philipp/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity
%!d() commits 3 branches 0 tags 1.4 GiB
Commit graph

353 commits

Author SHA1 Message Date
Jan Malakhovski af2382606c bind: allow forwarders to differ from nameservers 2013-09-17 01:21:17 +00:00
Peter Simons 4a7d8a84bc modules/services/networking/tcpcrypt.nix: specify start-up dependencies in systemd style 
Thanks, Eelco, for pointing this out.
 2013-09-11 18:56:09 +02:00
Peter Simons 0afcc637d7 Add support for opportunistic TCP encryption. 
Set "networking.tcpcrypt.enable = true;" to enable opportunistic TCP encryption
based on the user-space tools available from <http://tcpcrypt.org>.

Network attackers come in two varieties: passive and active (man-in-the-middle).
Passive attacks are much simpler to execute because they just require listening
on the network. Active attacks are much harder as they require listening and
modifying network traffic, often requiring very precise timing that can make
some attacks impractical.

Opportunistic encryption cannot protect against active attackers, but it *does*
protect against passive attackers. Furthermore, Tcpcrypt is powerful enough to
stop active attacks, too, if the application using it performs authentication.

A complete description of the protocol extension can be found at
<http://tools.ietf.org/html/draft-bittau-tcp-crypt-00>.
 2013-09-10 23:32:55 +02:00
Eelco Dolstra c4092f2a8d firewall.nix: Less verbosity 2013-09-10 15:17:52 +02:00
Eelco Dolstra 94bb48be78 firewall.nix: Don't make missing rpfilter support a fatal error 
This makes upgrading from Linux 3.2 to 3.4 a bit nicer.
 2013-09-10 15:17:52 +02:00
Moritz Ulrich f8d1aac7d8 minidlna: Start after networking.target. 
Signed-off-by: Moritz Ulrich <moritz@tarn-vedra.de>
 2013-08-27 20:51:34 +02:00
Rickard Nilsson b0b5e08e86 Add some more missing uids/gids 2013-08-26 15:20:25 +02:00
Eelco Dolstra 9771f0c96c sshd: Support multiple host keys 
The option services.openssh.hostKeys now allows specifying multiple
host keys.  The default value enables both a DSA and ECDSA key.
(Clients by default will use the ECDSA key, unless known_hosts already
has a DSA key for that host.)  To use only an ECDSA key, you can say:

  services.openssh.hostKeys =
    [ { path = "/etc/ssh/ssh_host_ecdsa_key";
        type = "ecdsa";
        bits = 521;
      }
    ];
 2013-08-24 01:01:10 +02:00
Evgeny Egorochkin f8a6fa774e SSH daemon: change default key size for RSA, add alert for weak keys. 2013-08-23 14:50:14 +03:00
Rickard Nilsson f420726936 Add several missing uids and gids to modules/misc/ids.nix 2013-08-23 11:37:17 +02:00
Rickard Nilsson 1ff7584a30 networkmanager: Add option for appending DNS settings 
If the option is enabled, the DNS servers from networking.nameservers
will be inserted in /etc/resolv.conf after the DNS servers that
NetworkManager receieves by DHCP, or that is configured manually
in the connection settings.
 2013-08-20 13:36:01 +02:00
Rickard Nilsson e36e979d38 networkmanager: Add option for overriding DNS settings 
If the option is enabled, the DNS servers from networking.nameservers
will be inserted in /etc/resolv.con and override any DNS servers that
NetworkManager receieves by DHCP, or that is configured manually
in the connection settings.
 2013-08-16 00:35:57 +02:00
Ivan Kozik 390fdb3e60 Fix typos, especially those that end up in the NixOS manual 2013-08-10 21:07:13 +00:00
Jaka Hudoklin d0cb70cefb Add iodined, ip over dns daemon 2013-08-05 01:20:55 +02:00
Cillian de Róiste 41e04c9aff Merge branch 'supybot' 
Conflicts:
	modules/misc/ids.nix
 2013-08-04 03:59:18 +02:00
Cillian de Róiste 5b25c5a181 supybot.service: tidy up 2013-08-04 03:56:01 +02:00
Cillian de Róiste 6e093113fe Supybot service: failing to create stateDir in /var/lib 2013-08-04 00:18:44 +02:00
Cillian de Róiste 90554a03c7 Supybot/limnoria: add service module 2013-08-01 00:36:15 +02:00
Domen Kožar 37136e4adf Merge pull request #201 from garbas/networkmanager 
openconnect and vpnc NetworkManager plugins added
 2013-07-31 12:06:15 -07:00
Peter Simons 6341a12587 modules/services/networking/dhcpcd.nix: add "extraConfig" option 
This option allows administrators to add verbatim text to the generated
config file. I use this feature, for instance, to disable the default
route normally added by dhcpcd for certain interfaces.
 2013-07-22 14:16:13 +02:00
Eelco Dolstra 002ffea364 wpa_supplicant: Fix wlan interface detection on Linux 3.4 
Linux 3.4 apparently doesn't have the "wireless" file.
 2013-07-15 13:54:15 +02:00
Eelco Dolstra 69eeb83039 Use "or" 2013-07-15 13:54:15 +02:00
Rok Garbas fb5a616b02 openconnect and vpnc NetworkManager plugins added 2013-07-10 16:43:26 +02:00
Mathijs Kwik 824b5b645a openvpn: fix type error 
either use
- optional cond "target"
or
- optionals cond ["target1" "target2"]
 2013-06-04 07:45:58 +02:00
Domen Kozar 53390a2da9 add networkmanager_openvpn to systemPackages 2013-05-29 00:38:50 +02:00
Eelco Dolstra 2ec6759f5f openvpn.nix: Use systemd.* 
Also add an option ‘autoStart’ to configure whether an OpenVPN
instance should be started automatically.  And don't log to
/var/log/openvpn-* anymore.
 2013-05-28 14:39:48 +02:00
Lluís Batlle i Rossell f60393975f gnunet: it was missing extraGroups 2013-05-28 10:19:59 +02:00
Ricardo M. Correia 6336048c58 chrony: properly set rtconutc option, and add a few more options 2013-05-23 03:00:09 +00:00
Ricardo M. Correia 02d9a8066a Add chrony service 
Also, do not build and add ntp to the system unless it is enabled.
 2013-05-23 02:07:49 +00:00
Domen Kozar edd77af3fe add openvpn config file to networkmanager service 2013-05-13 17:52:26 +02:00
Domen Kozar 078130767d add openvpn plugin to networkmanager 2013-05-11 19:25:14 +02:00
Lluís Batlle i Rossell 4f71bce691 Adding miniupnpc to gnunet path, to be able to use upnp 2013-05-07 18:53:28 +02:00
Domen Kožar 01887f2c86 Merge pull request #100 from jcumming/hostapd.130224 
proper hostapd dependencies
 2013-05-04 01:38:45 -07:00
Domen Kožar c4ead79dd6 Merge pull request #149 from NixOS/networkmanager_suspend 
restart networkmanager on suspend resume
 2013-04-27 09:13:15 -07:00
Lluís Batlle i Rossell af0e751ee9 Making gnunet start properly (calling gnunet-service-arm directly) 2013-04-24 20:17:14 +04:00
Lluís Batlle i Rossell f50014339a Putting the gnunet module up to date. It still doesn't start gnunet though. 
No idea why.
 2013-04-24 19:03:29 +04:00
Domen Kozar ec9dc730ec restart networkmanager on suspend resume 2013-04-22 19:36:14 +02:00
Evgeny Egorochkin fa0f5bf72f Freenet: fix 2 typos 2013-04-22 16:50:58 +03:00
Lluís Batlle i Rossell 7a71320a9c Adding freenet module 2013-04-21 11:27:41 +04:00
viric 7d2ec75ae7 Merge pull request #128 from pSub/bitlbee 
Bitlbee: updated for systemd; added more options like AuthMode
 2013-04-14 12:49:18 -07:00
Jack Cummings edc12de8c9 add wantedBy network.target so that hostapd starts by default 2013-04-12 23:25:32 -07:00
Pascal Wittmann c4b3b71917 Bitlbee: create homedir; do not use /etc/bitlbee.conf 2013-04-02 00:08:17 +02:00
Domen Kozar 969c577173 fixes #127 2013-03-31 21:18:57 +02:00
Pascal Wittmann 8d0a7cb6d2 Bitlbee: tabs to spaces 2013-03-29 12:51:47 +01:00
Pascal Wittmann e33af28567 Bitlbee: hardcode username and configdir; homedir == configdir 2013-03-29 12:37:06 +01:00
Pascal Wittmann 4af26d582c Bitlbee: updated for systemd; added more options like AuthMode 2013-03-29 10:28:54 +01:00
Marc Weber f3e6b42258 replace list by listOf using same style as for attrsOf 2013-03-14 17:09:21 +01:00
Jack Cummings d5b6456f40 proper hostapd dependencies 2013-02-24 03:11:45 -08:00
Shea Levy b83be79adf default-websockify: Stop when reconfigured (i.e. new ports added/removed) 2013-02-18 11:55:46 -05:00
Shea Levy 762ea5c578 websockify: Add unit descriptions 2013-02-18 11:55:10 -05:00