Commit graph

1411 commits

Author SHA1 Message Date
Evgeny Egorochkin
3767eecd99 kde4: install mysql by default since it's used by akonadi 2013-10-08 17:47:17 +03:00
Aristid Breitkreuz
5e07af062d rsnapshot: do not use /etc/rsnapshot.conf 2013-10-06 23:36:07 +02:00
Aristid Breitkreuz
2700a13596 rsnapshot: extraConfiguration -> extraConfig 2013-10-06 23:05:30 +02:00
Aristid Breitkreuz
fa1f5e5b75 implement bjornfors comments 2013-10-06 23:02:41 +02:00
Aristid Breitkreuz
cd98acd3a7 add simple rsnapshot module 2013-10-06 22:23:52 +02:00
Evgeny Egorochkin
56e5b35f2e Properly wipe .compose-cache.
Fixes #267.
2013-10-06 10:53:05 +03:00
Marc Weber
5dbc5f120c firebird service
many suggestions contributed by bjornfor and edolstra
2013-10-05 23:07:33 +02:00
Rok Garbas
c95d830839 adding http_address option to varnish service 2013-10-04 00:24:59 +02:00
Rok Garbas
7b6e26b380 some more zope2 service improvements 2013-10-04 00:24:18 +02:00
Rok Garbas
4ff36cb137 zope2 service fixes 2013-10-03 20:01:58 +02:00
Domen Kožar
fb34754933 Prettify graphite service
cc @offlinehacker
2013-10-03 16:20:48 +02:00
Rok Garbas
81d28e744c zope2 service (plone) 2013-10-02 15:15:40 +02:00
Eelco Dolstra
df6f5ade40 cupsd: Use Type=forking
http://hydra.nixos.org/build/6291101
2013-09-26 23:56:38 +02:00
Eelco Dolstra
e1318e6026 cupsd: Log to syslog (and thus the journal) 2013-09-26 21:05:20 +02:00
Eelco Dolstra
82e1d0c8b1 Remove services.ttyBackgrounds
This hasn't worked in a long time.
2013-09-26 17:33:52 +02:00
Eelco Dolstra
b7b2476499 Remove the portmap module
It's obsoleted by rpcbind.
2013-09-26 17:04:07 +02:00
Rickard Nilsson
78721f57eb nvidia-x11: Put nvidia.icd in /etc/OpenCL/vendors
This makes OpenCL work with Nvidia cards (tested with darktable).
2013-09-24 20:28:52 +02:00
Eelco Dolstra
9df40867b9 In environment.variables, unify "value" and "list" 2013-09-23 23:07:32 +02:00
Mathijs Kwik
3840e96e79 Merge pull request #256 from oxij/shells-environment
I tested the previous "version" and found my environment to be exactly the same.

Let's start discussing possible extensions/improvements somewhere else. For now it's a nice improvement.
2013-09-23 11:23:10 -07:00
Jan Malakhovski
b3f4040512 Radically change the way NixOS handles environment variables and make it possible not to use Bash as the default interactive shell.
This change does two things:

* "NixOSizes" environment variables generation. This allows some more
  error-checking and opens possibilities for a modular environment
  configuration. From now on the most of environment variables are
  generated directly by the nix code. Generating sh code that
  generates environment variables is left in a few places where
  nontrivial access to a local environment state is needed.
* By doing the first change this patch untangles bash from the
  environment configuration and makes it trivial to add a support for
  other non bash-compatible shells.

Now to the sad part. This change is quite large (and I'm not sure it's
possible to split it) and yet is not quite complete, it needs some
changes to nixpkgs to be perfect.
See !!! comments in modules/config/shells-environment.nix.

Main principle behind this change is "change environment generation
and nothing else". In particular, shell configuration principles stay
exactly the same as before.
2013-09-23 16:55:25 +00:00
Rickard Nilsson
bfd86d4e74 Fix bug in NetworkManager name server configuration 2013-09-23 16:01:56 +02:00
Eelco Dolstra
d94aa36f1e Fix saving the ALSA sound card state
This didn't work reliably because it raced with the remounting of /.
So if you were unlucky, then / was read-only by the time we ran
"alsactl store".  Now the sound card state is saved before anything is
unmounted/remounted.
2013-09-22 21:39:05 +02:00
Bjørn Forsman
4be44d011b services.cgminer.enable: improve description
So that a search for "bitcoin" in the configuration.nix(5) man page
yields a hit.
2013-09-22 16:44:00 +02:00
Jan Malakhovski
af2382606c bind: allow forwarders to differ from nameservers 2013-09-17 01:21:17 +00:00
Rob Vermaas
0408858a8a Set CURL_CA_BUNDLE env variable for nix-daemon to allow pulling from a binary cache on https. Did not add to nix.envVars to avoid being added to shellInit. 2013-09-16 19:02:20 +02:00
Oliver Charles
3a1024478a lightdm: Use xserver.nix environment variables when starting X
This reduces code duplication, but more importantly means that the
DRI modules can be found by X enabling hardware acceleration.

Close #249; the PR also refers to more about DRI modules.
2013-09-12 10:09:53 +02:00
Peter Simons
4a7d8a84bc modules/services/networking/tcpcrypt.nix: specify start-up dependencies in systemd style
Thanks, Eelco, for pointing this out.
2013-09-11 18:56:09 +02:00
Peter Simons
0afcc637d7 Add support for opportunistic TCP encryption.
Set "networking.tcpcrypt.enable = true;" to enable opportunistic TCP encryption
based on the user-space tools available from <http://tcpcrypt.org>.

Network attackers come in two varieties: passive and active (man-in-the-middle).
Passive attacks are much simpler to execute because they just require listening
on the network. Active attacks are much harder as they require listening and
modifying network traffic, often requiring very precise timing that can make
some attacks impractical.

Opportunistic encryption cannot protect against active attackers, but it *does*
protect against passive attackers. Furthermore, Tcpcrypt is powerful enough to
stop active attacks, too, if the application using it performs authentication.

A complete description of the protocol extension can be found at
<http://tools.ietf.org/html/draft-bittau-tcp-crypt-00>.
2013-09-10 23:32:55 +02:00
Eelco Dolstra
c4092f2a8d firewall.nix: Less verbosity 2013-09-10 15:17:52 +02:00
Eelco Dolstra
94bb48be78 firewall.nix: Don't make missing rpfilter support a fatal error
This makes upgrading from Linux 3.2 to 3.4 a bit nicer.
2013-09-10 15:17:52 +02:00
Bjørn Forsman
8a01d244b1 Add services.samba.nsswins option
This option allows for seamless WINS/NetBIOS name lookup, using
nsswitch.
2013-09-07 15:09:44 +02:00
Eelco Dolstra
17457297cb Update all legacy-style modules
I.e., modules that use "require = [options]".  Nowadays that should be
written as

  {
    options = { ... };
    config = { ... };
  };

Also, use "imports" instead of "require" in places where we actually
import another module.
2013-09-04 13:05:09 +02:00
Antono Vasiljev
16c0a24cad Openbox 2013-09-01 21:18:48 +03:00
Domen Kožar
e45e62e078 merge 2013-08-30 18:05:08 +02:00
Moritz Ulrich
f8d1aac7d8 minidlna: Start after networking.target.
Signed-off-by: Moritz Ulrich <moritz@tarn-vedra.de>
2013-08-27 20:51:34 +02:00
Jaka Hudoklin
c613ae7b82 Add elasticsearch, a powerful open source search and analytics engine 2013-08-27 20:42:59 +02:00
Evgeny Egorochkin
7021b07a8d Move the compose-cache code from kde4 to xsession since it is supposedly useful for all X-based stuff. 2013-08-26 17:06:05 +03:00
Rickard Nilsson
b0b5e08e86 Add some more missing uids/gids 2013-08-26 15:20:25 +02:00
Eelco Dolstra
40c6f6252e Fix spelling
Also, it's not necessary to order a unit after "sysinit.target" since
that's implied.
2013-08-26 12:18:26 +02:00
Eelco Dolstra
8bfbe7ef84 Don't try to guess the location of the NixOS config file
The NixOS config need not be $NIXOS_CONFIG, it can also be set through
-I nixos-config=... or not exist in a separate file at all (e.g. in a
NixOps deployment).

Issue #212.
2013-08-26 12:14:14 +02:00
Mathijs Kwik
651686626f convert bbswitch job to systemd unit
dramatically speeds up my boot time because it was the last
service (for me) that depended on udev-settle.service

udev-settle isn't needed for modern system initialization but some
oldschool services (mdadm/lvm/cryptsetup) depend on it so they can
just enumerate devices instead of having to react to changes
dynamically. In NixOS these things are usually already taken care of
during stage 1 (early ramdisk) if you use them.
2013-08-25 13:58:09 +02:00
Lluís Batlle i Rossell
48cdd60e02 Fixing handling of parameters with spaces in torsocks/torify 2013-08-24 23:23:48 +02:00
Eelco Dolstra
9771f0c96c sshd: Support multiple host keys
The option services.openssh.hostKeys now allows specifying multiple
host keys.  The default value enables both a DSA and ECDSA key.
(Clients by default will use the ECDSA key, unless known_hosts already
has a DSA key for that host.)  To use only an ECDSA key, you can say:

  services.openssh.hostKeys =
    [ { path = "/etc/ssh/ssh_host_ecdsa_key";
        type = "ecdsa";
        bits = 521;
      }
    ];
2013-08-24 01:01:10 +02:00
Evgeny Egorochkin
f8a6fa774e SSH daemon: change default key size for RSA, add alert for weak keys. 2013-08-23 14:50:14 +03:00
Rickard Nilsson
f420726936 Add several missing uids and gids to modules/misc/ids.nix 2013-08-23 11:37:17 +02:00
Jaka Hudoklin
5894f26c81 Add statsd, simple daemon for easy stats aggregation 2013-08-21 11:52:25 +02:00
Eelco Dolstra
eefe0786f9 nixos-help: Use xdg-open if available 2013-08-20 17:11:47 +02:00
Rickard Nilsson
1ff7584a30 networkmanager: Add option for appending DNS settings
If the option is enabled, the DNS servers from networking.nameservers
will be inserted in /etc/resolv.conf after the DNS servers that
NetworkManager receieves by DHCP, or that is configured manually
in the connection settings.
2013-08-20 13:36:01 +02:00
Rob Vermaas
71a21704dc Fix typoe in graphite module (cabon -> carbon). 2013-08-19 10:21:31 +02:00
Domen Kožar
6004b28af8 merge 2013-08-19 09:06:31 +02:00