Jörg Thalheim
1590461887
ntp: make timesyncd the new default
...
- most nixos user only require time synchronisation,
while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
rnhmjoj
993cbf8acb
uxrvtd: Fix clipboard
2016-12-16 23:55:50 +01:00
Bjørn Forsman
ebe67d69d0
collectd service: change /var/lib/collectd perms: 700 -> 755
...
The collectd service runs as an unprivileged user by default, so it does
not leak more information to its data directory than any user can obtain
elsewhere by other means.
If people are running it as root and are worried about information leak,
we can add collectd group and set perms to 750.
CC @offlinehacker.
Fixes #21198 .
2016-12-16 23:04:42 +01:00
michael bishop
e5cefadef7
fix indentation in several nixos option descriptions
2016-12-16 18:29:25 +01:00
romildo
2e7105467b
lxqt: better organize system packages
...
Split packages in three categories, all of them going into the system
package list:
- pre-requisite packages
- core packages
- optional packages
Add a new configuration option 'environment.lxqt.excludePackages' to
specify optional LXQt packages that should be excluded from system
packages.
Add 'gvfs' as a pre-requisite package, needed by 'pcmanfm-qt' to
handle virtual places, like "Computer" and "Network".
2016-12-15 22:45:06 +01:00
Jörg Thalheim
cc864af928
bird: refactor module
...
- syntax check before deploying configuration
- remove static unnessary static uid/gid (configuration is opened as root)
- add service hardening
2016-12-15 11:38:45 +01:00
Jörg Thalheim
9871d3cb42
Merge pull request #21087 from offlinehacker/nixos/kubernetes1/fixdns
...
kubernetes module: fix default dns ip
2016-12-15 01:14:54 +01:00
Jörg Thalheim
ebd85b632a
ferm: reload rules on updates instead of restart
2016-12-14 16:09:11 +01:00
Renaud
fa0a63ec13
fail2ban service : improve ssh jail ( #21131 )
...
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
2016-12-14 14:58:02 +01:00
Nikolay Amiantov
17d0a570ab
Merge pull request #21137 from jerith666/cupsd-path
...
use symlink to ensure cupsd.conf PATH always points to a valid store path
2016-12-14 14:42:27 +03:00
Matt McHenry
05fb82732c
use symlink to ensure cupsd.conf PATH always points to a valid store path
...
even if cups rewrites its config file due to config changes made through
its web-based management UI, we need to keep the PATH pointing to
currently-live nix store directories. fixes #20806 .
2016-12-13 21:35:56 -05:00
Joachim Fasting
d893c86b34
terraria service: fixup worldPath option type
...
Otherwise, using the defaults results in a type error.
2016-12-13 15:12:33 +01:00
Joachim Fasting
33088accc8
terraria service: fix tmux output
...
tmux.bin was removed in 5535d94394
Use `lib.getBin` to be more robust to future changes.
2016-12-13 15:12:31 +01:00
Fernando J Pando
50466c2d4f
buildbot: 0.9.0rc4 -> 0.9.0.post1
...
- updates buildbot to version 9 release
- adds nixos configuration module
- fixes buildbot-www package deps
- re-hardcode path to tail
- builbot configuration via module vars
fixes #19759
2016-12-13 10:52:56 +01:00
Jaka Hudoklin
2867f88781
kubernetes module: fix default dns ip
2016-12-12 01:25:23 +01:00
Gregor Kleen
d5ec2a2c9d
postsrsd: additional configuration
...
fixes #19933
2016-12-11 21:43:45 +01:00
Joachim F
9af356258b
Merge pull request #20971 from kierdavis/boinc
...
boinc service: add to module list
2016-12-11 13:06:09 +01:00
Joachim Fasting
230994a30a
psd service: assert that at least one user must be configured
...
Using the default config, a user will experience a run-time failure.
This is poor UX, assert the requirement up-front.
2016-12-10 20:35:44 +01:00
Joachim Fasting
4697f83984
openfire service: more informative assertion failure message
...
Explain why the assertion fails; the user already knows that it *has*
failed.
2016-12-10 20:35:43 +01:00
Joachim Fasting
2a4902dd80
dante service: fix config option type
...
The type was simply str but the default is null, thus resulting in a
conversion error if the user fails to declare a value.
2016-12-10 20:35:41 +01:00
Joachim Fasting
fafb6657c1
syslogd service: assert conflict with rsyslogd
...
Enabling both these at the same time fails because they implement the
same interface.
2016-12-10 20:35:39 +01:00
Joachim Fasting
19b96176b4
couchdb service: fix test in preStart
...
Otherwise you'd get errors like "-f no such command".
2016-12-10 20:35:20 +01:00
Nikolay Amiantov
9cca8e3f87
uwsgi service: fix for new pythonPackages
2016-12-08 21:03:41 +03:00
Kier Davis
2606994cc6
boinc service: use <link> instead of <ulink>
2016-12-08 15:50:52 +00:00
Joachim Fasting
3dcdc2d2b0
privoxy service: remove static uid
...
The service owns no data, having a static uid serves no purpose.
This frees up uid/gid 32
2016-12-05 13:37:08 +01:00
Joachim Fasting
ad88f1040e
privoxy service: additional isolation
2016-12-05 13:21:31 +01:00
Vladimír Čunát
a1ae627362
nixos GDM: fix #19896
...
- As noted on github, GDM needs different parameters for X.
- Making xserverArgs a true list instead of concat-string helps to
filter it and it feels more correct anyway.
- Tested: gdm+gnome, lightdm+gnome. There seems to be no logout option
in gnome, and gdm doesn't offer other sessions, but maybe these are normal.
2016-12-04 14:54:31 +01:00
Jörg Thalheim
e00632e200
Merge pull request #20858 from Mic92/lxcfs
...
lxcfs: init at 2.0.4
2016-12-04 11:33:07 +01:00
Franz Pletz
69bee1b361
Merge pull request #20770 from mguentner/more_ipfs
...
services: IPFS: add test and more config parameters
2016-12-04 01:46:09 +01:00
Jörg Thalheim
aa854f192e
cgmanager: add module
2016-12-02 13:52:04 +01:00
lbonn
288e75c5f9
wireguard: remove dependency on ip-up.target
...
It was deprecated and removed from all modules in the tree by #18319 .
The wireguard module PR (#17933 ) was still in the review at the time and
the deprecated usage managed to slip inside.
2016-12-01 00:11:16 +01:00
Franz Pletz
3000ae8602
gitlab service: fix sidekiq queue config
2016-11-29 17:42:46 +01:00
Erik Rybakken
2f0cc0d3f0
unclutter-xfixes service: init
...
Closes #18398
2016-11-29 14:25:32 +01:00
Maximilian Güntner
0526a5c90a
services: add gatewayAddress and apiAddress to ipfs
...
Signed-off-by: Maximilian Güntner <code@klandest.in>
2016-11-28 15:33:51 +01:00
Aycan iRiCAN
37715d1f46
hydra-module: add cfg.package to hydra-evaluator path
2016-11-28 15:53:44 +02:00
Sophie Taylor
016fa06c71
cjdns: Improving systemd unit description
2016-11-27 22:07:51 -05:00
Ruben Maher
9c9a21d525
matrix-synapse service: Make url_preview_enabled optional ( #20609 )
2016-11-28 03:33:48 +01:00
Franz Pletz
e394c305a8
Merge pull request #20620 from rnhmjoj/fakeroute
...
fakeroute: init at 0.3
2016-11-28 03:01:15 +01:00
pngwjpgh
bcc9a6ac75
infinoted service: init
...
Service module for the dedicated gobby server included in libinfinity
2016-11-27 17:23:21 +01:00
Michael Raskin
36010e7046
Merge pull request #20366 from MarcWeber/submit/apache-port-to-listen
...
apache-httpd
2016-11-26 13:37:02 +00:00
Vladimír Čunát
8ebfce0eda
display-managers module: improve variable quoting
...
Fixes #20713 , though I'm certain nixpkgs contains loads of places
without proper quoting, as (ba)sh unfortunately encourages that.
The only plus side is that most of such problems in nixpkgs aren't
actually security problems but mere annoyance to those who are foolish
enough to use "weird" characters in critical names.
2016-11-26 11:23:31 +01:00
Robert Helgesson
8a424e3fbd
tahoe service: use ExecStart instead of script
...
Since only a single command is necessary to start Tahoe it is sufficient
to use ExecStart and thereby skip starting up Bash (and leaving it
running).
2016-11-25 21:49:34 +01:00
Jaka Hudoklin
3b500d37f5
Merge pull request #19023 from offlinehacker/kube-update
...
WIP: kubernetes update package and module
2016-11-24 23:10:01 +01:00
Corbin Simpson
27f1def068
nixos/collectd: Fix syntax error on some hostnames. ( #20694 )
...
Without this, hostnames that e.g. end in digits will cause syntax errors for
collectd.
2016-11-24 21:47:17 +01:00
rnhmjoj
7eb9a03221
fakeroute: add service
2016-11-23 15:23:10 +01:00
Joachim F
a6f392abd6
Merge pull request #20385 from ericsagnes/feat/i3-refactor
...
i3 module: refactor
2016-11-23 05:11:14 +01:00
Franz Pletz
d94e93ccdf
Merge pull request #19588 from Shados/add-dante
...
Add dante package & accompanying service module
2016-11-22 15:10:46 +01:00
Alexei Robyn
49d679d7a8
dante service: init
2016-11-22 21:33:54 +11:00
Kier Davis
db50ae78d0
boinc service: init
2016-11-22 01:14:40 +00:00
Daiderd Jordan
c531cc2303
Merge pull request #20606 from mdaiter/riak_extraAdvancedConfig
...
riak: added extraAdvancedConfig option to service module
2016-11-21 18:22:01 +01:00