Commit graph

71 commits

Author SHA1 Message Date
Alexander Kjeldaas 5065802b3a Added TCSD (Trusted Computing Group Software Stack (TSS) daemon).
Start tcsd after systemd-udev-settle and run it in foreground.
2014-04-22 14:05:09 +02:00
Michael Raskin 7231b6b94e Merge pull request #2248 from ehmry/rsync
rsync updated 3.0.9 to 3.1.0, rsyncd service module
2014-04-18 10:17:08 -07:00
Domen Kožar 3a9f28ee08 Merge pull request #2185 from lethalman/gnome3
tracker, licenses.cc-by-30, gnome-user-docs, upgrade sushi, gnome-keyring service, gnome-user-share, gnome-tweak-tool, gnome-shell-extensions, xdg-user-dirs
2014-04-16 18:08:00 +02:00
Austin Seipp ae207efc07 nixos: add spiped service module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-15 03:33:47 -05:00
Luca Bruno c6383af311 gnome-online-accounts: add dbus service 2014-04-14 09:58:04 +02:00
Luca Bruno a5b4c74a16 gnome-user-share: new package
Service that exports the contents of the Public folder in your home directory on the local network

https://help.gnome.org/users/gnome-user-share/3.8
2014-04-14 09:58:03 +02:00
Luca Bruno b0154961ed gnome-keyring: add dbus service 2014-04-14 09:58:03 +02:00
Luca Bruno d5b4c3c63e tracker: new package
Desktop-neutral user information store, search tool and indexer

https://wiki.gnome.org/Projects/Tracker
2014-04-14 09:58:02 +02:00
Emery Hemingway 93e9154805 rsync updated 3.0.9 to 3.1.0, rsyncd service module 2014-04-13 23:25:28 -04:00
Austin Seipp 172dc1336f nixos: add grsecurity module (#1875)
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Eelco Dolstra d2155649af Merge branch 'containers'
Fixes #2105.
2014-04-10 15:55:51 +02:00
Shea Levy 9dcffe951d Merge branch 'cjdns' of git://github.com/ehmry/nixpkgs
cjdns: update to 20130303
2014-04-09 20:34:32 -04:00
Emery Hemingway 316e809ff8 cjdns: update to 20130303
build system is now nodejs based
new nixos module to start cjdns
2014-04-09 10:30:57 -04:00
Luca Bruno c56af6102a at-spi2-core: add dbus module, enabled on gnome3 by default 2014-04-09 00:36:53 +02:00
Luca Bruno 8553993887 telepathy-mission-control: add dbus service, enabled by default on gnome3 2014-04-09 00:36:52 +02:00
Luca Bruno 2bc0f7b701 evolution-data-server: fix gsettings schemas and add dbus service 2014-04-09 00:36:51 +02:00
Luca Bruno ea3644cb09 sushi: new package
A quick previewer for Nautilus

http://en.wikipedia.org/wiki/Sushi_(software)
2014-04-08 13:41:29 +02:00
Luca Bruno 06614031d6 accountservice: add dbus and systemd services
Enable by default with gnome3.
2014-04-08 13:39:48 +02:00
Shea Levy a46d2e3150 Merge branch 'murmur' of git://github.com/thoughtpolice/nixpkgs
nixos: add Murmur module (Mumble chat)

Conflicts:
	nixos/modules/misc/ids.nix
2014-04-05 15:18:14 -04:00
Shea Levy ea9c8d6a13 Merge branch 'rippled' of git://github.com/ehmry/nixpkgs
rippled: initial pkg and module expressions

Had to change the rippled uid.

Conflicts:
	nixos/modules/misc/ids.nix
2014-04-05 14:23:29 -04:00
Eelco Dolstra 6905aa1cf4 Merge pull request #2095 from geo-kollias/master
Added MonetDB NixOS module.
2014-04-04 13:55:24 +02:00
Matej Cotman 7df1ce5088 syncthing: new package and nixos module 2014-04-04 10:46:29 +02:00
Eelco Dolstra 269926df0d container-login.nix -> container-config.nix 2014-04-03 16:36:16 +02:00
Eelco Dolstra fee81c3739 Always enable container logins 2014-04-03 16:35:36 +02:00
Austin Seipp f61110d65d nixos: murmur service
Murmur is the headless server component of the Mumble chat system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-02 00:11:00 -05:00
George Kollias 0ded8e6de3 Added MonetDB NixOS module. 2014-04-01 20:20:33 +03:00
Emery Hemingway 6c77690b28 rippled: initial pkg and module expressions
rippled is the Ripple P2P payment network reference server
https://ripple.com
2014-03-29 15:31:37 -04:00
Austin Seipp 1acca1c396 nixos: add minecraft-server service
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-29 05:31:27 -05:00
Austin Seipp 6e415d2b58 nixos: add BitTorrent Sync service module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-20 12:24:28 -05:00
Shea Levy 78e6d0143d Add ngircd module 2014-03-19 22:04:35 -04:00
mornfall fe995cdedc Merge pull request #1775 from thoughtpolice/duo_unix
Duo Security module and uid/gid support for /etc files
2014-03-16 23:06:01 +01:00
Austin Seipp 29d46452dd nixos: add Duo Security module
This module adds the security.duosec attributes, which you can use to
enable simple two-factor authentication for NixOS logins.

The module currently provides PAM and SSH support, although the PAM unix
system configuration isn't automatically dealt with (although the
configuration is automatically built).

Enabling it is as easy as saying:

  security.duosec.ssh.enable = true;
  security.duosec.ikey       = "XXXXXXXX...";
  security.duosec.skey       = "XXXXXXXX...";
  security.duosec.host       = "api-XXXXXXX.duosecurity.com";
  security.duosec.group      = "duosec";

which will enforce two-factor authentication for SSH logins for users in
the 'duosec' group.

This requires uid/gid support in the environment.etc module.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-16 07:11:50 -05:00
William A. Kennington III a42e1d5494 notbit: Add systemd service for a system daemon 2014-03-15 04:36:15 -05:00
Corey O'Connor 40de28afca remove users.jenkins config start on slave config.
Uses standard NixOS user config merging.
Work in progress: The slave config does not actually start the slave agent. This just configures a
jenkins user if required. Bare minimum to enable a nice jenkins SSH slave.
2014-03-13 13:01:50 -07:00
Corey O'Connor 9b79d5b298 Add jenkins continuous integration server and user.
By default the jenkins server is executed under the user "jenkins". Which can be configured using
users.jenkins.* options. If a different user is requested by changing services.jenkins.user then
none of the users.jenkins options apply.

This patch does not include jenkins slave configuration. Some config options will probably change
when this is implemented.

Aspects like the user and environment are typically identical between slave and master. The service
configs are different. The design is for users.jenkins to cover the shared aspects while
services.jenkins and services.jenkins-slave cover the master and slave specific aspects,
respectively.

Another option would be to place everything under services.jenkins and have a config that selects
master vs slave.
2014-03-13 13:01:49 -07:00
Rickard Nilsson 3ed3c60d0f New NixOS module: services.solr, for running a solr server 2014-03-13 00:32:59 +01:00
Rickard Nilsson f24940330b New NixOS module: services.winstone, for running instances of the Winstone Java Servlet container 2014-03-12 23:14:09 +01:00
Rickard Nilsson 562a8ca4a2 Add phpfpm NixOS service module 2014-03-12 11:38:50 +01:00
Matej Cotman 7e932ca4e2 searx: add module 2014-03-09 17:33:56 +01:00
Austin Seipp 24cf6afa05 nixos: add Tarsnap backup service module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-07 15:37:09 +01:00
Rok Garbas 62438c09f7 update couchdb to 1.5.0(current latest) and add service for it 2014-02-27 13:34:11 +01:00
Shea Levy efb18d9aa5 D'oh 2014-02-26 08:49:21 -05:00
Shea Levy fefc0d9917 Add module to enable the server for the ssh substituter 2014-02-20 13:40:51 -05:00
Tomasz Kontusz fe38031168 Upgrade bumblebee and add nixos module
* Bump bumblebee to 3.2.1
 * Remove config.patch - options it added can be passed to ./configure now
 * Remove the provided xorg.conf
   Provided xorg.conf was causing problems for some users,
   and Bumblebee provides its own default configuration anyway.
 * Make secondary X11 log to /var/log/X.bumblebee.log
 * Add a module for bumblebee
2014-02-09 15:09:41 +01:00
Shea Levy dea562b6b9 services.mesa -> hardware.opengl
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-08 14:45:37 -05:00
Petr Rockai 66db1b3a64 nixos: Add a dictd service. 2014-01-25 16:35:02 +01:00
Alexei Robyn 6d80803e66 Adds a service for haveged, the entropy daemon
Includes configuration option for the threshold beneath which to refill
the entropy pool - defaults to 1024 bits as this is the number used in
other distro's existing service files I looked at.
2014-01-17 22:10:52 +11:00
Shea Levy 852c270035 nixos: Split mesa setup from xserver.nix
With kmscon, it is now possible to have a system without X that still
needs the mesa setup in /run/opengl-driver

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-15 08:17:19 -05:00
Shea Levy 48daf624c5 Add module to use kmscon instead of linux-console for VTs
This required some changes to systemd unit handling:

* Add an option to specify that a unit is just a symlink
* Allow specified units to overwrite systemd-provided ones
* Have gettys.target require autovt@1.service instead of getty@1.service

Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-15 08:17:19 -05:00
Thomas Bereknyei 57e3feda74 Adds kippo SSH honeypot 2014-01-14 10:32:26 +00:00