3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

224 commits

Author SHA1 Message Date
Russell O'Connor 46f06ccde7 uwsgi-service: Add user/group for uwsgi service.
Also add a uwsgi directory under /run (defaulting to /run/uwsgi) where the uwsgi user can place sockets.
2015-06-24 14:48:53 +00:00
Simon Vandel Sillesen 9dab1a840c tvheadend: init at 4.0.4 2015-06-24 13:22:09 +00:00
William A. Kennington III 295846a254 nixos/nix-serve: Run as a separate user and add a signing key parameter 2015-06-17 19:10:39 -07:00
Eelco Dolstra 6e6a96d42c Some more type cleanup 2015-06-15 18:18:46 +02:00
Eelco Dolstra c63bc92d4c types.uniq types.str -> types.str 2015-06-15 18:12:32 +02:00
Joachim Fasting a88a6bc676 nixos: additional hardening for dnscrypt-proxy
- Run as unprivileged user/group via systemd, obviating the need to
  specify capabilities, etc.
- Run with private tmp and minimal device name space
2015-06-12 15:12:33 +02:00
Daniel Peebles 6e73884c31 Merge pull request #8204 from copumpkin/modulesPath
An importable modulesPath, once again
2015-06-10 12:32:04 -04:00
Jaka Hudoklin 2e5dbc4746 Add ripple rest module 2015-06-08 13:48:23 +02:00
Jaka Hudoklin 23504e5bf2 Add skydns module 2015-06-08 13:36:05 +02:00
Jaka Hudoklin 98d5b81dad nixos: add grafana module 2015-06-08 12:13:15 +02:00
Dan Peebles b13cb54614 Bring an importable modulesPath back from the dead, in the only way I know 2015-06-08 01:55:49 +00:00
Arseniy Seroka f134150180 Merge pull request #7857 from rushmorem/marathon-module-update
Update Marathon module
2015-05-21 16:52:14 +03:00
rushmorem b5820a5ebd Update Marathon module
The new module makes it possible to pass extra commandline
arguments to Marathon as well as environment variables.
2015-05-21 15:45:13 +02:00
lassulus 9d07c54fa1 nixos: add bird module
patch bird to look in /var/run for birc.ctl
2015-05-19 15:42:24 +02:00
Stephen Weinberg a6ebccfbb8 Sane default configuration for sabnzbd module
Added option to set user. Use unpriviledged user by default. Add sane
default for configuration location.
2015-05-05 00:18:22 -04:00
Eelco Dolstra c0f70b4694 Remove fixed uids for nscd, sshd
These services don't create files on disk, let alone on a network
filesystem, so they don't really need a fixed uid. And this also gets
rid of a warning coming from <= 14.12 systems.
2015-04-19 22:06:45 +02:00
Forkk 079da8cdcd plex: init at 0.9.11.16.958
Added a package and module for Plex Media Server, an application for
managing media collections across multiple devices.
2015-04-17 12:11:30 -05:00
Jonathan Glines cdb174c18d Added NixOS module for Asterisk server 2015-04-16 17:41:37 -06:00
Nikolay Amiantov 1d6723c085 lambdabot: add nixos service 2015-04-16 13:33:40 +03:00
Joel Moberg 5b075eb400 i2p: add nixos service 2015-04-15 12:52:06 +02:00
Edward Tjörnhammar 7d0ddbd154 nixos: add ihaskell service 2015-04-11 00:09:31 +02:00
Nicolas B. Pierron 296e6c4991 Fix #7252 - NixOS Manual: Carry the current system value to evaluation of the manual. 2015-04-08 23:14:19 +02:00
William A. Kennington III b3c423757e nixos/rdnssd: Major refactoring
This updates rdnssd to the following:
* Using the systemd interfaces directly
* Using the rdnssd user instead of the root user
* Integrating with resolvconf instead of writing directly to /etc/resolv.conf
2015-04-04 21:20:07 -07:00
Nicolas B. Pierron 6de931a0f8 Merge rename.nix changes. 2015-04-03 23:12:12 +02:00
Oliver Matthews 51b06c5865 Add MediaTomb service 2015-03-27 12:45:25 +01:00
Jaka Hudoklin 75169aabc3 Add ripple data api package and nixos service 2015-03-26 20:02:39 +01:00
Joachim Fasting e9cd877921 nixos: resolve uid/gid conflicts
This patch resolves all uid/gid conflicts except for nobody/nogroup (seems
to make sense that these are the same).
All conflicts where determined mechanically, but resolutions were manual.
This patch also marks uids/gids with no corresponding group/user as "unused"
(aka. reserved).

Briefly,

- tss group conflicts with dhcpcd
  The tss group id conflicts with dhcpcd: assign
  a new number and add a corresponding tss user.
- elasticsearch uid conflicts with haproxy gid
- resolve firebird/munin conflict
- fix fourstorehttp{,d} typo
- fix ghostOne typo: the service module refers to gids.ghostone, so use that
  in ids
- memcached uid conflicts with users gid
- nagios uid conflicts with disks gid
- nscd uid conflicts with wheel gid
- ntp uid conflicts with tty gid
- resolve postfix/postdrop id uid
- redis uid conflicts with keys gid
- sshd uid conflicts with kmem gid
- tcryptd uid conflicts with openldap gid
- unifi uid conflicts with docker gid
- uptimed uid conflicts with utmp gid
- zope2 uid conflicts with connman gid
- tomcat uid/gid mismatch
2015-03-16 09:58:13 +01:00
Nicolas B. Pierron 05e8a48fb4 Document and rename internal option of modules. 2015-03-15 14:45:42 +01:00
Shea Levy f69ce50529 Move most extra args out of eval-config.nix 2015-03-12 23:42:57 +01:00
Shea Levy e3eff53037 evalModules: Add internal option for the check argument 2015-03-12 23:42:57 +01:00
Shea Levy e4a06f35b1 nixos: Don't evaluate twice to get the value of config.nixpkgs 2015-03-12 23:42:57 +01:00
Nikolay Amiantov db5b08cfaf nixos/sddm: add display manager 2015-03-05 20:49:26 +03:00
Eelco Dolstra 1002fb6433 Add "input" group
This is required by systemd >= 215.
2015-03-03 20:27:09 +01:00
Eelco Dolstra 8546ec7c74 Fix some uid/gid clashes 2015-03-03 20:26:36 +01:00
tv 86cb16965a exim: add version 4.85 incl. nixos module 2015-02-20 10:49:15 +01:00
rushmorem 74b40e9a43 Add marathon mesos framework 2015-02-19 13:30:00 +02:00
Matej Cotman 8c79a2df63 panamax: new package and service 2015-02-07 15:32:20 +01:00
Ragnar Dahlén 17bd96ea25 apache-kafka: New service for Apache Kafka 2015-01-29 11:10:22 +00:00
Edward Tjörnhammar 837cfbb9ea nixos: adding nylon service with uid,gid 2015-01-14 22:08:47 +01:00
Eelco Dolstra ae7d79cd61 Fix some bad gids
Issue #3727.
2015-01-05 11:58:17 +01:00
Jaka Hudoklin 1b19b7a3bf Merge pull request #5491 from offlinehacker/cadvisor
Add cadvisor package and nixos module
2014-12-29 17:58:43 +01:00
Domen Kožar 43af22b2de Merge pull request #5487 from luke-clifton/lc-btsync-group
btsync groups
2014-12-28 20:25:13 +01:00
Jaka Hudoklin b6198f08e3 nixos: add cadvisor service 2014-12-28 20:21:41 +01:00
Luke Clifton 3c8914f94e Changed group id to match user id 2014-12-28 19:47:12 +08:00
Luke Clifton b625c3dd4b Added group id to ids.nix 2014-12-28 18:10:02 +08:00
lethalman d0fdad5f36 Merge pull request #5419 from ehmry/tox-bootstrapd
tox-bootstrapd
2014-12-22 11:16:44 +01:00
Emery Hemingway 01910e84f9 nixos: tox-bootstrapd service 2014-12-20 18:20:27 -05:00
Rob Vermaas b8a4095003 It is called Dingo! yes, Dingo! 2014-12-17 16:42:52 +01:00
Thomas Hunger 59995e168c nixos: Add gitlab and gitlab-shell
I had to make several adjustments to make it work with nixos:

* Replace relative config file lookups with ENV variable.
* Modify gitlab-shell to not clear then environment when running
  pre-receive.
* Modify gitlab-shell to write some environment variables into
  the .authorized_keys file to make sure gitlab-shell reads the
  correct config file.
* Log unicorn output to syslog.
  I tried various ways of adding a syslog package but the bundler would
  not pick them up. Please fix in a better way if possible.
* Gitlab-runner program wrapper.
  This is useful to run e.g. backups etc. with the correct
  environment set up.
2014-12-12 18:01:29 +01:00
Jaka Hudoklin b7092dc95c nixos: add fleet module 2014-12-07 21:52:52 +01:00
Austin Seipp bc10c92377 nixos: overhaul Tor module
This overhauls the Tor module in a few ways:

  - Uses systemd service files, including hardening/config checks
  - Removed old privoxy support; users should use the Tor Browser
    instead.
  - Remove 'fast' circuit/SOCKS port; most users don't care (and it adds
    added complexity and confusion)
  - Added support for bandwidth accounting
  - Removed old relay listenAddress option; taken over by portSpec
  - Formatting, description, code cleanups.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-12-06 05:01:08 -06:00
Jaka Hudoklin 099eabb490 nixos: add chronos service 2014-12-03 15:49:14 +01:00
Jaka Hudoklin 3424ded286 nixos: add peerflix module 2014-12-01 16:42:40 +01:00
Jaka Hudoklin 8c766dcc90 nixos/kubernetes: fix user id 2014-11-29 16:46:39 +01:00
Jaka Hudoklin 2b261c1edf nixos: add kubernetes module 2014-11-29 02:27:17 +01:00
Oliver Charles 891c262e9a Add a NixOS module to run bosun 2014-11-24 14:40:47 +00:00
Oliver Charles 2ed07c6cc1 scollector: New NixOS module 2014-11-24 14:40:47 +00:00
Oliver Charles 764cca613d opentsdb: New package and NixOS module 2014-11-24 14:40:47 +00:00
Oliver Charles 8964667bcd hbase: New package and NixOS module 2014-11-24 14:40:47 +00:00
Jaka Hudoklin 73dc767aa0 nixos: add docker-registry module 2014-11-22 12:16:41 +01:00
Jaka Hudoklin b3bc157f7f nixos: add etcd module 2014-11-21 13:54:45 +01:00
Emery Hemingway 21e4ff5624 initial liquidsoap service expression 2014-11-20 17:41:15 -05:00
William A. Kennington III e33cccd686 nixos/ids: Fix systemd ids 2014-11-19 15:01:44 -08:00
William A. Kennington III 487e47a8e1 nixos/ids: Add systemd networking ids 2014-11-19 14:59:42 -08:00
Joachim Fasting 52f0553209 Add dnscrypt-proxy service
The dnscrypt-proxy service relays regular DNS queries to
a DNSCrypt enabled upstream resolver.
The traffic between the client and the upstream resolver is
encrypted and authenticated, which may mitigate the risk of
MITM attacks and third-party snooping (assuming a trustworthy
upstream).

Though dnscrypt-proxy can run as a standalone DNS client,
the recommended setup is to use it as a forwarder for a
caching DNS client.
To use dnscrypt-proxy as a forwarder for dnsmasq, do

```nix
{
  # ...

  networking.nameservers = [ "127.0.0.1" ];
  networking.dhcpcd.extraConfig = "nohook resolv.conf";

  services.dnscrypt-proxy.enable = true;
  services.dnscrypt-proxy.localAddress = "127.0.0.1";
  services.dnscrypt-proxy.port = 40;

  services.dnsmasq.enable = true;
  services.dnsmasq.extraConfig = ''
    no-resolv
    server=127.0.0.1#40
    listen-address=127.0.0.1
  '';

  # ...
}
```
2014-11-11 22:47:19 +01:00
Edward Tjörnhammar c329e5bbd9 i2pd: added package, service 2014-11-09 09:55:35 +01:00
Domen Kožar 14631cec82 nixos: prosody was clashing with seeks unix ids 2014-10-20 17:22:01 +02:00
Matej Cotman 561d3b3860 seeks: nixos module 2014-10-13 13:10:49 +02:00
Joachim Schiele df95acd13c Merge pull request #3960 from flosse/prosody-service
Prosody service
2014-10-11 23:10:05 +02:00
Markus Kohlhase d86c2c30c5 prosody: packaged as a service
Conflicts:
	nixos/modules/misc/ids.nix
2014-10-11 18:53:43 +02:00
Domen Kožar b4a335cd59 nixos: add redmine service 2014-10-07 10:55:50 +02:00
Matej Cotman 5e18182a30 mailpile: add module 2014-09-26 10:49:09 +02:00
William A. Kennington III 9a90ce0bf7 nixos/ids: Add consul 2014-09-26 01:44:14 -07:00
Bjørn Forsman 753d9d4e4f nixos/samba: remove services.samba.defaultShare option
It's not that difficult to define shares using standard samba config
file syntax, so why do we need the semi-configurable .defaultShare
option?

Also:
 * It uses /home/smbd and I think /home should be reserved
   for real human users.
 * If enabled, it breaks the assumption that .extraConfig continues in
   the [global] section.

Without .defaultShare there is no need for the "smbguest" user and group
either, mark them as unused.
2014-09-24 18:31:20 +02:00
Jaka Hudoklin c396ee9912 nixos: add collectd module 2014-09-17 18:33:50 +02:00
Nicolas B. Pierron a4e60ebacf Merge pull request #3811 from nbp/options-json
Export the list of options to XML & JSON, such that external tools can use it.
2014-09-07 10:39:03 -07:00
Rickard Nilsson 66ee6e03e7 pulseaudio: Use group audio instead of pulse-access 2014-09-03 13:24:47 +02:00
Sergey Mironov 2b72edad9b yandex-disk: fix the url; introduce systemd.service #2228 2014-09-03 12:36:29 +04:00
Rickard Nilsson 56102642fa pulseaudio: Add pulse-access group, controlling access to the system-wide PA daemon 2014-09-03 10:25:36 +02:00
Michael Raskin a49caa77e7 Add IDs for uhub service 2014-09-01 10:53:19 +04:00
Nicolas B. Pierron 7bc9d59303 Merge pull request #3773 from nbp/nixos-maintainers
NixOS: Add meta.maintainer option to modules.
2014-08-29 14:57:20 +02:00
Paul Colomiets adbb9ff796 dnsmasq: upgrade to 2.71, fixed dnsmasq module
* The module now has systemd config

* Add resolveLocalQueries option which sets up it as a dns server for
  local host (including reasonable setup of resolvconf)

* Add "dnsmasq" user for running daemon

* Enabled dbus and dnssec support for the package

Conflicts:
	nixos/modules/misc/ids.nix
2014-08-28 11:39:03 -07:00
Nicolas Pierron 7b9fa26b10 Quote paths from example & default attributes. 2014-08-28 08:36:55 +02:00
aszlig 8a56a55bb4
nixos/manual: Use literalExample when feasible.
Should bring most of the examples into a better consistency regarding
syntactic representation in the manual.

Thanks to @devhell for reporting.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-08-27 23:41:15 +02:00
Nathan Bijnens ac90177cb1 Zookeeper 2014-08-27 13:01:30 +02:00
Nicolas Pierron 873ab39401 NixOS: Add meta.maintainer option to modules. 2014-08-25 01:04:39 +02:00
William A. Kennington III aa77fe0fb0 nixos/radvd: Convert to a systemd unit
Additionally, remove the automatic initialization of the ipv6 forwarding
sysctl as this should be handled by the end user. This really should not
be an issue as most people running radvd are likely forwarding ipv6
packets.
2014-08-24 03:12:55 -07:00
Rickard Nilsson b1d225b645 Add NixOS module for the Riemann dashboard server 2014-08-23 17:40:22 +02:00
Rickard Nilsson e9252cb35e Add NixOS module for Riemann monitoring server. 2014-08-23 17:40:22 +02:00
Jaka Hudoklin 84ea03fa3f nixos: add neo4j database module 2014-08-23 13:11:09 +04:00
Edward Tjörnhammar 1615be91ef Add mlmmj package and nixos module. 2014-08-23 12:30:45 +04:00
Emery Hemingway af09d3ebd8 siproxd: initial service expression 2014-08-19 10:19:52 -04:00
William A. Kennington III 24368beed8 nixos/dhcpd: Use dhcp user instead of nobody 2014-08-13 15:08:43 -05:00
Vladimír Čunát 87c3c0e885 Merge master into #2129
Conflicts (easy, just UID shifted):
	nixos/modules/misc/ids.nix
	nixos/modules/module-list.nix
2014-08-12 19:24:08 +02:00
Luca Bruno 1a29fcae69 gdm: Add very experimental display manager 2014-08-12 11:23:42 +02:00
William A. Kennington III dfb596b49b nixos/unifi: Add service module 2014-08-05 21:40:47 -05:00
Paul Colomiets 9bc1676e5a Upgrade docker to 1.1.2 and add docker module
This version of module has disabled socketActivation, because until
nixos upgrade systemd to at least 214, systemd does not support
SocketGroup. So socket is created with "root" group when
socketActivation enabled. Should be fixed as soon as systemd upgraded.

Includes changes from #3015 and supersedes #3028
2014-07-28 21:45:49 +02:00
Rickard Nilsson 212f476c97 Add NixOS module for Mopidy, a music player daemon 2014-07-28 19:52:32 +02:00
Emery Hemingway e5988bf4dd polipo: new service expression 2014-07-16 11:29:40 -04:00
Marc Weber 672adc126e nixos: add 'firebird' group
The firebird module complains without missing 'firebird' group, add it.
2014-07-08 00:00:33 +02:00