mornfall
fe995cdedc
Merge pull request #1775 from thoughtpolice/duo_unix
...
Duo Security module and uid/gid support for /etc files
2014-03-16 23:06:01 +01:00
Austin Seipp
29d46452dd
nixos: add Duo Security module
...
This module adds the security.duosec attributes, which you can use to
enable simple two-factor authentication for NixOS logins.
The module currently provides PAM and SSH support, although the PAM unix
system configuration isn't automatically dealt with (although the
configuration is automatically built).
Enabling it is as easy as saying:
security.duosec.ssh.enable = true;
security.duosec.ikey = "XXXXXXXX...";
security.duosec.skey = "XXXXXXXX...";
security.duosec.host = "api-XXXXXXX.duosecurity.com";
security.duosec.group = "duosec";
which will enforce two-factor authentication for SSH logins for users in
the 'duosec' group.
This requires uid/gid support in the environment.etc module.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-16 07:11:50 -05:00
Shea Levy
6cc0cc7ff6
Merge branch 'postgresql-user' of git://github.com/ocharles/nixpkgs
...
postgresql module: Use the default superuser username
2014-03-15 13:29:52 -04:00
Shea Levy
3f6a654d9c
Merge branch 'zsh' of git://github.com/ttuegel/nixpkgs
...
zsh: don't clobber the environment of non-login shells
2014-03-15 13:11:38 -04:00
Bjørn Forsman
f7006116b3
nixos/gpsd-service: add type declarations to options
2014-03-15 17:35:55 +01:00
Bjørn Forsman
28e5f72f05
nixos/gpsd-service: change from deprecated 'jobs' type to 'systemd'
...
This has the nice side-effect of making gpsd actually run!
Old behaviour (debugLevel=2):
systemd[1]: gpsd.service holdoff time over, scheduling restart.
systemd[1]: Stopping GPSD daemon...
systemd[1]: Starting GPSD daemon...
systemd[1]: gpsd.service start request repeated too quickly, refusing to start.
systemd[1]: Failed to start GPSD daemon.
systemd[1]: Unit gpsd.service entered failed state.
New behaviour (debugLevel=2):
gpsd[945]: gpsd: launching (Version 2.95)
systemd[1]: Started GPSD daemon.
gpsd[945]: gpsd: listening on port 2947
gpsd[945]: gpsd: running with effective group ID 27
gpsd[945]: gpsd: running with effective user ID 23
gpsd[945]: gpsd: stashing device /dev/ttyUSB0 at slot 0
2014-03-15 17:35:55 +01:00
ambrop7@gmail.com
49768ca8ff
power-management: Don't enable acpid.
...
Running acpid along with systemd will cause double handling of acpi events.
2014-03-15 12:17:00 +01:00
Peter Simons
abe9d80979
Merge pull request #1939 from wkennington/master.notbit
...
notbit: Add systemd service for a system daemon
2014-03-15 10:48:36 +01:00
William A. Kennington III
a42e1d5494
notbit: Add systemd service for a system daemon
2014-03-15 04:36:15 -05:00
Peter Simons
f1a30454f6
Merge pull request #1942 from thoughtpolice/fixups
...
Trivial fixes for my packages
2014-03-15 09:35:35 +01:00
Ricardo M. Correia
bb188bbba7
nixos: Add ZFS auto-snapshotting module
2014-03-15 01:56:42 +01:00
Shea Levy
602cf8d78c
Merge branch 'u/zfs-import' of git://github.com/wizeman/nixpkgs
...
zfs: Misc fixes
2014-03-14 19:40:34 -04:00
Shea Levy
0c12dd3ded
Merge branch 'pkgs/systemd/journald_http_gateway' of git://github.com/offlinehacker/nixpkgs
...
systemd: python support & journal http gateway
Conflicts:
nixos/modules/misc/ids.nix
2014-03-14 19:16:59 -04:00
Shea Levy
8502d84bd2
Merge branch 'nixos/network-interfaces/ipv6' of git://github.com/offlinehacker/nixpkgs
...
nixos/network-interfaces: add support for static ipv6 addresses
2014-03-14 18:54:59 -04:00
Shea Levy
a0d574f19b
firewall: Allow setting rate limits for pings
2014-03-14 14:55:30 -04:00
Shea Levy
50d144278d
mysql module: Specify --basedir
...
Needed for mariadb and safe for mysql
2014-03-14 11:56:54 -04:00
Gergely Risko
2be35c3e99
OpenAFS client fixes
...
Make it stoppable. Add support for crypt and dynroot-sparse.
2014-03-14 14:40:17 +01:00
Corey O'Connor
40de28afca
remove users.jenkins config start on slave config.
...
Uses standard NixOS user config merging.
Work in progress: The slave config does not actually start the slave agent. This just configures a
jenkins user if required. Bare minimum to enable a nice jenkins SSH slave.
2014-03-13 13:01:50 -07:00
Corey O'Connor
292ece425e
match systemd style and silent curl progress bar during startup check
2014-03-13 13:01:49 -07:00
Corey O'Connor
9b79d5b298
Add jenkins continuous integration server and user.
...
By default the jenkins server is executed under the user "jenkins". Which can be configured using
users.jenkins.* options. If a different user is requested by changing services.jenkins.user then
none of the users.jenkins options apply.
This patch does not include jenkins slave configuration. Some config options will probably change
when this is implemented.
Aspects like the user and environment are typically identical between slave and master. The service
configs are different. The design is for users.jenkins to cover the shared aspects while
services.jenkins and services.jenkins-slave cover the master and slave specific aspects,
respectively.
Another option would be to place everything under services.jenkins and have a config that selects
master vs slave.
2014-03-13 13:01:49 -07:00
Shea Levy
59a060523e
Don't override the baseUnit's PATH by default
2014-03-12 20:03:14 -04:00
Rickard Nilsson
3ed3c60d0f
New NixOS module: services.solr, for running a solr server
2014-03-13 00:32:59 +01:00
Eelco Dolstra
e1984f029d
autovt@.service really has to be a symlink
2014-03-13 00:19:10 +01:00
Domen Kožar
df242d0d79
Merge pull request #1926 from tomberek/kippo_uid_fix
...
UID/GID fix for kippo
2014-03-12 23:34:39 +01:00
Rickard Nilsson
91e6d7411e
winstone NixOS module: Make it possible to set systemd service name
2014-03-12 23:28:38 +01:00
Rickard Nilsson
f24940330b
New NixOS module: services.winstone, for running instances of the Winstone Java Servlet container
2014-03-12 23:14:09 +01:00
Eelco Dolstra
b13a5d4cca
Fix kmscon evaluation
2014-03-12 21:00:59 +01:00
Eelco Dolstra
09c14cd8aa
switch-to-configuration: Don't try to start masked units
2014-03-12 18:52:11 +01:00
Eelco Dolstra
f198c40608
Don't depend on the text of disabled units
...
This prevents pulling in unnecessary dependencies.
2014-03-12 18:52:11 +01:00
Eelco Dolstra
207c881df9
Don't include superfluous lines in generated units
2014-03-12 18:52:11 +01:00
Eelco Dolstra
d412245601
getty@ and autovt@: Use the upstream units
2014-03-12 18:52:10 +01:00
Eelco Dolstra
691c0cd72e
systemd: Allow customisation of upstream units
...
You can now say:
systemd.services.foo.baseUnit = "${pkgs.foo}/.../foo.service";
This will cause NixOS' generated foo.service file to include
foo.service from the foo package. You can then apply local
customization in the usual way:
systemd.services.foo.serviceConfig.MemoryLimit = "512M";
Note however that overriding options in the original unit may not
work. For instance, you cannot override ExecStart.
It's also possible to customize instances of template units:
systemd.services."getty@tty4" =
{ baseUnit = "/etc/systemd/system/getty@.service";
serviceConfig.MemoryLimit = "512M";
};
This replaces the unit options linkTarget (which didn't allow
customisation) and extraConfig (which did allow customisation, but in
a non-standard way).
2014-03-12 18:52:10 +01:00
Eelco Dolstra
3358906395
apcupsd: Description -> description
2014-03-12 18:52:10 +01:00
Rickard Nilsson
4e23573138
phpfpm module: Make extraConfig and poolConfigs mergeable by switching option type to types.lines
2014-03-12 11:45:31 +01:00
Rickard Nilsson
562a8ca4a2
Add phpfpm NixOS service module
2014-03-12 11:38:50 +01:00
Domen Kozar
28069d6aad
move windowManager.xbmc to desktopManager.xbmc
2014-03-12 09:20:59 +01:00
Thomas Bereknyei
a2353866a8
UID/GID fix for kippo
2014-03-12 03:32:56 -04:00
Arseniy Seroka
f7d5e83abb
slim: remove duplicate code
2014-03-11 16:27:27 +04:00
Mathijs Kwik
42d7923752
Merge pull request #1911 from offlinehacker/nixos/couchdb/fix
...
nixos/couchdb: fix stopping of service, by making it non-forking, a few other improvments
2014-03-11 09:35:27 +01:00
Jaka Hudoklin
2297f31339
nixos/network-interfaces: do not try to enable or disable ipv6 in container
2014-03-10 12:39:22 +01:00
Jaka Hudoklin
993ef8287e
nixos/couchdb: fix stopping of service, by making it non-forking, a few other improvments
...
Conflicts:
nixos/modules/services/databases/couchdb.nix
2014-03-10 11:08:05 +01:00
Jaka Hudoklin
cf65a62af4
nixos/elasticsearch: Make port an integer, add dataDir option, make pure
2014-03-10 11:04:48 +01:00
Jaka Hudoklin
bd5c0c3bc7
nixos/statsd: change default host and port on graphite host and port
2014-03-10 11:02:48 +01:00
Jaka Hudoklin
b21d95e1f8
nixos/graphite: Make pure, fix several bugs, add dataDir option
2014-03-10 10:59:26 +01:00
Domen Kozar
f0b34fe8ff
searx: refactor a bit
2014-03-09 18:57:17 +01:00
Matej Cotman
7e932ca4e2
searx: add module
2014-03-09 17:33:56 +01:00
Domen Kozar
8e1d765f61
nixos manual: make nixos options linkable
2014-03-08 19:34:28 +01:00
Domen Kožar
bb7fe59b80
Merge pull request #1767 from the-kenny/fix-consoleKeyMap-type
...
i18n.consoleKeyMap: Accept string or path.
2014-03-08 18:04:55 +01:00
Austin Seipp
881bb235d9
nixos: tarsnap module documentation updates
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-08 08:00:56 -06:00
Ellis Whitehead
9af5d4731d
typo: occured -> occurred
2014-03-07 19:39:55 +01:00
Domen Kozar
10787951ab
tarsnap: mention getting started page
2014-03-07 15:37:09 +01:00
Austin Seipp
24cf6afa05
nixos: add Tarsnap backup service module
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-07 15:37:09 +01:00
Domen Kožar
068c0aa219
Merge pull request #1833 from coreyoconnor/fix-synaptics-config
...
correct tapButtons in synaptics config.
2014-03-07 13:10:31 +01:00
Shea Levy
4b28d9d934
Merge branch 'desktopmanager-fix' of git://github.com/pSub/nixpkgs
...
Use feh only as a fallback if the xserver is actually enabled.
2014-03-07 04:39:25 -05:00
Gergely Risko
322b7124a8
Allow ntpq locally
2014-03-06 11:54:02 +01:00
Eelco Dolstra
6572708d39
Always load the "configs" kernel module
...
We used to have the configuration of the kernel available in a
somewhat convenient place (/run/booted-system/kernel-modules/config)
but that has disappeared. So instead just make /proc/configs.gz
available. It only eats a few kilobytes.
2014-03-05 15:22:32 +01:00
Ricardo M. Correia
02e2431661
zfs: Don't look for devices only in /dev
...
If we don't give out a directory to 'zpool import', it will use libblkid
to automatically find all existing ZFS devices.
2014-03-04 12:58:11 +01:00
Pascal Wittmann
c2fcf07f06
Use feh only as a fallback if the xserver is actually enabled.
...
Otherwise feh is installed even though no xserver is available.
2014-03-04 09:10:23 +01:00
Eelco Dolstra
6a9168ad06
Get rid of services.mesa.* message
2014-03-03 13:57:08 +01:00
Eelco Dolstra
497997cc38
Move generation of coverage reports from nixos/lib/testing to releaseTools
...
Also, turn some stdenv adapters into setup hooks.
2014-03-03 13:57:08 +01:00
Eelco Dolstra
ad7c518e45
Sync /tmp/xchg to ensure that the coverage data is flushed
2014-03-03 13:57:08 +01:00
Vladimír Čunát
d9cc648d6c
Merge pull request #1791 from wizeman/u/nixos-gen
...
nixos-generate-config: improve filesystem generation
2014-03-02 11:27:43 +01:00
Shea Levy
1425fa5b3b
Disable efi tests again
...
OVMF sucks
2014-03-01 09:51:28 -05:00
Eelco Dolstra
1d9cd24d0b
Fix mysql-replication test
2014-02-28 16:18:31 +01:00
Eelco Dolstra
da2a336a3c
Remove tabs
2014-02-28 16:18:31 +01:00
Domen Kožar
b792394119
nixos-manual: show manual on tty8 by default
2014-02-28 13:32:19 +01:00
Shea Levy
691f6c4c59
Fix mysql test evaluation
2014-02-28 06:16:57 -05:00
Domen Kožar
e9f3199973
add gstreamer 1.0 setup-hook and use it where appropriate
2014-02-28 02:03:07 +01:00
Domen Kožar
4e957b075e
Merge pull request #1841 from pSub/patch-1
...
Fixed link to the installation instructions
2014-02-27 15:08:32 +01:00
Pascal Wittmann
991b23c382
Added a static identifier to the installing nixos chapter
2014-02-27 14:56:13 +01:00
Domen Kožar
ab0aae42a4
couchdb: remove redundant customConfigFile
2014-02-27 14:34:19 +01:00
Domen Kožar
d6a3cada9b
couchdb: stricter types
2014-02-27 14:33:50 +01:00
Domen Kožar
9d55a4c513
couchdb: add ids
2014-02-27 14:33:30 +01:00
Rok Garbas
0bebcd7d1f
folders of pidFile and uriFile should be writable by couchdb user/group
2014-02-27 13:34:11 +01:00
Rok Garbas
55cff93f04
couchdb(nixos): removing whitespace and line that was commented
2014-02-27 13:34:11 +01:00
Rok Garbas
62438c09f7
update couchdb to 1.5.0(current latest) and add service for it
2014-02-27 13:34:11 +01:00
Domen Kožar
97a0dd9eb9
nixos: set all package options to have type package
2014-02-27 13:22:29 +01:00
Shea Levy
f7c04b1e6b
mediawiki: Don't rewrite /images if uploads are enabled
2014-02-27 07:17:10 -05:00
Shea Levy
1e7300ad67
mediawiki rewrite rules only needed with no urlPrefix
2014-02-27 07:17:10 -05:00
Shea Levy
32470621d5
Restart keys.target on reconfiguration
2014-02-26 13:35:04 -05:00
Shea Levy
69b6b939ef
rename.nix: Handle renaming of a whole set of options
...
mkIf was pushed down, making the obsoleted argument unconditionally evaluated
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-26 10:06:28 -05:00
Shea Levy
efb18d9aa5
D'oh
2014-02-26 08:49:21 -05:00
Shea Levy
c9f9835dda
Document mysql changes
2014-02-26 07:56:59 -05:00
Shea Levy
1ce6fff4e2
Merge mysql55 module into mysql
...
This also removes the default for services.mysql.package, as this should
not generally be updated automatically if we change the mysql attribute
2014-02-26 07:54:12 -05:00
Shea Levy
793328e1ee
Mediawiki: Add some needed rewrites
2014-02-25 09:13:40 -05:00
Shea Levy
0d4a9e3aa6
Allow httpd subservices to set the document root
...
Only the main service OR one of the subservices can set the document
root. This is used by mediawiki when it is hosted at the root of the
vhost.
2014-02-25 07:44:45 -05:00
Corey O'Connor
20567eba1f
correct tapButtons in synaptics config. Dont rely on the X11 input settings to take the last option.
2014-02-24 16:03:47 -08:00
Rickard Nilsson
d5211b0e0e
Make initialRootPassword overrideable in all virtualisation modules, not just virtualbox.
2014-02-24 18:05:26 +01:00
Austin Seipp
dc700e0925
etc: uid/gid support for copied files
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-23 18:00:47 -06:00
Austin Seipp
fc9022bea1
firewall: add support for TCP/UDP port ranges
...
This is useful for packages like mosh, which use a wide UDP port range
by default for incoming connections.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-22 18:19:22 +01:00
Petr Rockai
f21abed131
nixos: Assign uid/gid to dictd's service user.
2014-02-22 12:00:08 +01:00
Shea Levy
95a77ea39f
Unconditionally add ssh to nix-daemon's path for the ssh substitituer
2014-02-20 14:17:30 -05:00
Shea Levy
17f88453f6
Don't complain if HOME isn't writable
2014-02-20 13:40:56 -05:00
Shea Levy
fefc0d9917
Add module to enable the server for the ssh substituter
2014-02-20 13:40:51 -05:00
Shea Levy
2b92e90f91
opensmtpd: Add sendmail to systemPackages
2014-02-20 06:17:15 -05:00
Ricardo M. Correia
a146fdab80
nixos-generate-config: Don't generate filesystem options
...
We don't want to hardcode configuration options that the current kernel chose
for us when mounting the filesystem, since the defaults can change in the
future.
2014-02-19 17:18:50 +01:00
Ricardo M. Correia
cea9a1a242
nixos-generate-config: Don't generate /var/lib/nfs/rpc_pipefs filesystem
...
It's automatically mounted if the system has support for NFS.
2014-02-19 17:18:49 +01:00
Domen Kožar
ad0732313d
gnome3: typo
2014-02-19 16:53:08 +01:00
Domen Kožar
746c42d10f
gnome3: add some default core packages to be installed
2014-02-19 16:38:42 +01:00
Domen Kožar
189273af38
add gnome3.vino
2014-02-19 16:38:41 +01:00