Commit graph

207 commits

Author SHA1 Message Date
Mathijs Kwik
a1e86494d0 made challenge-response authentication method configurable for openssh
challenge-response is an authentication method that does not need the
plain text password to be emitted over the (encrypted) connection.
This is nice if you don't fully trust the server.

It is enabled (upstream) by default.

To the end user, it still looks like normal password authentication,
but instead of sending it, it is used to hash some challenge.

This means that if you don't want passwords to be used ever at all,
and just stick to public key authentication, you probably want to
disable this option too.

svn path=/nixos/trunk/; revision=33513
2012-04-01 10:54:17 +00:00
Mathijs Kwik
e216ce07df dhcpcd: ip-up and ip-down emit more info (like wifi access point)
useful to only start certain services (like vpn) on certain networks

svn path=/nixos/trunk/; revision=33512
2012-04-01 10:54:15 +00:00
Mathijs Kwik
7d4fd69b5f dhcpcd: wifi disconnect should also generate ip-down
svn path=/nixos/trunk/; revision=33511
2012-04-01 10:54:13 +00:00
Mathijs Kwik
7ba690add6 optionally allow normal users to control wpa_supplicant through
wpa_gui or wpa_cli.

Comes with a default wpa_supplicant.conf, which gets updated through
aforementioned utilities.

svn path=/nixos/trunk/; revision=33510
2012-04-01 10:54:10 +00:00
Mathijs Kwik
de5b437004 assertions '.msg' doesn't exist => .message
svn path=/nixos/trunk/; revision=33508
2012-04-01 10:54:06 +00:00
Mathijs Kwik
f31fefdfd9 splitted ssh/sshd X11 forwarding logic. Backward compatible change.
You can now set the forwardX11 config option for the ssh client and server separately.

For server, the option means "allow clients to request X11 forwarding".
For client, the option means "request X11 forwarding by default on all connections".

I don't think it made sense to couple them. I might not even run the server on some machines.
Also, I ssh to a lot of machines, and rarely want X11 forwarding. The times I want it,
I use the -X/-Y option, or set it in my ~/.ssh/config.

I also decoupled the 'XAuthLocation' logic from forwardX11.
For my case where ssh client doesn't want forwarding by default, it still wants to set the path for the cases I do need it.

As this flag is the one that pulls in X11 dependencies, I changed the minimal profile and the no-x-libs config to check that instead now.

svn path=/nixos/trunk/; revision=33407
2012-03-25 15:42:05 +00:00
Eelco Dolstra
326891443c * dhcpcd: Don't use the "persistent" option. With it, dhcpcd won't
delete routes and addresses when it quits.  This causes those routes
  and addresses to stick around forever, since dhcpcd won't delete
  them when it runs next (even if it acquires a new lease on the same
  interface).  This is bad; in particular the stale (default) routes
  can break networking.

  The downside to removing "persistent" is that you should never ever
  do "stop dhcpcd" on a remote machine configured by dhcpcd.

svn path=/nixos/trunk/; revision=33388
2012-03-23 21:00:32 +00:00
Eelco Dolstra
89a21f7a7d * GIDs are supposed to match UIDs.
svn path=/nixos/trunk/; revision=33346
2012-03-22 10:11:15 +00:00
Lluís Batlle i Rossell
5ddae4a83a Changing portmap by rpcbind on nfs services.
That could make rpc.statd work.

Patch by Rickard Nilsson.

I'm not sure we need that netconfig file in etc.


svn path=/nixos/trunk/; revision=33342
2012-03-21 20:37:37 +00:00
Eelco Dolstra
ee6c9bb998 * Provide two utility functions in Upstart jobs: "ensure JOBNAME"
starts the given job and waits until it's running; "stop_check"
  checks that the current job hasn't been asked to stop.

svn path=/nixos/trunk/; revision=33214
2012-03-17 19:12:33 +00:00
Eelco Dolstra
07df536c42 * Fix comment.
svn path=/nixos/trunk/; revision=33213
2012-03-17 18:01:42 +00:00
Eelco Dolstra
53847ef665 * Don't use the non-existent "never" condition in stopOn.
svn path=/nixos/trunk/; revision=33212
2012-03-17 18:00:20 +00:00
Eelco Dolstra
dd693fdc5e * Revert unintended commit.
svn path=/nixos/trunk/; revision=33209
2012-03-17 17:31:08 +00:00
Eelco Dolstra
573877c1ac * Use boot.kernelModules everywhere instead of explicit calls to
modprobe.
* Move the implementation of boot.kernelModules from the udev job to
  the activation script.  This prevents races with the udev job.
* Drop references to the "capability" kernel module, which no longer
  exists.

svn path=/nixos/trunk/; revision=33208
2012-03-17 17:26:17 +00:00
Eelco Dolstra
646d67465c * Upstart stupidly doesn't kill post-start scripts if we do "stop
JOB", but it does kill the job's main process.  So if the post-start
  script if waiting for the job's main process to reach some state, it
  may hang forever.  Thus, the post-start script should monitor
  whether its job has been requested to stop and exit in that case.

svn path=/nixos/trunk/; revision=33176
2012-03-16 21:24:51 +00:00
Eelco Dolstra
a395e46192 * Fix the NFS Upstart dependencies. Mountd is now started before
nfsd, as suggested by the nfs-utils README.

  Also, rather than relying on Upstart events (which have all sorts of
  problems, especially if you have jobs that have multiple
  dependencies), we know just let jobs start their on prerequisites.
  That is, nfsd starts mountd in its preStart script; mountd starts
  statd; statd starts portmap.  Likewise, mountall starts statd to
  ensure that it can mount NFS filesystems.  This means that doing
  something like "start nfsd" from the command line will Do The Right
  Thing and start the dependencies of nfsd.

svn path=/nixos/trunk/; revision=33172
2012-03-16 20:10:14 +00:00
Eelco Dolstra
823471a100 * portmap: add a postStart action that ensures that portmap is
actually listening.  Otherwise we have a race condition during boot
  where statd's start can be delayed, causing NFSv3 mounting to fail.

svn path=/nixos/trunk/; revision=33171
2012-03-16 19:49:47 +00:00
Eelco Dolstra
5a36c25e9f * nfsd and statd do not need to be stopped when portmap stops.
svn path=/nixos/trunk/; revision=33167
2012-03-16 17:43:18 +00:00
Yury G. Kudryashov
9bb1132525 NM: add IFACE to ip-up
svn path=/nixos/trunk/; revision=33107
2012-03-15 13:51:17 +00:00
Yury G. Kudryashov
339d5b2b48 Add NetworkManager module
It works but it doesn't respect ignoredInterfaces etc.
Probably I forgotten to create some directories (all of them exist on my
laptop). Feel free to fix this module.

svn path=/nixos/trunk/; revision=33097
2012-03-15 07:19:17 +00:00
Ludovic Courtès
5fad465261 BitlBee: Add `job.name'; cleanup white space.
svn path=/nixos/trunk/; revision=33012
2012-03-12 13:10:13 +00:00
Mathijs Kwik
f68c95d1fe completely removed gw6c. use gogoclient
svn path=/nixos/trunk/; revision=32990
2012-03-11 14:36:39 +00:00
Mathijs Kwik
7d964498b8 changed the way networking-providers plug themselves before "networking"
svn path=/nixos/trunk/; revision=32781
2012-03-04 18:44:47 +00:00
Mathijs Kwik
8bfe513e75 renamed "all-interfaces" to "networking"
svn path=/nixos/trunk/; revision=32780
2012-03-04 18:44:42 +00:00
Eelco Dolstra
835170fe19 * Remove debug statement.
svn path=/nixos/trunk/; revision=32778
2012-03-04 17:21:33 +00:00
Eelco Dolstra
356ff79400 * wpa_supplicant: automatically figure out the wireless interface(s)
on which to run wpa_supplicant, unless they're set explicitly.

svn path=/nixos/trunk/; revision=32777
2012-03-04 17:21:14 +00:00
Eelco Dolstra
2ac5df3a93 * Undo unintended commit.
svn path=/nixos/trunk/; revision=32771
2012-03-04 15:48:58 +00:00
Eelco Dolstra
6c792b3d9e * A more pragmatic solution to the missing tar manpage problem.
svn path=/nixos/trunk/; revision=32770
2012-03-04 15:47:44 +00:00
Eelco Dolstra
0d39390ad4 * ntpd: cleanup.
svn path=/nixos/trunk/; revision=32769
2012-03-04 15:34:44 +00:00
Mathijs Kwik
3c957bd921 gogoclient: ipv6 tunnel module
meant to replace the obsolete gw6c module
builds fine on stdenv-updates branch

svn path=/nixos/trunk/; revision=32767
2012-03-04 12:58:22 +00:00
Mathijs Kwik
86bf5566fe many daemons: depend on all-interfaces instead of gw6c
svn path=/nixos/trunk/; revision=32766
2012-03-04 12:58:18 +00:00
Mathijs Kwik
ce83d3580e gw6c: provide support for all-interfaces
svn path=/nixos/trunk/; revision=32765
2012-03-04 12:58:14 +00:00
Eelco Dolstra
742198c6ea * dhcpcd: Ignore vboxnet*.
svn path=/nixos/trunk/; revision=32716
2012-03-01 13:49:47 +00:00
Eelco Dolstra
4f8d076ae7 * Allow the start/stop condition of OpenVPN jobs to be overriden
easily.

svn path=/nixos/trunk/; revision=32673
2012-02-28 10:30:12 +00:00
Eelco Dolstra
acea54b3c6 * In the users...keyFiles option, the "string" type doesn't work very
well because elements could be paths, e.g.

    users.extraUsers.root.openssh.authorizedKeys.keyFiles =
      [ ./id_key.pub ];

  So disable the type check for now.

svn path=/nixos/trunk/; revision=32558
2012-02-25 17:31:39 +00:00
Peter Simons
90adc800c5 sshd: choose host key type
svn path=/nixos/trunk/; revision=32479
2012-02-22 20:28:54 +00:00
Peter Simons
fca4803a74 gw6c: no built-in log rotation, we use logrotate for that
svn path=/nixos/trunk/; revision=32478
2012-02-22 20:28:51 +00:00
Eelco Dolstra
b2910df04e * Various cleanups in the OpenVPN module. The option
‘services.openvpn.enable’ is now obsolete; specifying instances in
  ‘services.openvpn.servers’ is enough.

svn path=/nixos/trunk/; revision=32441
2012-02-20 20:10:07 +00:00
Eelco Dolstra
35734279ae * Fix incorrect default value.
svn path=/nixos/trunk/; revision=32431
2012-02-20 16:53:44 +00:00
Eelco Dolstra
4e9c8d0b9d * dhcpcd: restart ntpd and emit ip-up/ip-down events. Also attach the
interface name to the events, as suggested by Mathijs Kwik.

svn path=/nixos/trunk/; revision=32430
2012-02-20 15:19:46 +00:00
Eelco Dolstra
a46fd58b3d * Use the networking.useDHCP out of the dhclient module.
svn path=/nixos/trunk/; revision=32428
2012-02-20 14:29:21 +00:00
Eelco Dolstra
1770b5a400 * dhcpcd: use a configuration file. Use the "denyinterfaces" option
to simplify the start script.  Drop the ifplugd hook because dhcpcd
  monitors interface link status itself.

svn path=/nixos/trunk/; revision=32424
2012-02-20 13:13:29 +00:00
Eelco Dolstra
ae27eafe4c * Added a module for dhcpcd, a DHCP client (not enabled by default
yet).  It's smaller than dhclient and has more features
  (e.g. automatically detects link status changes, supports
  openresolv, does IPv4LL, and supports IPv6 Router Advertisements).

svn path=/nixos/trunk/; revision=32413
2012-02-20 01:17:53 +00:00
Eelco Dolstra
1707d1130f * Move the dhclient/wpa_supplicant restart actions out of the ifplugd
module.

svn path=/nixos/trunk/; revision=32409
2012-02-19 22:53:25 +00:00
Eelco Dolstra
aca8225e3b * Invalidate the nscd hosts cache when an "ip-up" event occurs. This
event is emitted by dhclient and by the network-interfaces job in
  case of statically configured interfaces.  Invalidating the cache is
  necessary to get rid of negative queries.

svn path=/nixos/trunk/; revision=31779
2012-01-21 19:13:43 +00:00
Peter Simons
5144e94694 gw6c: fixed faulty path reference
svn path=/nixos/trunk/; revision=31657
2012-01-18 20:34:04 +00:00
Yury G. Kudryashov
a87a1bca04 wpa_supplicant: add D-Bus interface
svn path=/nixos/trunk/; revision=30972
2011-12-19 23:16:32 +00:00
Nicolas Pierron
e264d1ab79 Convert users.extraUsers to an option set and add support for openssh
authorized_keys file generation.

svn path=/nixos/trunk/; revision=30611
2011-11-29 06:08:55 +00:00
Eelco Dolstra
8eba736da9 * Use the ‘path’ attribute in Upstart jobs in more places. It's a bit
more readable (also in "ps" output).

svn path=/nixos/trunk/; revision=30565
2011-11-25 16:32:54 +00:00
Eelco Dolstra
da542dc1ae * Added a module for oidentd.
svn path=/nixos/trunk/; revision=30381
2011-11-10 23:06:24 +00:00