Commit Graph

10302 Commits

Author SHA1 Message Date
Johan Thomsen
f9ad1cae78 nixos/kubernetes: dashboard lockdown
Kubernetes dashboard currently has cluster admin permissions,
which is not recommended.

- Renamed option "services.kubernetes.addons.dashboard.enableRBAC" to "services.kubernetes.addons.dashboard.rbac.enable"
- Added option "services.kubernetes.addons.dashboard.rbac.clusterAdmin", default = false.
- Setting recommended minimal permissions for the dashboard in accordance with https://github.com/kubernetes/dashboard/wiki/Installation
- Updated release note for 18.09.
2018-06-19 22:28:00 +02:00
Franz Pletz
8eaff5b06a
xmr-stak service: support multiple config files 2018-06-19 18:07:41 +02:00
Jörg Thalheim
81eaa7ab1b
Merge pull request #42211 from dje4321/dje4321
Grub: default is signed int. Fixes #42152
2018-06-19 10:55:13 +01:00
Emily Ann Ediger
ac0136509c added suggestion to support both str and int 2018-06-19 04:05:50 -05:00
Emily Ann Ediger
ae04fb01f8 set default to type.str 2018-06-19 01:59:21 -05:00
Emily Ann Ediger
08691d0515 Grub: default is signed int. Fixes #42152 2018-06-18 23:54:45 -05:00
Yegor Timoshenko
5e5bdfa6ad
Merge pull request #41098 from mkaito/oauth2_proxy
oauth2_proxy: Handle attributes being derivations
2018-06-18 20:47:55 +03:00
Matthew Justin Bauer
8180c32b73
Merge pull request #39153 from mnacamura/lightdm-mini-greeter
lightdm-mini-greeter: init at 0.3.2
2018-06-18 11:38:35 -04:00
Yegor Timoshenko
b5d6a49085
nixos/networkmanager: add extraConfig 2018-06-18 22:21:27 +08:00
Joachim Fasting
c449f0b55c
nixos/tor: grammer fix, advise -> advice
Seems to me that the noun form is more appropriate here.
2018-06-18 12:40:09 +02:00
Mitsuhiro Nakamura
83b389394b lightdm-mini-greeter: init at 0.3.2 2018-06-18 18:55:06 +09:00
adisbladis
2f907d5ba1
Merge pull request #42153 from Ekleog/opensmtpd-changeable-package
opensmtpd module: allow changing the package
2018-06-18 16:42:58 +08:00
lewo
7a61c728e5
Merge pull request #41909 from aespinosa/nexus-package
nixos/nexus: allow overriding the package
2018-06-18 10:07:44 +02:00
Léo Gaspard
bb08686f1e opensmtpd module: allow changing the package 2018-06-18 09:49:01 +02:00
xeji
bf6974648e
Merge pull request #42128 from volth/patch-157
nixos/xrdp: add fonts.enableDefaultFonts
2018-06-18 00:29:07 +02:00
Yegor Timoshenko
6d5cb130af
not-detected: use lib.mkDefault 2018-06-17 23:25:41 +03:00
xeji
bb8b1df729
Merge pull request #41511 from vicgc/nilfs2-root-fix
Fixed nilfs2 fsck error at boot because its not needed by the nilfs2 filesystem
2018-06-17 21:52:55 +02:00
volth
baa1098a4a
nixos/xrdp: add fonts.enableDefaultFonts 2018-06-17 11:23:30 +00:00
dje4321
1b7ce4c6d5 brightnessctl: init at 0.3.2 (#42102)
* brightnessctl: init at 0.3.2

* Revised PR
2018-06-16 18:15:42 -04:00
Matthew Justin Bauer
98cd8568e5
Merge pull request #41971 from aneeshusa/use-listen_addresses-for-postgresql
nixos/postgresql: Use listen_addresses, not -i
2018-06-15 22:41:15 -04:00
Matthew Justin Bauer
53a75e3a2a
Merge pull request #41737 from jraygauthier/jrg/uvcvideo_dynctrl_rebased
nixos/uvcvideo.dynctrl: Init
2018-06-15 22:26:30 -04:00
Frank Doepper
673ecfcbaa nixos/zfs: mount AFTER import 2018-06-15 20:58:43 +02:00
Aneesh Agrawal
94bd4787a9 nixos/postgresql: Use listen_addresses, not -i
The -i flag to control if PostgreSQL listens for TCP/IP connections has
been deprecated, so replace it with the modern alternative.
2018-06-13 23:03:02 -07:00
Aneesh Agrawal
c2ab820d6a nixos/uwsgi: use python.withPackages 2018-06-13 22:47:22 -07:00
xeji
8e5891b33e
Merge pull request #41853 from volth/patch-153
network-interfaces.nix: remove duplicate code
2018-06-13 23:55:46 +02:00
Jörg Thalheim
cc7aa24c8c
Merge pull request #41928 from woffs/zfs-service-enable
nixos/zfs: enable zfs services
2018-06-13 22:37:05 +01:00
Jörg Thalheim
a89586a885
Merge pull request #41938 from tilpner/awesome-no-argb
nixos/awesome: Add noArgb option
2018-06-13 22:31:45 +01:00
Joachim F
f0f385ae76
Merge pull request #41852 from oxij/nixos/tor-service
nixos/tor: fix systemd service
2018-06-13 19:52:10 +00:00
tilpner
903292a2d8
nixos/awesome: Add noArgb option
Add option to disable client transparency support in awesome,
which greatly improves performance in my setup
(and presumably will in some others).
2018-06-13 19:47:26 +02:00
Michael Raskin
f35cc5eb42
Merge pull request #41764 from oxij/nixos/some-more-related-packages
nixos: add some more related packages
2018-06-13 17:03:56 +00:00
Jan Malakhovski
b01ccbb899 nixos: xserver: add related packages 2018-06-13 16:25:10 +00:00
Jan Malakhovski
2a5688574c nixos: doc: make relatedPackages a bit smarter 2018-06-13 16:25:10 +00:00
Frank Doepper
bea4323acf nixos/zfs: enable zfs services 2018-06-13 16:31:05 +02:00
Uli Baum
41f3dee176 nixos/tests/morty: fix non-deterministic failure
... due to improper timing
2018-06-13 16:29:58 +02:00
Sarah Brofeldt
2ebadc4d87
Merge pull request #41884 from johanot/k8s-improvements
nixos/kubernetes: improvements
2018-06-13 14:31:11 +02:00
Allan Espinosa
783eb8438a nixos/nexus: allow overriding the package
Useful when pulling nixos-unstable in a stable NixOS installation.
2018-06-13 08:02:17 -04:00
xeji
bffc59badd
Merge pull request #37289 from disassembler/dnsdist
nixos/dnsdist: init module
2018-06-13 13:56:53 +02:00
volth
3ae018592d
nixos/tinc: minor fixes 2018-06-12 23:27:52 +00:00
Johan Thomsen
8d7ea96a13 nixos/kubernetes: improvements
- Added option 'cni.configDir' to allow for having CNI config outside of nix-store
  Existing behavior (writing verbatim CNI conf-files to nix-store) is still available.

- Removed unused option 'apiserver.publicAddress' and changed 'apiserver.address' to 'bindAddress'
  This conforms better to k8s docs and removes existing --bind-address hardcoding to 0.0.0.0

- Fixed c/p mistake in apiserver systemd unit description

- Updated 18.09 release notes to reflect changes to existing options
  And fixed some typos from previous PR

- Make docker images for Kubernetes Dashboard and kube-dns configurable
2018-06-12 22:47:32 +02:00
volth
d79a5057d3 nixos/nat: optional networking.nat.externalInterface (#41864)
to prevent "cannot coerce null to string" raise before the assertions are checked
2018-06-12 15:14:15 +02:00
volth
b25a2c9614 nixos/unbound: add restart (#41885) 2018-06-12 14:29:25 +02:00
Jörg Thalheim
dbdad4b44b maintainers/create-azure.sh: remove hydra.nixos.org as binary cache (#41883) 2018-06-12 14:21:56 +02:00
Cole Mickens
a44a9fdad6 azure: stop carrying qemu-220 patch 2018-06-12 02:06:03 -07:00
aszlig
fb2c132db4
nixos/no-x-libs: Switch to using nixpkgs.overlays
The usage of nixpkgs.config.packageOverrides is deprecated and we do
have overlays since quite a while.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra
2018-06-11 20:58:33 +02:00
volth
4d07170dc0
network-interfaces.nix: remove duplicate code 2018-06-11 16:50:01 +00:00
SLNOS
adab27a352 nixos/tor: use ControlPort for controlSocket for simplicity 2018-06-11 15:52:24 +00:00
SLNOS
2de3c4bd78 nixos/tor: add tor-init service to fix directory ownerships, fix hardenings
This reverts a part of 5bd12c694b.

Apparently there's no way to specify user for RuntimeDirectory in systemd
service file (it's always root) but tor won't create control socket if the dir
is owned by anybody except the tor user.

These hardenings were adopted from the upstream service file, checked
against systemd.service(5) and systemd.exec(5) manuals, and tested to
actually work with all the options enabled.

`PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5),
removed.

`--RunAsDaemon 0` is the default value according to tor(5), removed.
2018-06-11 15:52:24 +00:00
Raymond Gauthier
3dfc9cd826 nixos/uvcvideo.dynctrl: Init 2018-06-11 11:33:49 -04:00
volth
4c3352896e
nixos/initrd-network: support hetzner 2018-06-11 10:35:02 +00:00
Uli Baum
93cbb9b72f nixos/tomcat: fix eval error introduced by #40657 2018-06-11 11:02:54 +02:00