William A. Kennington III
c17eb7f0e6
nixos/consul: Make service definition more sane
2014-12-09 02:24:36 -08:00
William A. Kennington III
159af942d5
nixos/unifi: Ensure stateDir is mounted before proceeding
2014-12-05 12:12:17 -08:00
William A. Kennington III
8a94c06595
nixos: Add network-pre.target and adjust firewall start ordering
2014-12-01 17:19:44 -08:00
William A. Kennington III
bcfe7b2200
Merge pull request #5043 from wkennington/master.networkd
...
nixos/networking: Revamp networking configuration and add an experimental networkd option.
2014-11-29 19:59:31 -08:00
aszlig
c37611f3e5
nixos: Use vendor zones instead of N.pool.ntp.org.
...
Closes #4824 , thanks to @abh for processing my stupidity.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-28 19:37:03 +01:00
aszlig
2249474632
nixos/sshd: Fix build if knownHosts is empty.
...
Introduced by 77ff279f27
.
Build failure: https://headcounter.org/hydra/build/583158/nixlog/5/raw
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-27 19:03:41 +01:00
Rickard Nilsson
77ff279f27
nixos/services.openssh: Allow knownHost keys to have multiple lines.
...
Useful for adding several public keys of different types for the same host.
2014-11-27 18:40:21 +01:00
Domen Kožar
91bdca38a0
NetworkManager.service -> network-manager.service
2014-11-27 12:10:20 +01:00
William A. Kennington III
1860ee27b0
nixos/networking: Fixes
2014-11-26 16:29:24 -08:00
William A. Kennington III
c417012c1b
nixos/dhcpcd: Respect per interface dhcp options
2014-11-26 11:22:03 -08:00
William A. Kennington III
2057d9087f
nixos: Support network-online target in addition to ip-up
2014-11-26 11:22:03 -08:00
William A. Kennington III
59f512ef7d
nixos/network-interfaces: Provide a networkd implementation
2014-11-26 11:22:02 -08:00
William A. Kennington III
a332c4eac5
systemd: Enable more network services
2014-11-26 11:22:02 -08:00
Eelco Dolstra
dd2dedafa3
Style fixes
2014-11-25 16:01:27 +01:00
Igor Pashev
4c33004e1f
Added strongSwan service
2014-11-25 15:29:34 +01:00
William A. Kennington III
f83aa6c0ea
nixos/unifi: Properly depend on mountpoints
2014-11-24 12:40:07 -08:00
Arseniy Seroka
fd5566da41
Merge pull request #5080 from joachifm/dnscrypt-refactor
...
dnscrypt-proxy: minor superficial improvements
2014-11-24 15:48:47 +03:00
William A. Kennington III
8309aa04b2
unifi: Actually remove webapps at shutdown
2014-11-24 02:30:04 -08:00
William A. Kennington III
8f0d65e2df
unifi: Clean all of webapps at start and stop
2014-11-24 00:22:24 -08:00
William A. Kennington III
3f7b2bc70d
unifi: Fix typo
2014-11-24 00:06:42 -08:00
Joachim Fasting
119d93e223
dnscrypt-proxy: minor superficial improvements
...
- Use upstream description and explicitly set platforms = all
- Coding conventions fix
2014-11-22 16:19:06 +01:00
William A. Kennington III
826f5468ab
nixos/unifi: Remove old ROOT.war links before relinking
2014-11-14 11:45:38 -08:00
William A. Kennington III
d0e15cc575
Merge pull request #4983 from bosu/fw-stop-fix
...
firewall: clear rpfilter on stop
2014-11-14 00:14:27 -08:00
Boris Sukholitko
53b24d0c95
firewall: clear rpfilter on stop
2014-11-14 09:07:18 +02:00
Moritz Ulrich
e884dc32c5
Add local-fs.target to minidlna.
...
Minidlna fails to start if it wants to access a filesystem which isn't
mounted (yet).
2014-11-12 23:20:47 +01:00
Joachim Fasting
52f0553209
Add dnscrypt-proxy service
...
The dnscrypt-proxy service relays regular DNS queries to
a DNSCrypt enabled upstream resolver.
The traffic between the client and the upstream resolver is
encrypted and authenticated, which may mitigate the risk of
MITM attacks and third-party snooping (assuming a trustworthy
upstream).
Though dnscrypt-proxy can run as a standalone DNS client,
the recommended setup is to use it as a forwarder for a
caching DNS client.
To use dnscrypt-proxy as a forwarder for dnsmasq, do
```nix
{
# ...
networking.nameservers = [ "127.0.0.1" ];
networking.dhcpcd.extraConfig = "nohook resolv.conf";
services.dnscrypt-proxy.enable = true;
services.dnscrypt-proxy.localAddress = "127.0.0.1";
services.dnscrypt-proxy.port = 40;
services.dnsmasq.enable = true;
services.dnsmasq.extraConfig = ''
no-resolv
server=127.0.0.1#40
listen-address=127.0.0.1
'';
# ...
}
```
2014-11-11 22:47:19 +01:00
Edward Tjörnhammar
c329e5bbd9
i2pd: added package, service
2014-11-09 09:55:35 +01:00
Emery Hemingway
67a2a58314
cjdns: service tweaks, new NixOS test
2014-11-08 23:39:02 +01:00
Aristid Breitkreuz
8b50383c45
Merge pull request #4859 from abbradar/git-daemon
...
nixos/git-daemon: fix a bug and add 'user' and 'group' options
2014-11-08 19:33:24 +01:00
Aristid Breitkreuz
cf4a976ced
quassel: make a proper systemd unit (also properly works in containers now)
2014-11-08 14:59:25 +01:00
Nikolay Amiantov
46b866cf63
nixos/git-daemon: fix 'exportAll' option
2014-11-07 15:50:01 +03:00
Nikolay Amiantov
af1d09879b
nixos/git-daemon: add 'user' and 'group' options
2014-11-07 15:49:45 +03:00
Nikolay Amiantov
4b2e43865a
nixos/git-daemon: add types
2014-11-07 15:49:03 +03:00
William A. Kennington III
ba53392bce
nixos/nat: Fix override so that sysctls are properly preserved
2014-10-31 16:50:25 -07:00
Domen Kožar
3b133beb7a
Merge pull request #4553 from ehmry/polipo
...
drop permission prestart from polipo service module
2014-10-23 12:51:36 +02:00
Emery Hemingway
a3338abcfe
cjdns: add peer hostnames to extraHosts, option for external config
2014-10-21 13:16:04 -04:00
Emery Hemingway
32d6ae7ed9
drop permission prestart from polipo service module
...
chowning the cache directory can timeout the service, permissions
on this directory should never change without user intervention
2014-10-16 10:57:16 -04:00
Joachim Schiele
13298fcbb9
Merge pull request #4535 from flosse/lua-bitop
...
lua-packages: added lua-bitop to add websocket support for prosody
2014-10-15 09:41:32 +02:00
Markus Kohlhase
5308d3284b
prosody: added websocket support
2014-10-15 03:57:00 +02:00
Matej Cotman
561d3b3860
seeks: nixos module
2014-10-13 13:10:49 +02:00
Markus Kohlhase
d86c2c30c5
prosody: packaged as a service
...
Conflicts:
nixos/modules/misc/ids.nix
2014-10-11 18:53:43 +02:00
Shea Levy
f5aaefbb6c
More pkgs.lib -> lib fixes
2014-09-29 09:45:59 -04:00
Jaka Hudoklin
ff8f23ab26
Merge pull request #4280 from wkennington/master.consul
...
nixos/consul: Add module
2014-09-27 07:00:39 +02:00
William A. Kennington III
36f9b9c284
nixos/consul: Add module
2014-09-26 03:25:14 -07:00
Matej Cotman
5e18182a30
mailpile: add module
2014-09-26 10:49:09 +02:00
Emery Hemingway
61f0d9b251
cjdns: update from 20140919 20140922
...
package installs to .../bin
fix service module to look in .../bin
Closes #4240
2014-09-23 22:30:53 +01:00
Ben Ford
06818c5cb2
Change service to systemd
2014-09-22 12:09:53 +01:00
Domen Kožar
2247f3a8d3
Merge pull request #4168 from lostdj/ltp/master/btsyncfix
...
bittorrentsync: fix storage_path
2014-09-20 10:53:57 +02:00
lostdj
f02d4ec9ed
bittorrentsync: fix storage_path.
...
If this path is a symlink, btsync won't be able to read it if it's not ending with "/".
2014-09-19 18:19:04 +04:00
William A. Kennington III
ae195727b7
nixos/nat: Don't flush tables, create subchains for autogenerated rules
2014-09-18 11:28:58 -07:00
William A. Kennington III
ec9c4143a7
nixos/firewall: Cleanup in case reload fails
2014-09-16 15:51:57 -07:00
William A. Kennington III
1321fd175d
nixos/nat: Leverage firewall module
2014-09-15 21:31:27 -07:00
William A. Kennington III
6a43d51291
nixos/firewall: Support extraStopCommands
2014-09-15 21:31:26 -07:00
William A. Kennington III
fd7b9b4291
nixos/firewall: Don't allow traffic during reload
2014-09-15 20:40:16 -07:00
Jaka Hudoklin
f7ba3d833f
nixos/znc: fix module, createUser option does not exist anymore
2014-09-13 02:20:32 +02:00
William A. Kennington III
bab5efd237
nixos/ssh: Allow user to configure the package that provides ssh/sshd
2014-09-11 22:07:39 -07:00
Aristid Breitkreuz
c3fe942a57
start dhcpcd after network-interfaces
2014-09-06 13:52:09 +02:00
aszlig
e8c4fde22d
nixos/nsd: Improve support for journald/systemd.
...
Don't fork into the background and just log to stderr.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
aszlig
6386df1645
nixos/nsd: Fix indentation/coding style.
...
For Nix, we indent using two spaces, but in this module somehow 4 spaces
were snuck in. Other than that, remoteControl and ratelimit are just
nested attribute sets, so we don't need to make another submodule type
for no particular reason.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
Luca Bruno
2ba523df24
nixos nat: add description to forwardPorts
2014-09-04 11:33:08 +02:00
Luca Bruno
e6ab680cbf
nixos nat: add type for sourcePort and destination of forwardPorts
2014-09-04 10:26:33 +02:00
Michael Raskin
4155121069
Merge pull request #3926 from lethalman/fwdports
...
nixos/nat: add forwardPorts for external->internal DNAT
2014-09-03 21:54:37 +04:00
Michael Raskin
3e841ef642
Fixing comment case
2014-09-03 20:03:15 +04:00
Michael Raskin
d1ae15b680
Merge pull request #3804 from ehmry/unbound
...
unbound: run in chroot
2014-09-03 11:45:20 +04:00
Nathan Bijnens
33a3f76ee4
Copy.com: client #3617
2014-09-03 11:31:51 +04:00
William A. Kennington III
9659d0f4fb
nixos/dnsmasq: Fix regressions during the systemd update
2014-09-02 17:23:55 -07:00
Vladimir Still
13bbce96c3
sshd: Fix typo in assetion.
2014-09-02 10:06:04 +02:00
Vladimir Still
a2394f09c7
sshd: Add note about listening on port 22 to listenAddresses.
2014-09-01 22:56:35 +02:00
Vladimir Still
ac39d839c3
sshd: Add note about firewall and listenAddresses.
2014-09-01 22:56:35 +02:00
Vladimir Still
e12337156c
sshd: Allow to specify ListenAddress.
2014-09-01 22:56:35 +02:00
Michael Raskin
a6dfb4dc28
Merge pull request #3241 from ehmry/cjdns
...
cjdns declarative configuration
2014-09-02 00:53:18 +04:00
Luca Bruno
b21ac60290
nixos/nat: add forwardPorts for external->internal DNAT
2014-09-01 22:31:56 +02:00
Luca Bruno
31b7cae018
nixos/znc: fix immutable config.
...
Fix references to coreutils echo and rm.
Make config writable even if immutable because of
https://github.com/znc/znc/blob/master/src/znc.cpp#L964 .
2014-09-01 16:21:12 +02:00
aszlig
29f4642284
nixos: Add new service for OpenNTPd.
...
This conflicts with the existing reference NTP daemon, so we're using
services.ntp.enable = mkForce false here to make sure both services
aren't enabled in par.
I was already trying to merge the module with services.ntp, but it would
have been quite a mess with a bunch of conditions on the package name.
They both have a bit in common if it comes to the configuration files,
but differ in handling of the state dir (for example, OpenNTPd doesn't
allow it to be owned by anything other than root).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-01 16:07:28 +02:00
Michael Raskin
9e3d1b1a8f
Merge pull request #3908 from wkennington/master.ip
...
Reapply the multi-ip code
2014-09-01 10:28:54 +04:00
Jan Malakhovski
8c9b6d932a
nixos: add dhcpcd.persistent option
2014-09-01 10:33:48 +04:00
Jan Malakhovski
99243a5c51
nixos: add atftpd service
2014-09-01 10:33:48 +04:00
Emery Hemingway
f60ac82cac
cjdns: new declarative service expression
...
systemd service wants network-interfaces.target rather than network.target
assertion on config.networking.enableIPv6
2014-08-31 18:14:16 -04:00
William A. Kennington III
3d037ebb94
Revert "Revert "Merge pull request #3182 from wkennington/master.ipv6""
...
This reverts commit ea8910652f
.
2014-08-31 09:46:16 -07:00
Rob Vermaas
ea8910652f
Revert "Merge pull request #3182 from wkennington/master.ipv6"
...
This reverts commit b23fd65854
, reversing
changes made to 43654cba2c
.
2014-08-31 10:58:54 +02:00
Nicolas B. Pierron
a5d6219897
Merge pull request #3864 from nbp/useless-submodules
...
Remove useless use of undocumented submodules.
2014-08-30 18:21:17 +02:00
William A. Kennington III
4d8390be60
nixos/network-interfaces: Support the old ip configuration convention
2014-08-30 08:05:00 -07:00
William A. Kennington III
098c8f4c77
nixos/network-interfaces: Add support for multiple ipv4 / ipv6 addresses
2014-08-30 07:33:38 -07:00
Michael Raskin
8937b70d07
Merge pull request #3344 from ehmry/privoxy
...
privoxy: upstart to systemd conversion, actions file editing
2014-08-30 14:19:57 +04:00
Nicolas Pierron
8c19690d99
Remove useless use of optionSet.
2014-08-29 18:43:03 +02:00
Nicolas Pierron
43e52ef001
Remove useless use of undocumented submodules.
2014-08-29 18:28:34 +02:00
Michael Raskin
844fd2553e
Merge pull request #3745 from wkennington/master.dnsmasq
...
dnsmasq: Update and enable dbus support
2014-08-29 01:43:41 +04:00
Michael Raskin
c42e7dfc0c
Merge pull request #3200 from wkennington/master.dhcpcd
...
nixos/dhcpcd: Add an explicit interfaces option
2014-08-29 01:09:22 +04:00
Paul Colomiets
adbb9ff796
dnsmasq: upgrade to 2.71, fixed dnsmasq module
...
* The module now has systemd config
* Add resolveLocalQueries option which sets up it as a dns server for
local host (including reasonable setup of resolvconf)
* Add "dnsmasq" user for running daemon
* Enabled dbus and dnssec support for the package
Conflicts:
nixos/modules/misc/ids.nix
2014-08-28 11:39:03 -07:00
aszlig
8a56a55bb4
nixos/manual: Use literalExample when feasible.
...
Should bring most of the examples into a better consistency regarding
syntactic representation in the manual.
Thanks to @devhell for reporting.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-08-27 23:41:15 +02:00
Emery Hemingway
e7597b12b8
privoxy: upstart to systemd conversion, actions file editing
...
fix missing actions and filters
2014-08-27 11:34:10 -04:00
Emery Hemingway
aedbfdff84
unbound: run in chroot
2014-08-26 21:24:09 -04:00
William A. Kennington III
aa77fe0fb0
nixos/radvd: Convert to a systemd unit
...
Additionally, remove the automatic initialization of the ipv6 forwarding
sysctl as this should be handled by the end user. This really should not
be an issue as most people running radvd are likely forwarding ipv6
packets.
2014-08-24 03:12:55 -07:00
William A. Kennington III
bc6979f7e1
nixos/dhcpcd: Don't configure sit devices
2014-08-14 14:06:56 -05:00
William A. Kennington III
a269acf480
nixos/dhcpcd: Use null instead of empty list to disable allowInterfaces
2014-08-14 14:05:55 -05:00
William A. Kennington III
320a82dd7f
nixos/dhcpcd: Add an explicit interfaces option
2014-08-14 14:05:55 -05:00
William A. Kennington III
d0c0c2f9ba
nixos/dhcpd: Wait until network interfaces are configured to start
2014-08-13 15:08:43 -05:00
William A. Kennington III
b3ddcfabd9
nixos/dhcpd: Convert to systemd from upstart
2014-08-13 15:08:43 -05:00
William A. Kennington III
24368beed8
nixos/dhcpd: Use dhcp user instead of nobody
2014-08-13 15:08:43 -05:00
William A. Kennington III
4fbf120e84
nixos/dhcpd: Add the ability to drop privileges
2014-08-13 15:08:08 -05:00
William A. Kennington III
56228e5614
nixos/dhcp: Modernize ddns-update-style
2014-08-13 15:08:08 -05:00
Jaka Hudoklin
675d76b00c
nixos/znc: add option to add module packages to znc
...
Besides that add option for extra znc config and fix a lot of stuff
2014-08-09 19:35:59 +02:00
Eelco Dolstra
4668f37444
Fix NixOS evaluation on i686-linux
2014-08-09 17:19:09 +02:00
Peter Simons
9226fbf56a
Merge remote-tracking branch 'origin/master' into staging.
2014-08-08 09:51:01 +02:00
William A. Kennington III
377454ff0e
nixos/unifi: Explain and simplify the bind mount configuration
2014-08-05 23:15:49 -05:00
William A. Kennington III
12ad29226c
nixos/unifi: Fix ordering of mount rules
2014-08-05 22:09:15 -05:00
William A. Kennington III
dfb596b49b
nixos/unifi: Add service module
2014-08-05 21:40:47 -05:00
Eelco Dolstra
f64d84698e
Merge remote-tracking branch 'origin/master' into staging
...
Conflicts:
pkgs/applications/audio/espeak/edit.nix
pkgs/applications/audio/lmms/default.nix
pkgs/desktops/e18/enlightenment.nix
pkgs/games/exult/default.nix
pkgs/os-specific/linux/alsa-plugins/default.nix
2014-07-28 11:30:49 +02:00
lethalman
de59b6d7cd
Merge pull request #3262 from bjornfor/znc-module-types
...
nixos/znc-service: don't use types.string (it's deprecated)
2014-07-26 12:41:25 +02:00
Eelco Dolstra
7f410ef923
Merge remote-tracking branch 'origin/master' into staging
...
Conflicts:
pkgs/misc/vim-plugins/default.nix
2014-07-22 11:00:00 +02:00
Emery Hemingway
e5988bf4dd
polipo: new service expression
2014-07-16 11:29:40 -04:00
Bjørn Forsman
3a4498ab07
nixos/znc-service: don't use types.string (it's deprecated)
...
Apart from s/types.string/types.str/ (or types.lines where appropriate):
* port is changed from string to int.
* extraFlags is changed from types.string (with unfortunate merge
semantics) into a list of strings. A list of strings merge better:
one space is added between elements.
2014-07-13 20:33:15 +02:00
Eelco Dolstra
95b828de42
Merge remote-tracking branch 'origin/master' into staging
2014-07-07 13:16:26 +02:00
Alex Berg
7b768ba2f5
Merge remote-tracking branch 'nixos/master' into feature/add-znc-module
...
Conflicts:
nixos/modules/misc/ids.nix
2014-07-03 11:30:11 -05:00
Shea Levy
b3cfb9084b
Get all lib functions from lib, not pkgs.lib, in modules
2014-07-02 12:28:18 -04:00
Eelco Dolstra
06fc1ec34d
Merge remote-tracking branch 'origin/master' into staging
...
Conflicts:
pkgs/servers/serfdom/default.nix
2014-07-01 11:25:41 +02:00
Eelco Dolstra
40f7b0f9df
Another attempt to eradicate ensureDir
...
See c556a6ea46
.
2014-06-30 14:56:10 +02:00
Michael Raskin
b403893aa2
Merge pull request #2778 from edwtjo/radicale
...
Adding Radicale package and service
2014-06-30 10:11:23 +04:00
aszlig
da32f052b1
Revert "nixos/sshd: drop mode from auth keys file".
...
This reverts commit a3331eb87b
.
See https://github.com/NixOS/nixpkgs/issues/2559#issuecomment-47313334
for a description why this is not a good idea.
I guess it's better to implement a sane way to remove all files in
authorized_keys.d, especially because it is also backwards-compatible.
Reopens #2559 .
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-06-27 09:22:07 +02:00
John Wiegley
8eedf968eb
Merge pull request #3093 from lethalman/sshkeys
...
nixos/sshd: drop mode from auth keys file. Closes #2559
2014-06-26 10:26:47 -07:00
Luca Bruno
a3331eb87b
nixos/sshd: drop mode from auth keys file. Closes #2559
2014-06-26 10:15:34 +02:00
Alex Berg
9af1e2ab51
Add ZNC module. Has zncConfOptions or specify full conf file.
2014-06-26 05:44:32 +02:00
Christoph Hrdinka
8daaa28ac8
nsd-service: add service module for nsd
2014-06-12 11:20:43 +02:00
Peter Simons
ce7be7584f
Merge pull request #2790 from ehmry/unbound
...
unbound: update from 1.4.21 to 1.4.22, service from Upstart to systemd
2014-05-30 14:46:29 +02:00
Emery Hemingway
0ddce8db12
unbound: update from 1.4.21 to 1.4.22, service from Upstart to systemd
2014-05-29 09:59:55 -04:00
Edward Tjörnhammar
d1277ddcc2
Adding Radicale package and service
2014-05-28 20:41:39 +02:00
Alexei Robyn
4fa4518875
Add TeamSpeak 3 server & service module ( close #2056 )
...
Conflicts (trivial):
lib/maintainers.nix
nixos/modules/misc/ids.nix
2014-05-27 17:30:26 +02:00
Michael Raskin
2e5e49c306
Merge pull request #2424 from wkennington/cache.sshKey
...
ssh: Support knownHost public keys as strings
2014-05-27 01:46:12 -07:00
William A. Kennington III
08467c14de
notbit: Add additional options to the daemon
2014-05-13 20:20:19 -05:00
William A. Kennington III
042273e528
notbit: Don't include unecessary notbit binaries in the environment
2014-05-13 20:19:57 -05:00
William A. Kennington III
8915390bab
notbit: Use the correct default port
2014-05-13 20:19:27 -05:00
Wout Mertens
c927cee2c3
dhcpcd: Allow adding hook code
2014-05-12 15:03:42 +02:00
Eelco Dolstra
6f7aaf10a5
Containers: Use systemd-nspawn's --network-veth flag
...
Note that this causes the name of the host-side interface to change
from c-<name> to ve-<name>.
2014-05-07 17:53:57 +02:00
Austin Seipp
b553d11616
btsync: Default to no login/password for the Web UI
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-02 00:41:47 -05:00
Austin Seipp
8946e91fad
btsync: remove unneeded assertion
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-01 17:00:49 -05:00
William A. Kennington III
1396f624f4
sshd: Fix typing for options which take paths
2014-05-01 16:33:44 -05:00
William A. Kennington III
78c33177ce
ssh: Support knownHost public keys as strings
2014-05-01 16:21:25 -05:00
Eelco Dolstra
cbfba813fe
wpa_supplicant: Restart when wlan devices (dis)appear
2014-04-28 20:12:06 +02:00
Austin Seipp
b470c93c1e
nixos: only enable spipe when user specifies
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-25 05:42:00 -05:00
Eelco Dolstra
2c70276d96
Remove outdated remark
2014-04-24 23:18:15 +02:00
Eelco Dolstra
2d8c0d24f2
dhcpcd: Fix segfaults
...
This fixes several problems in the dhcpcd service:
* A segfault during startup, due to a race with udev (dhcpcd would get
an ADD event from udev, causing it to re-add an interface that it
already had, leading to a segfault later on).
* A hang/segfault processing "dhcpcd rebind" (which NixOS calls after
waking up from suspend).
Also, add "lo" to the list of ignored interfaces. It usually ignores
"lo", but apparently not when it gets an ADD event from udev.
2014-04-24 15:19:26 +02:00
Eelco Dolstra
25af3671f9
Remove some dead code
2014-04-24 15:19:26 +02:00
Eelco Dolstra
03d9e5cda0
sshd: Add support for socket activation
...
By enabling ‘services.openssh.startWhenNeeded’, sshd is started
on-demand by systemd using socket activation. This is particularly
useful if you have a zillion containers and don't want to have sshd
running permanently. Note that socket activation is not noticeable
slower, contrary to what the manpage for ‘sshd -i’ says, so we might
want to make this the default one day.
2014-04-22 17:38:54 +02:00
Eelco Dolstra
baffee02b8
sshd: Always start a session
...
Partially reverts 70a4c7b1df
. Whether to
start a session is independent of whether we're running in a
container.
2014-04-22 17:38:53 +02:00
Eelco Dolstra
27a8cada79
openvpn: Add systemd startup notification
...
This causes OpenVPN services to reach the "active" state when the VPN
connection is up (i.e., after OpenVPN prints "Initialization Sequence
Completed"). This allows units to be ordered correctly after openvpn-*
units, and makes systemctl present a password prompt:
$ start openvpn-foo
Enter Private Key Password: *************
(I first tried to implement this by calling "systemd-notify --ready"
from the "up" script, but systemd-notify is not reliable.)
2014-04-22 13:14:58 +02:00
Eelco Dolstra
0a256cc0ee
Firewall: Only start if we have CAP_NET_ADMIN
2014-04-19 23:02:59 +02:00
Eelco Dolstra
465d6ff572
Set $LOCALE_ARCHIVE in all systemd units
...
This variable used to be inherited implicitly from the stage-2 script,
but systemd now clears the environment. So we need to set it
explicitly.
2014-04-18 19:04:45 +02:00
Eelco Dolstra
da774bced5
Remove dhcpcd_without_udev attribute
2014-04-18 15:36:06 +02:00
Eelco Dolstra
d43b536ab6
Work around apparent dhcpcd bug
2014-04-18 02:43:00 +02:00
Eelco Dolstra
f7d28f7cd6
Slight test speedup
...
Don't do a pointless ARP check in dhcpcd.
2014-04-18 02:40:01 +02:00
Eelco Dolstra
8dcf76480c
firewall: Order after systemd-modules-load.service
...
This ensures that connection tracking modules are loaded on time.
2014-04-17 18:10:20 +02:00
Austin Seipp
ae207efc07
nixos: add spiped service module
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-15 03:33:47 -05:00
Eelco Dolstra
29027fd1e1
Rewrite ‘with pkgs.lib’ -> ‘with lib’
...
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Eelco Dolstra
13185280fe
Fix tests broken due to the firewall being enabled by default
2014-04-11 17:16:44 +02:00
Eelco Dolstra
017408e048
Use iptables' ‘-w’ flag
...
This prevents errors like "Another app is currently holding the
xtables lock" if the firewall and NAT services are starting in
parallel. (Longer term, we should probably move to a single service
for managing the iptables rules.)
2014-04-11 17:16:44 +02:00
Eelco Dolstra
b9281e6a2d
Fix NAT module
2014-04-11 17:16:44 +02:00
Eelco Dolstra
d2155649af
Merge branch 'containers'
...
Fixes #2105 .
2014-04-10 15:55:51 +02:00
Eelco Dolstra
a34bfbab4c
Add option networking.nat.internalInterfaces
...
This allows applying NAT to an interface, rather than an IP range.
2014-04-10 15:07:29 +02:00
Peter Simons
0e147530ef
Merge pull request #2199 from offlinehacker/nixos/ntp/containers_fix
...
nixos: disable ntp on containers by default
2014-04-10 12:33:35 +02:00
Jaka Hudoklin
0b170187e3
nixos: disable ntp on containers by default
2014-04-10 12:30:03 +02:00
Emery Hemingway
316e809ff8
cjdns: update to 20130303
...
build system is now nodejs based
new nixos module to start cjdns
2014-04-09 10:30:57 -04:00
Eelco Dolstra
694cc6172a
Enable the firewall by default
...
Fixes #2135 .
2014-04-08 09:44:01 +02:00
Shea Levy
a46d2e3150
Merge branch 'murmur' of git://github.com/thoughtpolice/nixpkgs
...
nixos: add Murmur module (Mumble chat)
Conflicts:
nixos/modules/misc/ids.nix
2014-04-05 15:18:14 -04:00
Domen Kožar
f530ead0ba
syncthing: add preStart script to create dataDir
2014-04-04 10:46:30 +02:00
Matej Cotman
7df1ce5088
syncthing: new package and nixos module
2014-04-04 10:46:29 +02:00
Austin Seipp
f61110d65d
nixos: murmur service
...
Murmur is the headless server component of the Mumble chat system.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-02 00:11:00 -05:00
Shea Levy
701cb6b099
Merge branch 'nixos/containers/fix1' of git://github.com/offlinehacker/nixpkgs
...
nixos: fix linux containers (systemd-nspawn, lxc, lxc-libvirt)
2014-03-28 23:39:01 -04:00
Jaka Hudoklin
70a4c7b1df
nixos: fix linux containers (systemd-nspawn, lxc, lxc-libvirt)
...
- Make dhcp work, use dhcpcd without udev in container
- Make login shell work, patch getty to not wait for /dev/tty0
- Make ssh work, sshd/pam do not start session
2014-03-24 23:59:50 +01:00
Austin Seipp
6e415d2b58
nixos: add BitTorrent Sync service module
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-20 12:24:28 -05:00
Shea Levy
78e6d0143d
Add ngircd module
2014-03-19 22:04:35 -04:00
Eelco Dolstra
895bcdd1cb
Add support for running a container with a private network interface
...
For example, the following sets up a container named ‘foo’. The
container will have a single network interface eth0, with IP address
10.231.136.2. The host will have an interface c-foo with IP address
10.231.136.1.
systemd.containers.foo =
{ privateNetwork = true;
hostAddress = "10.231.136.1";
localAddress = "10.231.136.2";
config =
{ services.openssh.enable = true; };
};
With ‘privateNetwork = true’, the container has the CAP_NET_ADMIN
capability, allowing it to do arbitrary network configuration, such as
setting up firewall rules. This is secure because it cannot touch the
interfaces of the host.
The helper program ‘run-in-netns’ is needed at the moment because ‘ip
netns exec’ doesn't quite do the right thing (it remounts /sys without
bind-mounting the original /sys/fs/cgroups).
2014-03-18 10:49:25 +01:00
William A. Kennington III
a42e1d5494
notbit: Add systemd service for a system daemon
2014-03-15 04:36:15 -05:00
Shea Levy
a0d574f19b
firewall: Allow setting rate limits for pings
2014-03-14 14:55:30 -04:00
Thomas Bereknyei
a2353866a8
UID/GID fix for kippo
2014-03-12 03:32:56 -04:00
Domen Kozar
f0b34fe8ff
searx: refactor a bit
2014-03-09 18:57:17 +01:00
Matej Cotman
7e932ca4e2
searx: add module
2014-03-09 17:33:56 +01:00
Gergely Risko
322b7124a8
Allow ntpq locally
2014-03-06 11:54:02 +01:00
Austin Seipp
fc9022bea1
firewall: add support for TCP/UDP port ranges
...
This is useful for packages like mosh, which use a wide UDP port range
by default for incoming connections.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-22 18:19:22 +01:00
Rickard Nilsson
fc90a739ba
networkmanager module: No need to start ModemManager explicitly, done by NM
2014-02-13 18:05:04 +01:00
Oliver Charles
625b42838a
NetworkManager: Fix aliases and dependencies
...
There are two fixes in this commit.
Firstly, I am creating proper symlinks for the Alias= definitions in the
.service files. This achieves the same result as `systemctl enable`, and
I think is preferred over `mv`.
Secondly, `networkmanager-init` now wants `NetworkManager.service`,
along with `ModemManager.service`. ModemManager does not depend on
NetworkManager (according to `systemctl list-dependencies ModemManager`),
thus NetworkManager never got started on boot.
2014-02-12 11:32:49 +00:00
Michael Raskin
4c9c7f6ba4
Add an option to change vsftpd anonymos write umask.
2014-02-11 01:34:19 +04:00
Domen Kožar
b17edbac57
ModemManager: 0.5.4.0 -> 0.7.991
2014-02-08 20:17:00 +01:00
Eelco Dolstra
9e7fe29e41
ntpd: Don't answer status queries
...
Workaround for CVE-2013-5211:
http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using
2014-02-03 23:44:11 +01:00
Eelco Dolstra
559f5be07d
dhcpcd: Update to 6.2.1
...
Dhcpcd now has integration with udev, so it should no longer be a
problem if udev renames an interface while dhcpcd is running.
2014-02-02 11:28:45 +01:00
Arvin Moezzi
0602ef22de
git-daemon service: fix typo in option ( close #1659 )
2014-02-01 11:56:56 +01:00
Thomas Tuegel
7b743fcaab
networkmanager: load modules required for PPTP
2014-01-24 09:22:59 -06:00
Thomas Bereknyei
57e3feda74
Adds kippo SSH honeypot
2014-01-14 10:32:26 +00:00
Rok Garbas
e1f363350a
connman-vpn and connman-vpn dbus servise should start after connman service
2014-01-11 21:17:17 +01:00
Matej Cotman
7d4d3536f7
connman: new packages ConnMan v1.20 and connman-ui
2014-01-11 20:22:53 +01:00
Thomas Tuegel
6f768bf47c
networkmanager: register PPTP service
2014-01-02 11:02:29 -06:00
William A. Kennington III
38bc05158d
network-interfaces: Add the ability to create bond devices
...
This patch adds support for the creations of new bond devices, aggregate
pipes of physical devices for extra throughput or failover.
Additionally, add better correction at the startup of a bridge
of vlan interface (delete old, stale interfaces).
2013-12-31 09:28:52 -06:00
Peter Simons
6bc4007e60
nixos: don't white-list port 8200 in the firewall when minidlna is enabled
...
If you want minidla to accept connections from the rest of the world, please
add
networking.firewall.allowedTCPPorts = [ 8200 ];
networking.firewall.allowedUDPPorts = [ 1900 ];
to /etc/nixos/configuration.nix.
See <http://lists.science.uu.nl/pipermail/nix-dev/2013-November/011997.html >
for the discussion that lead to this.
2013-12-23 21:32:13 +01:00
Michael Raskin
997778c820
Make Ejabberd service work
2013-12-20 18:16:56 +04:00
Michael Raskin
654627fe4c
Merge pull request #1362 from tomberek/ddclient_correction
...
Correct web-skip value to match behavior of checkip.dyndns.com
2013-12-14 22:51:44 -08:00
Thomas Bereknyei
6129be5a7a
Correct web-skip value to match behavior of checkip.dyndns.com
2013-12-11 23:22:43 -05:00
Bjørn Forsman
9474fbae65
nixos: add ntopng service
...
ntopng is a high-speed web-based traffic analysis and flow collection
tool. Enable it by adding this to configuration.nix:
services.ntopng.enable = true;
Open a browser at http://localhost:3000 and login with the default
username/password: admin/admin.
2013-12-09 21:35:01 +01:00
Bjørn Forsman
ca26e75a73
nixos/avahi-service: small documentation update
2013-12-07 12:03:50 +01:00
Eelco Dolstra
2b1f212494
Disable various services when running inside a container
2013-11-26 18:19:45 +01:00
Rickard Nilsson
26d7598d46
networkmanager NixOS service: Make it possible to append or insert name servers in /etc/resolv.conf
2013-11-13 01:52:57 +01:00
Eelco Dolstra
785eaf2cea
Add some primops to lib
2013-11-12 13:48:30 +01:00
Vladimír Čunát
619a1f5614
changes proposed for 13-10 update
...
One feature change: polkit update 8d14c7ba
2013-11-09 18:41:42 +01:00
Vladimír Čunát
8d14c7baa6
polkit: major update 0.105 -> 0.112
...
- It now uses JavaScript for configuration (only),
so I had to "convert" config for NetworkManager.
- I tested suspend/restart/(un)mount on KDE/Xfce,
Phreedom tested NetworkManager config conversion.
2013-11-09 16:29:18 +01:00
Eelco Dolstra
cc65b1015d
vsftpd: Disable seccomp filtering on 64-bit
...
It worked on Linux 3.4 but fails with "500 OOPS: priv_sock_get_cmd"
since we updated the default kernel to 3.10.
http://hydra.nixos.org/build/6715359
https://bugzilla.redhat.com/show_bug.cgi?id=845980
https://bugzilla.novell.com/show_bug.cgi?id=786024
2013-11-07 16:38:57 +01:00
Eelco Dolstra
000962c3fb
vsftpd: Run in the background and log to syslog (i.e. journal)
2013-11-07 16:38:57 +01:00
Eelco Dolstra
10e31f6de7
Clean up the vsftpd module a bit
2013-11-07 16:38:57 +01:00
Eelco Dolstra
444a4fb793
Loosen the type of SSH key files
2013-11-01 00:34:31 +01:00
Eelco Dolstra
c1159edc65
Remove remaining references to Upstart
2013-10-31 13:26:06 +01:00
Eelco Dolstra
244cf195c8
Use the "assertions" option instead of mkAssert
2013-10-30 18:47:44 +01:00
Eelco Dolstra
408b8b5725
Add lots of missing option types
2013-10-30 18:47:43 +01:00
Eelco Dolstra
be5d3a59dd
Clean up some option examples
2013-10-30 18:47:43 +01:00
Eelco Dolstra
70a2c54527
Strictly check the arguments to mkOption
...
And fix various instances of bad arguments.
2013-10-30 15:35:09 +01:00
Eelco Dolstra
862e3dd977
Substitute "types.uniq types.string" -> "types.str"
2013-10-30 14:57:42 +01:00
Eelco Dolstra
1d104c792b
Remove the dhclient module
...
It's no longer used by NixOS (replaced by dhcpcd).
2013-10-29 17:39:32 +01:00
Eelco Dolstra
0695b68c8c
Manual: Render multi-line strings properly
2013-10-29 17:39:31 +01:00
Rok Garbas
562b453b93
nixos: haproxy module
2013-10-29 15:55:25 +01:00
Eelco Dolstra
f0b7b0af12
wpa_supplicant.nix: Add option types
2013-10-29 13:14:30 +01:00
Eelco Dolstra
d5047faede
Remove uses of the "merge" option attribute
...
It's redundant because you can (and should) specify an option type, or
an apply function.
2013-10-28 22:45:56 +01:00
Eelco Dolstra
2cc37c17d9
openvpn.nix: Improve types
2013-10-28 22:45:55 +01:00
Michael Raskin
3022fff7db
Adding Quantum Minigolf game
2013-10-28 00:09:46 +04:00
Eelco Dolstra
a3777ba4f9
Remove dependencies on the Nixpkgs location
2013-10-23 20:08:23 +02:00
Michael Raskin
f88aa22706
Allow non-SSL connections to vsftpd by default to let tests not specify certificate
2013-10-20 21:16:12 +04:00
Michael Raskin
a0bbc3e838
Add apparently missing option to vsftpd configuration
2013-10-20 20:39:37 +04:00
Michael Raskin
9b6f7c14ec
Merge pull request #1060 from MarcWeber/submit/vsftpd
...
small vsftpd improvements
2013-10-20 08:58:21 -07:00
Eelco Dolstra
ae74b0ae58
sshd: Remove the usePAM option
...
Sshd *must* use PAM because we depend on it for proper session
management. The original goal of this option (disabling password
logins) can also be implemented by removing pam_auth authentication
from sshd's PAM service.
2013-10-15 15:05:49 +02:00
Eelco Dolstra
a2c820c678
Turn security.pam.services into an attribute set
...
That is, you can say
security.pam.services.sshd = { options... };
instead of
security.pam.services = [ { name = "sshd"; options... } ];
making it easier to override PAM settings from other modules.
2013-10-15 14:47:51 +02:00
Marc Weber
4683774277
experimental/vsftpd
...
vsftpd improvements:
- intorduce one declarative list of options
- make docummentation strings more understandable and add missing options
such as SSL/TLS support
- Use environment.etc."vsftpd".text because I can't think about any
reason why a shell script should be used.
That code was written in 2009.
2013-10-12 01:05:13 +02:00
Eelco Dolstra
5c1f8cbc70
Move all of NixOS to nixos/ in preparation of the repository merge
2013-10-10 13:28:20 +02:00