Commit Graph

730 Commits

Author SHA1 Message Date
Christoph Hrdinka
553a3295c1 nsd: 4.1.9 -> 4.1.12
4.1.12
======

Bugfixes
--------

Fix malformed edns query assertion failure, reported by Michal Kepien (NASK).

4.1.11
======

Features
--------

* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.

Bugfixes
--------

* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix #783: Trying to run a root server without having configured it silently gives wrong answers.
* Fix #782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.

4.1.10
======

Features
--------

* ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down.
* NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size.
* print notice that nsd is starting before taking off.

Bugfixes
--------

* Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
* Fix #751: NSD fails to occlude names below a DNAME.
* If set without nsd.db print "" as the default in the man pages.
* Fix #755: NSD spins after a zone update and a lot of TCP queries.
* Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser.
* #772 Document that recvmmsg has IPv6 problems on some linux kernels.

4.1.9
=====

Bugfixes
--------

* Change the nsd.db file version because of nanosecond precision fix.
2016-09-27 00:14:24 +02:00
Frederik Rietdijk
4020035513 Merge pull request #18935 from rycee/pullout/radicale
radicale: break into own package
2016-09-26 22:14:42 +02:00
aszlig
2af7051197
nixos/offlineimap: Move to services/mail
The services/networking directory is already quite polluted and the
first point where I was looking for the offlineimap module was in
services/mail and didn't find it there.

Offlineimap already has IMAP in its name and clearly belongs to the
"mail" category so let's move it there.

Tested by evaluating a configuration with services.offlineimap enabled.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @DamienCassou
2016-09-26 21:18:06 +02:00
aszlig
603b73f1e1
nixos/offlineimap: Don't build the package on eval
Coercing the derivation to string causes the package to be built during
evaluation rather than during actual realization which is completely
unnecessary because we don't need additional Nix expression information
for the package (nor do we need it for the service).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @DamienCassou
Cc: @Profpatsch (stumbled on this because of him)
2016-09-26 21:07:06 +02:00
Robert Helgesson
9d2a831497
radicale: break into own package
Since this is an application it is not suitable for pythonPackages,
which is more appropriate for Python modules.
2016-09-25 22:15:19 +02:00
Michele Guerini Rocco
ec8d5945ce connman: disable connman-vpn by default (#18323) 2016-09-25 08:02:29 +02:00
Wei-Ming Yang
e330807e1f
murmur service: welcome -> welcometext
fixed incorrect option name `welcome` to `welcometext`.

joachifm added a rename for backwards compat.

Closes https://github.com/NixOS/nixpkgs/pull/18570
2016-09-23 16:08:14 +02:00
Jookia
e23cc550b3 nixos: add htpdate module 2016-09-23 02:02:20 +10:00
Alexey Shmalko
60cfc558be Merge pull request #18718 from Mic92/powerdns
powerdns: init at 4.0.1
2016-09-20 11:07:51 +03:00
Jörg Thalheim
b0a1c0b343
powerdns: init at 4.0.1
fixes #18703
2016-09-18 14:52:44 +02:00
Joachim Fasting
22d6c97855
unbound service: extend isLocalAddress to handle ipv6 2016-09-16 09:47:36 +02:00
Joachim Fasting
5dc60051fa
unbound service: some pre-chroot isolation
While entering the chroot should provide the same amount of isolation,
the preStart script will run with full root privileges and so would
benefit from some isolation as well (in particular due to
unbound-anchor, which can perform network I/O).
2016-09-15 15:37:20 +02:00
Joachim Fasting
39f5182a30
unbound service: use auto-generated uid
1. The preStart script ensures consistent ownership, even if the unbound
   user's uid has changed
2. The unbound daemon does not generate data that needs to be private to
   it, so it would not matter that a different service would end up
   owning its data (as long as unbound remains enabled, it should reclaim
   ownership soon enough anyway).

Thus, there's no clear benefit to allocate a dedicated uid for the
unbound service.  This releases uid/gid 48.

Also, because the preStart script creates the data directory, there's no
need to specify a homedir or ask for its creation.
2016-09-15 15:37:19 +02:00
Joachim Fasting
0759e77dfd
unbound service: add reference to man:unbound.conf(8) 2016-09-15 15:37:19 +02:00
Joachim Fasting
52432ee63d
unbound service: non-blocking random in chroot
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
2016-09-15 15:37:19 +02:00
Joachim Fasting
7980523e00
unbound service: convenient handling of local forward addresses
do-not-query-localhost defaults to yes; with this patch, unbound is
configured to query localhost if any of the forward addresses are local.
2016-09-15 15:37:19 +02:00
Alexander Ried
06b2897c40 networking.dhcpcd: Don't add to system closure when using networkd (#18436) 2016-09-13 07:55:17 +02:00
Franz Pletz
5c38882f38
toxvpn service: doesn't require online network
Tested that it detects network changes quickly.
2016-09-11 08:16:55 +02:00
Franz Pletz
c58654e2b7
treewide: fix fallout of ip-up deprecation
See #18319 for details. Starting network-online.target manually does not
work as it hangs indefinitely.

Additionally, don't treat avahi and dhcpcd special and sync their systemd units
with the respective upstream suggestion.
2016-09-11 08:13:04 +02:00
Alexander Ried
27bc34f1e4 treewide: deprecate ip-up.target (#18319)
Systemd upstream provides targets for networking. This also includes a target network-online.target.

In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
2016-09-10 18:03:59 +02:00
Domen Kožar
fed3501b07 Remove docker-registry as it's deprecated #18209 2016-09-09 18:50:42 +02:00
Robert Helgesson
bf371a8b06 radicale service: use "simple" service type (#18406)
Radicale can run as a foreground service and will then emits logging and
errors on the standard output. This helps the logging end up in the
systemd journal.
2016-09-08 12:34:22 +02:00
aszlig
fb46df8a9a
nixos: Fix ordering of firewall.service
Follow-up to the following commits:

  abdc5961c3: Fix starting the firewall
  e090701e2d: Order before sysinit

Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.

The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.

To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.

Tested using the firewall NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
2016-09-07 15:11:24 +02:00
Eelco Dolstra
e090701e2d firewall: Order before sysinit
Suggested by @aszlig.
2016-09-07 14:42:30 +02:00
Eelco Dolstra
abdc5961c3 Fix starting the firewall
Probably as a result of 992c514a20, it
was not being started anymore.

My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.

http://hydra.nixos.org/build/39965589
2016-09-07 14:30:11 +02:00
Alexey Shmalko
b7237abc08 avahi-daemon: remove default browse-domains
These domains are not actually default but examples. See
https://github.com/lathiat/avahi/blob/master/avahi-daemon/avahi-daemon.conf#L24
for default config.
2016-09-07 13:58:21 +02:00
Eelco Dolstra
520cb14f16 Fix infinite recursion introduced by f3c32cb2c1 2016-09-05 18:17:22 +02:00
Eelco Dolstra
f3c32cb2c1 Let services.openssh.forwardX11 imply programs.ssh.setXAuthLocation 2016-09-05 15:38:42 +02:00
Octavian Cerna
a30d4654f2 quagga service: New NixOS module. 2016-09-02 13:59:51 +03:00
Nikolay Amiantov
608ee1c7b3 mjpg-streamer service: restart on failure 2016-09-02 11:44:16 +03:00
Joachim Fasting
6df8de50f3
unbound service: whitespace fixes 2016-09-01 14:51:33 +02:00
Joachim Fasting
03c2c87ed6
unbound service: use mkEnableOption 2016-09-01 14:51:32 +02:00
zimbatm
17dbfeb450 Merge pull request #18152 from roblabla/bugfix-zeroTierOneConfigurablePackage
zerotierone: make package configurable
2016-08-31 12:34:59 +01:00
roblabla
caa1350e07 zerotierone: make package configurable 2016-08-31 12:39:55 +02:00
Joachim Fasting
d78e0ed1f9
dnscrypt-proxy module: move detailed info to module documentation 2016-08-29 23:48:12 +02:00
Joachim Fasting
68210aa772
dnscrypt-proxy module: serviceConfig.Group is redundant
Same as user's primary group if left unspecified
2016-08-29 23:48:12 +02:00
Joachim Fasting
23a7e6e911
dnscrypt-proxy module: formatting 2016-08-29 23:48:11 +02:00
Domen Kožar
e01e92f12f Merge pull request #15025 from ericsagnes/modules/manual
manual: automatically generate modules documentation
2016-08-28 13:57:34 +02:00
Graham Christensen
8d10928ad0 Merge pull request #17908 from Mic92/ferm
Ferm
2016-08-25 20:38:02 -04:00
Jörg Thalheim
7b354ce8cc
ferm: init at 2.3 2016-08-25 21:37:19 +02:00
Carles Pagès
3374aa25bc cjdns: fix assertion. 2016-08-25 08:57:18 +02:00
Nikolay Amiantov
5ff6e98486 modprobe service: drop kmod wrapper 2016-08-19 17:56:49 +03:00
Joachim F
c2bfce8de8 Merge pull request #16762 from matthewbauer/gnustep2
Add "gnustep" to nixpkgs
2016-08-17 23:38:56 +02:00
Matthew Bauer
f541715057 gnustep: fix gdomap service
This gets rid of the rest of the pidfile stuff and makes gdomap just act
like a normal systemd process. Also reword "enable" option.
2016-08-16 21:11:06 +00:00
Matthew Bauer
5ea9bd0920 gnustep: fix naming of gnustep stuff
This should fix the NixOS issues.
2016-08-16 21:11:05 +00:00
Artyom Shalkhakov
697982b91b gnustep: fix gdnc, gdomap
Both gdnc and gdomap seem to work.
2016-08-16 21:00:31 +00:00
Artyom Shalkhakov
d3d580ebbe gnustep: cleanup
Major clean-up. Everything builds fine.
2016-08-16 21:00:27 +00:00
Artyom Shalkhakov
9b17cd8fab gnustep: add nixos deamons
Adding basic daemons: gdomap and gdnc. It seems that GWorkspace
does is unable to work properly without the daemons.
2016-08-16 21:00:21 +00:00
Svein Ove Aas
102472b8de unifi: Open required ports by default.
The controller does not work at all if they aren't, with the exception
of special configurations involving L3 or custom ports.
2016-08-16 21:01:49 +01:00
Svein Ove Aas
e3f0a09b6d unifi: chown the data dir as well.
It needs to be writeable.
2016-08-16 21:01:49 +01:00