Commit Graph

3672 Commits

Author SHA1 Message Date
aszlig
08881b8cbe
taskserver: Remove taskserver from systemPackages
This is deliberate because using the taskd binary to configure
Taskserver has a good chance of messing up permissions.

The nixos-taskserver tool now can manage even manual configurations, so
there really is no need anymore to expose the taskd binary.

If people still want to use the taskd binary at their own risk they can
still add taskserver to systemPackages themselves.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-02-17 19:46:05 +01:00
aszlig
c7bbb93878
taskserver: Pass configuration via command line
Putting an include directive in the configuration file referencing a
store path with the real configuration file has the disavantage that
once we change the real configuration file the store path is also a
different one.

So we would have to replace that include directive with the new
configuration file, which is very much error-prone, because whenever
taskd modifies the configuration file on its own it generates a new one
with *only* the key/value options and without any include directives.

Another problem is that we only added the include directive on the first
initalization, so whenever there is *any* configuration change, it won't
affect anything.

We're now passing all the configuration options via command line,
because taskd treats everything in the form of --<name>=<value> to be a
configuration directive.

This also has the effect that we now no longer have extraConfig, because
configuration isn't a file anymore.

Instead we now have an attribute set that is mapped down to
configuration options.

Unfortunately this isn't so easy with the way taskd is configured,
because there is an option called "server" and also other options like
"server.cert", "server.key" and so on, which do not map very well to
attribute sets.

So we have an exception for the "server" option, which is now called
"server.listen", because it specifies the listening address.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #22705
2017-02-17 19:45:58 +01:00
aszlig
78fe00da7c
taskserver: Allow helper tool in manual config
The helper tool so far was only intended for use in automatic PKI
handling, but it also is very useful if you have an existing CA.

One of the main advantages is that you don't need to specify the data
directory anymore and the right permissions are also handled as well.

Another advantage is that we now have an uniform management tool for
both automatic and manual config, so the documentation in the NixOS
manual now applies to the manual PKI config as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-02-17 19:45:55 +01:00
aszlig
32c2e8f4ae
taskserver/helpertool: Fix error message on export
The error message displays that a specific user doesn't exist in an
organisation, but uses the User object's name attribute to show which
user it was.

This is basically a very stupid chicken and egg problem and easily fixed
by using the user name provided on the command line.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-02-17 19:45:52 +01:00
Michele Guerini Rocco
5231d0ac29 bluetooth module: add option to power up bluetooth controller (#22685) 2017-02-17 19:44:04 +01:00
Matthew Daiter
336d6cc513 stanchion: remove ssl option 2017-02-17 13:24:51 +01:00
Nikolay Amiantov
8ecd5c4019 Merge pull request #22864 from abbradar/dbus-etc
Redo DBus configuration
2017-02-17 11:47:51 +03:00
Robin Gloster
6e12406e30
Revert "nginx: Format the config file"
This reverts commit e362a3d5c9.

See #22883
2017-02-16 22:45:00 +01:00
Thomas Tuegel
7c260ad2cc Merge pull request #22813 from benley/pam-kwallet
nixos: add optional pam_kwallet5 integration
2017-02-16 10:20:47 -06:00
Nikolay Amiantov
ac0cdc1952 dbus service: use makeDBusConf 2017-02-16 15:41:23 +03:00
Benjamin Staffin
463e90273f pam: add optional pam_kwallet5 integration 2017-02-16 02:26:42 -05:00
Kier Davis
5e3a26e07b
Fix typo introduced by #22677 2017-02-15 23:44:11 +00:00
Bjørn Forsman
d4e5bb34b7 nixos/geoip-updater: run as user 'geoip' instead of 'nobody'
That way 'nobody' is prevented from messing with the databases.
2017-02-15 23:25:27 +01:00
Franz Pletz
188526da3d
prometheus.blackboxExporter service: add CAP_NET_RAW
The blackbox-exporter for prometheus needs CAP_NET_RAW for sending icmp
probes.
2017-02-15 09:35:27 +01:00
Bjørn Forsman
a45821e7a8 nixos/cron: unbreak since new security.wrapper 2017-02-15 08:30:58 +01:00
Bjørn Forsman
aaac02f6c4 nixos/atd: unbreak after new security.wrappers
* convert list -> attrset
* 'atd' doesn't exist, 'at' does
2017-02-15 08:25:59 +01:00
Graham Christensen
7483ba0932
Revert "nix-daemon: default useSandbox to true"
This reverts commit d0a086770a.
2017-02-14 14:13:39 -05:00
Graham Christensen
3be1388963 Merge pull request #22767 from grahamc/sandbox-by-default
nix-daemon: default useSandbox to true
2017-02-14 13:57:44 -05:00
Parnell Springmeyer
9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Graham Christensen
d0a086770a
nix-daemon: default useSandbox to true 2017-02-13 18:06:01 -05:00
Rickard Nilsson
cda4a4dcfc nixos/grafana: Don't print password warning if no password has been set 2017-02-13 23:11:40 +01:00
Dan Peebles
e928cb1c63 ssm-agent NixOS module: init 2017-02-13 04:01:38 +00:00
Graham Christensen
84d4e4277c Merge pull request #22723 from benley/fix-sessions-with-sddm
Fix sessions with sddm.
2017-02-12 19:01:15 -05:00
Franz Pletz
f5a82e4714
gitlab service: fix database creation
Providing custom a username and database name was broken. They were
hardcoded to "gitlab".
2017-02-13 00:57:22 +01:00
Karn Kallio
8a1fcaf5bd Fix sessions with sddm. 2017-02-12 18:19:20 -05:00
Vladimír Čunát
31eba21d1d
virtualbox: force xorg-server-1.18 for now
This is getting a little hacky, but hopefully it won't break anything.
2017-02-12 21:07:49 +01:00
georgewhewell
94b28a8072 fix systemd.services.kube-proxy to use correct extraOpts 2017-02-12 15:06:59 +00:00
Bjørn Forsman
824d82fa0f nixos/geoip-updater: new service
The GeoIP databases from MaxMind have no stable URLs and change every
month (or so). Our current method of packaging these database in Nix and
playing catch-up with ever-changing file hashes is a bad idea. For
instance, it makes it impossible to realize old NixOS configurations.

This patch adds a NixOS service that periodically updates the GeoIP
databases in /var/lib/geoip-databases. Moving NixOS modules over can be
done in later patches.

I tried adding MD5 check, but not all databases have them, so i skipped
it. We are downloading over HTTPS though, it should be good. I also
tried adding zip support, but the first zip file I extracted had a
different filename inside than the archive name, which breaks an
assumption in this service, so I skipped that too.

Changes v9 -> v10:
  - Pass "--max-time" to curl to set upper bound on downloads (ensures
    no indefinite hanging if there's problem with networking).
    Timeout for network connectivity check: 60s.
    Timeout for geoip database (each): 15m.

Changes v8 -> v9:
  - Mention the random timer delay in the documentation for the
    'interval' option.

Changes v7 -> v8:
  - Add "RemainAfterExit=true" for the setup service, so it won't be
    restarted needlessly. (Thanks @danbst!)

Changes v6 -> v7:
  - Add --skip-existing flag to geoip-updater, which skips updating
    existing database files. Pass that flag when we run the service on
    boot (and on any NixOS configuration change).
    (IMHO, this is somewhat a workaround for systemd persistent timers
    not being triggered immediately when a timer has never expired
    before. But it does have the nice side effect of ensuring that the
    installed databases always correspond to the configured ones, since
    the service is now always run after configuration changes.)

Changes v5 -> v6:
  - Update database files atomically (per DB)
  - If a database is removed from the configuration, it'll be removed
    from /var/lib/geoip-databases too (on next run).
  - Add NixOS module assertion so that if user inputs non- .gz or .xz
    file there will be a build time error instead of runtime.
  - Run updater as user "nobody" instead of "root".
  - Rename NixOS service from "geoip-databases" to "geoip-updater".
  - Drop RemainAfterExit, or else the timer won't trigger the unit.
  - Bring back "curl --fail", or else we won't catch and log curl
    failures.

Changes v4 -> v5:
  - Add "GeoLite2-City.mmdb.gz" to default database list.

Changes v3 -> v4:
  - Remove unneeded geoip-updater-setup.service after adding
    'wantedBy = [ "multi-user.target" ]' directly to
    geoip-updater.service
  - Drop unneeded "Service" name from service descriptions.

Changes v2 -> v3:
  - Network may be down when starting from a cold boot, so try a few
    times. Possibly, if using systemd-networkd, it'll pass on the first
    try. But with default DHCP on NixOS, the service is started before
    hostnames can be resolved and thus we need a few extra seconds.
  - Add error handling and mark service as failed if fatal error.
  - Add proper syslog log levels.
  - Add RandomizedDelaySec=3600 to the timer to not put high load on the
    MaxMind servers. Suggested by @Mic92.
  - Set RemainAfterExit on geoip-updater.service instead of
    geoip-updater-setup.service. (The latter is only a proxy that pulls
    in the former service).

Changes v1 -> v2:
From Данило Глинський (Danylo Hlynskyi) <abcz2.uprola@gmail.com>:
  nixos/geoip-databases: add `databases` option and fix initial setup

  There were two great issues when using this service:
  - When you just enable service, databases aren't downloaded, they are
    downloaded when timer triggers. Fixed this with automatic download on
    first system activation.
  - When there is no internet, updater outputs nothing to logs, which is
    IMO misbehavior. Fixed this with removing `--fail` option, better be
    explicit here.
2017-02-12 15:07:34 +01:00
Graham Christensen
b1a05a0865
nixos: drop references to kde4
Excluding modules/programs/environment.nix for PATHand QT_PLUGIN_PATH to allow the programs to continue running.
2017-02-11 14:01:13 -05:00
Graham Christensen
3cec7d10df
kdm: drop service 2017-02-11 13:55:09 -05:00
Graham Christensen
c09004fba0 Merge pull request #22642 from grahamc/kde4-deprecate
kde4, kdm: mark services as deprecated
2017-02-11 10:17:15 -05:00
davidak
d4766e789b caddy: set file descriptor limit to 8192, fixes #22454
the value is recommended for production use
a warning is produced when not set
2017-02-11 01:44:29 +01:00
Graham Christensen
564e0c120b
kde4, kdm: mark services as deprecated 2017-02-10 17:35:52 -05:00
Profpatsch
ed8a0d8e5e modules/searx: add package option (#22636)
The user should be able to specify a patched version of searx.
2017-02-10 22:44:10 +01:00
Graham Christensen
b12564cc1b
nixos: update default cases from KDM/KDE4 to SDDM/KDE5 2017-02-09 21:52:00 -05:00
afranchuk
a5e041ac08 libreswan service: make EnvironmentFile optional (#22591)
Recent versions of libreswan seem to omit this file, but it may be added/changed in the future. It is silly to have the service fail because a file is missing that only enriches the environment.
2017-02-10 00:53:44 +01:00
Joachim F
ca8fb930b1 Merge pull request #22356 from Ekleog/redsocks
Redsocks
2017-02-09 22:39:43 +01:00
Léo Gaspard
7a32b96697 redsocks module: initialize
redsocks module: use separate user for redsocks daemon
2017-02-09 18:01:14 +01:00
Daniel Peebles
7439fe083f Merge pull request #22297 from nand0p/buildbot-0.9.3
buildbot: 0.9.0.post1 -> 0.9.3
2017-02-09 11:15:03 -05:00
Franz Pletz
65a1762a9b
nginx module: make acme group overrideable easily 2017-02-08 23:50:59 +01:00
Andrew Cann
3082647e74 trezord: init at 1.2.0 (#22054) 2017-02-08 17:18:22 +01:00
Graham Christensen
7db1f727f3
moodle: Remove due to continued security issues. 2017-02-08 09:10:45 -05:00
Franz Pletz
626540e32e Merge pull request #22524 from wizeman/u/chrony-impr
nixos.chrony: add extraFlags config option
2017-02-07 21:50:58 +01:00
Peter Simons
bfd7fe8ba5 nixos: fix taskserver module to evaluate properly when keys are managed manually 2017-02-07 18:35:41 +01:00
Ricardo M. Correia
9293f86bf2 nixos.chrony: remove generatecommandkey option
It's deprecated and no longer used.
2017-02-07 18:01:58 +01:00
Ricardo M. Correia
e3fce56047 nixos.chrony: add extraFlags config option 2017-02-07 18:01:57 +01:00
Jörg Thalheim
3aff6c07ab Merge pull request #22518 from wizeman/u/fix-chrony-conf
nixos.chrony: pass config file directly to daemon
2017-02-07 17:17:17 +01:00
Fernando J Pando
34b5c9a4de buildbot: 0.9.0.post1 -> 0.9.3
- Fixes unneeded patching
- Adds worker to build inputs now needed for tests
- Replaces enableworker option with worker configuration module
- Openssh required for tests
- Fixes worker hardcoded paths
- Tested on Nixos Unstable
2017-02-07 11:14:42 -05:00
Svein Ove Aas
e362a3d5c9 nginx: Format the config file 2017-02-07 16:19:11 +01:00
Ricardo M. Correia
af4e6f155e nixos.chrony: pass config file directly to daemon
This fixes an issue where `nixops deploy` wouldn't restart the chrony
service when the chrony configuration changed, because it wouldn't
detect that `/etc/chrony.conf` was a dependency of the chrony service.
2017-02-07 13:48:58 +01:00
Matthew Bauer
3a9a707fd4
emacs24macport: remove 2017-02-06 16:46:05 -06:00
Shea Levy
714fdb425a firewall: Fix check for rpfilter on manual-config kernels 2017-02-06 16:43:23 -05:00
Nikolay Amiantov
9beeee2717 Merge pull request #22431 from abbradar/postfix-local
postfix service: don't empty local_recipient_maps
2017-02-06 03:50:05 +03:00
Joachim Schiele
d491728653 httpd: added serviceExpression which extends the serviceType concept -> allows that httpd services can live outside of nixpkgs (#22269) 2017-02-06 01:08:58 +01:00
Nikolay Amiantov
52c7e647ab postfix service: don't empty local_recipient_maps
From Postfix documentation:

With this setting, the Postfix SMTP server will not reject mail with "User
unknown in local recipient table". Don't do this on systems that receive mail
directly from the Internet. With today's worms and viruses, Postfix will become
a backscatter source: it accepts mail for non-existent recipients and then
tries to return that mail as "undeliverable" to the often forged sender
address.
2017-02-06 01:41:27 +03:00
Joachim F
4459f26ad8 Merge pull request #22175 from dancek/illum
illum: init at 0.4
2017-02-05 16:41:30 +01:00
Shea Levy
67ef18d01a supplicant nixos module: Allow not specifying the configFile path 2017-02-05 06:50:20 -05:00
Nikolay Amiantov
90bc1a8595 Merge pull request #22353 from abbradar/bluetooth
Bluetooth improvements
2017-02-05 13:18:48 +03:00
Joachim Fasting
2628597e76
cjdns service: allow daemon to drop privileges
The service can run certain components with reduced privileges, but for
that it needs the setuid capability.
2017-02-05 04:54:26 +01:00
Joachim Fasting
a0338afe5f
cjdns service: allow writing keys to /etc
20e81f7c0d prevented key generation in
`preStart`, leaving the service broken for the case where the user has
no pre-existing key.

Eventually, we ought to store the state elsewhere so that `/etc` can be
read-only but for now we fix this the easy way.
2017-02-05 04:54:18 +01:00
Nikolay Amiantov
9a11dda5fd nfsd service: don't run exportfs
It's run by service already.
2017-02-05 03:17:38 +03:00
Nikolay Amiantov
5b043ea361 nfs service: create state directories 2017-02-05 03:17:38 +03:00
Hannu Hartikainen
d91b39b3f9 illum: init at 0.4 2017-02-04 20:22:51 +02:00
Joachim F
17cc22a619 Merge pull request #22225 from bachp/glusterfs-service
glusterfs: add service
2017-02-04 15:15:39 +01:00
laMudri
7c27554033 xfce: make xfwm optional 2017-02-04 11:55:01 +00:00
Tim Jaeger
83241c091d
gogs: fix error on push
Pushing to gogs only works if the `gogs` user's shell is `bash`. For error and
solution, refer to [this SO thread](http://stackoverflow.com/a/22315659)
2017-02-04 12:16:37 +01:00
rnhmjoj
a3ff62d48c namecoind: refactor nixos module 2017-02-03 20:06:45 +01:00
rnhmjoj
f7d49037a4
dnschain service: overhaul option interface & implementation
Closes https://github.com/NixOS/nixpkgs/pull/22041
2017-02-03 19:49:16 +01:00
Ricardo Ardissone
0bae18fb55 sane service: mention the lp group for printer+scanners 2017-02-03 20:54:04 +03:00
Nikolay Amiantov
230c97c944 Merge pull request #22303 from abbradar/nfs4
NFS improvements
2017-02-03 20:04:25 +03:00
Benjamin Staffin
53e6431d61 Merge pull request #22358 from yorickvP/asteriskupd
asterisk: add lts version
2017-02-03 02:30:34 -05:00
Pascal Bach
19759cfeab services: add GlusterFS service
This service is only limited in configuration options.
But it is sufficient to run glusterd and configure it using the gluster command
2017-02-02 23:16:52 +01:00
Daiderd Jordan
f87fb85259 Merge pull request #22376 from LumiGuide/wordpress-4.7.2
wordpress: 4.7.1 -> 4.7.2 (Security fix)
2017-02-02 19:30:36 +01:00
Daniel Peebles
ff8a21e03c Merge pull request #22348 from nand0p/hologram-module
hologram: 8d86e3f -> d20d1c3
2017-02-02 17:42:07 +01:00
Fernando J Pando
1d85e0bbab hologram: 8d86e3f -> d20d1c3
- Updates dependencies
- Adds configuration module
- Tested on Nixos Unstable
2017-02-02 11:31:42 -05:00
Bas van Dijk
5cc75352f8 wordpress: 4.7.1 -> 4.7.2
See: https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
2017-02-02 16:41:32 +01:00
Yorick van Pelt
1b47bc9477 service.asterisk: add package option 2017-02-02 15:16:00 +01:00
Nikolay Amiantov
4abcef2ba1 bluez service: use upstream units 2017-02-02 00:52:54 +03:00
Tristan Helmich
24f3abdafb
Revert "Make services.xserver.xkbDir conflict free when overriden."
This reverts commit 82bcfef109.

cc @nbp

Fixes #22290, #22352.

Signed-off-by: Franz Pletz <fpletz@fnordicwalking.de>
2017-02-01 22:37:04 +01:00
Nikolay Amiantov
c34cfa21d4 Merge pull request #22343 from abbradar/dbus-etc
dbus service: use /etc/dbus-1 for configuration
2017-02-01 23:00:07 +03:00
Nikolay Amiantov
e0e9fddf56 nfsd service: use upstream systemd units
* Use /etc/nfs.conf as the recommended upstream way to configure services.
* Move server options to nfsd module.
2017-02-01 19:47:33 +03:00
Eelco Dolstra
9d6a55aefd
~/.nixpkgs -> ~/.config/nixpkgs
The former is still respected as a fallback for config.nix for
backwards compatibility (but not for overlays because they're a new
feature).
2017-02-01 16:07:55 +01:00
Nikolay Amiantov
72b3746266 dbus service: remove {system,session}.conf from config dir
They are already included by dbus from /run/current-system/sw/share/dbus-1.
2017-02-01 15:37:24 +03:00
Nikolay Amiantov
39344a36d3 dbus service: use /etc/dbus-1 for configuration
Also use upstream systemd units.
2017-02-01 15:03:22 +03:00
Franz Pletz
f96c3f1844 Merge pull request #22180 from mguentner/offline_ipfs
services: ipfs: separate system units, add offline mode
2017-02-01 03:41:31 +01:00
Nikolay Amiantov
876a6d7f03 rpcbind service: use upstream systemd unit 2017-02-01 02:45:19 +03:00
Peter Simons
10349e72b9 nixos: drop unused 'haskellPackages' option from ihaskell service
Closes https://github.com/NixOS/nixpkgs/issues/19039.
2017-01-31 22:38:01 +01:00
Benjamin Staffin
e01c15d433 nixos: if gnome3 is installed, build gvim for gtk3 too 2017-01-31 02:36:35 -05:00
Edward Tjörnhammar
b08524bf01
nixos: nylon, use named instances 2017-01-30 20:32:06 +01:00
Edward Tjörnhammar
e324c02aa5
nixos: i2pd, follow redirect 2017-01-29 18:00:58 +01:00
Parnell Springmeyer
6777e6f812
Merging with upstream 2017-01-29 05:54:01 -06:00
Parnell Springmeyer
628e6a83d0
More derp 2017-01-29 05:33:56 -06:00
Nicolas B. Pierron
82bcfef109 Make services.xserver.xkbDir conflict free when overriden. 2017-01-29 12:24:31 +01:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer
a8cb2afa98
Fixing a bunch of issues 2017-01-29 01:58:12 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Joachim F
ac1e65c302 Merge pull request #22230 from michaelpj/services/arbtt-fix-wanted-by
arbtt: multi-user.target does not exist in user systemd
2017-01-29 00:37:17 +01:00
Michael Peyton Jones
46c0da1818 arbtt: multi-user.target does not exist in user systemd 2017-01-28 14:29:19 +00:00
Franz Pletz
ae3fc70ede Merge pull request #22124 from mayflower/feature/frab
frab: init at 2016-12-28 & module
2017-01-27 17:15:05 +01:00
Dan Peebles
ced27b2966 fluentd module: add configurable package option 2017-01-27 15:08:23 +00:00
Guillaume Maudoux
29667f639c dbus: catch new services without reboot (#20871)
DBus daemon now loads its config from /run/current-system/dbus.
Reloading the daemon makes it re-read that file and catch the updates
after a system upgrade.
2017-01-27 14:46:13 +01:00
Maximilian Güntner
123dd9f4e7
services: ipfs: separate system units, add offline mode
Offline mode: When adding a lot of data, start this service.
It will will not flood the DHT since it only exposes the API.
When you are done simply reverse the process.
2017-01-27 00:27:50 +01:00
Parnell Springmeyer
a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy 2017-01-26 02:00:04 -08:00
Parnell Springmeyer
025555d7f1
More fixes and improvements 2017-01-26 00:05:40 -08:00
Franz Pletz
fbf762e0b7
frab module: init 2017-01-25 23:58:21 +01:00
Robin Gloster
117e5547d1 Merge pull request #21311 from makefu/services/logstash
services.logstash: default options, examples and address update
2017-01-25 22:11:40 +01:00
Shaun Sharples
462ef74442 factorio: remove autosave-interval from command-line options 2017-01-25 21:39:37 +01:00
Shaun Sharples
7f358917ee factorio: settings moved from command-line options to server-settings.json 2017-01-25 21:39:37 +01:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Vladimír Čunát
278bbe3b33
add kresd service with basic options
Still celebrating today's 1.2.0 release!
2017-01-25 18:46:28 +01:00
Bob van der Linden
d9987f360a nginx: added serverName option for virtualHosts
This allows overriding the `server_name` attribute of virtual
hosts. By doing so it is possible to have multiple virtualHost
definitions that share the same `server_name`. This is useful in
particular when you need a HTTP as well as a HTTPS virtualhost: same
server_name, different port.
2017-01-25 14:55:55 +01:00
Franz Pletz
b9b95aa4d4 Merge pull request #22034 from mayflower/conntrack-helpers
Disable conntrack helper autoloading by default
2017-01-25 14:18:41 +01:00
Daniel Peebles
95add2c2f7 Merge pull request #22103 from copumpkin/automatic-kafka-broker-id
apache-kafka service: change default brokerId to -1
2017-01-24 22:17:03 -05:00
Franz Pletz
8322a12ef2
firewall: disable conntrack helper autoloading by default
This was disabled in the Linux kernel since 4.7 and poses a security risk
if not configured properly.

https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=486dcf43da7815baa615822f3e46883ccca5400f
2017-01-25 01:14:04 +01:00
Franz Pletz
403fdd737e
linux: remove canDisableNetfilterConntrackHelpers feature
This feature is available in all kernels in nixpkgs.
2017-01-25 00:28:55 +01:00
Thomas Tuegel
54df142672
nixos/kde5: use kimpanel with IBus by default 2017-01-24 12:55:06 -06:00
Michael Raskin
ae4f2fd145 Merge pull request #22066 from mbrgm/journalbeat
journalbeat service: init at 5.1.2
2017-01-24 17:56:48 +00:00
Michael Raskin
7516dbe35e Merge pull request #22045 from rnhmjoj/recursor
PowerDNS Recursor: add package and service
2017-01-24 17:54:47 +00:00
Michael Raskin
47661c831e Merge pull request #22028 from MostAwesomeDude/tahoe
Tahoe-LAFS version bump
2017-01-24 17:49:00 +00:00
Dan Peebles
eebee95176 apache-kafka service: change default brokerId to -1
A default of 0 means that if you deploy two NixOS boxes with the default
configuration, the second will fail because the brokerId was already in
use. Using -1 instead tells it to pick one automatically at first start.
2017-01-24 12:32:22 -05:00
Kai
25d86bdd10 vnstat service: init (#19809) 2017-01-24 14:45:01 +01:00
Tristan Helmich
b3b300b6ff smokeping: setuid for fping6 2017-01-24 12:40:21 +01:00
Corbin
de4c9e0d15 nixos/services/tahoe: Work around awkward command. 2017-01-23 17:55:41 -08:00
Marius Bergmann
00444cbf25 journalbeat service: init at 5.1.2
Journalbeat is a log shipper from systemd/journald to
Logstash/Elasticsearch. I added a package as well as a NixOS service
module for it.
2017-01-23 18:28:55 +01:00
rnhmjoj
6bcf89f217
pdns-recursor: add service 2017-01-23 17:57:48 +01:00
Jaka Hudoklin
90e0ed32ef Merge pull request #22043 from rnhmjoj/dnscrypt-wrapper
dnscrypt-wrapper: add service
2017-01-23 11:23:28 +01:00
rnhmjoj
9f2bb2ed42
dnscrypt-wrapper: add service 2017-01-23 07:06:07 +01:00
Robert Helgesson
cd9f709582
flannel service: fix enable expression
Need to surround the equality check in parentheses.
2017-01-22 21:58:39 +01:00
Franz Pletz
df0301f59b
nixos/networkmanager: trigger assertion instead of error 2017-01-22 20:32:24 +01:00
Charles Strahan
d298a961f1 Merge pull request #21416 from cstrahan/mesos-1.1.0
mesos: 1.0.1 -> 1.1.0
2017-01-21 19:05:18 -05:00
Charles Strahan
5b1b089de3 Merge pull request #8642 from cstrahan/slim-console-cmd
nixos: provide default console_cmd for slim
2017-01-21 19:01:02 -05:00
Charles Strahan
71f92bc8a3
nixos: provide default console_cmd for slim
This provides a default console_cmd for the slim display-manager.

When the user enters "console" as the user name, slim will run this
command.

Having a default is rather important; the virtual terminals don't work
with some display drivers, so having a broken X session can leave you
locked out of your machine.
2017-01-21 18:59:28 -05:00
schneefux
67c4512060
gogs service: init 2017-01-21 13:38:24 +01:00
Daiderd Jordan
2b2b0b566d Merge pull request #20183 from womfoo/init/netdata-service
netdata service: init
2017-01-20 21:05:10 +01:00
Graham Christensen
c0f3b8d629
wordpress: 4.6.1 -> 4.7.1 for multiple CVEs
CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493
2017-01-19 22:53:49 -05:00
Bjørn Forsman
6a52a130de nixos/kde5: enable system-config-printer dbus service
Without it, the following error is shown in the "Add Printer" window:

Failed to group devices: 'The name org.fedoraproject.Config.Printing was not provided by any .service files'
2017-01-18 20:39:17 +01:00
Michael Weiss
460b43dbfe firewall: Improve the comments (documentation) (#21862)
* Fix the FW names

FW_REFUSE was removed and nixos-fw-input was renamed to nixos-fw.

* Update the comment (documentation) at the top

Order the chains of the main table alphabetically (like in the rest of
the file) and add nixos-fw-rpfilter (from the raw table) and nixos-drop
(used while reloading the firewall).

* Refactor the module (mainly comments)

- Move some attributes to the top for better visibility (that should
  hopefully make it easier to read and understand this module without
  jumping around too much).
- Add some missing examples and improve some descriptions.
- Reorder the mkOption attributes for consistency.
- Wrap lines at 72 characters.
- Use two spaces between sentences.
2017-01-18 17:18:11 +01:00
Svein Ove Aas
fec95a40f1
ddclient: Don't include blank server= lines. 2017-01-16 18:54:49 +01:00
Tristan Helmich
e5f353d5cd couchpotato module: init 2017-01-16 12:54:43 +01:00
Jörg Thalheim
28093e42ec Merge pull request #21864 from pjones/pjones/dovecot
dovecot: Fix sieve scripts
2017-01-16 12:42:06 +01:00
Bjørn Forsman
4c803b904e nixos/clamav: set "clamav" user's primary group to "clamav"
So that the files created by the clamav service is owned by group
"clamav" instead of "nogroup".
2017-01-15 22:56:34 +01:00
Franz Pletz
30645560cd Merge pull request #21880 from mguentner/ipfs_empty_repo
services: ipfs: add emptyRepo option, refactor
2017-01-15 18:16:00 +01:00
Nikolay Amiantov
3eafa26d75 Merge pull request #21828 from abbradar/hwdb-verify
udev service: verify that hwdb is generated without errors
2017-01-15 19:53:53 +03:00
Nikolay Amiantov
70a6628848 Merge pull request #21882 from abbradar/dhcp6
DHCPv6 improvements
2017-01-15 19:53:33 +03:00
Nikolay Amiantov
820b4cd067 firewall service: allow DHCPv6 client traffic 2017-01-15 19:38:54 +03:00
Nikolay Amiantov
1158eda66a dhcpd service: add DHCPv6 support 2017-01-15 19:38:53 +03:00
Maarten Hoogendoorn
69391e3423 kube-controller-manager service: Allow restarts on failure 2017-01-15 13:27:45 +01:00
Bjørn Forsman
d2413943fa nixos/prometheus: add configText option for alertmanager
The reason being less mental overhead when reading upstream
documentation. Examples can be pasted right into the configuration
instead of translating to Nix attrset first.
2017-01-14 15:41:05 +01:00
Sheena Artrip
5c5648b1f6
caddy: add package config option 2017-01-13 22:29:26 -05:00
Maximilian Güntner
a541f86f8b
services: ipfs: add emptyRepo option, refactor 2017-01-14 04:01:43 +01:00
Peter Jones
75aaae34a9
dovecot: Fix sieve scripts
Make sure that the output of the sieve compiler produces files that
have a newer time stamp than the source sieve script.  Otherwise you
get errors in the logs about Dovecot not being able to compile do to a
permission issue.
2017-01-13 14:19:29 -07:00
makefu
e9c6cf02e6
services.logstash: rename address to listenAddress 2017-01-13 10:19:32 +01:00
makefu
10303e9e47
services.logstash: update example and default filter 2017-01-13 10:19:19 +01:00
Jörg Thalheim
4b24ec524d Merge pull request #21835 from volth/miredo-no-checkconf
miredo: do not run miredo-checkconf
2017-01-13 00:25:30 +01:00
Domen Kožar
e5dcce837a
nixos: fix terminal-server, fixes #21834 2017-01-12 16:41:33 +01:00
Volth
ac0b6b9a2c miredo: do not run miredo-checkconf 2017-01-12 14:30:58 +00:00
Nikolay Amiantov
6dbcf7d2e9 udev service: verify that hwdb is generated without errors 2017-01-12 11:11:59 +03:00
Jörg Thalheim
62708c29f8 Merge pull request #21570 from michaelpj/services/arbtt
arbtt service: init
2017-01-11 22:27:52 +01:00
oida
d423567a95
prometheus-snmp-exporter: added nixos module 2017-01-09 18:05:28 +01:00
Robin Gloster
575afe3fa7
prometheus exporter modules: unify firewall handling 2017-01-09 15:31:37 +01:00
Corbin
618b249fc5 prometheus module: add blackboxExporter 2017-01-09 15:20:26 +01:00
Corbin
bd45d5fe8d prometheus module: add jsonExporter 2017-01-09 15:20:26 +01:00
Corbin
1b839a586b prometheus module: add varnishExporter 2017-01-09 15:20:26 +01:00
Corbin
363fa27448 promeutheus.nginxExporter: add improvements
- use ExecStart and ExecReload
 - add extraFlags
2017-01-09 15:20:26 +01:00
Robin Gloster
39e8eaf8b6 prometheus module: add nginxExporter 2017-01-09 15:20:26 +01:00
Svein Ove Aas
a4fca56897
ddclient: Write /etc/ddclient.conf when requested
Fixes #20101

From PR #21417
2017-01-09 06:29:15 +01:00
Daniel Peebles
b0264bb63c Merge pull request #21703 from copumpkin/httpd-no-mkdir
httpd module: don't create documentRoot directory if it doesn't exist
2017-01-09 00:28:41 -05:00
Valentin Shirokov
e138d3afdf Added option networking.wireless.networks.*.priority
It is literal 'priority' option of wpa_supplicant.conf
2017-01-07 20:23:12 +08:00
Franz Pletz
e6708cea37
bind: fix collision of binaries in outputs
Using outputsToInstall the intended behaviour of including host and dnsutils
when bind is installed can be implemented instead of using symlinks to fix
installing all outputs individually with nix-env.

Fixes #19761.
2017-01-07 02:44:54 +01:00
Dan Peebles
df7b4f4f6f httpd module: don't create documentRoot directory if it doesn't exist
It hides bugs and do you ever actually want to serve up an empty directory?
It was pretty confusing to me when it tried to write into a read-only store
path because I accidentally pointed it to the wrong store path.
2017-01-05 21:19:16 -05:00
volth
9bb6d91c73 httpd: setuptools is not top-level 2017-01-05 17:37:33 +00:00
Joachim F
02053c31c1 Merge pull request #21586 from pngwjpgh/postgrey
Postgrey
2017-01-05 07:24:47 +01:00
Franz Pletz
cdbffaa86e Merge pull request #21625 from mayflower/smokeping
smokeping: Allow customization of cgiurl and imgurl
2017-01-04 21:56:12 +01:00
Joachim F
9e0dc9fa7c Merge pull request #21592 from joachifm/cjdns-optional-extraHosts
cjdns service: optional extraHosts
2017-01-04 18:54:09 +01:00
Alexander Kahl
61d125b842 sssd: init at 1.14.2
perlPackages.TextWrapI18N: init at 0.06
perlPackages.Po4a: init at 0.47
jade: init at 1.2.1
ding-libs: init at 0.6.0

Switch nscd to no-caching mode if SSSD is enabled.

abbradar: disable jade parallel building.

Closes #21150
2017-01-04 03:07:20 +03:00
Graham Christensen
85dbc754a1 Merge pull request #21621 from volth/fix-synaptics-symlink
synaptics: fix broken symlink
2017-01-03 18:13:40 -05:00
Tristan Helmich
f808502aba smokeping: cleanup (option ordering) 2017-01-03 23:10:59 +01:00
Tristan Helmich
b5703eaa80 smokeping: Allow full override of imgurl + cgiurl 2017-01-03 23:10:54 +01:00
Chris Martin
6a7664e6cd Add some more details about useSandbox 2017-01-03 14:24:49 -05:00
volth
428daee5bc fix broken link to synaptics config 2017-01-03 19:23:24 +00:00
Thomas Tuegel
0723aa8108 Merge pull request #21466 from abbradar/kde-wrapper
Flatten nested kdeWrappers
2017-01-03 08:21:39 -06:00
volth
c737809465 miredo-fix-kill-path 2017-01-03 10:10:34 +00:00
Nikolay Amiantov
1dceb2290c kde5 service: use flattening kdeWrapper 2017-01-03 02:33:19 +03:00
Balletie
e5f5aa52e5
pommed service: use pommed-light
The pommed package was marked as broken. It is also severely
unmaintained. I therefore chose to replace it entirely with
`pommed-light`, for now.
2017-01-02 19:40:50 +01:00
Tomas Hlavaty
bdb9cd1e17 cjdns service: optionally add cjdns hosts to networking.extraHosts
Enabling this incurs a heavy eval-time cost, but it's a nice usability
enhancement; satisfy both concerns by making it optional (default
false).
2017-01-02 19:31:37 +01:00
Joachim Fasting
237af1853a
Revert "nixos/cjdns: do not ammend /etc/hosts"
This reverts commit 60ded3f363.

We want to make this optional instead.
2017-01-02 19:31:11 +01:00
Gregor Kleen
65f0ddbd53 postgrey: improve formatting 2017-01-02 15:42:51 +01:00
Gregor Kleen
58fa71b39c postgrey: allow additional whitelists 2017-01-02 15:40:54 +01:00
Gregor Kleen
82291bae49 postgrey: more verbose default socket 2017-01-02 15:32:50 +01:00
Gregor Kleen
3c0d02c387 postgrey: coerce integers 2017-01-02 15:27:00 +01:00
Gregor Kleen
e2dd0799a8 postgrey: fix submodule syntax 2017-01-02 15:19:00 +01:00
Gregor Kleen
e196ad2c66 postgrey: add descriptions to IPv?CIDR 2017-01-02 15:12:39 +01:00
Gregor Kleen
06bcdc177c postgrey: extended configuration 2017-01-02 15:10:03 +01:00
Michael Peyton Jones
10e2d88f6c arbtt service: init 2017-01-01 18:59:01 +00:00
Jörg Thalheim
05f2f8e1fd Merge pull request #21505 from tg-x/mpd-listen
mpd: listen on 127.0.0.1 by default
2017-01-01 16:06:17 +01:00
tg(x)
002f3c8760 mpd: listen on 127.0.0.1 by default 2017-01-01 13:46:39 +01:00
Robin Stumm
11fe837758 rename sound.enableMediaKeys to sound.mediaKeys.enable and add volumeStep 2017-01-01 11:44:07 +01:00
volth
06b372f24f miredo: init at 1.2.6 2016-12-31 21:03:27 +01:00
Bjørn Forsman
76923648af nixos/gnome3: add gnome-settings-daemon udev rules (enables bluetooth GUI)
Without this, gnome-settings-daemon will not have write access to
/dev/rfkill, which in turn cause it to advertise no "airplane mode" over
D-Bus, which in turn the bluetooth panel code in gnome-control-center
interprets as "there are no bluetooth dongles" (and the button to turn
on bluetooth is grayed out). The end result that bluetooth operations
cannot be done in the GNOME desktop.

See upstream discussion:

http://lists.usefulinc.com/pipermail/gnome-bluetooth/2016-July/thread.html
http://lists.usefulinc.com/pipermail/gnome-bluetooth/2016-December/thread.html
2016-12-31 13:05:38 +01:00
Frederik Rietdijk
361dae67d4 flexget: move out of python-packages.nix
because it is an application and not a library.
2016-12-31 09:52:45 +01:00
Joachim Fasting
d8659f24e6
dnscrypt-proxy service: order before nss-lookup.target 2016-12-30 20:27:05 +01:00
Alexey Lebedeff
59361a2a81 i2pd module: fix typo (#21525) 2016-12-30 15:14:05 +01:00
Charles Strahan
7ebcada020
mesos: 1.0.1 -> 1.1.0 2016-12-29 20:09:46 -05:00
Graham Christensen
8ed4c8b73b
openssh: 7.4p1 no longer backgrounds when systemd is starting it. 2016-12-29 17:04:46 -05:00
Robin Gloster
d8ef63fc73
crowd module: fix OpenID server 2016-12-29 00:41:42 +01:00
Tim Digel
81d8a457ed Fix asterisk & asterisk: 13.6.0 -> 14.1.2 (#20788)
* fix/asterisk-module: use unix-group for asterisk-files
* fix/asterisk-module: add configOption to use some default config-files
* fix/asterisk-module: correction of skel copy
* fix/asterisk-module: use /etc/asterisk as configDir
* fix/asterisk-module: add reload; do not restart unit
* asterisk: 13.6.0 -> 14.1.2
* fix/asterisk: compile with lua, pjsip, format_mp3
* fix/asterisk: fix indentation
* fix/asterisk: remove broken flag
2016-12-28 23:04:58 +01:00
Bjørn Forsman
9ec867f59f nixos/prometheus: unbreak alertmanager default config
The current default value of listenAddress = null blows up:

  $ nixos-rebuild build
  error: cannot coerce null to a string, at
  .../nixpkgs/nixos/modules/services/monitoring/prometheus/alertmanager.nix:97:16

With listenAddress = "" we use the same default as upstream and there is
no blow up :-)
2016-12-28 13:52:15 +01:00
Franz Pletz
7ae2d221cd
bird service: add bird to systemPackages
For the tool birdc to monitor and configure bird.
2016-12-28 06:35:31 +01:00
Michael Raskin
c311871a6d xserver.wacom: update xorg.conf.d name after upstream change of the number 2016-12-27 23:47:29 +01:00
lassulus
cfbe501d4e nixos/graphite: fix beacon config parameter 2016-12-27 19:38:18 +01:00
Bjørn Forsman
b20fdff521 nixos/prometheus: make scrapeConfigs.*.static_configs.*.labels optional
...by providing a default value of "no labels" (an empty attrset).

Without this change we get

  $ nixos-rebuild test -I nixpkgs=.
  building Nix...
  building the system configuration...
  error: The option `services.prometheus.scrapeConfigs.[definition 1-entry 1].static_configs.[definition 1-entry 1].labels' is used but not defined.

which is unneeded, because labels _are_ optional.
2016-12-25 15:38:55 +01:00
Jörg Thalheim
f4e58c2eb2 Merge pull request #21395 from jerith666/plex-firewall
plex: add config option to open recommended network ports
2016-12-24 23:31:04 +01:00
Matt McHenry
b64214f66f plex: add config option to open recommended network ports
as prescribed at https://support.plex.tv/hc/en-us/articles/201543147-What-network-ports-do-I-need-to-allow-through-my-firewall-
2016-12-24 15:36:52 -05:00
Jörg Thalheim
c23032a8b1 docker: update service units from upstream
All the new options in detail:

Enable docker in multi-user.target make container created with restart=always
to start. We still want socket activation as it decouples dependencies between
the existing of /var/run/docker.sock and the docker daemon. This means that
services can rely on the availability of this socket. Fixes #11478 #21303

  wantedBy = ["multi-user.target"];

This allows us to remove the postStart hack, as docker reports on its own when
it is ready.

  Type=notify

The following will set unset some limits because overhead in kernel's ressource
accounting was observed. Note that these limit only apply to containerd.
Containers will have their own limit set.

  LimitNPROC=infinity
  LimitCORE=infinity
  TasksMax=infinity

Upgrades may require schema migrations. This can delay the startup of dockerd.

  TimeoutStartSec=0

Allows docker to create its own cgroup subhierarchy to apply ressource limits on
containers.

  Delegate=true

When dockerd is killed, container should be not affected to allow
`live restore` to work.

  KillMode=process
2016-12-23 21:39:38 +01:00
Matt McHenry
3c10e68c40
plex: fix a minor syntax issue in systemd ExecStart 2016-12-23 08:02:08 -05:00
tv
de44544ceb nginx service: use default_server parameter instead of default (#21371) 2016-12-23 11:52:44 +01:00
Felix Richter
d8478c7912 services.nginx: allow startup with ipv6 disabled (#21360)
currently services.nginx does not start up if `networking.enableIPv6 = false`
the commit changes the nginx behavior to handle this case accordingly.
The commit resolves #21308
2016-12-23 11:49:35 +01:00
Rok Garbas
e6fa6b21e1 apacheHttpdPackages.mod_perl: init at 2.0.10 2016-12-22 13:36:44 +01:00
Bjørn Forsman
caa476b357 nixos/prometheus: add services.prometheus.configText option
The structured options are incomplete compared to upstream and I think
it will be a maintenance burden to try to keep up. Instead, provide an
option for the raw config file contents (prometheus.yml).
2016-12-21 00:32:24 +01:00
Joachim Fasting
361633db3b
rmilter service: fix invalid directive
RuntimeDirectoryPermissions -> RuntimeDirectoryMode

Would result in warnings like "unknown lvalue" on startup
2016-12-18 12:42:37 +01:00
Joachim Fasting
c27eeeafd9
brltty service: wait for devices to settle
Otherwise it starts way too early, only to fail and having to restart
until devices are available.  It is less wasteful to simply wait until
there's a reasonable chance of success.  This is consistent with
upstream.
2016-12-18 12:42:14 +01:00
Joachim Fasting
142930113c
Revert "mysql service: specify a default package"
This reverts commit 4358d3d439.

Not having a default was deliberate, see
1ce6fff4e2

Thanks to @ocharles for making me aware of this.
2016-12-17 22:36:38 +01:00
Joachim Fasting
c2219007e8
Revert "mysql service: specify defaultText for package option"
This reverts commit 52d12b473a.
2016-12-17 22:36:15 +01:00
Jörg Thalheim
1590461887 ntp: make timesyncd the new default
- most nixos user only require time synchronisation,
  while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
  save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
rnhmjoj
993cbf8acb uxrvtd: Fix clipboard 2016-12-16 23:55:50 +01:00
Bjørn Forsman
ebe67d69d0 collectd service: change /var/lib/collectd perms: 700 -> 755
The collectd service runs as an unprivileged user by default, so it does
not leak more information to its data directory than any user can obtain
elsewhere by other means.

If people are running it as root and are worried about information leak,
we can add collectd group and set perms to 750.

CC @offlinehacker.

Fixes #21198.
2016-12-16 23:04:42 +01:00
michael bishop
e5cefadef7 fix indentation in several nixos option descriptions 2016-12-16 18:29:25 +01:00
romildo
2e7105467b lxqt: better organize system packages
Split packages in three categories, all of them going into the system
package list:
- pre-requisite packages
- core packages
- optional packages

Add a new configuration option 'environment.lxqt.excludePackages' to
specify optional LXQt packages that should be excluded from system
packages.

Add 'gvfs' as a pre-requisite package, needed by 'pcmanfm-qt' to
handle virtual places, like "Computer" and "Network".
2016-12-15 22:45:06 +01:00
Jörg Thalheim
cc864af928 bird: refactor module
- syntax check before deploying configuration
- remove static unnessary static uid/gid (configuration is opened as root)
- add service hardening
2016-12-15 11:38:45 +01:00
Jörg Thalheim
9871d3cb42 Merge pull request #21087 from offlinehacker/nixos/kubernetes1/fixdns
kubernetes module: fix default dns ip
2016-12-15 01:14:54 +01:00
Jörg Thalheim
ebd85b632a
ferm: reload rules on updates instead of restart 2016-12-14 16:09:11 +01:00
Renaud
fa0a63ec13 fail2ban service : improve ssh jail (#21131)
Improvement to the ssh-iptables to block the port(s) actually defined
for sshd in config.services.openssh.ports
2016-12-14 14:58:02 +01:00
Nikolay Amiantov
17d0a570ab Merge pull request #21137 from jerith666/cupsd-path
use symlink to ensure cupsd.conf PATH always points to a valid store path
2016-12-14 14:42:27 +03:00
Matt McHenry
05fb82732c use symlink to ensure cupsd.conf PATH always points to a valid store path
even if cups rewrites its config file due to config changes made through
its web-based management UI, we need to keep the PATH pointing to
currently-live nix store directories.  fixes #20806.
2016-12-13 21:35:56 -05:00
Joachim Fasting
d893c86b34
terraria service: fixup worldPath option type
Otherwise, using the defaults results in a type error.
2016-12-13 15:12:33 +01:00
Joachim Fasting
33088accc8
terraria service: fix tmux output
tmux.bin was removed in 5535d94394

Use `lib.getBin` to be more robust to future changes.
2016-12-13 15:12:31 +01:00
Fernando J Pando
50466c2d4f
buildbot: 0.9.0rc4 -> 0.9.0.post1
- updates buildbot to version 9 release
- adds nixos configuration module
- fixes buildbot-www package deps
- re-hardcode path to tail
- builbot configuration via module vars

fixes #19759
2016-12-13 10:52:56 +01:00
Jaka Hudoklin
2867f88781 kubernetes module: fix default dns ip 2016-12-12 01:25:23 +01:00
Gregor Kleen
d5ec2a2c9d
postsrsd: additional configuration
fixes #19933
2016-12-11 21:43:45 +01:00
Joachim F
9af356258b Merge pull request #20971 from kierdavis/boinc
boinc service: add to module list
2016-12-11 13:06:09 +01:00
Joachim Fasting
230994a30a
psd service: assert that at least one user must be configured
Using the default config, a user will experience a run-time failure.
This is poor UX, assert the requirement up-front.
2016-12-10 20:35:44 +01:00
Joachim Fasting
4697f83984
openfire service: more informative assertion failure message
Explain why the assertion fails; the user already knows that it *has*
failed.
2016-12-10 20:35:43 +01:00
Joachim Fasting
2a4902dd80
dante service: fix config option type
The type was simply str but the default is null, thus resulting in a
conversion error if the user fails to declare a value.
2016-12-10 20:35:41 +01:00
Joachim Fasting
fafb6657c1
syslogd service: assert conflict with rsyslogd
Enabling both these at the same time fails because they implement the
same interface.
2016-12-10 20:35:39 +01:00
Joachim Fasting
19b96176b4
couchdb service: fix test in preStart
Otherwise you'd get errors like "-f no such command".
2016-12-10 20:35:20 +01:00
Nikolay Amiantov
9cca8e3f87 uwsgi service: fix for new pythonPackages 2016-12-08 21:03:41 +03:00
Kier Davis
2606994cc6
boinc service: use <link> instead of <ulink> 2016-12-08 15:50:52 +00:00
Joachim Fasting
3dcdc2d2b0
privoxy service: remove static uid
The service owns no data, having a static uid serves no purpose.

This frees up uid/gid 32
2016-12-05 13:37:08 +01:00
Joachim Fasting
ad88f1040e
privoxy service: additional isolation 2016-12-05 13:21:31 +01:00
Jaka Hudoklin
b72f8ccc5c xpra module: add xpra, as xserver display-manager 2016-12-04 22:38:10 +01:00