JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
94,937 Commits 2 Branches 0 Tags 13 GiB
8f8184ece1
Commit Graph

801 Commits

Author SHA1 Message Date
Daniel Peebles
57cb5ab17a Merge pull request #12198 from mayflower/remove-upstart-layer 
Remove upstart layer
 2016-01-07 13:47:39 -05:00
Peter Simons
a68450e509 Merge pull request #12009 from mayflower/tinc-module 
tinc module: Ed25519PrivateKeyFile, BindToAddress
 2016-01-07 12:48:35 +01:00
Austin Seipp
4dc7cab40e nixos: btsync - switch to using systemd user services 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2016-01-07 03:33:38 -06:00
Tristan Helmich
1a0d004cc2 tinc module: Ed25519PrivateKeyFile, listenAddress 2016-01-07 09:13:28 +00:00
Robin Gloster
88292fdf09 jobs -> systemd.services 2016-01-07 06:39:06 +00:00
Austin Seipp
d89454bb79 nixos: btsync - add directoryRoot option 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2016-01-07 00:09:20 -06:00
Jakob Gillich
57d6dfe932 notbit: removed dead package 
The Bitmessage protocol v3 became mandatory on 16 Nov 2014 and notbit does not support it, nor has there been any activity in the project repository since then.
 2016-01-07 04:39:51 +01:00
Robin Gloster
246f0e91cd wpa_supplicant service: Warn about plaintext keys in docs 2016-01-06 03:58:39 +00:00
Robin Gloster
609457458e wpa_supplicant module: remove preStart hack 
If the config file is managed imperatively we shouldn't touch it.
 2016-01-06 03:58:39 +00:00
Robin Gloster
d03b35f881 wpa_supplicant module: add networks option 2016-01-06 03:58:39 +00:00
Robin Gloster
3a5f488445 wpa_supplicant module: refactor 2016-01-06 03:58:39 +00:00
Robin Gloster
7d973a56d0 wpa_supplicant module: remove obsolete option 
networking.WLANInterface has been obsolete for years
 2016-01-06 03:58:39 +00:00
Peter Simons
49d18bdfcb Revert "Basic Declaritive Network Configuration in wpa_supplicant Service" 2016-01-05 19:32:41 +01:00
Peter Simons
d807b057ed Merge pull request #11920 from bjornfor/rename-host-to-listen-address 
Rename NixOS option names: 'host' to 'listenAddress'
 2016-01-05 12:54:15 +01:00
Peter Simons
94e6323de0 Merge pull request #12015 from mayflower/wpa_supplicant-service 
Basic Declaritive Network Configuration in wpa_supplicant Service
 2016-01-05 10:53:13 +01:00
Wei-Ming Yang
bd035405f4 ostinato: add ostinato in NixOS services 2016-01-04 14:29:02 +08:00
Vladimír Čunát
f9f6f41bff Merge branch 'master' into closure-size 
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
 2015-12-31 09:53:02 +01:00
Domen Kožar
f41603d8a6 Merge pull request #11940 from jgillich/dnsmasq-leases 
dnsmasq: create state dir for dhcp leases file
 2015-12-30 16:50:14 +01:00
Robin Gloster
4bf7afc78e wpa_supplicant module: remove preStart hack 
If the config file is managed imperatively we shouldn't touch it.
 2015-12-29 18:49:39 +00:00
Robin Gloster
56a53ff458 wpa_supplicant module: add networks option 2015-12-29 18:49:39 +00:00
Robin Gloster
9dceabc95d wpa_supplicant module: refactor 2015-12-29 18:49:39 +00:00
Robin Gloster
57210ce1c1 wpa_supplicant module: remove obsolete option 
networking.WLANInterface has been obsolete for years
 2015-12-29 18:49:38 +00:00
Domen Kožar
fe9a7c6d5b Merge pull request #11956 from zimbatm/nm-openvpn-uid-gid 
networkmanager: set uid/gid for the networkmanager openvpn agent
 2015-12-27 11:02:55 +01:00
Jakob Gillich
ae4a7f9351 hostapd: rename extraCfg -> extraConfig, added asserts 2015-12-26 11:37:00 +01:00
Jakob Gillich
a193ea3700 dnsmasq: create state dir for dhcp leases file 
ref #11718
 2015-12-24 22:36:19 +01:00
Bjørn Forsman
46924e77a2 nixos/sslh: rename 'host' to 'listenAddress' 
More descriptive option name.
 2015-12-24 00:23:51 +01:00
Bjørn Forsman
6c2fc3a5ac nixos/shout: rename 'host' to 'listenAddress' 
More descriptive option name.
 2015-12-24 00:22:47 +01:00
Kevin Cox
3acf8132c3 murmur: sslCa and extraConfig options, fixes #11419 2015-12-22 01:28:39 +01:00
Thomas Strobel
cdd7310a50 nixos avahi-daemon: add new option declarations 
Add new option declarations to control what information is published
by the avahi daemon. The default values are chosen to respect the
privacy of the user over the connectivity of the system.
 2015-12-21 18:20:35 +01:00
Jakob Gillich
0f1de2ea9f miniupnpd: firewall config 2015-12-13 16:44:58 +01:00
Franz Pletz
6734127545 shairport-sync service: add module 
Adds a new service module for shairport-sync. Tested with a local
and remote pulseaudio server. Needs to be run as a user in the pulse group
to access pulseaudio.
 2015-12-12 20:30:47 +01:00
Luca Bruno
5b0352a6a4 Merge branch 'master' into closure-size 2015-12-11 18:31:00 +01:00
Arseniy Seroka
bc8d08a511 Merge pull request #11548 from jgillich/upnpd 
miniupnpd: add service
 2015-12-10 23:32:51 +03:00
Jakob Gillich
29871ee2dd miniupnpd: add service 2015-12-09 00:28:41 +01:00
zimbatm
c515be4651 networkmanager: set uid/gid for the networkmanager openvpn agent 
Fixes #11317
 2015-12-08 16:47:56 +00:00
Jakob Gillich
80720501cb ddclient: fix ssl option 2015-12-08 11:11:14 +01:00
Markus Wotringer
9a350d5f1e cntlm: refactor to systemd service, fixes #11339 2015-12-07 15:40:43 +01:00
Jakob Gillich
6c9931c556 shout: fix preStart, fixes #11516 
preStart must be a string
 2015-12-07 15:24:29 +01:00
Tobias Geerinckx-Rice
214a9537c8 hostapd service: improve option descriptions 2015-12-05 23:42:56 +01:00
Christoph Hrdinka
e2720bfb70 nsd service: use mkEnableOption 2015-12-04 16:13:02 +01:00
Bas van Dijk
db43a79f10 strongswan service: use config.system.sbin.modprobe instead of kmod 
Fixes: #8343
 2015-11-30 01:50:57 +01:00
Luca Bruno
920b1d3591 Merge branch 'master' into closure-size 2015-11-29 16:50:26 +01:00
lethalman
072aa5000f Merge pull request #11329 from ctheune/submit/pkg-syncthing-update-0.12.4 
syncthing: 0.11 -> 0.12
 2015-11-29 15:51:00 +01:00
Christian Theune
f6627a9402 syncthing: 0.11 -> 0.12 
Also, keep 0.11 around (in an updated version) and make the
pkg an option to the service module.
 2015-11-28 20:17:49 +01:00
goibhniu
cc63832981 Merge pull request #8758 from fpletz/package/chrony 
chrony: 2.1.1 -> 2.2 & service improvements
 2015-11-26 13:22:33 +01:00
Luca Bruno
a412927924 Merge remote-tracking branch 'origin/master' into closure-size 2015-11-25 21:37:30 +01:00
Edward Tjörnhammar
bfcde5cc38 i2pd: patch to enable tunnelcfg usage 
nixos: i2pd service, use tunnelscfg to pass nix tunnel specifications
 2015-11-22 20:35:59 +01:00
Vladimír Čunát
333d69a5f0 Merge staging into closure-size 
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
 2015-11-20 14:32:58 +01:00
William A. Kennington III
6602f49495 Revert "Revert "Merge pull request #9543 from NixOS/staging.post-15.06"" 
This reverts commit 741bf840da.

This reverts the fallout from reverting the major changes.
 2015-11-14 12:32:51 -08:00
William A. Kennington III
9579c9ec7f Merge commit 'cb21b77' into master.upstream 
This is a partial merge of staging for builds which are working
 2015-11-13 15:53:10 -08:00
Robbin C
c75d1e761a Change argument --port to --listen in nix-serve.nix 2015-11-13 21:25:50 +08:00
Pascal Wittmann
14ecf0c7fb services.tlsdated: use google.com as default host 
www.ptb.de returns incorrect dates.
 2015-11-11 12:07:08 +01:00
Tomasz Kontusz
6681c66db8 networkmanager service: add unmanaged option 2015-11-10 12:20:55 +01:00
Alexei Robyn
91fe21c854 quassel service: Support multiple listen addresses, fixes #10924 2015-11-10 11:10:21 +01:00
William A. Kennington III
a26c8e9b83 Merge branch 'master.upstream' into staging.upstream 2015-11-07 15:51:51 -08:00
Domen Kožar
07405ee187 Merge pull request #9463 from khumba/nm-connection-sharing 
Fix NetworkManager connection sharing
 2015-11-06 11:16:50 +01:00
Domen Kožar
e695b245a9 Merge pull request #9805 from Mathnerd314/quassel-fix 
quassel: Start after its databases
 2015-11-06 11:14:54 +01:00
Franz Pletz
d89f269b26 chrony service: Members of group chrony can use chronyc 2015-11-03 15:07:18 +01:00
Franz Pletz
c459e269eb chrony service: Integration with other ntp daemons 2015-11-03 15:07:18 +01:00
Tim Jäger
4591e72917 Fixed wrong documentation for Wake-On-LAN feature 2015-10-31 12:55:34 +01:00
William A. Kennington III
dd2de66d61 Merge branch 'master.upstream' into staging.upstream 2015-10-30 17:16:07 -07:00
Domen Kožar
01b0355140 nm-openvpn: add user/group, closes #10689 
(cherry picked from commit 551dad3ffd055d5df5de6878a74432d85ecbd114)
Signed-off-by: Domen Kožar <domen@dev.si>
 2015-10-29 09:59:08 +01:00
Peter Simons
84903a4846 nixos: use "example.net" host name in autossh documentation 2015-10-28 20:04:36 +01:00
Peter Simons
b8dd60aaa6 nixos: remove redundant services.autossh.enable option 
The service is enabled automatically when 'session' is non-empty.
 2015-10-28 19:50:06 +01:00
Peter Simons
be1fa3c9da Merge pull request #10650 from grwlf/autossh-nixos 
autossh.nix: AutoSSH service as a NixOS module
 2015-10-28 11:31:51 +01:00
Sergey Mironov
d355ed81cb autossh.nix: add the module, which run autossh sessions as systemd services 2015-10-28 00:23:13 +03:00
Domen Kožar
6fb7b9b664 networkmanager: don't check if subject is active (false in my X session) 
(cherry picked from commit 4c2bbb248cf22ad3c3541ba7d38bbc3abb40c706)
Signed-off-by: Domen Kožar <domen@dev.si>
 2015-10-23 20:16:49 +02:00
Vladimír Čunát
4917a4f8b3 Merge master into staging 2015-10-23 01:57:14 +02:00
Hajo Möller
de9e05153d service.asterisk: fix dir creation 2015-10-19 19:05:23 +02:00
William A. Kennington III
8a44a36ca4 Merge branch 'master.upstream' into staging.upstream 2015-10-15 10:22:28 -07:00
Tobias Geerinckx-Rice
a65cf63f55 copy-com service: order after network-online.target 
I doubt that ordering non-sysvinit services after network.target ever
makes sense. In this case, CopyConsole requires DNS lookups and fails
if these are not yet possible.
 2015-10-13 21:02:01 +02:00
Vladimír Čunát
12487536d2 libgpgerror: split dev and info outputs 2015-10-13 20:19:00 +02:00
Vladimír Čunát
99e4371526 curl: split into multiple outputs 
Also use pkgconfig to be safer and fix (some) referrers.
 2015-10-13 20:18:48 +02:00
Thomas Strobel
c6b2365e9a supplicant module: extended module for wpa_supplicant 
Add new configuration options for wpa_supplicant and allow to
configure and start one wpa_supplicant per device.
 2015-10-06 20:12:40 +02:00
Eelco Dolstra
741bf840da Revert "Merge pull request #9543 from NixOS/staging.post-15.06" 
This reverts commit f61176c539, reversing
changes made to a27ca029ee.

Conflicts:
	pkgs/development/libraries/ncurses/default.nix
 2015-10-06 15:24:20 +02:00
Vladimír Čunát
f361938b21 Merge staging into closure-size 
This makes gcc5 the default builder, etc.
 2015-10-03 15:23:13 +02:00
Vladimír Čunát
5227fb1dd5 Merge commit staging+systemd into closure-size 
Many non-conflict problems weren't (fully) resolved in this commit yet.
 2015-10-03 13:33:37 +02:00
lethalman
0474cb3c6d Merge pull request #10078 from nmikhailov/nm_service 
Enable setting extended NetworkManager hooks
 2015-10-02 11:45:28 +02:00
Peter Simons
4578784820 nixos: add services.bind.extraConfig option 
This option allows users to add arbitrary configuration statements into
the generated named.conf file.
 2015-09-29 11:51:40 +02:00
ts468
6d5a742c2e Merge pull request #10000 from ts468/upstream.vswitch 
nixos networking: add vswitch option
 2015-09-29 00:52:58 +02:00
Nikita Mikhailov
89b306a7ff Enable setting extended NetworkManager hooks 2015-09-26 23:59:31 +06:00
Matej Cotman
ee7e17c6a7 Merge pull request #9984 from grwlf/syncthing 
syncthing: update systemd service config according to upstream example
 2015-09-26 18:38:20 +02:00
Thomas Strobel
59bc47c9ed nixos networking: add vswitch option 
Add a configuration option for Open vSwitch that is
similar to the option for the Linux kernel ethernet
bridge.
 2015-09-25 11:55:27 +02:00
Eelco Dolstra
89e983786a Manual: Remove store path references 2015-09-24 11:50:58 +02:00
Sergey Mironov
9f191abad1 syncthing: update systemd service config according to upstream example 
The example service config were taken from the syncthing repo:
https://github.com/syncthing/syncthing/blob/master/etc/linux-systemd/system/syncthing@.service
 2015-09-21 21:17:38 +00:00
lethalman
d6fd3c4270 Merge pull request #9317 from dfoxfranke/oidentd-ipv6 
oidentd: listen on IPv6
 2015-09-18 15:20:02 +02:00
Eric Sagnes
095bf185ec connman: improved configuration support 2015-09-12 23:31:50 +09:00
Mathnerd314
91e6a8e5a2 quassel: Start after its databases 2015-09-11 15:42:35 -06:00
Thomas Strobel
684cd17ff5 dnschain nixos module: init 2015-09-10 18:11:40 +02:00
Thomas Strobel
8db7c14e56 namecoind nixos module: security enhancements 2015-09-10 18:11:40 +02:00
Luca Bruno
f4b7be4f04 nixos ntpd: allow passing extra flags 2015-09-10 10:58:13 +02:00
Peter Simons
64eb5527ba nixos: remove the obsolete 'services.openvpn.enable' option 
OpenVPN is enabled implicitly when configuring 'services.openvpn.servers', so the
"enable" option is meaningless since b2910df04e.

Closes https://github.com/NixOS/nixpkgs/issues/9764.
 2015-09-10 10:38:38 +02:00
Arseniy Seroka
90a7bb69d0 Merge pull request #9711 from anderspapitto/bitlbee 
plugin support for bitlbee, and facebook plugin
 2015-09-09 03:03:53 +03:00
Anders Papitto
78f7a09e3a bitlbee service: enable plugins 2015-09-08 14:24:50 -07:00
Thomas Strobel
cb4bea5f97 namecoind nixos module: fix environment variable 2015-09-08 22:37:10 +02:00
Thomas Strobel
b6fb760484 namecoind nixos module: init 2015-09-08 20:17:52 +02:00
Thomas Strobel
5e21271af0 dnsmasq nixos module: fix path in systemd service 2015-09-08 19:33:01 +02:00
Bryan Gardiner
f4de446573
NetworkManager: fix dnsmasq interaction for ad-hoc networks 
Fixes #7593 (NM can't find the dnsmasq binary); the NM expression is missing
dnsmasq in its buildInputs, so configure can't find it.

Also creates /var/lib/misc which dnsmasq expects to exist, because it puts
dnsmasq.leases there.
 2015-09-07 14:04:32 -07:00
Enrico Fasoli
44788bb2ce fixed syncthing service to work as expected 2015-09-02 18:14:21 +02:00
Eelco Dolstra
14321ae243 Rename users.extraUsers -> users.users, users.extraGroup -> users.groups 
The "extra" part hasn't made sense for years.
 2015-09-02 17:34:23 +02:00
Daniel Fox Franke
fc96dbb1a2 oidentd: listen on IPv6 2015-08-30 10:53:08 -04:00
Eelco Dolstra
287c08d8a3 Rename services.openssh.knownHosts -> programs.ssh.knownHosts 
This option configures the SSH client, not the server.
 2015-08-27 15:32:46 +02:00
lethalman
a45a0911d4 Merge pull request #9376 from rick68/softether 
softether: support SoftEther VPN 4.18
 2015-08-26 10:45:46 +02:00
Charles Strahan
648973d641 nixos: rename service 'ubuntu-fan' as 'fan' 2015-08-22 14:05:35 -04:00
Wei-Ming Yang
efd34824eb softether: support SoftEther VPN 4.18 2015-08-21 13:59:00 +08:00
Eelco Dolstra
401782cb67 Revert "openssh: 6.9p1 -> 7.0p1" 
This reverts commit a8eb2a6a81. OpenSSH
7.0 is causing too many interoperability problems so soon before the
15.08 release.

For instance, it causes NixOps EC2 initial deployments to fail with
"REMOTE HOST IDENTIFICATION HAS CHANGED". This is because the client
knows the server's ssh-dss host key, but this key is no longer
accepted by default. Setting "HostKeyAlgorithms" to "+ssh-dss" does
not work because it causes ssh-dss to be ordered after
"ecdsa-sha2-nistp521", which the server also offers. (Normally, ssh
prioritizes host key algorithms for which the client has a known host
key, but not if you set HostKeyAlgorithms.)
 2015-08-20 14:08:18 +02:00
Jaka Hudoklin
40582b68f4 Merge pull request #9354 from offlinehacker/nixos/skydns/fixdns 
skydns service: fix skydns nameservers env option
 2015-08-20 02:26:33 +02:00
Jaka Hudoklin
ed356eefa6 skydns service: fix skydns nameservers env option 2015-08-19 23:54:54 +02:00
Jaka Hudoklin
c171cfabed nixos/racoon: create /var/racoon upon start 2015-08-19 23:38:44 +02:00
Eelco Dolstra
1f2eef5ae9 openssh: Re-enable DSA client keys 
This was broken by a8eb2a6a81.
 2015-08-18 13:11:45 +02:00
Charles Strahan
c1ee8fefd4 nixos: add support for Ubuntu Fan Networking 
This provides support for Ubuntu Fan Networking [1].

This includes:

* The fanctl package, and a corresponding NixOS service.
* iproute patches.
* kernel patches.

closes #9188

1: https://wiki.ubuntu.com/FanNetworking
 2015-08-13 14:27:14 -04:00
Joachim Fasting
2c5775b141 i2p service: use mkEnableOption 2015-08-09 02:29:35 +02:00
lethalman
076e90c67a Merge pull request #9150 from tomberek/gateone_setup 
gateone: Fix startup
 2015-08-08 15:35:08 +02:00
Thomas Bereknyei
6b280b648f kippo: fix check for pidPath 2015-08-07 01:01:22 -04:00
Thomas Bereknyei
825b8403a2 Check for pidDir and create 2015-08-07 00:43:29 -04:00
Anders Papitto
4f7819b89c dnsmasq restarts if /etc/hosts file is changed by nixos-rebuild 2015-08-05 03:36:19 -07:00
Thomas Bereknyei
cb6dc71599 GateOne: init at 1.2 2015-08-03 11:01:05 -04:00
Benjamin Staffin
ad4c957163 shout service: New module. 2015-08-01 03:36:45 -07:00
Thomas Tuegel
e5a93ab201 Revert "nixos/quassel: Temporarily switch back to qt4 since qt5 tls in quassel is broken" 
This reverts commit c61d048427.
 2015-07-30 21:24:11 -05:00
Eelco Dolstra
a5b83c3573 sshd: Use RSA and ED25519 host keys 
Closes #7939.
 2015-07-27 20:30:10 +02:00
William A. Kennington III
abc7c1b013 nixos/firewall: Add the ability to specify additional packages for extraCommands 2015-07-26 16:33:03 -07:00
Eelco Dolstra
f64589b2ef firewall: Don't depend on ipset 
NixOS doesn't use it, so no reason to include it.
 2015-07-26 22:45:39 +02:00
Tobias Geerinckx-Rice
078ee4ac55 copy-com: 1.47.0410 -> 3.2.01.0481 + several fixes 
The graphical UI (the largest part of this package) never worked; fixed.

Added myself as a maintainer.
 2015-07-25 04:39:02 +02:00
lethalman
636f9ac0ed Merge pull request #8799 from ryantm/master 
heyefi service: init
 2015-07-24 10:11:26 +02:00
tv
1306c11b94 bitlbee service: fix typo 2015-07-16 02:43:27 +02:00
Ryan Mulligan
9d485d9433 heyefi service: make uploadDir path more generic and a string 2015-07-14 06:56:30 -07:00
Ryan Mulligan
d11edff860 heyefi service: use mkEnableOption 2015-07-14 06:54:51 -07:00
Ryan Mulligan
d6cee31b04 heyefi service: init 2015-07-14 06:42:02 -07:00
Eelco Dolstra
7b38cb699d services.openssh.knownHosts.*.publicKey: Update description and add example 
Note that it's no longer allowed to have multiple public keys
separated by a newline.
 2015-07-13 16:21:57 +02:00
tv
baab714b2e charybdis service: fix preStart script 2015-07-13 15:11:18 +02:00
Leroy Hopson
2e49828d9c firefox sync-server service: make path to paster executable absolute 
The systemd service was ignoring ExecStart because the path to the
paster executable was not absolute. Because ExecStart was ignored, the
service would not start.
 2015-07-12 20:43:52 +12:00
James Cook
a456168e5b Merge pull request #6702 from joachifm/dnscrypt-proxy 
nixos: some improvements for dnscrypt-proxy
 2015-07-12 00:17:46 -07:00
Pascal Wittmann
1e4483b1ec nixos/bitlbee: fixed protocols option 2015-07-08 19:30:20 +02:00
Pascal Wittmann
c0de3b306b nixos/bitlbee: add hostname, config dir and protocols options 2015-07-08 19:14:36 +02:00
Arseniy Seroka
7e7371fe3c Merge pull request #8639 from sjmackenzie/zerotierone 
zerotier-one: service add
 2015-07-08 02:15:14 +03:00
Stewart Mackenzie
5297371b95 zerotier-one: service add 2015-07-07 07:11:44 +08:00
William A. Kennington III
c61d048427 nixos/quassel: Temporarily switch back to qt4 since qt5 tls in quassel is broken 2015-07-05 16:53:42 -07:00
Arseniy Seroka
093a8994f9 Merge pull request #8624 from ambrop72/minidlna-update 
minidlna 1.1.4
 2015-07-04 13:59:32 +03:00
Pascal Wittmann
2fd9d56f51 nixos/skydns: fixed reference to skydns 2015-07-04 09:43:28 +02:00
Ambroz Bizjak
42a5ad5c5e minidlna: 1.0.25 -> 1.1.4 
Changes:
- gettext is needed to build
- Switched to using non-legacy ffmpeg.
- Removed ffmpeg stuff from include path since it causes build errors related to
a time.h header.
- Removed unneeded patch.
- Adjusted NixOS service due to the binary being renamed.
 2015-07-04 09:16:28 +02:00
Simon Vandel Sillesen
9dab1a840c tvheadend: init at 4.0.4 2015-06-24 13:22:09 +00:00
William A. Kennington III
6532863ac4 unifi: 3.2.10 -> 4.6.3 2015-06-23 10:09:44 -07:00
Arseniy Seroka
cf44a27fc4 fix argument in mkEnableOption 2015-06-21 18:21:21 +03:00
William A. Kennington III
295846a254 nixos/nix-serve: Run as a separate user and add a signing key parameter 2015-06-17 19:10:39 -07:00
Eelco Dolstra
6e6a96d42c Some more type cleanup 2015-06-15 18:18:46 +02:00
Eelco Dolstra
19ffa212af types.uniq types.int -> types.int 
types.int already implies uniqueness.
 2015-06-15 18:11:32 +02:00
Eelco Dolstra
c738b309ee types.uniq types.bool -> types.bool 2015-06-15 18:10:26 +02:00
Eelco Dolstra
9366af1b94 "types.uniq types.string" -> "types.str" 2015-06-15 18:08:49 +02:00
Joachim Fasting
ffc6275e55 dnscrypt-proxy service: support custom providers 
The primary use-case is private DNSCrypt providers.

Also rename the `port` option to differentiate it from the
`customResolver.port` option.
 2015-06-12 15:12:33 +02:00
Joachim Fasting
8131065b63 dnscrypt-proxy service: use mkEnableOption 2015-06-12 15:12:33 +02:00
Joachim Fasting
2e8bc2bd5c nixos: cosmetic improvements to dnscrypt-proxy service module 
Remove superflous whitespace & comments
 2015-06-12 15:12:33 +02:00
Joachim Fasting
a88a6bc676 nixos: additional hardening for dnscrypt-proxy 
- Run as unprivileged user/group via systemd, obviating the need to
  specify capabilities, etc.
- Run with private tmp and minimal device name space
 2015-06-12 15:12:33 +02:00
Joachim Fasting
823bb5dd4d nixos: implement socket-activation for dnscrypt-proxy 
The socket definition is derived from upstream with the
exception that it does not depend on network.target, as
this creates a cycle between basic.target and sockets.target.

The apparmor profile has been updated to account for additional
runtime dependencies introduced by enabling systemd support.
 2015-06-12 15:12:33 +02:00
Joachim Fasting
dfe20de782 nixos: permit dnscrypt-proxy service to read basic user/group info 
If nscd is not running, dnscrypt-proxy crashes without read access
to /etc/{password,group,nsswitch.conf}.
 2015-06-12 15:12:30 +02:00
William A. Kennington III
b79a5e812a nixos/quassel: Use qt5 instead of qt4 
This really speeds up building quassel daemon since qt5 can be built in
parallel while qt4 cannot.
 2015-06-08 15:37:34 -07:00
Jaka Hudoklin
c9da002a07 nixos/consul: fix consul alerts enable 2015-06-08 13:41:43 +02:00
Jaka Hudoklin
23504e5bf2 Add skydns module 2015-06-08 13:36:05 +02:00
Timofey Lagutin
714377f8dc bittorrentsync: fix storage_path. 
If this path is a symlink, btsync won't be able to read it if it's not ending with "/".

As seen in f02d4ec9ed
Broken in 0539ed4771
 2015-06-05 18:39:01 +03:00
Mateusz Kowalczyk
1113efec5e Merge pull request #7559 from offlinehacker/openvswitch/ipsec 
openvswitch: ipsec support
 2015-05-26 11:26:02 +01:00
Mateusz Kowalczyk
a35e1ddfb2 Merge pull request #7566 from offlinehacker/nixos/node-docker-registry/module 
nixos: add node docker registry server
 2015-05-26 11:07:22 +01:00
lethalman
aff1c293ef Merge pull request #7998 from dezgeg/pr-ddclient-ssl 
ddclient: Set SSL_CERT_FILE environment variable
 2015-05-26 10:25:47 +02:00
Tuomas Tynkkynen
2966068968 ddclient: Set SSL_CERT_FILE environment variable 
Otherwise connection to SSL hosts fails like this:

May 26 06:44:05 kbuilder ddclient[17084]: WARNING:  cannot connect to dynamicdns.park-your-domain.com:443 socket:
    IO::Socket::IP configuration failed SSL connect attempt failed with unknown error
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
 2015-05-26 06:45:25 +03:00
Peter Simons
50fa9d8eea Merge pull request #7941 from peti/allow-custom-ssh-moduli-file 
nixos: add config.services.openssh.moduliFile option so that users can replace the default file from OpenSSH
 2015-05-22 20:51:42 +02:00
Peter Simons
86d299bc6e nixos: add config.services.openssh.moduliFile option so that users can replace the default file from OpenSSH 
The man page for ssh-keygen(1) has a section "MODULI GENERATION" that describes
how to generate your own moduli file. The following script might also be helpful:

 | #! /usr/bin/env bash
 |
 | moduliFiles=()
 |
 | generateModuli()
 | {
 |   ssh-keygen -G "moduli-$1.candidates" -b "$1"
 |   ssh-keygen -T "moduli-$1" -f "moduli-$1.candidates"
 |   rm "moduli-$1.candidates"
 | }
 |
 | for (( i=0 ; i <= 16 ; ++i )); do
 |   let bitSize="2048 + i * 128"
 |   generateModuli "$bitSize" &
 |   moduliFiles+=( "moduli-$bitSize" )
 | done
 | wait
 |
 | echo >moduli "# Time Type Tests Tries Size Generator Modulus"
 | cat >>moduli "${moduliFiles[@]}"
 | rm "${moduliFiles[@]}"

Note that generating moduli takes a long time, i.e. several hours on a fast
machine!

This patch resolves https://github.com/NixOS/nixpkgs/pull/5870.
 2015-05-22 16:28:45 +02:00
William A. Kennington III
31a273cb14 nixos/tinc: users are system users 2015-05-21 20:11:13 -07:00
William A. Kennington III
4ed8cdc3d4 nixos/bird: Fix doc compilation 2015-05-20 18:53:54 -07:00
lassulus
9d07c54fa1 nixos: add bird module 
patch bird to look in /var/run for birc.ctl
 2015-05-19 15:42:24 +02:00
Arseniy Seroka
946e7dca61 Merge pull request #7842 from dezgeg/pr-nix-serve 
nix-serve: Add nixos module
 2015-05-14 22:44:43 +03:00
Tuomas Tynkkynen
fd8cb1ff2d nix-serve: Add nixos module 
This allows sharing the Nix store of the machine as a binary cache
simply by setting 'services.nix-serve.enable = true'.
 2015-05-14 12:27:28 +03:00
Eelco Dolstra
fc8011ad8d Ensure that nscd, sshd are created as system users 
c0f70b4694 removed the fixed uid
assignment, but then it becomes necessary to set isSystemUser.

http://hydra.nixos.org/build/22182588
 2015-05-13 16:23:36 +02:00
William A. Kennington III
2806491cc4 nixos/consul: Add shell for health checks 2015-05-11 17:44:07 -07:00
William A. Kennington III
b6e26aa8df nixos/consul: Support a config directory for health checks 2015-05-11 16:45:04 -07:00
William A. Kennington III
1938dc9b54 nixos/consul: Remove the joinNodes and joinRetries options as they are now built in consul options 2015-05-11 16:27:53 -07:00
Arseniy Seroka
c0727fb751 Merge pull request #7788 from Lassulus/charybdis 
add charybdis nixos module
 2015-05-11 12:57:58 +03:00
lassulus
304cab2b46 add charybdis nixos module 2015-05-11 11:38:53 +02:00
William A. Kennington III
074c4a7f78 Merge remote-tracking branch 'upstream/master' into staging 2015-05-07 01:44:49 -07:00
Vladimír Čunát
3b9ef2c71b fix "libc}/lib" and similar references 
Done mostly without any verification.
I didn't bother with libc}/include, as the path is still correct.
 2015-05-05 11:52:08 +02:00
Stephen Weinberg
a6ebccfbb8 Sane default configuration for sabnzbd module 
Added option to set user. Use unpriviledged user by default. Add sane
default for configuration location.
 2015-05-05 00:18:22 -04:00
Vladimír Čunát
30f31c9afc Merge 'master' into staging 
(relatively simple conflicts)
 2015-04-26 22:52:08 +02:00
Jaka Hudoklin
ff095f5002 nixos: add node docker registry server 2015-04-25 16:16:34 +02:00
Emery Hemingway
34f1c39fe0 nixos: fix cjdns json config 
filter extraneous attributes from config modules
 2015-04-25 09:40:44 -04:00
Jaka Hudoklin
b5114de4ac nixos: add racoon ipsec IKE deamon 2015-04-25 15:31:27 +02:00
Luca Bruno
db3b86560f GNOME 3.16.1, closes #7357 2015-04-25 12:02:33 +02:00
Edward Tjörnhammar
4ea47155af Merge pull request #7498 from k0ral/sslh 
sslh: argument to -F can no longer be separated from the option by a space
 2015-04-23 21:35:46 +02:00
Oliver Matthews
a498b28322 wait for filesystem before starting btsync; bump to latest package version 2015-04-23 13:09:34 +00:00
koral
88ce17b6e1 sslh: argument to -F can no longer be separated from the option by a space 2015-04-21 16:29:25 +00:00
Nicolas B. Pierron
7585d42d2b Fix #7354 - Accept _module attributes added to every submodule. 2015-04-20 23:58:32 +02:00
Nikolay Amiantov
0f5d5f9d12 lambdabot: add named pipe for incoming commands 2015-04-20 18:56:48 +03:00
Eelco Dolstra
c0f70b4694 Remove fixed uids for nscd, sshd 
These services don't create files on disk, let alone on a network
filesystem, so they don't really need a fixed uid. And this also gets
rid of a warning coming from <= 14.12 systems.
 2015-04-19 22:06:45 +02:00
Tobias Geerinckx-Rice
1f513c21f9 Merge pull request #7461 from dezgeg/pr-ddclient-unit-type 
ddclient: Fix capitalization of systemd unit keys
 2015-04-19 15:27:21 +02:00
Tuomas Tynkkynen
e7843efe12 ddclient: Fix incorrectly capitalized systemd unit key 
This avoids the following warning:

Apr 19 10:53:48 xen systemd[1]: [/nix/store/...-unit-ddclient.service/ddclient.service:19] Unknown lvalue 'type' in section 'Service'

As `Type=simple` is the default in systemd, the assignment to the
service type can be simply dropped.
 2015-04-19 15:58:34 +03:00
Jonathan Glines
cdb174c18d Added NixOS module for Asterisk server 2015-04-16 17:41:37 -06:00
Eelco Dolstra
a0f69df10e dnsmasq: Add some types 2015-04-16 19:13:26 +02:00
Nikolay Amiantov
1d6723c085 lambdabot: add nixos service 2015-04-16 13:33:40 +03:00
Joel Moberg
5b075eb400 i2p: add nixos service 2015-04-15 12:52:06 +02:00
Nicolas B. Pierron
3eef61a6eb NixOS Manual: Do not use unfree packages as default value. 2015-04-08 23:14:19 +02:00
Arseniy Seroka
e52e160190 Merge pull request #7215 from cwoac/btsync2 
Add support for btsync 2.x branch
 2015-04-06 18:50:05 +03:00
Oliver Matthews
0539ed4771 Add support for btsync 2.x branch 2015-04-06 15:31:40 +00:00
William A. Kennington III
b3c423757e nixos/rdnssd: Major refactoring 
This updates rdnssd to the following:
* Using the systemd interfaces directly
* Using the rdnssd user instead of the root user
* Integrating with resolvconf instead of writing directly to /etc/resolv.conf
 2015-04-04 21:20:07 -07:00
Nikolay Amiantov
16f047a60f nixos/networkmanager: support l2tp 2015-03-29 13:09:02 +03:00
Jan Malakhovski
5c6d86540b nixos: use types.enum instead of ad-hoc check in sshd service 2015-03-26 12:43:42 +00:00
Arseniy Seroka
ff22e19fc4 Merge pull request #6893 from hrdinka/nsd-config-options 
nsd: Fix automatic config options
 2015-03-23 13:19:29 +03:00
Edward Tjörnhammar
664592561d nixos: added aiccu service 2015-03-20 22:01:35 +01:00
Christoph Hrdinka
d3a2edb8ce nsd: Fix automatic config options 2015-03-19 12:10:55 +01:00
Christoph Hrdinka
6db8155e37 nsd: Update from 4.1.0 -> 4.1.1 2015-03-18 21:01:35 +01:00
lethalman
359bc60ec8 Merge pull request #6448 from eduarrrd/ddclient 
ddclient module: fix module
 2015-03-17 12:38:12 +01:00
lethalman
fe79bf34a5 Merge pull request #6512 from bjornfor/nixos-haproxy-cleanup 
nixos/haproxy: remove broken default 'config'
 2015-03-11 16:29:06 +01:00
Eelco Dolstra
d31202fba2 sshd: Enable seccomp sandboxing 2015-03-09 11:27:19 +01:00
Nikita Mikhailov
579159c72b Add dispatcher configuration options to NetworkManager module 2015-03-08 20:24:53 +01:00
William A. Kennington III
9ce0c1cb71 nixos/consul: Fix timeout bugs and json formatting 2015-02-25 15:42:43 -08:00
William A. Kennington III
f27fa79aa9 nixos/dnsmasq: Fix service name typo 2015-02-25 09:22:16 -08:00
Eduard Bachmakov
4bf66ba89c ddclient module: fix module 
* rewrite to systemd.services
* disable forking to give systemd better control
* verifiably run as ddclient user
* expose ssl option
* unset default value for dyndns server
* rename option "web" to "use" to be consistent with ddclient docs
* add descriptions
* add types to options
* clean up formatting
 2015-02-23 22:37:20 -05:00
Eelco Dolstra
b70bd0879b sshd: Generate a ed25519 host key 2015-02-23 17:00:07 +01:00
Bjørn Forsman
ffb4797dd3 nixos/haproxy: remove broken default 'config' 
HAProxy fails to start with the default 'config'. Better disable it and
assert that the user provides a suitable 'config'. (AFAICS, there cannot
really be a default config file for HAProxy.)
 2015-02-22 12:30:14 +01:00
Bjørn Forsman
419a4166a7 nixos/haproxy: small cleanup 
* Add option types
* Rewrite option descriptions
* /var/run/haproxy.pid => /run/haproxy.pid (canonical location)
 2015-02-22 12:29:34 +01:00
aszlig
030895f075
nixos/dhcpcd: Only run resume commands if enabled. 
The networkd implementation sets systemd.services.dhcpcd.enable to
false in nixos/modules/tasks/network-interfaces-systemd.nix. So we need
to respect that in the dhcpcd module.

If we don't, the resumeCommand is set nevertheless, which causes the
post-resume.service to fail after resuming:

Failed to reload dhcpcd.service: Unit dhcpcd.service is masked.
post-resume.service: main process exited, code=exited, status=1/FAILURE
Failed to start Post-Resume Actions.
Dependency failed for Post-Resume Actions.
Unit post-resume.service entered failed state.
post-resume.service failed.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2015-02-22 08:09:04 +01:00
Sou Bunnbu
f8dbd6f9ae Merge pull request #6427 from grwlf/vsftpd-port 
vsftpd.nix: add 'portPromiscuous' option
 2015-02-18 19:18:34 +08:00
Sergey Mironov
ac65a757f0 vsftpd.nix: add 'portPromiscuous' option 2015-02-18 11:51:43 +03:00
Mathijs Kwik
2fe44b95d0 nixos/wpa_supplicant: fix conflicting documentation 
fixes #6298
 2015-02-17 22:16:20 +01:00
James Cook
33550b6efe Merge pull request #5665 from joachifm/dnscrypt-proxy-apparmor-updates 
dnscrypt-proxy service: update AppArmor profile
 2015-02-14 22:02:31 -08:00
lethalman
51a7277fac Merge pull request #6312 from k0ral/sslh 
sslh: added libwrap support + improved nixos module.
 2015-02-13 10:03:48 +01:00
Jaka Hudoklin
a17f5c8c9b nixos/consul: add consul-alerts service 2015-02-12 19:16:50 +01:00
koral
cb153cfca3 sslh: added libwrap support + improved nixos module. 2015-02-12 13:21:36 +01:00
lethalman
93ebaafabe Merge pull request #6170 from k0ral/sslh 
New sslh module
 2015-02-10 11:17:56 +01:00
William A. Kennington III
9792b12e53 nixos/openntpd: Don't start until we have networking 
This attempts to fix an issues where ntp is unable to resolve hostnames
because it came up before local nameservers or networking.
 2015-02-06 14:45:47 -08:00
William A. Kennington III
3e280f2089 nixos/tinc: Fix key generation behavior and use tinc 1.1 by default 2015-02-05 23:37:20 -08:00
koral
1439e72147 New sslh module. 2015-02-05 13:30:39 +01:00
Edward Tjörnhammar
83925c33f6 i2pd: 0.6.0 -> 0.7.0 
nixos: i2pd.service, fix string escaping
 2015-02-05 12:09:59 +01:00
William A. Kennington III
9ddb6c9cc9 nixos/tinc: Add daemon configuration 2015-02-04 18:19:04 -08:00
William A. Kennington III
bae5faa82d nixos/dhcpd: Also try restarting openntpd as it suffers the same dns resolution problem 2015-02-04 17:33:14 -08:00
William A. Kennington III
43d8b1ef3c openntpd: Fixes 2015-02-04 17:30:22 -08:00
William A. Kennington III
a9f1329d2d nixos/openntpd: Add openntpd to the environment for ntpctl 2015-02-04 17:27:03 -08:00
lethalman
49b67bb9cb Merge pull request #6078 from boothead/sabnzbd 
sabnzbd Change service to systemd
 2015-02-03 13:32:59 +01:00
Shea Levy
c45372f038 Merge commit 'cfb29ab882323d379aba20a95020c7c24f883eae' 
Partial staging merge, including cc-wrapper fixes

Conflicts:
	pkgs/applications/audio/spotify/default.nix
	pkgs/build-support/cc-wrapper/default.nix
	pkgs/development/compilers/cryptol/1.8.x.nix
 2015-02-02 21:14:28 -05:00
Bjørn Forsman
ee52a61e3a nixos/tftpd: add option types and fixup descriptions 
The first description is a (incorrect) copy/paste from the 'vsftpd'
module, and the second option lacks a 'dot' at the end.
 2015-02-01 15:57:28 +01:00
Shea Levy
52d4b9d982 Merge branch 'tlsdate' of git://github.com/4z3/nixpkgs 2015-01-30 01:07:59 -05:00
Eelco Dolstra
b61d4ac6a5 ntpd: Fork into the background 
With -n, ntpd will write log messages to both syslog and stderr, which
is ugly.
 2015-01-28 15:34:42 +01:00
Eelco Dolstra
11a0344e13 Merge pull request #5918 from robberer/openntpd 
openntpd: add extraConfig and extraOptions
 2015-01-23 16:43:15 +01:00
Longrin Wischnewski
4fa5d1f626 openntpd: add extraConfig and extraOptions 2015-01-23 16:15:20 +01:00
tv
3fdd925063 nixos: Add tlsdated service 2015-01-21 05:09:47 +01:00
Joachim Fasting
7023e03d77 firewall service: fix pingLimit example value 
The example uses single dashes, whereas iptables requires double dashes.
 2015-01-20 08:47:11 +01:00
Peter Simons
ec6b82a0c2 Merge branch 'master' into staging. 2015-01-19 18:41:17 +01:00
William A. Kennington III
130f66b683 nixos/sync-server: Respect the enable option 2015-01-18 14:21:40 -08:00
Domen Kožar
3b174a4024 Merge pull request #5301 from nbp/syncserver 
Add Firefox Sync service
 2015-01-18 17:47:51 +01:00
Nicolas B. Pierron
8196727fad Improve the documentation of the syncserver module. 2015-01-18 12:21:23 +01:00
Nicolas B. Pierron
0d13ea0131 Change default syncserver listen.port to a safer one. 2015-01-18 12:20:44 +01:00
Eric Seidel
88eae46455 rename occurrences of gcc.gcc to gcc.cc 2015-01-14 20:47:49 -08:00
Edward Tjörnhammar
837cfbb9ea nixos: adding nylon service with uid,gid 2015-01-14 22:08:47 +01:00
Vladimír Čunát
72d2d59cd4 /etc/ssh/ssh_known_hosts: refactor and fix #5612 
Generating the file was refactored to be completely in nix.
Functionally it should create the same content as before,
only adding the newlines.

CC recent updaters: @aszlig, @rickynils.
 2015-01-11 22:14:25 +01:00
Joachim Fasting
97bac259d0 dnscrypt-proxy service: update AppArmor profile 
This patch fixes the AppArmor profile path clause and adds
(currently ignored) network rules.

The AppArmor profile used to be defined for the path sbin/dnscrypt-proxy,
but the real path is bin/dnscrypt-proxy (due to sbin now being a symlink
to bin), which permitted the service to run unconfined.

Adding the network rules has no effect other than improving correctness,
as the version of AppArmor in the NixOS kernel fails to enforce network
rules.
 2015-01-09 15:08:07 +01:00
William A. Kennington III
9a7766e054 nixos/network-interfaces: Add mstpd support for bridges 2015-01-07 14:49:24 -08:00
William A. Kennington III
8627110091 icedtea: Make major version nonspecific attrs 2015-01-02 00:24:49 -08:00
Tobias Geerinckx-Rice
c64257b8e5 Fix user-facing typos (mainly in descriptions) 2014-12-30 03:31:03 +01:00
Domen Kožar
43af22b2de Merge pull request #5487 from luke-clifton/lc-btsync-group 
btsync groups
 2014-12-28 20:25:13 +01:00
Eelco Dolstra
ea9d391bb5 Fix ntpd 
Since the 4.2.8 upgrade, ntpd is broken on NixOS:

  Dec 28 19:06:54 hagbard ntpd[27723]: giving up resolving host 1.nixos.pool.ntp.org: Servname not supported for ai_socktype (-8)

This appears to be because DNS resolution doesn't work in chroots
anymore (due to /etc being missing). So disable chroots for now. It's
probably better to use systemd's containment facilities anyway.
 2014-12-28 19:38:45 +01:00
Vladimír Čunát
61d9f06760 fix a typo from 2627198b0c 2014-12-28 10:44:50 +01:00
Luke Clifton
0c477eb38f Documentation update 2014-12-28 17:26:59 +08:00
Luke Clifton
61ff1b2b0a Moved UMask to correct location 2014-12-28 16:44:27 +08:00
Luke Clifton
5fdd6f6a66 Change umask 2014-12-28 16:39:56 +08:00
William A. Kennington III
2627198b0c nixos/firewall: Add ipset utility 2014-12-28 00:04:49 -08:00
Luke Clifton
5866a9df03 added group 2014-12-28 13:23:10 +08:00
Luke Clifton
fabcc2cf7b Added btsync group to btsync user 2014-12-28 13:17:37 +08:00
Domen Kožar
ec5fcfa82c network-manager: specify full path to sytemctl binary 
(cherry picked from commit af8f76c2568ae9d842716d98673b3639292a920e)
Signed-off-by: Domen Kožar <domen@dev.si>
 2014-12-27 11:53:07 +01:00
Igor Pashev
2b91b9b594 Strongswan: updown script uses ip and iptables utilities 2014-12-22 20:20:52 +00:00
lethalman
d0fdad5f36 Merge pull request #5419 from ehmry/tox-bootstrapd 
tox-bootstrapd
 2014-12-22 11:16:44 +01:00
Emery Hemingway
01910e84f9 nixos: tox-bootstrapd service 2014-12-20 18:20:27 -05:00
William A. Kennington III
681ae2fa7f nixos/consul: Don't timeout if start job has many retries 2014-12-16 15:42:08 -08:00
Nicolas B. Pierron
42c3c205c4 Merge remote-tracking branch 'origin/master' into syncserver 2014-12-14 14:17:56 +01:00
Sebastián Bernardo Galkin
aba0d8a73d Fix networkmanager resumeCommands 
Small typo prevented the post resume script to restart network manager
 2014-12-14 03:46:54 -08:00
Nicolas B. Pierron
1a1fc17957 Firefox Sync Server: Create the private config file as non-world readable. 2014-12-12 22:14:38 +01:00
Nicolas B. Pierron
a0154145d5 Firefox Sync Server: Fix copy&paste issue. 2014-12-12 22:13:03 +01:00
Nicolas B. Pierron
0570a08b83 Merge remote-tracking branch 'origin/master' into syncserver 2014-12-11 23:49:19 +01:00
Nicolas B. Pierron
01886aef22 Add Firefox Sync server module. 2014-12-11 23:48:15 +01:00
Domen Kožar
0ec12d53e6 tcpcrypt: 2011.07.22 -> 0.3rc1, fix nixos service 2014-12-10 10:23:46 +01:00
William A. Kennington III
c17eb7f0e6 nixos/consul: Make service definition more sane 2014-12-09 02:24:36 -08:00
William A. Kennington III
159af942d5 nixos/unifi: Ensure stateDir is mounted before proceeding 2014-12-05 12:12:17 -08:00
William A. Kennington III
8a94c06595 nixos: Add network-pre.target and adjust firewall start ordering 2014-12-01 17:19:44 -08:00
William A. Kennington III
bcfe7b2200 Merge pull request #5043 from wkennington/master.networkd 
nixos/networking: Revamp networking configuration and add an experimental networkd option.
 2014-11-29 19:59:31 -08:00
aszlig
c37611f3e5
nixos: Use vendor zones instead of N.pool.ntp.org. 
Closes #4824, thanks to @abh for processing my stupidity.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-11-28 19:37:03 +01:00
aszlig
2249474632
nixos/sshd: Fix build if knownHosts is empty. 
Introduced by 77ff279f27.

Build failure: https://headcounter.org/hydra/build/583158/nixlog/5/raw

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-11-27 19:03:41 +01:00
Rickard Nilsson
77ff279f27 nixos/services.openssh: Allow knownHost keys to have multiple lines. 
Useful for adding several public keys of different types for the same host.
 2014-11-27 18:40:21 +01:00
Domen Kožar
91bdca38a0 NetworkManager.service -> network-manager.service 2014-11-27 12:10:20 +01:00
William A. Kennington III
1860ee27b0 nixos/networking: Fixes 2014-11-26 16:29:24 -08:00
William A. Kennington III
c417012c1b nixos/dhcpcd: Respect per interface dhcp options 2014-11-26 11:22:03 -08:00
William A. Kennington III
2057d9087f nixos: Support network-online target in addition to ip-up 2014-11-26 11:22:03 -08:00
William A. Kennington III
59f512ef7d nixos/network-interfaces: Provide a networkd implementation 2014-11-26 11:22:02 -08:00
William A. Kennington III
a332c4eac5 systemd: Enable more network services 2014-11-26 11:22:02 -08:00
Eelco Dolstra
dd2dedafa3 Style fixes 2014-11-25 16:01:27 +01:00
Igor Pashev
4c33004e1f Added strongSwan service 2014-11-25 15:29:34 +01:00
William A. Kennington III
f83aa6c0ea nixos/unifi: Properly depend on mountpoints 2014-11-24 12:40:07 -08:00
Arseniy Seroka
fd5566da41 Merge pull request #5080 from joachifm/dnscrypt-refactor 
dnscrypt-proxy: minor superficial improvements
 2014-11-24 15:48:47 +03:00
William A. Kennington III
8309aa04b2 unifi: Actually remove webapps at shutdown 2014-11-24 02:30:04 -08:00
William A. Kennington III
8f0d65e2df unifi: Clean all of webapps at start and stop 2014-11-24 00:22:24 -08:00
William A. Kennington III
3f7b2bc70d unifi: Fix typo 2014-11-24 00:06:42 -08:00
Joachim Fasting
119d93e223 dnscrypt-proxy: minor superficial improvements 
- Use upstream description and explicitly set platforms = all
- Coding conventions fix
 2014-11-22 16:19:06 +01:00
William A. Kennington III
826f5468ab nixos/unifi: Remove old ROOT.war links before relinking 2014-11-14 11:45:38 -08:00
William A. Kennington III
d0e15cc575 Merge pull request #4983 from bosu/fw-stop-fix 
firewall: clear rpfilter on stop
 2014-11-14 00:14:27 -08:00
Boris Sukholitko
53b24d0c95 firewall: clear rpfilter on stop 2014-11-14 09:07:18 +02:00
Moritz Ulrich
e884dc32c5 Add local-fs.target to minidlna. 
Minidlna fails to start if it wants to access a filesystem which isn't
mounted (yet).
 2014-11-12 23:20:47 +01:00
Joachim Fasting
52f0553209 Add dnscrypt-proxy service 
The dnscrypt-proxy service relays regular DNS queries to
a DNSCrypt enabled upstream resolver.
The traffic between the client and the upstream resolver is
encrypted and authenticated, which may mitigate the risk of
MITM attacks and third-party snooping (assuming a trustworthy
upstream).

Though dnscrypt-proxy can run as a standalone DNS client,
the recommended setup is to use it as a forwarder for a
caching DNS client.
To use dnscrypt-proxy as a forwarder for dnsmasq, do

```nix
{
  # ...

  networking.nameservers = [ "127.0.0.1" ];
  networking.dhcpcd.extraConfig = "nohook resolv.conf";

  services.dnscrypt-proxy.enable = true;
  services.dnscrypt-proxy.localAddress = "127.0.0.1";
  services.dnscrypt-proxy.port = 40;

  services.dnsmasq.enable = true;
  services.dnsmasq.extraConfig = ''
    no-resolv
    server=127.0.0.1#40
    listen-address=127.0.0.1
  '';

  # ...
}
```
 2014-11-11 22:47:19 +01:00
Edward Tjörnhammar
c329e5bbd9 i2pd: added package, service 2014-11-09 09:55:35 +01:00
Emery Hemingway
67a2a58314 cjdns: service tweaks, new NixOS test 2014-11-08 23:39:02 +01:00
Aristid Breitkreuz
8b50383c45 Merge pull request #4859 from abbradar/git-daemon 
nixos/git-daemon: fix a bug and add 'user' and 'group' options
 2014-11-08 19:33:24 +01:00
Aristid Breitkreuz
cf4a976ced quassel: make a proper systemd unit (also properly works in containers now) 2014-11-08 14:59:25 +01:00
Nikolay Amiantov
46b866cf63 nixos/git-daemon: fix 'exportAll' option 2014-11-07 15:50:01 +03:00
Nikolay Amiantov
af1d09879b nixos/git-daemon: add 'user' and 'group' options 2014-11-07 15:49:45 +03:00
Nikolay Amiantov
4b2e43865a nixos/git-daemon: add types 2014-11-07 15:49:03 +03:00
William A. Kennington III
ba53392bce nixos/nat: Fix override so that sysctls are properly preserved 2014-10-31 16:50:25 -07:00
Domen Kožar
3b133beb7a Merge pull request #4553 from ehmry/polipo 
drop permission prestart from polipo service module
 2014-10-23 12:51:36 +02:00
Emery Hemingway
a3338abcfe cjdns: add peer hostnames to extraHosts, option for external config 2014-10-21 13:16:04 -04:00
Emery Hemingway
32d6ae7ed9 drop permission prestart from polipo service module 
chowning the cache directory can timeout the service, permissions
on this directory should never change without user intervention
 2014-10-16 10:57:16 -04:00
Joachim Schiele
13298fcbb9 Merge pull request #4535 from flosse/lua-bitop 
lua-packages: added lua-bitop to add websocket support for prosody
 2014-10-15 09:41:32 +02:00
Markus Kohlhase
5308d3284b prosody: added websocket support 2014-10-15 03:57:00 +02:00
Matej Cotman
561d3b3860 seeks: nixos module 2014-10-13 13:10:49 +02:00
Markus Kohlhase
d86c2c30c5 prosody: packaged as a service 
Conflicts:
	nixos/modules/misc/ids.nix
 2014-10-11 18:53:43 +02:00
Shea Levy
f5aaefbb6c More pkgs.lib -> lib fixes 2014-09-29 09:45:59 -04:00
Jaka Hudoklin
ff8f23ab26 Merge pull request #4280 from wkennington/master.consul 
nixos/consul: Add module
 2014-09-27 07:00:39 +02:00
William A. Kennington III
36f9b9c284 nixos/consul: Add module 2014-09-26 03:25:14 -07:00
Matej Cotman
5e18182a30 mailpile: add module 2014-09-26 10:49:09 +02:00
Emery Hemingway
61f0d9b251 cjdns: update from 20140919 20140922 
package installs to .../bin
fix service module to look in .../bin

Closes #4240
 2014-09-23 22:30:53 +01:00
Ben Ford
06818c5cb2 Change service to systemd 2014-09-22 12:09:53 +01:00
Domen Kožar
2247f3a8d3 Merge pull request #4168 from lostdj/ltp/master/btsyncfix 
bittorrentsync: fix storage_path
 2014-09-20 10:53:57 +02:00
lostdj
f02d4ec9ed bittorrentsync: fix storage_path. 
If this path is a symlink, btsync won't be able to read it if it's not ending with "/".
 2014-09-19 18:19:04 +04:00
William A. Kennington III
ae195727b7 nixos/nat: Don't flush tables, create subchains for autogenerated rules 2014-09-18 11:28:58 -07:00
William A. Kennington III
ec9c4143a7 nixos/firewall: Cleanup in case reload fails 2014-09-16 15:51:57 -07:00
William A. Kennington III
1321fd175d nixos/nat: Leverage firewall module 2014-09-15 21:31:27 -07:00
William A. Kennington III
6a43d51291 nixos/firewall: Support extraStopCommands 2014-09-15 21:31:26 -07:00
William A. Kennington III
fd7b9b4291 nixos/firewall: Don't allow traffic during reload 2014-09-15 20:40:16 -07:00
Jaka Hudoklin
f7ba3d833f nixos/znc: fix module, createUser option does not exist anymore 2014-09-13 02:20:32 +02:00
William A. Kennington III
bab5efd237 nixos/ssh: Allow user to configure the package that provides ssh/sshd 2014-09-11 22:07:39 -07:00
Aristid Breitkreuz
c3fe942a57 start dhcpcd after network-interfaces 2014-09-06 13:52:09 +02:00
aszlig
e8c4fde22d
nixos/nsd: Improve support for journald/systemd. 
Don't fork into the background and just log to stderr.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-09-05 02:54:39 +02:00
aszlig
6386df1645
nixos/nsd: Fix indentation/coding style. 
For Nix, we indent using two spaces, but in this module somehow 4 spaces
were snuck in. Other than that, remoteControl and ratelimit are just
nested attribute sets, so we don't need to make another submodule type
for no particular reason.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-09-05 02:54:39 +02:00
Luca Bruno
2ba523df24 nixos nat: add description to forwardPorts 2014-09-04 11:33:08 +02:00
Luca Bruno
e6ab680cbf nixos nat: add type for sourcePort and destination of forwardPorts 2014-09-04 10:26:33 +02:00
Michael Raskin
4155121069 Merge pull request #3926 from lethalman/fwdports 
nixos/nat: add forwardPorts for external->internal DNAT
 2014-09-03 21:54:37 +04:00
Michael Raskin
3e841ef642 Fixing comment case 2014-09-03 20:03:15 +04:00
Michael Raskin
d1ae15b680 Merge pull request #3804 from ehmry/unbound 
unbound: run in chroot
 2014-09-03 11:45:20 +04:00
Nathan Bijnens
33a3f76ee4 Copy.com: client #3617 2014-09-03 11:31:51 +04:00
William A. Kennington III
9659d0f4fb nixos/dnsmasq: Fix regressions during the systemd update 2014-09-02 17:23:55 -07:00
Vladimir Still
13bbce96c3 sshd: Fix typo in assetion. 2014-09-02 10:06:04 +02:00
Vladimir Still
a2394f09c7 sshd: Add note about listening on port 22 to listenAddresses. 2014-09-01 22:56:35 +02:00
Vladimir Still
ac39d839c3 sshd: Add note about firewall and listenAddresses. 2014-09-01 22:56:35 +02:00
Vladimir Still
e12337156c sshd: Allow to specify ListenAddress. 2014-09-01 22:56:35 +02:00
Michael Raskin
a6dfb4dc28 Merge pull request #3241 from ehmry/cjdns 
cjdns declarative configuration
 2014-09-02 00:53:18 +04:00
Luca Bruno
b21ac60290 nixos/nat: add forwardPorts for external->internal DNAT 2014-09-01 22:31:56 +02:00
Luca Bruno
31b7cae018 nixos/znc: fix immutable config. 
Fix references to coreutils echo and rm.
Make config writable even if immutable because of
https://github.com/znc/znc/blob/master/src/znc.cpp#L964 .
 2014-09-01 16:21:12 +02:00
aszlig
29f4642284
nixos: Add new service for OpenNTPd. 
This conflicts with the existing reference NTP daemon, so we're using
services.ntp.enable = mkForce false here to make sure both services
aren't enabled in par.

I was already trying to merge the module with services.ntp, but it would
have been quite a mess with a bunch of conditions on the package name.
They both have a bit in common if it comes to the configuration files,
but differ in handling of the state dir (for example, OpenNTPd doesn't
allow it to be owned by anything other than root).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-09-01 16:07:28 +02:00
Michael Raskin
9e3d1b1a8f Merge pull request #3908 from wkennington/master.ip 
Reapply the multi-ip code
 2014-09-01 10:28:54 +04:00
Jan Malakhovski
8c9b6d932a nixos: add dhcpcd.persistent option 2014-09-01 10:33:48 +04:00