 3.7 GiB
Commit graph

71 commits

Author SHA1 Message Date
Rhys
8777174d60 nixos/oauth2_proxy: actually pass provider-specific options 
Syntax errors prevented important parameters from being passed to
oauth2_proxy, which could have permitted unauthorised access to
services behind the proxy.
 2017-07-21 00:27:06 +02:00
Volth
334e85e75a vault: do not restart the service on "nixos-rebuild switch" 2017-07-03 19:46:02 +00:00
Volth
68bf28adaf vault: services.vault.storagePath for the file backend 2017-06-29 21:10:56 +00:00
Volth
2056c7e395 removed generation of self-signed certificate 2017-06-28 22:22:53 +00:00
Volth
519f17035f vault: add unitConfig.RequiresMountsFor to systemd config 2017-06-28 21:16:04 +00:00
Volth
7330e80456 vault: start after consul if consul is used as storage backend 2017-06-28 00:58:19 +00:00
Volth
d016ef1f5b create directory only for "file" storage 2017-06-27 20:22:53 +00:00
Volth
4c428b4a6f vault: run as an unpivileged user 2017-06-27 19:34:12 +00:00
Katyucha
cad450e6d6 delete lines 2017-06-27 19:34:12 +00:00
Katyucha
442f76d72a Vault: 0.6.5 -> 0.7.2 with services 2017-06-27 19:34:12 +00:00
Dan Peebles
7c3253e519 Simple proof of concept for how to do other types of services 2017-05-26 18:14:31 -04:00
J M
03d190d54f shibboleth: Add Myself as a Maintainer (#25817) 2017-05-16 10:11:55 +01:00
jammerful
d8c1977bb5 shibboleth-sp module: Set Config File Path for FastCGI Units 
Without this environment variable both shibauthorizer and
shibresponder default to ${pkgs.shibboleth-sp}etc/shibboleth/shibboleth2.xml
 2017-05-02 19:58:03 -04:00
jammerful
9f18af5991 Add Shibboleth Service Provider Module 2017-05-02 11:29:58 -04:00
Michael Raskin
d5ec7bc748 Merge pull request #23697 from sargon/master 
sshguard + service: init at 2.0.0
 2017-04-30 21:43:12 +02:00
Franz Pletz
3ab45f4b36
treewide: use boolToString function 2017-04-11 18:18:53 +02:00
Daniel Ehlers
20a5b5bead sshguard: new package 2017-03-26 14:46:22 +02:00
Joachim Fasting
95eaa3aec3
nixos/tor: add missing option type 2017-03-22 02:27:23 +01:00
Franz Pletz
9536169074
nixos/treewide: remove boolean examples for options 
They contain no useful information and increase the length of the
autogenerated options documentation.

See discussion in #18816.
 2017-03-17 23:36:19 +01:00
Jan Malakhovski
a04782581a nixos: torify: disable by default, add some documentation as of why 
This `tsocks` wrapper leaks DNS requests to clearnet, meanwhile Tor comes with
`torsocks` which doesn't.

Previous commits to this file state that all of this still useful somehow.
Assuming that it's true, at least let's not confuse users with two different tools
and don't clash with the `tsocks` binary from nixpkgs by disabling this by default.
 2017-03-16 21:06:12 +00:00
Jan Malakhovski
6d25f77a64 nixos: tor: add enableGeoIP 2017-03-16 21:06:12 +00:00
Bart Brouns
bb3ef8a95c physlock: fix issue 21935 2017-03-15 11:47:02 +01:00
Fernando J Pando
1d85e0bbab hologram: 8d86e3f -> d20d1c3 
- Updates dependencies
- Adds configuration module
- Tested on Nixos Unstable
 2017-02-02 11:31:42 -05:00
Bjørn Forsman
4c803b904e nixos/clamav: set "clamav" user's primary group to "clamav" 
So that the files created by the clamav service is owned by group
"clamav" instead of "nogroup".
 2017-01-15 22:56:34 +01:00
Renaud
fa0a63ec13 fail2ban service : improve ssh jail (#21131) 
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
 2016-12-14 14:58:02 +01:00
Franz Pletz
9e1e3b2880
clamav service: refactor 
* Sync systemd units with upstream. Upstream uses SIGUSR2 instead of SIGHUP
  to reload the clamd service.

* Convert freshclam service to a oneshot service activated by a systemd timer.
  This way we can make clamd wait for freshclam to finish fetching the virus
  database before failing to start if the database doesn't exist yet.

* Fixes console tools to work as expected as they require hardcoded config
  file locations.
 2016-11-15 04:47:14 +01:00
Franz Pletz
02e9c88d77
clamav: don't bundle freshclam config with package 
Building clamav is expensive due to the bundled llvm.

Closes #20304.
 2016-11-15 02:06:02 +01:00
Joachim Fasting
820b769fc8 oauth2_proxy: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Robert Helgesson
b023e8f303 haveged module: clean up service configuration (#18513) 
Switches from the forking service type to simple by running haveged in
the foreground. Also restricts the execution environment a bit (these
are inspired by the Debian service file).
 2016-09-13 07:07:46 +02:00
Kamil Chmielewski
437ea9fd37 Fixes #16181 - using bin output for Go services 2016-06-13 23:32:16 +02:00
Joachim Fasting
c1cb5ca57e
oauth2_proxy module: fix manual build 2016-06-10 01:02:40 +02:00
Jonathan Lange
58599744ee Add module for oauth2_proxy 2016-06-09 15:00:23 +01:00
Taeradan
77028b1e8d
fail2ban service: add iproute to PATH 
iproute is required for blocking via null routes; without it, rules
based on routes.conf will fail.

Closes #15638
 2016-05-23 15:57:21 +02:00
Alexander Ried
fc941899a3 fail2ban: rework service 2016-04-26 20:34:41 +02:00
Martin Sturm
507ad9a4f9 clamav: Use freshclam.conf defined by clamav-updater module if enabled 2016-03-04 02:26:44 +01:00
Leroy Hopson
eb90705d45 fail2ban service: fix formatting of example 2016-02-27 22:25:39 +13:00
aszlig
7bdcfb33f4
nixos: Provide a defaultText for type = package 
We don't want to build all those things along with the manual, so that's
what the defaultText attribute is for.

Unfortunately a few of them were missing, so let's add them.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2016-02-17 21:12:24 +01:00
Tomas Vestelind
11d475af29 haka: options for nixos 2016-01-23 01:19:53 +01:00
Robin Gloster
88292fdf09 jobs -> systemd.services 2016-01-07 06:39:06 +00:00
Svein Ove Aas
f16594e18b nixos/fail2ban: Enable jails by default 
With jails defaulting to 'enabled = true', the sshd jail that NixOS
defines will now be enabled.

[Bjørn: tweak commit message]
 2016-01-04 21:52:32 +01:00
JC Brand
b5b9b03518 clamav: improvements 
- Add new service for `clamd`, the ClamAV daemon.
- Replace the old upstart "jobs" section with systemd.services
- Remove unnecessary config options.
- Use `mkEnableOption`
 2015-12-13 15:55:56 +00:00
JC Brand
36e1e3a8a6 clamav: Fixed indentation. 2015-12-13 15:13:12 +00:00
Jan Malakhovski
75ba6b553c nixos: add physlock service 2015-09-18 19:12:34 +00:00
William A. Kennington III
83cf8b0cf8 goPackages: Split into multiple derivations 
This should reduce the closure size for end users who only need go
binaries as well as reduce the size of closures hydra builders consume.
 2015-08-29 12:58:03 -07:00
Dan Peebles
81d8074881 Add hologram service 2015-04-23 14:30:12 -04:00
Arseniy Seroka
69e59e9962 munge: add service 2015-03-07 00:26:52 +03:00
Bjørn Forsman
25a6745310 nixos/fail2ban: capitalize service description 2015-02-22 16:54:14 +01:00
Nikolay Amiantov
a164a0b4c5 nixos/fprintd: add service and pam support 2015-01-03 19:50:40 +03:00
Evgeny Egorochkin
9225af50d0 resurrect torsocks-faster 2014-12-19 08:05:41 +02:00
Evgeny Egorochkin
eb0874d5ff rename torify to tsocks, to avoid name clashes and make it clear which wrapper library is used 2014-12-19 08:05:41 +02:00