Commit Graph

580 Commits

Author SHA1 Message Date
Joachim Fasting
f3ef4383c6
nix-daemon service: fix unbalanced parens in description 2016-08-23 13:06:25 +02:00
Tuomas Tynkkynen
74a3a2cd7e treewide: Use makeBinPath 2016-08-23 01:18:10 +03:00
Franz Pletz
131bc22b84 gitlab service: add option for db_key_base secret 2016-08-17 13:17:47 +02:00
Nikolay Amiantov
4a35d08970 autofs service: make service more like upstream one 2016-08-14 22:39:23 +03:00
Franz Pletz
e082cfcaaa gitlab module: restart services on failure
Sidqkiq regularly dies due to memory leaks.
2016-08-12 19:18:23 +02:00
Eric Sagnes
4cdfeb78f9 modules: move meta at top level 2016-08-11 00:29:48 +09:00
Eric Sagnes
898435d16e manual: automatically generate modules entries 2016-08-11 00:24:41 +09:00
Franz Pletz
8a8971788c gitlab module: update documentation 2016-08-04 02:29:50 +02:00
Franz Pletz
d8fd06641a gitlab module: split up gitlab-runner script
The name gitlab-runner clashes with a component of Gitlab CI with the
same name and only confuses people. It's now called gitlab-bundle and
a convenience-script gitlab-rake for easier invocation of rake tasks
was added. This was the primary use case of gitlab-runner.
2016-08-04 02:29:45 +02:00
Franz Pletz
c39b6025d8 gitlab: 8.5.12 -> 8.10.3, update module
Fixes #14795.
2016-08-04 02:29:44 +02:00
Eelco Dolstra
83eb49220b Manual: Only include the release number (e.g. 16.03)
This prevents gratuitous rebuilds of the manual every time the Git
revision changes.

Should help a bit with #17261.
2016-08-01 11:10:21 +02:00
Robin Lambertz
b65e9d87e2 matrix-synapse: Only run StartPre script when data folder doesn't exist (#17216) 2016-07-28 04:13:21 +02:00
Joachim F
ed50ef318b Merge pull request #15848 from matthewbauer/packagekit
Add in PackageKit
2016-07-16 13:29:08 +02:00
Joachim F
8f43f111c0 Merge pull request #15840 from anderspapitto/pulse-jack
pulseaudio service: set DISPLAY
2016-07-16 13:26:39 +02:00
Tristan Helmich
ed466b7fef sonarr service: initial service 2016-07-15 16:18:37 +02:00
Anders Papitto
874df3fe70 cgminer: respect xserver.display variable 2016-07-05 19:17:40 -07:00
Matthew Bauer
4e50880c82 packagekit: add latest from hughsie's github repo
- currently pulled in from Git until the next release of PackageKit
  has Nix support
- also: add in a service module to start packagekit properly
- nixos service can be enabled via services.packagekit.enable
- packagekit requires nixunstable to build properly
2016-07-05 20:26:59 +00:00
Frederik Rietdijk
39043e4d6e Merge pull request #16239 from Ralith/matrix-synapse
matrix-synapse: 0.14 -> 0.16
2016-06-21 14:30:33 +02:00
zimbatm
b0f8416c5c Merge pull request #16180 from zimbatm/shell-escaping
Escape all shell arguments uniformly
2016-06-19 23:27:52 +01:00
Benjamin Saunders
26da79230b matrix-synapse: 0.14 -> 0.16 2016-06-17 09:21:46 -07:00
Sander van der Burg
8fccaa9011 disnix-module: split dysnomia's functionality into a separate module so that it can be used without Disnix and remove the hacky/obsolete avahi publisher 2016-06-17 09:12:44 +00:00
Kamil Chmielewski
437ea9fd37 Fixes #16181 - using bin output for Go services 2016-06-13 23:32:16 +02:00
zimbatm
28fa4a2f03 Escape all shell arguments uniformly 2016-06-12 18:11:37 +01:00
Nikolay Amiantov
f28ab85f2e parsoid service: use default node 2016-06-11 03:04:03 +03:00
Joachim Fasting
cf5e07ca5b Merge pull request #15471 from telotortium/subsonic
subsonic: change NixOS home directory config
2016-05-18 04:01:32 +02:00
Robert Irelan
cf14dad167 Add script to move /var/subsonic to cfg.home 2016-05-16 14:42:22 -07:00
Robert Irelan
40d4f6df81 Move from ExecStart{,Pre} to systemd.nix attributes 2016-05-16 14:08:32 -07:00
Robert Irelan
a712d8ff0b subsonic: change NixOS home directory config
Move Subsonic state directory from `/var/subsonic` to
`/var/lib/subsonic`, since the general convention is for each
application to put its state directory there.

Also, automatically set the home directory of the `subsonic` user to the
value of `config.services.subsonic.home`, rather than setting it to a
value hardcoded in the module. This keeps the home directory of the
`subsonic` user and the state directory for the Subsonic application in
sync.
2016-05-14 14:13:30 -07:00
Tristan Helmich
36f8b3cad1 nzbget: 16.4 -> 17.0-r1686 and nzbget service 2016-05-13 18:56:39 +02:00
Vladimír Čunát
65a9fa8cdc Merge branch 'master' into staging 2016-05-08 21:24:48 +02:00
Mirzhan Irkegulov
0d28a8a501 update docs for services.dictd.* config options
added types for both options and an example for services.dictd.DBs
2016-05-05 20:11:16 +01:00
Tuomas Tynkkynen
aadaa91379 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/networking/browsers/vivaldi/default.nix
	pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
Tuomas Tynkkynen
de0847c731 taskserver service: Really check that it is enabled 2016-04-28 01:14:17 +03:00
Nikolay Amiantov
5f19542581 Merge commit 'refs/pull/14694/head' of git://github.com/NixOS/nixpkgs into staging 2016-04-25 18:02:23 +03:00
Tuomas Tynkkynen
1d4b21ef42 treewide: Use correct output of config.nix.package in non-string contexts 2016-04-25 16:44:38 +02:00
Tuomas Tynkkynen
60f5659dad treewide: Use correct output in ${config.nix.package}/bin 2016-04-25 16:44:37 +02:00
Tuomas Tynkkynen
70f5c840af nix-daemon service: Don't have the output in the `nix.package' option
1) It unnecessarily exposes implementation details.
2) It breaks all existing configs that have e.g.
   `nix.package = pkgs.nixUnstable;`.
2016-04-25 16:44:37 +02:00
Nikolay Amiantov
5ede7d4d92 octoprint: use makeSearchPathOutput 2016-04-25 13:24:40 +03:00
Vladimír Čunát
7cf8daa2bb nixos: rename chroot* to sandbox*
On Nix side this was done months ago:
https://github.com/NixOS/nix/pull/682
2016-04-25 11:04:08 +02:00
Tristan Helmich
c145f6eaa7 emby service: new service 2016-04-23 16:13:53 +02:00
Eelco Dolstra
21a2f2ba3b nix: Add a "dev" output
This gets rid of boehm-dev in the closure (as well as Nix's own
headers).
2016-04-18 21:13:18 +02:00
aszlig
1f46decba7
nixos/taskserver: Fix reference to certtool.
With the merge of the closure-size branch, most packages now have
multiple outputs. One of these packages is gnutls, so previously
everything that we needed was to reference "${gnutls}/bin/..." and now
we need to use "${gnutls.bin}/bin/...".

So it's not a very big issue to fix.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-15 00:28:57 +02:00
aszlig
9ed9e268a2
Merge pull request #14476 (taskserver)
This adds a Taskserver module along with documentation and a small
helper tool which eases managing a custom CA along with Taskserver
organisations, users and groups.

Taskserver is the server component of Taskwarrior, a TODO list
application for the command line.

The work has been started by @matthiasbeyer back in mid 2015 and I have
continued to work on it recently, so this merge contains commits from
both of us.

Thanks particularly to @nbp and @matthiasbeyer for reviewing and
suggesting improvements.

I've tested this with the new test (nixos/tests/taskserver.nix) this
branch adds and it fails because of the changes introduced by the
closure-size branch, so we need to do additional work on base of this.
2016-04-15 00:21:49 +02:00
aszlig
940120a711
nixos/taskserver/doc: Improve example org name
Suggested by @nbp:

"Choose a better organization name in this example, such that it is less
confusing. Maybe something like my-company"

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-14 21:16:14 +02:00
Tuomas Tynkkynen
b3df6530f7 treewide: Mass replace 'sqlite}/bin' to refer to the correct outputs 2016-04-14 08:32:20 +03:00
Tuomas Tynkkynen
4d90f2d73d treewide: Mass replace 'ffmpeg}/bin' to refer to the correct outputs 2016-04-14 08:32:20 +03:00
Nikolay Amiantov
8b7ebaffeb replace makeSearchPath tree-wise to take care of possible multiple outputs 2016-04-13 22:09:41 +03:00
aszlig
394e64e4fb
nixos/taskserver/helper: Fix docstring of add_user
We have already revamped the CLI subcommands in commit
e2383b84f8.

This was just an artifact that was left because of this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 07:13:43 +02:00
aszlig
e06dd999f7
nixos/taskserver: Fix wrong option doc references
The options client.allow and client.deny are gone since the commit
8b793d1916, so let's fix that.

No feature changes, only fixes the descriptions of allowedClientIDs and
disallowedClientIDs.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 07:03:19 +02:00
aszlig
980f557c46
nixos/taskserver: Restart service on failure
This is the recommended way for long-running services and ensures that
Taskserver will keep running until it has been stopped manually.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 06:43:21 +02:00
aszlig
cf46256bbb
nixos/taskserver: Improve service dependencies
Using requiredBy is a bad idea for the initialisation units, because
whenever the Taskserver service is restarted the initialisation units
get restarted as well.

Also, make sure taskserver-init.service will be ordered *before*
taskserver.service.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 06:33:04 +02:00
aszlig
bb7a819735
nixos/taskserver: Set up service namespaces
The Taskserver doesn't need access to the full /dev nor does it need a
shared /tmp. In addition, the initialisation services don't need network
access, so let's constrain them to the loopback device.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 06:30:05 +02:00
aszlig
dd0d64afea
nixos/taskserver: Finish module documentation
Apart from the options manual, this should cover the basics for setting
up a Taskserver. I am not a native speaker so this can and (probably)
should be improved, especially the wording/grammar.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 06:19:59 +02:00
aszlig
e2383b84f8
nixos/taskserver/helper: Improve CLI subcommands
Try to match the subcommands to act more like the subcommands from the
taskd binary and also add a subcommand to list groups.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 05:38:37 +02:00
aszlig
ce0954020c
nixos/taskserver: Set allowedTCPPorts accordingly
As suggested by @matthiasbeyer:

"We might add a short note that this port has to be opened in the
firewall, or is this done by the service automatically?"

This commit now adds the listenPort to
networking.firewall.allowedTCPPorts as soon as the listenHost is not
"localhost".

In addition to that, this is now also documented in the listenHost
option declaration and I have removed disabling of the firewall from the
VM test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 05:16:15 +02:00
aszlig
5be76d0b55
nixos/taskserver: Reorder into one mkMerge
No changes in functionality but rather just restructuring the module
definitions to be one mkMerge, which now uses mkIf from the top-level
scope of the CA initialization service so we can better abstract
additional options we might need there.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 05:07:52 +02:00
aszlig
5062bf1b84
nixos/taskserver/helper: Assert CA existence
We want to make sure that the helper tool won't work if the automatic CA
wasn't properly set up. This not only avoids race conditions if the tool
is started before the actual service is running but it also fails if
something during CA setup has failed so the user can investigate what
went wrong.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 04:57:03 +02:00
aszlig
2ced6fcc75
nixos/taskserver: Setup CA before main service
We need to explicitly make sure the CA is created before we actually
launch the main Taskserver service in order to avoid race conditions
where the preStart phase of the main service could possibly corrupt
certificates if it would be started in parallel.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 04:53:53 +02:00
aszlig
9279ec732b
nixos/taskserver: Introduce an extraConfig option
This is simply to add configuration lines to the generated configuration
file. The reason why I didn't went for an attribute set is that the
taskdrc file format doesn't map very well on Nix attributes, for example
the following can be set in taskdrc:

server = somestring
server.key = anotherstring

In order to use a Nix attribute set for that, it would be way too
complicated, for example if we want to represent the mentioned example
we'd have to do something like this:

{ server._top = somestring;
  server.key = anotherstring;
}

Of course, this would work as well but nothing is more simple than just
appending raw strings.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 04:21:55 +02:00
aszlig
9f1e536948
nixos/taskserver: Allow to specify expiration/bits
At least this should allow for some customisation of how the
certificates and keys are created. We now have two sub-namespaces within
PKI so it should be more clear which options you have to set if you want
to either manage your own CA or let the module create it automatically.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 04:14:33 +02:00
aszlig
a41b109bc1
nixos/taskserver: Don't change imperative users
Whenever the nixos-taskserver tool was invoked manually for creating an
organisation/group/user we now add an empty file called .imperative to
the data directory.

During the preStart of the Taskserver service, we use process-json which
in turn now checks whether those .imperative files exist and if so, it
doesn't do anything with it.

This should now ensure that whenever there is a manually created user,
it doesn't get killed off by the declarative configuration in case it
shouldn't exist within that configuration.

In addition, we also add a small subtest to check whether this is
happening or not and fail if the imperatively created user got deleted
by process-json.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 03:42:13 +02:00
aszlig
9586795ef2
nixos/taskserver: Silence certtool everywhere
We only print the output whenever there is an error, otherwise let's
shut it up because it only shows information the user can gather through
other means. For example by invoking certtool manually, or by just
looking at private key files (the whole blurb it's outputting is in
there as well).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 02:16:35 +02:00
aszlig
7889fcfa41
nixos/taskserver/helper: Implement deletion
Now we finally can delete organisations, groups and users along with
certificate revocation. The new subtests now make sure that the client
certificate is also revoked (both when removing the whole organisation
and just a single user).

If we use the imperative way to add and delete users, we have to restart
the Taskserver in order for the CRL to be effective.

However, by using the declarative configuration we now get this for
free, because removing a user will also restart the service and thus its
client certificate will end up in the CRL.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 01:41:41 +02:00
aszlig
3008836fee
nixos/taskserver: Add a command to reload service
Unfortunately we don't have a better way to check whether the reload has
been done successfully, but at least we now *can* reload it without
figuring out the exact signal to send to the process.

Note that on reload, Taskserver will not reload the CRL file. For that
to work, a full restart needs to be done.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 01:04:34 +02:00
aszlig
b6643102d6
nixos/taskserver: Generate a cert revocation list
If we want to revoke client certificates and want the server to actually
notice the revocation, we need to have a valid certificate revocation
list.

Right now the expiration_days is set to 10 years, but that's merely to
actually get certtool to actually generate the CRL without trying to
prompt for user input.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 23:07:58 +02:00
aszlig
d0ab617974
nixos/taskserver: Constrain server cert perms
It doesn't do much harm to make the server certificate world readable,
because even though it's not accessible anymore via the file system,
someone can still get it by simply doing a TLS handshake with the
server.

So this is solely for consistency.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 22:59:30 +02:00
aszlig
6e10705754
nixos/taskserver: Handle declarative conf via JSON
We now no longer have the stupid --service-helper option, which silences
messages about already existing organisations, users or groups.

Instead of that option, we now have a new subcommand called
"process-json", which accepts a JSON file directly from the specified
NixOS module options and creates/deletes the users accordingly.

Note that this still has a two issues left to solve in this area:

 * Deletion is not supported yet.
 * If a user is created imperatively, the next run of process-json will
   delete it once deletion is supported.

So we need to implement deletion and a way to mark organisations, users
and groups as "imperatively managed".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 22:24:58 +02:00
aszlig
cf0501600a
nixos/taskserver/helper: Factor out program logic
The Click functions really are for the command line and should be solely
used for that.

What I have in mind is that instead of that crappy --service-helper
argument, we should really have a new subcommand that is expecting JSON
which is directly coming from the services.taskserver.organisations
module option.

That way we can decrease even more boilerplate and we can also ensure
that organisations, users and groups get properly deleted if they're
removed from the NixOS configuration.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 22:19:50 +02:00
aszlig
7875885fb2
nixos/taskserver: Link to manual within .enable
With <olink/> support in place, we can now reference the Taskserver
section within the NixOS manual, so that users reading the manpage of
configuration.nix(5) won't miss this information.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 18:45:09 +02:00
aszlig
b19fdc9ec9
nixos/taskserver: Set server.crl for automatic CA
Currently, we don't handle this yet, but let's set it so that we cover
all the options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 13:38:33 +02:00
aszlig
05a7cd17fc
nixos/taskserver: Rename .pki options
We're now using .pki.server.* and .pki.ca.* so that it's entirely clear
what these keys/certificates are for. For example we had just .pki.key
before, which doesn't really tell very much about what it's for except
if you look at the option description.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 13:33:48 +02:00
aszlig
6395c87d07
nixos/taskserver: Improve doc for PKI options
The improvement here is just that we're adding a big <note/> here so
that users of these options are aware that whenever they're setting one
of these the certificates and keys are _not_ created automatically.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:58:29 +02:00
aszlig
6df374910f
nixos/taskserver: Move .trust out of .pki
This is clearly a server configuration option and has nothing to do with
certificate creation and signing, so let's move it away from the .pki
namespace.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:47:39 +02:00
aszlig
3affead91b
nixos/taskserver: Move .pki.fqdn to .fqdn
It's not necessarily related to the PKI options, because this is also
used for setting the server address on the Taskwarrior client.

So if someone doesn't have his/her own certificates from another CA, all
options that need to be adjusted are in .pki. And if someone doesn't
want to bother with getting certificates from another CA, (s)he just
doesn't set anything in .pki.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:42:20 +02:00
aszlig
6de94e7d24
nixos/taskserver: Rename .server options to .pki
After moving out the PKI-unrelated options, let's name this a bit more
appropriate, so we can finally get rid of the taskserver.server thing.

This also moves taskserver.caCert to taskserver.pki.caCert, because that
clearly belongs to the PKI options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:38:16 +02:00
aszlig
d6bd457d1f
nixos/taskserver: Rename server.{host,port}
Having an option called services.taskserver.server.host is quite
confusing because we already have "server" in the service name, so let's
first get rid of the listening options before we rename the rest of the
options in that .server attribute.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:26:34 +02:00
aszlig
2acf8677fa
nixos/taskserver: Rewrite helper-tool in Python
In the comments of the pull request @nbp wrote:

"Why is it implemented in 3 different languages: Nix, Bash and C?"

And he's right, it doesn't make sense, because we were using C as a
runuser replacement and used Nix to generate the shellscript
boilerplates.

Writing this in Python gets rid of all of this and we also don't need
the boilerplate as well, because we're using Click to handle all the
command line stuff.

Note that this currently is a 1:1 implementation of what we had before.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:02:52 +02:00
aszlig
85832de2e8
nixos/taskserver: Remove client.cert option
The option is solely for debugging purposes (particularly the unit tests
of the project itself) and doesn't make sense to include it in the NixOS
module options.

If people want to use this, we might want to introduce another option so
that we can insert arbitrary configuration lines.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-10 21:37:12 +02:00
Vladimír Čunát
30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Cole Mickens
db9640b032 plex module: restart on failure 2016-04-08 10:55:59 -07:00
aszlig
64e566a49c
nixos/taskserver: Add module documentation
It's not by any means exhaustive, but we're still going to change the
implementation, so let's just use this as a starting point.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-07 14:26:12 +02:00
aszlig
8b793d1916
nixos/taskserver: Rename client.{allow,deny}
These values match against the client IDs only, so let's rename it to
something that actually reflects that. Having client.cert in the same
namespace also could lead to confusion, because the client.cert setting
is for the *debugging* client only.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-07 14:26:11 +02:00
aszlig
04fa5dcdb8
nixos/taskserver: Fix type/description for ciphers
Referring to the GnuTLS documentation isn't very nice if the user has to
use a search engine to find that documentation. So let's directly link
to it.

The type was "str" before, but it's actually a colon-separated string,
so if we set options in multiple modules, the result is one concatenated
string.

I know there is types.envVar, which does the same as separatedString ":"
but I found that it could confuse the reader of the Taskserver module.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-07 14:22:25 +02:00
aszlig
33f948c88b
nixos/taskserver: Fix type for client.{allow,deny}
We already document that we allow special values such as "all" and
"none", but the type doesn't represent that. So let's use an enum in
conjuction with a loeOf type so that this becomes clear.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-07 14:21:42 +02:00
aszlig
2d89617052
nixos/taskserver: Rename nixos-taskdctl
Using nixos-taskserver is more verbose but less cryptic and I think it
fits the purpose better because it can't be confused to be a wrapper
around the taskdctl command from the upstream project as
nixos-taskserver shares no commonalities with it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
78925e4a90
nixos/taskserver: Factor out nixos-taskdctl
With a cluttered up module source it's really a pain to navigate through
it, so it's a good idea to put it into another file.

No changes in functionality here, just splitting up the files and fixing
references.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
0141b4887d
nixos/taskserver: Use nixos-taskdctl in preStart
Finally, this is where we declaratively set up our organisations and
users/groups, which looks like this in the system configuration:

services.taskserver.organisations.NixOS.users = [ "alice" "bob" ];

This automatically sets up "alice" and "bob" for the "NixOS"
organisation, generates the required client keys and signs it via the
CA.

However, we still need to use nixos-taskdctl export-user in order to
import these certificates on the client.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
227229653a
nixos/taskserver: Add a nixos-taskdctl command
It's a helper for NixOS systems to make it easier to handle CA
certificate signing, similar to what taskd provides but comes preseeded
with the values from the system configuration.

The tool is very limited at the moment and only allows to *add*
organisations, users and groups. Deletion and suspension however is much
simpler to implement, because we don't need to handle certificate
signing.

Another limitation is that we don't take into account whether
certificates and keys are already set in the system configuration and if
they're set it will fail spectacularly.

For passing the commands to the taskd command, we're using a small C
program which does setuid() and setgid() to the Taskserver user and
group, because runuser(1) needs PAM (quite pointless if you're already
root) and su(1) doesn't allow for setting the group and setgid()s to the
default group of the user, so it even doesn't work in conjunction with
sg(1).

In summary, we now have a shiny nixos-taskdctl command, which lets us do
things like:

nixos-taskdctl add-org NixOS
nixos-taskdctl add-user NixOS alice
nixos-taskdctl export-user NixOS alice

The last command writes a series of shell commands to stdout, which then
can be imported on the client by piping it into a shell as well as doing
it for example via SSH:

ssh root@server nixos-taskdctl export-user NixOS alice | sh

Of course, in terms of security we need to improve this even further so
that we generate the private key on the client and just send a CSR to
the server so that we don't need to push any secrets over the wire.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
5146f76095
nixos/taskserver: Add an option for organisations
We want to declaratively specify users and organisations, so let's add
another module option "organisations", which allows us to specify users,
groups and of course organisations.

The implementation of this is not yet done and this is just to feed the
boilerplate.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
274fe2a23b
nixos/taskserver: Fix generating server cert
We were generating a self-signed certificate for the server so far,
which we obviously don't want.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
77d7545fac
nixos/taskserver: Introduce a new fqdn option
Using just the host for the common name *and* for listening on the port
is quite a bad idea if you want to listen on something like :: or an
internal IP address which is proxied/tunneled to the outside.

Hence this separates host and fqdn.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
d94ac7a454
nixos/taskserver: Use types.str instead of string
The "string" option type has been deprecated since a long time
(800f9c2), so let's not use it here.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
411c6f77a3
nixos/taskserver: Add trust option to config file
The server starts up without that option anyway, but it complains about
its value not being set. As we probably want to have access to that
configuration value anyway, let's expose this via the NixOS module as
well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
1f410934f2
nixos/taskserver: Properly indent CA config lines
No change in functionality, but it's easier to read when properly
indented.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
3d820d5ba1
nixos/taskserver: Refactor module for CA creation
Now the service starts up if only the services.taskserver.enable option
is set to true.

We now also have three systemd services (started in this order):

 * taskserver-init: For creating the necessary data directory and also
                    includes a refecence to the configuration file in
                    the Nix store.
 * taskserver-ca:   Only enabled if none of the server.key, server.cert,
                    server.crl and caCert options are set, so we can
                    allow for certificates that are issued by another
                    CA.
                    This service creates a new CA key+certificate and a
                    server key+certificate and signs the latter using
                    the CA key.
                    The permissions of these keys/certs are set quite
                    strictly to allow only the root user to sign
                    certificates.
 * taskserver:      The main Taskserver service which just starts taskd.

We now also log to stdout and thus to the journal.

Of course, there are still a few problems left to solve, for instance:

 * The CA currently only signs the server certificates, so it's
   only usable for clients if the server doesn't validate client certs
   (which is kinda pointless).
 * Using "taskd <command>" is currently still a bit awkward to use, so
   we need to properly wrap it in environment.systemPackages to set the
   dataDir by default.
 * There are still a few configuration options left to include, for
   example the "trust" option.
 * We might want to introduce an extraConfig option.
 * It might be useful to allow for declarative configuration of
   organisations and users, especially when it comes to creating client
   certificates.
 * The right signal has to be sent for the taskserver service to reload
   properly.
 * Currently the CA and server certificates are created using
   server.host as the common name and doesn't set additional certificate
   information. This could be improved by adding options that explicitly
   set that information.

As for the config file, we might need to patch taskd to allow for
setting not only --data but also a --cfgfile, which then omits the
${dataDir}/config file. We can still use the "include" directive from
the file specified using --cfgfile in order to chainload
${dataDir}/config.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
6d38a59c2d
nixos/taskserver: Improve module options
The descriptions for the options previously seem to be from the
taskdrc(5) manual page. So in cases where they didn't make sense for us
I changed the wording a bit (for example for client.deny we don't have a
"comma-separated list".

Also, I've reordered things a bit for consistency (type, default,
example and then description) and add missing types, examples and
docbook tags.

Options that are not used by default now have a null value, so that we
can generate a configuration file out of all the options defined for the
module.

The dataDir default value is now /var/lib/taskserver, because it doesn't
make sense to put just yet another empty subdirectory in it and "data"
doesn't quite make sense anyway, because it also contains the
configuration file as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
8081c791e9
nixos/taskserver: Remove options for log/pidFile
We're aiming for a proper integration into systemd/journald, so we
really don't want zillions of separate log files flying around in our
system.

Same as with the pidFile. The latter is only needed for taskdctl, which
is a SysV-style initscript and all of its functionality plus a lot more
is handled by systemd already.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
aszlig
5060ee456c
nixos/taskserver: Unify taskd user and group
The service doesn't start with the "taskd" user being present, so we
really should add it. And while at it, it really makes sense to add a
default group as well.

I'm using a check for the user/group name as well, to allow the
taskserver to be run as an existing user.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 18:53:31 +02:00
Matthias Beyer
e6ace2a76a
taskd service: Add initialization script 2016-04-05 18:53:31 +02:00
Matthias Beyer
da53312f5c
Add services file for taskwarrior server service 2016-04-05 18:53:31 +02:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Kevin Cox
26bd115c9c etcd: 2.1.2 -> 2.3.0 2016-03-26 22:47:15 -04:00
Domen Kožar
7a89a85622 nix.useChroot: allow 'relaxed' as a value 2016-03-25 12:50:39 +00:00
Franz Pletz
38579a1cc9 gitlab service: Remove emailFrom option
Not being used anymore. Use `services.gitlab.extraConfig.gitlab.email_from`
instead.
2016-03-17 04:16:25 +01:00
Robin Gloster
3f9b00c2d8 Merge pull request #13906 from Zer0-/gitlab_version_bump
Gitlab version bump
2016-03-14 13:29:13 +01:00
Nikolay Amiantov
7e57e2c0fb autofs service: clear lockfile before start
autofs uses a lock file in /tmp to check if it's running -- unclean
shutdown breaks the service until one manually removes it.
2016-03-14 01:02:40 +03:00
Philipp Volguine
10198b586e gitlab service startup fix
-gitlab-sidekiq was being started with a misspelled argument name
 which caused the mailer queue to never run and never send mail
2016-03-13 21:04:11 +00:00
Nikolay Amiantov
4a01f70f8f octoprint service: add extraConfig 2016-03-12 18:52:16 +03:00
Thomas Tuegel
5d36644f42 mantisbt: fix typo in documentation 2016-03-12 07:48:36 -06:00
Vladimír Čunát
61556b727a nixos/mantisbt: add a simple service
It doesn't really deserve a package, as it's just a bunch of PHP scripts
copied into a folder and we have to copy on reconfiguration anyway.
2016-03-11 15:59:26 +01:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Al Zohali
a227bd4e3b nix.requireSignedBinaryCaches: description fix 2016-03-07 23:24:35 +03:00
Adam Boseley
5b83791207 spice-vdagentd service : initial at 0.16.0 2016-03-05 07:56:47 +10:00
Eelco Dolstra
b2197b84c2 Fix NixOS eval 2016-03-01 22:07:54 +01:00
Eelco Dolstra
f3d94cfc23 Revert "Add the tool "nixos-typecheck" that can check an option declaration to:"
This reverts commit cad8957eab. It
breaks NixOps, but more importantly, such major changes to the module
system really need to be reviewed.
2016-03-01 20:52:06 +01:00
Thomas Strobel
2d6696fc0a nixos-modules: Fixes related to "literalExample" and "defaultText". 2016-02-29 01:47:12 +01:00
Thomas Strobel
cad8957eab Add the tool "nixos-typecheck" that can check an option declaration to:
- Enforce that an option declaration has a "defaultText" if and only if the
   type of the option derives from "package", "packageSet" or "nixpkgsConfig"
   and if a "default" attribute is defined.

 - Enforce that the value of the "example" attribute is wrapped with "literalExample"
   if the type of the option derives from "package", "packageSet" or "nixpkgsConfig".

 - Warn if a "defaultText" is defined in an option declaration if the type of
   the option does not derive from "package", "packageSet" or "nixpkgsConfig".

 - Warn if no "type" is defined in an option declaration.
2016-02-29 01:09:00 +01:00
makefu
3f7c600666 services.bepasty: buildEnv for creating PYTHONPATH
Fixes 'You need gevent installed to use this worker.' as well as missing Flask deps.
2016-02-28 01:35:56 +01:00
Vladimír Čunát
3cf9cd8bc3 Merge #12796: nixos docs: show references to packages
(version 2) A better implementation of #10039, after #12357.
This time I did more thorough checking.

See commit messages for details.
2016-02-27 10:48:12 +01:00
zimbatm
8d4c2340d3 Merge pull request #13396 from mayflower/pkg/gitlab
gitlab: 8.0.5 -> 8.5.1, service improvements
2016-02-26 11:19:28 +00:00
Franz Pletz
cd0f14f23e gitlab: Add documentation
Fixes #13303.
2016-02-26 08:56:39 +01:00
Franz Pletz
e9393bd426 fixup! gitlab: 8.0.5 -> 8.5.0, service improvements
Make the gitlab packages and components overrideable.
2016-02-26 08:56:08 +01:00
Franz Pletz
44a4592a1c fixup! gitlab: 8.0.5 -> 8.5.0, service improvements
gitlab-shell is now talking over the unix socket to gitlab, so the TCP
port isn't needed anymore.
2016-02-26 08:31:20 +01:00
Franz Pletz
3fd51a9ab2 fixup! gitlab: 8.0.5 -> 8.5.0, service improvements
Some debugging and development leftovers.
2016-02-26 07:08:31 +01:00
Franz Pletz
bcfa59bf82 gitlab: 8.0.5 -> 8.5.0, service improvements
Updates gitlab to the current stable version and fixes a lot of features that
were broken, at least with the current version and our configuration.

Quite a lot of sweat and tears has gone into testing nearly all features and
reading/patching the Gitlab source as we're about to deploy gitlab for our
whole company.

Things to note:

 * The gitlab config is now written as a nix attribute set and will be
   converted to JSON. Gitlab uses YAML but JSON is a subset of YAML.
   The `extraConfig` opition is also an attribute set that will be merged
   with the default config. This way *all* Gitlab options are supported.

 * Some paths like uploads and configs are hardcoded in rails  (at least
   after my study of the Gitlab source). This is why they are linked from
   the Gitlab root to /run/gitlab and then linked to the  configurable
   `statePath`.

 * Backup & restore should work out of the box from another Gitlab instance.

 * gitlab-git-http-server has been replaced by gitlab-workhorse upstream.
   Push & pull over HTTPS works perfectly. Communication to gitlab is done
   over unix sockets. An HTTP server is required to proxy requests to
   gitlab-workhorse over another unix socket at
   `/run/gitlab/gitlab-workhorse.socket`.

 * The user & group running gitlab are now configurable. These can even be
   changed for live instances.

 * The initial email address & password of the root user can be configured.

Fixes #8598.
2016-02-26 07:08:31 +01:00
zimbatm
b73c5ae291 Merge pull request #10546 from aszlig/nixops-issue-350
Fixes for NixOps issue #350
2016-02-26 00:33:49 +00:00
Franz Pletz
2d5e6a27fc Merge pull request #13355 from grahamc/ttyNumberString-issue3608
nixos-manual: Accept numbers for ttyNumber, closes #3608
2016-02-22 19:34:16 +01:00
Graham Christensen
f57c049e0b nixos-manual: Accept numbers for ttyNumber, closes #3608 2016-02-22 11:25:16 -06:00
Nikolay Amiantov
b457b7a7ea Merge pull request #13069 from abbradar/m3d
OctoPrint and plugins and support for M3D Micro 3D-printer
2016-02-19 14:27:32 +03:00
aszlig
7bdcfb33f4
nixos: Provide a defaultText for type = package
We don't want to build all those things along with the manual, so that's
what the defaultText attribute is for.

Unfortunately a few of them were missing, so let's add them.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-17 21:12:24 +01:00
Nikolay Amiantov
53269f1455 octoprint service: init 2016-02-17 17:05:59 +03:00
Nikolay Amiantov
39e9b43082 Merge branch 'gammu-smsd' of https://github.com/zohl/nixpkgs into zohl-gammu-smsd
Closes #12998
2016-02-16 19:40:00 +03:00
Cole Mickens
c7571611dc cfdyndns: init at 0.0.1 2016-02-15 12:54:04 -08:00
Al Zohali
7b7cf281d3 gammu-smsd service: init 2016-02-15 00:26:41 +03:00
Vladimír Čunát
d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Edward Tjörnhammar
81b5223c97 nixos: gitit, wrong type restriction redacted 2016-02-12 07:00:37 +01:00
Vladimír Čunát
ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Vladimír Čunát
4fede53c09 nixos manuals: bring back package references
This reverts most of 89e983786a, as those references are sanitized now.
Fixes #10039, at least most of it.

The `sane` case wasn't fixed, as it calls a *function* in pkgs to get
the default value.
2016-02-03 14:47:14 +01:00
Vladimír Čunát
e0feace5cd nixos docs: allow displaying package references
This is an improved version of original #12357.
For the purpose of generating docs, evaluate options with each derivation
in `pkgs` (recursively) replaced by a fake with path "\${pkgs.attribute.path}".
It isn't perfect, but it seems to cover a vast majority of use cases.
Caveat: even if the package is reached by a different means,
the path above will be shown and not e.g. `${config.services.foo.package}`.

As before, defaults created by `mkDefault` aren't displayed,
but documentation shouldn't (mostly) be a reason to use that anymore.

Note: t wouldn't be enough to just use `lib.mapAttrsRecursive`,
because derivations are also (special) attribute sets.
2016-02-03 14:47:14 +01:00
Vladimír Čunát
889351af8b Revert "Merge #12357: nixos docs: show references to packages"
The PR wasn't good enough yet.
This reverts commit b2a37ceeea, reversing
changes made to 7fa9a1abce.
2016-02-03 12:16:33 +01:00
Vladimír Čunát
b2a37ceeea Merge #12357: nixos docs: show references to packages 2016-02-03 10:07:27 +01:00
Franz Pletz
dbb01a863b Merge pull request #12699 from simonvandel/sundtek
sundtek: 2015-12-12 -> 2016-01-26 + service change
2016-01-30 20:41:04 +01:00
Simon Vandel Sillesen
81e99998f7 sundtek: 2015-12-12 -> 2016-01-26 + service change
* There is no need for hydra to build this, hence preferLocal
* service change: do not hardcode a wait time of 5 seconds
2016-01-30 20:08:52 +01:00
Eelco Dolstra
bfebc7342e Fix some references to deprecated /etc/ssl/certs/ca-bundle.crt 2016-01-29 02:32:05 +01:00
Thomas Bereknyei
eda3e938d7 IHaskell: remove un-needed inherit 2016-01-21 17:21:00 -05:00
Edward Tjörnhammar
4948bdadd6 nixos: ihaskell, wrong type restriction redacted 2016-01-21 10:02:39 +01:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Thomas Strobel
a04a7272aa Add missing 'type', 'defaultText' and 'literalExample' in module definitions
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
2016-01-17 19:41:23 +01:00
Pascal Wittmann
a3e7adf509 nixos/plex: fix service startup, see #12422 2016-01-17 13:01:42 +01:00
Sander van der Burg
4fafd77f7e disnix: propagate ejabberd username to the activation module 2016-01-16 18:08:07 +00:00
roblabla
7e10bf4327 matrix-synapse: init at 0.12.0 2016-01-15 15:17:14 +01:00
Vladimír Čunát
3bcf8ae879 nixos manuals: bring back package references
This reverts most of 89e983786a, as those references are sanitized now.
Fixes #10039, at least most of it.

The `sane` case wasn't fixed, as it calls a *function* in pkgs to get
the default value.
2016-01-13 12:04:31 +01:00
Robin Gloster
88292fdf09 jobs -> systemd.services 2016-01-07 06:39:06 +00:00
Peter Simons
d807b057ed Merge pull request #11920 from bjornfor/rename-host-to-listen-address
Rename NixOS option names: 'host' to 'listenAddress'
2016-01-05 12:54:15 +01:00
Benjamin Staffin
fe8498f609 nixos/mathics: New service and test 2016-01-02 14:34:55 -08:00
Austin Seipp
59acfd4f16 nixos/plex: Add 'package' option to module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2015-12-30 20:20:25 -06:00
Bjørn Forsman
6b10df7eaa nixos/subsonic: rename 'host' to 'listenAddress'
More descriptive option name.
2015-12-24 00:13:15 +01:00
Bjørn Forsman
e0b0b9723c nixos/docker-registry: rename 'host' to 'listenAddress'
More descriptive option name.
2015-12-24 00:06:40 +01:00
Luca Bruno
5b0352a6a4 Merge branch 'master' into closure-size 2015-12-11 18:31:00 +01:00
Bjørn Forsman
2acf59efa4 nixos/redmine: improve assert message
Give the user more context.
2015-12-08 22:52:02 +01:00
Vladimír Čunát
263fd55d4b Merge recent staging built on Hydra
http://hydra.nixos.org/eval/1231884
Only Darwin jobs seem to be queued now,
but we can't afford to wait for that single build slave.
2015-12-05 11:11:51 +01:00
Arseniy Seroka
0c05f14d53 Merge pull request #10535 from roblabla/feature-updateGitlab8.0.5
gitlab: 7.4.2 -> 8.0.5
2015-12-04 16:30:09 +03:00
roblabla
b7a4231aa2 gitlab: 7.4.2 -> 8.0.5 2015-12-04 01:14:24 +01:00
Luca Bruno
920b1d3591 Merge branch 'master' into closure-size 2015-11-29 16:50:26 +01:00
Sander van der Burg
a744aa74aa disnix: add a target for services activated and deactivated by dysnomia 2015-11-26 17:21:19 +00:00
Jan Malakhovski
244fba351c nixos: use w3m-nox for the manual 2015-11-26 00:34:10 +00:00
Luca Bruno
a412927924 Merge remote-tracking branch 'origin/master' into closure-size 2015-11-25 21:37:30 +01:00
makefu
0bdc5e269b services/misc/bepasty: init at 2015-10-21
This module implements a way to start one or more bepasty servers.
It supports configuring the listen address of gunicorn and how bepasty
behaves internally.

Configuring multiple bepasty servers provides a way to serve pastes externally
without authentication and provide creating,listing,deleting pastes interally.
nginx can be used to provide access via hostname + listen address.

`configuration.nix`:

    services.bepasty = {
      enable = true;
      servers = {

        internal = {
          defaultPermissions = "admin,list,create,read,delete";
          secretKey = "secret";
          bind = "127.0.0.1:8000";
        };

        external = {
          defaultPermissions = "read";
          bind = "127.0.0.1:8001";
          secretKey = "another-secret";
        };
      };
    };
2015-11-23 22:10:14 +01:00
Vladimír Čunát
333d69a5f0 Merge staging into closure-size
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Ollie Charles
013b848346 devmon: Non-root user, set PATH, require udisks2
devmon refuses to run as root. Instead, we now run it as a user service,
and enable udisks2 in order to perform the mounts.
2015-11-18 11:30:08 +00:00
Lengyel Balázs
162542bf8f fix: ihaskell's and xmonad's dependence on haskell-ng 2015-11-13 19:14:40 +01:00
Nikolay Amiantov
9800862397 nixos/autofs: revive and update to systemd 2015-11-11 16:18:57 +03:00
Domen Kožar
581ae33e96 Merge pull request #10107 from ryantm/calibre-server
calibre-server service: init
2015-11-01 09:19:03 +01:00
Ryan Mulligan
922bf3986b calibre-server service: add type to libraryDir option 2015-10-31 14:21:56 -07:00
Eelco Dolstra
c20403631d Factor out "man" into a separate module and add "man" outputs to system.path
Fixes #10270.
2015-10-30 15:21:12 +01:00
Vladimír Čunát
c5579c9184 subversion: fixup some referrers after splitting 2015-10-28 10:22:59 +01:00
aszlig
80fb17b251
nixos/nix-daemon: Require .mount for /nix/store.
Also related to NixOS/nixops#350, because while switching to the new
configuration, depending on /nix/store also propagates to the mount
points for /nix/.ro-store and /nix/.rw-store and we don't get an error
while trying to unmount them (because nix-daemon needs to be stopped for
unmounting these paths).

While Nix does have the option to set a different store path, I've found
only hardcoded references in nix-daemon.nix, so I'm using a hardcoded
reference here as well, because after all customizing the store path
will probably only make sense on non-NixOS systems.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-10-22 19:50:12 +02:00
Nikolay Amiantov
763ad3372a nixos/parsoid: use nodejs 0.10 2015-10-22 14:34:02 +03:00
Vladimír Čunát
4a571ba0dd ffmpeg: split into multiple outputs
Also fix some referrers.
2015-10-13 20:18:57 +02:00
Vladimír Čunát
99e4371526 curl: split into multiple outputs
Also use pkgconfig to be safer and fix (some) referrers.
2015-10-13 20:18:48 +02:00
aszlig
e4caf0fde0
nixos/synergy: Restart services on failure.
Synergy seems to get more and more unstable in recent versions, so we
might want to debug this properly. However, it makes sense to restart
the service nevertheless, because synergy is about keyboard and mouse
sharing and it's quite annoying to either SSH in to restart the service
or even needing to unplug the keyboard and plug in into the machine with
the failing service.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-10-13 04:42:39 +02:00
Ryan Mulligan
a41d07074d calibre-server service: configuration improvements
based on @eldostra feedback:
* remove user and group configuration, because it is probably
  unnecessary
* remove libraryDir default
* capitalize and shorten service description
2015-10-03 05:48:46 -07:00
Tuomas Tynkkynen
c856b13067 nixos/nix-daemon: Reference correct output of openssl 2015-10-03 14:08:53 +02:00
Ryan Mulligan
9c22cd380c calibre-server service: init 2015-09-27 20:31:17 -07:00
Jan Malakhovski
9cc7859b2e nixos: show the manual in system's /share/doc (close #9928) 2015-09-24 12:29:57 +02:00
Eelco Dolstra
89e983786a Manual: Remove store path references 2015-09-24 11:50:58 +02:00
Edward Tjörnhammar
aeba3eabcd Revert "Don't evaluate haskellPackages when gitit is disabled"
This reverts commit 99750d89dd.
2015-09-20 21:40:17 +02:00
Paul Wilson
d2ca8b4079 gitit service: check null github auth options 2015-09-10 17:32:30 +00:00
Paul Wilson
dbd125b055 gitit service: add github authentication 2015-09-10 17:32:30 +00:00
Peter Simons
96cb733207 nix-gc.nix: Revert 'prefer "nix-store" over "nix-collect-garbage" because the latter supports "--max-freed"'
This reverts commit ab6c8643d4. Issue
https://github.com/NixOS/nix/issues/609 has been resolved, the new Nix
version is available after 86eaeb4c0a, and
using nix-collect-garbage has the advantage that the '-d' flag is
available, which nix-store doesn't have.
2015-09-04 11:51:01 +02:00
William A. Kennington III
83cf8b0cf8 goPackages: Split into multiple derivations
This should reduce the closure size for end users who only need go
binaries as well as reduce the size of closures hydra builders consume.
2015-08-29 12:58:03 -07:00
Peter Simons
ab6c8643d4 nix-gc.nix: prefer "nix-store" over "nix-collect-garbage" because the latter supports "--max-freed"
Works around https://github.com/NixOS/nix/issues/609.
2015-08-20 22:56:41 +02:00
Jaka Hudoklin
86ee6c2512 etcd service: do not wait for cluster up 2015-08-20 00:02:27 +02:00
Eelco Dolstra
b3d8d750de Remove /etc/nixos/nixpkgs from $NIX_PATH
NixOS hasn't used /etc/nixos/nixpkgs for a long time, so it's time to
get rid of it.
2015-08-05 14:34:33 +02:00
Eelco Dolstra
3f1354a3cd Add an option ‘nix.nixPath’ for specifying $NIX_PATH 2015-08-05 14:33:15 +02:00
Edward Tjörnhammar
727e2b5237 nixos: gitit service, add all different repo initalizers 2015-08-03 22:29:47 +02:00
Edward Tjörnhammar
1e2d3f3b5f nixos: gitit service, use list of strings for plugins 2015-08-03 22:29:41 +02:00
Edward Tjörnhammar
6d23f43b30 nixos: gitit service, use proper documentation formatting in examples 2015-08-03 22:29:30 +02:00
Edward Tjörnhammar
4802a277a4 nixos: gitit service, change yesNo to bool and add toYesNo from bool 2015-08-03 22:29:23 +02:00
Tobias Geerinckx-Rice
c78fd07460 nixos: nix-daemon: update maxJobs description
I bought an X2 in 2006. It was awesome.
Use a more contemporary and model-agnostic example.
2015-07-30 19:06:45 +02:00
viric
982ce5ed58 Merge pull request #8978 from dezgeg/pr-arm-images
ARM SD card image expressions
2015-07-29 14:13:57 +02:00
Eelco Dolstra
99750d89dd Don't evaluate haskellPackages when gitit is disabled
This cuts evaluation time of my NixOS configuration from 1.76s to
1.36s, and RSS from 443 MiB to 368 MiB.

Issue #8152.
2015-07-28 10:25:31 +02:00
Eelco Dolstra
e3a5bca4ae Require signed binary caches by default 2015-07-27 20:30:09 +02:00
Tuomas Tynkkynen
1947179036 nixos/rogue: Set WorkingDirectory to /tmp
Otherwise we can get an ugly /rogue.scr in the root of the filesystem
hierarchy.
2015-07-22 16:08:17 +03:00
Oliver Charles
08c192a40b devmon: New service 2015-07-19 13:39:00 +01:00
Simon Vandel Sillesen
e85dac137e sundtek init at 30-06-2015 2015-07-07 10:58:58 +02:00
Luca Bruno
41cf8be412 nixos nix-daemon: lower priority is 19. Closes #8675 2015-07-07 09:49:05 +02:00
Robert Irelan
f64a5dd3f3 subsonic service: init
Add a systemd service and UID/GID for the Subsonic personal media
streamer server (<http://subsonic.org>).
2015-07-05 17:25:42 -07:00
Eelco Dolstra
a9b3d75e9e nix.buildMachines: Fewer required fields 2015-06-30 00:51:07 +02:00
Edward Tjörnhammar
ed9dc1fd9e nixos: added gitit service 2015-06-28 12:39:52 +02:00
William A. Kennington III
fee9ef8659 nixos: Replace pkgs.openssh with config.programs.ssh.package 2015-06-26 17:09:58 -07:00
Eelco Dolstra
1f3f31b2a8 Add options nix.{trustedUsers,allowedUsers}
These are just trusted-users and allowed-users in nix.conf. It's
useful to have options for them so that different modules can specify
trusted/allowed users.
2015-06-26 18:45:27 +02:00
Eelco Dolstra
fb203a34c0 nix.buildMachines: Don't require sshUser 2015-06-26 18:44:44 +02:00
Rok Garbas
d405d036c5 redmine service: fixing a typo, pointing to bundler package 2015-06-25 15:24:57 +02:00
Arseniy Seroka
cf44a27fc4 fix argument in mkEnableOption 2015-06-21 18:21:21 +03:00
Eelco Dolstra
6e6a96d42c Some more type cleanup 2015-06-15 18:18:46 +02:00
Eelco Dolstra
19ffa212af types.uniq types.int -> types.int
types.int already implies uniqueness.
2015-06-15 18:11:32 +02:00
Eelco Dolstra
c738b309ee types.uniq types.bool -> types.bool 2015-06-15 18:10:26 +02:00
Oliver Matthews
2434ee4aab Allow setting mediatomb interface 2015-06-13 15:16:28 +00:00
Shea Levy
5ee75e236c apache-kafka: Enable overriding the kafka package 2015-06-12 15:56:06 -04:00
Sander van der Burg
fd187980c7 Put dysnomia in system environment if Disnix is enabled 2015-06-12 16:18:42 +00:00
Eelco Dolstra
07aa0f7f21 Revert "Use nixUnstable by default"
This reverts commit 64a41b7a90.
2015-06-12 13:20:18 +02:00
Anders Lundstedt
d5b8dda043 mediatomb: fix hardcoded paths 2015-06-10 02:32:33 +02:00
Jaka Hudoklin
b570c644c9 Merge pull request #8223 from offlinehacker/pkgs/rippled/update
rippled: Update to 0.28.1
2015-06-08 16:49:39 +02:00
Jaka Hudoklin
161418537c rippled: Update to 0.28.1 2015-06-08 14:15:07 +02:00
Jaka Hudoklin
2e5dbc4746 Add ripple rest module 2015-06-08 13:48:23 +02:00
Arseniy Seroka
e24eefedd6 Merge pull request #8217 from ip1981/mwlib
mwlib uses pdftk to create books
2015-06-08 14:28:12 +03:00
Jaka Hudoklin
509afe860b Merge pull request #7547 from offlinehacker/nixos/docker-registry/fixes
nixos/docker-registry: docker independant docker registry
2015-06-08 12:15:35 +02:00
Igor Pashev
d85be1cfa3 mwlib uses pdftk to create books 2015-06-08 08:35:12 +00:00
lethalman
d144ece04e Merge pull request #8127 from ip1981/mwlib
Add more dependencies for mwlib
2015-06-03 12:50:02 +02:00
Igor Pashev
95c6b835cb mwlib may use pyfribidi 2015-06-02 06:14:34 +00:00
Igor Pashev
58f6da5cc6 mwlib may use imagemagick (convert) 2015-06-02 06:06:02 +00:00
Eelco Dolstra
64a41b7a90 Use nixUnstable by default 2015-06-01 18:20:28 +02:00
lethalman
cb02d37c31 Merge pull request #8034 from ragnard/apache-kafka-exit-code
apache-kafka: Treat exit code 143 as success.
2015-05-28 11:59:06 +02:00
Ragnar Dahlén
9f25762d29 apache-kafka: Treat exit code 143 as success.
JVMs exit with exit code 128+signal when receiving a (terminating)
signal. This means graceful termination of a JVM will result in 143, so
add that to `SuccessExitStatus` in systemd service unit.
2015-05-28 10:52:50 +01:00
Wout Mertens
ab0ac154f9 Merge pull request #7302 from ragnard/mesos-slave-without-docker
mesos-slave: Docker optional & IP address configurable
2015-05-28 11:43:01 +02:00
Ragnar Dahlén
045e93e0a6 mesos-slave: docker and IP address config options
- Usage of docker containerizer is currently hardcoded, this PR makes it
  optional. Default is to enable it if docker is enabled.
- Make IP address to listen on part of service configuration.
2015-05-28 06:58:12 +01:00
Igor Pashev
7ed1fb30e2 Added mwlib services
Simple local usage:

    mwlib = {
      nserve = {
        enable = true;
      };

      qserve = {
        enable = true;
      };
    };

For MediaWiki:

      $wgCollectionMWServeURL = 'http://localhost:8899';
      $wgCollectionFormats = array(
        'rl' => 'PDF',
        'odf' => 'ODT',
      );

      $wgCollectionPortletFormats = array (
        'odf', 'rl'
      );
2015-05-27 14:55:22 +00:00
Arseniy Seroka
26492cdba3 Merge pull request #7434 from Forkk/plex-media-server
plex: add support for managing plugins via Nix
2015-05-11 14:48:30 +03:00
Charles Strahan
ba186ec4b9 mesos service: only pass --zk if quorum > 0
The ZooKeeper URL is not necessary when using in-memory slave
registration.
2015-05-10 19:36:20 -04:00
Charles Strahan
760169663e mesos: fix indentation in service definition 2015-05-10 17:23:33 -04:00
Domen Kožar
00ef77f426 Merge pull request #7565 from offlinehacker/nixos/confd/module
nixos: add confd module
2015-05-02 14:43:02 +02:00
Charles Strahan
ba50d48400 mbpfan: service improvements
* add verbosity setting
* don't set mbpfan as a setuid program
2015-05-01 17:11:55 -04:00
Charles Strahan
d83399dcd9 mgpfan: new service 2015-04-30 21:21:15 -04:00
Jaka Hudoklin
ef6b88690d Merge pull request #7549 from offlinehacker/nixos/ripple-data-api/importmode
nixos/ripple-data-api: add import mode option
2015-04-28 14:10:50 +02:00
Domen Kožar
ff12c3274a Merge pull request #7548 from offlinehacker/etcdfix
nixos/etcd: fix enable type, so it could be enabled on multiple places
2015-04-25 22:14:55 +02:00
Jaka Hudoklin
ffea231652 Merge pull request #7550 from offlinehacker/nixos/rippled/changes
nixos/rippled: new options, fixes
2015-04-25 16:28:15 +02:00
Jaka Hudoklin
6ca12344b3 nixos: add confd module 2015-04-25 16:10:49 +02:00
Jaka Hudoklin
fb8bc4da21 nixos/etcd: fix enable type, so it could be enabled on multiple places 2015-04-25 15:21:49 +02:00
Jaka Hudoklin
54ddf2176b nixos/rippled: new options, fixes 2015-04-25 14:39:24 +02:00