1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 15:11:35 +00:00
Commit graph

5271 commits

Author SHA1 Message Date
Franz Pletz 76b21b7adb nixos/firewall: Refactor rpfilter, allow DHCPv4 (#17325)
Adds a new chain in the raw table for reverse path filtering and optional
logging. A rule to allow serving DHCPv4 was also added as it is commonly
needed and poses no security risk even when no DHCPv4 server is running.

Fixes #10101.
2016-07-31 13:49:24 +02:00
Profpatsch 8a6047a525 nixos/pulseaudio: increase service restart time
Pulseaudio doesn’t like being restarted too quickly.
2016-07-30 23:42:54 +02:00
Profpatsch 5074a79937 nixos/pulseaudio: tcp streaming & zeroconf
Adds options for tcp streaming and avahi zeroconf support (so that the
server can be easily found by clients).
There is also an option to allow anonymous clients to stream to the
server (by default pulseaudio uses a cookie mechanism, see manpage).
2016-07-30 23:42:54 +02:00
Thomas Tuegel d5bec1a145 kde5: rename extra-cmake-modules variants
Instead of one package `extra-cmake-modules`, there is now `ecm` and
`ecmNoHooks`. The latter is used when one does not want to incur a Qt 5
dependency; it is also available as a top-level package
`extra-cmake-modules`.
2016-07-30 14:06:43 -05:00
Gabriel Ebner 07fc65289a nixos/x11: remove unneccessary special cases 2016-07-30 17:03:16 +02:00
Gabriel Ebner 5c9309c231 xorg.xorgserver: enable glamor support 2016-07-30 13:37:51 +02:00
Thomas Tuegel 3dea00d90e nixos/kde: phonon moved to qt5 2016-07-29 10:29:15 -05:00
Rob Vermaas 9494b764d2 dd-agent: support jmx, needs a separate daemon nowadays.
(cherry picked from commit 1425a1f964)
2016-07-29 12:42:07 +00:00
Eelco Dolstra fd5bbdb436 nixos-containers: Set DevicePolicy=closed
This makes the container a bit more secure, by preventing root
creating device nodes to access the host file system, for
instance. (Reference: systemd-nspawn@.service in systemd.)
2016-07-28 17:58:55 +02:00
Eelco Dolstra bf3edfbb3c nixos-containers: Use systemd 231's --notify-ready flag 2016-07-28 17:58:52 +02:00
Robin Gloster 356c2fe00d Revert "nginx: Verify that configuration is syntactically correct" (#17337) 2016-07-28 13:55:06 +02:00
Peter Hoeg 62f2f72e98 tmux module: do not override keys by default in VI mode (#17330)
We want to stick to upstream defaults as much as possible.

As pointed out by @8573 in #16999, this was not the case.
2016-07-28 13:10:42 +02:00
Peter Hoeg 65ef5d8f5b rspam module: use mkEnableOption
See #17329.
2016-07-28 07:06:35 +02:00
Franz Pletz 8a1e7cd556 rspamd service: fix runtime directory, log to syslog
Fixes #17144.
2016-07-28 06:22:29 +02:00
Franz Pletz d23521b16c rmilter service: use runtime dirctory for socket 2016-07-28 06:22:23 +02:00
Christine Koppelt 39da575262 add epub for NixOS manual (second try) (#17205) 2016-07-28 04:27:39 +02:00
Robin Lambertz b65e9d87e2 matrix-synapse: Only run StartPre script when data folder doesn't exist (#17216) 2016-07-28 04:13:21 +02:00
Franz Pletz 996c9837fa Merge pull request #17322 from RamKromberg/init/motif
motif: init at 2.3.6 & nedit: 5.6 -> 5.6a
2016-07-28 03:53:38 +02:00
Ram Kromberg 3800bb5017 motif: init at 2.3.6 2016-07-28 01:33:45 +03:00
Bjørn Forsman c7860cae1a Revert "phpfpm service: restructured pool configuration"
This reverts commit 6b3f5b5a42 because it
introduced a non-backwards compatible change in the phpfpm interface,
without really needing to. The new interface, if needed, can be re-added
alongside the old interface.

Commit 98e419c0e2 ("tt-rss service: init at 16.3")
depends on the new interface, so this commit updates the tt-rss service
to work with the old services.phpfpm.poolConfigs interface.
2016-07-27 23:53:58 +02:00
Robin Lambertz 103805dec5 nginx: Verify that configuration is syntactically correct (#17208) 2016-07-27 22:24:08 +02:00
Shawn Warren 7234275cd5 bump gocd-server version to 16.6.0-3590 (#17304)
Update gocd-server package version to 16.6.0-3590 including new sha.  Modify heapSize
and maxMemory mkOption to accurately reflect their intended purpose of configuring
initial java heap sizes.
2016-07-27 18:44:28 +02:00
Rok Garbas 14e8071921 Merge pull request #17305 from hiberno/update-elk-stack
Update elk stack
2016-07-27 18:42:08 +02:00
Christian Lask 6d68a1fbf3 logstash: 1.5.3 -> 2.3.4
Note: the option to configure the watchdog timeout seems to be gone
in the 2.3 series of Logstash. It complains about an unknown option
and it is not in the source anymore. I am thus removing this
configuration option to adjust the service to these changes, too.
2016-07-27 17:45:38 +02:00
Tristan Helmich c9b9692347 tinc: add Restart in systemd service config 2016-07-27 10:38:57 +02:00
Joachim F ad127bb55d Merge pull request #17271 from jokogr/fix/syncthing-system-service
syncthing: fix system service
2016-07-27 03:23:08 +02:00
Bjørn Forsman 0a2174f195 nixos/lighttpd: move cgit setup to cgit.nix
To where it really belongs. Separation of concern.
2016-07-26 15:37:24 +02:00
Ioannis Koutras 24968fc1c1 syncthing: fix system service 2016-07-26 13:10:15 +03:00
Wout Mertens 62d11a6961 Merge pull request #17206 from nathan-gs/patch-2
Fix #9759 SSMTP sendmail wrapper
2016-07-26 10:52:19 +02:00
Wout Mertens 3bb18c68d2 Merge pull request #17042 from rasendubi/etc
etc: remove obsolete directories
2016-07-26 09:04:10 +02:00
Luca Bruno 5c738ec37e gnome3: drop 3.18 2016-07-25 22:49:12 +02:00
Alexey Shmalko fe9cabedf0
etc: remove obsolete directories
This patch adds handling of a directory becoming a symlink in
/etc. Before this patch, the directory wasn't removed and then
symlinking failed, which caused directory not being updated at all.

The idea for the patch goes to @abbradar at
https://github.com/NixOS/nixpkgs/issues/16978#issuecomment-232921903:
> A heuristic idea for this -- a function `isStatic :: Path -> Bool`:
>
> * if path `/etc/foo` is a file, return True iff it's a symlink to `/etc/static/foo`.
> * if path is a directory, return True iff for all items in it `isStatic` is True.
>
> On any conflicts, if old path is static, it's safe to replace and/or
> delete stale. Otherwise make a backup and notify the user via a
> journal entry and console output.

The only difference here -- it will not replace user configs.

This also fixes https://github.com/NixOS/nixpkgs/issues/16978.
2016-07-25 15:50:53 +03:00
Joachim F 0050338610 Merge pull request #17087 from j1r1k/pulseaudio-extraClientConf
pulseaudio module: add extraClientConf option
2016-07-24 15:52:01 +02:00
Nikolay Amiantov ddb75882b6 kbd task: fix colors in early initrd 2016-07-24 15:08:49 +03:00
Joachim Fasting 88138d43fa
grsecurity test: add note explaining what the tcc -run test accomplishes 2016-07-24 12:54:07 +02:00
Joachim Fasting 8c8d6b4053
grsecurity test: verify that the grsec device node is created 2016-07-24 12:54:07 +02:00
Joachim Fasting 96542a1b00
grsecurity module: assert RBAC support in kernel 2016-07-24 12:54:07 +02:00
Joachim Fasting 5ece58ed66
grsecurity module: add gradm to system path 2016-07-24 12:54:07 +02:00
Joachim F 027cb61088 Merge pull request #16891 from joachifm/grsec-doc
manual: add chapter on Grsecurity/PaX
2016-07-24 12:48:27 +02:00
Daiderd Jordan eab1ec23f0 Merge pull request #17194 from Profpatsch/document-container-root
nixos/manual: document you need root for container
2016-07-24 12:01:47 +02:00
Emery Hemingway 90ee01cd3d nixos: disable DHCP on ZeroTier interfaces 2016-07-23 21:04:42 +02:00
Nathan Bijnens bb528e714d Fix #9759 SSMTP sendmail wrapper - cfg instead of full path 2016-07-23 20:58:58 +02:00
Joachim Fasting edbaba6d3c
nixos release notes: document changes to grsecurity/PaX 2016-07-23 19:09:47 +02:00
Joachim Fasting 190890cdac
nixos manual: add chapter on grsecurity/PaX
Explain the "what", "why", and "how" of grsecurity/PaX
on NixOS.
2016-07-23 19:09:43 +02:00
Nathan Bijnens cf3867a5ef Fix #9759 SSMTP sendmail wrapper 2016-07-23 18:00:10 +02:00
Profpatsch 2f074321c7 nixos/manual: document you need root for container 2016-07-23 06:21:56 +02:00
ben smith c38e6a2a60 mysql: fix replication tests (#17174)
Eliminate race condition in replication test
Remove replication configuration from standalone test
Improve mysql command syntax consistency
2016-07-23 00:37:05 +02:00
Shawn Warren 9886c80daa Add gocd agent and server service packages (#16273)
GoCD is an open source continuous delivery server specializing in advanced workflow
modeling and visualization.  Update maintainers list to include swarren83.  Update
module list to include gocd agent and server module.  Update packages list to include
gocd agent and server package.  Update version, revision and checksum for GoCD
release 16.5.0.
2016-07-23 00:29:18 +02:00
Moritz Ulrich f8ea8c7197 tt-rss: Fix evaluation by disabling nginx-options.
The nginx.virtualHosts option isn't merged yet. We can re-enable these
features when https://github.com/NixOS/nixpkgs/pull/15862 is merged.
2016-07-22 09:54:25 +02:00
Rok Garbas d73c115aa4 Merge pull request #16132 from zohl/tt-rss
tt-rss service: init at 16.3
2016-07-21 20:48:18 +02:00