1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-27 08:01:14 +00:00
Commit graph

3870 commits

Author SHA1 Message Date
Domen Kožar 7a89a85622 nix.useChroot: allow 'relaxed' as a value 2016-03-25 12:50:39 +00:00
Arseniy Seroka 2358582976 Merge pull request #14045 from otwieracz/master
znapzend: added
2016-03-24 23:10:40 +03:00
Slawomir Gonet 3ff417cbb7 znapzend service: init at 0.15.3 2016-03-24 20:57:33 +01:00
Joachim Fasting 1ca4610577 dnscrypt-proxy service: change default upstream resolver
Previously, the cisco resolver was used on the theory that it would
provide the best user experience regardless of location.  The downsides
of cisco are 1) logging; 2) missing supoprt for DNS security extensions.

The new upstream resolver is located in Holland, supports DNS security,
and *claims* to not log activity. For users outside of Europe, this will
mean reduced performance, but I believe it's a worthy tradeoff.
2016-03-24 17:14:22 +01:00
Joachim Fasting 9bf6e64860 dnscrypt-proxy service: use dynamic uid/gid
The daemon doesn't have any portable data, reserving a
UID/GID for it is redundant.

This frees up UID/GID 151.
2016-03-24 17:14:22 +01:00
Joachim Fasting 03bdf8f03c dnscrypt-proxy service: additional hardening
Run the daemon with private /home and /run/user to
prevent it from enumerating users on the system.
2016-03-24 17:14:22 +01:00
Joachim Fasting 4001917359 dnscrypt-proxy service: cosmetic enhancements 2016-03-24 17:14:22 +01:00
joachifm f8858c383b Merge pull request #14140 from Pleune/fix/iodined-wait-for-network
iodined service: wantedBy ip-up.target
2016-03-24 13:20:00 +00:00
Domen Kožar d43da3c488 Pin hydra-www and hydra-queue-runner uids
hydra user is already pinned, this is needed due to
https://github.com/NixOS/nixpkgs/issues/14148

(cherry picked from commit 0858ece1ad)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-03-23 12:17:18 +00:00
Mitchell Pleune 927aaecbcb iodined service: wantedBy ip-up.target
When iodined tries to start before any interface other than loopback has an ip, iodined fails.
Wait for ip-up.target

The above is because of the following:
in iodined's code: src/common.c line 157
	the flag AI_ADDRCONFIG is passed as a flag to getaddrinfo.
	Iodine uses the function

		get_addr(char *host,
			int port,
			int addr_family,
			int flags,
			struct sockaddr_storage *out);

	to get address information via getaddrinfo().

	Within get_addr, the flag AI_ADDRCONFIG is forced.

	What this flag does, is cause getaddrinfo to return
	"Name or service not known" as an error explicitly if no ip
	has been assigned to the computer.
	see getaddrinfo(3)

Wait for an ip before starting iodined.
2016-03-22 23:40:49 -04:00
Pascal Wittmann 4295ad5ee8 Merge pull request #14079 from NixOS/add-radicale-user
radicale service: run with dedicated user
2016-03-21 13:56:23 +01:00
Domen Kožar 1536834ee0 Merge pull request #14066 from jerith666/crashplan-46
crashplan: 3.6.4 -> 4.6.0
2016-03-20 20:10:28 +00:00
Matt McHenry 447c97f929 crashplan: 3.6.4 -> 4.6.0
* the major change is to set TARGETDIR=${vardir}, and symlink from
  ${vardir} back to ${out} instead of the other way around.  this
  gives CP more liberty to write to more directories -- in particular
  it seems to want to write some configuration files outside of conf?

* run.conf does not need 'export'

* minor tweaks to CrashPlanDesktop.patch
2016-03-20 13:56:54 -04:00
joachifm 3273605aef Merge pull request #14033 from joachifm/clfswm-broken
Mark clfswm as broken
2016-03-20 15:27:41 +00:00
Pascal Wittmann a491b75523 radicale service: run with dedicated user
This is done in the context of #11908.
2016-03-20 15:50:14 +01:00
Joachim Fasting e891e50946 nixos: disable the clfswm window manager module 2016-03-19 15:52:18 +01:00
Peter Simons 5391882ebd services.xserver.startGnuPGAgent: remove obsolete NixOS option
GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
longer requires (or even supports) the "start everything as a child of the
agent" scheme we've implemented in NixOS for older versions.

To configure the gpg-agent for your X session, add the following code to
~/.xsession or some other appropriate place that's sourced at start-up:

    gpg-connect-agent /bye
    GPG_TTY=$(tty)
    export GPG_TTY

If you want to use gpg-agent for SSH, too, also add the settings

    unset SSH_AGENT_PID
    export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"

and make sure that

    enable-ssh-support

is included in your ~/.gnupg/gpg-agent.conf.

The gpg-agent(1) man page has more details about this subject, i.e. in the
"EXAMPLES" section.
2016-03-18 11:06:31 +01:00
Peter Simons de11380679 nixos/modules/services/x11/xserver.nix: fix minor typo 2016-03-18 11:02:01 +01:00
Peter Simons a0ab4587b7 Set networking.firewall.allowPing = true by default.
This patch fixes https://github.com/NixOS/nixpkgs/issues/12927.

It would be great to configure good rate-limiting defaults for this via
/proc/sys/net/ipv4/icmp_ratelimit and /proc/sys/net/ipv6/icmp/ratelimit,
too, but I didn't since I don't know what a "good default" would be.
2016-03-17 19:40:13 +01:00
Joachim Fasting 12877098cb dnscrypt-proxy service: expose option to use ephemeral keys
Some users may wish to improve their privacy by using per-query
key pairs, which makes it more difficult for upstream resolvers to
track users across IP addresses.
2016-03-17 15:02:33 +01:00
Joachim Fasting a0663e3709 dnscrypt-proxy service: documentation fixes
- fix `enable` option description
  using `mkEnableOption longDescription` is incorrect; override
  `description` instead
- additional details for proper usage of the service, including
  an example of the recommended configuration
- clarify `localAddress` option description
- clarify `localPort` option description
- clarify `customResolver` option description
2016-03-17 14:18:30 +01:00
Franz Pletz 38579a1cc9 gitlab service: Remove emailFrom option
Not being used anymore. Use `services.gitlab.extraConfig.gitlab.email_from`
instead.
2016-03-17 04:16:25 +01:00
Peter Simons 6c601ed1f0 Merge pull request #13838 from peti/drop-old-dovecot-versions
Drop support for dovecot 2.1.x from Nixpkgs and NixOS.
2016-03-16 14:36:52 +01:00
Nikolay Amiantov 851af5e888 cups service: fix gutenprint update when there's no printers 2016-03-15 21:46:33 +03:00
Eelco Dolstra b250ac9290 Remove setting non-existent sysctl options
(cherry picked from commit 1010ced00c)
2016-03-15 17:44:30 +01:00
Eelco Dolstra 5cc7bcda30 Combine OVA generation steps
Previously this was done in three derivations (one to build the raw
disk image, one to convert to OVA, one to add a hydra-build-products
file). Now it's done in one step to reduce the amount of copying
to/from S3. In particular, not uploading the raw disk image prevents
us from hitting hydra-queue-runner's size limit of 2 GiB.
2016-03-15 14:15:12 +01:00
Tanner Doshier ab1008014d tarsnap: 1.0.36.1 -> 1.0.37 2016-03-14 17:56:48 -05:00
Peter Simons b7c8085c30 Merge pull request #13837 from peti/drop-old-postfix-versions
Drop support for postfix 2.x from Nixpkgs and NixOS.
2016-03-14 21:52:56 +01:00
Domen Kožar 68d30cdfcb NixOS 16.09 is called Flounder
chosen by @zimbatm as our documentation hero in 16.03
2016-03-14 19:09:54 +00:00
Rickard Nilsson 6ff5821be6 nixos/filesystems: Fix fs options type error 2016-03-14 17:24:36 +01:00
Robin Gloster 3f9b00c2d8 Merge pull request #13906 from Zer0-/gitlab_version_bump
Gitlab version bump
2016-03-14 13:29:13 +01:00
Nikolay Amiantov 363f024864 Merge pull request #13861 from abbradar/mjpg-streamer
mjpg-streamer: update and add NixOS service
2016-03-14 15:19:03 +03:00
Nikolay Amiantov 305fa26005 Merge pull request #13850 from abbradar/e20
Update Enlightenment, rename e19 -> enlightenment, drop e16
2016-03-14 02:28:58 +03:00
Nikolay Amiantov 7e57e2c0fb autofs service: clear lockfile before start
autofs uses a lock file in /tmp to check if it's running -- unclean
shutdown breaks the service until one manually removes it.
2016-03-14 01:02:40 +03:00
Philipp Volguine 10198b586e gitlab service startup fix
-gitlab-sidekiq was being started with a misspelled argument name
 which caused the mailer queue to never run and never send mail
2016-03-13 21:04:11 +00:00
Edward Tjörnhammar c65026bfa5 nixos: i2pd, change to yes/no config entries and explicitly enable client endpoints 2016-03-13 21:36:30 +01:00
Evgeny Egorochkin cc947ef934 virtualization/azure: reorder WALA and SSHD 2016-03-13 13:57:31 +02:00
Evgeny Egorochkin 6f47b2c16d virtualization/azure: turn off verbose logging 2016-03-13 13:57:31 +02:00
Evgeny Egorochkin 0d4e5649dc virtualization/azure: make the image dynamic again since azure-cli upload bug is fixed 2016-03-13 13:57:30 +02:00
Evgeny Egorochkin 7a4684bee1 virtualization/azure: take entropy handling code out of WALA and execute it before SSHD generates the host keys 2016-03-13 13:57:30 +02:00
Cole Mickens 73487f4619 virtualization/azure: fixes
azure-agent: add option for verbose logging
azure-agent: disable ssh host key regeneration
azure-common: set verbose logging on
azure-image: increase size to 30GB
2016-03-13 13:57:30 +02:00
Domen Kožar 77ae55308c fix installer tests #13559 2016-03-12 20:19:40 +00:00
Nikolay Amiantov 83ff545bfd mjpg-streamer service: init 2016-03-12 18:53:02 +03:00
Nikolay Amiantov 4a01f70f8f octoprint service: add extraConfig 2016-03-12 18:52:16 +03:00
Thomas Tuegel 5d36644f42 mantisbt: fix typo in documentation 2016-03-12 07:48:36 -06:00
makefu 626bfce3b8 graphite: fix carbonCache graphiteWeb graphiteApi
This commit implements the changes necessary to start up a graphite carbon Cache
with twisted and start the corresponding graphiteWeb service.
Dependencies need to be included via python buildEnv to include all recursive
implicit dependencies.

Additionally cairo is a requirement of graphiteWeb and pycairo is not a standard
python package (buildPythonPackage) and therefore cannot be included via
buildEnv. It also needs cairo in the Library PATH.
2016-03-12 02:02:04 +01:00
Nikolay Amiantov 7fb2291f55 enlightenment.enlightenment: 0.20.3 -> 0.20.6 2016-03-12 03:10:47 +03:00
Nikolay Amiantov 3f6ad460e7 enlightenment.efl: 1.16.1 -> 1.17.0 2016-03-12 03:10:46 +03:00
Nikolay Amiantov e358d9498c e19: rename to enlightenment, drop old one 2016-03-12 03:10:37 +03:00
Peter Simons c73a22aed5 Drop support for dovecot 2.1.x from Nixpkgs and NixOS.
Version 2.2.x has been stable for a long time; let's give up support for
the obsolete version.
2016-03-11 16:03:09 +01:00