Peter Simons
155495deb2
modules/services/mail/dovecot2.nix: accept plain text authentication only over secure channels when TLS is available
...
Connects from 'localhost' are always considered secure.
2012-09-21 12:29:36 +02:00
Peter Simons
1da16a5ea1
modules/services/mail/dovecot2.nix: log via syslog instead of writing a separate file
2012-09-21 12:29:36 +02:00
Eelco Dolstra
d4af6edd5e
firewall.nix: Allow specifying trusted network interfaces
...
Trusted network interfaces (such as "lo") will accept any incoming
traffic.
2012-09-20 17:51:44 -04:00
Eelco Dolstra
1e666c10fa
Get rid of the last use of mkThenElse
2012-09-20 16:55:32 -04:00
Rickard Nilsson
0de3a0cff3
nscd-invalidate: Invalidate passwd and group databases also
...
I had some problems with LDAP user lookups not working properly
at boot. I found that invalidating passwd and group on the
ip-up event (when nscd-invalidate starts) helped a bit.
2012-09-19 14:30:55 +02:00
Eelco Dolstra
83c6b1cf3a
Set $LOCALE_ARCHIVE in systemd services
...
Systemd sets locale variables like $LANG when running services, so
$LOCALE_ARCHIVE should also be set to prevent warnings like "perl:
warning: Setting locale failed.".
2012-09-18 18:12:39 -04:00
Eelco Dolstra
d12dd340b6
firewall.nix: Respect networking.enableIPv6 = false
...
Reported-by: Pablo Costa <modulistic@gmail.com>
2012-09-18 17:20:46 -04:00
Eelco Dolstra
b96835f8dd
Merge remote-tracking branch 'origin/master' into systemd
2012-09-14 13:24:03 -04:00
Eelco Dolstra
75583c7984
nixos-rebuild: Support --option
2012-09-14 13:23:19 -04:00
Peter Simons
ad65e807bd
Add new 'hardware.cpu.amd.updateMicrocode' option.
2012-09-11 18:44:37 +02:00
Eelco Dolstra
aac6fe44b6
Merge branch 'master' of github.com:NixOS/nixos into systemd
2012-09-11 10:58:57 -04:00
Eelco Dolstra
b53842df3e
Don't set the passno field for tmpfs and other FSs that have no device
...
If passno is set, then systemd will instantiate a systemd-fsck unit,
which in turn will instantiate a <device>.device unit
(e.g. "none.device"). Since no such device exists, mounting will
fail. So don't set passno.
2012-09-11 10:55:56 -04:00
Ludovic Courtès
f7530dc5ee
avahi: Never set host-name' to the empty string in
avahi-daemon.conf'.
2012-09-07 10:58:53 +02:00
Rob Vermaas
27880ed729
Change logstash job startOn attribute to include networking
2012-09-06 12:31:15 +02:00
Shea Levy
f701e8d420
d'oh
2012-09-03 12:11:07 -04:00
Shea Levy
4be367ec47
Damn NixOS lack of laziness...
2012-09-03 10:35:45 -04:00
Eelco Dolstra
e0e0e57c26
Fix the OpenVPN jobs
2012-08-30 21:11:36 -04:00
Mathijs Kwik
bce1cdd59c
fix kernel 3.4+ early cifs mounting (qemu-vm target)
...
kernel 3.4+ needs cifs-utils to mount CIFS filesystems.
the kernel itself (and busybox's cifs mount code) are no longer able
to do this in some/most cases and will error out saying:
"CIFS VFS: connecting to DFS root not implemented yet"
Nixos' qemu-vm target is hurt by this, as it wants to mount /nix/store
via cifs very early in the boot process.
This commit makes sure the initrd for affected kernels is built with
cifs-utils if needed.
2012-08-30 18:31:45 +02:00
Mathijs Kwik
a502ce1128
networking: add proxy_arp / proxy_ndp options.
...
proxy_arp (and proxy_ndp for ipv6) can be turned on on a few
interfaces (at least 2).
This is mainly useful for creating pseudo-bridges between a real
interface and a virtual network such as VPN or a virtual machine for
interfaces that don't support real bridging (most wlan interfaces).
As ARP proxying acts slightly above the link-layer, below-ip traffic
isn't bridged, so things like DHCP won't work. The advantage above
using NAT lies in the fact that no IP addresses are shared, so all
hosts are reachable/routeable.
2012-08-29 22:59:36 +02:00
Mathijs Kwik
0dd46d1335
networking: add options for configuring virtual devices (tun/tap)
...
These are mainly useful for network tunnels (vpn/ipv6) and creating
bridges for virtual machines
2012-08-29 22:59:36 +02:00
Mathijs Kwik
d106a8a296
logcheck: make sure directories are writable during merge phase
2012-08-29 22:59:28 +02:00
Peter Simons
51e58dafca
spamassassin: use a dedicated user for running spamd
2012-08-28 16:27:28 +02:00
Mathijs Kwik
2769f594f3
add logcheck module
2012-08-26 16:04:49 +02:00
Mathijs Kwik
aba9f76105
change permission of /run/lock to allow non-root access to subdirectories
2012-08-26 10:17:22 +02:00
Mathijs Kwik
05262ad35d
postfix: allow specifying 'virtual' mappings
...
mainly useful for having a few local addresses (me@host.domain.com ) while the majority of
addresses are on the domain (you@domain.com )
2012-08-24 00:27:07 +02:00
Eelco Dolstra
8adc1ee92e
switch-to-configuration: Stop sockets corresponding to services
...
If a service has a corresponding socket unit, then stop the socket
before stopping the service. This prevents it from being restarted
behind our backs. Also, don't restart the service; it will be
restarted on demand via the socket.
2012-08-23 12:12:58 -04:00
Eelco Dolstra
e194d41b9c
cpufreq: Don't complain if a CPU doesn't support the desired governor
2012-08-23 12:12:25 -04:00
Eelco Dolstra
4c65a5d95c
Don't restart agetty
2012-08-23 11:13:33 -04:00
Eelco Dolstra
dfb6e891b9
switch-to-configuration: Don't restart systemd-user-sessions.service
...
Restarting it causes all user sessions to be killed.
2012-08-23 11:11:14 -04:00
Eelco Dolstra
af550048e8
switch-to-configuration: Don't restart the suspend/hibernate targets
...
Restarting them has the side effect of suspending/hibernating the
system again.
2012-08-23 11:11:04 -04:00
Eelco Dolstra
9e5bbee2b1
Make cpufreq a service instead of a task
...
Otherwise it will be restarted by switch-to-configuration even when it
hasn't changed.
2012-08-23 11:08:42 -04:00
Eelco Dolstra
b02c488fde
Automatically append ".service" to the name of service units
2012-08-23 10:25:27 -04:00
Eelco Dolstra
cce6e48edf
Don't use consolekit anywhere
2012-08-23 10:25:15 -04:00
Eelco Dolstra
0280aa2dc4
Remove the lvm job
...
There is a generator in lvm2 that takes care of this.
2012-08-23 10:23:41 -04:00
Eelco Dolstra
c2da812bd0
Enable upower's systemd unit
2012-08-21 11:29:59 -04:00
Eelco Dolstra
223f04b3ca
Add option ‘boot.systemd.packages’ to use units from the specified packages
2012-08-21 11:28:47 -04:00
Eelco Dolstra
e02b57df9b
Fix the dependencies of the vboxnet0 service
2012-08-20 16:19:57 -04:00
Eelco Dolstra
f3def8194e
switch-to-configuration: Restart all active targets
2012-08-20 16:19:03 -04:00
Eelco Dolstra
3f4ffffed7
Fix a Perl warning
2012-08-20 11:32:50 -04:00
Eelco Dolstra
08f14b33c1
Merge branch 'master' of github.com:NixOS/nixos into systemd
2012-08-20 11:27:38 -04:00
Eelco Dolstra
36e05e8dd2
Add some more backward compatibility hacks
2012-08-20 11:21:11 -04:00
Eelco Dolstra
39ec043aea
Typo
2012-08-20 11:21:03 -04:00
Eelco Dolstra
5408f1ebcd
Build slim without consolekit
2012-08-20 11:11:25 -04:00
Eelco Dolstra
cdc3604a7d
kdm: Do a poweroff, not a halt
2012-08-20 11:11:10 -04:00
Eelco Dolstra
ebb1781dfc
Fix KDE/kdm
2012-08-20 11:10:19 -04:00
Peter Simons
16713db4e2
modules/programs/bash/bashrc.sh: adapt bash completion for version 2.0 of the package
2012-08-20 16:37:14 +02:00
Petr Rockai
5dc8bc5f2a
Do not assume that /dev/console can always be written.
2012-08-18 14:29:09 +02:00
Eelco Dolstra
6547ecb72f
Remove policykit.nix (old PolicyKit module)
...
Only the HAL module needed it.
2012-08-17 14:47:37 -04:00
Eelco Dolstra
1e5a2bca28
Remove HAL
...
It's obsolete and we no longer use it.
2012-08-17 14:45:43 -04:00
Eelco Dolstra
c60d6caee8
Rename xserver.service to display-manager.service
...
The latter is what graphical.target expects.
2012-08-17 14:43:41 -04:00