1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-02 02:24:27 +00:00
Commit graph

895 commits

Author SHA1 Message Date
Joachim Fasting 5dc60051fa
unbound service: some pre-chroot isolation
While entering the chroot should provide the same amount of isolation,
the preStart script will run with full root privileges and so would
benefit from some isolation as well (in particular due to
unbound-anchor, which can perform network I/O).
2016-09-15 15:37:20 +02:00
Joachim Fasting 39f5182a30
unbound service: use auto-generated uid
1. The preStart script ensures consistent ownership, even if the unbound
   user's uid has changed
2. The unbound daemon does not generate data that needs to be private to
   it, so it would not matter that a different service would end up
   owning its data (as long as unbound remains enabled, it should reclaim
   ownership soon enough anyway).

Thus, there's no clear benefit to allocate a dedicated uid for the
unbound service.  This releases uid/gid 48.

Also, because the preStart script creates the data directory, there's no
need to specify a homedir or ask for its creation.
2016-09-15 15:37:19 +02:00
Joachim Fasting 0759e77dfd
unbound service: add reference to man:unbound.conf(8) 2016-09-15 15:37:19 +02:00
Joachim Fasting 52432ee63d
unbound service: non-blocking random in chroot
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
2016-09-15 15:37:19 +02:00
Joachim Fasting 7980523e00
unbound service: convenient handling of local forward addresses
do-not-query-localhost defaults to yes; with this patch, unbound is
configured to query localhost if any of the forward addresses are local.
2016-09-15 15:37:19 +02:00
Alexander Ried 8524df1259 networking.nat: replace network-interfaces.target
We can replace this safely with network-pre because iptables does not
care whether the interfaces exist or not.
2016-09-13 11:19:22 +02:00
Alexander Ried 60430b140c lshd service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Alexander Ried d43b2b9c85 openvpn service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Alexander Ried 97416eaeef gpve service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Alexander Ried fbf0abf4af softether: improve service dependencies 2016-09-13 11:19:22 +02:00
Alexander Ried 9819cdc71a wicd: get closer to upstream service definition
taken from
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/view/head:/other/wicd.service
2016-09-13 11:19:22 +02:00
Alexander Ried 3ada966bd5 treewide: minor format / style / documentation fixes 2016-09-13 11:19:22 +02:00
Alexander Ried bc7710468d networking.dhcpcd: use upstream targets 2016-09-13 11:19:22 +02:00
Joachim Fasting 5a2a3510b9 zerobin service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting c7ed675fe3 xinetd service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting cda9af6eb8 wpa-supplicant service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 768b333dc1 tinc service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 795defaae0 tcpcrypt service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 67d9369e5d radicale service: network-interfaces.target -> network{,-online}.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 652e0b4b8a oidentd service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting ae71667451 cjdns service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting 69e15b7ba5 bind service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Alexander Ried 06b2897c40 networking.dhcpcd: Don't add to system closure when using networkd (#18436) 2016-09-13 07:55:17 +02:00
Eric Sagnes 7e5a24c23a i2pd module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes b73ca0df27 tinc module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes 8d58771b94 openvpn module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes 775d98acbc xinet module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes 819524a0d3 supplicant module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes 48d6fa933c sshd module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes d89a718baf prosody module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes c3bdee3c39 nat module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Franz Pletz 5c38882f38
toxvpn service: doesn't require online network
Tested that it detects network changes quickly.
2016-09-11 08:16:55 +02:00
Franz Pletz c58654e2b7
treewide: fix fallout of ip-up deprecation
See #18319 for details. Starting network-online.target manually does not
work as it hangs indefinitely.

Additionally, don't treat avahi and dhcpcd special and sync their systemd units
with the respective upstream suggestion.
2016-09-11 08:13:04 +02:00
Alexander Ried 27bc34f1e4 treewide: deprecate ip-up.target (#18319)
Systemd upstream provides targets for networking. This also includes a target network-online.target.

In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
2016-09-10 18:03:59 +02:00
Domen Kožar fed3501b07 Remove docker-registry as it's deprecated #18209 2016-09-09 18:50:42 +02:00
Robert Helgesson bf371a8b06 radicale service: use "simple" service type (#18406)
Radicale can run as a foreground service and will then emits logging and
errors on the standard output. This helps the logging end up in the
systemd journal.
2016-09-08 12:34:22 +02:00
aszlig fb46df8a9a
nixos: Fix ordering of firewall.service
Follow-up to the following commits:

  abdc5961c3cdf9f5893ea1e91ba08ff5089f53a4: Fix starting the firewall
  e090701e2d09aec3e8866ab9a8e53c37973ffeb4: Order before sysinit

Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.

The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.

To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.

Tested using the firewall NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
2016-09-07 15:11:24 +02:00
Eelco Dolstra e090701e2d firewall: Order before sysinit
Suggested by @aszlig.
2016-09-07 14:42:30 +02:00
Eelco Dolstra abdc5961c3 Fix starting the firewall
Probably as a result of 992c514a20, it
was not being started anymore.

My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.

http://hydra.nixos.org/build/39965589
2016-09-07 14:30:11 +02:00
Alexey Shmalko b7237abc08 avahi-daemon: remove default browse-domains
These domains are not actually default but examples. See
https://github.com/lathiat/avahi/blob/master/avahi-daemon/avahi-daemon.conf#L24
for default config.
2016-09-07 13:58:21 +02:00
Eelco Dolstra 520cb14f16 Fix infinite recursion introduced by f3c32cb2c1 2016-09-05 18:17:22 +02:00
Eelco Dolstra f3c32cb2c1 Let services.openssh.forwardX11 imply programs.ssh.setXAuthLocation 2016-09-05 15:38:42 +02:00
Octavian Cerna a30d4654f2 quagga service: New NixOS module. 2016-09-02 13:59:51 +03:00
Nikolay Amiantov 608ee1c7b3 mjpg-streamer service: restart on failure 2016-09-02 11:44:16 +03:00
Parnell Springmeyer 98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Joachim Fasting 6df8de50f3
unbound service: whitespace fixes 2016-09-01 14:51:33 +02:00
Joachim Fasting 03c2c87ed6
unbound service: use mkEnableOption 2016-09-01 14:51:32 +02:00
zimbatm 17dbfeb450 Merge pull request #18152 from roblabla/bugfix-zeroTierOneConfigurablePackage
zerotierone: make package configurable
2016-08-31 12:34:59 +01:00
roblabla caa1350e07 zerotierone: make package configurable 2016-08-31 12:39:55 +02:00
Joachim Fasting d78e0ed1f9
dnscrypt-proxy module: move detailed info to module documentation 2016-08-29 23:48:12 +02:00
Joachim Fasting 68210aa772
dnscrypt-proxy module: serviceConfig.Group is redundant
Same as user's primary group if left unspecified
2016-08-29 23:48:12 +02:00
Joachim Fasting 23a7e6e911
dnscrypt-proxy module: formatting 2016-08-29 23:48:11 +02:00
Domen Kožar e01e92f12f Merge pull request #15025 from ericsagnes/modules/manual
manual: automatically generate modules documentation
2016-08-28 13:57:34 +02:00
Graham Christensen 8d10928ad0 Merge pull request #17908 from Mic92/ferm
Ferm
2016-08-25 20:38:02 -04:00
Jörg Thalheim 7b354ce8cc
ferm: init at 2.3 2016-08-25 21:37:19 +02:00
Carles Pagès 3374aa25bc cjdns: fix assertion. 2016-08-25 08:57:18 +02:00
Nikolay Amiantov 5ff6e98486 modprobe service: drop kmod wrapper 2016-08-19 17:56:49 +03:00
Joachim F c2bfce8de8 Merge pull request #16762 from matthewbauer/gnustep2
Add "gnustep" to nixpkgs
2016-08-17 23:38:56 +02:00
Matthew Bauer f541715057 gnustep: fix gdomap service
This gets rid of the rest of the pidfile stuff and makes gdomap just act
like a normal systemd process. Also reword "enable" option.
2016-08-16 21:11:06 +00:00
Matthew Bauer 5ea9bd0920 gnustep: fix naming of gnustep stuff
This should fix the NixOS issues.
2016-08-16 21:11:05 +00:00
Artyom Shalkhakov 697982b91b gnustep: fix gdnc, gdomap
Both gdnc and gdomap seem to work.
2016-08-16 21:00:31 +00:00
Artyom Shalkhakov d3d580ebbe gnustep: cleanup
Major clean-up. Everything builds fine.
2016-08-16 21:00:27 +00:00
Artyom Shalkhakov 9b17cd8fab gnustep: add nixos deamons
Adding basic daemons: gdomap and gdnc. It seems that GWorkspace
does is unable to work properly without the daemons.
2016-08-16 21:00:21 +00:00
Svein Ove Aas 102472b8de unifi: Open required ports by default.
The controller does not work at all if they aren't, with the exception
of special configurations involving L3 or custom ports.
2016-08-16 21:01:49 +01:00
Svein Ove Aas e3f0a09b6d unifi: chown the data dir as well.
It needs to be writeable.
2016-08-16 21:01:49 +01:00
Shea Levy 9adad8612b Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
Was meant to go into staging, sorry

This reverts commit 57b2d1e9b0, reversing
changes made to 760b2b9048.
2016-08-15 19:05:52 -04:00
Nikolay Amiantov b2ebecd9e5 modprobe service: drop kmod wrapper 2016-08-16 00:19:25 +03:00
Nikolay Amiantov bda3423b3a networkmanager service: make wanted by network.target, drop networkmanager-init 2016-08-14 22:38:58 +03:00
Nikolay Amiantov 0f59901b57 ejabberd service: move service to foreground 2016-08-14 22:37:06 +03:00
Eric Sagnes 4cdfeb78f9 modules: move meta at top level 2016-08-11 00:29:48 +09:00
jokogr adeab67bd8 syncthing service: add syncthing-inotify (#17320) 2016-08-06 17:20:18 +02:00
Peter Hoeg c4cba0e51f ssh module: ignore exit code when socket activated
sshd will at times fail when exiting. When socket activated, this will
leave a number of sshd@ service instances in the failed state, so we
simply ignore the error code if we are running socket activated.

Recommended by upstream:
http://systemd-devel.freedesktop.narkive.com/d0eapMCG/socket-activated-sshd-service-showing-up-as-a-failure-when-the-client-connection-fails

Fixes: #3279
2016-08-04 16:47:44 +08:00
Damien Cassou c5d9dc9cfa Merge pull request #17418 from DamienCassou/offlineimap-module-reporting
offlineimap's module: change UI to syslog
2016-08-04 08:33:20 +02:00
Joachim Fasting 79ac02ed64
dnscrypt-proxy service: update resolver list 2016-08-02 09:36:22 +02:00
Joachim Fasting c91d07b668
dnscrypt-proxy module: types.string should be types.str 2016-08-01 12:55:42 +02:00
Damien Cassou 19af5b444e offlineimap's module: change UI to syslog
The 'syslog' UI "allows better integration with systemd":
http://www.offlineimap.org/doc/Changelog.html#offlineimap-v660-rc2-2015-10-15
2016-08-01 09:37:53 +02:00
Franz Pletz 76b21b7adb nixos/firewall: Refactor rpfilter, allow DHCPv4 (#17325)
Adds a new chain in the raw table for reverse path filtering and optional
logging. A rule to allow serving DHCPv4 was also added as it is commonly
needed and poses no security risk even when no DHCPv4 server is running.

Fixes #10101.
2016-07-31 13:49:24 +02:00
Tristan Helmich c9b9692347 tinc: add Restart in systemd service config 2016-07-27 10:38:57 +02:00
Ioannis Koutras 24968fc1c1 syncthing: fix system service 2016-07-26 13:10:15 +03:00
Emery Hemingway 90ee01cd3d nixos: disable DHCP on ZeroTier interfaces 2016-07-23 21:04:42 +02:00
Michele Guerini Rocco 267e362fbc syncthing: Allow the user service to be enabled with systemctl (#17136) 2016-07-21 04:49:58 +02:00
cransom 4a9b640f37 smokeping: init at 2.6.11 (#17090)
Includes a module for service setup and a test
to verify functionality of both service and pkg.
2016-07-21 01:07:59 +02:00
Bjørn Forsman 78eac466b0 nixos/ddclient: add warning about password being world readable
Closes #16885.
2016-07-19 16:51:42 +02:00
Damien Cassou 85a895d60f offlineimap: add nixos module (#16842) 2016-07-11 10:37:18 +02:00
Robert Helgesson 9f4775dbb5 ddclient service: use environment.etc
The ddclient daemon requires that the configuration file is only
accessible by the ddclient user. This since it typically contains login
information.
2016-07-09 14:51:36 +02:00
Anders Lundstedt 5f3c4bd11e nixos: fix avahi connectivity for shairport-sync module
The shairport-sync service currently fails to start with the error

shairport avahi_entry_group_new failed

This problem seems to have been introduced by

cdd7310a50

After some trial and error I concluded that the attached commit is a minimal
fix.
2016-07-08 16:22:51 +02:00
Corbin 45a066512e services/avahi: Add domainName setting
Fixes #15795.
2016-06-26 23:15:39 +02:00
zimbatm 4f5918cd2e Revert "stdenv: introduce baseHash() to replace stripHash()"
Introduced by mistake

This reverts commit e71a5cb878.
2016-06-25 14:25:58 +01:00
zimbatm e71a5cb878 stdenv: introduce baseHash() to replace stripHash()
stripHash uses a global variable to communicate it's computation
results, but it's not necessary. You can just pipe to stdout in a
subshell. A function mostly behaves like just another command.

baseHash() also introduces a suffix-stripping capability since it's
something the users of the function tend to use.
2016-06-25 14:20:56 +01:00
Alexander Ried c1319572d4 networkmanager: Dependency on avahi-autoipd has been dropped.
Native IPv4 link-local addressing configuration based on systemd network library is now used instead.
2016-06-23 23:12:41 +02:00
Benjamin Saunders 8e47786c0e coturn: init at 4.5.0.3 (#16284) 2016-06-21 12:59:29 +02:00
obadz fb6b4860c7 xl2tpd: add nixos module for service
(required adding execv to libredirect)
2016-06-20 21:41:59 +01:00
zimbatm b0f8416c5c Merge pull request #16180 from zimbatm/shell-escaping
Escape all shell arguments uniformly
2016-06-19 23:27:52 +01:00
obadz 8ab188eb16 pptpd service: improve option descriptions per @bjornfor's suggestion 2016-06-18 16:28:06 +01:00
obadz fc975bcffb pptpd: add nixos service 2016-06-18 02:08:07 +01:00
Benno Fünfstück 519673e714 wpa_supplicant: start after wireless interfaces
wpa_supplicant fails to start if the wireless interfaces aren't ready yet,
so we need to add a system ordering directive here to start wpa_supplicant
after the interfaces are ready. Note that Requires= is not enough since
it does not imply ordering.
2016-06-16 00:22:08 +02:00
Kamil Chmielewski 437ea9fd37 Fixes #16181 - using bin output for Go services 2016-06-13 23:32:16 +02:00
zimbatm 28fa4a2f03 Escape all shell arguments uniformly 2016-06-12 18:11:37 +01:00
Joachim Fasting 376ba5f17f
dnscrypt-proxy service: update resolver list 2016-06-09 14:03:40 +02:00
Benno Fünfstück c85f2b20e6 nixos/openvpn: add support for resolvconf
The update-resolve-conf script from the update-resolv-conf
package is very useful and should work in most of the common
cases, so this adds an option to enable it. The option is
disabled by default for backwards compatibility.
2016-06-06 20:43:52 +02:00
obadz 0c9e904943 toxvpn: restartIfChanged = false & minor cleanups 2016-05-30 14:23:52 +01:00
anderspapitto dd2bb96dbe syncthing service: respect cfg.package (#15810) 2016-05-30 10:14:19 +02:00
obadz d18ba0f50d toxvpn: init at 20151111
(Authored by @cleverca22)
2016-05-30 00:21:22 +01:00
Alexander Ried 8fbdb40ef0 services.*ntp*: Add time-sync.target to ntp clients (#15714)
See: https://www.freedesktop.org/software/systemd/man/systemd.special.html#time-sync.target
2016-05-26 16:25:36 +02:00
Joachim Fasting e27e0b3d75 Merge pull request #15620 from Cornu/mosquitto
mosquitto service: init
2016-05-24 13:56:06 +02:00
Hans-Harro Horn 77f2c305b6 mosquitto service: init
Initial Mosquitto MQTT Broker service file.
2016-05-24 10:49:03 +02:00
Joachim Fasting 0f384e5cf2
dnscrypt-proxy service: update resolver list 2016-05-23 16:44:20 +02:00
Arnold Krille bf0e745597 unbound service: do not initialize root cert
When enableRootTrustAnchor is set to false, there is really no point in
initializing the root key before starting unbound.

Fixes #15605.
2016-05-21 22:27:27 +02:00
Bjørn Forsman c7db50e24f Revert "network-manager: multiple outputs"
This reverts commit c25907d072.

I think this commit broke the NixOS service for NetworkManager. At least
with this, and the two previous reverts, everything is back to normal.
(With multiple-outputs split, it would have reduced the closure size by
3 MiB.)
2016-05-21 13:12:44 +02:00
Bjørn Forsman 167272f01d Revert "networkmanager service: fixup"
This reverts commit 7ac1ef05fa.

One of a few reverts needed to unbreak networkmanager NixOS service
since the multiple-output split (to save 3 MiB of closure size).
2016-05-21 13:12:44 +02:00
Bjørn Forsman d1463ac750 Revert "nixos/networkmanager: fix syntax error"
This reverts commit 2875293615.

One of a few reverts needed to unbreak networkmanager NixOS service
since the multiple-output split (to save 3 MiB of closure size).
2016-05-21 13:12:44 +02:00
Joachim Fasting b740e046ab
dnscrypt-proxy service: robust lib references in apparmor profile
Use getLib to avoid future problems caused by re-ordering outputs.
2016-05-15 11:55:17 +02:00
Tuomas Tynkkynen 0561e14c3b bind: Split into multiple outputs
A patch is needed to make bind not print its configure flags on
'named -V'.
2016-05-14 22:12:59 +03:00
Vladimír Čunát 3e387c3e00 Merge branch 'staging'
Darwin isn't in a perfect state, in particular its bootstrap tools won't
build which will block nixpkgs channel. But on the whole it seems
acceptable.
2016-05-13 10:14:53 +02:00
Данило Глинський (Danylo Hlynskyi) bc2fe9f2cd typo in authorizedKeysFiles 2016-05-12 18:01:17 +03:00
Joachim Fasting 639dcffa0b Merge pull request #15403 from Shados/maintain-teamspeak-server
teamspeak-server package & module maintenance
2016-05-12 13:01:38 +02:00
Alexei Robyn 11b0972544 teamspeak-server module: Create data directory by
leveraging users.users.<user>.createHome instead of a preStart script.
preStart script is still required to ensure proper creation of logging
directory.
2016-05-12 20:49:17 +10:00
Domen Kožar 25e3c091a0 Revert "nixos/nat: Allow nat without an externalInterface"
This reverts commit 431a98b12b.

Breaks nixos tests: http://hydra.nixos.org/build/35538207
2016-05-12 11:04:06 +01:00
Vladimír Čunát 6c2fbfbd77 Merge branch 'master' into staging 2016-05-12 04:53:38 +02:00
Franz Pletz 431a98b12b nixos/nat: Allow nat without an externalInterface 2016-05-12 01:52:13 +02:00
Joachim Fasting a0e8d542c7 Merge pull request #15377 from womfoo/sniproxy
sniproxy: init at 0.4.0 with dependency udns: init at 0.4
2016-05-11 15:14:33 +02:00
Kranium Gikos Mendoza 356f1bdac8 sniproxy service: init 2016-05-11 13:27:28 +08:00
Joachim Fasting e38e3dcdb6
dnscrypt-proxy service: allow user to specify their own resolver list 2016-05-10 07:08:37 +02:00
Joachim Fasting bd448b7139
dnscrypt-proxy service: use up-to-date dnscrypt-resolvers list
The list of public proxies is updated now and again and it's probably a
good idea to always work from the most recent list, rather than the one
that is shipped with the release.  This can be crucial in case of
resolvers that are revealed to have gone rogue or otherwise have been
compromised.
2016-05-10 07:07:58 +02:00
Vladimír Čunát 65a9fa8cdc Merge branch 'master' into staging 2016-05-08 21:24:48 +02:00
Joachim Fasting 1d2fcde841
dnscrypt-proxy service: fix libcap output reference
After 7382afac40 shared objects are in
`libcap.lib`
2016-05-07 20:18:27 +02:00
Nikolay Amiantov f7c02f8670 ejabberd service: add image thumbnailing support 2016-05-07 14:31:16 +03:00
Tuomas Tynkkynen aadaa91379 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/networking/browsers/vivaldi/default.nix
	pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
Tobias Geerinckx-Rice 5508687ec2
Remove now useless proprietary Copy.com client and service
<https://techlib.barracuda.com/Copy/FAQ>

SaaS.
2016-05-01 14:38:08 +02:00
Thomas Tuegel 2875293615 nixos/networkmanager: fix syntax error 2016-04-30 12:20:06 -05:00
Tuomas Tynkkynen 4ff8f377af Merge remote-tracking branch 'upstream/master' into staging 2016-04-28 00:13:53 +03:00
Nikolay Amiantov e6e7c1e914 logmein-hamachi: init at 2.1.0.139, add nixos service 2016-04-27 16:15:01 +03:00
Nikolay Amiantov 7ac1ef05fa networkmanager service: fixup 2016-04-27 13:51:43 +03:00
Thomas Tuegel c25907d072 network-manager: multiple outputs 2016-04-25 19:04:24 -05:00
Tuomas Tynkkynen 1d4b21ef42 treewide: Use correct output of config.nix.package in non-string contexts 2016-04-25 16:44:38 +02:00
Théophane Hufschmitt 201590fd97 zerobin service : init 2016-04-25 13:18:58 +02:00
Eric Litak 032f3e721c unifi: relocatable data dir 2016-04-22 22:43:55 -07:00
Eric Litak 86357de0c8 mfi: relocatable data dir 2016-04-22 22:43:45 -07:00
Eric Litak 08546d3a20 unifi: fix for closure-size changes 2016-04-22 22:39:28 -07:00
Evgeny Egorochkin a05ba7375d quassel: use qt4 version of the daemon because as of now qt5 version fails to use proxies(connection refused) 2016-04-22 12:59:26 +03:00
Joachim Fasting 83aae072f8
dnscrypt-proxy service: fix references to libcap & attr 2016-04-15 17:44:10 +02:00
Nikolay Amiantov cb0b0190cb syncthing service: fix mkEnableOption call 2016-04-14 17:44:02 +03:00
Nikolay Amiantov c9f2753c7b syncthing service: fix invalid conflict resolution 2016-04-14 17:38:25 +03:00
Peter Hoeg 32bc5cfa24 syncthing service: support running from systemd --user instance 2016-04-14 21:22:31 +08:00
Tuomas Tynkkynen 897e0d1224 treewide: Mass replace 'openssl}/bin' to refer to the correct outputs 2016-04-14 08:32:20 +03:00
Vladimír Čunát 39ebb01d6e Merge branch 'staging', containing closure-size #7701 2016-04-13 09:25:28 +02:00
Valérian Galliat 26dc7e503d Shout: fix infinite loop in service configuration
Fixes #14594.
2016-04-11 09:58:52 -04:00
joachifm 9c484f29ce Merge pull request #14564 from valeriangalliat/shout/config
Shout: configure with attrs
2016-04-11 09:56:10 +02:00
Valérian Galliat b0d1eb4579 Shout: configure with attrs 2016-04-10 10:49:32 -04:00
Vladimír Čunát 30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Alexander Ried 72cd570421 minidlna: use journalctl for logging, systemd for runtimedir 2016-04-08 23:04:12 +02:00
Alexander Ried 4d87926795 minidlna: use hostname in DLNA friendly name 2016-04-08 23:04:12 +02:00
joachifm 6d2df6d578 Merge pull request #14222 from Pleune/fix/iodined-client-mode
iodine service: add client mode implimentation
2016-04-08 02:19:32 +02:00
Eric Litak 0de2d2fbcd mfi: init at 2.1.11
This package has some outdated dependencies, so old versions of mongodb
and v8 had to be re-added as well.
2016-04-01 02:45:11 -07:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
rnhmjoj a98a918b10 syncthing: run daemon with dedicated user as default 2016-04-01 01:26:52 +02:00
Franz Pletz dcae10ebda wpa_supplicant service: Depend on interfaces being present 2016-03-28 21:52:23 +00:00
Mitchell Pleune 879778091a iodine service: add clients implimentation
- services.iodined moved to services.iodine
- configuration file backwards compatable
- old iodine server configuration moved to services.iodine.server
- attribute set services.iodine.clients added to specify any number
  of iodine clients
  - example:
    iodine.clients.home = { server = "iodinesubdomain.yourserver.com"; ... };
  - client services names iodine-name where name would be home
2016-03-26 21:16:29 -04:00
Joachim Fasting 1ca4610577 dnscrypt-proxy service: change default upstream resolver
Previously, the cisco resolver was used on the theory that it would
provide the best user experience regardless of location.  The downsides
of cisco are 1) logging; 2) missing supoprt for DNS security extensions.

The new upstream resolver is located in Holland, supports DNS security,
and *claims* to not log activity. For users outside of Europe, this will
mean reduced performance, but I believe it's a worthy tradeoff.
2016-03-24 17:14:22 +01:00
Joachim Fasting 9bf6e64860 dnscrypt-proxy service: use dynamic uid/gid
The daemon doesn't have any portable data, reserving a
UID/GID for it is redundant.

This frees up UID/GID 151.
2016-03-24 17:14:22 +01:00
Joachim Fasting 03bdf8f03c dnscrypt-proxy service: additional hardening
Run the daemon with private /home and /run/user to
prevent it from enumerating users on the system.
2016-03-24 17:14:22 +01:00
Joachim Fasting 4001917359 dnscrypt-proxy service: cosmetic enhancements 2016-03-24 17:14:22 +01:00
Mitchell Pleune 927aaecbcb iodined service: wantedBy ip-up.target
When iodined tries to start before any interface other than loopback has an ip, iodined fails.
Wait for ip-up.target

The above is because of the following:
in iodined's code: src/common.c line 157
	the flag AI_ADDRCONFIG is passed as a flag to getaddrinfo.
	Iodine uses the function

		get_addr(char *host,
			int port,
			int addr_family,
			int flags,
			struct sockaddr_storage *out);

	to get address information via getaddrinfo().

	Within get_addr, the flag AI_ADDRCONFIG is forced.

	What this flag does, is cause getaddrinfo to return
	"Name or service not known" as an error explicitly if no ip
	has been assigned to the computer.
	see getaddrinfo(3)

Wait for an ip before starting iodined.
2016-03-22 23:40:49 -04:00
Pascal Wittmann a491b75523 radicale service: run with dedicated user
This is done in the context of #11908.
2016-03-20 15:50:14 +01:00
Peter Simons a0ab4587b7 Set networking.firewall.allowPing = true by default.
This patch fixes https://github.com/NixOS/nixpkgs/issues/12927.

It would be great to configure good rate-limiting defaults for this via
/proc/sys/net/ipv4/icmp_ratelimit and /proc/sys/net/ipv6/icmp/ratelimit,
too, but I didn't since I don't know what a "good default" would be.
2016-03-17 19:40:13 +01:00
Joachim Fasting 12877098cb dnscrypt-proxy service: expose option to use ephemeral keys
Some users may wish to improve their privacy by using per-query
key pairs, which makes it more difficult for upstream resolvers to
track users across IP addresses.
2016-03-17 15:02:33 +01:00
Joachim Fasting a0663e3709 dnscrypt-proxy service: documentation fixes
- fix `enable` option description
  using `mkEnableOption longDescription` is incorrect; override
  `description` instead
- additional details for proper usage of the service, including
  an example of the recommended configuration
- clarify `localAddress` option description
- clarify `localPort` option description
- clarify `customResolver` option description
2016-03-17 14:18:30 +01:00
Nikolay Amiantov 363f024864 Merge pull request #13861 from abbradar/mjpg-streamer
mjpg-streamer: update and add NixOS service
2016-03-14 15:19:03 +03:00
Edward Tjörnhammar c65026bfa5 nixos: i2pd, change to yes/no config entries and explicitly enable client endpoints 2016-03-13 21:36:30 +01:00
Nikolay Amiantov 83ff545bfd mjpg-streamer service: init 2016-03-12 18:53:02 +03:00
Joachim Fasting e7cfccbcc2 dnscrypt-proxy service: fix apparmor profile
The daemon additionally requires libcap, liblz4, and libattr.
2016-03-09 04:13:19 +01:00
Michael Raskin b27de68c4e Merge pull request #13777 from eqyiel/upstream
vsftpd: Add possibility to specify path to RSA key file
2016-03-09 03:02:29 +00:00
Joachim Fasting e3ae435aad dnscrypt-proxy service: fix default resolver name
The "opendns" resolver has changed name to "cisco", causing the default
dnscrypt-proxy configuration to fail.
2016-03-09 02:59:30 +01:00
Mango Chutney 973219c973 vsftpd.nix: Add possibility to add RSA key file 2016-03-09 01:32:44 +00:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
joachifm 453686a24a Merge pull request #13705 from aneeshusa/use-bin-instead-of-sbin-for-openssh
openssh: use bin instead of sbin folder
2016-03-07 12:03:37 +00:00
joachifm 8cff02206b Merge pull request #13725 from nathan7/bird-user
bird module: run as user/group `bird`, not `ircd`
2016-03-07 11:34:06 +00:00
Christoph Hrdinka 67e93e984c Merge pull request #13723 from Profpatsch/wheter
wheter -> whether
2016-03-07 10:51:43 +01:00
Profpatsch 7f44b58609 wheter → whether
Nice weather today, isn’t it?
2016-03-07 03:06:54 +01:00
Nathan Zadoks 0360e410b7 bird module: run as user/group bird, not ircd 2016-03-07 02:02:58 +01:00
Marius Bakke 7135553cf1 unbound: drop sbin directory 2016-03-06 12:50:41 +00:00
Aneesh Agrawal bb39304ce6 openssh: use bin instead of sbin folder
References #11939.
2016-03-05 23:56:32 -05:00
joachifm 6048f0fbd6 Merge pull request #11738 from grwlf/syncthing
Support SOCKS5 proxy for the Syncthing service
2016-03-04 01:18:40 +00:00
aszlig 6cf6c3fbc9
nixos: Fix build of manual
Broken by 17389e256f.

The description attributes of mkOption are parsed by XSLT, so we can
create a DocBook manual out of it.

Unfortunately, the passwordHash option had a description which includes
a <password> placeholder which is recognized by DocBook XSL as a valid
start tag. So as there is obviously no </password>, the build of the
manual bailed out with a parsing error.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Reported-by: devhell <"^"@regexmail.net>
2016-03-03 21:35:31 +01:00
Eelco Dolstra 6bd0c3fe9d ifplugd: Remove
This package hasn't been updated in 11 years, and isn't really useful
anymore in a modern Linux system.
2016-03-03 19:43:11 +01:00
Franz Pletz aa819b8d39 Merge pull request #13591 from mayflower/services/nntp-proxy
nntp-proxy service: init
2016-03-03 18:57:25 +01:00
Shea Levy bcdd81d9e1 networkmanager: Enable ipv6 privacy extensions by default 2016-03-03 12:01:01 -05:00
Tristan Helmich 17389e256f nntp-proxy service: init 2016-03-03 14:14:19 +01:00
Nikolay Amiantov 23dd97ee88 Merge commit 'refs/pull/13412/head' of git://github.com/NixOS/nixpkgs 2016-03-02 18:56:24 +03:00
Alex Franchuk 69d8cb4a6b libreswan: add package and service to nixos 2016-03-02 09:44:30 -05:00
Thomas Strobel 2d6696fc0a nixos-modules: Fixes related to "literalExample" and "defaultText". 2016-02-29 01:47:12 +01:00
Christoph Hrdinka fd46f18cf6 nsd service: add build time config validation 2016-02-28 09:18:39 +01:00
Christoph Hrdinka c4c9019105 nsd service: make use of literalExample 2016-02-28 09:18:11 +01:00
Christoph Hrdinka 6a096504cc nsd service: add missing options 2016-02-28 09:18:11 +01:00
Christoph Hrdinka 8442a7d12c nsd service: code cleanup
Puts everything in alphanumeric order and removes unnecessary spaces to better
match NixOS coding style.
2016-02-28 09:18:11 +01:00
Domen Kožar 04422bb3ca Merge pull request #8630 from lihop/nixos/fix-formatting
nixos: fix formatting of option examples
2016-02-27 10:08:37 +00:00
Vladimír Čunát 3cf9cd8bc3 Merge #12796: nixos docs: show references to packages
(version 2) A better implementation of #10039, after #12357.
This time I did more thorough checking.

See commit messages for details.
2016-02-27 10:48:12 +01:00
Leroy Hopson f6f892e2d6 nsd service: fix formatting of example 2016-02-27 22:25:39 +13:00
Profpatsch 70c02402c8 networkmanager: fix link-local ip addresses
NetworkManager needs an additional avahi-user to use link-local
IPv4 (and probably IPv6) addresses. avahi-autoipd also needs to be
patched to the right path.
2016-02-26 03:28:56 +01:00
Eelco Dolstra d9d6a92d5e sshd.nix: Ensure global config goes before user Match blocks
Hopefully fixes #13393.
2016-02-23 18:03:33 +01:00