Commit graph

4162 commits

Author SHA1 Message Date
xd1le
e0b44a09b8 interception-tools: init at 0.1.1
The latest release of libyamlcpp in nixpkgs does not build because it
uses an older version of boost than the one in nixpkgs and therefore
expects a particular header file which does not exist in the latest
boost anymore. For this reason, a later (git) version of libyamlcpp is
used here (which actually doesn't even require boost).

The substituteInPlace in the prePatch phase is needed because libevdev
places its headers in non-standard places, meaning Nix cannot normally
find them. The `cut` command removes the first two "-I" characters from
the output of `pkg-config`. This needs to be in the prePatch phase
because otherwise Nix will patch these lines to `/var/empty`, meaning
you would have less specific replacement (in case other lines are also
patched to `/var/empty`).

I wrote the patch. (I believe it is NixOS specific.)
2017-09-02 16:17:53 +10:00
Ryan Mulligan
8585898909 nixos/mattermost: fix create role
postgresql create role no longer supports NOCREATEUSER option. See
https://www.postgresql.org/docs/9.6/static/release-9-6.html for
details.
2017-09-01 14:24:44 -07:00
romildo
c4dd81b81d mate: remove icon cache 2017-09-01 17:27:24 -03:00
aszlig
799435b7ca
nixos/deluge: Fix deluge package attribute
Regression introduced by fa5e343242.

The deluge package no longer resides in pythonPackages but now is a
top-level package.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @grantwwu, @fpletz
2017-09-01 18:07:12 +02:00
Florian Jacob
786e9711f5 nixos/piwik: fix nginx submodule's ssl defaults
previous mkDefault did not work as expected,
as it did not overwrite the original submodule's defaults when the user
did not specify any custom options at all.
2017-09-01 08:13:34 +02:00
Jörg Thalheim
d0e4aef32a Merge pull request #28781 from romildo/mate
mate: add the MATE desktop environment
2017-08-31 18:57:20 +01:00
romildo
56345c0ee4 mate: add icon themes 2017-08-31 13:30:44 -03:00
Gabriel Ebner
1dcfcefd35 Merge pull request #28783 from ryantm/calibre-server
nixos/calibre-server: fix ExecStart call
2017-08-31 14:36:59 +02:00
Florian Jacob
d22c1c0719 mysql service: Make initialDatabases.schema attribute optional 2017-08-31 11:32:25 +02:00
Ryan Mulligan
39a982dc3e nixos/calibre-server: fix ExecStart call
calibre-server changed the way you specify the library from using
--with-library to just allowing the directory to be specified. See
https://manual.calibre-ebook.com/generated/en/calibre-server.html for
details.
2017-08-30 21:14:45 -07:00
romildo
dcebb0668b mate: add the MATE desktop environment 2017-08-31 00:16:51 -03:00
Graham Christensen
9d2777a5a5
Mark synaptics as deprecated 2017-08-30 20:32:45 -04:00
Florian Jacob
ae9d311565 nixos/piwik: adjust to addSSL and forceSSL now being mutually exclusive 2017-08-30 22:13:26 +02:00
Florian Jacob
0544ac4a1b nixos/piwik: Make webServerUser default to nginx
if the nginx option is used.
Noted that either webServerUser or nginx option is mandatory.
Also introduce an assertion if both are not set,
and a warning if both are set.
Resolves #27704.
2017-08-30 22:05:02 +02:00
Florian Jacob
adb03f32a1 nixos/piwik: Remove part about mail problems
Sending mail works out of the box as of resolution of #26611.
2017-08-30 22:05:01 +02:00
Florian Jacob
746cc06f13 nixos/piwik: use nginx' virtualHost submodule
instead of redeclaring part of the options. Backward-compatible change.
This gives the same flexibility to the user as nginx itself.
This also resolves the piwik module break from nginx' enableSSL introduction from #27426.
2017-08-30 22:05:00 +02:00
Linus Heckemann
46e41da543 cron service: fix reliance on etc.timezone
This does not fully address the issue, as cron will not restart when
the timezone is changed imperatively as it presumably needs to.
2017-08-30 21:35:17 +02:00
Frederik Rietdijk
6d4bd78fad Merge commit '2858c41' into HEAD 2017-08-30 21:07:07 +02:00
Robin Gloster
7cd46a0594
nginx module: add proxyResolveWhileRunning option 2017-08-30 21:01:53 +02:00
Robin Gloster
4ffa9ddb30
nginx module: allow basic configuration of upstreams 2017-08-30 21:01:53 +02:00
Franz Pletz
759daba980
nginx module: first proxy_set_header takes precendence 2017-08-30 21:01:52 +02:00
Franz Pletz
65c2203ffc
nginx module: add option for proxying websocket requests 2017-08-30 21:01:52 +02:00
Franz Pletz
530282eebe
nginx module: fix applying recommended proxy headers
Previously, if proxy_set_header would be used in an extraConfig of
a location, the headers defined in the http block by
recommendedProxySettings would be cleared. As this is not the intended
behaviour, these settings are now included from a separate file if
needed.
2017-08-30 21:01:52 +02:00
Robin Gloster
0371f2b5cc
nginx module: clean up SSL/listen handling 2017-08-30 21:01:52 +02:00
Franz Pletz
b5a95f6289 Merge pull request #28741 from bachp/gitlab-runner-improve
Gitlab runner improve
2017-08-30 18:52:17 +02:00
Eric Litak
5050c56382 ipfs: adding mountDir options but disabling broken autoMount 2017-08-30 08:24:38 -07:00
Eric Litak
5554ea5583 ipfs: preStart configuration moved into daemon services 2017-08-30 08:17:34 -07:00
Eric Litak
ba976021af ipfs: refactor; wrapper adjustment 2017-08-30 08:17:34 -07:00
Eric Litak
952424217b ipfs: optionally manage ulimit -n in serviceConfig 2017-08-30 08:17:34 -07:00
Eric Litak
5f9bad6ceb ipfs: add extraConfig option 2017-08-30 08:17:34 -07:00
Eric Litak
a48a2c4f78 ipfs: add autoMount option 2017-08-30 08:17:34 -07:00
Silvan Mosberger
76dec4a4d2 znapzend service: add autoCreation option 2017-08-30 14:13:13 +02:00
Pascal Bach
233781410d gitlab-runner service: allow adding additional tools to PATH
This is similar to how it is implemented for the Jenkins service.

Bash and docker-machine are added by default as they are required in
many cases.
2017-08-30 13:58:47 +02:00
Pascal Bach
73c4a3f641 gitlab-runner service: honor proxy variables 2017-08-30 13:58:46 +02:00
Graham Christensen
128cdeffd0
compiz: drop 2017-08-30 06:59:20 -04:00
Symphorien Gibol
bd54589233 networkmanager_iodine: init at 1.2.0 2017-08-30 02:58:29 +02:00
Franz Pletz
7d1d019650 Merge pull request #27826 from Infinisil/radicale
radicale: update to version 2
2017-08-30 02:17:34 +02:00
Franz Pletz
b91ed35325 Merge pull request #28660 from NeQuissimus/frandom_patch
frandom: Remove
2017-08-30 02:04:56 +02:00
Tim Steinbach
ae742fa495
frandom: Remove 2017-08-29 20:01:25 -04:00
Vladimír Čunát
2858c41823
Merge branch 'master' into staging
There were some conflicts in python modules, commented at #28314.
2017-08-29 10:51:54 +02:00
Michael Weiss
ea23f8bb07 cups service: Automatically detect Gutenprint in drivers
Additional CUPS drivers can be added via "services.printing.drivers" but
Gutenprint was an exception. It was possible to add a Gutenprint
derivation to that list and it would work at first but unlike the other
drivers Gutenprint requires a script to be run after each update or any
attempt to print something would simply fail and an error would show up
in the jobs queue (http://localhost:631/jobs/):
"The PPD version (5.2.11) is not compatible with Gutenprint 5.2.13.
Please run
`/nix/store/7762kpyhfkcgmr3q81v1bbyy0bjhym80-gutenprint-5.2.13/sbin/cups-genppdupdate'
as administrator."
This is due to state in "/var/lib/cups/ppd" and one would need to run
"/nix/store/.../bin/cups-genppdupdate -p /var/lib/cups/ppd" manually.
The alternative was to enable the following option:
"services.printing.gutenprint" but this had two disadvantages:
1) It is an exception that one could be unaware of or that could
potentially cause some confusion.
2) One couldn't use a customized Gutenprint derivation in
"services.printing.drivers" but would instead have to overwrite
"pkgs.gutenprint".

This new approach simply detects a Gutenprint derivation in
"services.printing.gutenprint" by checking if the meta set of a
derivation contains "isGutenprint = true". Therefore no special
exception for Gutenprint would be required and it could easily be
applied to other drivers if they would require such a script to be run.
2017-08-29 05:25:12 +04:00
Franz Pletz
8e622d2689
phpfpm service: allow netlink sockets for sendmail
Fixes #26611.
2017-08-29 00:41:31 +02:00
Tom Hunger
932b167321 Fix indentation. 2017-08-28 15:56:04 +01:00
Linus Heckemann
b73e3b6095 GNOME: 3.22 -> 3.24
This is a squash commit of the joint work from:

* Jan Tojnar (@jtojnar)
* Linus Heckemann (@lheckemann)
* Ryan Mulligan (@ryantm)
* romildo (@romildo)
* Tom Hunger (@teh)
2017-08-28 15:32:49 +01:00
Franz Pletz
951106c650
lldpd: 0.9.7 -> 0.9.8
Now uses the upstream systemd unit which adds lots of hardening flags.
2017-08-27 02:33:32 +02:00
Joachim F
227697bc67 Merge pull request #28562 from oxij/nixos/i2pd
nixos: i2pd: bits and pieces
2017-08-26 10:07:35 +00:00
Phil
4f2935390e nixos/usbguard: create package and module (#28363)
* nixos/usbguard: create package and module

No usbguard module or package existed for NixOS previously. USBGuard
will protect you from BadUSB attacks. (assuming configuration is done
correctly)

* nixos/usbguard: remove extra packages

Users can override this by themselves.

* nixos/usbguard: add maintainer and fix style
2017-08-25 23:35:18 +01:00
Jörg Thalheim
e861a26b82 Merge pull request #28476 from disassembler/airsonic
airsonic: init at 10.0.0
2017-08-25 23:19:49 +01:00
Jörg Thalheim
3ba09a8e2c nixos/airsonic: remove full-path commands from preStart
systemd services are initialised with a default PATH.
This path includes coreutils.
2017-08-25 23:18:46 +01:00
Jörg Thalheim
6905e59e25 nixos/airsonic: change script to serviceConfig.ExecStart
- shell invocation is not necessary here
2017-08-25 23:18:46 +01:00
Frederik Rietdijk
665d393919 Merge remote-tracking branch 'upstream/master' into HEAD 2017-08-25 19:39:41 +02:00
Frederik Rietdijk
997043c137 bepasty: move out of python-packages
because its a (web) application and thus doesn't belong there.
2017-08-25 19:36:18 +02:00
Jan Malakhovski
27aa99753b nixos: i2pd: fix indent 2017-08-25 12:49:10 +00:00
Jan Malakhovski
3594c4eec6 nixos: i2pd: tiny fix in a description 2017-08-25 12:49:10 +00:00
SLNOS
fd872c9b71 nixos: i2pd: enable ElGamal precomputation by default 2017-08-25 12:49:10 +00:00
SLNOS
af5de701b7 nixos: i2pd: add logLevel 2017-08-25 12:49:10 +00:00
SLNOS
042329be5e nixos: i2pd: one fork less, one process less 2017-08-25 12:49:10 +00:00
SLNOS
b42a107bc6 nixos: i2pd: rename extIp -> address to harmonize with tor 2017-08-25 12:49:10 +00:00
SLNOS
c21d434d1b nixos: i2pd: change httpproxy port to its default value 2017-08-25 12:49:10 +00:00
Robert Helgesson
f861426de9
nixos/tlp: mask systemd-rfkill socket
This fixes a spurious error on boot. See #24737.
2017-08-25 10:09:25 +02:00
Jörg Thalheim
ddf540d44c Merge pull request #27096 from gnidorah/maxx
maxx: init at 1.1.0
2017-08-25 06:40:31 +01:00
Peter Hoeg
ecdabb1b5b Merge pull request #28481 from mpcsh/master
nixos/caddy: improve documentation
2017-08-25 09:56:40 +08:00
Frederik Rietdijk
31ba3649ec Merge pull request #28189 from Nadrieril/ffsync-non-root
firefox syncserver service: run as non-root user by default
2017-08-24 20:47:52 +02:00
Mark Cohen
8511a3378b nixos/caddy: improve documentation
There was no documentation for the "config" option, and it wasn't quite
clear whether it was supposed to be a file, a string, or what. This
commit removes that ambiguity.
2017-08-24 13:39:06 -04:00
gnidorah
15ae2cbeea maxx: use libredirect 2017-08-24 19:34:08 +03:00
Joachim F
9447b8b9cd Merge pull request #28338 from oxij/nixos/better-tor
nixos: better tor config
2017-08-24 08:12:59 +00:00
Philipp Hausmann
de1a25cd69 nixos/hail: init (#28442) 2017-08-23 18:23:13 +00:00
Samuel Leathers
85329b96e0 nixos/airsonic: add module 2017-08-23 13:06:28 -04:00
Joachim F
f1514a5876 Merge pull request #27699 from volth/varnish-fixes-sq
nixos/varnish: made compatible with varnish 5.1.2, add modules
2017-08-22 22:01:00 +00:00
Robin Gloster
ce7e2c06b1
prometheus-unifi-exporter: make ordering more robust 2017-08-22 20:26:18 +02:00
SLNOS
2c4a925ab0 nixos: tor: rename portSpec -> port, type all "port"s properly 2017-08-22 14:57:07 +00:00
SLNOS
30a3cccd07 nixos: tor: better submodule for hidden services
Rebased onto master with a different implementation.
Originally: "add support for serving hidden services".
2017-08-22 14:57:07 +00:00
SLNOS
9226f4886f nixos: tor: more options, no unexpected consequences for default relay operators
Before this commit default relay configuration could produce unexpected
real life consequences. This patch makes those choices explicit and
documents them extensively.
2017-08-22 14:57:06 +00:00
Christian Albrecht
964799e556 sks and pgpkeyserver-lite modules: init (#27515)
* modules sks and pgpkeyserver-lite:
  runs the sks keyserver with optional nginx proxy for webgui.
* Add calbrecht to maintainers
* module sks: fix default hkpAddress value
* module pgpkeyserver-lite: make hkpAddress a string type option
  and use (builtins.head services.sks.hkpAddress) as default value
* module sks: remove leftover service dependencies
2017-08-22 12:27:00 +02:00
Franz Pletz
66fe192301 Merge pull request #28293 from makefu/module/gitlab-runner/configOptions
module gitlab-runner: introduce configOptions and configFile
2017-08-21 20:27:48 +02:00
Franz Pletz
cfb716e6a5
phpfpm service: remove NoNewPrivileges systemd option
This interferes with sendmail because suid won't work. Fixes #26611.
2017-08-21 19:24:17 +02:00
Casey Rodarmor
ae02dd2d0a nixos/mpd: allow configuring playlist directory (#28252) 2017-08-20 20:34:34 +00:00
Maximilian Güntner
0f02879e01
ipfs: added defaultMode, added norouting service 2017-08-17 03:30:57 +02:00
makefu
e6785422ae
module gitlab-runner: introduce configOptions and configFile
Also removes configText, functionality is now provided more conveniently by configOptions.
Keep in mind that this breaks compatibility with previous configurations,
configFile provides a means to protect the CI token from being written into the nix store.
2017-08-15 16:06:55 +02:00
gnidorah
b73ae0a695 maxx: move deps from module to package 2017-08-14 11:13:49 +03:00
Jean-Pierre PRUNARET
e6157451c1 nixos/munin: scripts need to be executable in order to build a wrapper
"Builder called die: Cannot wrap
/nix/store/XXX-munin-available-plugins/plugin.sh because it is not an
executable file"

[Bjørn: Keep DRY, quote "$file".]
2017-08-14 07:50:32 +02:00
Joachim F
3e21f91a39 Merge pull request #27796 from LumiGuide/postage
postage: init at 3.2.17 & add NixOS module
2017-08-13 20:59:06 +00:00
Franz Pletz
2d5a04e5bd
nixos/agetty: override upstream default
Also see c2cf696430.
2017-08-13 19:07:38 +02:00
Frederik Rietdijk
7ebcd39a0f Merge commit '4c49205' into HEAD 2017-08-13 18:34:59 +02:00
Silvan Mosberger
e16a0988bc
radicale: 1.1.4 -> 2.1.2
This commit readds and updates the 1.x package from 1.1.4 to 1.1.6 which
also includes the needed command for migrating to 2.x

The module is adjusted to the version change, defaulting to radicale2 if
stateVersion >= 17.09 and radicale1 otherwise. It also now uses
ExecStart instead of the script service attribute. Some missing dots at
the end of sentences were also added.

I added a paragraph in the release notes on how to update to a newer
version.
2017-08-13 17:23:43 +02:00
Peter Hoeg
4ce76d9e1a ddclient nixos module: follow best practice for running daemons
Couple of changes:

 - move home to /var/lib/ddclient so we can enable ProtectSystem=full
 - do not stick binary into systemPackages as it will only run as a daemon
 - run as dedicated user/group
 - document why we cannot run as type=forking (output is swallowed)
 - secure things by running with ProtectSystem and PrivateTmp
 - .pid file goes into /run/ddclient
 - let nix create the home directory instead of handling it manually
 - make the interval configurable
2017-08-13 21:56:48 +08:00
Nadrieril
69a4836df5 firefox syncserver service: run as non-root user by default 2017-08-12 14:42:50 +01:00
Frederik Rietdijk
c06fb4a269 Merge pull request #28188 from Nadrieril/ffsync-fix-pythonpath
firefox syncserver service: fix PYTHONPATH
2017-08-12 15:11:53 +02:00
Nadrieril
d6c1d2f793 firefox syncserver service: fix PYTHONPATH 2017-08-12 14:08:25 +01:00
Robin Gloster
79ac09ea06
ripple-rest: remove
marked as broken for > 1 yr, development is frozen and author recommends
moving to https://github.com/ripple/ripple-lib
2017-08-12 13:38:32 +02:00
Franz Pletz
5d2764eb68
prometheus-blackbox-exporter: 0.5.0 -> 0.8.1 2017-08-12 11:05:23 +02:00
Jörg Thalheim
c2e7b0e0b4 Merge pull request #27997 from richardlarocque/mosquitto_hashed_pass_docs
nixos/mosquitto: Fix instructions for password gen
2017-08-12 09:07:22 +01:00
Phil
b4d2cd6f6a nixos/tor: add tor hidden service options (#28081)
* nixos/tor: add hiddenServices option

This change allows to configure hidden services more conveniently.

* nixos/tor: fix default/example mixup

* nixos/tor: use docbook in documentation

Also use more elegant optionalString for optional strings.

* tor: seperate hidden service port by newline

* tor: better example for hidden service path

a path below /var/lib/tor is usually used for hidden services
2017-08-11 22:59:52 +01:00
Keith Amidon
f9204b9762 nixos/samba: fix pam service name typo (#28049)
The PAM service name used before this commit was "sambda", with an
extra 'd'. For some reason I don't quite fully understand this typo
prevents GDM from starting. This change fixes that as tested in VMs
built using "nixos-rebuild -I nixpkgs=<mypkgs> build-vm".
2017-08-11 20:13:33 +00:00
Franz Pletz
991745046f Merge pull request #27993 from Nadrieril/rsync-run-as-user
rsync service: allow running as user (plus some tweaks)
2017-08-11 19:12:46 +02:00
Peter Hoeg
b6f7713d33 Merge pull request #28127 from peterhoeg/f/collectd
influxdb (on nixos): reduce closure size by 99.99% (and a bit)
2017-08-12 00:01:46 +08:00
Franz Pletz
61d133c1ee Merge pull request #27939 from evujumenuk/wireguard-rt_tables
wireguard: add per-peer routing table option
2017-08-11 16:27:07 +02:00
Peter Hoeg
211593fe49 influxdb nixos module: allow customizing the collectd dependency 2017-08-11 22:12:49 +08:00
Joachim F
793523d7bc Merge pull request #28089 from volth/patch-9
nixos/tinc: do not tell systemd where is pidfile
2017-08-11 13:31:57 +00:00
Tristan Helmich
aa8e60d934 graylog module: adapt to Graylog version 2.3.0 2017-08-11 13:07:30 +02:00