Commit graph

177 commits

Author SHA1 Message Date
William A. Kennington III
ec9c4143a7 nixos/firewall: Cleanup in case reload fails 2014-09-16 15:51:57 -07:00
William A. Kennington III
1321fd175d nixos/nat: Leverage firewall module 2014-09-15 21:31:27 -07:00
William A. Kennington III
6a43d51291 nixos/firewall: Support extraStopCommands 2014-09-15 21:31:26 -07:00
William A. Kennington III
fd7b9b4291 nixos/firewall: Don't allow traffic during reload 2014-09-15 20:40:16 -07:00
Jaka Hudoklin
f7ba3d833f nixos/znc: fix module, createUser option does not exist anymore 2014-09-13 02:20:32 +02:00
William A. Kennington III
bab5efd237 nixos/ssh: Allow user to configure the package that provides ssh/sshd 2014-09-11 22:07:39 -07:00
Aristid Breitkreuz
c3fe942a57 start dhcpcd after network-interfaces 2014-09-06 13:52:09 +02:00
aszlig
e8c4fde22d
nixos/nsd: Improve support for journald/systemd.
Don't fork into the background and just log to stderr.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
aszlig
6386df1645
nixos/nsd: Fix indentation/coding style.
For Nix, we indent using two spaces, but in this module somehow 4 spaces
were snuck in. Other than that, remoteControl and ratelimit are just
nested attribute sets, so we don't need to make another submodule type
for no particular reason.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-05 02:54:39 +02:00
Luca Bruno
2ba523df24 nixos nat: add description to forwardPorts 2014-09-04 11:33:08 +02:00
Luca Bruno
e6ab680cbf nixos nat: add type for sourcePort and destination of forwardPorts 2014-09-04 10:26:33 +02:00
Michael Raskin
4155121069 Merge pull request #3926 from lethalman/fwdports
nixos/nat: add forwardPorts for external->internal DNAT
2014-09-03 21:54:37 +04:00
Michael Raskin
3e841ef642 Fixing comment case 2014-09-03 20:03:15 +04:00
Michael Raskin
d1ae15b680 Merge pull request #3804 from ehmry/unbound
unbound: run in chroot
2014-09-03 11:45:20 +04:00
Nathan Bijnens
33a3f76ee4 Copy.com: client #3617 2014-09-03 11:31:51 +04:00
William A. Kennington III
9659d0f4fb nixos/dnsmasq: Fix regressions during the systemd update 2014-09-02 17:23:55 -07:00
Vladimir Still
13bbce96c3 sshd: Fix typo in assetion. 2014-09-02 10:06:04 +02:00
Vladimir Still
a2394f09c7 sshd: Add note about listening on port 22 to listenAddresses. 2014-09-01 22:56:35 +02:00
Vladimir Still
ac39d839c3 sshd: Add note about firewall and listenAddresses. 2014-09-01 22:56:35 +02:00
Vladimir Still
e12337156c sshd: Allow to specify ListenAddress. 2014-09-01 22:56:35 +02:00
Michael Raskin
a6dfb4dc28 Merge pull request #3241 from ehmry/cjdns
cjdns declarative configuration
2014-09-02 00:53:18 +04:00
Luca Bruno
b21ac60290 nixos/nat: add forwardPorts for external->internal DNAT 2014-09-01 22:31:56 +02:00
Luca Bruno
31b7cae018 nixos/znc: fix immutable config.
Fix references to coreutils echo and rm.
Make config writable even if immutable because of
https://github.com/znc/znc/blob/master/src/znc.cpp#L964 .
2014-09-01 16:21:12 +02:00
aszlig
29f4642284
nixos: Add new service for OpenNTPd.
This conflicts with the existing reference NTP daemon, so we're using
services.ntp.enable = mkForce false here to make sure both services
aren't enabled in par.

I was already trying to merge the module with services.ntp, but it would
have been quite a mess with a bunch of conditions on the package name.
They both have a bit in common if it comes to the configuration files,
but differ in handling of the state dir (for example, OpenNTPd doesn't
allow it to be owned by anything other than root).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-09-01 16:07:28 +02:00
Michael Raskin
9e3d1b1a8f Merge pull request #3908 from wkennington/master.ip
Reapply the multi-ip code
2014-09-01 10:28:54 +04:00
Jan Malakhovski
8c9b6d932a nixos: add dhcpcd.persistent option 2014-09-01 10:33:48 +04:00
Jan Malakhovski
99243a5c51 nixos: add atftpd service 2014-09-01 10:33:48 +04:00
Emery Hemingway
f60ac82cac cjdns: new declarative service expression
systemd service wants network-interfaces.target rather than network.target
assertion on config.networking.enableIPv6
2014-08-31 18:14:16 -04:00
William A. Kennington III
3d037ebb94 Revert "Revert "Merge pull request #3182 from wkennington/master.ipv6""
This reverts commit ea8910652f.
2014-08-31 09:46:16 -07:00
Rob Vermaas
ea8910652f Revert "Merge pull request #3182 from wkennington/master.ipv6"
This reverts commit b23fd65854, reversing
changes made to 43654cba2c.
2014-08-31 10:58:54 +02:00
Nicolas B. Pierron
a5d6219897 Merge pull request #3864 from nbp/useless-submodules
Remove useless use of undocumented submodules.
2014-08-30 18:21:17 +02:00
William A. Kennington III
4d8390be60 nixos/network-interfaces: Support the old ip configuration convention 2014-08-30 08:05:00 -07:00
William A. Kennington III
098c8f4c77 nixos/network-interfaces: Add support for multiple ipv4 / ipv6 addresses 2014-08-30 07:33:38 -07:00
Michael Raskin
8937b70d07 Merge pull request #3344 from ehmry/privoxy
privoxy: upstart to systemd conversion, actions file editing
2014-08-30 14:19:57 +04:00
Nicolas Pierron
8c19690d99 Remove useless use of optionSet. 2014-08-29 18:43:03 +02:00
Nicolas Pierron
43e52ef001 Remove useless use of undocumented submodules. 2014-08-29 18:28:34 +02:00
Michael Raskin
844fd2553e Merge pull request #3745 from wkennington/master.dnsmasq
dnsmasq: Update and enable dbus support
2014-08-29 01:43:41 +04:00
Michael Raskin
c42e7dfc0c Merge pull request #3200 from wkennington/master.dhcpcd
nixos/dhcpcd: Add an explicit interfaces option
2014-08-29 01:09:22 +04:00
Paul Colomiets
adbb9ff796 dnsmasq: upgrade to 2.71, fixed dnsmasq module
* The module now has systemd config

* Add resolveLocalQueries option which sets up it as a dns server for
  local host (including reasonable setup of resolvconf)

* Add "dnsmasq" user for running daemon

* Enabled dbus and dnssec support for the package

Conflicts:
	nixos/modules/misc/ids.nix
2014-08-28 11:39:03 -07:00
aszlig
8a56a55bb4
nixos/manual: Use literalExample when feasible.
Should bring most of the examples into a better consistency regarding
syntactic representation in the manual.

Thanks to @devhell for reporting.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-08-27 23:41:15 +02:00
Emery Hemingway
e7597b12b8 privoxy: upstart to systemd conversion, actions file editing
fix missing actions and filters
2014-08-27 11:34:10 -04:00
Emery Hemingway
aedbfdff84 unbound: run in chroot 2014-08-26 21:24:09 -04:00
William A. Kennington III
aa77fe0fb0 nixos/radvd: Convert to a systemd unit
Additionally, remove the automatic initialization of the ipv6 forwarding
sysctl as this should be handled by the end user. This really should not
be an issue as most people running radvd are likely forwarding ipv6
packets.
2014-08-24 03:12:55 -07:00
William A. Kennington III
bc6979f7e1 nixos/dhcpcd: Don't configure sit devices 2014-08-14 14:06:56 -05:00
William A. Kennington III
a269acf480 nixos/dhcpcd: Use null instead of empty list to disable allowInterfaces 2014-08-14 14:05:55 -05:00
William A. Kennington III
320a82dd7f nixos/dhcpcd: Add an explicit interfaces option 2014-08-14 14:05:55 -05:00
William A. Kennington III
d0c0c2f9ba nixos/dhcpd: Wait until network interfaces are configured to start 2014-08-13 15:08:43 -05:00
William A. Kennington III
b3ddcfabd9 nixos/dhcpd: Convert to systemd from upstart 2014-08-13 15:08:43 -05:00
William A. Kennington III
24368beed8 nixos/dhcpd: Use dhcp user instead of nobody 2014-08-13 15:08:43 -05:00
William A. Kennington III
4fbf120e84 nixos/dhcpd: Add the ability to drop privileges 2014-08-13 15:08:08 -05:00