3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

2427 commits

Author SHA1 Message Date
aszlig d94ac7a454
nixos/taskserver: Use types.str instead of string
The "string" option type has been deprecated since a long time
(800f9c2), so let's not use it here.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 411c6f77a3
nixos/taskserver: Add trust option to config file
The server starts up without that option anyway, but it complains about
its value not being set. As we probably want to have access to that
configuration value anyway, let's expose this via the NixOS module as
well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 1f410934f2
nixos/taskserver: Properly indent CA config lines
No change in functionality, but it's easier to read when properly
indented.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 3d820d5ba1
nixos/taskserver: Refactor module for CA creation
Now the service starts up if only the services.taskserver.enable option
is set to true.

We now also have three systemd services (started in this order):

 * taskserver-init: For creating the necessary data directory and also
                    includes a refecence to the configuration file in
                    the Nix store.
 * taskserver-ca:   Only enabled if none of the server.key, server.cert,
                    server.crl and caCert options are set, so we can
                    allow for certificates that are issued by another
                    CA.
                    This service creates a new CA key+certificate and a
                    server key+certificate and signs the latter using
                    the CA key.
                    The permissions of these keys/certs are set quite
                    strictly to allow only the root user to sign
                    certificates.
 * taskserver:      The main Taskserver service which just starts taskd.

We now also log to stdout and thus to the journal.

Of course, there are still a few problems left to solve, for instance:

 * The CA currently only signs the server certificates, so it's
   only usable for clients if the server doesn't validate client certs
   (which is kinda pointless).
 * Using "taskd <command>" is currently still a bit awkward to use, so
   we need to properly wrap it in environment.systemPackages to set the
   dataDir by default.
 * There are still a few configuration options left to include, for
   example the "trust" option.
 * We might want to introduce an extraConfig option.
 * It might be useful to allow for declarative configuration of
   organisations and users, especially when it comes to creating client
   certificates.
 * The right signal has to be sent for the taskserver service to reload
   properly.
 * Currently the CA and server certificates are created using
   server.host as the common name and doesn't set additional certificate
   information. This could be improved by adding options that explicitly
   set that information.

As for the config file, we might need to patch taskd to allow for
setting not only --data but also a --cfgfile, which then omits the
${dataDir}/config file. We can still use the "include" directive from
the file specified using --cfgfile in order to chainload
${dataDir}/config.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 6d38a59c2d
nixos/taskserver: Improve module options
The descriptions for the options previously seem to be from the
taskdrc(5) manual page. So in cases where they didn't make sense for us
I changed the wording a bit (for example for client.deny we don't have a
"comma-separated list".

Also, I've reordered things a bit for consistency (type, default,
example and then description) and add missing types, examples and
docbook tags.

Options that are not used by default now have a null value, so that we
can generate a configuration file out of all the options defined for the
module.

The dataDir default value is now /var/lib/taskserver, because it doesn't
make sense to put just yet another empty subdirectory in it and "data"
doesn't quite make sense anyway, because it also contains the
configuration file as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 8081c791e9
nixos/taskserver: Remove options for log/pidFile
We're aiming for a proper integration into systemd/journald, so we
really don't want zillions of separate log files flying around in our
system.

Same as with the pidFile. The latter is only needed for taskdctl, which
is a SysV-style initscript and all of its functionality plus a lot more
is handled by systemd already.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig 5060ee456c
nixos/taskserver: Unify taskd user and group
The service doesn't start with the "taskd" user being present, so we
really should add it. And while at it, it really makes sense to add a
default group as well.

I'm using a check for the user/group name as well, to allow the
taskserver to be run as an existing user.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
Matthias Beyer e6ace2a76a
taskd service: Add initialization script 2016-04-05 18:53:31 +02:00
Matthias Beyer da53312f5c
Add services file for taskwarrior server service 2016-04-05 18:53:31 +02:00
joachifm 376b57fefe Merge pull request #14396 from peterhoeg/dbus
dbus nixos module: add units for systemd user session
2016-04-02 22:23:42 +00:00
joachifm 687d21e4fd Merge pull request #14405 from jerith666/crashplan-46-r2
Crashplan 46 r2
2016-04-02 22:06:40 +00:00
Matt McHenry 213a8a1e96 crashplan: fix vardir file existence check 2016-04-02 16:43:12 -04:00
Peter Hoeg 83cb6ec399 dbus nixos module: add units for systemd user session
This patch makes dbus launch with any user session instead of
leaving it up to the desktop environment launch script to run it.

It has been tested with KDE, which simply uses the running daemon
instead of launching its own.

This is upstream's recommended way to run dbus.
2016-04-02 23:11:57 +08:00
joachifm b9ba6e2f6b Merge pull request #14297 from elitak/mfi
mfi: init at 2.1.11
2016-04-01 14:57:28 +00:00
Arseniy Seroka 882d0b35b8 Merge pull request #14145 from MostAwesomeDude/tahoe
services: Add Tahoe-LAFS service.
2016-04-01 15:23:37 +03:00
Eric Litak 0de2d2fbcd mfi: init at 2.1.11
This package has some outdated dependencies, so old versions of mongodb
and v8 had to be re-added as well.
2016-04-01 02:45:11 -07:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
rnhmjoj a98a918b10 syncthing: run daemon with dedicated user as default 2016-04-01 01:26:52 +02:00
Corbin e3e5633307 services: Add Tahoe-LAFS service.
Including systemd configuration and much of the standard storage node and
introducer configuration.
2016-03-31 14:01:09 -07:00
Nikolay Amiantov 63f1eb6b00 xserver service: add glamoregl for intel drivers
Closes #14286

Credits to vcunat for the initial patch.
2016-03-29 18:52:04 +03:00
Franz Pletz dcae10ebda wpa_supplicant service: Depend on interfaces being present 2016-03-28 21:52:23 +00:00
Nikolay Amiantov 25754a5fc2 uwsgi service: use python.buildEnv, fix PATH 2016-03-27 19:23:01 +03:00
Nikolay Amiantov ea5c7d553c dspam service: run after postgresql to prevent segfaults 2016-03-27 19:23:01 +03:00
Kevin Cox 26bd115c9c etcd: 2.1.2 -> 2.3.0 2016-03-26 22:47:15 -04:00
Mitchell Pleune 879778091a iodine service: add clients implimentation
- services.iodined moved to services.iodine
- configuration file backwards compatable
- old iodine server configuration moved to services.iodine.server
- attribute set services.iodine.clients added to specify any number
  of iodine clients
  - example:
    iodine.clients.home = { server = "iodinesubdomain.yourserver.com"; ... };
  - client services names iodine-name where name would be home
2016-03-26 21:16:29 -04:00
Eelco Dolstra fca9b335ae Hide sendmailSetuidWrapper 2016-03-25 16:08:34 +01:00
Domen Kožar 7a89a85622 nix.useChroot: allow 'relaxed' as a value 2016-03-25 12:50:39 +00:00
Arseniy Seroka 2358582976 Merge pull request #14045 from otwieracz/master
znapzend: added
2016-03-24 23:10:40 +03:00
Slawomir Gonet 3ff417cbb7 znapzend service: init at 0.15.3 2016-03-24 20:57:33 +01:00
Joachim Fasting 1ca4610577 dnscrypt-proxy service: change default upstream resolver
Previously, the cisco resolver was used on the theory that it would
provide the best user experience regardless of location.  The downsides
of cisco are 1) logging; 2) missing supoprt for DNS security extensions.

The new upstream resolver is located in Holland, supports DNS security,
and *claims* to not log activity. For users outside of Europe, this will
mean reduced performance, but I believe it's a worthy tradeoff.
2016-03-24 17:14:22 +01:00
Joachim Fasting 9bf6e64860 dnscrypt-proxy service: use dynamic uid/gid
The daemon doesn't have any portable data, reserving a
UID/GID for it is redundant.

This frees up UID/GID 151.
2016-03-24 17:14:22 +01:00
Joachim Fasting 03bdf8f03c dnscrypt-proxy service: additional hardening
Run the daemon with private /home and /run/user to
prevent it from enumerating users on the system.
2016-03-24 17:14:22 +01:00
Joachim Fasting 4001917359 dnscrypt-proxy service: cosmetic enhancements 2016-03-24 17:14:22 +01:00
Mitchell Pleune 927aaecbcb iodined service: wantedBy ip-up.target
When iodined tries to start before any interface other than loopback has an ip, iodined fails.
Wait for ip-up.target

The above is because of the following:
in iodined's code: src/common.c line 157
	the flag AI_ADDRCONFIG is passed as a flag to getaddrinfo.
	Iodine uses the function

		get_addr(char *host,
			int port,
			int addr_family,
			int flags,
			struct sockaddr_storage *out);

	to get address information via getaddrinfo().

	Within get_addr, the flag AI_ADDRCONFIG is forced.

	What this flag does, is cause getaddrinfo to return
	"Name or service not known" as an error explicitly if no ip
	has been assigned to the computer.
	see getaddrinfo(3)

Wait for an ip before starting iodined.
2016-03-22 23:40:49 -04:00
Pascal Wittmann 4295ad5ee8 Merge pull request #14079 from NixOS/add-radicale-user
radicale service: run with dedicated user
2016-03-21 13:56:23 +01:00
Domen Kožar 1536834ee0 Merge pull request #14066 from jerith666/crashplan-46
crashplan: 3.6.4 -> 4.6.0
2016-03-20 20:10:28 +00:00
Matt McHenry 447c97f929 crashplan: 3.6.4 -> 4.6.0
* the major change is to set TARGETDIR=${vardir}, and symlink from
  ${vardir} back to ${out} instead of the other way around.  this
  gives CP more liberty to write to more directories -- in particular
  it seems to want to write some configuration files outside of conf?

* run.conf does not need 'export'

* minor tweaks to CrashPlanDesktop.patch
2016-03-20 13:56:54 -04:00
joachifm 3273605aef Merge pull request #14033 from joachifm/clfswm-broken
Mark clfswm as broken
2016-03-20 15:27:41 +00:00
Pascal Wittmann a491b75523 radicale service: run with dedicated user
This is done in the context of #11908.
2016-03-20 15:50:14 +01:00
Joachim Fasting e891e50946 nixos: disable the clfswm window manager module 2016-03-19 15:52:18 +01:00
Peter Simons 5391882ebd services.xserver.startGnuPGAgent: remove obsolete NixOS option
GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
longer requires (or even supports) the "start everything as a child of the
agent" scheme we've implemented in NixOS for older versions.

To configure the gpg-agent for your X session, add the following code to
~/.xsession or some other appropriate place that's sourced at start-up:

    gpg-connect-agent /bye
    GPG_TTY=$(tty)
    export GPG_TTY

If you want to use gpg-agent for SSH, too, also add the settings

    unset SSH_AGENT_PID
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"

and make sure that

    enable-ssh-support

is included in your ~/.gnupg/gpg-agent.conf.

The gpg-agent(1) man page has more details about this subject, i.e. in the
"EXAMPLES" section.
2016-03-18 11:06:31 +01:00
Peter Simons de11380679 nixos/modules/services/x11/xserver.nix: fix minor typo 2016-03-18 11:02:01 +01:00
Peter Simons a0ab4587b7 Set networking.firewall.allowPing = true by default.
This patch fixes https://github.com/NixOS/nixpkgs/issues/12927.

It would be great to configure good rate-limiting defaults for this via
/proc/sys/net/ipv4/icmp_ratelimit and /proc/sys/net/ipv6/icmp/ratelimit,
too, but I didn't since I don't know what a "good default" would be.
2016-03-17 19:40:13 +01:00
Joachim Fasting 12877098cb dnscrypt-proxy service: expose option to use ephemeral keys
Some users may wish to improve their privacy by using per-query
key pairs, which makes it more difficult for upstream resolvers to
track users across IP addresses.
2016-03-17 15:02:33 +01:00
Joachim Fasting a0663e3709 dnscrypt-proxy service: documentation fixes
- fix `enable` option description
  using `mkEnableOption longDescription` is incorrect; override
  `description` instead
- additional details for proper usage of the service, including
  an example of the recommended configuration
- clarify `localAddress` option description
- clarify `localPort` option description
- clarify `customResolver` option description
2016-03-17 14:18:30 +01:00
Franz Pletz 38579a1cc9 gitlab service: Remove emailFrom option
Not being used anymore. Use `services.gitlab.extraConfig.gitlab.email_from`
instead.
2016-03-17 04:16:25 +01:00
Peter Simons 6c601ed1f0 Merge pull request #13838 from peti/drop-old-dovecot-versions
Drop support for dovecot 2.1.x from Nixpkgs and NixOS.
2016-03-16 14:36:52 +01:00
Nikolay Amiantov 851af5e888 cups service: fix gutenprint update when there's no printers 2016-03-15 21:46:33 +03:00
Tanner Doshier ab1008014d tarsnap: 1.0.36.1 -> 1.0.37 2016-03-14 17:56:48 -05:00
Peter Simons b7c8085c30 Merge pull request #13837 from peti/drop-old-postfix-versions
Drop support for postfix 2.x from Nixpkgs and NixOS.
2016-03-14 21:52:56 +01:00
Robin Gloster 3f9b00c2d8 Merge pull request #13906 from Zer0-/gitlab_version_bump
Gitlab version bump
2016-03-14 13:29:13 +01:00
Nikolay Amiantov 363f024864 Merge pull request #13861 from abbradar/mjpg-streamer
mjpg-streamer: update and add NixOS service
2016-03-14 15:19:03 +03:00
Nikolay Amiantov 305fa26005 Merge pull request #13850 from abbradar/e20
Update Enlightenment, rename e19 -> enlightenment, drop e16
2016-03-14 02:28:58 +03:00
Nikolay Amiantov 7e57e2c0fb autofs service: clear lockfile before start
autofs uses a lock file in /tmp to check if it's running -- unclean
shutdown breaks the service until one manually removes it.
2016-03-14 01:02:40 +03:00
Philipp Volguine 10198b586e gitlab service startup fix
-gitlab-sidekiq was being started with a misspelled argument name
 which caused the mailer queue to never run and never send mail
2016-03-13 21:04:11 +00:00
Edward Tjörnhammar c65026bfa5 nixos: i2pd, change to yes/no config entries and explicitly enable client endpoints 2016-03-13 21:36:30 +01:00
Nikolay Amiantov 83ff545bfd mjpg-streamer service: init 2016-03-12 18:53:02 +03:00
Nikolay Amiantov 4a01f70f8f octoprint service: add extraConfig 2016-03-12 18:52:16 +03:00
Thomas Tuegel 5d36644f42 mantisbt: fix typo in documentation 2016-03-12 07:48:36 -06:00
makefu 626bfce3b8 graphite: fix carbonCache graphiteWeb graphiteApi
This commit implements the changes necessary to start up a graphite carbon Cache
with twisted and start the corresponding graphiteWeb service.
Dependencies need to be included via python buildEnv to include all recursive
implicit dependencies.

Additionally cairo is a requirement of graphiteWeb and pycairo is not a standard
python package (buildPythonPackage) and therefore cannot be included via
buildEnv. It also needs cairo in the Library PATH.
2016-03-12 02:02:04 +01:00
Nikolay Amiantov 7fb2291f55 enlightenment.enlightenment: 0.20.3 -> 0.20.6 2016-03-12 03:10:47 +03:00
Nikolay Amiantov 3f6ad460e7 enlightenment.efl: 1.16.1 -> 1.17.0 2016-03-12 03:10:46 +03:00
Nikolay Amiantov e358d9498c e19: rename to enlightenment, drop old one 2016-03-12 03:10:37 +03:00
Peter Simons c73a22aed5 Drop support for dovecot 2.1.x from Nixpkgs and NixOS.
Version 2.2.x has been stable for a long time; let's give up support for
the obsolete version.
2016-03-11 16:03:09 +01:00
Peter Simons 24fe7bab08 Drop support for postfix 2.x from Nixpkgs and NixOS.
Version 3.x has been stable for a long time; let's give up support for
the obsolete versions.
2016-03-11 16:01:43 +01:00
Peter Simons ce6a1a6cea Revert "Drop support for postfix 2.x from Nixpkgs and NixOS."
This reverts commit a889c683dd. Sorry, I
pushed to the wrong branch. :-(
2016-03-11 16:00:49 +01:00
Vladimír Čunát 61556b727a nixos/mantisbt: add a simple service
It doesn't really deserve a package, as it's just a bunch of PHP scripts
copied into a folder and we have to copy on reconfiguration anyway.
2016-03-11 15:59:26 +01:00
Peter Simons a889c683dd Drop support for postfix 2.x from Nixpkgs and NixOS.
Version 3.x has been stable for a long time; let's give up support for
the obsolete versions.
2016-03-11 15:58:03 +01:00
Thomas Tuegel d8dceb7077 kde5: install colord-kde when colord is enabled 2016-03-11 08:45:50 -06:00
Vladimír Čunát c801cd1a04 php: fixup build when configured with httpd via nixos 2016-03-11 11:54:53 +01:00
Nikolay Amiantov 08893956fb Merge pull request #13823 from abbradar/colord
colord color management daemon
2016-03-11 13:50:12 +03:00
Vladimír Čunát 6f9fe31b42 awstats: init at 7.4, including a simple service 2016-03-11 10:37:06 +01:00
Nikolay Amiantov 4e58b33dee colord service: init 2016-03-11 01:58:40 +03:00
Joachim Fasting e7cfccbcc2 dnscrypt-proxy service: fix apparmor profile
The daemon additionally requires libcap, liblz4, and libattr.
2016-03-09 04:13:19 +01:00
Michael Raskin b27de68c4e Merge pull request #13777 from eqyiel/upstream
vsftpd: Add possibility to specify path to RSA key file
2016-03-09 03:02:29 +00:00
Joachim Fasting e3ae435aad dnscrypt-proxy service: fix default resolver name
The "opendns" resolver has changed name to "cisco", causing the default
dnscrypt-proxy configuration to fail.
2016-03-09 02:59:30 +01:00
Mango Chutney 973219c973 vsftpd.nix: Add possibility to add RSA key file 2016-03-09 01:32:44 +00:00
Nikolay Amiantov 392bde8809 Merge pull request #13763 from Profpatsch/printing-gutenprint-example
modules/cupsd: clarify how to set gutenprint
2016-03-08 20:42:18 +03:00
Christoph Hrdinka 1e3fef77d5 Merge pull request #13739 from romildo/update.jwm
jwm: 2.2.2 -> 1406
2016-03-08 18:23:52 +01:00
Profpatsch d37729f4b8 modules/cupsd: clarify how to set gutenprint 2016-03-08 16:39:17 +01:00
Vladimír Čunát 1952d5d5f7 nixos/foswiki: basic working service definition
Activation is as simple as:
  services.httpd = {
    enable = true;
    adminAddr = "nobody@example.com";
    extraSubservices = [ {
      serviceType = "foswiki";
    } ];
  };
2016-03-08 16:38:43 +01:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Robin Gloster bcfb3dd9c6 Merge pull request #13748 from zohl/misc
a few descriptions fixups
2016-03-07 21:42:26 +01:00
Al Zohali 896a70aa52 KDC description fix 2016-03-07 23:24:35 +03:00
Al Zohali a227bd4e3b nix.requireSignedBinaryCaches: description fix 2016-03-07 23:24:35 +03:00
Ricardo M. Correia 99a27e7137 nixos.transmission: whitelist lz4 in AppArmor rules 2016-03-07 21:01:55 +01:00
José Romildo Malaquias 82e12688a2 jwm: window manager module addition 2016-03-07 16:07:13 -03:00
joachifm 453686a24a Merge pull request #13705 from aneeshusa/use-bin-instead-of-sbin-for-openssh
openssh: use bin instead of sbin folder
2016-03-07 12:03:37 +00:00
joachifm 8cff02206b Merge pull request #13725 from nathan7/bird-user
bird module: run as user/group `bird`, not `ircd`
2016-03-07 11:34:06 +00:00
Christoph Hrdinka 67e93e984c Merge pull request #13723 from Profpatsch/wheter
wheter -> whether
2016-03-07 10:51:43 +01:00
Profpatsch 7f44b58609 wheter → whether
Nice weather today, isn’t it?
2016-03-07 03:06:54 +01:00
Nathan Zadoks 0360e410b7 bird module: run as user/group bird, not ircd 2016-03-07 02:02:58 +01:00
Bjørn Forsman d99033beb9 grafana service: unbreak
Accidentally broken by 4fede53c09
("nixos manuals: bring back package references").

Without this fix, grafana won't start:

$ systemctl status grafana
...
systemd[1]: Starting Grafana Service Daemon...
systemd[1]: Started Grafana Service Daemon.
grafana[666]: 2016/03/06 19:57:32 [log.go:75 Fatal()] [E] Failed to detect generated css or javascript files in static root (%!s(MISSING)), have you executed default grunt task?
systemd[1]: grafana.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: grafana.service: Unit entered failed state.
systemd[1]: grafana.service: Failed with result 'exit-code'.
2016-03-06 21:16:47 +01:00
Marius Bakke 7135553cf1 unbound: drop sbin directory 2016-03-06 12:50:41 +00:00
Aneesh Agrawal bb39304ce6 openssh: use bin instead of sbin folder
References #11939.
2016-03-05 23:56:32 -05:00
Brian McKenna f3d6e9ec71 exwm service: init 2016-03-06 09:04:51 +11:00
Adam Boseley 5b83791207 spice-vdagentd service : initial at 0.16.0 2016-03-05 07:56:47 +10:00
joachifm 2bf5629618 Merge pull request #10139 from mstrm/clamav
clamav: Use freshclam.conf defined by clamav-updater module if enabled
2016-03-04 11:59:49 +00:00
Nikolay Amiantov 26bf9b28d8 opendkim service: improve domains documentation 2016-03-04 14:51:28 +03:00
Martin Sturm 507ad9a4f9 clamav: Use freshclam.conf defined by clamav-updater module if enabled 2016-03-04 02:26:44 +01:00
joachifm 6048f0fbd6 Merge pull request #11738 from grwlf/syncthing
Support SOCKS5 proxy for the Syncthing service
2016-03-04 01:18:40 +00:00
aszlig 6cf6c3fbc9
nixos: Fix build of manual
Broken by 17389e256f.

The description attributes of mkOption are parsed by XSLT, so we can
create a DocBook manual out of it.

Unfortunately, the passwordHash option had a description which includes
a <password> placeholder which is recognized by DocBook XSL as a valid
start tag. So as there is obviously no </password>, the build of the
manual bailed out with a parsing error.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: devhell <"^"@regexmail.net>
2016-03-03 21:35:31 +01:00
Eelco Dolstra 6bd0c3fe9d ifplugd: Remove
This package hasn't been updated in 11 years, and isn't really useful
anymore in a modern Linux system.
2016-03-03 19:43:11 +01:00
Franz Pletz aa819b8d39 Merge pull request #13591 from mayflower/services/nntp-proxy
nntp-proxy service: init
2016-03-03 18:57:25 +01:00
Shea Levy bcdd81d9e1 networkmanager: Enable ipv6 privacy extensions by default 2016-03-03 12:01:01 -05:00
Tristan Helmich 17389e256f nntp-proxy service: init 2016-03-03 14:14:19 +01:00
Anders Lundstedt c2bce0cd02 Respect umask settings in Transmission config
In NixOS/nixpkgs@da6bc44 @thoughtpolice
made the Transmission NixOS module override the umask setting in the
Transmission config. This commit removes that override.

I want a different umask setting and I guess it is possible that other
people might want it to. Thus I think it is a good idea to respect the
umask settings in the Transmission config.
2016-03-02 19:26:48 +01:00
Nikolay Amiantov 23dd97ee88 Merge commit 'refs/pull/13412/head' of git://github.com/NixOS/nixpkgs 2016-03-02 18:56:24 +03:00
Peter Simons ed5eb2aed8 Fix Emacs syntax highlighting in NixOS dovecot module. 2016-03-02 16:11:49 +01:00
Alex Franchuk 69d8cb4a6b libreswan: add package and service to nixos 2016-03-02 09:44:30 -05:00
Maxwell e50da7ee6a bspwm: add startThroughSession & sessionScript option
Add ability to do a more traditional bspwm startup (using the bspwm-session
script provided by nixpkgs.bspwm) as an alternative to directly starting
sxhkd & bspwm

Also added the ability to specify a custom startup script, instead of
relying on the provided bspwm-session
2016-03-01 17:29:15 -05:00
Eelco Dolstra b2197b84c2 Fix NixOS eval 2016-03-01 22:07:54 +01:00
Eelco Dolstra f3d94cfc23 Revert "Add the tool "nixos-typecheck" that can check an option declaration to:"
This reverts commit cad8957eab. It
breaks NixOps, but more importantly, such major changes to the module
system really need to be reviewed.
2016-03-01 20:52:06 +01:00
joachifm 3d382e7f22 Merge pull request #13522 from Pleune/fix/x11-bspwm-update
x11 service: bspwm limit sxhkd freqency
2016-03-01 00:03:22 +00:00
Luca Bruno 55c20bfe89 Merge pull request #10288 from lethalman/gnomeiso
installer: add graphical GNOME iso
2016-02-29 15:56:47 +01:00
Luca Bruno aa9576bceb installer: add graphical GNOME iso 2016-02-29 15:51:38 +01:00
Mitchell Pleune b5ee64410d x11 service: bspwm limit sxhkd freqency
add '-f 100' as an argument to sxhkd to keep it from flooding bspwm

add SXHKD_SHELL=/bin/sh to help default to a faster shell than what may
be set in $SHELL (example: with zsh)
2016-02-29 08:40:18 -05:00
Thomas Strobel 2d6696fc0a nixos-modules: Fixes related to "literalExample" and "defaultText". 2016-02-29 01:47:12 +01:00
Thomas Strobel cad8957eab Add the tool "nixos-typecheck" that can check an option declaration to:
- Enforce that an option declaration has a "defaultText" if and only if the
   type of the option derives from "package", "packageSet" or "nixpkgsConfig"
   and if a "default" attribute is defined.

 - Enforce that the value of the "example" attribute is wrapped with "literalExample"
   if the type of the option derives from "package", "packageSet" or "nixpkgsConfig".

 - Warn if a "defaultText" is defined in an option declaration if the type of
   the option does not derive from "package", "packageSet" or "nixpkgsConfig".

 - Warn if no "type" is defined in an option declaration.
2016-02-29 01:09:00 +01:00
Franz Pletz a9d24cedeb Merge pull request #12487 from hrdinka/refactor/nsd
Refactor NSD service and update to 4.1.7
2016-02-28 17:13:21 +01:00
Franz Pletz fde23a01b4 nixos/collectd: Fix package option
Commit ed979124ca was missing some code.
2016-02-28 14:55:58 +01:00
Domen Kožar 02c7d65bf9 fix NixOS eval 2016-02-28 09:36:23 +00:00
Domen Kožar 8b2be11b13 note the desktopManagerHandlesLidAndPower removal 2016-02-28 08:33:14 +00:00
Domen Kožar 4c17d3892b Merge pull request #9727 from Profpatsch/dm-lid-management
remove desktopManagerHandlesLidAndPower
2016-02-28 08:28:17 +00:00
Christoph Hrdinka fd46f18cf6 nsd service: add build time config validation 2016-02-28 09:18:39 +01:00
Christoph Hrdinka c4c9019105 nsd service: make use of literalExample 2016-02-28 09:18:11 +01:00
Christoph Hrdinka 6a096504cc nsd service: add missing options 2016-02-28 09:18:11 +01:00
Christoph Hrdinka 8442a7d12c nsd service: code cleanup
Puts everything in alphanumeric order and removes unnecessary spaces to better
match NixOS coding style.
2016-02-28 09:18:11 +01:00
Domen Kožar 88df035818 Merge pull request #13524 from makefu/bepasty-recursive-env
services.bepasty: buildEnv for creating PYTHONPATH
2016-02-28 06:20:29 +00:00
makefu 3f7c600666 services.bepasty: buildEnv for creating PYTHONPATH
Fixes 'You need gevent installed to use this worker.' as well as missing Flask deps.
2016-02-28 01:35:56 +01:00
Graham Christensen 7df907b272 moodle: 2.8.5 -> 2.8.10 for CVE-2016-0724 CVE-2016-0725 2016-02-27 17:22:14 -06:00
Domen Kožar 04422bb3ca Merge pull request #8630 from lihop/nixos/fix-formatting
nixos: fix formatting of option examples
2016-02-27 10:08:37 +00:00
Vladimír Čunát 3cf9cd8bc3 Merge #12796: nixos docs: show references to packages
(version 2) A better implementation of #10039, after #12357.
This time I did more thorough checking.

See commit messages for details.
2016-02-27 10:48:12 +01:00
Leroy Hopson c1e674c4ca xserver service: fix formatting of example 2016-02-27 22:25:40 +13:00
Leroy Hopson 25fd9e31a2 phpfpm service: fix formatting of example 2016-02-27 22:25:40 +13:00
Leroy Hopson eb90705d45 fail2ban service: fix formatting of example 2016-02-27 22:25:39 +13:00
Leroy Hopson f6f892e2d6 nsd service: fix formatting of example 2016-02-27 22:25:39 +13:00
Robert Klotzner e361cdd5c3 nixos: libinput use mkEnableOption 2016-02-27 07:24:47 +01:00
Arseniy Seroka 766ad682f1 Merge pull request #13471 from Profpatsch/networkmanager-link-local
networkmanager: fix link-local ip addresses
2016-02-27 02:55:31 +03:00
Nikolay Amiantov c88a06a860 cups service: set path for cups-genppdupdate 2016-02-26 18:27:41 +03:00
zimbatm 8d4c2340d3 Merge pull request #13396 from mayflower/pkg/gitlab
gitlab: 8.0.5 -> 8.5.1, service improvements
2016-02-26 11:19:28 +00:00
Franz Pletz cd0f14f23e gitlab: Add documentation
Fixes #13303.
2016-02-26 08:56:39 +01:00
Franz Pletz e9393bd426 fixup! gitlab: 8.0.5 -> 8.5.0, service improvements
Make the gitlab packages and components overrideable.
2016-02-26 08:56:08 +01:00
Franz Pletz 44a4592a1c fixup! gitlab: 8.0.5 -> 8.5.0, service improvements
gitlab-shell is now talking over the unix socket to gitlab, so the TCP
port isn't needed anymore.
2016-02-26 08:31:20 +01:00
Franz Pletz 3fd51a9ab2 fixup! gitlab: 8.0.5 -> 8.5.0, service improvements
Some debugging and development leftovers.
2016-02-26 07:08:31 +01:00
Franz Pletz bcfa59bf82 gitlab: 8.0.5 -> 8.5.0, service improvements
Updates gitlab to the current stable version and fixes a lot of features that
were broken, at least with the current version and our configuration.

Quite a lot of sweat and tears has gone into testing nearly all features and
reading/patching the Gitlab source as we're about to deploy gitlab for our
whole company.

Things to note:

 * The gitlab config is now written as a nix attribute set and will be
   converted to JSON. Gitlab uses YAML but JSON is a subset of YAML.
   The `extraConfig` opition is also an attribute set that will be merged
   with the default config. This way *all* Gitlab options are supported.

 * Some paths like uploads and configs are hardcoded in rails  (at least
   after my study of the Gitlab source). This is why they are linked from
   the Gitlab root to /run/gitlab and then linked to the  configurable
   `statePath`.

 * Backup & restore should work out of the box from another Gitlab instance.

 * gitlab-git-http-server has been replaced by gitlab-workhorse upstream.
   Push & pull over HTTPS works perfectly. Communication to gitlab is done
   over unix sockets. An HTTP server is required to proxy requests to
   gitlab-workhorse over another unix socket at
   `/run/gitlab/gitlab-workhorse.socket`.

 * The user & group running gitlab are now configurable. These can even be
   changed for live instances.

 * The initial email address & password of the root user can be configured.

Fixes #8598.
2016-02-26 07:08:31 +01:00
Profpatsch 70c02402c8 networkmanager: fix link-local ip addresses
NetworkManager needs an additional avahi-user to use link-local
IPv4 (and probably IPv6) addresses. avahi-autoipd also needs to be
patched to the right path.
2016-02-26 03:28:56 +01:00
zimbatm b73c5ae291 Merge pull request #10546 from aszlig/nixops-issue-350
Fixes for NixOps issue #350
2016-02-26 00:33:49 +00:00
zimbatm 76f5cf3f31 Merge pull request #13324 from zimbatm/doc-from-wiki
Converting the wiki to documentation
2016-02-25 19:37:43 +00:00
zimbatm dc314aad12 samba module: add more description
Fixes #13281
2016-02-25 19:36:55 +00:00
zimbatm 93a0306e79 sane module: add more documentation
Imported from https://nixos.org/wiki/Scanners
2016-02-25 19:36:46 +00:00
Emery b16dc8dcc5 New hdapsd module 2016-02-24 21:51:13 +01:00
Jordan Mulcahey a2b8cc0aaf netatalk: 3.1.0 -> 3.1.7, new service module 2016-02-24 19:32:54 +01:00
Brian McKenna 7d91ee54c9 openbox: fix copy/paste typo in config 2016-02-24 22:54:08 +11:00
zimbatm 2a0f6453d5 Merge pull request #12540 from eskimor/libinput-master
nixos: Libinput: Add support like there is for synaptics
2016-02-24 00:01:38 +00:00
zimbatm 09c14170d8 Merge pull request #13125 from abbradar/uwsgi
Refactor uWSGI
2016-02-23 22:32:54 +00:00
Eelco Dolstra d9d6a92d5e sshd.nix: Ensure global config goes before user Match blocks
Hopefully fixes #13393.
2016-02-23 18:03:33 +01:00
Eelco Dolstra cacf2d063e Merge pull request #13059 from abbradar/udev-local-priority
Make local udev rules higher prioritized
2016-02-23 16:41:47 +01:00
Nikolay Amiantov 32df5ed4c2 udev service: make local rules apply after all others 2016-02-23 15:17:24 +03:00
Pascal Wittmann 5d6d841d58 Merge pull request #13373 from tomberek/revert_kippo_twisted
kippo: revert twisted dependency
2016-02-22 23:50:17 +01:00
Thomas Bereknyei e31c8922e0 kippo: revert twisted dependency 2016-02-22 13:57:24 -05:00
Franz Pletz 2d5e6a27fc Merge pull request #13355 from grahamc/ttyNumberString-issue3608
nixos-manual: Accept numbers for ttyNumber, closes #3608
2016-02-22 19:34:16 +01:00
Graham Christensen f57c049e0b nixos-manual: Accept numbers for ttyNumber, closes #3608 2016-02-22 11:25:16 -06:00
zimbatm a7715e3e06 Merge pull request #10231 from zimbatm/apache-intermediate-ssl
apache-httpd: adopt mozilla's SSL configuration recommendation
2016-02-20 19:14:51 +00:00
Robin Gloster 686c09dd38 wpa_supplicant module: after network-interfaces.target
fixes #13136
2016-02-20 17:41:02 +00:00
Arseniy Seroka cbb06df02f Merge pull request #13142 from zimbatm/zerotierone-1.1.4
Zerotierone 1.1.4
2016-02-20 17:09:59 +03:00
zimbatm 433f979cee zerotierone: adopt systemd unit from upstream
See
5db538d85e/ext/installfiles/linux/systemd/zerotier-one.service
2016-02-19 22:56:19 +00:00
Nikolay Amiantov b6c49abba0 uwsgi service: update documentation 2016-02-19 18:09:27 +03:00
Nikolay Amiantov e48c991131 uwsgi service: refactor, throw more errors and drop simultaneous Python 2/3 in path 2016-02-19 18:09:26 +03:00
Thomas Tuegel 7bca3cd8dc kde5: reduce default installation size 2016-02-19 06:21:50 -06:00
Nikolay Amiantov b457b7a7ea Merge pull request #13069 from abbradar/m3d
OctoPrint and plugins and support for M3D Micro 3D-printer
2016-02-19 14:27:32 +03:00
Bjørn Forsman b2b1511353 nixos/collectd: add defaultText to package option
CC @fpletz
2016-02-18 20:30:05 +01:00
tg(x) de787adb90 tlsdated: add missing default value for extraOptions 2016-02-18 05:29:12 +01:00
Franz Pletz ed979124ca collectd service: Add option package 2016-02-18 03:44:55 +01:00
aszlig 7bdcfb33f4
nixos: Provide a defaultText for type = package
We don't want to build all those things along with the manual, so that's
what the defaultText attribute is for.

Unfortunately a few of them were missing, so let's add them.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-17 21:12:24 +01:00
Nikolay Amiantov 53269f1455 octoprint service: init 2016-02-17 17:05:59 +03:00
Vladimír Čunát e9520e81b3 Merge branch 'master' into staging 2016-02-17 10:06:31 +01:00
Nikolay Amiantov 1c8a21dfad Merge branch 'pdnsd-service' of https://github.com/nfjinjing/nixpkgs
Closes #12932
2016-02-16 20:35:01 +03:00
Nikolay Amiantov 39e9b43082 Merge branch 'gammu-smsd' of https://github.com/zohl/nixpkgs into zohl-gammu-smsd
Closes #12998
2016-02-16 19:40:00 +03:00
Franz Pletz 932d2cbd2c Merge pull request #13000 from mayflower/feat/unbound-dnssec
unbound: 1.5.3 -> 1.5.7, hardening, DNSSEC support & cleanup
2016-02-16 02:13:35 +01:00
Arseniy Seroka 6b205a9eba Merge pull request #12988 from colemickens/cfdyndns
cfdyndns: init at 0.0.1
2016-02-16 00:24:32 +03:00
Cole Mickens c7571611dc cfdyndns: init at 0.0.1 2016-02-15 12:54:04 -08:00
Franz Pletz 483e78d0f0 unbound service: add fetching root anchor for DNSSEC 2016-02-15 03:59:42 +01:00
Franz Pletz 9ba533ee4a unbound service: add types to options 2016-02-15 03:59:35 +01:00
Franz Pletz fe4b0a4801 unbound service: retab 2016-02-15 03:59:15 +01:00
Al Zohali 7b7cf281d3 gammu-smsd service: init 2016-02-15 00:26:41 +03:00
Nikolay Amiantov a0afc49f0f dspam service: restrict socket access 2016-02-14 10:35:06 +03:00
Nikolay Amiantov 2cee5a42b0 dspam service: set ClientHost 2016-02-14 10:35:04 +03:00
Vladimír Čunát d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Franz Pletz 6a036d9fca Merge pull request #9913 from chris-martin/synaptics-options
Add synaptics options for palm detection and scroll speed
2016-02-14 06:08:36 +01:00
Markus Wotringer 4bc9e8a785 elasticsearch2: init at 2.2.0
changes by @globin:
 * updated 2.1.0 to 2.2.0
 * moved to a new derivation

closes #11446

Signed-off-by: Robin Gloster <mail@glob.in>
2016-02-13 15:03:09 +00:00
Robin Gloster c2b578386e kibana: fix pkg and module 2016-02-13 15:03:09 +00:00
Robin Gloster e1493f2ba7 logstash module: use literalExample 2016-02-13 15:03:09 +00:00
Edward Tjörnhammar 9c249a3adf nixos: i2pd, make config options adhere to version 2.4.0 2016-02-13 15:22:31 +01:00
Nikolay Amiantov c9d38164b7 dspam service: make maintenance script verbose 2016-02-12 18:00:00 +03:00
Robin Gloster 648e596c5f Merge pull request #12683 from heydojo/bluetooth--plasma5
kde5 bluedevil plasmoid : enable bluez5 bluetooth functionality
2016-02-12 13:49:54 +01:00
Eelco Dolstra fd8bd17c3e postgresql: Bump default version to 9.5 2016-02-12 13:20:11 +01:00
Jinjing Wang 73b9a9662d pdnsd service: init 2016-02-12 19:53:41 +08:00
Peter Simons 7bd6fc90cb Merge pull request #12725 from jerith666/postfix-dns-bl
postfix service: implement DNS blacklist support
2016-02-12 12:43:27 +01:00
Franz Pletz c29205f965 Merge pull request #12941 from elitak/unifi_fix
unifi: LD_LIBRARY_PATH hack for embedded libsnappyjava.so, fixes #12897
2016-02-12 08:22:20 +01:00