Commit graph

4148 commits

Author SHA1 Message Date
Peter Simons
155495deb2 modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available
Connects from 'localhost' are always considered secure.
2012-09-21 12:29:36 +02:00
Peter Simons
1da16a5ea1 modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file 2012-09-21 12:29:36 +02:00
Eelco Dolstra
d4af6edd5e firewall.nix: Allow specifying trusted network interfaces
Trusted network interfaces (such as "lo") will accept any incoming
traffic.
2012-09-20 17:51:44 -04:00
Eelco Dolstra
1e666c10fa Get rid of the last use of mkThenElse 2012-09-20 16:55:32 -04:00
Rickard Nilsson
0de3a0cff3 nscd-invalidate: Invalidate passwd and group databases also
I had some problems with LDAP user lookups not working properly
at boot. I found that invalidating passwd and group on the
ip-up event (when nscd-invalidate starts) helped a bit.
2012-09-19 14:30:55 +02:00
Eelco Dolstra
83c6b1cf3a Set $LOCALE_ARCHIVE in systemd services
Systemd sets locale variables like $LANG when running services, so
$LOCALE_ARCHIVE should also be set to prevent warnings like "perl:
warning: Setting locale failed.".
2012-09-18 18:12:39 -04:00
Eelco Dolstra
d12dd340b6 firewall.nix: Respect networking.enableIPv6 = false
Reported-by: Pablo Costa <modulistic@gmail.com>
2012-09-18 17:20:46 -04:00
Eelco Dolstra
b96835f8dd Merge remote-tracking branch 'origin/master' into systemd 2012-09-14 13:24:03 -04:00
Eelco Dolstra
75583c7984 nixos-rebuild: Support --option 2012-09-14 13:23:19 -04:00
Peter Simons
ad65e807bd Add new 'hardware.cpu.amd.updateMicrocode' option. 2012-09-11 18:44:37 +02:00
Eelco Dolstra
aac6fe44b6 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-09-11 10:58:57 -04:00
Eelco Dolstra
b53842df3e Don't set the passno field for tmpfs and other FSs that have no device
If passno is set, then systemd will instantiate a systemd-fsck unit,
which in turn will instantiate a <device>.device unit
(e.g. "none.device").  Since no such device exists, mounting will
fail.  So don't set passno.
2012-09-11 10:55:56 -04:00
Ludovic Courtès
f7530dc5ee avahi: Never set host-name' to the empty string in avahi-daemon.conf'. 2012-09-07 10:58:53 +02:00
Rob Vermaas
27880ed729 Change logstash job startOn attribute to include networking 2012-09-06 12:31:15 +02:00
Shea Levy
f701e8d420 d'oh 2012-09-03 12:11:07 -04:00
Shea Levy
4be367ec47 Damn NixOS lack of laziness... 2012-09-03 10:35:45 -04:00
Eelco Dolstra
e0e0e57c26 Fix the OpenVPN jobs 2012-08-30 21:11:36 -04:00
Mathijs Kwik
bce1cdd59c fix kernel 3.4+ early cifs mounting (qemu-vm target)
kernel 3.4+ needs cifs-utils to mount CIFS filesystems.
the kernel itself (and busybox's cifs mount code) are no longer able
to do this in some/most cases and will error out saying:
"CIFS VFS: connecting to DFS root not implemented yet"

Nixos' qemu-vm target is hurt by this, as it wants to mount /nix/store
via cifs very early in the boot process.

This commit makes sure the initrd for affected kernels is built with
cifs-utils if needed.
2012-08-30 18:31:45 +02:00
Mathijs Kwik
a502ce1128 networking: add proxy_arp / proxy_ndp options.
proxy_arp (and proxy_ndp for ipv6) can be turned on on a few
interfaces (at least 2).
This is mainly useful for creating pseudo-bridges between a real
interface and a virtual network such as VPN or a virtual machine for
interfaces that don't support real bridging (most wlan interfaces).
As ARP proxying acts slightly above the link-layer, below-ip traffic
isn't bridged, so things like DHCP won't work. The advantage above
using NAT lies in the fact that no IP addresses are shared, so all
hosts are reachable/routeable.
2012-08-29 22:59:36 +02:00
Mathijs Kwik
0dd46d1335 networking: add options for configuring virtual devices (tun/tap)
These are mainly useful for network tunnels (vpn/ipv6) and creating
bridges for virtual machines
2012-08-29 22:59:36 +02:00
Mathijs Kwik
d106a8a296 logcheck: make sure directories are writable during merge phase 2012-08-29 22:59:28 +02:00
Peter Simons
51e58dafca spamassassin: use a dedicated user for running spamd 2012-08-28 16:27:28 +02:00
Mathijs Kwik
2769f594f3 add logcheck module 2012-08-26 16:04:49 +02:00
Mathijs Kwik
aba9f76105 change permission of /run/lock to allow non-root access to subdirectories 2012-08-26 10:17:22 +02:00
Mathijs Kwik
05262ad35d postfix: allow specifying 'virtual' mappings
mainly useful for having a few local addresses (me@host.domain.com) while the majority of
addresses are on the domain (you@domain.com)
2012-08-24 00:27:07 +02:00
Eelco Dolstra
8adc1ee92e switch-to-configuration: Stop sockets corresponding to services
If a service has a corresponding socket unit, then stop the socket
before stopping the service.  This prevents it from being restarted
behind our backs.  Also, don't restart the service; it will be
restarted on demand via the socket.
2012-08-23 12:12:58 -04:00
Eelco Dolstra
e194d41b9c cpufreq: Don't complain if a CPU doesn't support the desired governor 2012-08-23 12:12:25 -04:00
Eelco Dolstra
4c65a5d95c Don't restart agetty 2012-08-23 11:13:33 -04:00
Eelco Dolstra
dfb6e891b9 switch-to-configuration: Don't restart systemd-user-sessions.service
Restarting it causes all user sessions to be killed.
2012-08-23 11:11:14 -04:00
Eelco Dolstra
af550048e8 switch-to-configuration: Don't restart the suspend/hibernate targets
Restarting them has the side effect of suspending/hibernating the
system again.
2012-08-23 11:11:04 -04:00
Eelco Dolstra
9e5bbee2b1 Make cpufreq a service instead of a task
Otherwise it will be restarted by switch-to-configuration even when it
hasn't changed.
2012-08-23 11:08:42 -04:00
Eelco Dolstra
b02c488fde Automatically append ".service" to the name of service units 2012-08-23 10:25:27 -04:00
Eelco Dolstra
cce6e48edf Don't use consolekit anywhere 2012-08-23 10:25:15 -04:00
Eelco Dolstra
0280aa2dc4 Remove the lvm job
There is a generator in lvm2 that takes care of this.
2012-08-23 10:23:41 -04:00
Eelco Dolstra
c2da812bd0 Enable upower's systemd unit 2012-08-21 11:29:59 -04:00
Eelco Dolstra
223f04b3ca Add option ‘boot.systemd.packages’ to use units from the specified packages 2012-08-21 11:28:47 -04:00
Eelco Dolstra
e02b57df9b Fix the dependencies of the vboxnet0 service 2012-08-20 16:19:57 -04:00
Eelco Dolstra
f3def8194e switch-to-configuration: Restart all active targets 2012-08-20 16:19:03 -04:00
Eelco Dolstra
3f4ffffed7 Fix a Perl warning 2012-08-20 11:32:50 -04:00
Eelco Dolstra
08f14b33c1 Merge branch 'master' of github.com:NixOS/nixos into systemd 2012-08-20 11:27:38 -04:00
Eelco Dolstra
36e05e8dd2 Add some more backward compatibility hacks 2012-08-20 11:21:11 -04:00
Eelco Dolstra
39ec043aea Typo 2012-08-20 11:21:03 -04:00
Eelco Dolstra
5408f1ebcd Build slim without consolekit 2012-08-20 11:11:25 -04:00
Eelco Dolstra
cdc3604a7d kdm: Do a poweroff, not a halt 2012-08-20 11:11:10 -04:00
Eelco Dolstra
ebb1781dfc Fix KDE/kdm 2012-08-20 11:10:19 -04:00
Peter Simons
16713db4e2 modules/programs/bash/bashrc.sh: adapt bash completion for version 2.0 of the package 2012-08-20 16:37:14 +02:00
Petr Rockai
5dc8bc5f2a Do not assume that /dev/console can always be written. 2012-08-18 14:29:09 +02:00
Eelco Dolstra
6547ecb72f Remove policykit.nix (old PolicyKit module)
Only the HAL module needed it.
2012-08-17 14:47:37 -04:00
Eelco Dolstra
1e5a2bca28 Remove HAL
It's obsolete and we no longer use it.
2012-08-17 14:45:43 -04:00
Eelco Dolstra
c60d6caee8 Rename xserver.service to display-manager.service
The latter is what graphical.target expects.
2012-08-17 14:43:41 -04:00