colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
152,065 Commits 125 Branches 0 Tags 3.4 GiB
eb0050ca45
Commit Graph

130 Commits

Author SHA1 Message Date
Michael Weiss
eb0050ca45 nixos/sks: Use a group and don't add sks to systemPackages 
Without a group the gid will default to 65534 (2^16 - 2) which maps to
"nogroup". IMO it makes more sense to explicitly set a valid group.

Adding pkgs.sks to environment.systemPackages is not required (IIRC we
want to avoid bloating environment.systemPackages). Instead it seems
like a better idea to make the relevant binaries available to the user
sks and enable useDefaultShell so that "su -l sks" can be used for
manual interaction (that way the files will always have the correct
owner).
 2018-09-08 16:24:05 +02:00
Michael Weiss
a0d3d098ff nixos/sks: Add a webroot option 
The module will now, by default, serve a simple webpage via the built-in
web server (instead of displaying an error message).
 2018-09-08 16:24:05 +02:00
Michael Weiss
6764d41ecc nixos/sks: Update the descriptions and add meta.maintainers 
TODO: Merge this module with https://github.com/NixOS/nixpkgs/pull/24516
 2018-09-08 13:44:11 +02:00
Michael Weiss
a0d7b88911 nixos/sks: Add a dataDir option 2018-09-08 13:44:08 +02:00
Nadrieril
9b9ba8405b nixos/usbguard: ensure the audit log file can be created 
Since version 0.7.3, usbguard-daemon won't start if the file cannot be opened.
 2018-08-30 21:54:22 +01:00
Nadrieril
08148a746a nixos/usbguard: disable debug output 2018-08-30 21:54:22 +01:00
Ben Wolsieffer
c6191c8abf nixos/cfssl: don't create user/group unless service is enabled 2018-08-21 16:24:31 -04:00
Silvan Mosberger
1a3b9e1bd2
Merge pull request #44556 from johanot/certmgr-module-init 
nixos/certmgr: init
 2018-08-10 15:11:26 +02:00
Johan Thomsen
004e7fb6fd nixos/certmgr: init 2018-08-10 09:56:25 +02:00
Daiderd Jordan
d113c02563
services-vault: make package configurable and add extraConfig option 2018-08-09 23:22:53 +02:00
Johan Thomsen
7d7c36f8be nixos/cfssl: init 
- based on module originally written by @srhb
- complies with available options in cfssl v1.3.2
- uid and gid 299 reserved in ids.nix
- added simple nixos test case
 2018-08-03 09:40:32 +02:00
volth
2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
Yegor Timoshenko
1bb95d8409
Merge pull request #42775 from mkaito/oauth2_proxy-virtualHosts 
oauth2_proxy: add nginx vhost module
 2018-07-05 22:15:50 +03:00
Florian Klink
fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Michishige Kaito
2fec848254 fixup! oauth2_proxy: add nginx vhost module 2018-06-29 16:23:24 +01:00
Michishige Kaito
4a72999c75 oauth2_proxy: add nginx vhost module 2018-06-29 15:36:03 +01:00
Yegor Timoshenko
5e5bdfa6ad
Merge pull request #41098 from mkaito/oauth2_proxy 
oauth2_proxy: Handle attributes being derivations
 2018-06-18 20:47:55 +03:00
Joachim Fasting
c449f0b55c
nixos/tor: grammer fix, advise -> advice 
Seems to me that the noun form is more appropriate here.
 2018-06-18 12:40:09 +02:00
SLNOS
adab27a352 nixos/tor: use ControlPort for controlSocket for simplicity 2018-06-11 15:52:24 +00:00
SLNOS
2de3c4bd78 nixos/tor: add tor-init service to fix directory ownerships, fix hardenings 
This reverts a part of 5bd12c694b.

Apparently there's no way to specify user for RuntimeDirectory in systemd
service file (it's always root) but tor won't create control socket if the dir
is owned by anybody except the tor user.

These hardenings were adopted from the upstream service file, checked
against systemd.service(5) and systemd.exec(5) manuals, and tested to
actually work with all the options enabled.

`PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5),
removed.

`--RunAsDaemon 0` is the default value according to tor(5), removed.
 2018-06-11 15:52:24 +00:00
markuskowa
96af022af5 nixos/munge: run munge as user munge instead of root. (#41509) 
* Added a note in release notes (incompatibilities)
* Adapt slurm test
* Change user to munge in service.munge
 2018-06-09 00:50:28 +02:00
Michishige Kaito
170223fe64 Handle attributes being derivations 2018-05-26 12:05:04 +01:00
bricewge
21b926003d sshguard: service creates /var/lib/sshguard 2018-05-05 00:29:44 -05:00
Yegor Timoshenko
e71c36369f
Merge pull request #39002 from serokell/oauth2_proxy_mod 
oauth2_proxy: refactor service
 2018-04-27 22:15:50 +03:00
Yorick van Pelt
048c991eb0
oauth2_proxy: use explicit upstream default for setXauthrequest 2018-04-27 16:45:38 +02:00
Robert Schütz
5bd12c694b
nixos/tor: use RuntimeDirectory, StateDirectory (#39083) 2018-04-18 09:42:45 +02:00
Yorick van Pelt
a037cbd46b
oauth2_proxy: add keyFile, make some options optional 2018-04-16 14:06:22 +02:00
Yorick van Pelt
b901c40a8e
oauth2_proxy: update module for extraConfig support 2018-04-16 13:10:31 +02:00
Joachim F
1c889be474
Merge pull request #37827 from oxij/pull/28938-tor-control-port 
nixos/tor: expose control socket
 2018-03-26 13:05:27 +00:00
Jaka Hudoklin
cb9c1c63c9 nixos/tor: expose control socket 2018-03-26 00:41:10 +00:00
Dan Peebles
6fa9d9cdbd hologram-server module: add cache timeout option 
The version of hologram we're using has supported this option for a
while, but we didn't expose it through the NixOS module
 2018-03-21 12:58:25 -04:00
Joel Thompson
fe2e4d6fb9 hologram: Enable configuring LDAP authorization 
In AdRoll/hologram#62 support was added to hologram to configure
LDAP-based authorization of which roles a user was allowed to get
credentials for. This adds the ability to configure that.

Additionally, AdRoll/hologram/#94 added support to customize the LDAP
group query, so this also feeds that configuration through.

fixes #37393
 2018-03-20 07:36:23 +00:00
Shea Levy
fec543436d
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
Nadrieril
297fac40ca nixos/usbguard: Do not check permissions on rules file (using undocumented -P flag) 2018-02-27 18:34:02 +00:00
rnhmjoj
e81811a579
nixos/modules: rename IP addresses/routes options 2018-02-17 14:57:07 +01:00
Jörg Thalheim
9fab083b79
Merge pull request #34524 from Infinisil/physlock-allowAnyUser 
nixos/physlock: add allowAnyUser option
 2018-02-10 09:58:36 +00:00
Robert Schütz
355de06fe4 nixos/tor: add hiddenServices.<name>.authorizeClient 2018-02-08 10:02:22 +01:00
Silvan Mosberger
cfd22b733b
physlock: add allowAnyUser option 2018-02-02 14:03:00 +01:00
Léo Gaspard
7b878a443a
nixos/clamav: replace mkIf [] with optional 2018-01-06 16:52:14 +01:00
Nadrieril
95fde40b71 usbguard service: rules option should be of type 'lines' 2017-12-29 03:19:36 +01:00
Jaka Hudoklin
bc557912a1
Merge pull request #28939 from xtruder/nixos/tor/trans_proxy 
tor module: add support for transparent proxy and dns
 2017-12-03 21:47:11 +01:00
Léo Gaspard
652842d82e clamav module: make services.clamav.daemon.enable actually work 2017-11-28 13:45:13 +01:00
Joachim F
815bebf9e8 Merge pull request #30173 from dmjio/patch-1 
oauth2_proxy: default address updated
 2017-10-20 16:28:40 +00:00
Peter Hoeg
3211098632 Revert "sshguard: make it run" 
This reverts commit 69d8b81b4b.
 2017-10-14 14:42:49 +08:00
Peter Hoeg
69d8b81b4b sshguard: make it run 2017-10-14 14:38:04 +08:00
Dan Peebles
56e18c50cc Revert "Simple proof of concept for how to do other types of services" 
This reverts commit 7c3253e519.

I included this in another push by accident and never intended for it to
be in mainline. See https://github.com/NixOS/nixpkgs/pull/26075 if you
want more.
 2017-10-13 09:17:13 -04:00
David Johnson
5b530d4568 oauth2_proxy: default address updated 
Go will fail to parse this otherwise.
https://github.com/golang/go/issues/19297
 2017-10-06 16:52:22 -07:00
Jaka Hudoklin
78a86c9072 nixos/tor: add support for transparent proxy and dns 2017-09-23 20:13:08 +02:00
Rob Vermaas
1b71376cf2
Make sure dummy kernel module is loaded for hologram-agent. 
(cherry picked from commit eb873f6c78e1c5306956b4c9fd651b25a6b9c40c)
 2017-09-20 10:58:24 +00:00
Jörg Thalheim
bb5b084986 tor: skip ControlPort in torrc, if not set. 2017-09-13 23:33:46 +01:00