Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | nixos/clamav: fix freshclam service if db up to date | Franz Pletz | 2018-10-02 |
| | |||
* | nixos/clamav: fix daemon/updater services toggling | Franz Pletz | 2018-10-02 |
| | |||
* | nixos/tor: Correct "transparent" typo | Jean-Paul Calderone | 2018-09-17 |
| | |||
* | nixos/sks: Make the webroot option optional | Michael Weiss | 2018-09-08 |
| | | | | | | That way the built-in web server is usable by default but users can use $HOME/web directly (instead of having to use a symlink), if they want to customize the webpage. | ||
* | nixos/sks: Use a group and don't add sks to systemPackages | Michael Weiss | 2018-09-08 |
| | | | | | | | | | | | | Without a group the gid will default to 65534 (2^16 - 2) which maps to "nogroup". IMO it makes more sense to explicitly set a valid group. Adding pkgs.sks to environment.systemPackages is not required (IIRC we want to avoid bloating environment.systemPackages). Instead it seems like a better idea to make the relevant binaries available to the user sks and enable useDefaultShell so that "su -l sks" can be used for manual interaction (that way the files will always have the correct owner). | ||
* | nixos/sks: Add a webroot option | Michael Weiss | 2018-09-08 |
| | | | | | The module will now, by default, serve a simple webpage via the built-in web server (instead of displaying an error message). | ||
* | nixos/sks: Update the descriptions and add meta.maintainers | Michael Weiss | 2018-09-08 |
| | | | | TODO: Merge this module with https://github.com/NixOS/nixpkgs/pull/24516 | ||
* | nixos/sks: Add a dataDir option | Michael Weiss | 2018-09-08 |
| | |||
* | nixos/usbguard: ensure the audit log file can be created | Nadrieril | 2018-08-30 |
| | | | | Since version 0.7.3, usbguard-daemon won't start if the file cannot be opened. | ||
* | nixos/usbguard: disable debug output | Nadrieril | 2018-08-30 |
| | |||
* | nixos/cfssl: don't create user/group unless service is enabled | Ben Wolsieffer | 2018-08-21 |
| | |||
* | Merge pull request #44556 from johanot/certmgr-module-init | Silvan Mosberger | 2018-08-10 |
|\ | | | | | nixos/certmgr: init | ||
| * | nixos/certmgr: init | Johan Thomsen | 2018-08-10 |
| | | |||
* | | services-vault: make package configurable and add extraConfig option | Daiderd Jordan | 2018-08-09 |
|/ | |||
* | nixos/cfssl: init | Johan Thomsen | 2018-08-03 |
| | | | | | | | - based on module originally written by @srhb - complies with available options in cfssl v1.3.2 - uid and gid 299 reserved in ids.nix - added simple nixos test case | ||
* | [bot] nixos/*: remove unused arguments in lambdas | volth | 2018-07-20 |
| | |||
* | Merge pull request #42775 from mkaito/oauth2_proxy-virtualHosts | Yegor Timoshenko | 2018-07-05 |
|\ | | | | | oauth2_proxy: add nginx vhost module | ||
| * | fixup! oauth2_proxy: add nginx vhost module | Michishige Kaito | 2018-06-29 |
| | | |||
| * | oauth2_proxy: add nginx vhost module | Michishige Kaito | 2018-06-29 |
| | | |||
* | | nixos/modules: users.(extraUsers|extraGroup->users|group) | Florian Klink | 2018-06-30 |
|/ | |||
* | Merge pull request #41098 from mkaito/oauth2_proxy | Yegor Timoshenko | 2018-06-18 |
|\ | | | | | oauth2_proxy: Handle attributes being derivations | ||
| * | Handle attributes being derivations | Michishige Kaito | 2018-05-26 |
| | | |||
* | | nixos/tor: grammer fix, advise -> advice | Joachim Fasting | 2018-06-18 |
| | | | | | | | | Seems to me that the noun form is more appropriate here. | ||
* | | nixos/tor: use ControlPort for controlSocket for simplicity | SLNOS | 2018-06-11 |
| | | |||
* | | nixos/tor: add tor-init service to fix directory ownerships, fix hardenings | SLNOS | 2018-06-11 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts a part of 5bd12c694bfebaef1d03eb7f74a6eca01b86f546. Apparently there's no way to specify user for RuntimeDirectory in systemd service file (it's always root) but tor won't create control socket if the dir is owned by anybody except the tor user. These hardenings were adopted from the upstream service file, checked against systemd.service(5) and systemd.exec(5) manuals, and tested to actually work with all the options enabled. `PrivateDevices` implies `DevicePolicy=closed` according to systemd.exec(5), removed. `--RunAsDaemon 0` is the default value according to tor(5), removed. | ||
* | | nixos/munge: run munge as user munge instead of root. (#41509) | markuskowa | 2018-06-09 |
|/ | | | | | * Added a note in release notes (incompatibilities) * Adapt slurm test * Change user to munge in service.munge | ||
* | sshguard: service creates /var/lib/sshguard | bricewge | 2018-05-05 |
| | |||
* | Merge pull request #39002 from serokell/oauth2_proxy_mod | Yegor Timoshenko | 2018-04-27 |
|\ | | | | | oauth2_proxy: refactor service | ||
| * | oauth2_proxy: use explicit upstream default for setXauthrequest | Yorick van Pelt | 2018-04-27 |
| | | |||
| * | oauth2_proxy: add keyFile, make some options optional | Yorick van Pelt | 2018-04-16 |
| | | |||
| * | oauth2_proxy: update module for extraConfig support | Yorick van Pelt | 2018-04-16 |
| | | |||
* | | nixos/tor: use RuntimeDirectory, StateDirectory (#39083) | Robert Schütz | 2018-04-18 |
|/ | |||
* | Merge pull request #37827 from oxij/pull/28938-tor-control-port | Joachim F | 2018-03-26 |
|\ | | | | | nixos/tor: expose control socket | ||
| * | nixos/tor: expose control socket | Jaka Hudoklin | 2018-03-26 |
| | | |||
* | | hologram-server module: add cache timeout option | Dan Peebles | 2018-03-21 |
| | | | | | | | | | | The version of hologram we're using has supported this option for a while, but we didn't expose it through the NixOS module | ||
* | | hologram: Enable configuring LDAP authorization | Joel Thompson | 2018-03-20 |
| | | | | | | | | | | | | | | | | | | | | | | In AdRoll/hologram#62 support was added to hologram to configure LDAP-based authorization of which roles a user was allowed to get credentials for. This adds the ability to configure that. Additionally, AdRoll/hologram/#94 added support to customize the LDAP group query, so this also feeds that configuration through. fixes #37393 | ||
* | | nixos: Move uses of stdenv.shell to runtimeShell. | Shea Levy | 2018-03-01 |
|/ | |||
* | nixos/usbguard: Do not check permissions on rules file (using undocumented ↵ | Nadrieril | 2018-02-27 |
| | | | | -P flag) | ||
* | nixos/modules: rename IP addresses/routes options | rnhmjoj | 2018-02-17 |
| | |||
* | Merge pull request #34524 from Infinisil/physlock-allowAnyUser | Jörg Thalheim | 2018-02-10 |
|\ | | | | | nixos/physlock: add allowAnyUser option | ||
| * | physlock: add allowAnyUser option | Silvan Mosberger | 2018-02-02 |
| | | |||
* | | nixos/tor: add hiddenServices.<name>.authorizeClient | Robert Schütz | 2018-02-08 |
|/ | |||
* | nixos/clamav: replace mkIf [] with optional | Léo Gaspard | 2018-01-06 |
| | |||
* | usbguard service: `rules` option should be of type 'lines' | Nadrieril | 2017-12-29 |
| | |||
* | Merge pull request #28939 from xtruder/nixos/tor/trans_proxy | Jaka Hudoklin | 2017-12-03 |
|\ | | | | | tor module: add support for transparent proxy and dns | ||
| * | nixos/tor: add support for transparent proxy and dns | Jaka Hudoklin | 2017-09-23 |
| | | |||
* | | clamav module: make services.clamav.daemon.enable actually work | Léo Gaspard | 2017-11-28 |
| | | |||
* | | Merge pull request #30173 from dmjio/patch-1 | Joachim F | 2017-10-20 |
|\ \ | | | | | | | oauth2_proxy: default address updated | ||
| * | | oauth2_proxy: default address updated | David Johnson | 2017-10-06 |
| | | | | | | | | | | | | Go will fail to parse this otherwise. https://github.com/golang/go/issues/19297 | ||
* | | | Revert "sshguard: make it run" | Peter Hoeg | 2017-10-14 |
| | | | | | | | | | | | | This reverts commit 69d8b81b4ba613dbf59850b8f32e2d7ddeb133be. |