Commit Graph

80108 Commits

Author SHA1 Message Date
aszlig
5146f76095
nixos/taskserver: Add an option for organisations
We want to declaratively specify users and organisations, so let's add
another module option "organisations", which allows us to specify users,
groups and of course organisations.

The implementation of this is not yet done and this is just to feed the
boilerplate.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
274fe2a23b
nixos/taskserver: Fix generating server cert
We were generating a self-signed certificate for the server so far,
which we obviously don't want.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
77d7545fac
nixos/taskserver: Introduce a new fqdn option
Using just the host for the common name *and* for listening on the port
is quite a bad idea if you want to listen on something like :: or an
internal IP address which is proxied/tunneled to the outside.

Hence this separates host and fqdn.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
d94ac7a454
nixos/taskserver: Use types.str instead of string
The "string" option type has been deprecated since a long time
(800f9c2), so let's not use it here.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
411c6f77a3
nixos/taskserver: Add trust option to config file
The server starts up without that option anyway, but it complains about
its value not being set. As we probably want to have access to that
configuration value anyway, let's expose this via the NixOS module as
well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
1f410934f2
nixos/taskserver: Properly indent CA config lines
No change in functionality, but it's easier to read when properly
indented.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
3d820d5ba1
nixos/taskserver: Refactor module for CA creation
Now the service starts up if only the services.taskserver.enable option
is set to true.

We now also have three systemd services (started in this order):

 * taskserver-init: For creating the necessary data directory and also
                    includes a refecence to the configuration file in
                    the Nix store.
 * taskserver-ca:   Only enabled if none of the server.key, server.cert,
                    server.crl and caCert options are set, so we can
                    allow for certificates that are issued by another
                    CA.
                    This service creates a new CA key+certificate and a
                    server key+certificate and signs the latter using
                    the CA key.
                    The permissions of these keys/certs are set quite
                    strictly to allow only the root user to sign
                    certificates.
 * taskserver:      The main Taskserver service which just starts taskd.

We now also log to stdout and thus to the journal.

Of course, there are still a few problems left to solve, for instance:

 * The CA currently only signs the server certificates, so it's
   only usable for clients if the server doesn't validate client certs
   (which is kinda pointless).
 * Using "taskd <command>" is currently still a bit awkward to use, so
   we need to properly wrap it in environment.systemPackages to set the
   dataDir by default.
 * There are still a few configuration options left to include, for
   example the "trust" option.
 * We might want to introduce an extraConfig option.
 * It might be useful to allow for declarative configuration of
   organisations and users, especially when it comes to creating client
   certificates.
 * The right signal has to be sent for the taskserver service to reload
   properly.
 * Currently the CA and server certificates are created using
   server.host as the common name and doesn't set additional certificate
   information. This could be improved by adding options that explicitly
   set that information.

As for the config file, we might need to patch taskd to allow for
setting not only --data but also a --cfgfile, which then omits the
${dataDir}/config file. We can still use the "include" directive from
the file specified using --cfgfile in order to chainload
${dataDir}/config.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
6d38a59c2d
nixos/taskserver: Improve module options
The descriptions for the options previously seem to be from the
taskdrc(5) manual page. So in cases where they didn't make sense for us
I changed the wording a bit (for example for client.deny we don't have a
"comma-separated list".

Also, I've reordered things a bit for consistency (type, default,
example and then description) and add missing types, examples and
docbook tags.

Options that are not used by default now have a null value, so that we
can generate a configuration file out of all the options defined for the
module.

The dataDir default value is now /var/lib/taskserver, because it doesn't
make sense to put just yet another empty subdirectory in it and "data"
doesn't quite make sense anyway, because it also contains the
configuration file as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
8081c791e9
nixos/taskserver: Remove options for log/pidFile
We're aiming for a proper integration into systemd/journald, so we
really don't want zillions of separate log files flying around in our
system.

Same as with the pidFile. The latter is only needed for taskdctl, which
is a SysV-style initscript and all of its functionality plus a lot more
is handled by systemd already.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
5060ee456c
nixos/taskserver: Unify taskd user and group
The service doesn't start with the "taskd" user being present, so we
really should add it. And while at it, it really makes sense to add a
default group as well.

I'm using a check for the user/group name as well, to allow the
taskserver to be run as an existing user.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
743993f4be
nixos/ids: Rename uid and add gid for "taskd"
I'm renaming the attribute name for uid, because the user name is called
"taskd" so we should really use the same name for it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
Matthias Beyer
5442f22d05
Add taskserver to ids.nix 2016-04-05 18:53:31 +02:00
Matthias Beyer
80ae0fe9a2
Add taskserver to module-list 2016-04-05 18:53:31 +02:00
Matthias Beyer
e6ace2a76a
taskd service: Add initialization script 2016-04-05 18:53:31 +02:00
Matthias Beyer
da53312f5c
Add services file for taskwarrior server service 2016-04-05 18:53:31 +02:00
Vincent Laporte
d06dfe861d ocaml-text: 0.7.1 -> 0.8 2016-04-05 16:45:09 +00:00
Arseniy Seroka
33c2134bf2 Merge pull request #14453 from markWot/fix/conkeror-update
conkeror: 1.0pre-20150730 -> 1.0pre-20160130
2016-04-05 19:33:10 +03:00
Arseniy Seroka
56c3b2213d Merge pull request #14449 from NeQuissimus/rsyslog8170
rsyslog: 8.14.0 -> 8.17.0 (incl. dependencies)
2016-04-05 19:32:43 +03:00
Arseniy Seroka
ae9a8670cb Merge pull request #14473 from NeQuissimus/liquibase
liquibase: init at 3.4.2
2016-04-05 19:32:24 +03:00
Arseniy Seroka
028c0b78bd Merge pull request #14452 from ebzzry/pell-0.0.1
pell: init at 0.0.1
2016-04-05 19:32:02 +03:00
Arseniy Seroka
95856303d8 Merge pull request #14461 from micxjo/update-playerctl
playerctl: 0.4.2 -> 0.5.0
2016-04-05 19:31:17 +03:00
Nikolay Amiantov
822665f066 paprefs: propagate GConf dbus service 2016-04-05 17:58:04 +03:00
Tim Steinbach
54d93ab15a liquibase: init at 3.4.2 2016-04-05 10:44:24 -04:00
Louis Taylor
81e23c5ab1 mutt: update sidebar patch 2016-04-05 16:33:35 +02:00
Louis Taylor
14cb8a7a58 mutt: 1.5.24 -> 1.6.0 2016-04-05 16:33:35 +02:00
Lancelot SIX
1f72a2655a Merge pull request #13588 from Profpatsch/yolk
pythonPackages/yolk: init at 0.4.3

built and tested locally.
2016-04-05 15:09:40 +02:00
Markus Wotringer
90624dcf89 conkeror: 1.0pre-20150730 -> 1.0pre-20160130 2016-04-05 14:34:42 +02:00
Vladimír Čunát
aa670eb503 vmTools: update debian jessie 8.3 -> 8.4
Their in-place updates break download hashes...
2016-04-05 14:32:04 +02:00
Michael Raskin
15434be579 Merge pull request #14456 from tohl/master
sbcl and clisp improvements, clisp now runs on arm and can be used to build sbcl
2016-04-05 09:38:41 +00:00
Eelco Dolstra
ab2855b975 Add 16.03 AMIs 2016-04-05 11:25:12 +02:00
Eelco Dolstra
69c746d06b Update AMI creation script 2016-04-05 11:25:12 +02:00
Vladimír Čunát
2bbae9696a nixpkgs manual introduction: improve
- make line wrapping more consistent (overlong lines)
- don't stress the manual is *only* for contributors,
  as it does contain some user-guide parts, including the intro itself
- since March our Hydra publishes binaries immediately,
  not waiting for channel update
2016-04-05 10:06:10 +02:00
Peter Simons
d2ef7ab10f Merge pull request #14467 from DamienCassou/emacs-25.0.92
emacs25pre: 25.0.50-1b5630e -> 25.0.92
2016-04-05 10:04:32 +02:00
Damien Cassou
9b52caaa0c emacs25pre: 25.0.50-1b5630e -> 25.0.92 2016-04-05 09:57:05 +02:00
Rommel M. Martinez
bfc979c8a0 pell: init at 0.0.1 2016-04-05 13:24:33 +08:00
Daniel Peebles
9fc2dfabfd Merge pull request #14460 from puffnfresh/package/hipchat
hipchat: fix links being broken
2016-04-04 21:46:02 -04:00
Tobias Geerinckx-Rice
56ff116f2a zpaq: 7.07 -> 7.08
Changes:
- Removes multi-part archive support, -nodelete, add -test, and
  -key prompt.
- Updated to libzpaq v7.08 (smaller decoder buffer).
- Updated Makefile to link libzpaq.o statically.
2016-04-05 03:25:45 +02:00
Micxjo Funkcio
0c059b4973
playerctl: 0.4.2 -> 0.5.0 2016-04-04 17:47:35 -07:00
Brian McKenna
b39fd4f97b hipchat: fix links being broken 2016-04-05 10:02:46 +10:00
goibhniu
95afec55a2 Merge pull request #14455 from nico202/dgz
drumgizmo: 0.9.9 -> 0.9.10
2016-04-04 23:28:31 +02:00
joachifm
ad8857a81a Merge pull request #14367 from grahamc/xapian-sup-kiwix
Xapian: Remove 1.0, Upgrade 1.2, and pin bindings to php 5.6, Fix `sup`, and mark `Kiwix` as Broken
2016-04-04 22:53:47 +02:00
Tomas Hlavaty
106d0f6b51 clisp: control build options and fix non x86* architectures 2016-04-04 22:22:30 +02:00
Tomas Hlavaty
f6807dba60 sbcl: better thread support and arm detection 2016-04-04 22:16:21 +02:00
Tobias Geerinckx-Rice
d54bc765b5 hplip: canonicalise 56-hpmud.rules' paths if installed
Fixes #14338.
2016-04-04 22:14:21 +02:00
Tobias Geerinckx-Rice
621218c3c1 cpp-netlib: 0.11.2 -> 0.12.0 2016-04-04 22:14:21 +02:00
Tomas Hlavaty
08cf0dcb5c sbcl: 1.3.3 -> 1.3.4 2016-04-04 22:11:21 +02:00
=
9b26566daa drumgizmo: 0.9.9 -> 0.9.10 2016-04-04 22:11:17 +02:00
Daniel Peebles
cf39ca1950 Merge pull request #14451 from NeQuissimus/readme1603
README: 15.09 -> 16.03
2016-04-04 14:48:10 -04:00
Tim Steinbach
bb125c7936 README: 15.09 -> 16.03 2016-04-04 14:42:07 -04:00
Tim Steinbach
158558e091 rsyslog: 8.14.0 -> 8.17.0 2016-04-04 14:31:01 -04:00