Commit Graph

600 Commits

Author SHA1 Message Date
mornfall
fe995cdedc Merge pull request #1775 from thoughtpolice/duo_unix
Duo Security module and uid/gid support for /etc files
2014-03-16 23:06:01 +01:00
Austin Seipp
29d46452dd nixos: add Duo Security module
This module adds the security.duosec attributes, which you can use to
enable simple two-factor authentication for NixOS logins.

The module currently provides PAM and SSH support, although the PAM unix
system configuration isn't automatically dealt with (although the
configuration is automatically built).

Enabling it is as easy as saying:

  security.duosec.ssh.enable = true;
  security.duosec.ikey       = "XXXXXXXX...";
  security.duosec.skey       = "XXXXXXXX...";
  security.duosec.host       = "api-XXXXXXX.duosecurity.com";
  security.duosec.group      = "duosec";

which will enforce two-factor authentication for SSH logins for users in
the 'duosec' group.

This requires uid/gid support in the environment.etc module.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-16 07:11:50 -05:00
Shea Levy
6cc0cc7ff6 Merge branch 'postgresql-user' of git://github.com/ocharles/nixpkgs
postgresql module: Use the default superuser username
2014-03-15 13:29:52 -04:00
Shea Levy
3f6a654d9c Merge branch 'zsh' of git://github.com/ttuegel/nixpkgs
zsh: don't clobber the environment of non-login shells
2014-03-15 13:11:38 -04:00
Bjørn Forsman
f7006116b3 nixos/gpsd-service: add type declarations to options 2014-03-15 17:35:55 +01:00
Bjørn Forsman
28e5f72f05 nixos/gpsd-service: change from deprecated 'jobs' type to 'systemd'
This has the nice side-effect of making gpsd actually run!

Old behaviour (debugLevel=2):

  systemd[1]: gpsd.service holdoff time over, scheduling restart.
  systemd[1]: Stopping GPSD daemon...
  systemd[1]: Starting GPSD daemon...
  systemd[1]: gpsd.service start request repeated too quickly, refusing to start.
  systemd[1]: Failed to start GPSD daemon.
  systemd[1]: Unit gpsd.service entered failed state.

New behaviour (debugLevel=2):

  gpsd[945]: gpsd: launching (Version 2.95)
  systemd[1]: Started GPSD daemon.
  gpsd[945]: gpsd: listening on port 2947
  gpsd[945]: gpsd: running with effective group ID 27
  gpsd[945]: gpsd: running with effective user ID 23
  gpsd[945]: gpsd: stashing device /dev/ttyUSB0 at slot 0
2014-03-15 17:35:55 +01:00
ambrop7@gmail.com
49768ca8ff power-management: Don't enable acpid.
Running acpid along with systemd will cause double handling of acpi events.
2014-03-15 12:17:00 +01:00
Peter Simons
abe9d80979 Merge pull request #1939 from wkennington/master.notbit
notbit: Add systemd service for a system daemon
2014-03-15 10:48:36 +01:00
William A. Kennington III
a42e1d5494 notbit: Add systemd service for a system daemon 2014-03-15 04:36:15 -05:00
Peter Simons
f1a30454f6 Merge pull request #1942 from thoughtpolice/fixups
Trivial fixes for my packages
2014-03-15 09:35:35 +01:00
Ricardo M. Correia
bb188bbba7 nixos: Add ZFS auto-snapshotting module 2014-03-15 01:56:42 +01:00
Shea Levy
602cf8d78c Merge branch 'u/zfs-import' of git://github.com/wizeman/nixpkgs
zfs: Misc fixes
2014-03-14 19:40:34 -04:00
Shea Levy
0c12dd3ded Merge branch 'pkgs/systemd/journald_http_gateway' of git://github.com/offlinehacker/nixpkgs
systemd: python support & journal http gateway

Conflicts:
	nixos/modules/misc/ids.nix
2014-03-14 19:16:59 -04:00
Shea Levy
8502d84bd2 Merge branch 'nixos/network-interfaces/ipv6' of git://github.com/offlinehacker/nixpkgs
nixos/network-interfaces: add support for static ipv6 addresses
2014-03-14 18:54:59 -04:00
Shea Levy
a0d574f19b firewall: Allow setting rate limits for pings 2014-03-14 14:55:30 -04:00
Shea Levy
50d144278d mysql module: Specify --basedir
Needed for mariadb and safe for mysql
2014-03-14 11:56:54 -04:00
Gergely Risko
2be35c3e99 OpenAFS client fixes
Make it stoppable.  Add support for crypt and dynroot-sparse.
2014-03-14 14:40:17 +01:00
Corey O'Connor
40de28afca remove users.jenkins config start on slave config.
Uses standard NixOS user config merging.
Work in progress: The slave config does not actually start the slave agent. This just configures a
jenkins user if required. Bare minimum to enable a nice jenkins SSH slave.
2014-03-13 13:01:50 -07:00
Corey O'Connor
292ece425e match systemd style and silent curl progress bar during startup check 2014-03-13 13:01:49 -07:00
Corey O'Connor
9b79d5b298 Add jenkins continuous integration server and user.
By default the jenkins server is executed under the user "jenkins". Which can be configured using
users.jenkins.* options. If a different user is requested by changing services.jenkins.user then
none of the users.jenkins options apply.

This patch does not include jenkins slave configuration. Some config options will probably change
when this is implemented.

Aspects like the user and environment are typically identical between slave and master. The service
configs are different. The design is for users.jenkins to cover the shared aspects while
services.jenkins and services.jenkins-slave cover the master and slave specific aspects,
respectively.

Another option would be to place everything under services.jenkins and have a config that selects
master vs slave.
2014-03-13 13:01:49 -07:00
Shea Levy
59a060523e Don't override the baseUnit's PATH by default 2014-03-12 20:03:14 -04:00
Rickard Nilsson
3ed3c60d0f New NixOS module: services.solr, for running a solr server 2014-03-13 00:32:59 +01:00
Eelco Dolstra
e1984f029d autovt@.service really has to be a symlink 2014-03-13 00:19:10 +01:00
Domen Kožar
df242d0d79 Merge pull request #1926 from tomberek/kippo_uid_fix
UID/GID fix for kippo
2014-03-12 23:34:39 +01:00
Rickard Nilsson
91e6d7411e winstone NixOS module: Make it possible to set systemd service name 2014-03-12 23:28:38 +01:00
Rickard Nilsson
f24940330b New NixOS module: services.winstone, for running instances of the Winstone Java Servlet container 2014-03-12 23:14:09 +01:00
Eelco Dolstra
b13a5d4cca Fix kmscon evaluation 2014-03-12 21:00:59 +01:00
Eelco Dolstra
09c14cd8aa switch-to-configuration: Don't try to start masked units 2014-03-12 18:52:11 +01:00
Eelco Dolstra
f198c40608 Don't depend on the text of disabled units
This prevents pulling in unnecessary dependencies.
2014-03-12 18:52:11 +01:00
Eelco Dolstra
207c881df9 Don't include superfluous lines in generated units 2014-03-12 18:52:11 +01:00
Eelco Dolstra
d412245601 getty@ and autovt@: Use the upstream units 2014-03-12 18:52:10 +01:00
Eelco Dolstra
691c0cd72e systemd: Allow customisation of upstream units
You can now say:

  systemd.services.foo.baseUnit = "${pkgs.foo}/.../foo.service";

This will cause NixOS' generated foo.service file to include
foo.service from the foo package.  You can then apply local
customization in the usual way:

  systemd.services.foo.serviceConfig.MemoryLimit = "512M";

Note however that overriding options in the original unit may not
work.  For instance, you cannot override ExecStart.

It's also possible to customize instances of template units:

  systemd.services."getty@tty4" =
    { baseUnit = "/etc/systemd/system/getty@.service";
      serviceConfig.MemoryLimit = "512M";
    };

This replaces the unit options linkTarget (which didn't allow
customisation) and extraConfig (which did allow customisation, but in
a non-standard way).
2014-03-12 18:52:10 +01:00
Eelco Dolstra
3358906395 apcupsd: Description -> description 2014-03-12 18:52:10 +01:00
Rickard Nilsson
4e23573138 phpfpm module: Make extraConfig and poolConfigs mergeable by switching option type to types.lines 2014-03-12 11:45:31 +01:00
Rickard Nilsson
562a8ca4a2 Add phpfpm NixOS service module 2014-03-12 11:38:50 +01:00
Domen Kozar
28069d6aad move windowManager.xbmc to desktopManager.xbmc 2014-03-12 09:20:59 +01:00
Thomas Bereknyei
a2353866a8 UID/GID fix for kippo 2014-03-12 03:32:56 -04:00
Arseniy Seroka
f7d5e83abb slim: remove duplicate code 2014-03-11 16:27:27 +04:00
Mathijs Kwik
42d7923752 Merge pull request #1911 from offlinehacker/nixos/couchdb/fix
nixos/couchdb: fix stopping of service, by making it non-forking, a few other improvments
2014-03-11 09:35:27 +01:00
Jaka Hudoklin
2297f31339 nixos/network-interfaces: do not try to enable or disable ipv6 in container 2014-03-10 12:39:22 +01:00
Jaka Hudoklin
993ef8287e nixos/couchdb: fix stopping of service, by making it non-forking, a few other improvments
Conflicts:
	nixos/modules/services/databases/couchdb.nix
2014-03-10 11:08:05 +01:00
Jaka Hudoklin
cf65a62af4 nixos/elasticsearch: Make port an integer, add dataDir option, make pure 2014-03-10 11:04:48 +01:00
Jaka Hudoklin
bd5c0c3bc7 nixos/statsd: change default host and port on graphite host and port 2014-03-10 11:02:48 +01:00
Jaka Hudoklin
b21d95e1f8 nixos/graphite: Make pure, fix several bugs, add dataDir option 2014-03-10 10:59:26 +01:00
Domen Kozar
f0b34fe8ff searx: refactor a bit 2014-03-09 18:57:17 +01:00
Matej Cotman
7e932ca4e2 searx: add module 2014-03-09 17:33:56 +01:00
Domen Kozar
8e1d765f61 nixos manual: make nixos options linkable 2014-03-08 19:34:28 +01:00
Domen Kožar
bb7fe59b80 Merge pull request #1767 from the-kenny/fix-consoleKeyMap-type
i18n.consoleKeyMap: Accept string or path.
2014-03-08 18:04:55 +01:00
Austin Seipp
881bb235d9 nixos: tarsnap module documentation updates
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-08 08:00:56 -06:00
Ellis Whitehead
9af5d4731d typo: occured -> occurred 2014-03-07 19:39:55 +01:00
Domen Kozar
10787951ab tarsnap: mention getting started page 2014-03-07 15:37:09 +01:00
Austin Seipp
24cf6afa05 nixos: add Tarsnap backup service module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-07 15:37:09 +01:00
Domen Kožar
068c0aa219 Merge pull request #1833 from coreyoconnor/fix-synaptics-config
correct tapButtons in synaptics config.
2014-03-07 13:10:31 +01:00
Shea Levy
4b28d9d934 Merge branch 'desktopmanager-fix' of git://github.com/pSub/nixpkgs
Use feh only as a fallback if the xserver is actually enabled.
2014-03-07 04:39:25 -05:00
Gergely Risko
322b7124a8 Allow ntpq locally 2014-03-06 11:54:02 +01:00
Eelco Dolstra
6572708d39 Always load the "configs" kernel module
We used to have the configuration of the kernel available in a
somewhat convenient place (/run/booted-system/kernel-modules/config)
but that has disappeared.  So instead just make /proc/configs.gz
available.  It only eats a few kilobytes.
2014-03-05 15:22:32 +01:00
Ricardo M. Correia
02e2431661 zfs: Don't look for devices only in /dev
If we don't give out a directory to 'zpool import', it will use libblkid
to automatically find all existing ZFS devices.
2014-03-04 12:58:11 +01:00
Pascal Wittmann
c2fcf07f06 Use feh only as a fallback if the xserver is actually enabled.
Otherwise feh is installed even though no xserver is available.
2014-03-04 09:10:23 +01:00
Eelco Dolstra
6a9168ad06 Get rid of services.mesa.* message 2014-03-03 13:57:08 +01:00
Eelco Dolstra
497997cc38 Move generation of coverage reports from nixos/lib/testing to releaseTools
Also, turn some stdenv adapters into setup hooks.
2014-03-03 13:57:08 +01:00
Eelco Dolstra
ad7c518e45 Sync /tmp/xchg to ensure that the coverage data is flushed 2014-03-03 13:57:08 +01:00
Vladimír Čunát
d9cc648d6c Merge pull request #1791 from wizeman/u/nixos-gen
nixos-generate-config: improve filesystem generation
2014-03-02 11:27:43 +01:00
Shea Levy
1425fa5b3b Disable efi tests again
OVMF sucks
2014-03-01 09:51:28 -05:00
Eelco Dolstra
1d9cd24d0b Fix mysql-replication test 2014-02-28 16:18:31 +01:00
Eelco Dolstra
da2a336a3c Remove tabs 2014-02-28 16:18:31 +01:00
Domen Kožar
b792394119 nixos-manual: show manual on tty8 by default 2014-02-28 13:32:19 +01:00
Shea Levy
691f6c4c59 Fix mysql test evaluation 2014-02-28 06:16:57 -05:00
Domen Kožar
e9f3199973 add gstreamer 1.0 setup-hook and use it where appropriate 2014-02-28 02:03:07 +01:00
Domen Kožar
4e957b075e Merge pull request #1841 from pSub/patch-1
Fixed link to the installation instructions
2014-02-27 15:08:32 +01:00
Pascal Wittmann
991b23c382 Added a static identifier to the installing nixos chapter 2014-02-27 14:56:13 +01:00
Domen Kožar
ab0aae42a4 couchdb: remove redundant customConfigFile 2014-02-27 14:34:19 +01:00
Domen Kožar
d6a3cada9b couchdb: stricter types 2014-02-27 14:33:50 +01:00
Domen Kožar
9d55a4c513 couchdb: add ids 2014-02-27 14:33:30 +01:00
Rok Garbas
0bebcd7d1f folders of pidFile and uriFile should be writable by couchdb user/group 2014-02-27 13:34:11 +01:00
Rok Garbas
55cff93f04 couchdb(nixos): removing whitespace and line that was commented 2014-02-27 13:34:11 +01:00
Rok Garbas
62438c09f7 update couchdb to 1.5.0(current latest) and add service for it 2014-02-27 13:34:11 +01:00
Domen Kožar
97a0dd9eb9 nixos: set all package options to have type package 2014-02-27 13:22:29 +01:00
Shea Levy
f7c04b1e6b mediawiki: Don't rewrite /images if uploads are enabled 2014-02-27 07:17:10 -05:00
Shea Levy
1e7300ad67 mediawiki rewrite rules only needed with no urlPrefix 2014-02-27 07:17:10 -05:00
Shea Levy
32470621d5 Restart keys.target on reconfiguration 2014-02-26 13:35:04 -05:00
Shea Levy
69b6b939ef rename.nix: Handle renaming of a whole set of options
mkIf was pushed down, making the obsoleted argument unconditionally evaluated

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-26 10:06:28 -05:00
Shea Levy
efb18d9aa5 D'oh 2014-02-26 08:49:21 -05:00
Shea Levy
c9f9835dda Document mysql changes 2014-02-26 07:56:59 -05:00
Shea Levy
1ce6fff4e2 Merge mysql55 module into mysql
This also removes the default for services.mysql.package, as this should
not generally be updated automatically if we change the mysql attribute
2014-02-26 07:54:12 -05:00
Shea Levy
793328e1ee Mediawiki: Add some needed rewrites 2014-02-25 09:13:40 -05:00
Shea Levy
0d4a9e3aa6 Allow httpd subservices to set the document root
Only the main service OR one of the subservices can set the document
root. This is used by mediawiki when it is hosted at the root of the
vhost.
2014-02-25 07:44:45 -05:00
Corey O'Connor
20567eba1f correct tapButtons in synaptics config. Dont rely on the X11 input settings to take the last option. 2014-02-24 16:03:47 -08:00
Rickard Nilsson
d5211b0e0e Make initialRootPassword overrideable in all virtualisation modules, not just virtualbox. 2014-02-24 18:05:26 +01:00
Austin Seipp
dc700e0925 etc: uid/gid support for copied files
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-23 18:00:47 -06:00
Austin Seipp
fc9022bea1 firewall: add support for TCP/UDP port ranges
This is useful for packages like mosh, which use a wide UDP port range
by default for incoming connections.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-22 18:19:22 +01:00
Petr Rockai
f21abed131 nixos: Assign uid/gid to dictd's service user. 2014-02-22 12:00:08 +01:00
Shea Levy
95a77ea39f Unconditionally add ssh to nix-daemon's path for the ssh substitituer 2014-02-20 14:17:30 -05:00
Shea Levy
17f88453f6 Don't complain if HOME isn't writable 2014-02-20 13:40:56 -05:00
Shea Levy
fefc0d9917 Add module to enable the server for the ssh substituter 2014-02-20 13:40:51 -05:00
Shea Levy
2b92e90f91 opensmtpd: Add sendmail to systemPackages 2014-02-20 06:17:15 -05:00
Ricardo M. Correia
a146fdab80 nixos-generate-config: Don't generate filesystem options
We don't want to hardcode configuration options that the current kernel chose
for us when mounting the filesystem, since the defaults can change in the
future.
2014-02-19 17:18:50 +01:00
Ricardo M. Correia
cea9a1a242 nixos-generate-config: Don't generate /var/lib/nfs/rpc_pipefs filesystem
It's automatically mounted if the system has support for NFS.
2014-02-19 17:18:49 +01:00
Domen Kožar
ad0732313d gnome3: typo 2014-02-19 16:53:08 +01:00
Domen Kožar
746c42d10f gnome3: add some default core packages to be installed 2014-02-19 16:38:42 +01:00
Domen Kožar
189273af38 add gnome3.vino 2014-02-19 16:38:41 +01:00