3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

289 commits

Author SHA1 Message Date
Izorkin f1d7dfe29f nixos/fail2ban: add custom options 2020-01-29 23:15:56 +03:00
Izorkin a55be8d794 nixos/fail2ban: update serviceConfig 2020-01-29 23:15:56 +03:00
Izorkin 182012ef43 nixos/fail2ban: add options to enable work service with iptables-compat 2020-01-29 23:15:56 +03:00
Izorkin 68d601d65c nixos/fail2ban: clean-up configuration 2020-01-29 23:15:56 +03:00
Matthijs Steen 44dff89215 bitwarden_rs: 1.9.1 -> 1.13.1 2020-01-28 17:26:49 +01:00
Andreas Brenk 36da345caa nixos/sshguard: use nftables backend if enabled
The current module assumes use of iptables and breaks if nftables is
used instead.

This change configures the correct backend based on the
config.networking.nftables.enable setting.
2020-01-27 14:42:28 +01:00
Yorick van Pelt 15e98e7428
nixos/vault: add ExecReload entry 2020-01-24 18:59:13 +01:00
Jos van Bakel 6f3b04eb71
nixos/nginx.sso: add package option 2020-01-12 14:35:23 +01:00
Robert Hensing 9884cb3ed0
Merge pull request #76861 from Infinisil/paths-as-submodules
lib/types: Allow paths as submodule values
2020-01-12 14:19:04 +01:00
markuskowa 59670b0c56
Merge pull request #76939 from lourkeur/fix_76184_tsocks
nixos/tsocks: Add types to the options
2020-01-09 21:33:18 +01:00
Silvan Mosberger 228a7b173e
nixos/certmgr: Flip either submodule path type
For upcoming allowance of paths as submodules
2020-01-08 23:54:45 +01:00
rnhmjoj 1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Louis Bettens caa9ce1caa nixos/tsocks: Add types to the options 2020-01-05 00:15:26 +01:00
Silvan Mosberger 4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
EEva (JPotier) 9b78e5f35d vault: fix config when file backend is used
When the option services.vault.storageBackend is set to "file", a
systemd.tmpfiles.rules was added, with extraneous []. These are not
needed and have been removed.
2019-11-05 16:54:34 +01:00
Janne Heß d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
worldofpeace e2644036f6 fprintd: 0.8.1 -> 0.9.0
Resolves issues with StateDirectory not being set in
systemd unit.

https://gitlab.freedesktop.org/libfprint/fprintd/-/tags/V_0_9_0
2019-09-17 20:15:57 -04:00
Vladimír Čunát f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Florian Klink f74735c9d7 nixos: remove dependencies on local-fs.target
Since https://github.com/NixOS/nixpkgs/pull/61321, local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
2019-09-01 19:06:38 +02:00
Silvan Mosberger 478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
Danielle Lancashire 4b99f9ba0b
vault: add raft backend to vault service 2019-08-28 18:42:18 +02:00
Frederik Rietdijk 5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Sarah Brofeldt 3a64303a20
Merge pull request #63539 from ivan/usbguard-nox
usbguard-nox: init at 0.7.4
2019-08-23 16:25:13 +02:00
Marek Mahut d7b3d2d0fd
Merge pull request #65995 from danderson/master
nixos/sshguard: create ipsets before starting, and clean up after stopping.
2019-08-19 21:05:42 +02:00
Silvan Mosberger 88bb9fa403
nixos/modules: Replace all nested types.either's with types.oneOf's 2019-08-08 23:35:52 +02:00
David Anderson 089da1c14d nixos/sshguard: create ipsets before starting, and clean up after stopping.
The fix for #62874 introduced a race condition on startup: the postStart
commands that configure the firewall run concurrently with sshguard's
creation of the ipsets that the rules depend on. Unfortunately iptables
fails hard when referencing an ipset that doesn't exist, so this causes
non-deterministic crashlooping until sshguard wins the race.

This change fixes that race condition by always creating the ipset and
reconfiguring the firewall before starting sshguard, so that the order
of operations is always deterministic.

This change also cleans up the ipsets on sshguard shutdown, so that
removing sshguard from a running system doesn't leave state behind.

Fixes #65985.
2019-08-04 16:23:22 -07:00
Ashish SHUKLA d3c2b992d4
sshguard: do not create ipset in post-start
Upstream switched to a different type of ipset table, whereas we
create ipset in post-start which overrides upstream, and renders
sshguard ineffective.

Remove ipset creation from post-start, and let it get automatically
by upstream script (sshg-fw-ipset) as part of startup
2019-07-27 10:59:50 +05:30
fuwa 562b5061a7 nixos/tor: fix obfs4 package 2019-07-19 04:11:17 +08:00
Ivan Kozik f2ea454617 usbguard-nox: init at 0.7.4
This is just usbguard without the Qt GUI that brings in Qt dependencies.

Remove pandoc to reduce closure size. The usbguard build appears to
use it only for spell checking.

Remove asciidoctor because 0.7.1 switched to asciidoc. But don't add
a dependency on asciidoc, because that causes the build fails on
external DTDs.
2019-06-20 13:49:47 +00:00
Michael Peyton Jones 9131bf59a7
nixos: add StateDirectory for fprintd 2019-05-26 18:06:46 +01:00
worldofpeace 6543e794a6
Merge pull request #61546 from cizra/libfprint-vfs0090
libfprint: added a fork for Lenovo ThinkPad
2019-05-20 14:16:34 -04:00
Elmo Todurov 432944cdb3 fprintd: added option to use fork for Lenovo ThinkPad 2019-05-20 20:48:30 +03:00
Robin Gloster 6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
worldofpeace b5f26f3803
Merge pull request #59480 from worldofpeace/fprintd-systemd
nixos/fprintd: use systemd.packages
2019-05-13 03:30:24 -04:00
Will Dietz f24f72e60b nixos tor: use obfs4proxy, make transport list customizable 2019-05-01 21:56:05 -05:00
Daniel Schaefer 786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Michael Weiss 6852c080d8
nixos/sks: Fix another regression from ab5dcc7068
The two directories KDB and PTree do not exist before the SKS DB is
build for the first time. If /var/db/sks is empty and the module is
enabled via "services.sks.enable = true;" the following error will
occur:
...-unit-script-sks-db-pre-start[xxx]:
ln: failed to create symbolic link 'KDB/DB_CONFIG': No such file or directory

To avoid this both links have to be created after the DB is build.
Note: Creating the directories manually might be better but the initial
build might be skipped as a result:
unit-script-sks-db-pre-start[xxxxx]: KeyDB directory already exists.  Exiting.
unit-script-sks-db-pre-start[xxxxx]: PTree directory already exists.  Exiting.
2019-04-28 14:45:21 +02:00
Michael Weiss 753e1e0bab
nixos/sks: Fix the module (the pre-start script was broken)
Unfortunately the changes in ab5dcc7068
introduced a typo (took me a while to spot that...) that broke the
whole module (or at least the sks-db systemd unit).

The systemd unit was failing with the following error message:
...-unit-script-sks-db-pre-start[xxx]: KDB/DB_CONFIG exists but is not a symlink.
2019-04-27 19:19:27 +02:00
Matthijs Steen ef1a43030b nixos/bitwarden_rs: init 2019-04-23 23:46:57 +02:00
worldofpeace 6846d4ab85 nixos/fprintd: use systemd.packages
Upstream has a systemd service.
2019-04-14 10:19:57 -04:00
Aaron Andersen a1c48c3f63 nixos/vault: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:01 -04:00
Aaron Andersen 7808202b38 nixos/munge: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:56 -04:00
Bob van der Linden 60481ba3fd
nixos/hologram-agent: /var/run -> /run 2019-03-24 21:15:30 +01:00
Chris Ostrouchov 5a5def3753
munge: fix module munge.key permissions from 0700 -> 0400 readonly 2019-01-30 12:53:54 -05:00
Franz Pletz 72f324dbc7
Merge pull request #45567 from johanot/certmgr-rootca-patch
certmgr: Add patch for optional trust of self-signed certificates at remote cfssl apiserver
2019-01-30 17:37:42 +00:00
Pierre Bourdon 43fcfc274d
nixos: add nginx-sso service 2019-01-29 19:54:14 +01:00
Silvan Mosberger f73df1862c
Merge pull request #54495 from peterhoeg/f/sshguard
nixos/sshguard: fix syslog identifiers and pid file
2019-01-29 09:35:36 +01:00
Elis Hirwing ab5dcc7068
nixos/sks: Add option to configure database settings
This can be used for options to tweak the behavior around the database.
2019-01-28 11:14:37 +01:00
Peter Hoeg ee472e4521 nixos/sshguard: fix syslog ids, no more pid file, cleanups
1. Allow syslog identifiers with special characters
2. Do not write a pid file as we are running in foreground anyway
3. Clean up the module for readability

Without this, when deploying using nixops, restarting sshguard would make
nixops show an error about restarting the service although the service is
actually being restarted.
2019-01-28 11:36:29 +08:00
Franz Pletz 4602b43a33
certmgr service: add package option 2019-01-24 12:11:15 +01:00
Jonas Nick 5640aa2814 nixos/tor: add HiddenServiceVersion option 2018-11-23 20:53:02 +00:00
Markus Kowalewski e3a86019d6
nixos/munge: do not create unnecessary log dir
/var/log/munge is not used. All log messages go to syslog
2018-10-21 20:46:09 +02:00
Jean-Paul Calderone 4a71e2942c nixos/tor: better support non-anonymous services
Tor requires ``SOCKSPort 0`` when non-anonymous hidden services are
enabled.  If the configuration doesn't enable Tor client features,
generate a configuration file that explicitly includes this disabling
to allow such non-anonymous hidden services to be created (note that
doing so still requires additional configuration).  See #48622.
2018-10-17 08:56:59 -04:00
Franz Pletz 11ba2f270f
nixos/clamav: fix freshclam service if db up to date 2018-10-02 00:26:38 +02:00
Franz Pletz f8d681a91f
nixos/clamav: fix daemon/updater services toggling 2018-10-02 00:26:38 +02:00
Jean-Paul Calderone 57834da7fc nixos/tor: Correct "transparent" typo 2018-09-17 16:13:11 +02:00
Michael Weiss 53ef5441bb nixos/sks: Make the webroot option optional
That way the built-in web server is usable by default but users can use
$HOME/web directly (instead of having to use a symlink), if they want to
customize the webpage.
2018-09-08 17:01:35 +02:00
Michael Weiss eb0050ca45 nixos/sks: Use a group and don't add sks to systemPackages
Without a group the gid will default to 65534 (2^16 - 2) which maps to
"nogroup". IMO it makes more sense to explicitly set a valid group.

Adding pkgs.sks to environment.systemPackages is not required (IIRC we
want to avoid bloating environment.systemPackages). Instead it seems
like a better idea to make the relevant binaries available to the user
sks and enable useDefaultShell so that "su -l sks" can be used for
manual interaction (that way the files will always have the correct
owner).
2018-09-08 16:24:05 +02:00
Michael Weiss a0d3d098ff nixos/sks: Add a webroot option
The module will now, by default, serve a simple webpage via the built-in
web server (instead of displaying an error message).
2018-09-08 16:24:05 +02:00
Michael Weiss 6764d41ecc nixos/sks: Update the descriptions and add meta.maintainers
TODO: Merge this module with https://github.com/NixOS/nixpkgs/pull/24516
2018-09-08 13:44:11 +02:00
Michael Weiss a0d7b88911 nixos/sks: Add a dataDir option 2018-09-08 13:44:08 +02:00
Nadrieril 9b9ba8405b nixos/usbguard: ensure the audit log file can be created
Since version 0.7.3, usbguard-daemon won't start if the file cannot be opened.
2018-08-30 21:54:22 +01:00
Nadrieril 08148a746a nixos/usbguard: disable debug output 2018-08-30 21:54:22 +01:00
Ben Wolsieffer c6191c8abf nixos/cfssl: don't create user/group unless service is enabled 2018-08-21 16:24:31 -04:00
Silvan Mosberger 1a3b9e1bd2
Merge pull request #44556 from johanot/certmgr-module-init
nixos/certmgr: init
2018-08-10 15:11:26 +02:00
Johan Thomsen 004e7fb6fd nixos/certmgr: init 2018-08-10 09:56:25 +02:00
Daiderd Jordan d113c02563
services-vault: make package configurable and add extraConfig option 2018-08-09 23:22:53 +02:00
Johan Thomsen 7d7c36f8be nixos/cfssl: init
- based on module originally written by @srhb
- complies with available options in cfssl v1.3.2
- uid and gid 299 reserved in ids.nix
- added simple nixos test case
2018-08-03 09:40:32 +02:00
volth 2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
Yegor Timoshenko 1bb95d8409
Merge pull request #42775 from mkaito/oauth2_proxy-virtualHosts
oauth2_proxy: add nginx vhost module
2018-07-05 22:15:50 +03:00
Florian Klink fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Michishige Kaito 2fec848254 fixup! oauth2_proxy: add nginx vhost module 2018-06-29 16:23:24 +01:00
Michishige Kaito 4a72999c75 oauth2_proxy: add nginx vhost module 2018-06-29 15:36:03 +01:00
Yegor Timoshenko 5e5bdfa6ad
Merge pull request #41098 from mkaito/oauth2_proxy
oauth2_proxy: Handle attributes being derivations
2018-06-18 20:47:55 +03:00
Joachim Fasting c449f0b55c
nixos/tor: grammer fix, advise -> advice
Seems to me that the noun form is more appropriate here.
2018-06-18 12:40:09 +02:00
SLNOS adab27a352 nixos/tor: use ControlPort for controlSocket for simplicity 2018-06-11 15:52:24 +00:00
SLNOS 2de3c4bd78 nixos/tor: add tor-init service to fix directory ownerships, fix hardenings
This reverts a part of 5bd12c694b.

Apparently there's no way to specify user for RuntimeDirectory in systemd
service file (it's always root) but tor won't create control socket if the dir
is owned by anybody except the tor user.

These hardenings were adopted from the upstream service file, checked
against systemd.service(5) and systemd.exec(5) manuals, and tested to
actually work with all the options enabled.

`PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5),
removed.

`--RunAsDaemon 0` is the default value according to tor(5), removed.
2018-06-11 15:52:24 +00:00
markuskowa 96af022af5 nixos/munge: run munge as user munge instead of root. (#41509)
* Added a note in release notes (incompatibilities)
* Adapt slurm test
* Change user to munge in service.munge
2018-06-09 00:50:28 +02:00
Michishige Kaito 170223fe64 Handle attributes being derivations 2018-05-26 12:05:04 +01:00
bricewge 21b926003d sshguard: service creates /var/lib/sshguard 2018-05-05 00:29:44 -05:00
Yegor Timoshenko e71c36369f
Merge pull request #39002 from serokell/oauth2_proxy_mod
oauth2_proxy: refactor service
2018-04-27 22:15:50 +03:00
Yorick van Pelt 048c991eb0
oauth2_proxy: use explicit upstream default for setXauthrequest 2018-04-27 16:45:38 +02:00
Robert Schütz 5bd12c694b
nixos/tor: use RuntimeDirectory, StateDirectory (#39083) 2018-04-18 09:42:45 +02:00
Yorick van Pelt a037cbd46b
oauth2_proxy: add keyFile, make some options optional 2018-04-16 14:06:22 +02:00
Yorick van Pelt b901c40a8e
oauth2_proxy: update module for extraConfig support 2018-04-16 13:10:31 +02:00
Joachim F 1c889be474
Merge pull request #37827 from oxij/pull/28938-tor-control-port
nixos/tor: expose control socket
2018-03-26 13:05:27 +00:00
Jaka Hudoklin cb9c1c63c9 nixos/tor: expose control socket 2018-03-26 00:41:10 +00:00
Dan Peebles 6fa9d9cdbd hologram-server module: add cache timeout option
The version of hologram we're using has supported this option for a
while, but we didn't expose it through the NixOS module
2018-03-21 12:58:25 -04:00
Joel Thompson fe2e4d6fb9 hologram: Enable configuring LDAP authorization
In AdRoll/hologram#62 support was added to hologram to configure
LDAP-based authorization of which roles a user was allowed to get
credentials for. This adds the ability to configure that.

Additionally, AdRoll/hologram/#94 added support to customize the LDAP
group query, so this also feeds that configuration through.

fixes #37393
2018-03-20 07:36:23 +00:00
Shea Levy fec543436d
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
Nadrieril 297fac40ca nixos/usbguard: Do not check permissions on rules file (using undocumented -P flag) 2018-02-27 18:34:02 +00:00
rnhmjoj e81811a579
nixos/modules: rename IP addresses/routes options 2018-02-17 14:57:07 +01:00
Jörg Thalheim 9fab083b79
Merge pull request #34524 from Infinisil/physlock-allowAnyUser
nixos/physlock: add allowAnyUser option
2018-02-10 09:58:36 +00:00
Robert Schütz 355de06fe4 nixos/tor: add hiddenServices.<name>.authorizeClient 2018-02-08 10:02:22 +01:00
Silvan Mosberger cfd22b733b
physlock: add allowAnyUser option 2018-02-02 14:03:00 +01:00
Léo Gaspard 7b878a443a
nixos/clamav: replace mkIf [] with optional 2018-01-06 16:52:14 +01:00
Nadrieril 95fde40b71 usbguard service: rules option should be of type 'lines' 2017-12-29 03:19:36 +01:00
Jaka Hudoklin bc557912a1
Merge pull request #28939 from xtruder/nixos/tor/trans_proxy
tor module: add support for transparent proxy and dns
2017-12-03 21:47:11 +01:00
Léo Gaspard 652842d82e clamav module: make services.clamav.daemon.enable actually work 2017-11-28 13:45:13 +01:00
Joachim F 815bebf9e8 Merge pull request #30173 from dmjio/patch-1
oauth2_proxy: default address updated
2017-10-20 16:28:40 +00:00
Peter Hoeg 3211098632 Revert "sshguard: make it run"
This reverts commit 69d8b81b4b.
2017-10-14 14:42:49 +08:00
Peter Hoeg 69d8b81b4b sshguard: make it run 2017-10-14 14:38:04 +08:00
Dan Peebles 56e18c50cc Revert "Simple proof of concept for how to do other types of services"
This reverts commit 7c3253e519.

I included this in another push by accident and never intended for it to
be in mainline. See https://github.com/NixOS/nixpkgs/pull/26075 if you
want more.
2017-10-13 09:17:13 -04:00
David Johnson 5b530d4568 oauth2_proxy: default address updated
Go will fail to parse this otherwise.
https://github.com/golang/go/issues/19297
2017-10-06 16:52:22 -07:00
Jaka Hudoklin 78a86c9072 nixos/tor: add support for transparent proxy and dns 2017-09-23 20:13:08 +02:00
Rob Vermaas 1b71376cf2
Make sure dummy kernel module is loaded for hologram-agent.
(cherry picked from commit eb873f6c78)
2017-09-20 10:58:24 +00:00
Jörg Thalheim bb5b084986 tor: skip ControlPort in torrc, if not set. 2017-09-13 23:33:46 +01:00
timor ae87a30a83 physlock: 0.5 -> 11-dev
Update physlock to a more current version which supports PAM and
systemd-logind.  Amongst others, this should work now with the slim
login manager without any additional configuration, because it does
not rely on the utmp mechanism anymore.
2017-09-10 22:43:05 +02:00
Tim Steinbach ae742fa495
frandom: Remove 2017-08-29 20:01:25 -04:00
Phil 4f2935390e nixos/usbguard: create package and module (#28363)
* nixos/usbguard: create package and module

No usbguard module or package existed for NixOS previously. USBGuard
will protect you from BadUSB attacks. (assuming configuration is done
correctly)

* nixos/usbguard: remove extra packages

Users can override this by themselves.

* nixos/usbguard: add maintainer and fix style
2017-08-25 23:35:18 +01:00
Joachim F 9447b8b9cd Merge pull request #28338 from oxij/nixos/better-tor
nixos: better tor config
2017-08-24 08:12:59 +00:00
SLNOS 2c4a925ab0 nixos: tor: rename portSpec -> port, type all "port"s properly 2017-08-22 14:57:07 +00:00
SLNOS 30a3cccd07 nixos: tor: better submodule for hidden services
Rebased onto master with a different implementation.
Originally: "add support for serving hidden services".
2017-08-22 14:57:07 +00:00
SLNOS 9226f4886f nixos: tor: more options, no unexpected consequences for default relay operators
Before this commit default relay configuration could produce unexpected
real life consequences. This patch makes those choices explicit and
documents them extensively.
2017-08-22 14:57:06 +00:00
Christian Albrecht 964799e556 sks and pgpkeyserver-lite modules: init (#27515)
* modules sks and pgpkeyserver-lite:
  runs the sks keyserver with optional nginx proxy for webgui.
* Add calbrecht to maintainers
* module sks: fix default hkpAddress value
* module pgpkeyserver-lite: make hkpAddress a string type option
  and use (builtins.head services.sks.hkpAddress) as default value
* module sks: remove leftover service dependencies
2017-08-22 12:27:00 +02:00
Phil b4d2cd6f6a nixos/tor: add tor hidden service options (#28081)
* nixos/tor: add hiddenServices option

This change allows to configure hidden services more conveniently.

* nixos/tor: fix default/example mixup

* nixos/tor: use docbook in documentation

Also use more elegant optionalString for optional strings.

* tor: seperate hidden service port by newline

* tor: better example for hidden service path

a path below /var/lib/tor is usually used for hidden services
2017-08-11 22:59:52 +01:00
Rhys 8777174d60 nixos/oauth2_proxy: actually pass provider-specific options
Syntax errors prevented important parameters from being passed to
oauth2_proxy, which could have permitted unauthorised access to
services behind the proxy.
2017-07-21 00:27:06 +02:00
Volth 334e85e75a vault: do not restart the service on "nixos-rebuild switch" 2017-07-03 19:46:02 +00:00
Volth 68bf28adaf vault: services.vault.storagePath for the file backend 2017-06-29 21:10:56 +00:00
Volth 2056c7e395 removed generation of self-signed certificate 2017-06-28 22:22:53 +00:00
Volth 519f17035f vault: add unitConfig.RequiresMountsFor to systemd config 2017-06-28 21:16:04 +00:00
Volth 7330e80456 vault: start after consul if consul is used as storage backend 2017-06-28 00:58:19 +00:00
Volth d016ef1f5b create directory only for "file" storage 2017-06-27 20:22:53 +00:00
Volth 4c428b4a6f vault: run as an unpivileged user 2017-06-27 19:34:12 +00:00
Katyucha cad450e6d6 delete lines 2017-06-27 19:34:12 +00:00
Katyucha 442f76d72a Vault: 0.6.5 -> 0.7.2 with services 2017-06-27 19:34:12 +00:00
Dan Peebles 7c3253e519 Simple proof of concept for how to do other types of services 2017-05-26 18:14:31 -04:00
J M 03d190d54f shibboleth: Add Myself as a Maintainer (#25817) 2017-05-16 10:11:55 +01:00
jammerful d8c1977bb5 shibboleth-sp module: Set Config File Path for FastCGI Units
Without this environment variable both shibauthorizer and
shibresponder default to ${pkgs.shibboleth-sp}etc/shibboleth/shibboleth2.xml
2017-05-02 19:58:03 -04:00
jammerful 9f18af5991 Add Shibboleth Service Provider Module 2017-05-02 11:29:58 -04:00
Michael Raskin d5ec7bc748 Merge pull request #23697 from sargon/master
sshguard + service: init at 2.0.0
2017-04-30 21:43:12 +02:00
Franz Pletz 3ab45f4b36
treewide: use boolToString function 2017-04-11 18:18:53 +02:00
Daniel Ehlers 20a5b5bead sshguard: new package 2017-03-26 14:46:22 +02:00
Joachim Fasting 95eaa3aec3
nixos/tor: add missing option type 2017-03-22 02:27:23 +01:00
Franz Pletz 9536169074
nixos/treewide: remove boolean examples for options
They contain no useful information and increase the length of the
autogenerated options documentation.

See discussion in #18816.
2017-03-17 23:36:19 +01:00
Jan Malakhovski a04782581a nixos: torify: disable by default, add some documentation as of why
This `tsocks` wrapper leaks DNS requests to clearnet, meanwhile Tor comes with
`torsocks` which doesn't.

Previous commits to this file state that all of this still useful somehow.
Assuming that it's true, at least let's not confuse users with two different tools
and don't clash with the `tsocks` binary from nixpkgs by disabling this by default.
2017-03-16 21:06:12 +00:00
Jan Malakhovski 6d25f77a64 nixos: tor: add enableGeoIP 2017-03-16 21:06:12 +00:00
Bart Brouns bb3ef8a95c physlock: fix issue 21935 2017-03-15 11:47:02 +01:00
Fernando J Pando 1d85e0bbab hologram: 8d86e3f -> d20d1c3
- Updates dependencies
- Adds configuration module
- Tested on Nixos Unstable
2017-02-02 11:31:42 -05:00
Bjørn Forsman 4c803b904e nixos/clamav: set "clamav" user's primary group to "clamav"
So that the files created by the clamav service is owned by group
"clamav" instead of "nogroup".
2017-01-15 22:56:34 +01:00
Renaud fa0a63ec13 fail2ban service : improve ssh jail (#21131)
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
2016-12-14 14:58:02 +01:00
Franz Pletz 9e1e3b2880
clamav service: refactor
* Sync systemd units with upstream. Upstream uses SIGUSR2 instead of SIGHUP
  to reload the clamd service.

* Convert freshclam service to a oneshot service activated by a systemd timer.
  This way we can make clamd wait for freshclam to finish fetching the virus
  database before failing to start if the database doesn't exist yet.

* Fixes console tools to work as expected as they require hardcoded config
  file locations.
2016-11-15 04:47:14 +01:00
Franz Pletz 02e9c88d77
clamav: don't bundle freshclam config with package
Building clamav is expensive due to the bundled llvm.

Closes #20304.
2016-11-15 02:06:02 +01:00
Joachim Fasting 820b769fc8 oauth2_proxy: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Robert Helgesson b023e8f303 haveged module: clean up service configuration (#18513)
Switches from the forking service type to simple by running haveged in
the foreground. Also restricts the execution environment a bit (these
are inspired by the Debian service file).
2016-09-13 07:07:46 +02:00
Kamil Chmielewski 437ea9fd37 Fixes #16181 - using bin output for Go services 2016-06-13 23:32:16 +02:00
Joachim Fasting c1cb5ca57e
oauth2_proxy module: fix manual build 2016-06-10 01:02:40 +02:00
Jonathan Lange 58599744ee Add module for oauth2_proxy 2016-06-09 15:00:23 +01:00