cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
78432 commits 1 branch 0 tags 3.7 GiB
Commit graph

553 commits

Author SHA1 Message Date
Eelco Dolstra
9366af1b94 "types.uniq types.string" -> "types.str" 2015-06-15 18:08:49 +02:00
Joachim Fasting
ffc6275e55 dnscrypt-proxy service: support custom providers 
The primary use-case is private DNSCrypt providers.

Also rename the `port` option to differentiate it from the
`customResolver.port` option.
 2015-06-12 15:12:33 +02:00
Joachim Fasting
8131065b63 dnscrypt-proxy service: use mkEnableOption 2015-06-12 15:12:33 +02:00
Joachim Fasting
2e8bc2bd5c nixos: cosmetic improvements to dnscrypt-proxy service module 
Remove superflous whitespace & comments
 2015-06-12 15:12:33 +02:00
Joachim Fasting
a88a6bc676 nixos: additional hardening for dnscrypt-proxy 
- Run as unprivileged user/group via systemd, obviating the need to
  specify capabilities, etc.
- Run with private tmp and minimal device name space
 2015-06-12 15:12:33 +02:00
Joachim Fasting
823bb5dd4d nixos: implement socket-activation for dnscrypt-proxy 
The socket definition is derived from upstream with the
exception that it does not depend on network.target, as
this creates a cycle between basic.target and sockets.target.

The apparmor profile has been updated to account for additional
runtime dependencies introduced by enabling systemd support.
 2015-06-12 15:12:33 +02:00
Joachim Fasting
dfe20de782 nixos: permit dnscrypt-proxy service to read basic user/group info 
If nscd is not running, dnscrypt-proxy crashes without read access
to /etc/{password,group,nsswitch.conf}.
 2015-06-12 15:12:30 +02:00
William A. Kennington III
b79a5e812a nixos/quassel: Use qt5 instead of qt4 
This really speeds up building quassel daemon since qt5 can be built in
parallel while qt4 cannot.
 2015-06-08 15:37:34 -07:00
Jaka Hudoklin
c9da002a07 nixos/consul: fix consul alerts enable 2015-06-08 13:41:43 +02:00
Jaka Hudoklin
23504e5bf2 Add skydns module 2015-06-08 13:36:05 +02:00
Timofey Lagutin
714377f8dc bittorrentsync: fix storage_path. 
If this path is a symlink, btsync won't be able to read it if it's not ending with "/".

As seen in f02d4ec9ed
Broken in 0539ed4771
 2015-06-05 18:39:01 +03:00
Mateusz Kowalczyk
1113efec5e Merge pull request #7559 from offlinehacker/openvswitch/ipsec 
openvswitch: ipsec support
 2015-05-26 11:26:02 +01:00
Mateusz Kowalczyk
a35e1ddfb2 Merge pull request #7566 from offlinehacker/nixos/node-docker-registry/module 
nixos: add node docker registry server
 2015-05-26 11:07:22 +01:00
lethalman
aff1c293ef Merge pull request #7998 from dezgeg/pr-ddclient-ssl 
ddclient: Set SSL_CERT_FILE environment variable
 2015-05-26 10:25:47 +02:00
Tuomas Tynkkynen
2966068968 ddclient: Set SSL_CERT_FILE environment variable 
Otherwise connection to SSL hosts fails like this:

May 26 06:44:05 kbuilder ddclient[17084]: WARNING:  cannot connect to dynamicdns.park-your-domain.com:443 socket:
    IO::Socket::IP configuration failed SSL connect attempt failed with unknown error
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
 2015-05-26 06:45:25 +03:00
Peter Simons
50fa9d8eea Merge pull request #7941 from peti/allow-custom-ssh-moduli-file 
nixos: add config.services.openssh.moduliFile option so that users can replace the default file from OpenSSH
 2015-05-22 20:51:42 +02:00
Peter Simons
86d299bc6e nixos: add config.services.openssh.moduliFile option so that users can replace the default file from OpenSSH 
The man page for ssh-keygen(1) has a section "MODULI GENERATION" that describes
how to generate your own moduli file. The following script might also be helpful:

 | #! /usr/bin/env bash
 |
 | moduliFiles=()
 |
 | generateModuli()
 | {
 |   ssh-keygen -G "moduli-$1.candidates" -b "$1"
 |   ssh-keygen -T "moduli-$1" -f "moduli-$1.candidates"
 |   rm "moduli-$1.candidates"
 | }
 |
 | for (( i=0 ; i <= 16 ; ++i )); do
 |   let bitSize="2048 + i * 128"
 |   generateModuli "$bitSize" &
 |   moduliFiles+=( "moduli-$bitSize" )
 | done
 | wait
 |
 | echo >moduli "# Time Type Tests Tries Size Generator Modulus"
 | cat >>moduli "${moduliFiles[@]}"
 | rm "${moduliFiles[@]}"

Note that generating moduli takes a long time, i.e. several hours on a fast
machine!

This patch resolves https://github.com/NixOS/nixpkgs/pull/5870.
 2015-05-22 16:28:45 +02:00
William A. Kennington III
31a273cb14 nixos/tinc: users are system users 2015-05-21 20:11:13 -07:00
William A. Kennington III
4ed8cdc3d4 nixos/bird: Fix doc compilation 2015-05-20 18:53:54 -07:00
lassulus
9d07c54fa1 nixos: add bird module 
patch bird to look in /var/run for birc.ctl
 2015-05-19 15:42:24 +02:00
Arseniy Seroka
946e7dca61 Merge pull request #7842 from dezgeg/pr-nix-serve 
nix-serve: Add nixos module
 2015-05-14 22:44:43 +03:00
Tuomas Tynkkynen
fd8cb1ff2d nix-serve: Add nixos module 
This allows sharing the Nix store of the machine as a binary cache
simply by setting 'services.nix-serve.enable = true'.
 2015-05-14 12:27:28 +03:00
Eelco Dolstra
fc8011ad8d Ensure that nscd, sshd are created as system users 
c0f70b4694 removed the fixed uid
assignment, but then it becomes necessary to set isSystemUser.

http://hydra.nixos.org/build/22182588
 2015-05-13 16:23:36 +02:00
William A. Kennington III
2806491cc4 nixos/consul: Add shell for health checks 2015-05-11 17:44:07 -07:00
William A. Kennington III
b6e26aa8df nixos/consul: Support a config directory for health checks 2015-05-11 16:45:04 -07:00
William A. Kennington III
1938dc9b54 nixos/consul: Remove the joinNodes and joinRetries options as they are now built in consul options 2015-05-11 16:27:53 -07:00
Arseniy Seroka
c0727fb751 Merge pull request #7788 from Lassulus/charybdis 
add charybdis nixos module
 2015-05-11 12:57:58 +03:00
lassulus
304cab2b46 add charybdis nixos module 2015-05-11 11:38:53 +02:00
William A. Kennington III
074c4a7f78 Merge remote-tracking branch 'upstream/master' into staging 2015-05-07 01:44:49 -07:00
Stephen Weinberg
a6ebccfbb8 Sane default configuration for sabnzbd module 
Added option to set user. Use unpriviledged user by default. Add sane
default for configuration location.
 2015-05-05 00:18:22 -04:00
Vladimír Čunát
30f31c9afc Merge 'master' into staging 
(relatively simple conflicts)
 2015-04-26 22:52:08 +02:00
Jaka Hudoklin
ff095f5002 nixos: add node docker registry server 2015-04-25 16:16:34 +02:00
Emery Hemingway
34f1c39fe0 nixos: fix cjdns json config 
filter extraneous attributes from config modules
 2015-04-25 09:40:44 -04:00
Jaka Hudoklin
b5114de4ac nixos: add racoon ipsec IKE deamon 2015-04-25 15:31:27 +02:00
Luca Bruno
db3b86560f GNOME 3.16.1, closes #7357 2015-04-25 12:02:33 +02:00
Edward Tjörnhammar
4ea47155af Merge pull request #7498 from k0ral/sslh 
sslh: argument to -F can no longer be separated from the option by a space
 2015-04-23 21:35:46 +02:00
Oliver Matthews
a498b28322 wait for filesystem before starting btsync; bump to latest package version 2015-04-23 13:09:34 +00:00
koral
88ce17b6e1 sslh: argument to -F can no longer be separated from the option by a space 2015-04-21 16:29:25 +00:00
Nicolas B. Pierron
7585d42d2b Fix #7354 - Accept _module attributes added to every submodule. 2015-04-20 23:58:32 +02:00
Nikolay Amiantov
0f5d5f9d12 lambdabot: add named pipe for incoming commands 2015-04-20 18:56:48 +03:00
Eelco Dolstra
c0f70b4694 Remove fixed uids for nscd, sshd 
These services don't create files on disk, let alone on a network
filesystem, so they don't really need a fixed uid. And this also gets
rid of a warning coming from <= 14.12 systems.
 2015-04-19 22:06:45 +02:00
Tobias Geerinckx-Rice
1f513c21f9 Merge pull request #7461 from dezgeg/pr-ddclient-unit-type 
ddclient: Fix capitalization of systemd unit keys
 2015-04-19 15:27:21 +02:00
Tuomas Tynkkynen
e7843efe12 ddclient: Fix incorrectly capitalized systemd unit key 
This avoids the following warning:

Apr 19 10:53:48 xen systemd[1]: [/nix/store/...-unit-ddclient.service/ddclient.service:19] Unknown lvalue 'type' in section 'Service'

As `Type=simple` is the default in systemd, the assignment to the
service type can be simply dropped.
 2015-04-19 15:58:34 +03:00
Jonathan Glines
cdb174c18d Added NixOS module for Asterisk server 2015-04-16 17:41:37 -06:00
Eelco Dolstra
a0f69df10e dnsmasq: Add some types 2015-04-16 19:13:26 +02:00
Nikolay Amiantov
1d6723c085 lambdabot: add nixos service 2015-04-16 13:33:40 +03:00
Joel Moberg
5b075eb400 i2p: add nixos service 2015-04-15 12:52:06 +02:00
Nicolas B. Pierron
3eef61a6eb NixOS Manual: Do not use unfree packages as default value. 2015-04-08 23:14:19 +02:00
Arseniy Seroka
e52e160190 Merge pull request #7215 from cwoac/btsync2 
Add support for btsync 2.x branch
 2015-04-06 18:50:05 +03:00
Oliver Matthews
0539ed4771 Add support for btsync 2.x branch 2015-04-06 15:31:40 +00:00
William A. Kennington III
b3c423757e nixos/rdnssd: Major refactoring 
This updates rdnssd to the following:
* Using the systemd interfaces directly
* Using the rdnssd user instead of the root user
* Integrating with resolvconf instead of writing directly to /etc/resolv.conf
 2015-04-04 21:20:07 -07:00
Nikolay Amiantov
16f047a60f nixos/networkmanager: support l2tp 2015-03-29 13:09:02 +03:00
Jan Malakhovski
5c6d86540b nixos: use types.enum instead of ad-hoc check in sshd service 2015-03-26 12:43:42 +00:00
Arseniy Seroka
ff22e19fc4 Merge pull request #6893 from hrdinka/nsd-config-options 
nsd: Fix automatic config options
 2015-03-23 13:19:29 +03:00
Edward Tjörnhammar
664592561d nixos: added aiccu service 2015-03-20 22:01:35 +01:00
Christoph Hrdinka
d3a2edb8ce nsd: Fix automatic config options 2015-03-19 12:10:55 +01:00
Christoph Hrdinka
6db8155e37 nsd: Update from 4.1.0 -> 4.1.1 2015-03-18 21:01:35 +01:00
lethalman
359bc60ec8 Merge pull request #6448 from eduarrrd/ddclient 
ddclient module: fix module
 2015-03-17 12:38:12 +01:00
lethalman
fe79bf34a5 Merge pull request #6512 from bjornfor/nixos-haproxy-cleanup 
nixos/haproxy: remove broken default 'config'
 2015-03-11 16:29:06 +01:00
Eelco Dolstra
d31202fba2 sshd: Enable seccomp sandboxing 2015-03-09 11:27:19 +01:00
Nikita Mikhailov
579159c72b Add dispatcher configuration options to NetworkManager module 2015-03-08 20:24:53 +01:00
William A. Kennington III
9ce0c1cb71 nixos/consul: Fix timeout bugs and json formatting 2015-02-25 15:42:43 -08:00
William A. Kennington III
f27fa79aa9 nixos/dnsmasq: Fix service name typo 2015-02-25 09:22:16 -08:00
Eduard Bachmakov
4bf66ba89c ddclient module: fix module 
* rewrite to systemd.services
* disable forking to give systemd better control
* verifiably run as ddclient user
* expose ssl option
* unset default value for dyndns server
* rename option "web" to "use" to be consistent with ddclient docs
* add descriptions
* add types to options
* clean up formatting
 2015-02-23 22:37:20 -05:00
Eelco Dolstra
b70bd0879b sshd: Generate a ed25519 host key 2015-02-23 17:00:07 +01:00
Bjørn Forsman
ffb4797dd3 nixos/haproxy: remove broken default 'config' 
HAProxy fails to start with the default 'config'. Better disable it and
assert that the user provides a suitable 'config'. (AFAICS, there cannot
really be a default config file for HAProxy.)
 2015-02-22 12:30:14 +01:00
Bjørn Forsman
419a4166a7 nixos/haproxy: small cleanup 
* Add option types
* Rewrite option descriptions
* /var/run/haproxy.pid => /run/haproxy.pid (canonical location)
 2015-02-22 12:29:34 +01:00
aszlig
030895f075
nixos/dhcpcd: Only run resume commands if enabled. 
The networkd implementation sets systemd.services.dhcpcd.enable to
false in nixos/modules/tasks/network-interfaces-systemd.nix. So we need
to respect that in the dhcpcd module.

If we don't, the resumeCommand is set nevertheless, which causes the
post-resume.service to fail after resuming:

Failed to reload dhcpcd.service: Unit dhcpcd.service is masked.
post-resume.service: main process exited, code=exited, status=1/FAILURE
Failed to start Post-Resume Actions.
Dependency failed for Post-Resume Actions.
Unit post-resume.service entered failed state.
post-resume.service failed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-02-22 08:09:04 +01:00
Sou Bunnbu
f8dbd6f9ae Merge pull request #6427 from grwlf/vsftpd-port 
vsftpd.nix: add 'portPromiscuous' option
 2015-02-18 19:18:34 +08:00
Sergey Mironov
ac65a757f0 vsftpd.nix: add 'portPromiscuous' option 2015-02-18 11:51:43 +03:00
Mathijs Kwik
2fe44b95d0 nixos/wpa_supplicant: fix conflicting documentation 
fixes #6298
 2015-02-17 22:16:20 +01:00
James Cook
33550b6efe Merge pull request #5665 from joachifm/dnscrypt-proxy-apparmor-updates 
dnscrypt-proxy service: update AppArmor profile
 2015-02-14 22:02:31 -08:00
lethalman
51a7277fac Merge pull request #6312 from k0ral/sslh 
sslh: added libwrap support + improved nixos module.
 2015-02-13 10:03:48 +01:00
Jaka Hudoklin
a17f5c8c9b nixos/consul: add consul-alerts service 2015-02-12 19:16:50 +01:00
koral
cb153cfca3 sslh: added libwrap support + improved nixos module. 2015-02-12 13:21:36 +01:00
lethalman
93ebaafabe Merge pull request #6170 from k0ral/sslh 
New sslh module
 2015-02-10 11:17:56 +01:00
William A. Kennington III
9792b12e53 nixos/openntpd: Don't start until we have networking 
This attempts to fix an issues where ntp is unable to resolve hostnames
because it came up before local nameservers or networking.
 2015-02-06 14:45:47 -08:00
William A. Kennington III
3e280f2089 nixos/tinc: Fix key generation behavior and use tinc 1.1 by default 2015-02-05 23:37:20 -08:00
koral
1439e72147 New sslh module. 2015-02-05 13:30:39 +01:00
Edward Tjörnhammar
83925c33f6 i2pd: 0.6.0 -> 0.7.0 
nixos: i2pd.service, fix string escaping
 2015-02-05 12:09:59 +01:00
William A. Kennington III
9ddb6c9cc9 nixos/tinc: Add daemon configuration 2015-02-04 18:19:04 -08:00
William A. Kennington III
bae5faa82d nixos/dhcpd: Also try restarting openntpd as it suffers the same dns resolution problem 2015-02-04 17:33:14 -08:00
William A. Kennington III
43d8b1ef3c openntpd: Fixes 2015-02-04 17:30:22 -08:00
William A. Kennington III
a9f1329d2d nixos/openntpd: Add openntpd to the environment for ntpctl 2015-02-04 17:27:03 -08:00
lethalman
49b67bb9cb Merge pull request #6078 from boothead/sabnzbd 
sabnzbd Change service to systemd
 2015-02-03 13:32:59 +01:00
Shea Levy
c45372f038 Merge commit 'cfb29ab882323d379aba20a95020c7c24f883eae' 
Partial staging merge, including cc-wrapper fixes

Conflicts:
	pkgs/applications/audio/spotify/default.nix
	pkgs/build-support/cc-wrapper/default.nix
	pkgs/development/compilers/cryptol/1.8.x.nix
 2015-02-02 21:14:28 -05:00
Bjørn Forsman
ee52a61e3a nixos/tftpd: add option types and fixup descriptions 
The first description is a (incorrect) copy/paste from the 'vsftpd'
module, and the second option lacks a 'dot' at the end.
 2015-02-01 15:57:28 +01:00
Shea Levy
52d4b9d982 Merge branch 'tlsdate' of git://github.com/4z3/nixpkgs 2015-01-30 01:07:59 -05:00
Eelco Dolstra
b61d4ac6a5 ntpd: Fork into the background 
With -n, ntpd will write log messages to both syslog and stderr, which
is ugly.
 2015-01-28 15:34:42 +01:00
Eelco Dolstra
11a0344e13 Merge pull request #5918 from robberer/openntpd 
openntpd: add extraConfig and extraOptions
 2015-01-23 16:43:15 +01:00
Longrin Wischnewski
4fa5d1f626 openntpd: add extraConfig and extraOptions 2015-01-23 16:15:20 +01:00
tv
3fdd925063 nixos: Add tlsdated service 2015-01-21 05:09:47 +01:00
Joachim Fasting
7023e03d77 firewall service: fix pingLimit example value 
The example uses single dashes, whereas iptables requires double dashes.
 2015-01-20 08:47:11 +01:00
Peter Simons
ec6b82a0c2 Merge branch 'master' into staging. 2015-01-19 18:41:17 +01:00
William A. Kennington III
130f66b683 nixos/sync-server: Respect the enable option 2015-01-18 14:21:40 -08:00
Domen Kožar
3b174a4024 Merge pull request #5301 from nbp/syncserver 
Add Firefox Sync service
 2015-01-18 17:47:51 +01:00
Nicolas B. Pierron
8196727fad Improve the documentation of the syncserver module. 2015-01-18 12:21:23 +01:00
Nicolas B. Pierron
0d13ea0131 Change default syncserver listen.port to a safer one. 2015-01-18 12:20:44 +01:00
Eric Seidel
88eae46455 rename occurrences of gcc.gcc to gcc.cc 2015-01-14 20:47:49 -08:00
Edward Tjörnhammar
837cfbb9ea nixos: adding nylon service with uid,gid 2015-01-14 22:08:47 +01:00
Vladimír Čunát
72d2d59cd4 /etc/ssh/ssh_known_hosts: refactor and fix #5612 
Generating the file was refactored to be completely in nix.
Functionally it should create the same content as before,
only adding the newlines.

CC recent updaters: @aszlig, @rickynils.
 2015-01-11 22:14:25 +01:00
Joachim Fasting
97bac259d0 dnscrypt-proxy service: update AppArmor profile 
This patch fixes the AppArmor profile path clause and adds
(currently ignored) network rules.

The AppArmor profile used to be defined for the path sbin/dnscrypt-proxy,
but the real path is bin/dnscrypt-proxy (due to sbin now being a symlink
to bin), which permitted the service to run unconfined.

Adding the network rules has no effect other than improving correctness,
as the version of AppArmor in the NixOS kernel fails to enforce network
rules.
 2015-01-09 15:08:07 +01:00
William A. Kennington III
9a7766e054 nixos/network-interfaces: Add mstpd support for bridges 2015-01-07 14:49:24 -08:00
William A. Kennington III
8627110091 icedtea: Make major version nonspecific attrs 2015-01-02 00:24:49 -08:00
Tobias Geerinckx-Rice
c64257b8e5 Fix user-facing typos (mainly in descriptions) 2014-12-30 03:31:03 +01:00
Domen Kožar
43af22b2de Merge pull request #5487 from luke-clifton/lc-btsync-group 
btsync groups
 2014-12-28 20:25:13 +01:00
Eelco Dolstra
ea9d391bb5 Fix ntpd 
Since the 4.2.8 upgrade, ntpd is broken on NixOS:

  Dec 28 19:06:54 hagbard ntpd[27723]: giving up resolving host 1.nixos.pool.ntp.org: Servname not supported for ai_socktype (-8)

This appears to be because DNS resolution doesn't work in chroots
anymore (due to /etc being missing). So disable chroots for now. It's
probably better to use systemd's containment facilities anyway.
 2014-12-28 19:38:45 +01:00
Vladimír Čunát
61d9f06760 fix a typo from 2627198b0c 2014-12-28 10:44:50 +01:00
Luke Clifton
0c477eb38f Documentation update 2014-12-28 17:26:59 +08:00
Luke Clifton
61ff1b2b0a Moved UMask to correct location 2014-12-28 16:44:27 +08:00
Luke Clifton
5fdd6f6a66 Change umask 2014-12-28 16:39:56 +08:00
William A. Kennington III
2627198b0c nixos/firewall: Add ipset utility 2014-12-28 00:04:49 -08:00
Luke Clifton
5866a9df03 added group 2014-12-28 13:23:10 +08:00
Luke Clifton
fabcc2cf7b Added btsync group to btsync user 2014-12-28 13:17:37 +08:00
Domen Kožar
ec5fcfa82c network-manager: specify full path to sytemctl binary 
(cherry picked from commit af8f76c2568ae9d842716d98673b3639292a920e)
Signed-off-by: Domen Kožar <domen@dev.si>
 2014-12-27 11:53:07 +01:00
Igor Pashev
2b91b9b594 Strongswan: updown script uses ip and iptables utilities 2014-12-22 20:20:52 +00:00
lethalman
d0fdad5f36 Merge pull request #5419 from ehmry/tox-bootstrapd 
tox-bootstrapd
 2014-12-22 11:16:44 +01:00
Emery Hemingway
01910e84f9 nixos: tox-bootstrapd service 2014-12-20 18:20:27 -05:00
William A. Kennington III
681ae2fa7f nixos/consul: Don't timeout if start job has many retries 2014-12-16 15:42:08 -08:00
Nicolas B. Pierron
42c3c205c4 Merge remote-tracking branch 'origin/master' into syncserver 2014-12-14 14:17:56 +01:00
Sebastián Bernardo Galkin
aba0d8a73d Fix networkmanager resumeCommands 
Small typo prevented the post resume script to restart network manager
 2014-12-14 03:46:54 -08:00
Nicolas B. Pierron
1a1fc17957 Firefox Sync Server: Create the private config file as non-world readable. 2014-12-12 22:14:38 +01:00
Nicolas B. Pierron
a0154145d5 Firefox Sync Server: Fix copy&paste issue. 2014-12-12 22:13:03 +01:00
Nicolas B. Pierron
0570a08b83 Merge remote-tracking branch 'origin/master' into syncserver 2014-12-11 23:49:19 +01:00
Nicolas B. Pierron
01886aef22 Add Firefox Sync server module. 2014-12-11 23:48:15 +01:00
Domen Kožar
0ec12d53e6 tcpcrypt: 2011.07.22 -> 0.3rc1, fix nixos service 2014-12-10 10:23:46 +01:00
William A. Kennington III
c17eb7f0e6 nixos/consul: Make service definition more sane 2014-12-09 02:24:36 -08:00
William A. Kennington III
159af942d5 nixos/unifi: Ensure stateDir is mounted before proceeding 2014-12-05 12:12:17 -08:00
William A. Kennington III
8a94c06595 nixos: Add network-pre.target and adjust firewall start ordering 2014-12-01 17:19:44 -08:00
William A. Kennington III
bcfe7b2200 Merge pull request #5043 from wkennington/master.networkd 
nixos/networking: Revamp networking configuration and add an experimental networkd option.
 2014-11-29 19:59:31 -08:00
aszlig
c37611f3e5
nixos: Use vendor zones instead of N.pool.ntp.org. 
Closes #4824, thanks to @abh for processing my stupidity.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-11-28 19:37:03 +01:00
aszlig
2249474632
nixos/sshd: Fix build if knownHosts is empty. 
Introduced by 77ff279f27.

Build failure: https://headcounter.org/hydra/build/583158/nixlog/5/raw

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-11-27 19:03:41 +01:00
Rickard Nilsson
77ff279f27 nixos/services.openssh: Allow knownHost keys to have multiple lines. 
Useful for adding several public keys of different types for the same host.
 2014-11-27 18:40:21 +01:00
Domen Kožar
91bdca38a0 NetworkManager.service -> network-manager.service 2014-11-27 12:10:20 +01:00
William A. Kennington III
1860ee27b0 nixos/networking: Fixes 2014-11-26 16:29:24 -08:00
William A. Kennington III
c417012c1b nixos/dhcpcd: Respect per interface dhcp options 2014-11-26 11:22:03 -08:00
William A. Kennington III
2057d9087f nixos: Support network-online target in addition to ip-up 2014-11-26 11:22:03 -08:00
William A. Kennington III
59f512ef7d nixos/network-interfaces: Provide a networkd implementation 2014-11-26 11:22:02 -08:00
William A. Kennington III
a332c4eac5 systemd: Enable more network services 2014-11-26 11:22:02 -08:00
Eelco Dolstra
dd2dedafa3 Style fixes 2014-11-25 16:01:27 +01:00
Igor Pashev
4c33004e1f Added strongSwan service 2014-11-25 15:29:34 +01:00
William A. Kennington III
f83aa6c0ea nixos/unifi: Properly depend on mountpoints 2014-11-24 12:40:07 -08:00
Arseniy Seroka
fd5566da41 Merge pull request #5080 from joachifm/dnscrypt-refactor 
dnscrypt-proxy: minor superficial improvements
 2014-11-24 15:48:47 +03:00
William A. Kennington III
8309aa04b2 unifi: Actually remove webapps at shutdown 2014-11-24 02:30:04 -08:00
William A. Kennington III
8f0d65e2df unifi: Clean all of webapps at start and stop 2014-11-24 00:22:24 -08:00
William A. Kennington III
3f7b2bc70d unifi: Fix typo 2014-11-24 00:06:42 -08:00
Joachim Fasting
119d93e223 dnscrypt-proxy: minor superficial improvements 
- Use upstream description and explicitly set platforms = all
- Coding conventions fix
 2014-11-22 16:19:06 +01:00
William A. Kennington III
826f5468ab nixos/unifi: Remove old ROOT.war links before relinking 2014-11-14 11:45:38 -08:00
William A. Kennington III
d0e15cc575 Merge pull request #4983 from bosu/fw-stop-fix 
firewall: clear rpfilter on stop
 2014-11-14 00:14:27 -08:00
Boris Sukholitko
53b24d0c95 firewall: clear rpfilter on stop 2014-11-14 09:07:18 +02:00
Moritz Ulrich
e884dc32c5 Add local-fs.target to minidlna. 
Minidlna fails to start if it wants to access a filesystem which isn't
mounted (yet).
 2014-11-12 23:20:47 +01:00
Joachim Fasting
52f0553209 Add dnscrypt-proxy service 
The dnscrypt-proxy service relays regular DNS queries to
a DNSCrypt enabled upstream resolver.
The traffic between the client and the upstream resolver is
encrypted and authenticated, which may mitigate the risk of
MITM attacks and third-party snooping (assuming a trustworthy
upstream).

Though dnscrypt-proxy can run as a standalone DNS client,
the recommended setup is to use it as a forwarder for a
caching DNS client.
To use dnscrypt-proxy as a forwarder for dnsmasq, do

```nix
{
  # ...

  networking.nameservers = [ "127.0.0.1" ];
  networking.dhcpcd.extraConfig = "nohook resolv.conf";

  services.dnscrypt-proxy.enable = true;
  services.dnscrypt-proxy.localAddress = "127.0.0.1";
  services.dnscrypt-proxy.port = 40;

  services.dnsmasq.enable = true;
  services.dnsmasq.extraConfig = ''
    no-resolv
    server=127.0.0.1#40
    listen-address=127.0.0.1
  '';

  # ...
}
```
 2014-11-11 22:47:19 +01:00
Edward Tjörnhammar
c329e5bbd9 i2pd: added package, service 2014-11-09 09:55:35 +01:00
Emery Hemingway
67a2a58314 cjdns: service tweaks, new NixOS test 2014-11-08 23:39:02 +01:00
Aristid Breitkreuz
8b50383c45 Merge pull request #4859 from abbradar/git-daemon 
nixos/git-daemon: fix a bug and add 'user' and 'group' options
 2014-11-08 19:33:24 +01:00
Aristid Breitkreuz
cf4a976ced quassel: make a proper systemd unit (also properly works in containers now) 2014-11-08 14:59:25 +01:00
Nikolay Amiantov
46b866cf63 nixos/git-daemon: fix 'exportAll' option 2014-11-07 15:50:01 +03:00
Nikolay Amiantov
af1d09879b nixos/git-daemon: add 'user' and 'group' options 2014-11-07 15:49:45 +03:00
Nikolay Amiantov
4b2e43865a nixos/git-daemon: add types 2014-11-07 15:49:03 +03:00
William A. Kennington III
ba53392bce nixos/nat: Fix override so that sysctls are properly preserved 2014-10-31 16:50:25 -07:00
Domen Kožar
3b133beb7a Merge pull request #4553 from ehmry/polipo 
drop permission prestart from polipo service module
 2014-10-23 12:51:36 +02:00
Emery Hemingway
a3338abcfe cjdns: add peer hostnames to extraHosts, option for external config 2014-10-21 13:16:04 -04:00
Emery Hemingway
32d6ae7ed9 drop permission prestart from polipo service module 
chowning the cache directory can timeout the service, permissions
on this directory should never change without user intervention
 2014-10-16 10:57:16 -04:00
Joachim Schiele
13298fcbb9 Merge pull request #4535 from flosse/lua-bitop 
lua-packages: added lua-bitop to add websocket support for prosody
 2014-10-15 09:41:32 +02:00
Markus Kohlhase
5308d3284b prosody: added websocket support 2014-10-15 03:57:00 +02:00
Matej Cotman
561d3b3860 seeks: nixos module 2014-10-13 13:10:49 +02:00
Markus Kohlhase
d86c2c30c5 prosody: packaged as a service 
Conflicts:
	nixos/modules/misc/ids.nix
 2014-10-11 18:53:43 +02:00
Shea Levy
f5aaefbb6c More pkgs.lib -> lib fixes 2014-09-29 09:45:59 -04:00
Jaka Hudoklin
ff8f23ab26 Merge pull request #4280 from wkennington/master.consul 
nixos/consul: Add module
 2014-09-27 07:00:39 +02:00
William A. Kennington III
36f9b9c284 nixos/consul: Add module 2014-09-26 03:25:14 -07:00
Matej Cotman
5e18182a30 mailpile: add module 2014-09-26 10:49:09 +02:00
Emery Hemingway
61f0d9b251 cjdns: update from 20140919 20140922 
package installs to .../bin
fix service module to look in .../bin

Closes #4240
 2014-09-23 22:30:53 +01:00
Ben Ford
06818c5cb2 Change service to systemd 2014-09-22 12:09:53 +01:00
Domen Kožar
2247f3a8d3 Merge pull request #4168 from lostdj/ltp/master/btsyncfix 
bittorrentsync: fix storage_path
 2014-09-20 10:53:57 +02:00
lostdj
f02d4ec9ed bittorrentsync: fix storage_path. 
If this path is a symlink, btsync won't be able to read it if it's not ending with "/".
 2014-09-19 18:19:04 +04:00
William A. Kennington III
ae195727b7 nixos/nat: Don't flush tables, create subchains for autogenerated rules 2014-09-18 11:28:58 -07:00
William A. Kennington III
ec9c4143a7 nixos/firewall: Cleanup in case reload fails 2014-09-16 15:51:57 -07:00
William A. Kennington III
1321fd175d nixos/nat: Leverage firewall module 2014-09-15 21:31:27 -07:00
William A. Kennington III
6a43d51291 nixos/firewall: Support extraStopCommands 2014-09-15 21:31:26 -07:00
William A. Kennington III
fd7b9b4291 nixos/firewall: Don't allow traffic during reload 2014-09-15 20:40:16 -07:00
Jaka Hudoklin
f7ba3d833f nixos/znc: fix module, createUser option does not exist anymore 2014-09-13 02:20:32 +02:00
William A. Kennington III
bab5efd237 nixos/ssh: Allow user to configure the package that provides ssh/sshd 2014-09-11 22:07:39 -07:00
Aristid Breitkreuz
c3fe942a57 start dhcpcd after network-interfaces 2014-09-06 13:52:09 +02:00
aszlig
e8c4fde22d
nixos/nsd: Improve support for journald/systemd. 
Don't fork into the background and just log to stderr.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-09-05 02:54:39 +02:00
aszlig
6386df1645
nixos/nsd: Fix indentation/coding style. 
For Nix, we indent using two spaces, but in this module somehow 4 spaces
were snuck in. Other than that, remoteControl and ratelimit are just
nested attribute sets, so we don't need to make another submodule type
for no particular reason.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-09-05 02:54:39 +02:00
Luca Bruno
2ba523df24 nixos nat: add description to forwardPorts 2014-09-04 11:33:08 +02:00
Luca Bruno
e6ab680cbf nixos nat: add type for sourcePort and destination of forwardPorts 2014-09-04 10:26:33 +02:00
Michael Raskin
4155121069 Merge pull request #3926 from lethalman/fwdports 
nixos/nat: add forwardPorts for external->internal DNAT
 2014-09-03 21:54:37 +04:00
Michael Raskin
3e841ef642 Fixing comment case 2014-09-03 20:03:15 +04:00
Michael Raskin
d1ae15b680 Merge pull request #3804 from ehmry/unbound 
unbound: run in chroot
 2014-09-03 11:45:20 +04:00
Nathan Bijnens
33a3f76ee4 Copy.com: client #3617 2014-09-03 11:31:51 +04:00
William A. Kennington III
9659d0f4fb nixos/dnsmasq: Fix regressions during the systemd update 2014-09-02 17:23:55 -07:00
Vladimir Still
13bbce96c3 sshd: Fix typo in assetion. 2014-09-02 10:06:04 +02:00
Vladimir Still
a2394f09c7 sshd: Add note about listening on port 22 to listenAddresses. 2014-09-01 22:56:35 +02:00
Vladimir Still
ac39d839c3 sshd: Add note about firewall and listenAddresses. 2014-09-01 22:56:35 +02:00
Vladimir Still
e12337156c sshd: Allow to specify ListenAddress. 2014-09-01 22:56:35 +02:00
Michael Raskin
a6dfb4dc28 Merge pull request #3241 from ehmry/cjdns 
cjdns declarative configuration
 2014-09-02 00:53:18 +04:00
Luca Bruno
b21ac60290 nixos/nat: add forwardPorts for external->internal DNAT 2014-09-01 22:31:56 +02:00
Luca Bruno
31b7cae018 nixos/znc: fix immutable config. 
Fix references to coreutils echo and rm.
Make config writable even if immutable because of
https://github.com/znc/znc/blob/master/src/znc.cpp#L964 .
 2014-09-01 16:21:12 +02:00
aszlig
29f4642284
nixos: Add new service for OpenNTPd. 
This conflicts with the existing reference NTP daemon, so we're using
services.ntp.enable = mkForce false here to make sure both services
aren't enabled in par.

I was already trying to merge the module with services.ntp, but it would
have been quite a mess with a bunch of conditions on the package name.
They both have a bit in common if it comes to the configuration files,
but differ in handling of the state dir (for example, OpenNTPd doesn't
allow it to be owned by anything other than root).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-09-01 16:07:28 +02:00
Michael Raskin
9e3d1b1a8f Merge pull request #3908 from wkennington/master.ip 
Reapply the multi-ip code
 2014-09-01 10:28:54 +04:00
Jan Malakhovski
8c9b6d932a nixos: add dhcpcd.persistent option 2014-09-01 10:33:48 +04:00
Jan Malakhovski
99243a5c51 nixos: add atftpd service 2014-09-01 10:33:48 +04:00
Emery Hemingway
f60ac82cac cjdns: new declarative service expression 
systemd service wants network-interfaces.target rather than network.target
assertion on config.networking.enableIPv6
 2014-08-31 18:14:16 -04:00
William A. Kennington III
3d037ebb94 Revert "Revert "Merge pull request #3182 from wkennington/master.ipv6"" 
This reverts commit ea8910652f.
 2014-08-31 09:46:16 -07:00
Rob Vermaas
ea8910652f Revert "Merge pull request #3182 from wkennington/master.ipv6" 
This reverts commit b23fd65854, reversing
changes made to 43654cba2c.
 2014-08-31 10:58:54 +02:00
Nicolas B. Pierron
a5d6219897 Merge pull request #3864 from nbp/useless-submodules 
Remove useless use of undocumented submodules.
 2014-08-30 18:21:17 +02:00
William A. Kennington III
4d8390be60 nixos/network-interfaces: Support the old ip configuration convention 2014-08-30 08:05:00 -07:00
William A. Kennington III
098c8f4c77 nixos/network-interfaces: Add support for multiple ipv4 / ipv6 addresses 2014-08-30 07:33:38 -07:00
Michael Raskin
8937b70d07 Merge pull request #3344 from ehmry/privoxy 
privoxy: upstart to systemd conversion, actions file editing
 2014-08-30 14:19:57 +04:00
Nicolas Pierron
8c19690d99 Remove useless use of optionSet. 2014-08-29 18:43:03 +02:00
Nicolas Pierron
43e52ef001 Remove useless use of undocumented submodules. 2014-08-29 18:28:34 +02:00
Michael Raskin
844fd2553e Merge pull request #3745 from wkennington/master.dnsmasq 
dnsmasq: Update and enable dbus support
 2014-08-29 01:43:41 +04:00
Michael Raskin
c42e7dfc0c Merge pull request #3200 from wkennington/master.dhcpcd 
nixos/dhcpcd: Add an explicit interfaces option
 2014-08-29 01:09:22 +04:00
Paul Colomiets
adbb9ff796 dnsmasq: upgrade to 2.71, fixed dnsmasq module 
* The module now has systemd config

* Add resolveLocalQueries option which sets up it as a dns server for
  local host (including reasonable setup of resolvconf)

* Add "dnsmasq" user for running daemon

* Enabled dbus and dnssec support for the package

Conflicts:
	nixos/modules/misc/ids.nix
 2014-08-28 11:39:03 -07:00
aszlig
8a56a55bb4
nixos/manual: Use literalExample when feasible. 
Should bring most of the examples into a better consistency regarding
syntactic representation in the manual.

Thanks to @devhell for reporting.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-08-27 23:41:15 +02:00
Emery Hemingway
e7597b12b8 privoxy: upstart to systemd conversion, actions file editing 
fix missing actions and filters
 2014-08-27 11:34:10 -04:00
Emery Hemingway
aedbfdff84 unbound: run in chroot 2014-08-26 21:24:09 -04:00
William A. Kennington III
aa77fe0fb0 nixos/radvd: Convert to a systemd unit 
Additionally, remove the automatic initialization of the ipv6 forwarding
sysctl as this should be handled by the end user. This really should not
be an issue as most people running radvd are likely forwarding ipv6
packets.
 2014-08-24 03:12:55 -07:00
William A. Kennington III
bc6979f7e1 nixos/dhcpcd: Don't configure sit devices 2014-08-14 14:06:56 -05:00
William A. Kennington III
a269acf480 nixos/dhcpcd: Use null instead of empty list to disable allowInterfaces 2014-08-14 14:05:55 -05:00
William A. Kennington III
320a82dd7f nixos/dhcpcd: Add an explicit interfaces option 2014-08-14 14:05:55 -05:00
William A. Kennington III
d0c0c2f9ba nixos/dhcpd: Wait until network interfaces are configured to start 2014-08-13 15:08:43 -05:00
William A. Kennington III
b3ddcfabd9 nixos/dhcpd: Convert to systemd from upstart 2014-08-13 15:08:43 -05:00
William A. Kennington III
24368beed8 nixos/dhcpd: Use dhcp user instead of nobody 2014-08-13 15:08:43 -05:00
William A. Kennington III
4fbf120e84 nixos/dhcpd: Add the ability to drop privileges 2014-08-13 15:08:08 -05:00
William A. Kennington III
56228e5614 nixos/dhcp: Modernize ddns-update-style 2014-08-13 15:08:08 -05:00
Jaka Hudoklin
675d76b00c nixos/znc: add option to add module packages to znc 
Besides that add option for extra znc config and fix a lot of stuff
 2014-08-09 19:35:59 +02:00
Eelco Dolstra
4668f37444 Fix NixOS evaluation on i686-linux 2014-08-09 17:19:09 +02:00
Peter Simons
9226fbf56a Merge remote-tracking branch 'origin/master' into staging. 2014-08-08 09:51:01 +02:00
William A. Kennington III
377454ff0e nixos/unifi: Explain and simplify the bind mount configuration 2014-08-05 23:15:49 -05:00
William A. Kennington III
12ad29226c nixos/unifi: Fix ordering of mount rules 2014-08-05 22:09:15 -05:00
William A. Kennington III
dfb596b49b nixos/unifi: Add service module 2014-08-05 21:40:47 -05:00
Eelco Dolstra
f64d84698e Merge remote-tracking branch 'origin/master' into staging 
Conflicts:
	pkgs/applications/audio/espeak/edit.nix
	pkgs/applications/audio/lmms/default.nix
	pkgs/desktops/e18/enlightenment.nix
	pkgs/games/exult/default.nix
	pkgs/os-specific/linux/alsa-plugins/default.nix
 2014-07-28 11:30:49 +02:00
lethalman
de59b6d7cd Merge pull request #3262 from bjornfor/znc-module-types 
nixos/znc-service: don't use types.string (it's deprecated)
 2014-07-26 12:41:25 +02:00
Eelco Dolstra
7f410ef923 Merge remote-tracking branch 'origin/master' into staging 
Conflicts:
	pkgs/misc/vim-plugins/default.nix
 2014-07-22 11:00:00 +02:00
Emery Hemingway
e5988bf4dd polipo: new service expression 2014-07-16 11:29:40 -04:00
Bjørn Forsman
3a4498ab07 nixos/znc-service: don't use types.string (it's deprecated) 
Apart from s/types.string/types.str/ (or types.lines where appropriate):

* port is changed from string to int.

* extraFlags is changed from types.string (with unfortunate merge
  semantics) into a list of strings. A list of strings merge better:
  one space is added between elements.
 2014-07-13 20:33:15 +02:00
Eelco Dolstra
95b828de42 Merge remote-tracking branch 'origin/master' into staging 2014-07-07 13:16:26 +02:00
Alex Berg
7b768ba2f5 Merge remote-tracking branch 'nixos/master' into feature/add-znc-module 
Conflicts:
	nixos/modules/misc/ids.nix
 2014-07-03 11:30:11 -05:00
Shea Levy
b3cfb9084b Get all lib functions from lib, not pkgs.lib, in modules 2014-07-02 12:28:18 -04:00
Eelco Dolstra
06fc1ec34d Merge remote-tracking branch 'origin/master' into staging 
Conflicts:
	pkgs/servers/serfdom/default.nix
 2014-07-01 11:25:41 +02:00
Eelco Dolstra
40f7b0f9df Another attempt to eradicate ensureDir 
See c556a6ea46.
 2014-06-30 14:56:10 +02:00
Michael Raskin
b403893aa2 Merge pull request #2778 from edwtjo/radicale 
Adding Radicale package and service
 2014-06-30 10:11:23 +04:00
aszlig
da32f052b1
Revert "nixos/sshd: drop mode from auth keys file". 
This reverts commit a3331eb87b.

See https://github.com/NixOS/nixpkgs/issues/2559#issuecomment-47313334
for a description why this is not a good idea.

I guess it's better to implement a sane way to remove all files in
authorized_keys.d, especially because it is also backwards-compatible.

Reopens #2559.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-06-27 09:22:07 +02:00
John Wiegley
8eedf968eb Merge pull request #3093 from lethalman/sshkeys 
nixos/sshd: drop mode from auth keys file. Closes #2559
 2014-06-26 10:26:47 -07:00
Luca Bruno
a3331eb87b nixos/sshd: drop mode from auth keys file. Closes #2559 2014-06-26 10:15:34 +02:00
Alex Berg
9af1e2ab51 Add ZNC module. Has zncConfOptions or specify full conf file. 2014-06-26 05:44:32 +02:00
Christoph Hrdinka
8daaa28ac8 nsd-service: add service module for nsd 2014-06-12 11:20:43 +02:00
Peter Simons
ce7be7584f Merge pull request #2790 from ehmry/unbound 
unbound: update from 1.4.21 to 1.4.22, service from Upstart to systemd
 2014-05-30 14:46:29 +02:00