| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
GoCD is an open source continuous delivery server specializing in advanced workflow
modeling and visualization. Update maintainers list to include swarren83. Update
module list to include gocd agent and server module. Update packages list to include
gocd agent and server package. Update version, revision and checksum for GoCD
release 16.5.0.
|
|
|
|
| |
Includes a module for service setup and a test
to verify functionality of both service and pkg.
|
|
|
|
|
|
| |
This fixed a problem I had when running ElasticSearch in an LXC
container, and it doesn't hurt using a dedicated group instead of
nogroup anyway.
|
| |
|
|\
| |
| | |
Squeezelite package and service init
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
| |
This GID was used to exempt users from Grsecurity's
`/proc` restrictions; we now prefer to rely on
`security.hideProcessInformation`, which uses the `proc` group
for this purpose. That leaves no use for the grsecurity GID.
More generally, having only a single GID to, presumably, serve as the
default for all of grsecurity's GID based exemption/resriction schemes
would be problematic in any event, so if we decide to enable those
grsecurity features in the future, more specific GIDs should be added.
|
|
|
|
|
| |
That's not the case for git submodules
Fixes #15928
|
|
|
|
| |
(Authored by @cleverca22)
|
|
|
|
|
|
|
|
|
| |
when possible (#15624)
Example:
$ nixos-option system.nixosLabel
Value:
"16.09.git.4643ca1"
|
|
|
|
| |
Initial Mosquitto MQTT Broker service file.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a Taskserver module along with documentation and a small
helper tool which eases managing a custom CA along with Taskserver
organisations, users and groups.
Taskserver is the server component of Taskwarrior, a TODO list
application for the command line.
The work has been started by @matthiasbeyer back in mid 2015 and I have
continued to work on it recently, so this merge contains commits from
both of us.
Thanks particularly to @nbp and @matthiasbeyer for reviewing and
suggesting improvements.
I've tested this with the new test (nixos/tests/taskserver.nix) this
branch adds and it fails because of the changes introduced by the
closure-size branch, so we need to do additional work on base of this.
|
| |
| |
| |
| |
| |
| |
| | |
I'm renaming the attribute name for uid, because the user name is called
"taskd" so we should really use the same name for it.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
It was failing with a `Read-only filesystem` failure due to the systemd
service option `ReadWriteDirectories` not being correctly configured.
Fixes #14132
|
|\ \
| | |
| | | |
Add Caddy and its NixOS module
|
| |/ |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This module adds an option `security.hideProcessInformation` that, when
enabled, restricts access to process information such as command-line
arguments to the process owner. The module adds a static group "proc"
whose members are exempt from process information hiding.
Ideally, this feature would be implemented by simply adding the
appropriate mount options to `fileSystems."/proc".fsOptions`, but this
was found to not work in vmtests. To ensure that process information
hiding is enforced, we use a systemd service unit that remounts `/proc`
after `systemd-remount-fs.service` has completed.
To verify the correctness of the feature, simple tests were added to
nixos/tests/misc: the test ensures that unprivileged users cannot see
process information owned by another user, while members of "proc" CAN.
Thanks to @abbradar for feedback and suggestions.
|
|
|
|
|
| |
This package has some outdated dependencies, so old versions of mongodb
and v8 had to be re-added as well.
|
| |
|
|
|
|
|
|
|
| |
The daemon doesn't have any portable data, reserving a
UID/GID for it is redundant.
This frees up UID/GID 151.
|
|
|
|
|
|
|
|
| |
hydra user is already pinned, this is needed due to
https://github.com/NixOS/nixpkgs/issues/14148
(cherry picked from commit 0858ece1ad0bd281d2332c40f9fd08005e04a3c5)
Signed-off-by: Domen Kožar <domen@dev.si>
|
|
|
|
| |
This is done in the context of #11908.
|
|
|
|
| |
chosen by @zimbatm as our documentation hero in 16.03
|
| |
|
|\
| |
| | |
nntp-proxy service: init
|
| | |
|
|/
|
|
|
|
| |
This reverts commit cad8957eabcbf73062226d28366fd446c15c8737. It
breaks NixOps, but more importantly, such major changes to the module
system really need to be reviewed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Enforce that an option declaration has a "defaultText" if and only if the
type of the option derives from "package", "packageSet" or "nixpkgsConfig"
and if a "default" attribute is defined.
- Enforce that the value of the "example" attribute is wrapped with "literalExample"
if the type of the option derives from "package", "packageSet" or "nixpkgsConfig".
- Warn if a "defaultText" is defined in an option declaration if the type of
the option does not derive from "package", "packageSet" or "nixpkgsConfig".
- Warn if no "type" is defined in an option declaration.
|
| |
|
|
|
|
|
|
| |
This reverts commit a5992ad61b314104aff7e28a41ce101a1b0e7c35. Motivation:
https://github.com/NixOS/nixpkgs/commit/a5992ad61b314104aff7e28a41ce101a1b0e7c35#commitcomment-14986820
|
|
|
|
|
|
| |
NetworkManager needs an additional avahi-user to use link-local
IPv4 (and probably IPv6) addresses. avahi-autoipd also needs to be
patched to the right path.
|
| |
|
|\
| |
| |
| | |
Closes #12932
|
| | |
|
|\ \
| | |
| | |
| | |
| | |
| | | |
zohl-gammu-smsd
Closes #12998
|
| | | |
|
| |/
|/| |
|
|/
|
|
|
|
| |
Also, use systemd timers.
Most of the work is by @thoughtpolice but I changed enough of it to warrant changing commit author.
|
|
|
|
|
|
| |
- add missing types in module definitions
- add missing 'defaultText' in module definitions
- wrap example with 'literalExample' where necessary in module definitions
|
| |
|
| |
|
| |
|
| |
|
| |
|