Commit graph

3240 commits

Author SHA1 Message Date
Jörg Thalheim
1590461887 ntp: make timesyncd the new default
- most nixos user only require time synchronisation,
  while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
  save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
rnhmjoj
993cbf8acb uxrvtd: Fix clipboard 2016-12-16 23:55:50 +01:00
Bjørn Forsman
ebe67d69d0 collectd service: change /var/lib/collectd perms: 700 -> 755
The collectd service runs as an unprivileged user by default, so it does
not leak more information to its data directory than any user can obtain
elsewhere by other means.

If people are running it as root and are worried about information leak,
we can add collectd group and set perms to 750.

CC @offlinehacker.

Fixes #21198.
2016-12-16 23:04:42 +01:00
michael bishop
e5cefadef7 fix indentation in several nixos option descriptions 2016-12-16 18:29:25 +01:00
romildo
2e7105467b lxqt: better organize system packages
Split packages in three categories, all of them going into the system
package list:
- pre-requisite packages
- core packages
- optional packages

Add a new configuration option 'environment.lxqt.excludePackages' to
specify optional LXQt packages that should be excluded from system
packages.

Add 'gvfs' as a pre-requisite package, needed by 'pcmanfm-qt' to
handle virtual places, like "Computer" and "Network".
2016-12-15 22:45:06 +01:00
Jörg Thalheim
cc864af928 bird: refactor module
- syntax check before deploying configuration
- remove static unnessary static uid/gid (configuration is opened as root)
- add service hardening
2016-12-15 11:38:45 +01:00
Jörg Thalheim
9871d3cb42 Merge pull request #21087 from offlinehacker/nixos/kubernetes1/fixdns
kubernetes module: fix default dns ip
2016-12-15 01:14:54 +01:00
Jörg Thalheim
ebd85b632a
ferm: reload rules on updates instead of restart 2016-12-14 16:09:11 +01:00
Renaud
fa0a63ec13 fail2ban service : improve ssh jail (#21131)
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
2016-12-14 14:58:02 +01:00
Nikolay Amiantov
17d0a570ab Merge pull request #21137 from jerith666/cupsd-path
use symlink to ensure cupsd.conf PATH always points to a valid store path
2016-12-14 14:42:27 +03:00
Matt McHenry
05fb82732c use symlink to ensure cupsd.conf PATH always points to a valid store path
even if cups rewrites its config file due to config changes made through
its web-based management UI, we need to keep the PATH pointing to
currently-live nix store directories.  fixes #20806.
2016-12-13 21:35:56 -05:00
Joachim Fasting
d893c86b34
terraria service: fixup worldPath option type
Otherwise, using the defaults results in a type error.
2016-12-13 15:12:33 +01:00
Joachim Fasting
33088accc8
terraria service: fix tmux output
tmux.bin was removed in 5535d94394

Use `lib.getBin` to be more robust to future changes.
2016-12-13 15:12:31 +01:00
Fernando J Pando
50466c2d4f
buildbot: 0.9.0rc4 -> 0.9.0.post1
- updates buildbot to version 9 release
- adds nixos configuration module
- fixes buildbot-www package deps
- re-hardcode path to tail
- builbot configuration via module vars

fixes #19759
2016-12-13 10:52:56 +01:00
Jaka Hudoklin
2867f88781 kubernetes module: fix default dns ip 2016-12-12 01:25:23 +01:00
Gregor Kleen
d5ec2a2c9d
postsrsd: additional configuration
fixes #19933
2016-12-11 21:43:45 +01:00
Joachim F
9af356258b Merge pull request #20971 from kierdavis/boinc
boinc service: add to module list
2016-12-11 13:06:09 +01:00
Joachim Fasting
230994a30a
psd service: assert that at least one user must be configured
Using the default config, a user will experience a run-time failure.
This is poor UX, assert the requirement up-front.
2016-12-10 20:35:44 +01:00
Joachim Fasting
4697f83984
openfire service: more informative assertion failure message
Explain why the assertion fails; the user already knows that it *has*
failed.
2016-12-10 20:35:43 +01:00
Joachim Fasting
2a4902dd80
dante service: fix config option type
The type was simply str but the default is null, thus resulting in a
conversion error if the user fails to declare a value.
2016-12-10 20:35:41 +01:00
Joachim Fasting
fafb6657c1
syslogd service: assert conflict with rsyslogd
Enabling both these at the same time fails because they implement the
same interface.
2016-12-10 20:35:39 +01:00
Joachim Fasting
19b96176b4
couchdb service: fix test in preStart
Otherwise you'd get errors like "-f no such command".
2016-12-10 20:35:20 +01:00
Nikolay Amiantov
9cca8e3f87 uwsgi service: fix for new pythonPackages 2016-12-08 21:03:41 +03:00
Kier Davis
2606994cc6
boinc service: use <link> instead of <ulink> 2016-12-08 15:50:52 +00:00
Joachim Fasting
3dcdc2d2b0
privoxy service: remove static uid
The service owns no data, having a static uid serves no purpose.

This frees up uid/gid 32
2016-12-05 13:37:08 +01:00
Joachim Fasting
ad88f1040e
privoxy service: additional isolation 2016-12-05 13:21:31 +01:00
Vladimír Čunát
a1ae627362
nixos GDM: fix #19896
- As noted on github, GDM needs different parameters for X.
- Making xserverArgs a true list instead of concat-string helps to
  filter it and it feels more correct anyway.
- Tested: gdm+gnome, lightdm+gnome.  There seems to be no logout option
  in gnome, and gdm doesn't offer other sessions, but maybe these are normal.
2016-12-04 14:54:31 +01:00
Jörg Thalheim
e00632e200 Merge pull request #20858 from Mic92/lxcfs
lxcfs: init at 2.0.4
2016-12-04 11:33:07 +01:00
Franz Pletz
69bee1b361 Merge pull request #20770 from mguentner/more_ipfs
services: IPFS: add test and more config parameters
2016-12-04 01:46:09 +01:00
Jörg Thalheim
aa854f192e
cgmanager: add module 2016-12-02 13:52:04 +01:00
lbonn
288e75c5f9 wireguard: remove dependency on ip-up.target
It was deprecated and removed from all modules in the tree by #18319.

The wireguard module PR (#17933) was still in the review at the time and
the deprecated usage managed to slip inside.
2016-12-01 00:11:16 +01:00
Franz Pletz
3000ae8602
gitlab service: fix sidekiq queue config 2016-11-29 17:42:46 +01:00
Erik Rybakken
2f0cc0d3f0 unclutter-xfixes service: init
Closes #18398
2016-11-29 14:25:32 +01:00
Maximilian Güntner
0526a5c90a
services: add gatewayAddress and apiAddress to ipfs
Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-11-28 15:33:51 +01:00
Aycan iRiCAN
37715d1f46 hydra-module: add cfg.package to hydra-evaluator path 2016-11-28 15:53:44 +02:00
Sophie Taylor
016fa06c71
cjdns: Improving systemd unit description 2016-11-27 22:07:51 -05:00
Ruben Maher
9c9a21d525 matrix-synapse service: Make url_preview_enabled optional (#20609) 2016-11-28 03:33:48 +01:00
Franz Pletz
e394c305a8 Merge pull request #20620 from rnhmjoj/fakeroute
fakeroute: init at 0.3
2016-11-28 03:01:15 +01:00
pngwjpgh
bcc9a6ac75 infinoted service: init
Service module for the dedicated gobby server included in libinfinity
2016-11-27 17:23:21 +01:00
Michael Raskin
36010e7046 Merge pull request #20366 from MarcWeber/submit/apache-port-to-listen
apache-httpd
2016-11-26 13:37:02 +00:00
Vladimír Čunát
8ebfce0eda
display-managers module: improve variable quoting
Fixes #20713, though I'm certain nixpkgs contains loads of places
without proper quoting, as (ba)sh unfortunately encourages that.

The only plus side is that most of such problems in nixpkgs aren't
actually security problems but mere annoyance to those who are foolish
enough to use "weird" characters in critical names.
2016-11-26 11:23:31 +01:00
Robert Helgesson
8a424e3fbd
tahoe service: use ExecStart instead of script
Since only a single command is necessary to start Tahoe it is sufficient
to use ExecStart and thereby skip starting up Bash (and leaving it
running).
2016-11-25 21:49:34 +01:00
Jaka Hudoklin
3b500d37f5 Merge pull request #19023 from offlinehacker/kube-update
WIP: kubernetes update package and module
2016-11-24 23:10:01 +01:00
Corbin Simpson
27f1def068 nixos/collectd: Fix syntax error on some hostnames. (#20694)
Without this, hostnames that e.g. end in digits will cause syntax errors for
collectd.
2016-11-24 21:47:17 +01:00
rnhmjoj
7eb9a03221
fakeroute: add service 2016-11-23 15:23:10 +01:00
Joachim F
a6f392abd6 Merge pull request #20385 from ericsagnes/feat/i3-refactor
i3 module: refactor
2016-11-23 05:11:14 +01:00
Franz Pletz
d94e93ccdf Merge pull request #19588 from Shados/add-dante
Add dante package & accompanying service module
2016-11-22 15:10:46 +01:00
Alexei Robyn
49d679d7a8 dante service: init 2016-11-22 21:33:54 +11:00
Kier Davis
db50ae78d0
boinc service: init 2016-11-22 01:14:40 +00:00
Daiderd Jordan
c531cc2303 Merge pull request #20606 from mdaiter/riak_extraAdvancedConfig
riak: added extraAdvancedConfig option to service module
2016-11-21 18:22:01 +01:00