| Commit message (Collapse) | Author | Age |
|\
| |
| | |
gitlab-runner: add package and service
|
| | |
|
|/
|
|
| |
The static connman uid is not referenced anywhere in NixOS.
|
| |
|
|\
| |
| | |
Unbound service improvements
|
| | |
|
|/
|
|
| |
Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
|
|\
| |
| | |
Prometheus service
|
| |
| |
| |
| |
| | |
This is based on @benleys work: https://github.com/NixOS/nixpkgs/pull/8216
I updated changed the user and group ids.
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
| |
GoCD is an open source continuous delivery server specializing in advanced workflow
modeling and visualization. Update maintainers list to include swarren83. Update
module list to include gocd agent and server module. Update packages list to include
gocd agent and server package. Update version, revision and checksum for GoCD
release 16.5.0.
|
|
|
|
| |
Includes a module for service setup and a test
to verify functionality of both service and pkg.
|
|
|
|
|
|
| |
This fixed a problem I had when running ElasticSearch in an LXC
container, and it doesn't hurt using a dedicated group instead of
nogroup anyway.
|
| |
|
|\
| |
| | |
Squeezelite package and service init
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This GID was used to exempt users from Grsecurity's
`/proc` restrictions; we now prefer to rely on
`security.hideProcessInformation`, which uses the `proc` group
for this purpose. That leaves no use for the grsecurity GID.
More generally, having only a single GID to, presumably, serve as the
default for all of grsecurity's GID based exemption/resriction schemes
would be problematic in any event, so if we decide to enable those
grsecurity features in the future, more specific GIDs should be added.
|
|
|
|
| |
(Authored by @cleverca22)
|
|
|
|
| |
Initial Mosquitto MQTT Broker service file.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a Taskserver module along with documentation and a small
helper tool which eases managing a custom CA along with Taskserver
organisations, users and groups.
Taskserver is the server component of Taskwarrior, a TODO list
application for the command line.
The work has been started by @matthiasbeyer back in mid 2015 and I have
continued to work on it recently, so this merge contains commits from
both of us.
Thanks particularly to @nbp and @matthiasbeyer for reviewing and
suggesting improvements.
I've tested this with the new test (nixos/tests/taskserver.nix) this
branch adds and it fails because of the changes introduced by the
closure-size branch, so we need to do additional work on base of this.
|
| |
| |
| |
| |
| |
| |
| | |
I'm renaming the attribute name for uid, because the user name is called
"taskd" so we should really use the same name for it.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
|
|\ \
| | |
| | | |
Add Caddy and its NixOS module
|
| |/ |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This module adds an option `security.hideProcessInformation` that, when
enabled, restricts access to process information such as command-line
arguments to the process owner. The module adds a static group "proc"
whose members are exempt from process information hiding.
Ideally, this feature would be implemented by simply adding the
appropriate mount options to `fileSystems."/proc".fsOptions`, but this
was found to not work in vmtests. To ensure that process information
hiding is enforced, we use a systemd service unit that remounts `/proc`
after `systemd-remount-fs.service` has completed.
To verify the correctness of the feature, simple tests were added to
nixos/tests/misc: the test ensures that unprivileged users cannot see
process information owned by another user, while members of "proc" CAN.
Thanks to @abbradar for feedback and suggestions.
|
|
|
|
|
| |
This package has some outdated dependencies, so old versions of mongodb
and v8 had to be re-added as well.
|
| |
|
|
|
|
|
|
|
| |
The daemon doesn't have any portable data, reserving a
UID/GID for it is redundant.
This frees up UID/GID 151.
|
|
|
|
|
|
|
|
| |
hydra user is already pinned, this is needed due to
https://github.com/NixOS/nixpkgs/issues/14148
(cherry picked from commit 0858ece1ad0bd281d2332c40f9fd08005e04a3c5)
Signed-off-by: Domen Kožar <domen@dev.si>
|
|
|
|
| |
This is done in the context of #11908.
|
| |
|
| |
|
|
|
|
|
|
| |
NetworkManager needs an additional avahi-user to use link-local
IPv4 (and probably IPv6) addresses. avahi-autoipd also needs to be
patched to the right path.
|
| |
|
|\
| |
| |
| | |
Closes #12932
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | | |
zohl-gammu-smsd
Closes #12998
|
| |/ |
|
|/ |
|
| |
|
| |
|
| |
|
| |
|