Commit graph

988 commits

Author SHA1 Message Date
Franz Pletz
7ae2d221cd
bird service: add bird to systemPackages
For the tool birdc to monitor and configure bird.
2016-12-28 06:35:31 +01:00
Jörg Thalheim
1590461887 ntp: make timesyncd the new default
- most nixos user only require time synchronisation,
  while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
  save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
michael bishop
e5cefadef7 fix indentation in several nixos option descriptions 2016-12-16 18:29:25 +01:00
Jörg Thalheim
cc864af928 bird: refactor module
- syntax check before deploying configuration
- remove static unnessary static uid/gid (configuration is opened as root)
- add service hardening
2016-12-15 11:38:45 +01:00
Jörg Thalheim
ebd85b632a
ferm: reload rules on updates instead of restart 2016-12-14 16:09:11 +01:00
Joachim Fasting
4697f83984
openfire service: more informative assertion failure message
Explain why the assertion fails; the user already knows that it *has*
failed.
2016-12-10 20:35:43 +01:00
Joachim Fasting
2a4902dd80
dante service: fix config option type
The type was simply str but the default is null, thus resulting in a
conversion error if the user fails to declare a value.
2016-12-10 20:35:41 +01:00
Joachim Fasting
3dcdc2d2b0
privoxy service: remove static uid
The service owns no data, having a static uid serves no purpose.

This frees up uid/gid 32
2016-12-05 13:37:08 +01:00
Joachim Fasting
ad88f1040e
privoxy service: additional isolation 2016-12-05 13:21:31 +01:00
lbonn
288e75c5f9 wireguard: remove dependency on ip-up.target
It was deprecated and removed from all modules in the tree by #18319.

The wireguard module PR (#17933) was still in the review at the time and
the deprecated usage managed to slip inside.
2016-12-01 00:11:16 +01:00
Sophie Taylor
016fa06c71
cjdns: Improving systemd unit description 2016-11-27 22:07:51 -05:00
Franz Pletz
e394c305a8 Merge pull request #20620 from rnhmjoj/fakeroute
fakeroute: init at 0.3
2016-11-28 03:01:15 +01:00
rnhmjoj
7eb9a03221
fakeroute: add service 2016-11-23 15:23:10 +01:00
Franz Pletz
d94e93ccdf Merge pull request #19588 from Shados/add-dante
Add dante package & accompanying service module
2016-11-22 15:10:46 +01:00
Alexei Robyn
49d679d7a8 dante service: init 2016-11-22 21:33:54 +11:00
Joachim Fasting
f9f354faad
nixos/modules: use defaultText where applicable
Primarily to fix rendering of these default values in the manual but
it's also nice to avoid having to eval these things just to build the
manual.
2016-11-21 16:35:15 +01:00
Eelco Dolstra
d69dce080d
Fix setting programs.ssh.setXAuthLocation
The configuration { services.openssh.enable = true;
services.openssh.forwardX11 = false; } caused
programs.ssh.setXAuthLocation to be set to false, which was not the
intent. The intent is that programs.ssh.setXAuthLocation should be
automatically enabled if needed or if xauth is already available.
2016-11-21 16:19:51 +01:00
Emery Hemingway
60ded3f363 nixos/cjdns: do not ammend /etc/hosts
Generating IPv6 addresses at eval time required building cjdns.

Fix #20422
2016-11-18 18:41:50 +01:00
Eric Sagnes
15d25df698 nsd module: use enum 2016-11-16 22:37:14 +09:00
Eric Sagnes
5259fb2181 nntp-proxy module: use enum 2016-11-16 22:36:53 +09:00
Eric Sagnes
fb26d561ed hostapd module: use enum 2016-11-16 22:36:26 +09:00
Eric Sagnes
57c4d6f380 znc module: networks option loaOf -> attrsOf 2016-11-16 16:33:06 +09:00
Eric Sagnes
b4d1d37b22 tinc module: networks, hosts option loaOf -> attrsOf 2016-11-16 16:32:02 +09:00
Pascal Bach
c1dca9e40b etcd: make all service using etc go to 127.0.0.1:2379 by default
The old etcd port 4001 is no longer enabled by default in etcd 3.
The new port is 2379 and is officially assigned by IANA.

There were still some services left that expect etcd on port 4001 by default.
This changes the default to 2379 everywhere.

It should not cause problems for users as the etcd by nix does listen on the new port only by default anyway.
2016-11-11 23:11:54 +01:00
Gregor Kleen
54199414e3 nsd service: fix typo
Closes #20343.
2016-11-11 14:06:07 +01:00
Edward Tjörnhammar
4009dbe543
nixos: i2pd, update config options 2016-11-06 08:13:04 +01:00
Joachim F
32715b8314 Merge pull request #17445 from joachifm/dnscrypt-proxy-update-list
dnscrypt-proxy service: auto-updated resolver list
2016-11-05 18:23:48 +01:00
Joachim Fasting
2f912bf0a3
dnscrypt-proxy service: auto-update upstream resolver list
By default, we use the list of public DNSCrypt resolvers provided by
dnscrypt-proxy upstream. The list is updated at regular intervals.
2016-11-05 17:44:51 +01:00
Joachim F
2c567dbd4d Merge pull request #20144 from ericsagnes/feat/module-enums
modules: use enum when relevant
2016-11-05 12:18:04 +01:00
Sophie Taylor
20e81f7c0d nixos/cjdns: tightened permissions via systemd, added caps 2016-11-04 17:00:23 +01:00
uwap
d9134ddb5d Add a package option for quassel (#20159) 2016-11-04 16:33:47 +01:00
Joachim Fasting
222cfd3233
cjdns module: fix typo 2016-11-04 13:44:48 +01:00
Eric Sagnes
8f8184ece1 tinc module: use enum 2016-11-04 13:04:17 +09:00
Eric Sagnes
5a3c2e3db0 bitlbee module: use enum 2016-11-04 13:03:53 +09:00
Marius Bergmann
51652ac3aa smokeping service: Use setuid-wrapped fping binary
The current default probe config uses the unwrapped fping binary, which
leads to an error because fping must be executed with elevated
permissions.

I fixed this by changing the path to the default binary to the
setuid-wrapped version.
2016-11-03 09:44:21 +01:00
Peter J. Jones
d19967bf48 vsftpd service: add extraConfig option, set anon_root (#20069)
This commit includes two changes:

  1. A new `extraConfig` option to allow administrators to set any
     vsftpd configuration option that isn't directly supported by this
     derivation.

  2. Correctly set the `anon_root` vsftpd option to `anonymousUserHome`
2016-11-03 05:06:47 +01:00
Eric Sagnes
7fd38dc8b3 znc module: optionSet -> submodule (#20096) 2016-11-03 05:02:14 +01:00
Marius Bergmann
248bf519c9 smokeping service: Fix permissions in $smokepingHome
In the prestart config of the smokeping service, smokeping is executed
initially. This happens as the user root and writes some files to
$smokepingHome, which can't be overwritten by the smokeping user. This
gives an error message.

I fixed this by moving the chown step after the initial smokeping runs,
so that it also affects the generated files.
2016-11-02 13:18:57 +01:00
Joachim Fasting
420cf50838
dnscrypt-proxy module: minor config example tweaks
- Indentation
- unbound automatically handles local forward addresses
2016-10-29 03:04:00 +02:00
Joachim Fasting
d198e474a8
dnscrypt-proxy service: remove use of mkEnableOption 2016-10-29 03:03:50 +02:00
Joachim F
1da6dd3eee Merge pull request #19875 from joachifm/cjdns-for-upstream
Cjdns module enhancments
2016-10-28 13:01:58 +02:00
Joachim Fasting
8180922d23 cjdns service: refactor cjdns hosts builder
The old version would export two lists to a bash builder and do pairwise
processing on the bash side.  In the new version we instead generate a
logic free builder on the Nix side. This is not only conceptually
simpler but reduces the amount of code and intermediate values.
2016-10-27 14:15:54 +02:00
Joachim Fasting
9654e09b5a cjdns service: ensure that generated passwd has requested length
`head -cNUM ... | tr -dc SET` might generate output containing fewer
than NUM characters.  Given the limited alphabet, this could result in a
fairly weak passphrase. The construction `tr </dev/urandom | head
-cNUM`, however, is sure to give us the full `NUM`.
2016-10-27 14:15:53 +02:00
Joachim Fasting
e94bd6f31d cjdns service: protect /home and /tmp 2016-10-27 14:15:52 +02:00
Joachim Fasting
5fba586650 cjdns service: better types
- types.string -> str, string is deprecated
- change type of confFile option to nullOr path, makes more sense
2016-10-27 14:15:52 +02:00
Joachim Fasting
afe67f28a3 cjdns service: use cfg.enable shortcut 2016-10-27 14:15:51 +02:00
Joachim Fasting
79d216b8f4 cjdns service: whitespace cleanup 2016-10-27 14:15:51 +02:00
Frederik Rietdijk
7077a270bf Merge remote-tracking branch 'upstream/master' into HEAD 2016-10-26 13:06:43 +02:00
Bjørn Forsman
cd1b09af5d nixos/tftpd: change default dir from /home/tftp to /srv/tftp
/home is for real users. /srv is recommended by FHS (although there is
no consensus for what to name subdirs under /srv).
2016-10-25 17:20:52 +02:00
Bjørn Forsman
d03dbfcbb8 nixos/tftpd: mention that it runs as an xinetd service 2016-10-25 17:20:52 +02:00
Domen Kožar
1622a21c68 Merge pull request #19453 from ryantrinkle/openfire-fix
openfire: fix service expression
2016-10-24 11:35:16 +02:00
Emery Hemingway
b675619391 nixos: use types.lines for extraConfig 2016-10-23 19:41:43 +02:00
Jörg Thalheim
fba9d231b4 Merge pull request #17394 from schneefux/znc-module
ZNC: 1.6.2 -> 1.6.3, push 2015-12-07 -> 2016-07-28, module refactor
2016-10-22 19:58:24 +02:00
Jörg Thalheim
fafe3ec40a Merge pull request #19624 from bjornfor/improve-atftpd-service
nixos/atftpd: various improvements
2016-10-22 18:08:53 +02:00
Frederik Rietdijk
e56832d730 Merge remote-tracking branch 'upstream/master' into HEAD 2016-10-22 17:23:24 +02:00
schneefux
ee42e000dd
znc module: refactor 2016-10-22 13:52:20 +02:00
Anmol Sethi
1a74eedd07 sshd: separate key generation into another service
Fixes #19589
2016-10-20 23:14:37 -04:00
Alexander Ried
57d9c69c6a supplicant: fix wants and wantedBy 2016-10-20 20:17:17 +02:00
Peter Hoeg
1026bebee6
syncthing: use service files from upstream
Currently only for the user services as NixOS handles the named system
instances slightly differently.

syncthing and syncthing-inotify are done the same way.

There are 4 parts to this:

 1) Copy in the upstream unit files
 2) Make the nixos module use the definition from upstream
 3) Enable restarting of all instances (system and user) on resume
 4) Allow the traffic in the firewall on default ports if wanted

fixes #18973
2016-10-19 21:20:57 +02:00
Ryan Trinkle
928341132e openfire: fix service expression
openfire is not in scope
2016-10-19 11:06:07 -04:00
Bjørn Forsman
f3876cbba0 nixos/atftpd: various improvements
* Add extraOptions option, to pass arbitrary command line options to
  atftp. Especially useful to specify which address to bind to
  (--bind-addres ...).
* Improve descriptions (fix a typo, document default bind address,
  don't repeat service name in systemd description + capitalize)
* Change default server directory from /var/empty to /srv/tftp, and
  change types.str to types.path.
2016-10-17 16:20:24 +02:00
Benno Fünfstück
796264a708 nixos/avahi: use more upstream-like systemd units
The new units mirror the upstream systemd units as closely as possible.
I could not find a reason why the service would need to be restarted on
resuming from suspend, and the upstream units also do not contain such a
restriction, so I removed the `partOf = [ "post-resume.target"]`.
This fixes #19525.
2016-10-15 22:51:39 +02:00
Alexander Ried
4094d63dea NetworkManager-strongswan: init at 1.4.0 2016-10-15 20:32:16 +02:00
Profpatsch
bef6bef0d2
stdenv/stripHash: print to stdout, not to variable
`stripHash` documentation states that it prints out the stripped name to
the stdout, but the function stored the value in `strippedName`
instead.

Basically all usages did something like
`$(stripHash $foo | echo $strippedName)` which is just braindamaged.
Fixed the implementation and all invocations.
2016-10-11 18:34:36 +02:00
Joachim F
1997761725 Merge pull request #19367 from cransom/smokeping-fix
smokeping module: fix missing js, broken alerts
2016-10-10 16:06:39 +02:00
Franz Pletz
03c2b449f8
dhcpd service: Add extraFlags option 2016-10-09 11:38:34 +02:00
Casey Ransom
74558c88fb smokeping module: fix missing js, broken alerts
The initial commit accidentally left in some commented code and if you were
using alerts, they simply didn't work.

Smokeping also includes some JS code for the webui allowing you to zoom into
graphs and it was not passed into the homedir. Additionally, generate
static html pages for other webservers to serve the cache directory.

Add additional options to specify sendmail path or mailhost and verify that both
are not set.

Add one extra config hook that allows you to bypass all of the invidual config
stanzas and just hand it a string.
2016-10-08 20:52:45 -04:00
Jaka Hudoklin
afbe339e7d firewall service: add support for loose reverse path filter check (#19122) 2016-10-08 14:26:52 +02:00
Moritz Ulrich
c475234827 services.kippo: Add missing '}' 2016-10-06 13:39:21 +02:00
Frederik Rietdijk
6f836eb0d4 Kippo: move pythonPackages.twisted_11 to kippo expression 2016-10-06 12:59:05 +02:00
Eric Sagnes
0bd263ecc3
wireguard: add module
fixes #17933
2016-10-06 09:41:38 +02:00
Joachim F
0906a0f197 Merge pull request #18491 from groxxda/network-interfaces
Replace Network-interfaces.target
2016-10-02 16:34:37 +02:00
Jörg Thalheim
cd673d3c26 Merge pull request #19138 from nhooyr/openssh
openssh: support prohibit-password for permitRootLogin
2016-10-02 15:26:21 +02:00
Anmol Sethi
6891bb1c59
openssh: support prohibit-password for permitRootLogin
See 1dc8d93ce6

I also made it the default.
2016-10-01 13:23:56 -04:00
Jörg Thalheim
7d3143990f Merge pull request #19136 from nhooyr/powerdns
powerdns: removed PrivateTmp=true in serviceConfig
2016-10-01 18:28:34 +02:00
Anmol Sethi
489ca7e5c0
powerdns: removed PrivateTmp=true in serviceConfig
As discussed in #18718 PrivateTmp is unnecessary because powerdns is
chrooted to /var/lib/powerdns.

I also added myself as co-maintainer.
2016-10-01 12:27:23 -04:00
Joachim F
7e80c42b0e Merge pull request #18511 from ericsagnes/feat/remove-optionSet
modules: optionSet -> submodule
2016-10-01 17:57:45 +02:00
Jaka Hudoklin
98a8146428 Merge pull request #19016 from offlinehacker/pkgs/flannel/update/0.6.2
flannel: update, add nixos module, add tests
2016-10-01 17:22:34 +02:00
Jaka Hudoklin
feb9fc3aff flannel service: init 2016-10-01 17:08:48 +02:00
Robert Helgesson
db3579c332
ddclient service: minor spelling fix 2016-09-30 19:26:21 +02:00
Thomas Bereknyei
5bca9297ff
ddclient: add configFile option
ddclient: improve documentation

Adopted @joachifm's suggestions.

ddclient additional refinement
2016-09-30 19:13:56 +02:00
Shea Levy
b692e06686 supplicant: Make the device pull in the supplicant service.
The udev rule should do this. Not sure why it doesn't.

Fixes #19029.
2016-09-30 09:22:49 -04:00
Christoph Hrdinka
553a3295c1 nsd: 4.1.9 -> 4.1.12
4.1.12
======

Bugfixes
--------

Fix malformed edns query assertion failure, reported by Michal Kepien (NASK).

4.1.11
======

Features
--------

* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix #790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.

Bugfixes
--------

* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix #783: Trying to run a root server without having configured it silently gives wrong answers.
* Fix #782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.

4.1.10
======

Features
--------

* ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down.
* NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size.
* print notice that nsd is starting before taking off.

Bugfixes
--------

* Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
* Fix #751: NSD fails to occlude names below a DNAME.
* If set without nsd.db print "" as the default in the man pages.
* Fix #755: NSD spins after a zone update and a lot of TCP queries.
* Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser.
* #772 Document that recvmmsg has IPv6 problems on some linux kernels.

4.1.9
=====

Bugfixes
--------

* Change the nsd.db file version because of nanosecond precision fix.
2016-09-27 00:14:24 +02:00
Frederik Rietdijk
4020035513 Merge pull request #18935 from rycee/pullout/radicale
radicale: break into own package
2016-09-26 22:14:42 +02:00
aszlig
2af7051197
nixos/offlineimap: Move to services/mail
The services/networking directory is already quite polluted and the
first point where I was looking for the offlineimap module was in
services/mail and didn't find it there.

Offlineimap already has IMAP in its name and clearly belongs to the
"mail" category so let's move it there.

Tested by evaluating a configuration with services.offlineimap enabled.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @DamienCassou
2016-09-26 21:18:06 +02:00
aszlig
603b73f1e1
nixos/offlineimap: Don't build the package on eval
Coercing the derivation to string causes the package to be built during
evaluation rather than during actual realization which is completely
unnecessary because we don't need additional Nix expression information
for the package (nor do we need it for the service).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @DamienCassou
Cc: @Profpatsch (stumbled on this because of him)
2016-09-26 21:07:06 +02:00
Robert Helgesson
9d2a831497
radicale: break into own package
Since this is an application it is not suitable for pythonPackages,
which is more appropriate for Python modules.
2016-09-25 22:15:19 +02:00
Michele Guerini Rocco
ec8d5945ce connman: disable connman-vpn by default (#18323) 2016-09-25 08:02:29 +02:00
Wei-Ming Yang
e330807e1f
murmur service: welcome -> welcometext
fixed incorrect option name `welcome` to `welcometext`.

joachifm added a rename for backwards compat.

Closes https://github.com/NixOS/nixpkgs/pull/18570
2016-09-23 16:08:14 +02:00
Jookia
e23cc550b3 nixos: add htpdate module 2016-09-23 02:02:20 +10:00
Alexey Shmalko
60cfc558be Merge pull request #18718 from Mic92/powerdns
powerdns: init at 4.0.1
2016-09-20 11:07:51 +03:00
Jörg Thalheim
b0a1c0b343
powerdns: init at 4.0.1
fixes #18703
2016-09-18 14:52:44 +02:00
Joachim Fasting
22d6c97855
unbound service: extend isLocalAddress to handle ipv6 2016-09-16 09:47:36 +02:00
Joachim Fasting
5dc60051fa
unbound service: some pre-chroot isolation
While entering the chroot should provide the same amount of isolation,
the preStart script will run with full root privileges and so would
benefit from some isolation as well (in particular due to
unbound-anchor, which can perform network I/O).
2016-09-15 15:37:20 +02:00
Joachim Fasting
39f5182a30
unbound service: use auto-generated uid
1. The preStart script ensures consistent ownership, even if the unbound
   user's uid has changed
2. The unbound daemon does not generate data that needs to be private to
   it, so it would not matter that a different service would end up
   owning its data (as long as unbound remains enabled, it should reclaim
   ownership soon enough anyway).

Thus, there's no clear benefit to allocate a dedicated uid for the
unbound service.  This releases uid/gid 48.

Also, because the preStart script creates the data directory, there's no
need to specify a homedir or ask for its creation.
2016-09-15 15:37:19 +02:00
Joachim Fasting
0759e77dfd
unbound service: add reference to man:unbound.conf(8) 2016-09-15 15:37:19 +02:00
Joachim Fasting
52432ee63d
unbound service: non-blocking random in chroot
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
2016-09-15 15:37:19 +02:00
Joachim Fasting
7980523e00
unbound service: convenient handling of local forward addresses
do-not-query-localhost defaults to yes; with this patch, unbound is
configured to query localhost if any of the forward addresses are local.
2016-09-15 15:37:19 +02:00
Alexander Ried
8524df1259 networking.nat: replace network-interfaces.target
We can replace this safely with network-pre because iptables does not
care whether the interfaces exist or not.
2016-09-13 11:19:22 +02:00
Alexander Ried
60430b140c lshd service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Alexander Ried
d43b2b9c85 openvpn service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Alexander Ried
97416eaeef gpve service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Alexander Ried
fbf0abf4af softether: improve service dependencies 2016-09-13 11:19:22 +02:00
Alexander Ried
9819cdc71a wicd: get closer to upstream service definition
taken from
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/view/head:/other/wicd.service
2016-09-13 11:19:22 +02:00
Alexander Ried
3ada966bd5 treewide: minor format / style / documentation fixes 2016-09-13 11:19:22 +02:00
Alexander Ried
bc7710468d networking.dhcpcd: use upstream targets 2016-09-13 11:19:22 +02:00
Joachim Fasting
5a2a3510b9 zerobin service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting
c7ed675fe3 xinetd service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting
cda9af6eb8 wpa-supplicant service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting
768b333dc1 tinc service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting
795defaae0 tcpcrypt service: remove use of network-interfaces.target 2016-09-13 11:19:22 +02:00
Joachim Fasting
67d9369e5d radicale service: network-interfaces.target -> network{,-online}.target 2016-09-13 11:19:22 +02:00
Joachim Fasting
652e0b4b8a oidentd service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting
ae71667451 cjdns service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Joachim Fasting
69e15b7ba5 bind service: network-interfaces.target -> network.target 2016-09-13 11:19:22 +02:00
Alexander Ried
06b2897c40 networking.dhcpcd: Don't add to system closure when using networkd (#18436) 2016-09-13 07:55:17 +02:00
Eric Sagnes
7e5a24c23a i2pd module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes
b73ca0df27 tinc module: optionSet -> submodule 2016-09-13 12:53:12 +09:00
Eric Sagnes
8d58771b94 openvpn module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes
775d98acbc xinet module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes
819524a0d3 supplicant module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes
48d6fa933c sshd module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes
d89a718baf prosody module: optionSet -> submodule 2016-09-13 12:53:11 +09:00
Eric Sagnes
c3bdee3c39 nat module: optionSet -> submodule 2016-09-13 12:53:10 +09:00
Franz Pletz
5c38882f38
toxvpn service: doesn't require online network
Tested that it detects network changes quickly.
2016-09-11 08:16:55 +02:00
Franz Pletz
c58654e2b7
treewide: fix fallout of ip-up deprecation
See #18319 for details. Starting network-online.target manually does not
work as it hangs indefinitely.

Additionally, don't treat avahi and dhcpcd special and sync their systemd units
with the respective upstream suggestion.
2016-09-11 08:13:04 +02:00
Alexander Ried
27bc34f1e4 treewide: deprecate ip-up.target (#18319)
Systemd upstream provides targets for networking. This also includes a target network-online.target.

In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
2016-09-10 18:03:59 +02:00
Domen Kožar
fed3501b07 Remove docker-registry as it's deprecated #18209 2016-09-09 18:50:42 +02:00
Robert Helgesson
bf371a8b06 radicale service: use "simple" service type (#18406)
Radicale can run as a foreground service and will then emits logging and
errors on the standard output. This helps the logging end up in the
systemd journal.
2016-09-08 12:34:22 +02:00
aszlig
fb46df8a9a
nixos: Fix ordering of firewall.service
Follow-up to the following commits:

  abdc5961c3: Fix starting the firewall
  e090701e2d: Order before sysinit

Solely use sysinit.target here instead of multi-user.target because we
want to make sure that the iptables rules are applied *before* any
socket units are started.

The reason I've dropped the wantedBy on multi-user.target is that
sysinit.target is already a part of the dependency chain of
multi-user.target.

To make sure that this holds true, I've added a small test case to
ensure that during switch of the configuration the firewall.service is
considered as well.

Tested using the firewall NixOS test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
2016-09-07 15:11:24 +02:00
Eelco Dolstra
e090701e2d firewall: Order before sysinit
Suggested by @aszlig.
2016-09-07 14:42:30 +02:00
Eelco Dolstra
abdc5961c3 Fix starting the firewall
Probably as a result of 992c514a20, it
was not being started anymore.

My understanding of systemd.special(7) (section "Special passive
system units") is that the firewall should want network-pre.target,
rather than the other way around (not very intuitive...). This in
itself does not cause the firewall to be wanted, which is why the
wanted-by relationship with multi-user.target is necessary.

http://hydra.nixos.org/build/39965589
2016-09-07 14:30:11 +02:00
Alexey Shmalko
b7237abc08 avahi-daemon: remove default browse-domains
These domains are not actually default but examples. See
https://github.com/lathiat/avahi/blob/master/avahi-daemon/avahi-daemon.conf#L24
for default config.
2016-09-07 13:58:21 +02:00
Eelco Dolstra
520cb14f16 Fix infinite recursion introduced by f3c32cb2c1 2016-09-05 18:17:22 +02:00
Eelco Dolstra
f3c32cb2c1 Let services.openssh.forwardX11 imply programs.ssh.setXAuthLocation 2016-09-05 15:38:42 +02:00
Octavian Cerna
a30d4654f2 quagga service: New NixOS module. 2016-09-02 13:59:51 +03:00
Nikolay Amiantov
608ee1c7b3 mjpg-streamer service: restart on failure 2016-09-02 11:44:16 +03:00
Parnell Springmeyer
98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Joachim Fasting
6df8de50f3
unbound service: whitespace fixes 2016-09-01 14:51:33 +02:00
Joachim Fasting
03c2c87ed6
unbound service: use mkEnableOption 2016-09-01 14:51:32 +02:00
zimbatm
17dbfeb450 Merge pull request #18152 from roblabla/bugfix-zeroTierOneConfigurablePackage
zerotierone: make package configurable
2016-08-31 12:34:59 +01:00
roblabla
caa1350e07 zerotierone: make package configurable 2016-08-31 12:39:55 +02:00
Joachim Fasting
d78e0ed1f9
dnscrypt-proxy module: move detailed info to module documentation 2016-08-29 23:48:12 +02:00
Joachim Fasting
68210aa772
dnscrypt-proxy module: serviceConfig.Group is redundant
Same as user's primary group if left unspecified
2016-08-29 23:48:12 +02:00
Joachim Fasting
23a7e6e911
dnscrypt-proxy module: formatting 2016-08-29 23:48:11 +02:00
Domen Kožar
e01e92f12f Merge pull request #15025 from ericsagnes/modules/manual
manual: automatically generate modules documentation
2016-08-28 13:57:34 +02:00
Graham Christensen
8d10928ad0 Merge pull request #17908 from Mic92/ferm
Ferm
2016-08-25 20:38:02 -04:00
Jörg Thalheim
7b354ce8cc
ferm: init at 2.3 2016-08-25 21:37:19 +02:00
Carles Pagès
3374aa25bc cjdns: fix assertion. 2016-08-25 08:57:18 +02:00
Nikolay Amiantov
5ff6e98486 modprobe service: drop kmod wrapper 2016-08-19 17:56:49 +03:00
Joachim F
c2bfce8de8 Merge pull request #16762 from matthewbauer/gnustep2
Add "gnustep" to nixpkgs
2016-08-17 23:38:56 +02:00
Matthew Bauer
f541715057 gnustep: fix gdomap service
This gets rid of the rest of the pidfile stuff and makes gdomap just act
like a normal systemd process. Also reword "enable" option.
2016-08-16 21:11:06 +00:00
Matthew Bauer
5ea9bd0920 gnustep: fix naming of gnustep stuff
This should fix the NixOS issues.
2016-08-16 21:11:05 +00:00
Artyom Shalkhakov
697982b91b gnustep: fix gdnc, gdomap
Both gdnc and gdomap seem to work.
2016-08-16 21:00:31 +00:00
Artyom Shalkhakov
d3d580ebbe gnustep: cleanup
Major clean-up. Everything builds fine.
2016-08-16 21:00:27 +00:00
Artyom Shalkhakov
9b17cd8fab gnustep: add nixos deamons
Adding basic daemons: gdomap and gdnc. It seems that GWorkspace
does is unable to work properly without the daemons.
2016-08-16 21:00:21 +00:00
Svein Ove Aas
102472b8de unifi: Open required ports by default.
The controller does not work at all if they aren't, with the exception
of special configurations involving L3 or custom ports.
2016-08-16 21:01:49 +01:00
Svein Ove Aas
e3f0a09b6d unifi: chown the data dir as well.
It needs to be writeable.
2016-08-16 21:01:49 +01:00
Shea Levy
9adad8612b Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
Was meant to go into staging, sorry

This reverts commit 57b2d1e9b0, reversing
changes made to 760b2b9048.
2016-08-15 19:05:52 -04:00
Nikolay Amiantov
b2ebecd9e5 modprobe service: drop kmod wrapper 2016-08-16 00:19:25 +03:00
Nikolay Amiantov
bda3423b3a networkmanager service: make wanted by network.target, drop networkmanager-init 2016-08-14 22:38:58 +03:00
Nikolay Amiantov
0f59901b57 ejabberd service: move service to foreground 2016-08-14 22:37:06 +03:00
Eric Sagnes
4cdfeb78f9 modules: move meta at top level 2016-08-11 00:29:48 +09:00
jokogr
adeab67bd8 syncthing service: add syncthing-inotify (#17320) 2016-08-06 17:20:18 +02:00
Peter Hoeg
c4cba0e51f ssh module: ignore exit code when socket activated
sshd will at times fail when exiting. When socket activated, this will
leave a number of sshd@ service instances in the failed state, so we
simply ignore the error code if we are running socket activated.

Recommended by upstream:
http://systemd-devel.freedesktop.narkive.com/d0eapMCG/socket-activated-sshd-service-showing-up-as-a-failure-when-the-client-connection-fails

Fixes: #3279
2016-08-04 16:47:44 +08:00
Damien Cassou
c5d9dc9cfa Merge pull request #17418 from DamienCassou/offlineimap-module-reporting
offlineimap's module: change UI to syslog
2016-08-04 08:33:20 +02:00
Joachim Fasting
79ac02ed64
dnscrypt-proxy service: update resolver list 2016-08-02 09:36:22 +02:00
Joachim Fasting
c91d07b668
dnscrypt-proxy module: types.string should be types.str 2016-08-01 12:55:42 +02:00
Damien Cassou
19af5b444e offlineimap's module: change UI to syslog
The 'syslog' UI "allows better integration with systemd":
http://www.offlineimap.org/doc/Changelog.html#offlineimap-v660-rc2-2015-10-15
2016-08-01 09:37:53 +02:00
Franz Pletz
76b21b7adb nixos/firewall: Refactor rpfilter, allow DHCPv4 (#17325)
Adds a new chain in the raw table for reverse path filtering and optional
logging. A rule to allow serving DHCPv4 was also added as it is commonly
needed and poses no security risk even when no DHCPv4 server is running.

Fixes #10101.
2016-07-31 13:49:24 +02:00
Tristan Helmich
c9b9692347 tinc: add Restart in systemd service config 2016-07-27 10:38:57 +02:00
Ioannis Koutras
24968fc1c1 syncthing: fix system service 2016-07-26 13:10:15 +03:00
Emery Hemingway
90ee01cd3d nixos: disable DHCP on ZeroTier interfaces 2016-07-23 21:04:42 +02:00
Michele Guerini Rocco
267e362fbc syncthing: Allow the user service to be enabled with systemctl (#17136) 2016-07-21 04:49:58 +02:00
cransom
4a9b640f37 smokeping: init at 2.6.11 (#17090)
Includes a module for service setup and a test
to verify functionality of both service and pkg.
2016-07-21 01:07:59 +02:00
Bjørn Forsman
78eac466b0 nixos/ddclient: add warning about password being world readable
Closes #16885.
2016-07-19 16:51:42 +02:00
Damien Cassou
85a895d60f offlineimap: add nixos module (#16842) 2016-07-11 10:37:18 +02:00
Robert Helgesson
9f4775dbb5 ddclient service: use environment.etc
The ddclient daemon requires that the configuration file is only
accessible by the ddclient user. This since it typically contains login
information.
2016-07-09 14:51:36 +02:00
Anders Lundstedt
5f3c4bd11e nixos: fix avahi connectivity for shairport-sync module
The shairport-sync service currently fails to start with the error

shairport avahi_entry_group_new failed

This problem seems to have been introduced by

cdd7310a50

After some trial and error I concluded that the attached commit is a minimal
fix.
2016-07-08 16:22:51 +02:00
Corbin
45a066512e services/avahi: Add domainName setting
Fixes #15795.
2016-06-26 23:15:39 +02:00
zimbatm
4f5918cd2e Revert "stdenv: introduce baseHash() to replace stripHash()"
Introduced by mistake

This reverts commit e71a5cb878.
2016-06-25 14:25:58 +01:00
zimbatm
e71a5cb878 stdenv: introduce baseHash() to replace stripHash()
stripHash uses a global variable to communicate it's computation
results, but it's not necessary. You can just pipe to stdout in a
subshell. A function mostly behaves like just another command.

baseHash() also introduces a suffix-stripping capability since it's
something the users of the function tend to use.
2016-06-25 14:20:56 +01:00
Alexander Ried
c1319572d4 networkmanager: Dependency on avahi-autoipd has been dropped.
Native IPv4 link-local addressing configuration based on systemd network library is now used instead.
2016-06-23 23:12:41 +02:00
Benjamin Saunders
8e47786c0e coturn: init at 4.5.0.3 (#16284) 2016-06-21 12:59:29 +02:00
obadz
fb6b4860c7 xl2tpd: add nixos module for service
(required adding execv to libredirect)
2016-06-20 21:41:59 +01:00
zimbatm
b0f8416c5c Merge pull request #16180 from zimbatm/shell-escaping
Escape all shell arguments uniformly
2016-06-19 23:27:52 +01:00
obadz
8ab188eb16 pptpd service: improve option descriptions per @bjornfor's suggestion 2016-06-18 16:28:06 +01:00
obadz
fc975bcffb pptpd: add nixos service 2016-06-18 02:08:07 +01:00
Benno Fünfstück
519673e714 wpa_supplicant: start after wireless interfaces
wpa_supplicant fails to start if the wireless interfaces aren't ready yet,
so we need to add a system ordering directive here to start wpa_supplicant
after the interfaces are ready. Note that Requires= is not enough since
it does not imply ordering.
2016-06-16 00:22:08 +02:00
Kamil Chmielewski
437ea9fd37 Fixes #16181 - using bin output for Go services 2016-06-13 23:32:16 +02:00
zimbatm
28fa4a2f03 Escape all shell arguments uniformly 2016-06-12 18:11:37 +01:00
Joachim Fasting
376ba5f17f
dnscrypt-proxy service: update resolver list 2016-06-09 14:03:40 +02:00
Benno Fünfstück
c85f2b20e6 nixos/openvpn: add support for resolvconf
The update-resolve-conf script from the update-resolv-conf
package is very useful and should work in most of the common
cases, so this adds an option to enable it. The option is
disabled by default for backwards compatibility.
2016-06-06 20:43:52 +02:00
obadz
0c9e904943 toxvpn: restartIfChanged = false & minor cleanups 2016-05-30 14:23:52 +01:00
anderspapitto
dd2bb96dbe syncthing service: respect cfg.package (#15810) 2016-05-30 10:14:19 +02:00
obadz
d18ba0f50d toxvpn: init at 20151111
(Authored by @cleverca22)
2016-05-30 00:21:22 +01:00
Alexander Ried
8fbdb40ef0 services.*ntp*: Add time-sync.target to ntp clients (#15714)
See: https://www.freedesktop.org/software/systemd/man/systemd.special.html#time-sync.target
2016-05-26 16:25:36 +02:00
Joachim Fasting
e27e0b3d75 Merge pull request #15620 from Cornu/mosquitto
mosquitto service: init
2016-05-24 13:56:06 +02:00
Hans-Harro Horn
77f2c305b6 mosquitto service: init
Initial Mosquitto MQTT Broker service file.
2016-05-24 10:49:03 +02:00
Joachim Fasting
0f384e5cf2
dnscrypt-proxy service: update resolver list 2016-05-23 16:44:20 +02:00