Joachim Fasting
5dc60051fa
unbound service: some pre-chroot isolation
...
While entering the chroot should provide the same amount of isolation,
the preStart script will run with full root privileges and so would
benefit from some isolation as well (in particular due to
unbound-anchor, which can perform network I/O).
2016-09-15 15:37:20 +02:00
Joachim Fasting
39f5182a30
unbound service: use auto-generated uid
...
1. The preStart script ensures consistent ownership, even if the unbound
user's uid has changed
2. The unbound daemon does not generate data that needs to be private to
it, so it would not matter that a different service would end up
owning its data (as long as unbound remains enabled, it should reclaim
ownership soon enough anyway).
Thus, there's no clear benefit to allocate a dedicated uid for the
unbound service. This releases uid/gid 48.
Also, because the preStart script creates the data directory, there's no
need to specify a homedir or ask for its creation.
2016-09-15 15:37:19 +02:00
Joachim Fasting
0759e77dfd
unbound service: add reference to man:unbound.conf(8)
2016-09-15 15:37:19 +02:00
Joachim Fasting
52432ee63d
unbound service: non-blocking random in chroot
...
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
2016-09-15 15:37:19 +02:00
Joachim Fasting
7980523e00
unbound service: convenient handling of local forward addresses
...
do-not-query-localhost defaults to yes; with this patch, unbound is
configured to query localhost if any of the forward addresses are local.
2016-09-15 15:37:19 +02:00
Alexander Ried
8524df1259
networking.nat: replace network-interfaces.target
...
We can replace this safely with network-pre because iptables does not
care whether the interfaces exist or not.
2016-09-13 11:19:22 +02:00
Alexander Ried
60430b140c
lshd service: remove use of network-interfaces.target
2016-09-13 11:19:22 +02:00
Alexander Ried
d43b2b9c85
openvpn service: network-interfaces.target -> network.target
2016-09-13 11:19:22 +02:00
Alexander Ried
97416eaeef
gpve service: network-interfaces.target -> network.target
2016-09-13 11:19:22 +02:00
Alexander Ried
fbf0abf4af
softether: improve service dependencies
2016-09-13 11:19:22 +02:00
Alexander Ried
9819cdc71a
wicd: get closer to upstream service definition
...
taken from
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/view/head:/other/wicd.service
2016-09-13 11:19:22 +02:00
Alexander Ried
3ada966bd5
treewide: minor format / style / documentation fixes
2016-09-13 11:19:22 +02:00
Alexander Ried
bc7710468d
networking.dhcpcd: use upstream targets
2016-09-13 11:19:22 +02:00
Joachim Fasting
5a2a3510b9
zerobin service: remove use of network-interfaces.target
2016-09-13 11:19:22 +02:00
Joachim Fasting
c7ed675fe3
xinetd service: remove use of network-interfaces.target
2016-09-13 11:19:22 +02:00
Joachim Fasting
cda9af6eb8
wpa-supplicant service: remove use of network-interfaces.target
2016-09-13 11:19:22 +02:00
Joachim Fasting
768b333dc1
tinc service: remove use of network-interfaces.target
2016-09-13 11:19:22 +02:00
Joachim Fasting
795defaae0
tcpcrypt service: remove use of network-interfaces.target
2016-09-13 11:19:22 +02:00
Joachim Fasting
67d9369e5d
radicale service: network-interfaces.target -> network{,-online}.target
2016-09-13 11:19:22 +02:00
Joachim Fasting
652e0b4b8a
oidentd service: network-interfaces.target -> network.target
2016-09-13 11:19:22 +02:00
Joachim Fasting
ae71667451
cjdns service: network-interfaces.target -> network.target
2016-09-13 11:19:22 +02:00
Joachim Fasting
69e15b7ba5
bind service: network-interfaces.target -> network.target
2016-09-13 11:19:22 +02:00
Alexander Ried
06b2897c40
networking.dhcpcd: Don't add to system closure when using networkd ( #18436 )
2016-09-13 07:55:17 +02:00
Eric Sagnes
7e5a24c23a
i2pd module: optionSet -> submodule
2016-09-13 12:53:12 +09:00
Eric Sagnes
b73ca0df27
tinc module: optionSet -> submodule
2016-09-13 12:53:12 +09:00
Eric Sagnes
8d58771b94
openvpn module: optionSet -> submodule
2016-09-13 12:53:11 +09:00
Eric Sagnes
775d98acbc
xinet module: optionSet -> submodule
2016-09-13 12:53:11 +09:00
Eric Sagnes
819524a0d3
supplicant module: optionSet -> submodule
2016-09-13 12:53:11 +09:00
Eric Sagnes
48d6fa933c
sshd module: optionSet -> submodule
2016-09-13 12:53:11 +09:00
Eric Sagnes
d89a718baf
prosody module: optionSet -> submodule
2016-09-13 12:53:11 +09:00
Eric Sagnes
c3bdee3c39
nat module: optionSet -> submodule
2016-09-13 12:53:10 +09:00
Franz Pletz
5c38882f38
toxvpn service: doesn't require online network
...
Tested that it detects network changes quickly.
2016-09-11 08:16:55 +02:00
Franz Pletz
c58654e2b7
treewide: fix fallout of ip-up deprecation
...
See #18319 for details. Starting network-online.target manually does not
work as it hangs indefinitely.
Additionally, don't treat avahi and dhcpcd special and sync their systemd units
with the respective upstream suggestion.
2016-09-11 08:13:04 +02:00
Alexander Ried
27bc34f1e4
treewide: deprecate ip-up.target ( #18319 )
...
Systemd upstream provides targets for networking. This also includes a target network-online.target.
In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
2016-09-10 18:03:59 +02:00
Domen Kožar
fed3501b07
Remove docker-registry as it's deprecated #18209
2016-09-09 18:50:42 +02:00
Robert Helgesson
bf371a8b06
radicale service: use "simple" service type ( #18406 )
...
Radicale can run as a foreground service and will then emits logging and
errors on the standard output. This helps the logging end up in the
systemd journal.
2016-09-08 12:34:22 +02:00
aszlig
fb46df8a9a
nixos: Fix ordering of firewall.service
...
Follow-up to the following commits:
abdc5961c3cdf9f5893ea1e91ba08ff5089f53a4: Fix starting the firewall
e090701e2d09aec3e8866ab9a8e53c37973ffeb4: Order before sysinit
Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.
The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.
To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.
Tested using the firewall NixOS test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
2016-09-07 15:11:24 +02:00
Eelco Dolstra
e090701e2d
firewall: Order before sysinit
...
Suggested by @aszlig.
2016-09-07 14:42:30 +02:00
Eelco Dolstra
abdc5961c3
Fix starting the firewall
...
Probably as a result of 992c514a20
, it
was not being started anymore.
My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.
http://hydra.nixos.org/build/39965589
2016-09-07 14:30:11 +02:00
Alexey Shmalko
b7237abc08
avahi-daemon: remove default browse-domains
...
These domains are not actually default but examples. See
https://github.com/lathiat/avahi/blob/master/avahi-daemon/avahi-daemon.conf#L24
for default config.
2016-09-07 13:58:21 +02:00
Eelco Dolstra
520cb14f16
Fix infinite recursion introduced by f3c32cb2c1
2016-09-05 18:17:22 +02:00
Eelco Dolstra
f3c32cb2c1
Let services.openssh.forwardX11 imply programs.ssh.setXAuthLocation
2016-09-05 15:38:42 +02:00
Octavian Cerna
a30d4654f2
quagga service: New NixOS module.
2016-09-02 13:59:51 +03:00
Nikolay Amiantov
608ee1c7b3
mjpg-streamer service: restart on failure
2016-09-02 11:44:16 +03:00
Parnell Springmeyer
98c058a1ee
Adapting everything for the merged permissions wrappers work.
2016-09-01 19:21:06 -05:00
Joachim Fasting
6df8de50f3
unbound service: whitespace fixes
2016-09-01 14:51:33 +02:00
Joachim Fasting
03c2c87ed6
unbound service: use mkEnableOption
2016-09-01 14:51:32 +02:00
zimbatm
17dbfeb450
Merge pull request #18152 from roblabla/bugfix-zeroTierOneConfigurablePackage
...
zerotierone: make package configurable
2016-08-31 12:34:59 +01:00
roblabla
caa1350e07
zerotierone: make package configurable
2016-08-31 12:39:55 +02:00
Joachim Fasting
d78e0ed1f9
dnscrypt-proxy module: move detailed info to module documentation
2016-08-29 23:48:12 +02:00
Joachim Fasting
68210aa772
dnscrypt-proxy module: serviceConfig.Group is redundant
...
Same as user's primary group if left unspecified
2016-08-29 23:48:12 +02:00
Joachim Fasting
23a7e6e911
dnscrypt-proxy module: formatting
2016-08-29 23:48:11 +02:00
Domen Kožar
e01e92f12f
Merge pull request #15025 from ericsagnes/modules/manual
...
manual: automatically generate modules documentation
2016-08-28 13:57:34 +02:00
Graham Christensen
8d10928ad0
Merge pull request #17908 from Mic92/ferm
...
Ferm
2016-08-25 20:38:02 -04:00
Jörg Thalheim
7b354ce8cc
ferm: init at 2.3
2016-08-25 21:37:19 +02:00
Carles Pagès
3374aa25bc
cjdns: fix assertion.
2016-08-25 08:57:18 +02:00
Nikolay Amiantov
5ff6e98486
modprobe service: drop kmod wrapper
2016-08-19 17:56:49 +03:00
Joachim F
c2bfce8de8
Merge pull request #16762 from matthewbauer/gnustep2
...
Add "gnustep" to nixpkgs
2016-08-17 23:38:56 +02:00
Matthew Bauer
f541715057
gnustep: fix gdomap service
...
This gets rid of the rest of the pidfile stuff and makes gdomap just act
like a normal systemd process. Also reword "enable" option.
2016-08-16 21:11:06 +00:00
Matthew Bauer
5ea9bd0920
gnustep: fix naming of gnustep stuff
...
This should fix the NixOS issues.
2016-08-16 21:11:05 +00:00
Artyom Shalkhakov
697982b91b
gnustep: fix gdnc, gdomap
...
Both gdnc and gdomap seem to work.
2016-08-16 21:00:31 +00:00
Artyom Shalkhakov
d3d580ebbe
gnustep: cleanup
...
Major clean-up. Everything builds fine.
2016-08-16 21:00:27 +00:00
Artyom Shalkhakov
9b17cd8fab
gnustep: add nixos deamons
...
Adding basic daemons: gdomap and gdnc. It seems that GWorkspace
does is unable to work properly without the daemons.
2016-08-16 21:00:21 +00:00
Svein Ove Aas
102472b8de
unifi: Open required ports by default.
...
The controller does not work at all if they aren't, with the exception
of special configurations involving L3 or custom ports.
2016-08-16 21:01:49 +01:00
Svein Ove Aas
e3f0a09b6d
unifi: chown the data dir as well.
...
It needs to be writeable.
2016-08-16 21:01:49 +01:00
Shea Levy
9adad8612b
Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
...
Was meant to go into staging, sorry
This reverts commit 57b2d1e9b0
, reversing
changes made to 760b2b9048
.
2016-08-15 19:05:52 -04:00
Nikolay Amiantov
b2ebecd9e5
modprobe service: drop kmod wrapper
2016-08-16 00:19:25 +03:00
Nikolay Amiantov
bda3423b3a
networkmanager service: make wanted by network.target, drop networkmanager-init
2016-08-14 22:38:58 +03:00
Nikolay Amiantov
0f59901b57
ejabberd service: move service to foreground
2016-08-14 22:37:06 +03:00
Eric Sagnes
4cdfeb78f9
modules: move meta at top level
2016-08-11 00:29:48 +09:00
jokogr
adeab67bd8
syncthing service: add syncthing-inotify ( #17320 )
2016-08-06 17:20:18 +02:00
Peter Hoeg
c4cba0e51f
ssh module: ignore exit code when socket activated
...
sshd will at times fail when exiting. When socket activated, this will
leave a number of sshd@ service instances in the failed state, so we
simply ignore the error code if we are running socket activated.
Recommended by upstream:
http://systemd-devel.freedesktop.narkive.com/d0eapMCG/socket-activated-sshd-service-showing-up-as-a-failure-when-the-client-connection-fails
Fixes: #3279
2016-08-04 16:47:44 +08:00
Damien Cassou
c5d9dc9cfa
Merge pull request #17418 from DamienCassou/offlineimap-module-reporting
...
offlineimap's module: change UI to syslog
2016-08-04 08:33:20 +02:00
Joachim Fasting
79ac02ed64
dnscrypt-proxy service: update resolver list
2016-08-02 09:36:22 +02:00
Joachim Fasting
c91d07b668
dnscrypt-proxy module: types.string should be types.str
2016-08-01 12:55:42 +02:00
Damien Cassou
19af5b444e
offlineimap's module: change UI to syslog
...
The 'syslog' UI "allows better integration with systemd":
http://www.offlineimap.org/doc/Changelog.html#offlineimap-v660-rc2-2015-10-15
2016-08-01 09:37:53 +02:00
Franz Pletz
76b21b7adb
nixos/firewall: Refactor rpfilter, allow DHCPv4 ( #17325 )
...
Adds a new chain in the raw table for reverse path filtering and optional
logging. A rule to allow serving DHCPv4 was also added as it is commonly
needed and poses no security risk even when no DHCPv4 server is running.
Fixes #10101 .
2016-07-31 13:49:24 +02:00
Tristan Helmich
c9b9692347
tinc: add Restart in systemd service config
2016-07-27 10:38:57 +02:00
Ioannis Koutras
24968fc1c1
syncthing: fix system service
2016-07-26 13:10:15 +03:00
Emery Hemingway
90ee01cd3d
nixos: disable DHCP on ZeroTier interfaces
2016-07-23 21:04:42 +02:00
Michele Guerini Rocco
267e362fbc
syncthing: Allow the user service to be enabled with systemctl ( #17136 )
2016-07-21 04:49:58 +02:00
cransom
4a9b640f37
smokeping: init at 2.6.11 ( #17090 )
...
Includes a module for service setup and a test
to verify functionality of both service and pkg.
2016-07-21 01:07:59 +02:00
Bjørn Forsman
78eac466b0
nixos/ddclient: add warning about password being world readable
...
Closes #16885 .
2016-07-19 16:51:42 +02:00
Damien Cassou
85a895d60f
offlineimap: add nixos module ( #16842 )
2016-07-11 10:37:18 +02:00
Robert Helgesson
9f4775dbb5
ddclient service: use environment.etc
...
The ddclient daemon requires that the configuration file is only
accessible by the ddclient user. This since it typically contains login
information.
2016-07-09 14:51:36 +02:00
Anders Lundstedt
5f3c4bd11e
nixos: fix avahi connectivity for shairport-sync module
...
The shairport-sync service currently fails to start with the error
shairport avahi_entry_group_new failed
This problem seems to have been introduced by
cdd7310a50
After some trial and error I concluded that the attached commit is a minimal
fix.
2016-07-08 16:22:51 +02:00
Corbin
45a066512e
services/avahi: Add domainName setting
...
Fixes #15795 .
2016-06-26 23:15:39 +02:00
zimbatm
4f5918cd2e
Revert "stdenv: introduce baseHash() to replace stripHash()"
...
Introduced by mistake
This reverts commit e71a5cb878
.
2016-06-25 14:25:58 +01:00
zimbatm
e71a5cb878
stdenv: introduce baseHash() to replace stripHash()
...
stripHash uses a global variable to communicate it's computation
results, but it's not necessary. You can just pipe to stdout in a
subshell. A function mostly behaves like just another command.
baseHash() also introduces a suffix-stripping capability since it's
something the users of the function tend to use.
2016-06-25 14:20:56 +01:00
Alexander Ried
c1319572d4
networkmanager: Dependency on avahi-autoipd has been dropped.
...
Native IPv4 link-local addressing configuration based on systemd network library is now used instead.
2016-06-23 23:12:41 +02:00
Benjamin Saunders
8e47786c0e
coturn: init at 4.5.0.3 ( #16284 )
2016-06-21 12:59:29 +02:00
obadz
fb6b4860c7
xl2tpd: add nixos module for service
...
(required adding execv to libredirect)
2016-06-20 21:41:59 +01:00
zimbatm
b0f8416c5c
Merge pull request #16180 from zimbatm/shell-escaping
...
Escape all shell arguments uniformly
2016-06-19 23:27:52 +01:00
obadz
8ab188eb16
pptpd service: improve option descriptions per @bjornfor's suggestion
2016-06-18 16:28:06 +01:00
obadz
fc975bcffb
pptpd: add nixos service
2016-06-18 02:08:07 +01:00
Benno Fünfstück
519673e714
wpa_supplicant: start after wireless interfaces
...
wpa_supplicant fails to start if the wireless interfaces aren't ready yet,
so we need to add a system ordering directive here to start wpa_supplicant
after the interfaces are ready. Note that Requires= is not enough since
it does not imply ordering.
2016-06-16 00:22:08 +02:00
Kamil Chmielewski
437ea9fd37
Fixes #16181 - using bin output for Go services
2016-06-13 23:32:16 +02:00
zimbatm
28fa4a2f03
Escape all shell arguments uniformly
2016-06-12 18:11:37 +01:00
Joachim Fasting
376ba5f17f
dnscrypt-proxy service: update resolver list
2016-06-09 14:03:40 +02:00
Benno Fünfstück
c85f2b20e6
nixos/openvpn: add support for resolvconf
...
The update-resolve-conf script from the update-resolv-conf
package is very useful and should work in most of the common
cases, so this adds an option to enable it. The option is
disabled by default for backwards compatibility.
2016-06-06 20:43:52 +02:00
obadz
0c9e904943
toxvpn: restartIfChanged = false & minor cleanups
2016-05-30 14:23:52 +01:00
anderspapitto
dd2bb96dbe
syncthing service: respect cfg.package ( #15810 )
2016-05-30 10:14:19 +02:00
obadz
d18ba0f50d
toxvpn: init at 20151111
...
(Authored by @cleverca22)
2016-05-30 00:21:22 +01:00
Alexander Ried
8fbdb40ef0
services.*ntp*: Add time-sync.target to ntp clients ( #15714 )
...
See: https://www.freedesktop.org/software/systemd/man/systemd.special.html#time-sync.target
2016-05-26 16:25:36 +02:00
Joachim Fasting
e27e0b3d75
Merge pull request #15620 from Cornu/mosquitto
...
mosquitto service: init
2016-05-24 13:56:06 +02:00
Hans-Harro Horn
77f2c305b6
mosquitto service: init
...
Initial Mosquitto MQTT Broker service file.
2016-05-24 10:49:03 +02:00
Joachim Fasting
0f384e5cf2
dnscrypt-proxy service: update resolver list
2016-05-23 16:44:20 +02:00
Arnold Krille
bf0e745597
unbound service: do not initialize root cert
...
When enableRootTrustAnchor is set to false, there is really no point in
initializing the root key before starting unbound.
Fixes #15605 .
2016-05-21 22:27:27 +02:00
Bjørn Forsman
c7db50e24f
Revert "network-manager: multiple outputs"
...
This reverts commit c25907d072
.
I think this commit broke the NixOS service for NetworkManager. At least
with this, and the two previous reverts, everything is back to normal.
(With multiple-outputs split, it would have reduced the closure size by
3 MiB.)
2016-05-21 13:12:44 +02:00
Bjørn Forsman
167272f01d
Revert "networkmanager service: fixup"
...
This reverts commit 7ac1ef05fa
.
One of a few reverts needed to unbreak networkmanager NixOS service
since the multiple-output split (to save 3 MiB of closure size).
2016-05-21 13:12:44 +02:00
Bjørn Forsman
d1463ac750
Revert "nixos/networkmanager: fix syntax error"
...
This reverts commit 2875293615
.
One of a few reverts needed to unbreak networkmanager NixOS service
since the multiple-output split (to save 3 MiB of closure size).
2016-05-21 13:12:44 +02:00
Joachim Fasting
b740e046ab
dnscrypt-proxy service: robust lib references in apparmor profile
...
Use getLib to avoid future problems caused by re-ordering outputs.
2016-05-15 11:55:17 +02:00
Tuomas Tynkkynen
0561e14c3b
bind: Split into multiple outputs
...
A patch is needed to make bind not print its configure flags on
'named -V'.
2016-05-14 22:12:59 +03:00
Vladimír Čunát
3e387c3e00
Merge branch 'staging'
...
Darwin isn't in a perfect state, in particular its bootstrap tools won't
build which will block nixpkgs channel. But on the whole it seems
acceptable.
2016-05-13 10:14:53 +02:00
Данило Глинський (Danylo Hlynskyi)
bc2fe9f2cd
typo in authorizedKeysFiles
2016-05-12 18:01:17 +03:00
Joachim Fasting
639dcffa0b
Merge pull request #15403 from Shados/maintain-teamspeak-server
...
teamspeak-server package & module maintenance
2016-05-12 13:01:38 +02:00
Alexei Robyn
11b0972544
teamspeak-server module: Create data directory by
...
leveraging users.users.<user>.createHome instead of a preStart script.
preStart script is still required to ensure proper creation of logging
directory.
2016-05-12 20:49:17 +10:00
Domen Kožar
25e3c091a0
Revert "nixos/nat: Allow nat without an externalInterface"
...
This reverts commit 431a98b12b
.
Breaks nixos tests: http://hydra.nixos.org/build/35538207
2016-05-12 11:04:06 +01:00
Vladimír Čunát
6c2fbfbd77
Merge branch 'master' into staging
2016-05-12 04:53:38 +02:00
Franz Pletz
431a98b12b
nixos/nat: Allow nat without an externalInterface
2016-05-12 01:52:13 +02:00
Joachim Fasting
a0e8d542c7
Merge pull request #15377 from womfoo/sniproxy
...
sniproxy: init at 0.4.0 with dependency udns: init at 0.4
2016-05-11 15:14:33 +02:00
Kranium Gikos Mendoza
356f1bdac8
sniproxy service: init
2016-05-11 13:27:28 +08:00
Joachim Fasting
e38e3dcdb6
dnscrypt-proxy service: allow user to specify their own resolver list
2016-05-10 07:08:37 +02:00
Joachim Fasting
bd448b7139
dnscrypt-proxy service: use up-to-date dnscrypt-resolvers list
...
The list of public proxies is updated now and again and it's probably a
good idea to always work from the most recent list, rather than the one
that is shipped with the release. This can be crucial in case of
resolvers that are revealed to have gone rogue or otherwise have been
compromised.
2016-05-10 07:07:58 +02:00
Vladimír Čunát
65a9fa8cdc
Merge branch 'master' into staging
2016-05-08 21:24:48 +02:00
Joachim Fasting
1d2fcde841
dnscrypt-proxy service: fix libcap output reference
...
After 7382afac40
shared objects are in
`libcap.lib`
2016-05-07 20:18:27 +02:00
Nikolay Amiantov
f7c02f8670
ejabberd service: add image thumbnailing support
2016-05-07 14:31:16 +03:00
Tuomas Tynkkynen
aadaa91379
Merge remote-tracking branch 'upstream/master' into staging
...
Conflicts:
pkgs/applications/networking/browsers/vivaldi/default.nix
pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
Tobias Geerinckx-Rice
5508687ec2
Remove now useless proprietary Copy.com client and service
...
<https://techlib.barracuda.com/Copy/FAQ >
SaaS.
2016-05-01 14:38:08 +02:00
Thomas Tuegel
2875293615
nixos/networkmanager: fix syntax error
2016-04-30 12:20:06 -05:00
Tuomas Tynkkynen
4ff8f377af
Merge remote-tracking branch 'upstream/master' into staging
2016-04-28 00:13:53 +03:00
Nikolay Amiantov
e6e7c1e914
logmein-hamachi: init at 2.1.0.139, add nixos service
2016-04-27 16:15:01 +03:00
Nikolay Amiantov
7ac1ef05fa
networkmanager service: fixup
2016-04-27 13:51:43 +03:00
Thomas Tuegel
c25907d072
network-manager: multiple outputs
2016-04-25 19:04:24 -05:00
Tuomas Tynkkynen
1d4b21ef42
treewide: Use correct output of config.nix.package in non-string contexts
2016-04-25 16:44:38 +02:00
Théophane Hufschmitt
201590fd97
zerobin service : init
2016-04-25 13:18:58 +02:00
Eric Litak
032f3e721c
unifi: relocatable data dir
2016-04-22 22:43:55 -07:00
Eric Litak
86357de0c8
mfi: relocatable data dir
2016-04-22 22:43:45 -07:00
Eric Litak
08546d3a20
unifi: fix for closure-size changes
2016-04-22 22:39:28 -07:00
Evgeny Egorochkin
a05ba7375d
quassel: use qt4 version of the daemon because as of now qt5 version fails to use proxies(connection refused)
2016-04-22 12:59:26 +03:00
Joachim Fasting
83aae072f8
dnscrypt-proxy service: fix references to libcap & attr
2016-04-15 17:44:10 +02:00
Nikolay Amiantov
cb0b0190cb
syncthing service: fix mkEnableOption call
2016-04-14 17:44:02 +03:00
Nikolay Amiantov
c9f2753c7b
syncthing service: fix invalid conflict resolution
2016-04-14 17:38:25 +03:00
Peter Hoeg
32bc5cfa24
syncthing service: support running from systemd --user instance
2016-04-14 21:22:31 +08:00
Tuomas Tynkkynen
897e0d1224
treewide: Mass replace 'openssl}/bin' to refer to the correct outputs
2016-04-14 08:32:20 +03:00
Vladimír Čunát
39ebb01d6e
Merge branch 'staging', containing closure-size #7701
2016-04-13 09:25:28 +02:00
Valérian Galliat
26dc7e503d
Shout: fix infinite loop in service configuration
...
Fixes #14594 .
2016-04-11 09:58:52 -04:00
joachifm
9c484f29ce
Merge pull request #14564 from valeriangalliat/shout/config
...
Shout: configure with attrs
2016-04-11 09:56:10 +02:00
Valérian Galliat
b0d1eb4579
Shout: configure with attrs
2016-04-10 10:49:32 -04:00
Vladimír Čunát
30f14243c3
Merge branch 'master' into closure-size
...
Comparison to master evaluations on Hydra:
- 1255515 for nixos
- 1255502
for nixpkgs
2016-04-10 11:17:52 +02:00
Alexander Ried
72cd570421
minidlna: use journalctl for logging, systemd for runtimedir
2016-04-08 23:04:12 +02:00
Alexander Ried
4d87926795
minidlna: use hostname in DLNA friendly name
2016-04-08 23:04:12 +02:00
joachifm
6d2df6d578
Merge pull request #14222 from Pleune/fix/iodined-client-mode
...
iodine service: add client mode implimentation
2016-04-08 02:19:32 +02:00
Eric Litak
0de2d2fbcd
mfi: init at 2.1.11
...
This package has some outdated dependencies, so old versions of mongodb
and v8 had to be re-added as well.
2016-04-01 02:45:11 -07:00
Vladimír Čunát
ab15a62c68
Merge branch 'master' into closure-size
...
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
rnhmjoj
a98a918b10
syncthing: run daemon with dedicated user as default
2016-04-01 01:26:52 +02:00
Franz Pletz
dcae10ebda
wpa_supplicant service: Depend on interfaces being present
2016-03-28 21:52:23 +00:00
Mitchell Pleune
879778091a
iodine service: add clients implimentation
...
- services.iodined moved to services.iodine
- configuration file backwards compatable
- old iodine server configuration moved to services.iodine.server
- attribute set services.iodine.clients added to specify any number
of iodine clients
- example:
iodine.clients.home = { server = "iodinesubdomain.yourserver.com"; ... };
- client services names iodine-name where name would be home
2016-03-26 21:16:29 -04:00
Joachim Fasting
1ca4610577
dnscrypt-proxy service: change default upstream resolver
...
Previously, the cisco resolver was used on the theory that it would
provide the best user experience regardless of location. The downsides
of cisco are 1) logging; 2) missing supoprt for DNS security extensions.
The new upstream resolver is located in Holland, supports DNS security,
and *claims* to not log activity. For users outside of Europe, this will
mean reduced performance, but I believe it's a worthy tradeoff.
2016-03-24 17:14:22 +01:00
Joachim Fasting
9bf6e64860
dnscrypt-proxy service: use dynamic uid/gid
...
The daemon doesn't have any portable data, reserving a
UID/GID for it is redundant.
This frees up UID/GID 151.
2016-03-24 17:14:22 +01:00
Joachim Fasting
03bdf8f03c
dnscrypt-proxy service: additional hardening
...
Run the daemon with private /home and /run/user to
prevent it from enumerating users on the system.
2016-03-24 17:14:22 +01:00
Joachim Fasting
4001917359
dnscrypt-proxy service: cosmetic enhancements
2016-03-24 17:14:22 +01:00
Mitchell Pleune
927aaecbcb
iodined service: wantedBy ip-up.target
...
When iodined tries to start before any interface other than loopback has an ip, iodined fails.
Wait for ip-up.target
The above is because of the following:
in iodined's code: src/common.c line 157
the flag AI_ADDRCONFIG is passed as a flag to getaddrinfo.
Iodine uses the function
get_addr(char *host,
int port,
int addr_family,
int flags,
struct sockaddr_storage *out);
to get address information via getaddrinfo().
Within get_addr, the flag AI_ADDRCONFIG is forced.
What this flag does, is cause getaddrinfo to return
"Name or service not known" as an error explicitly if no ip
has been assigned to the computer.
see getaddrinfo(3)
Wait for an ip before starting iodined.
2016-03-22 23:40:49 -04:00
Pascal Wittmann
a491b75523
radicale service: run with dedicated user
...
This is done in the context of #11908 .
2016-03-20 15:50:14 +01:00
Peter Simons
a0ab4587b7
Set networking.firewall.allowPing = true by default.
...
This patch fixes https://github.com/NixOS/nixpkgs/issues/12927 .
It would be great to configure good rate-limiting defaults for this via
/proc/sys/net/ipv4/icmp_ratelimit and /proc/sys/net/ipv6/icmp/ratelimit,
too, but I didn't since I don't know what a "good default" would be.
2016-03-17 19:40:13 +01:00
Joachim Fasting
12877098cb
dnscrypt-proxy service: expose option to use ephemeral keys
...
Some users may wish to improve their privacy by using per-query
key pairs, which makes it more difficult for upstream resolvers to
track users across IP addresses.
2016-03-17 15:02:33 +01:00
Joachim Fasting
a0663e3709
dnscrypt-proxy service: documentation fixes
...
- fix `enable` option description
using `mkEnableOption longDescription` is incorrect; override
`description` instead
- additional details for proper usage of the service, including
an example of the recommended configuration
- clarify `localAddress` option description
- clarify `localPort` option description
- clarify `customResolver` option description
2016-03-17 14:18:30 +01:00
Nikolay Amiantov
363f024864
Merge pull request #13861 from abbradar/mjpg-streamer
...
mjpg-streamer: update and add NixOS service
2016-03-14 15:19:03 +03:00
Edward Tjörnhammar
c65026bfa5
nixos: i2pd, change to yes/no config entries and explicitly enable client endpoints
2016-03-13 21:36:30 +01:00
Nikolay Amiantov
83ff545bfd
mjpg-streamer service: init
2016-03-12 18:53:02 +03:00
Joachim Fasting
e7cfccbcc2
dnscrypt-proxy service: fix apparmor profile
...
The daemon additionally requires libcap, liblz4, and libattr.
2016-03-09 04:13:19 +01:00
Michael Raskin
b27de68c4e
Merge pull request #13777 from eqyiel/upstream
...
vsftpd: Add possibility to specify path to RSA key file
2016-03-09 03:02:29 +00:00
Joachim Fasting
e3ae435aad
dnscrypt-proxy service: fix default resolver name
...
The "opendns" resolver has changed name to "cisco", causing the default
dnscrypt-proxy configuration to fail.
2016-03-09 02:59:30 +01:00
Mango Chutney
973219c973
vsftpd.nix: Add possibility to add RSA key file
2016-03-09 01:32:44 +00:00
Vladimír Čunát
09af15654f
Merge master into closure-size
...
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
joachifm
453686a24a
Merge pull request #13705 from aneeshusa/use-bin-instead-of-sbin-for-openssh
...
openssh: use bin instead of sbin folder
2016-03-07 12:03:37 +00:00
joachifm
8cff02206b
Merge pull request #13725 from nathan7/bird-user
...
bird module: run as user/group `bird`, not `ircd`
2016-03-07 11:34:06 +00:00
Christoph Hrdinka
67e93e984c
Merge pull request #13723 from Profpatsch/wheter
...
wheter -> whether
2016-03-07 10:51:43 +01:00
Profpatsch
7f44b58609
wheter → whether
...
Nice weather today, isn’t it?
2016-03-07 03:06:54 +01:00
Nathan Zadoks
0360e410b7
bird module: run as user/group bird
, not ircd
2016-03-07 02:02:58 +01:00
Marius Bakke
7135553cf1
unbound: drop sbin directory
2016-03-06 12:50:41 +00:00
Aneesh Agrawal
bb39304ce6
openssh: use bin instead of sbin folder
...
References #11939 .
2016-03-05 23:56:32 -05:00
joachifm
6048f0fbd6
Merge pull request #11738 from grwlf/syncthing
...
Support SOCKS5 proxy for the Syncthing service
2016-03-04 01:18:40 +00:00
aszlig
6cf6c3fbc9
nixos: Fix build of manual
...
Broken by 17389e256f
.
The description attributes of mkOption are parsed by XSLT, so we can
create a DocBook manual out of it.
Unfortunately, the passwordHash option had a description which includes
a <password> placeholder which is recognized by DocBook XSL as a valid
start tag. So as there is obviously no </password>, the build of the
manual bailed out with a parsing error.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: devhell <"^"@regexmail.net>
2016-03-03 21:35:31 +01:00
Eelco Dolstra
6bd0c3fe9d
ifplugd: Remove
...
This package hasn't been updated in 11 years, and isn't really useful
anymore in a modern Linux system.
2016-03-03 19:43:11 +01:00
Franz Pletz
aa819b8d39
Merge pull request #13591 from mayflower/services/nntp-proxy
...
nntp-proxy service: init
2016-03-03 18:57:25 +01:00
Shea Levy
bcdd81d9e1
networkmanager: Enable ipv6 privacy extensions by default
2016-03-03 12:01:01 -05:00
Tristan Helmich
17389e256f
nntp-proxy service: init
2016-03-03 14:14:19 +01:00
Nikolay Amiantov
23dd97ee88
Merge commit 'refs/pull/13412/head' of git://github.com/NixOS/nixpkgs
2016-03-02 18:56:24 +03:00
Alex Franchuk
69d8cb4a6b
libreswan: add package and service to nixos
2016-03-02 09:44:30 -05:00
Thomas Strobel
2d6696fc0a
nixos-modules: Fixes related to "literalExample" and "defaultText".
2016-02-29 01:47:12 +01:00
Christoph Hrdinka
fd46f18cf6
nsd service: add build time config validation
2016-02-28 09:18:39 +01:00
Christoph Hrdinka
c4c9019105
nsd service: make use of literalExample
2016-02-28 09:18:11 +01:00
Christoph Hrdinka
6a096504cc
nsd service: add missing options
2016-02-28 09:18:11 +01:00
Christoph Hrdinka
8442a7d12c
nsd service: code cleanup
...
Puts everything in alphanumeric order and removes unnecessary spaces to better
match NixOS coding style.
2016-02-28 09:18:11 +01:00
Domen Kožar
04422bb3ca
Merge pull request #8630 from lihop/nixos/fix-formatting
...
nixos: fix formatting of option examples
2016-02-27 10:08:37 +00:00
Vladimír Čunát
3cf9cd8bc3
Merge #12796 : nixos docs: show references to packages
...
(version 2) A better implementation of #10039 , after #12357 .
This time I did more thorough checking.
See commit messages for details.
2016-02-27 10:48:12 +01:00
Leroy Hopson
f6f892e2d6
nsd service: fix formatting of example
2016-02-27 22:25:39 +13:00
Profpatsch
70c02402c8
networkmanager: fix link-local ip addresses
...
NetworkManager needs an additional avahi-user to use link-local
IPv4 (and probably IPv6) addresses. avahi-autoipd also needs to be
patched to the right path.
2016-02-26 03:28:56 +01:00
Eelco Dolstra
d9d6a92d5e
sshd.nix: Ensure global config goes before user Match blocks
...
Hopefully fixes #13393 .
2016-02-23 18:03:33 +01:00