Commit Graph

905 Commits

Author SHA1 Message Date
Luca Bruno
9d5a06cfe7 gnome3: use package names for environment.gnome3.excludePackages 2014-04-14 09:58:03 +02:00
Luca Bruno
87284dd9e9 sushi, telepathy: make enabling the service overridable 2014-04-14 09:58:02 +02:00
Luca Bruno
b4096479fa gnome-user-docs: new package licensed under the new licenses.cc-by-30
User and system administration help for the Gnome

https://help.gnome.org/users/gnome-help/3.10
2014-04-14 09:58:02 +02:00
Luca Bruno
d5b4c3c63e tracker: new package
Desktop-neutral user information store, search tool and indexer

https://wiki.gnome.org/Projects/Tracker
2014-04-14 09:58:02 +02:00
Emery Hemingway
93e9154805 rsync updated 3.0.9 to 3.1.0, rsyncd service module 2014-04-13 23:25:28 -04:00
Bjørn Forsman
6fa1ad04da nixos: extend documentation example for security.setuidOwners
Show that it is possible to set custom permission bits.
2014-04-13 12:31:08 +02:00
Austin Seipp
a3155a0e2a nixos: add a UID for Hydra
Otherwise the Hydra module can't be used when mutableUsers = false;

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 21:20:18 -05:00
Austin Seipp
64efd184ed grsecurity: Fix GRKERNSEC_PROC restrictions
Previously we were setting GRKERNSEC_PROC_USER y, which was a little bit
too strict. It doesn't allow a special group (e.g. the grsecurity group
users) to access /proc information - this requires
GRKERNSEC_PROC_USERGROUP y, and the two are mutually exclusive.

This was also not in line with the default automatic grsecurity
configuration - it actually defaults to USERGROUP (although it has a
default GID of 1001 instead of ours), not USER.

This introduces a new option restrictProcWithGroup - enabled by default
- which turns on GRKERNSEC_PROC_USERGROUP instead. It also turns off
restrictProc by default and makes sure both cannot be enabled.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 11:16:05 -05:00
Austin Seipp
172dc1336f nixos: add grsecurity module (#1875)
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Shea Levy
0122697550 Revert "Merge branch 'postgresql-user' of git://github.com/ocharles/nixpkgs"
Reverting postgres superuser changes until after stable.

This reverts commit 6cc0cc7ff6, reversing
changes made to 3c4be425db.
2014-04-11 19:23:03 -04:00
Shea Levy
9b077bac58 Revert "postgresql: properly fix permissions issue by in postStart"
Reverting postgres superuser changes until after stable.

This reverts commit c66be6378d.
2014-04-11 19:22:43 -04:00
Shea Levy
e9e60103de Revert "Create the 'postgres' superuser"
Reverting postgres superuser changes until after stable.

This reverts commit 7de29bd26f.
2014-04-11 19:22:39 -04:00
Shea Levy
c23050e231 Revert "Use PostgreSQL 9.3's pg_isready to wait for connectivity"
Reverting postgres superuser changes until after stable.

This reverts commit e206684110.
2014-04-11 19:21:50 -04:00
Eelco Dolstra
e2bc9a3d14 Include Archive::Cpio in the installation CD
http://hydra.nixos.org/build/10268978
2014-04-11 17:16:44 +02:00
Eelco Dolstra
13185280fe Fix tests broken due to the firewall being enabled by default 2014-04-11 17:16:44 +02:00
Eelco Dolstra
017408e048 Use iptables' ‘-w’ flag
This prevents errors like "Another app is currently holding the
xtables lock" if the firewall and NAT services are starting in
parallel.  (Longer term, we should probably move to a single service
for managing the iptables rules.)
2014-04-11 17:16:44 +02:00
Eelco Dolstra
b9281e6a2d Fix NAT module 2014-04-11 17:16:44 +02:00
Eelco Dolstra
2da09363bf nix: Update to 1.7 2014-04-11 12:24:48 +02:00
Peter Simons
ad65a1e064 Revert "nixos: fix shell on conatiners"
This reverts commit c69577b7d6.
See https://github.com/NixOS/nixpkgs/pull/2198 for further details.
2014-04-11 12:07:00 +02:00
Eelco Dolstra
d2155649af Merge branch 'containers'
Fixes #2105.
2014-04-10 15:55:51 +02:00
Eelco Dolstra
6a7a8a144f Document NixOS containers 2014-04-10 15:07:29 +02:00
Eelco Dolstra
a34bfbab4c Add option networking.nat.internalInterfaces
This allows applying NAT to an interface, rather than an IP range.
2014-04-10 15:07:29 +02:00
Eelco Dolstra
ac8c924c09 nixos-container: Add ‘run’ and ‘root-login’ commands
And remove ‘root-shell’.
2014-04-10 15:07:29 +02:00
Eelco Dolstra
da4f180252 Bring back ‘nixos-container update’ 2014-04-10 15:07:29 +02:00
Eelco Dolstra
3dca6b98cb Fix permissions on /var/lib/startup-done 2014-04-10 15:07:28 +02:00
Peter Simons
26d8f54587 Merge pull request #2198 from offlinehacker/nixos/shadow/login_containers_fix
nixos: fix shell on conatiners
2014-04-10 12:39:19 +02:00
Peter Simons
0e147530ef Merge pull request #2199 from offlinehacker/nixos/ntp/containers_fix
nixos: disable ntp on containers by default
2014-04-10 12:33:35 +02:00
Jaka Hudoklin
0b170187e3 nixos: disable ntp on containers by default 2014-04-10 12:30:03 +02:00
Jaka Hudoklin
c69577b7d6 nixos: fix shell on conatiners 2014-04-10 12:28:09 +02:00
aszlig
5dd14a1059
nixos/phpfpm: Add option to set PHP package.
This allows to easily override the used PHP package, especially for
example if you want to use PHP 5.5 or if you want to override the
derivation.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-04-10 07:52:26 +02:00
Shea Levy
9dcffe951d Merge branch 'cjdns' of git://github.com/ehmry/nixpkgs
cjdns: update to 20130303
2014-04-09 20:34:32 -04:00
Bjørn Forsman
e856584e1a nixos/jenkins-service: fix 'group' option documentation
Both for master and slave.
2014-04-09 21:52:46 +02:00
Emery Hemingway
316e809ff8 cjdns: update to 20130303
build system is now nodejs based
new nixos module to start cjdns
2014-04-09 10:30:57 -04:00
Domen Kožar
e5e27cfd64 Merge pull request #2153 from lethalman/gnome3
accounts-daemon service, fix gnome-shell, add libgnomekbd, musicbrainz5, sushi, gnome-contacts
2014-04-09 15:01:17 +02:00
Luca Bruno
a3115707dd Add environment.gnome3.excludePackages
Give the user a full desktop, and the possibility to exclude
non-base packages from the default list of packages.
2014-04-09 00:36:53 +02:00
Luca Bruno
c56af6102a at-spi2-core: add dbus module, enabled on gnome3 by default 2014-04-09 00:36:53 +02:00
Luca Bruno
8553993887 telepathy-mission-control: add dbus service, enabled by default on gnome3 2014-04-09 00:36:52 +02:00
Luca Bruno
2bc0f7b701 evolution-data-server: fix gsettings schemas and add dbus service 2014-04-09 00:36:51 +02:00
Shea Levy
452a1f9318 Revert "Turn on user-controlled wpa-cli on the livecd"
user-controlled wpa-cli requires explicit interface setting for some
reason

This reverts commit c6797b373f.
2014-04-08 18:26:52 -04:00
Eelco Dolstra
2bb8d963b1 Die tabs die 2014-04-09 00:17:16 +02:00
Eelco Dolstra
e09250d41c Disable allowUnfree by default
Fixes #2134.
2014-04-09 00:09:31 +02:00
Eelco Dolstra
caf98828bb nixos-generate-config: Fix PCI/USB checks
As reported by Kirill Elagin, read_file doesn't chomp its output. So
the equality tests on PCI/USB vendor and device IDs were failing.
2014-04-08 15:13:27 +02:00
Luca Bruno
ea3644cb09 sushi: new package
A quick previewer for Nautilus

http://en.wikipedia.org/wiki/Sushi_(software)
2014-04-08 13:41:29 +02:00
Luca Bruno
06614031d6 accountservice: add dbus and systemd services
Enable by default with gnome3.
2014-04-08 13:39:48 +02:00
Eelco Dolstra
2ba552fb2e Revert "Fix services.udisks.enable."
This reverts commit 02a30bea44,
necessary after reverting to udisks 1.0.4.

http://hydra.nixos.org/build/10194840
2014-04-08 13:28:24 +02:00
Rickard Nilsson
604306c34a Don't add users if createUser is false 2014-04-08 12:36:03 +02:00
Eelco Dolstra
694cc6172a Enable the firewall by default
Fixes #2135.
2014-04-08 09:44:01 +02:00
Shea Levy
efdb8a10ed Merge branch 'postgresql-user-fix' of git://github.com/ocharles/nixpkgs into fix-new-conduit
Create 'postgres' user and use pg_isready
2014-04-07 16:37:43 -04:00
Bjørn Forsman
8cd95471d7 nixos: add type definitions to virtualisation.libvirtd.* options 2014-04-07 21:31:29 +02:00
Eelco Dolstra
eb22e5f026 Remove ignored argument to sync 2014-04-07 13:22:12 +02:00
Eelco Dolstra
2f51ca9609 Add a regression test for udisks 2014-04-07 13:22:12 +02:00
Eelco Dolstra
1f6bfa19ad Gnome 3 should not be a release blocker 2014-04-07 12:24:17 +02:00
Luca Bruno
5174e6db80 gnome-backgrounds: new package 2014-04-06 15:23:11 +02:00
Oliver Charles
e206684110 Use PostgreSQL 9.3's pg_isready to wait for connectivity
The postgresql module has a postStart section that waits for a database
to accept connections before continuing. However, this assumes various
properties about the database - specifically the database user
and (implicitly) the database name. This means that for old
installations, this command fails because there is no 'postgres' user,
and the service never starts.

While 7deff39 does create the 'postgres' user, a better solution is to
use `pg_isready`, who's sole purpose is to check if the database is
accepting connections. This has no dependency on users, so should be
more robust.
2014-04-06 12:38:02 +01:00
Oliver Charles
7de29bd26f Create the 'postgres' superuser
Old PostgreSQL installations were created using the 'root' database
user. In this case, we need to create a new 'postgres' account, as we
now assume that this is the superuser account.

Unfortunately, these machines will be left with a 'root' user as
well (which will have ownership of some databases). While PostgreSQL
does let you rename superuser accounts, you can only do that when you
are connected as a *different* database user. Thus we'd have to create a
special superuser account to do the renaming. As we default to using
ident authentication, we would have to create a system level user to do
this. This all feels rather complex, so I'm currently opting to keep the
'root' user on these old machines.
2014-04-06 12:38:01 +01:00
Rickard Nilsson
bf129a2c23 Allow undefined uids and gids when mutableUsers = true
Groups and users without gid/uid are created with
useradd/groupadd after the passwd/group merge phase
if mutableUsers = true.

This should fix #2114.
2014-04-06 12:42:55 +02:00
Austin Seipp
8d0259caf4 nixos: reserve some uids/gids
I have some NixOS modules that I keep out of tree, and having UIDs/GIDs
reserved is quite helpful.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-06 01:05:56 -05:00
Shea Levy
d35619429a Merge branch 'cache.su' of git://github.com/wkennington/nixpkgs
su: Make the su package a provider of only the su binary

Fixes #1877
2014-04-05 18:49:30 -04:00
William A. Kennington III
28ab3acb58 su: Make the su package a provider of only the su binary
Additionally, provide su with the base system and remove su from the
util-linux package as it is now provided by shadow.
2014-04-05 16:01:52 -05:00
Shea Levy
ad4965f54c Merge branch 'master.xauth' of git://github.com/wkennington/nixpkgs
ssh: Don't set xuth if not running xserver
2014-04-05 15:32:31 -04:00
Shea Levy
a46d2e3150 Merge branch 'murmur' of git://github.com/thoughtpolice/nixpkgs
nixos: add Murmur module (Mumble chat)

Conflicts:
	nixos/modules/misc/ids.nix
2014-04-05 15:18:14 -04:00
Shea Levy
ea9c8d6a13 Merge branch 'rippled' of git://github.com/ehmry/nixpkgs
rippled: initial pkg and module expressions

Had to change the rippled uid.

Conflicts:
	nixos/modules/misc/ids.nix
2014-04-05 14:23:29 -04:00
Domen Kožar
13bef7f403 Merge pull request #2127 from lethalman/gnome3
Gnome3 session changes, gnome-control-center icons
2014-04-05 00:35:06 +02:00
Luca Bruno
671e346eb2 gnome3: add glib-networking gio modules
With glib-networking, epiphany and other gnome apps
can access https and other networking protocols.
2014-04-04 23:45:06 +02:00
Shea Levy
c6797b373f Turn on user-controlled wpa-cli on the livecd
Fixes #1204
2014-04-04 17:05:57 -04:00
Eelco Dolstra
6905aa1cf4 Merge pull request #2095 from geo-kollias/master
Added MonetDB NixOS module.
2014-04-04 13:55:24 +02:00
Domen Kožar
f530ead0ba syncthing: add preStart script to create dataDir 2014-04-04 10:46:30 +02:00
Matej Cotman
7df1ce5088 syncthing: new package and nixos module 2014-04-04 10:46:29 +02:00
Shea Levy
8b5c617237 Add fuse to env by default
Fixes #458
2014-04-03 21:36:13 -04:00
Domen Kožar
52fbaee8d7 solr: add extraJars option 2014-04-03 22:46:45 +02:00
William A. Kennington III
6c6d7dc11d ssh: Don't set xauth if not running xserver 2014-04-03 14:28:45 -05:00
Eelco Dolstra
6e086caa8a xterm: Don't enable unless X11 is enabled 2014-04-03 20:44:57 +02:00
Eelco Dolstra
819e7c9fbd Add a test for NixOS containers 2014-04-03 16:36:24 +02:00
Eelco Dolstra
1e4fa227fe nixos-container: Don't destroy declarative containers 2014-04-03 16:36:24 +02:00
Eelco Dolstra
b0b3fa928a Disable container support in containers
Systemd-nspawn doesn't support nesting, so providing nixos-container
inside a container doesn't make sense.
2014-04-03 16:36:23 +02:00
Eelco Dolstra
1ad9a654be Make starting a container synchronous
So now "systemctl start container@foo" will only return after the
container has reached multi-user.target.
2014-04-03 16:36:23 +02:00
Eelco Dolstra
269926df0d container-login.nix -> container-config.nix 2014-04-03 16:36:16 +02:00
Eelco Dolstra
fee81c3739 Always enable container logins 2014-04-03 16:35:36 +02:00
Austin Seipp
788354cc34 nixos: add mumble test
This tests that both the client and server work. With screenshots!

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-02 03:55:37 -05:00
Austin Seipp
f61110d65d nixos: murmur service
Murmur is the headless server component of the Mumble chat system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-02 00:11:00 -05:00
George Kollias
ec1acce4e9 fixed monetdb's gid to be the same with its id. 2014-04-01 20:41:37 +03:00
George Kollias
0ded8e6de3 Added MonetDB NixOS module. 2014-04-01 20:20:33 +03:00
Vladimír Čunát
6445ac90ad Merge master into x-updates 2014-04-01 10:49:31 +02:00
Emery Hemingway
def448f127 rippled: added comment on commented out config options 2014-03-31 22:59:01 -04:00
Shea Levy
c37bbda4a3 Merge branch 'psql-fix' of git://github.com/proger/nixpkgs
postgresql: properly fix permissions issue by in postStart
2014-03-31 21:45:11 -04:00
Eelco Dolstra
6da72a4456 nixos-container: Rewrite in Perl
Also fix race condition when multiple containers are created
simultaneously (as NixOps tends to do).
2014-03-31 19:49:15 +02:00
Eelco Dolstra
7ebd856a38 Provide nixos-container unconditionally 2014-03-31 19:49:01 +02:00
aszlig
9d8a8126e9
systemd: Add support for path units.
This allows to define systemd.path(5) units, for example like this:

{
  systemd = let
    description = "Set Key Permissions for xyz.key";
  in {
    paths.set-key-perms = {
      inherit description;
      before = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      pathConfig.PathChanged = "/run/keys/xyz.key";
    };

    services.set-key-perms = {
      inherit description;
      serviceConfig.Type = "oneshot";
      script = "chown myspecialkeyuser /run/keys/xyz.key";
    };
  };
}

The example here is actually useful in order to set permissions for the
NixOps keys target to ensure those permisisons aren't reset whenever the
key file is reuploaded.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-31 12:33:25 +02:00
Vladimir Kirillov
c66be6378d postgresql: properly fix permissions issue by in postStart
as per postgresql manual, interactions with psql should be carried
out with the postgresql system user and postgresql db user by default.

ensure it happens in postStart.
2014-03-31 18:06:06 +08:00
Eelco Dolstra
5ba0d51f68 Fix VirtualBox image generation
http://hydra.nixos.org/build/9905410
2014-03-31 11:15:11 +02:00
Eelco Dolstra
c20383e756 Another fix to the installer tests 2014-03-31 11:10:56 +02:00
Eelco Dolstra
0469f92faf Bring back mkOrder 2014-03-30 20:35:25 +02:00
Eelco Dolstra
0fdd641b21 Ensure that slim's theme applies to slimlock 2014-03-30 19:33:28 +02:00
Eelco Dolstra
075168ca81 nixos-hardware-scan: Detect QEMU 2014-03-30 17:27:18 +02:00
Eelco Dolstra
aaf01268ff Revert "slim: remove duplicate code"
This reverts commit f7d5e83abb.  It
breaks the Firefox and Xfce tests:

  in job ‘tests.firefox.x86_64-linux’:
  cannot coerce a boolean to a string

  in job ‘tests.xfce.x86_64-linux’:
  infinite recursion encountered
2014-03-30 17:06:01 +02:00
Eelco Dolstra
1c192e1fea Another attempt to fix the installer test
http://hydra.nixos.org/build/9904133
2014-03-30 16:53:23 +02:00
Emery Hemingway
6c77690b28 rippled: initial pkg and module expressions
rippled is the Ripple P2P payment network reference server
https://ripple.com
2014-03-29 15:31:37 -04:00
Shea Levy
ac68dc6dc6 Merge branch 'minecraft-server' of git://github.com/thoughtpolice/nixpkgs
nixpkgs: add Minecraft Server & a service module
2014-03-29 12:51:49 -04:00
Austin Seipp
1acca1c396 nixos: add minecraft-server service
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-29 05:31:27 -05:00
Jaka Hudoklin
227997d8ca nixos/rabbitmq: rewrite
- rewrite from old jobs options to new services
- add simple test
- add dataDir option
2014-03-29 10:56:07 +01:00
Shea Levy
c23464672e sloppy sloppy Shea 2014-03-29 05:28:37 -04:00
Shea Levy
38cc80f4d8 D'oh 2014-03-29 05:25:16 -04:00
Shea Levy
1aa5589eef Merge branch 'virtualbox' of git://github.com/Calrama/nixpkgs
Update VirtualBox (and implicitly VirtualBox Guest Additions) to 4.3.6
and Oracle VM VirtualBox Extension Pack to 91406

Conflicts due to minor upgrade in the mean time

Conflicts:
	nixos/modules/virtualisation/virtualbox-guest.nix
	pkgs/applications/virtualization/virtualbox/default.nix
	pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
2014-03-29 00:23:54 -04:00
Shea Levy
63f97fe9db Merge branch 'slim_fix' of git://github.com/jagajaga/nixpkgs
add normal theme support for slim and slimlock
2014-03-29 00:17:52 -04:00
Shea Levy
a82ca6a7f9 Merge branch 'disable-acpid' of git://github.com/ambrop72/nixpkgs
power-management: Don't enable acpid.
2014-03-28 23:52:56 -04:00
Shea Levy
7cebcb995d Merge branch 'cache.pcscd' of git://github.com/wkennington/nixpkgs
Update Smartcard Utils + Fix Daemon Expression
2014-03-28 23:45:00 -04:00
Shea Levy
701cb6b099 Merge branch 'nixos/containers/fix1' of git://github.com/offlinehacker/nixpkgs
nixos: fix linux containers (systemd-nspawn, lxc, lxc-libvirt)
2014-03-28 23:39:01 -04:00
Eelco Dolstra
c704f6bb4e VM tests: Run hwclock in the initrd
Needed for the installer tests, since otherwise mounting a filesystem
may fail as it has a last-mounted date in the future.

http://hydra.nixos.org/build/9846712
2014-03-28 16:52:08 +01:00
Vladimír Čunát
576e9289dd Merge master into x-updates 2014-03-27 21:34:06 +01:00
Moritz Ulrich
02a30bea44 Fix services.udisks.enable.
Latest update to udisks in 344f2e65 broke it for me. Fix it by doing the
following:

- Add udisks.service to /etc/systemd/system (via systemd.packages)
- Fix path to udisks-daemon in udisks.service (libexec/ instead of lib/)
2014-03-25 16:52:45 +01:00
Jaka Hudoklin
70a4c7b1df nixos: fix linux containers (systemd-nspawn, lxc, lxc-libvirt)
- Make dhcp work, use dhcpcd without udev in container
- Make login shell work, patch getty to not wait for /dev/tty0
- Make ssh work, sshd/pam do not start session
2014-03-24 23:59:50 +01:00
Eelco Dolstra
07adfae551 Remove hard-coded SSH key 2014-03-24 12:19:28 +01:00
Eelco Dolstra
6010b0e886 nixos-container: NixOps helper functions 2014-03-24 12:19:28 +01:00
Eelco Dolstra
29c469b88d Allow dashes in container names 2014-03-24 12:19:28 +01:00
Eelco Dolstra
ba88db3cd3 Add support for imperative container management
The command nixos-container can now create containers.  For instance,
the following creates and starts a container named ‘database’:

  $ nixos-container create database

The configuration of the container is stored in
/var/lib/containers/<name>/etc/nixos/configuration.nix.  After editing
the configuration, you can make the changes take effect by doing

  $ nixos-container update database

The container can also be destroyed:

  $ nixos-container destroy database

Containers are now executed using a template unit,
‘container@.service’, so the unit in this example would be
‘container@database.service’.
2014-03-24 12:19:27 +01:00
Eelco Dolstra
0cca0f477f nixos-container-shell -> nixos-container { login | root-shell } 2014-03-24 12:19:27 +01:00
Eelco Dolstra
2ace7edb81 Rename systemd.containers -> containers
That NixOS containers use systemd-nspawn is just an implementation
detail (which we could change in the future).
2014-03-24 12:19:27 +01:00
Vladimír Čunát
11492176d5 xorg: add "intel-testing" video driver, currently 2.99.911 2014-03-23 22:10:56 +01:00
William A. Kennington III
155dc472d8 pcscd: Convert to systemd + Fix config file 2014-03-21 17:52:24 -05:00
Domen Kožar
917498001f almir: correctly set PYTHONPATH 2014-03-21 18:02:15 +01:00
Rob Vermaas
020d3b299c Make the GCE image use 100G as disk size (maximum). 2014-03-21 15:18:03 +01:00
Rob Vermaas
af6c571a7e Increase size of GCE image. Use disk.raw as name inside tar.gz, as this is compulsory. 2014-03-21 14:56:00 +01:00
Vladimír Čunát
1941168c3d Merge branch master into x-updates (fix eval) 2014-03-21 13:46:56 +01:00
Rickard Nilsson
6a60fc3bdd solr module: Activate JSP support in Winstone
Required by older versions of solr. The JSP support
in Winstone seems spotty, but at one point we'll switch
over to Jetty instead.
2014-03-21 12:04:52 +01:00
Vladimír Čunát
a245aeaef1 nixos ati: support glamor, disabled by default
This is from @ambrop72 #1969.
2014-03-21 10:34:19 +01:00
Austin Seipp
6e415d2b58 nixos: add BitTorrent Sync service module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-20 12:24:28 -05:00
Shea Levy
78e6d0143d Add ngircd module 2014-03-19 22:04:35 -04:00
Shea Levy
78029b7b0f Merge branch 'nixos/elasticsearch/elasticsearch_fix' of git://github.com/offlinehacker/nixpkgs
nixos/elasticsearch: Make port an integer, add dataDir option, make pure
2014-03-19 18:02:13 -04:00
Shea Levy
ca81e38178 Merge branch 'nixos/statsd/statsd_port_fix' of git://github.com/offlinehacker/nixpkgs
nixos/statsd: change default host and port on graphite host and port
2014-03-19 18:00:49 -04:00
Shea Levy
d944c01db6 Merge branch 'pkgs/pythonPackages/fix_graphite2' of git://github.com/offlinehacker/nixpkgs
nixos/graphite: Make pure, fix several bugs, add dataDir option
2014-03-19 17:57:34 -04:00
José Romildo Malaquias
47c7e29ffa make environment.variables.GIO_EXTRA_MODULES a list
Close #1929.
2014-03-19 22:15:44 +01:00
Shea Levy
4216e42ca8 Merge branch 'openafs' of git://github.com/errge/nixpkgs
Openafs fixes
2014-03-19 05:21:28 -04:00
Shea Levy
77181be713 Set /run/keys ownership based on numerical ids
See comments on 4ab5646417
2014-03-19 05:18:24 -04:00
Rickard Nilsson
043bf5a941 mysql service: Shutdown with normal systemd SIGTERM instead of mysqladmin
According to the MySQL manual, this is a perfectly legal way of
shutting down the server. The shutdown logs also looks fine:

systemd[1]: Stopping MySQL Server...
mysqld[5114]: 140319  8:36:12 [Note] /nix/store/sc26mz82k97mbpx3d1abzn3rrbd155ws-mariadb-10.0.8/bin/mysqld: Normal shutdown
mysqld[5114]: 140319  8:36:12 [Note] Event Scheduler: Purging the queue. 0 events
mysqld[5114]: 140319  8:36:12 [Note] InnoDB: FTS optimize thread exiting.
mysqld[5114]: 140319  8:36:12 [Note] InnoDB: Starting shutdown...
mysqld[5114]: 140319  8:36:14 [Note] InnoDB: Shutdown completed; log sequence number 1619078
mysqld[5114]: 140319  8:36:14 [Note] /nix/store/sc26mz82k97mbpx3d1abzn3rrbd155ws-mariadb-10.0.8/bin/mysqld: Shutdown complete
systemd[1]: Stopped MySQL Server.
2014-03-19 08:41:07 +01:00
Eelco Dolstra
7d8fea797a Run hwclock --hctosys to initialize the system time 2014-03-18 23:14:34 +01:00
Eelco Dolstra
08095f97ce Typo 2014-03-18 22:40:39 +01:00
Eelco Dolstra
7ee31c7f94 Fix permissions 2014-03-18 18:04:38 +01:00
Eelco Dolstra
de57c0eb66 Shut up Perl warning 2014-03-18 14:10:31 +01:00
Eelco Dolstra
01fc3e5153 Revert "test-driver: Set the date to the current time on boot"
This reverts commit 4e6eae45ee. It
breaks running the test driver interactively (in that it causes all
VMs to be started immediately, which is not always what you wnat).
2014-03-18 14:05:51 +01:00
Eelco Dolstra
5b10ea1f99 Don't run dhcpcd in containers 2014-03-18 11:39:51 +01:00
Eelco Dolstra
11c4c4ae54 Add command ‘nixos-container-shell’ for logging into a container 2014-03-18 11:36:03 +01:00
Eelco Dolstra
7b82d1ee27 Ensure that the container root can always be accessed via /var/lib/containers 2014-03-18 11:04:54 +01:00
Eelco Dolstra
895bcdd1cb Add support for running a container with a private network interface
For example, the following sets up a container named ‘foo’.  The
container will have a single network interface eth0, with IP address
10.231.136.2.  The host will have an interface c-foo with IP address
10.231.136.1.

  systemd.containers.foo =
    { privateNetwork = true;
      hostAddress = "10.231.136.1";
      localAddress = "10.231.136.2";
      config =
        { services.openssh.enable = true; };
    };

With ‘privateNetwork = true’, the container has the CAP_NET_ADMIN
capability, allowing it to do arbitrary network configuration, such as
setting up firewall rules.  This is secure because it cannot touch the
interfaces of the host.

The helper program ‘run-in-netns’ is needed at the moment because ‘ip
netns exec’ doesn't quite do the right thing (it remounts /sys without
bind-mounting the original /sys/fs/cgroups).
2014-03-18 10:49:25 +01:00
Shea Levy
a1a167bc8b nginx module: Enable modularly specifying servers 2014-03-17 23:31:56 -04:00
Shea Levy
4e6eae45ee test-driver: Set the date to the current time on boot
Should allow merging #1816
2014-03-17 22:05:19 -04:00
ambrop7@gmail.com
e5cc6d3552 Enable acpid if nvidia driver is being used.
The NVidia driver wants to connect to acpid to receive ACPI events.
2014-03-17 19:27:06 +01:00
Eelco Dolstra
ac215779dd Give containers a writable /nix/var/nix/{profiles,gcroots}
These are stored on the host in
/nix/var/nix/{profiles,gcroots}/per-container/<container-name> to
ensure that container profiles/roots are not garbage-collected.
2014-03-17 15:23:20 +01:00
Eelco Dolstra
ef8e0266a2 Don't reboot a container when its configuration changes
Instead, just run "switch-to-configuration" inside the container.
2014-03-17 15:03:29 +01:00
Eelco Dolstra
511b86d22d Add an option to reload rather than restart changed units 2014-03-17 15:02:53 +01:00
Eelco Dolstra
28b7d67d08 httpd: Don't require keys.target
This has the unintended side-effect of restarting httpd every time we
run switch-to-configuration, even if httpd hasn't changed (because
we're doing a "stop keys.target" now).  So use a "Wants" dependency
instead.
2014-03-17 15:01:10 +01:00
Eelco Dolstra
f9e2af1e8b switch-to-configuration: Don't require /etc/NIXOS
Check /etc/os-release if /etc/NIXOS doesn't exist.
2014-03-17 14:16:10 +01:00
Eelco Dolstra
f13bd41384 switch-to-configuration: Restart sockets.target 2014-03-17 14:10:48 +01:00
Eelco Dolstra
0d506aa712 Provide a simple way to log into containers
On the host, you can run

  $ socat unix:<path-to-container>/var/lib/login.socket -,echo=0,raw

to get a login prompt.  So this allows logging in even if the
container has no SSH access enabled.

You can also do

  $ socat unix:<path-to-container>/var/lib/root-shell.socket -

to get a plain root shell.  (This socket is only accessible by root,
obviously.)  This makes it easy to execute commands in the container,
e.g.

  $ echo reboot | socat unix:<path-to-container>/var/lib/root-shell.socket -
2014-03-17 14:10:47 +01:00
Eelco Dolstra
1b6c01721d Revert "nixos-manual: show manual on tty8 by default"
This reverts commit b792394119.
Starting the manual on tty8 was intended as a convenience during
installation, not as a general purpose thing.  In fact, given that w3m
runs as root, this is highly insecure!
2014-03-17 12:45:57 +01:00
mornfall
fe995cdedc Merge pull request #1775 from thoughtpolice/duo_unix
Duo Security module and uid/gid support for /etc files
2014-03-16 23:06:01 +01:00
Austin Seipp
29d46452dd nixos: add Duo Security module
This module adds the security.duosec attributes, which you can use to
enable simple two-factor authentication for NixOS logins.

The module currently provides PAM and SSH support, although the PAM unix
system configuration isn't automatically dealt with (although the
configuration is automatically built).

Enabling it is as easy as saying:

  security.duosec.ssh.enable = true;
  security.duosec.ikey       = "XXXXXXXX...";
  security.duosec.skey       = "XXXXXXXX...";
  security.duosec.host       = "api-XXXXXXX.duosecurity.com";
  security.duosec.group      = "duosec";

which will enforce two-factor authentication for SSH logins for users in
the 'duosec' group.

This requires uid/gid support in the environment.etc module.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-16 07:11:50 -05:00
Shea Levy
6cc0cc7ff6 Merge branch 'postgresql-user' of git://github.com/ocharles/nixpkgs
postgresql module: Use the default superuser username
2014-03-15 13:29:52 -04:00
Shea Levy
3f6a654d9c Merge branch 'zsh' of git://github.com/ttuegel/nixpkgs
zsh: don't clobber the environment of non-login shells
2014-03-15 13:11:38 -04:00
Bjørn Forsman
f7006116b3 nixos/gpsd-service: add type declarations to options 2014-03-15 17:35:55 +01:00
Bjørn Forsman
28e5f72f05 nixos/gpsd-service: change from deprecated 'jobs' type to 'systemd'
This has the nice side-effect of making gpsd actually run!

Old behaviour (debugLevel=2):

  systemd[1]: gpsd.service holdoff time over, scheduling restart.
  systemd[1]: Stopping GPSD daemon...
  systemd[1]: Starting GPSD daemon...
  systemd[1]: gpsd.service start request repeated too quickly, refusing to start.
  systemd[1]: Failed to start GPSD daemon.
  systemd[1]: Unit gpsd.service entered failed state.

New behaviour (debugLevel=2):

  gpsd[945]: gpsd: launching (Version 2.95)
  systemd[1]: Started GPSD daemon.
  gpsd[945]: gpsd: listening on port 2947
  gpsd[945]: gpsd: running with effective group ID 27
  gpsd[945]: gpsd: running with effective user ID 23
  gpsd[945]: gpsd: stashing device /dev/ttyUSB0 at slot 0
2014-03-15 17:35:55 +01:00
ambrop7@gmail.com
49768ca8ff power-management: Don't enable acpid.
Running acpid along with systemd will cause double handling of acpi events.
2014-03-15 12:17:00 +01:00
Peter Simons
abe9d80979 Merge pull request #1939 from wkennington/master.notbit
notbit: Add systemd service for a system daemon
2014-03-15 10:48:36 +01:00
William A. Kennington III
a42e1d5494 notbit: Add systemd service for a system daemon 2014-03-15 04:36:15 -05:00
Peter Simons
f1a30454f6 Merge pull request #1942 from thoughtpolice/fixups
Trivial fixes for my packages
2014-03-15 09:35:35 +01:00
Ricardo M. Correia
bb188bbba7 nixos: Add ZFS auto-snapshotting module 2014-03-15 01:56:42 +01:00
Shea Levy
602cf8d78c Merge branch 'u/zfs-import' of git://github.com/wizeman/nixpkgs
zfs: Misc fixes
2014-03-14 19:40:34 -04:00
Shea Levy
0c12dd3ded Merge branch 'pkgs/systemd/journald_http_gateway' of git://github.com/offlinehacker/nixpkgs
systemd: python support & journal http gateway

Conflicts:
	nixos/modules/misc/ids.nix
2014-03-14 19:16:59 -04:00
Shea Levy
8502d84bd2 Merge branch 'nixos/network-interfaces/ipv6' of git://github.com/offlinehacker/nixpkgs
nixos/network-interfaces: add support for static ipv6 addresses
2014-03-14 18:54:59 -04:00
Shea Levy
a0d574f19b firewall: Allow setting rate limits for pings 2014-03-14 14:55:30 -04:00
Shea Levy
50d144278d mysql module: Specify --basedir
Needed for mariadb and safe for mysql
2014-03-14 11:56:54 -04:00
Gergely Risko
2be35c3e99 OpenAFS client fixes
Make it stoppable.  Add support for crypt and dynroot-sparse.
2014-03-14 14:40:17 +01:00
Corey O'Connor
40de28afca remove users.jenkins config start on slave config.
Uses standard NixOS user config merging.
Work in progress: The slave config does not actually start the slave agent. This just configures a
jenkins user if required. Bare minimum to enable a nice jenkins SSH slave.
2014-03-13 13:01:50 -07:00
Corey O'Connor
292ece425e match systemd style and silent curl progress bar during startup check 2014-03-13 13:01:49 -07:00
Corey O'Connor
9b79d5b298 Add jenkins continuous integration server and user.
By default the jenkins server is executed under the user "jenkins". Which can be configured using
users.jenkins.* options. If a different user is requested by changing services.jenkins.user then
none of the users.jenkins options apply.

This patch does not include jenkins slave configuration. Some config options will probably change
when this is implemented.

Aspects like the user and environment are typically identical between slave and master. The service
configs are different. The design is for users.jenkins to cover the shared aspects while
services.jenkins and services.jenkins-slave cover the master and slave specific aspects,
respectively.

Another option would be to place everything under services.jenkins and have a config that selects
master vs slave.
2014-03-13 13:01:49 -07:00
Shea Levy
59a060523e Don't override the baseUnit's PATH by default 2014-03-12 20:03:14 -04:00
Rickard Nilsson
3ed3c60d0f New NixOS module: services.solr, for running a solr server 2014-03-13 00:32:59 +01:00
Eelco Dolstra
e1984f029d autovt@.service really has to be a symlink 2014-03-13 00:19:10 +01:00
Domen Kožar
df242d0d79 Merge pull request #1926 from tomberek/kippo_uid_fix
UID/GID fix for kippo
2014-03-12 23:34:39 +01:00
Rickard Nilsson
91e6d7411e winstone NixOS module: Make it possible to set systemd service name 2014-03-12 23:28:38 +01:00
Rickard Nilsson
f24940330b New NixOS module: services.winstone, for running instances of the Winstone Java Servlet container 2014-03-12 23:14:09 +01:00
Eelco Dolstra
b13a5d4cca Fix kmscon evaluation 2014-03-12 21:00:59 +01:00
Eelco Dolstra
09c14cd8aa switch-to-configuration: Don't try to start masked units 2014-03-12 18:52:11 +01:00
Eelco Dolstra
f198c40608 Don't depend on the text of disabled units
This prevents pulling in unnecessary dependencies.
2014-03-12 18:52:11 +01:00
Eelco Dolstra
207c881df9 Don't include superfluous lines in generated units 2014-03-12 18:52:11 +01:00
Eelco Dolstra
d412245601 getty@ and autovt@: Use the upstream units 2014-03-12 18:52:10 +01:00
Eelco Dolstra
691c0cd72e systemd: Allow customisation of upstream units
You can now say:

  systemd.services.foo.baseUnit = "${pkgs.foo}/.../foo.service";

This will cause NixOS' generated foo.service file to include
foo.service from the foo package.  You can then apply local
customization in the usual way:

  systemd.services.foo.serviceConfig.MemoryLimit = "512M";

Note however that overriding options in the original unit may not
work.  For instance, you cannot override ExecStart.

It's also possible to customize instances of template units:

  systemd.services."getty@tty4" =
    { baseUnit = "/etc/systemd/system/getty@.service";
      serviceConfig.MemoryLimit = "512M";
    };

This replaces the unit options linkTarget (which didn't allow
customisation) and extraConfig (which did allow customisation, but in
a non-standard way).
2014-03-12 18:52:10 +01:00
Eelco Dolstra
3358906395 apcupsd: Description -> description 2014-03-12 18:52:10 +01:00
Rickard Nilsson
4e23573138 phpfpm module: Make extraConfig and poolConfigs mergeable by switching option type to types.lines 2014-03-12 11:45:31 +01:00
Rickard Nilsson
562a8ca4a2 Add phpfpm NixOS service module 2014-03-12 11:38:50 +01:00
Domen Kozar
28069d6aad move windowManager.xbmc to desktopManager.xbmc 2014-03-12 09:20:59 +01:00
Thomas Bereknyei
a2353866a8 UID/GID fix for kippo 2014-03-12 03:32:56 -04:00
Arseniy Seroka
f7d5e83abb slim: remove duplicate code 2014-03-11 16:27:27 +04:00
Mathijs Kwik
42d7923752 Merge pull request #1911 from offlinehacker/nixos/couchdb/fix
nixos/couchdb: fix stopping of service, by making it non-forking, a few other improvments
2014-03-11 09:35:27 +01:00
Jaka Hudoklin
2297f31339 nixos/network-interfaces: do not try to enable or disable ipv6 in container 2014-03-10 12:39:22 +01:00
Jaka Hudoklin
993ef8287e nixos/couchdb: fix stopping of service, by making it non-forking, a few other improvments
Conflicts:
	nixos/modules/services/databases/couchdb.nix
2014-03-10 11:08:05 +01:00
Jaka Hudoklin
cf65a62af4 nixos/elasticsearch: Make port an integer, add dataDir option, make pure 2014-03-10 11:04:48 +01:00
Jaka Hudoklin
bd5c0c3bc7 nixos/statsd: change default host and port on graphite host and port 2014-03-10 11:02:48 +01:00
Jaka Hudoklin
b21d95e1f8 nixos/graphite: Make pure, fix several bugs, add dataDir option 2014-03-10 10:59:26 +01:00
Domen Kozar
f0b34fe8ff searx: refactor a bit 2014-03-09 18:57:17 +01:00
Matej Cotman
7e932ca4e2 searx: add module 2014-03-09 17:33:56 +01:00
Domen Kozar
8e1d765f61 nixos manual: make nixos options linkable 2014-03-08 19:34:28 +01:00
Domen Kožar
bb7fe59b80 Merge pull request #1767 from the-kenny/fix-consoleKeyMap-type
i18n.consoleKeyMap: Accept string or path.
2014-03-08 18:04:55 +01:00
Austin Seipp
881bb235d9 nixos: tarsnap module documentation updates
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-08 08:00:56 -06:00
Ellis Whitehead
9af5d4731d typo: occured -> occurred 2014-03-07 19:39:55 +01:00
Domen Kozar
10787951ab tarsnap: mention getting started page 2014-03-07 15:37:09 +01:00
Austin Seipp
24cf6afa05 nixos: add Tarsnap backup service module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-07 15:37:09 +01:00
Domen Kožar
068c0aa219 Merge pull request #1833 from coreyoconnor/fix-synaptics-config
correct tapButtons in synaptics config.
2014-03-07 13:10:31 +01:00
Shea Levy
4b28d9d934 Merge branch 'desktopmanager-fix' of git://github.com/pSub/nixpkgs
Use feh only as a fallback if the xserver is actually enabled.
2014-03-07 04:39:25 -05:00
Gergely Risko
322b7124a8 Allow ntpq locally 2014-03-06 11:54:02 +01:00
Eelco Dolstra
6572708d39 Always load the "configs" kernel module
We used to have the configuration of the kernel available in a
somewhat convenient place (/run/booted-system/kernel-modules/config)
but that has disappeared.  So instead just make /proc/configs.gz
available.  It only eats a few kilobytes.
2014-03-05 15:22:32 +01:00
Ricardo M. Correia
02e2431661 zfs: Don't look for devices only in /dev
If we don't give out a directory to 'zpool import', it will use libblkid
to automatically find all existing ZFS devices.
2014-03-04 12:58:11 +01:00
Pascal Wittmann
c2fcf07f06 Use feh only as a fallback if the xserver is actually enabled.
Otherwise feh is installed even though no xserver is available.
2014-03-04 09:10:23 +01:00
Eelco Dolstra
6a9168ad06 Get rid of services.mesa.* message 2014-03-03 13:57:08 +01:00
Eelco Dolstra
497997cc38 Move generation of coverage reports from nixos/lib/testing to releaseTools
Also, turn some stdenv adapters into setup hooks.
2014-03-03 13:57:08 +01:00
Eelco Dolstra
ad7c518e45 Sync /tmp/xchg to ensure that the coverage data is flushed 2014-03-03 13:57:08 +01:00
Vladimír Čunát
d9cc648d6c Merge pull request #1791 from wizeman/u/nixos-gen
nixos-generate-config: improve filesystem generation
2014-03-02 11:27:43 +01:00
Shea Levy
1425fa5b3b Disable efi tests again
OVMF sucks
2014-03-01 09:51:28 -05:00
Eelco Dolstra
1d9cd24d0b Fix mysql-replication test 2014-02-28 16:18:31 +01:00
Eelco Dolstra
da2a336a3c Remove tabs 2014-02-28 16:18:31 +01:00
Domen Kožar
b792394119 nixos-manual: show manual on tty8 by default 2014-02-28 13:32:19 +01:00
Shea Levy
691f6c4c59 Fix mysql test evaluation 2014-02-28 06:16:57 -05:00
Domen Kožar
e9f3199973 add gstreamer 1.0 setup-hook and use it where appropriate 2014-02-28 02:03:07 +01:00
Domen Kožar
4e957b075e Merge pull request #1841 from pSub/patch-1
Fixed link to the installation instructions
2014-02-27 15:08:32 +01:00
Pascal Wittmann
991b23c382 Added a static identifier to the installing nixos chapter 2014-02-27 14:56:13 +01:00
Domen Kožar
ab0aae42a4 couchdb: remove redundant customConfigFile 2014-02-27 14:34:19 +01:00
Domen Kožar
d6a3cada9b couchdb: stricter types 2014-02-27 14:33:50 +01:00
Domen Kožar
9d55a4c513 couchdb: add ids 2014-02-27 14:33:30 +01:00
Rok Garbas
0bebcd7d1f folders of pidFile and uriFile should be writable by couchdb user/group 2014-02-27 13:34:11 +01:00
Rok Garbas
55cff93f04 couchdb(nixos): removing whitespace and line that was commented 2014-02-27 13:34:11 +01:00
Rok Garbas
62438c09f7 update couchdb to 1.5.0(current latest) and add service for it 2014-02-27 13:34:11 +01:00
Domen Kožar
97a0dd9eb9 nixos: set all package options to have type package 2014-02-27 13:22:29 +01:00
Shea Levy
f7c04b1e6b mediawiki: Don't rewrite /images if uploads are enabled 2014-02-27 07:17:10 -05:00
Shea Levy
1e7300ad67 mediawiki rewrite rules only needed with no urlPrefix 2014-02-27 07:17:10 -05:00
Shea Levy
32470621d5 Restart keys.target on reconfiguration 2014-02-26 13:35:04 -05:00
Shea Levy
69b6b939ef rename.nix: Handle renaming of a whole set of options
mkIf was pushed down, making the obsoleted argument unconditionally evaluated

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-26 10:06:28 -05:00
Shea Levy
efb18d9aa5 D'oh 2014-02-26 08:49:21 -05:00
Shea Levy
c9f9835dda Document mysql changes 2014-02-26 07:56:59 -05:00
Shea Levy
1ce6fff4e2 Merge mysql55 module into mysql
This also removes the default for services.mysql.package, as this should
not generally be updated automatically if we change the mysql attribute
2014-02-26 07:54:12 -05:00
Shea Levy
793328e1ee Mediawiki: Add some needed rewrites 2014-02-25 09:13:40 -05:00
Shea Levy
0d4a9e3aa6 Allow httpd subservices to set the document root
Only the main service OR one of the subservices can set the document
root. This is used by mediawiki when it is hosted at the root of the
vhost.
2014-02-25 07:44:45 -05:00
Corey O'Connor
20567eba1f correct tapButtons in synaptics config. Dont rely on the X11 input settings to take the last option. 2014-02-24 16:03:47 -08:00
Rickard Nilsson
d5211b0e0e Make initialRootPassword overrideable in all virtualisation modules, not just virtualbox. 2014-02-24 18:05:26 +01:00
Austin Seipp
dc700e0925 etc: uid/gid support for copied files
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-23 18:00:47 -06:00
Austin Seipp
fc9022bea1 firewall: add support for TCP/UDP port ranges
This is useful for packages like mosh, which use a wide UDP port range
by default for incoming connections.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-22 18:19:22 +01:00
Petr Rockai
f21abed131 nixos: Assign uid/gid to dictd's service user. 2014-02-22 12:00:08 +01:00
Shea Levy
95a77ea39f Unconditionally add ssh to nix-daemon's path for the ssh substitituer 2014-02-20 14:17:30 -05:00
Shea Levy
17f88453f6 Don't complain if HOME isn't writable 2014-02-20 13:40:56 -05:00
Shea Levy
fefc0d9917 Add module to enable the server for the ssh substituter 2014-02-20 13:40:51 -05:00
Shea Levy
2b92e90f91 opensmtpd: Add sendmail to systemPackages 2014-02-20 06:17:15 -05:00
Ricardo M. Correia
a146fdab80 nixos-generate-config: Don't generate filesystem options
We don't want to hardcode configuration options that the current kernel chose
for us when mounting the filesystem, since the defaults can change in the
future.
2014-02-19 17:18:50 +01:00