Commit graph

82 commits

Author SHA1 Message Date
William A. Kennington III 24368beed8 nixos/dhcpd: Use dhcp user instead of nobody 2014-08-13 15:08:43 -05:00
Vladimír Čunát 87c3c0e885 Merge master into #2129
Conflicts (easy, just UID shifted):
	nixos/modules/misc/ids.nix
	nixos/modules/module-list.nix
2014-08-12 19:24:08 +02:00
Luca Bruno 1a29fcae69 gdm: Add very experimental display manager 2014-08-12 11:23:42 +02:00
William A. Kennington III dfb596b49b nixos/unifi: Add service module 2014-08-05 21:40:47 -05:00
Paul Colomiets 9bc1676e5a Upgrade docker to 1.1.2 and add docker module
This version of module has disabled socketActivation, because until
nixos upgrade systemd to at least 214, systemd does not support
SocketGroup. So socket is created with "root" group when
socketActivation enabled. Should be fixed as soon as systemd upgraded.

Includes changes from #3015 and supersedes #3028
2014-07-28 21:45:49 +02:00
Rickard Nilsson 212f476c97 Add NixOS module for Mopidy, a music player daemon 2014-07-28 19:52:32 +02:00
Emery Hemingway e5988bf4dd polipo: new service expression 2014-07-16 11:29:40 -04:00
Marc Weber 672adc126e nixos: add 'firebird' group
The firebird module complains without missing 'firebird' group, add it.
2014-07-08 00:00:33 +02:00
lethalman e497265b72 Merge pull request #2963 from Fuuzetsu/locate
locate service: allow customisation
2014-07-07 14:24:04 +02:00
Alex Berg 7b768ba2f5 Merge remote-tracking branch 'nixos/master' into feature/add-znc-module
Conflicts:
	nixos/modules/misc/ids.nix
2014-07-03 11:30:11 -05:00
Shea Levy b3cfb9084b Get all lib functions from lib, not pkgs.lib, in modules 2014-07-02 12:28:18 -04:00
Austin Seipp 3eb2d1e03e nixos: add gitolite module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-25 22:54:18 -05:00
Alex Berg 9af1e2ab51 Add ZNC module. Has zncConfOptions or specify full conf file. 2014-06-26 05:44:32 +02:00
Mateusz Kowalczyk 4934f52bb7 locate service: allow customisation
Fixes #2961
2014-06-24 12:54:16 +02:00
Christoph Hrdinka 8daaa28ac8 nsd-service: add service module for nsd 2014-06-12 11:20:43 +02:00
Jaka Hudoklin 66456c0798 nixos: add influxdb module 2014-05-27 22:56:36 +02:00
Alexei Robyn 4fa4518875 Add TeamSpeak 3 server & service module (close #2056)
Conflicts (trivial):
	lib/maintainers.nix
	nixos/modules/misc/ids.nix
2014-05-27 17:30:26 +02:00
Austin Seipp 368a677c97 nixos: overhaul datadog module
This overhauls the Datadog module a bit to be much more useful. In
particular, it adds support for nginx and postgresql monitoring
integrations to dd-agent. These have to exist in separate files under
/etc/dd-agent, so the module just exposes then as separate options. In
the future, more integrations could be added this way.

In the process of doing this, I also had to rename the dd-agent user to
datadog. Note the UIDs did not change, so this is strictly backwards
compatible. The reason for this is to make it easier to create a
'datadog' postgres user with access to pg_stats, as 'dd-agent' typically
isn't a valid username. This allows the out of the box configurations to
be used.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-02 01:24:35 -05:00
Eelco Dolstra a142d68b43 Fix some uid/gid attributes to match the actual user/group name 2014-04-29 10:51:42 +02:00
Eelco Dolstra 0e23a175de Allocate system uids/gids between 400 and 500
Previously it was between 100 and 500, but this can already collide
with the static uids/guid in misc/ids.nix.
2014-04-29 10:45:06 +02:00
Eelco Dolstra cd05320716 Manual: Don't include the platform type of the host system
This causes unnecessary rebuilds of the manual.

http://hydra.nixos.org/build/10662170
2014-04-25 00:14:55 +02:00
Oliver Charles eb07baf75c Fixing evaluation of misc/version.nix 2014-04-23 14:14:54 +01:00
Shea Levy 66a43c0159 Update version 2014-04-23 08:02:18 -04:00
Shea Levy 7d1ddae58e nixos: evaluate assertions at toplevel, not at systemPackages
Fixes #2340
2014-04-22 14:09:02 -04:00
Alexander Kjeldaas 5065802b3a Added TCSD (Trusted Computing Group Software Stack (TSS) daemon).
Start tcsd after systemd-udev-settle and run it in foreground.
2014-04-22 14:05:09 +02:00
Austin Seipp ae207efc07 nixos: add spiped service module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-15 03:33:47 -05:00
Austin Seipp 42954a2d20 Fix hydra UID
The style for IDs dictates that groups/users should have the same ID -
so if a user doesn't have a group or vice versa, then we should skip
that ID.

In this case, we had already assigned grsecurity GID 121, but I
accidentally also assigned Hydra UID 121. Instead, let's assign Hydra
UID 122. And also assign a GID (122) as well.

Luckily nobody was depending on this yet (except me).

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-15 02:29:13 -05:00
Eelco Dolstra 29027fd1e1 Rewrite ‘with pkgs.lib’ -> ‘with lib’
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Austin Seipp a3155a0e2a nixos: add a UID for Hydra
Otherwise the Hydra module can't be used when mutableUsers = false;

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 21:20:18 -05:00
Austin Seipp 172dc1336f nixos: add grsecurity module (#1875)
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Austin Seipp 8d0259caf4 nixos: reserve some uids/gids
I have some NixOS modules that I keep out of tree, and having UIDs/GIDs
reserved is quite helpful.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-06 01:05:56 -05:00
Shea Levy a46d2e3150 Merge branch 'murmur' of git://github.com/thoughtpolice/nixpkgs
nixos: add Murmur module (Mumble chat)

Conflicts:
	nixos/modules/misc/ids.nix
2014-04-05 15:18:14 -04:00
Shea Levy ea9c8d6a13 Merge branch 'rippled' of git://github.com/ehmry/nixpkgs
rippled: initial pkg and module expressions

Had to change the rippled uid.

Conflicts:
	nixos/modules/misc/ids.nix
2014-04-05 14:23:29 -04:00
Austin Seipp f61110d65d nixos: murmur service
Murmur is the headless server component of the Mumble chat system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-02 00:11:00 -05:00
George Kollias ec1acce4e9 fixed monetdb's gid to be the same with its id. 2014-04-01 20:41:37 +03:00
George Kollias 0ded8e6de3 Added MonetDB NixOS module. 2014-04-01 20:20:33 +03:00
Emery Hemingway 6c77690b28 rippled: initial pkg and module expressions
rippled is the Ripple P2P payment network reference server
https://ripple.com
2014-03-29 15:31:37 -04:00
Austin Seipp 1acca1c396 nixos: add minecraft-server service
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-29 05:31:27 -05:00
Austin Seipp 6e415d2b58 nixos: add BitTorrent Sync service module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-20 12:24:28 -05:00
Shea Levy 78e6d0143d Add ngircd module 2014-03-19 22:04:35 -04:00
William A. Kennington III a42e1d5494 notbit: Add systemd service for a system daemon 2014-03-15 04:36:15 -05:00
Shea Levy 0c12dd3ded Merge branch 'pkgs/systemd/journald_http_gateway' of git://github.com/offlinehacker/nixpkgs
systemd: python support & journal http gateway

Conflicts:
	nixos/modules/misc/ids.nix
2014-03-14 19:16:59 -04:00
Corey O'Connor 9b79d5b298 Add jenkins continuous integration server and user.
By default the jenkins server is executed under the user "jenkins". Which can be configured using
users.jenkins.* options. If a different user is requested by changing services.jenkins.user then
none of the users.jenkins options apply.

This patch does not include jenkins slave configuration. Some config options will probably change
when this is implemented.

Aspects like the user and environment are typically identical between slave and master. The service
configs are different. The design is for users.jenkins to cover the shared aspects while
services.jenkins and services.jenkins-slave cover the master and slave specific aspects,
respectively.

Another option would be to place everything under services.jenkins and have a config that selects
master vs slave.
2014-03-13 13:01:49 -07:00
Thomas Bereknyei a2353866a8 UID/GID fix for kippo 2014-03-12 03:32:56 -04:00
Matej Cotman 7e932ca4e2 searx: add module 2014-03-09 17:33:56 +01:00
Domen Kožar 9d55a4c513 couchdb: add ids 2014-02-27 14:33:30 +01:00
Petr Rockai f21abed131 nixos: Assign uid/gid to dictd's service user. 2014-02-22 12:00:08 +01:00
Shea Levy fefc0d9917 Add module to enable the server for the ssh substituter 2014-02-20 13:40:51 -05:00
Pascal Wittmann 884190a238 nixos: add uid for logcheck and only create a user for the default user 2014-02-11 14:19:06 +01:00
Shea Levy 4ab5646417 Add a keys group with read access to /run/keys
This allows processes running as unprivileged users access to keys they might need
2014-02-11 07:00:10 -05:00