JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
139,066 Commits 2 Branches 0 Tags 12 GiB
f515ca67f5
Commit Graph

107 Commits

Author SHA1 Message Date
Yegor Timoshenko
e71c36369f
Merge pull request #39002 from serokell/oauth2_proxy_mod 
oauth2_proxy: refactor service
 2018-04-27 22:15:50 +03:00
Yorick van Pelt
048c991eb0
oauth2_proxy: use explicit upstream default for setXauthrequest 2018-04-27 16:45:38 +02:00
Robert Schütz
5bd12c694b
nixos/tor: use RuntimeDirectory, StateDirectory (#39083) 2018-04-18 09:42:45 +02:00
Yorick van Pelt
a037cbd46b
oauth2_proxy: add keyFile, make some options optional 2018-04-16 14:06:22 +02:00
Yorick van Pelt
b901c40a8e
oauth2_proxy: update module for extraConfig support 2018-04-16 13:10:31 +02:00
Joachim F
1c889be474
Merge pull request #37827 from oxij/pull/28938-tor-control-port 
nixos/tor: expose control socket
 2018-03-26 13:05:27 +00:00
Jaka Hudoklin
cb9c1c63c9 nixos/tor: expose control socket 2018-03-26 00:41:10 +00:00
Dan Peebles
6fa9d9cdbd hologram-server module: add cache timeout option 
The version of hologram we're using has supported this option for a
while, but we didn't expose it through the NixOS module
 2018-03-21 12:58:25 -04:00
Joel Thompson
fe2e4d6fb9 hologram: Enable configuring LDAP authorization 
In AdRoll/hologram#62 support was added to hologram to configure
LDAP-based authorization of which roles a user was allowed to get
credentials for. This adds the ability to configure that.

Additionally, AdRoll/hologram/#94 added support to customize the LDAP
group query, so this also feeds that configuration through.

fixes #37393
 2018-03-20 07:36:23 +00:00
Shea Levy
fec543436d
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
Nadrieril
297fac40ca nixos/usbguard: Do not check permissions on rules file (using undocumented -P flag) 2018-02-27 18:34:02 +00:00
rnhmjoj
e81811a579
nixos/modules: rename IP addresses/routes options 2018-02-17 14:57:07 +01:00
Jörg Thalheim
9fab083b79
Merge pull request #34524 from Infinisil/physlock-allowAnyUser 
nixos/physlock: add allowAnyUser option
 2018-02-10 09:58:36 +00:00
Robert Schütz
355de06fe4 nixos/tor: add hiddenServices.<name>.authorizeClient 2018-02-08 10:02:22 +01:00
Silvan Mosberger
cfd22b733b
physlock: add allowAnyUser option 2018-02-02 14:03:00 +01:00
Léo Gaspard
7b878a443a
nixos/clamav: replace mkIf [] with optional 2018-01-06 16:52:14 +01:00
Nadrieril
95fde40b71 usbguard service: rules option should be of type 'lines' 2017-12-29 03:19:36 +01:00
Jaka Hudoklin
bc557912a1
Merge pull request #28939 from xtruder/nixos/tor/trans_proxy 
tor module: add support for transparent proxy and dns
 2017-12-03 21:47:11 +01:00
Léo Gaspard
652842d82e clamav module: make services.clamav.daemon.enable actually work 2017-11-28 13:45:13 +01:00
Joachim F
815bebf9e8 Merge pull request #30173 from dmjio/patch-1 
oauth2_proxy: default address updated
 2017-10-20 16:28:40 +00:00
Peter Hoeg
3211098632 Revert "sshguard: make it run" 
This reverts commit 69d8b81b4b.
 2017-10-14 14:42:49 +08:00
Peter Hoeg
69d8b81b4b sshguard: make it run 2017-10-14 14:38:04 +08:00
Dan Peebles
56e18c50cc Revert "Simple proof of concept for how to do other types of services" 
This reverts commit 7c3253e519.

I included this in another push by accident and never intended for it to
be in mainline. See https://github.com/NixOS/nixpkgs/pull/26075 if you
want more.
 2017-10-13 09:17:13 -04:00
David Johnson
5b530d4568 oauth2_proxy: default address updated 
Go will fail to parse this otherwise.
https://github.com/golang/go/issues/19297
 2017-10-06 16:52:22 -07:00
Jaka Hudoklin
78a86c9072 nixos/tor: add support for transparent proxy and dns 2017-09-23 20:13:08 +02:00
Rob Vermaas
1b71376cf2
Make sure dummy kernel module is loaded for hologram-agent. 
(cherry picked from commit eb873f6c78e1c5306956b4c9fd651b25a6b9c40c)
 2017-09-20 10:58:24 +00:00
Jörg Thalheim
bb5b084986 tor: skip ControlPort in torrc, if not set. 2017-09-13 23:33:46 +01:00
timor
ae87a30a83 physlock: 0.5 -> 11-dev 
Update physlock to a more current version which supports PAM and
systemd-logind.  Amongst others, this should work now with the slim
login manager without any additional configuration, because it does
not rely on the utmp mechanism anymore.
 2017-09-10 22:43:05 +02:00
Tim Steinbach
ae742fa495
frandom: Remove 2017-08-29 20:01:25 -04:00
Phil
4f2935390e nixos/usbguard: create package and module (#28363) 
* nixos/usbguard: create package and module

No usbguard module or package existed for NixOS previously. USBGuard
will protect you from BadUSB attacks. (assuming configuration is done
correctly)

* nixos/usbguard: remove extra packages

Users can override this by themselves.

* nixos/usbguard: add maintainer and fix style
 2017-08-25 23:35:18 +01:00
Joachim F
9447b8b9cd Merge pull request #28338 from oxij/nixos/better-tor 
nixos: better tor config
 2017-08-24 08:12:59 +00:00
SLNOS
2c4a925ab0 nixos: tor: rename portSpec -> port, type all "port"s properly 2017-08-22 14:57:07 +00:00
SLNOS
30a3cccd07 nixos: tor: better submodule for hidden services 
Rebased onto master with a different implementation.
Originally: "add support for serving hidden services".
 2017-08-22 14:57:07 +00:00
SLNOS
9226f4886f nixos: tor: more options, no unexpected consequences for default relay operators 
Before this commit default relay configuration could produce unexpected
real life consequences. This patch makes those choices explicit and
documents them extensively.
 2017-08-22 14:57:06 +00:00
Christian Albrecht
964799e556 sks and pgpkeyserver-lite modules: init (#27515) 
* modules sks and pgpkeyserver-lite:
  runs the sks keyserver with optional nginx proxy for webgui.
* Add calbrecht to maintainers
* module sks: fix default hkpAddress value
* module pgpkeyserver-lite: make hkpAddress a string type option
  and use (builtins.head services.sks.hkpAddress) as default value
* module sks: remove leftover service dependencies
 2017-08-22 12:27:00 +02:00
Phil
b4d2cd6f6a nixos/tor: add tor hidden service options (#28081) 
* nixos/tor: add hiddenServices option

This change allows to configure hidden services more conveniently.

* nixos/tor: fix default/example mixup

* nixos/tor: use docbook in documentation

Also use more elegant optionalString for optional strings.

* tor: seperate hidden service port by newline

* tor: better example for hidden service path

a path below /var/lib/tor is usually used for hidden services
 2017-08-11 22:59:52 +01:00
Rhys
8777174d60 nixos/oauth2_proxy: actually pass provider-specific options 
Syntax errors prevented important parameters from being passed to
oauth2_proxy, which could have permitted unauthorised access to
services behind the proxy.
 2017-07-21 00:27:06 +02:00
Volth
334e85e75a vault: do not restart the service on "nixos-rebuild switch" 2017-07-03 19:46:02 +00:00
Volth
68bf28adaf vault: services.vault.storagePath for the file backend 2017-06-29 21:10:56 +00:00
Volth
2056c7e395 removed generation of self-signed certificate 2017-06-28 22:22:53 +00:00
Volth
519f17035f vault: add unitConfig.RequiresMountsFor to systemd config 2017-06-28 21:16:04 +00:00
Volth
7330e80456 vault: start after consul if consul is used as storage backend 2017-06-28 00:58:19 +00:00
Volth
d016ef1f5b create directory only for "file" storage 2017-06-27 20:22:53 +00:00
Volth
4c428b4a6f vault: run as an unpivileged user 2017-06-27 19:34:12 +00:00
Katyucha
cad450e6d6 delete lines 2017-06-27 19:34:12 +00:00
Katyucha
442f76d72a Vault: 0.6.5 -> 0.7.2 with services 2017-06-27 19:34:12 +00:00
Dan Peebles
7c3253e519 Simple proof of concept for how to do other types of services 2017-05-26 18:14:31 -04:00
J M
03d190d54f shibboleth: Add Myself as a Maintainer (#25817) 2017-05-16 10:11:55 +01:00
jammerful
d8c1977bb5 shibboleth-sp module: Set Config File Path for FastCGI Units 
Without this environment variable both shibauthorizer and
shibresponder default to ${pkgs.shibboleth-sp}etc/shibboleth/shibboleth2.xml
 2017-05-02 19:58:03 -04:00
jammerful
9f18af5991 Add Shibboleth Service Provider Module 2017-05-02 11:29:58 -04:00