Commit Graph

264 Commits

Author SHA1 Message Date
Rok Garbas
81d28e744c zope2 service (plone) 2013-10-02 15:15:40 +02:00
Eelco Dolstra
82e1d0c8b1 Remove services.ttyBackgrounds
This hasn't worked in a long time.
2013-09-26 17:33:52 +02:00
Eelco Dolstra
b7b2476499 Remove the portmap module
It's obsoleted by rpcbind.
2013-09-26 17:04:07 +02:00
Jan Malakhovski
ffa4b28dce Add support for Zsh as an alternative (or not) default (or not) interactive shell. 2013-09-23 17:06:26 +00:00
Jan Malakhovski
b3f4040512 Radically change the way NixOS handles environment variables and make it possible not to use Bash as the default interactive shell.
This change does two things:

* "NixOSizes" environment variables generation. This allows some more
  error-checking and opens possibilities for a modular environment
  configuration. From now on the most of environment variables are
  generated directly by the nix code. Generating sh code that
  generates environment variables is left in a few places where
  nontrivial access to a local environment state is needed.
* By doing the first change this patch untangles bash from the
  environment configuration and makes it trivial to add a support for
  other non bash-compatible shells.

Now to the sad part. This change is quite large (and I'm not sure it's
possible to split it) and yet is not quite complete, it needs some
changes to nixpkgs to be perfect.
See !!! comments in modules/config/shells-environment.nix.

Main principle behind this change is "change environment generation
and nothing else". In particular, shell configuration principles stay
exactly the same as before.
2013-09-23 16:55:25 +00:00
Eelco Dolstra
b825169404 Add kexec support
You can now do a fast reboot (bypassing the BIOS, which may take
several minutes on servers) by running ‘systemctl kexec’.

Unfortunately the QEMU test for this is unreliable due to a QEMU bug
(it randomly crashes with a message like ‘Guest moved used index from
8 to 0’), so it's commented out.
2013-09-16 17:42:13 +02:00
Peter Simons
0afcc637d7 Add support for opportunistic TCP encryption.
Set "networking.tcpcrypt.enable = true;" to enable opportunistic TCP encryption
based on the user-space tools available from <http://tcpcrypt.org>.

Network attackers come in two varieties: passive and active (man-in-the-middle).
Passive attacks are much simpler to execute because they just require listening
on the network. Active attacks are much harder as they require listening and
modifying network traffic, often requiring very precise timing that can make
some attacks impractical.

Opportunistic encryption cannot protect against active attackers, but it *does*
protect against passive attackers. Furthermore, Tcpcrypt is powerful enough to
stop active attacks, too, if the application using it performs authentication.

A complete description of the protocol extension can be found at
<http://tools.ietf.org/html/draft-bittau-tcp-crypt-00>.
2013-09-10 23:32:55 +02:00
Eelco Dolstra
17457297cb Update all legacy-style modules
I.e., modules that use "require = [options]".  Nowadays that should be
written as

  {
    options = { ... };
    config = { ... };
  };

Also, use "imports" instead of "require" in places where we actually
import another module.
2013-09-04 13:05:09 +02:00
Jaka Hudoklin
c613ae7b82 Add elasticsearch, a powerful open source search and analytics engine 2013-08-27 20:42:59 +02:00
Jaka Hudoklin
5894f26c81 Add statsd, simple daemon for easy stats aggregation 2013-08-21 11:52:25 +02:00
Jaka Hudoklin
b244a47185 Add graphite, scalable realtime graphing service 2013-08-11 12:16:19 +02:00
Eelco Dolstra
5827261bef compiz: Disable
It doesn't currently work.
2013-08-07 14:10:49 +02:00
Jaka Hudoklin
d0cb70cefb Add iodined, ip over dns daemon 2013-08-05 01:20:55 +02:00
Cillian de Róiste
41e04c9aff Merge branch 'supybot'
Conflicts:
	modules/misc/ids.nix
2013-08-04 03:59:18 +02:00
Cillian de Róiste
90554a03c7 Supybot/limnoria: add service module 2013-08-01 00:36:15 +02:00
Rickard Nilsson
3ca7d7b291 Add OpenSMTPD service option 2013-07-30 10:20:56 +02:00
Rok Garbas
589b745fc6 new venus service 2013-07-23 22:42:12 +02:00
Shea Levy
18de9f64ae Add uptime module
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-18 19:25:35 -04:00
Bjørn Forsman
44f1a8d8c7 Add apcupsd service
apcupsd is a daemon for controlling APC UPSes. It is very simple to
configure. If you have an USB based UPS, the default settings should be
useable without further adjustments:

  services.apcupsd.enable = true;

This will give you autodetection of USB UPSes, network access limited to
localhost (for security) and the shutdown sequence will be started when
the system when the battery level is below 50 percent, or when the UPS
has calculated that it has 5 minutes or less of remaining power-on time.

You can provide your own configuration file contents with this option:

  services.apcupsd.configText = "contents of apcupsd.conf";

Bug/annoyance 1: When apcupsd calls "wall" (on powerfail etc. events),
it prints an error message because stdout is not connected to a tty (it
is connected to the journal):

  wall: cannot get tty name: Inappropriate ioctl for device

The message still gets through though, to ctrl-alt-f[1-6] terminals.

Bug/annoyance 2: apcupsd tries to call "mail" (on powerfail etc.
events), and that fails because I'm not passing in any mail program at
the moment (because that would require more configuration options). A
solution to this would be to simply let the user fully configure the
apcupsd event handling logic in nix.
2013-07-17 21:23:09 +02:00
Peter Simons
ff8a01b145 Merge pull request #185 from ocharles/memcached
memcached: Add NixOS support
2013-07-01 03:00:45 -07:00
Domen Kožar
1b7108952e Merge pull request #182 from zefhemel/redis
Added redis service module with bunch of documentation.
2013-06-29 04:11:33 -07:00
Eelco Dolstra
0cbf0605d2 Refactoring: Split fonts.nix into smaller modules 2013-06-27 13:12:45 +02:00
Oliver Charles
c7f61ee921 memcached: Add NixOS support 2013-06-23 18:49:49 +01:00
Jaka Hudoklin
aa548ef803 Add cgminer crypto currency miner 2013-06-20 09:01:11 +00:00
Zef Hemel
6b4d76c2c2 Added redis service with bunch of documentation. 2013-06-07 11:34:05 +02:00
Bjørn Forsman
b1f82e428a lighttpd: add cgit sub-service
(cgit is "a hyperfast web frontend for git repositories written in C")

cgit is enabled like this (assuming lighttpd is already enabled):

  services.lighttpd.cgit.enable = true;

and configured verbatim like this (contents of the cgitrc file):

  services.lighttpd.cgit.configText = ''
    cache-size=1000
    scan-path=/srv/git
  '';

cgit will be available from this URL: http://yourserver/cgit

In lighttpd, I've ensured that the cache dir for cgit is created if cgit
is enabled.
2013-06-02 18:41:18 +02:00
Peter Simons
717dc3b858 Merge pull request #169 from wizeman/chrony
Add chrony service
2013-05-25 02:25:57 -07:00
Ricardo M. Correia
76046850fe atop: Add basic config option for /etc/atoprc 2013-05-23 11:14:24 +00:00
Ricardo M. Correia
02d9a8066a Add chrony service
Also, do not build and add ntp to the system unless it is enabled.
2013-05-23 02:07:49 +00:00
Rob Vermaas
3b00eca8e9 Add varnish to module-list.nix 2013-05-15 14:36:17 +02:00
Evgeny Egorochkin
748ab74d1f AppArmor profiles for SUID binaries. At this moment only for ping. 2013-05-11 08:41:36 +03:00
Evgeny Egorochkin
dc389c5d1e lighttpd: add gitweb as a sub-service
Now you can access gitweb at http://yourserver/gitweb by simply adding
this to configuration.nix (assuming services.lighttpd.enable = true);

  services.lighttpd.gitweb.enable = true;

The path to all bare repositories served by gitweb can be set with this
option (default value below):

  services.lighttpd.gitweb.projectroot = "/srv/git";

Based on patch contributed by Bjørn Forsman.
2013-05-06 13:51:09 +03:00
Evgeny Egorochkin
39ba755873 Move lighttpd.nix to lighttpd/default.nix
So that we later can add sub-services for lighttpd without polluting the
web-servers/ directory.
2013-05-06 13:51:08 +03:00
Oliver Charles
2e088aa277 lightdm: Initial expression for lightdm as the display-manager service (using default GTK greeter) 2013-04-22 23:32:10 +04:00
Lluís Batlle i Rossell
7a71320a9c Adding freenet module 2013-04-21 11:27:41 +04:00
Vladimír Čunát
41ccade531 Merge pull request #132 from ierton/udisks2-v2
add udisks2 for Xfce
2013-04-20 01:36:14 -07:00
Domen Kozar
8d5c252ae1 add thinkfan service 2013-04-06 23:35:04 +02:00
Sergey Mironov
4b504d8bba udisks2: add udisks2 service
Udisks2 is a Dbus service started by systemd on demand.
2013-04-04 12:06:34 +04:00
Domen Kozar
c52cb9bb65 add almir service 2013-03-27 11:47:28 +01:00
Domen Kozar
b8a1ccd16a Add bacula service 2013-03-23 01:23:59 +01:00
Rob Vermaas
9a9b53aa9f Add module for rsyslog. Although rsyslog is supposed to be a drop-in
replacement for sysklogd, it lacks some support for certain arguments
used in the default syslog module of NixOS.
2013-03-15 12:55:49 +01:00
Rickard Nilsson
be698e93a4 Merge hardware.pulseaudio and services.pulseaudio
More specifically, this removes services.pulseaudio and adds the option
hardware.pulseaudio.systemWide which defaults to false but can be used to turn
on the system-wide PulseAudio server (previously defined in
services.pulseaudio). Since the two PulseAudio modes are mutually exclusive
anyway (maybe not strictly true, but I don't think is a good idea combining
them) its nicer to be able to reuse server and ALSA configuration between them.

Also the system-wide PulseAudio service has been adjusted to systemd, and a few
things has been fixed (there was no alsa.conf before, for example).

The bottomline is that people that was using hardware.pulseaudio before should
be able to keep doing it in exactly the same way, and people that used
services.pulseaudio must switch over to hardware.pulseaudio.systemWide instead.
2013-03-14 23:33:45 +01:00
Bjørn Forsman
d89ba0697f Add Transmission BitTorrent service
Enable it with

  services.transmission.enable = true;

and optionally configure it

  services.transmission.settings =
    {
      download-dir = "/srv/torrents/";
      incomplete-dir = "/srv/torrents/.incomplete/";
      incomplete-dir-enabled = true;
      rpc-whitelist = "127.0.0.1,192.168.*.*";
      # for users in group "transmission" to have access to torrents
      umask = 2;
    };

The above settings are written/merged into settings.json each time the
service is about to start.
2013-03-08 16:47:09 +01:00
Bjørn Forsman
61c07244e8 Add lighttpd web server module 2013-03-03 20:16:44 +01:00
Domen Kozar
854a37aa7e add most basic nginx service 2013-03-03 12:12:17 +01:00
Eelco Dolstra
080bf5614f Add a module for setting sysctl parameters
This adds an option ‘boot.kernel.sysctl’ and generates a file
/etc/sysctl/nixos.conf read by systemd-sysctl.service.
2013-03-02 20:06:02 +01:00
Shea Levy
7ac425a22f Merge pull request #102 from iElectric/deluge
Add deluged and deluge.web services
2013-02-27 11:19:08 -08:00
Rickard Nilsson
cc3549fa34 Add ActiveMQ service 2013-02-25 16:50:10 +01:00
Domen Kozar
a6f0d984fe Add deluge and deluge web services 2013-02-24 17:33:48 +01:00
Vladimír Čunát
9de455cf2e Merge pull request #53 from jcumming/zfs.121204
add a zfs module
2013-02-19 11:35:20 -08:00