| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
(cherry picked from commit 9d1662c6c90059b63fad01b3f55a0df94af7cde4)
Signed-off-by: Domen Kožar <domen@dev.si>
|
|\
| |
| | |
Delete all usages of module_init_tools and remove the package
|
| |
| |
| |
| |
| |
| |
| | |
They are compressed nowadays.
Not sure if these are really needed since nobody noticed they were
broken, but anyway...
|
| |
| |
| |
| |
| | |
The former is deprecated and doesn't handle compressed kernel modules,
so all current usages of it are broken.
|
|\ \
| | |
| | |
| | |
| | | |
This includes a fix to closure-size regression that moved
share/doc/*/ to share/doc/
|
| | | |
|
| |/ |
|
| |
| |
| |
| | |
to use proxies(connection refused)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Basic hardening
- Run as nobody:nogroup with a private /tmp, /home & /run/user
- Create working directory under /run (hoogle insists on writing to cwd
and otherwise returns "something went wrong" to every query)
Option tweaks
- Provide a default for the haskellPackage option
- Set text values for defaults
- Move hoogleEnv to the top-level & simplify it
|
| | |
|
| | |
|
|/
|
|
|
|
| |
This command was useful when NixOS was spread across multiple
repositories, but now it's pretty pointless (and obfuscates what
happens, i.e. "git clone git://github.com/NixOS/nixpkgs.git").
|
|
|
|
|
|
| |
This reverts commit 3135af2511cd3dfa8e3874244c46054550c563e2.
Closes #14732
|
|\
| |
| | |
mosh service: init
|
| | |
|
| |
| |
| |
| |
| |
| | |
Note: I ignored the C++ libraries, but it appears we're not currently
using them. Once we do, we'll probably want to put them in a separate
output as well (to prevent non-C++ users from depending on Boost).
|
| |
| |
| |
| |
| | |
This gets rid of boehm-dev in the closure (as well as Nix's own
headers).
|
| | |
|
| |
| |
| |
| |
| | |
This reverts commit ddd480ac30579d780c8ffa9c590a8c86bb36d8d2. Gave it
some more thought.
|
| |
| |
| |
| |
| | |
Unit descriptions should be capitalized, and timer units don't have
to describe that they're timers.
|
|/
|
|
|
|
| |
This reverts commit 49894ac857fd1206ac111d6adbf6e9f6e640d795.
Reverting in deference to https://github.com/NixOS/nixpkgs/issues/14782
|
|
|
|
|
|
|
|
|
|
|
|
| |
Two fixes:
Not really sure why removing `--fail` from the curl calls is necessary,
but with that option, curl erronously reports 404 (which it shouldn't
per my interactive vm testing).
Fix paths to example files used for the printing test
Toghether, these changes allow the test to run to completion on my machine.
|
|\
| |
| | |
zfs: Update devNodes description
|
| | |
|
| |
| |
| |
| |
| | |
Seeing as the dev output is the default, we probably want cups.out
everywhere.
|
|/
|
|
|
|
|
|
| |
Need to pass `cups.out` to `systemd.packages`, lest we end up with an invalid
generated unit containing only directives set in the service module.
This patch gives us a valid cups.service unit but, vexingly, does not fix the
test failure at NixOS/nixpkgs#14748
|
| |
|
|\
| |
| | |
factorio: 0.12.29 headless + server module
|
| | |
|
|/ |
|
|
|
|
| |
No longer needed with the new patchelf version.
|
|
|
|
|
|
|
|
|
|
|
| |
With the merge of the closure-size branch, most packages now have
multiple outputs. One of these packages is gnutls, so previously
everything that we needed was to reference "${gnutls}/bin/..." and now
we need to use "${gnutls.bin}/bin/...".
So it's not a very big issue to fix.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a Taskserver module along with documentation and a small
helper tool which eases managing a custom CA along with Taskserver
organisations, users and groups.
Taskserver is the server component of Taskwarrior, a TODO list
application for the command line.
The work has been started by @matthiasbeyer back in mid 2015 and I have
continued to work on it recently, so this merge contains commits from
both of us.
Thanks particularly to @nbp and @matthiasbeyer for reviewing and
suggesting improvements.
I've tested this with the new test (nixos/tests/taskserver.nix) this
branch adds and it fails because of the changes introduced by the
closure-size branch, so we need to do additional work on base of this.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 1d77dcaed37ab47bfe2d90711c01b475a514ff25.
It will be reintroduced along with #14700 as a separate branch, as
suggested by @nbp.
I added this to this branch because I thought it was a necessary
dependency, but it turns out that the build of the manual/manpages still
succeeds and merely prints a warning like this:
warning: failed to load external entity "olinkdb.xml"
Olink error: could not open target database 'olinkdb.xml'.
Error: unresolved olink: targetdoc/targetptr = 'manual/module-taskserver'.
The olink itself will be replaced by "???", so users looking at the
description of the option in question will still see the reference to
the NixOS manual, like this:
More instructions about NixOS in conjuction with Taskserver can be found
in the NixOS manual at ???.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Suggested by @nbp:
"Choose a better organization name in this example, such that it is less
confusing. Maybe something like my-company"
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We have already revamped the CLI subcommands in commit
e2383b84f88e0e7d35f6a3a846b54c69e3bee6ee.
This was just an artifact that was left because of this.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The options client.allow and client.deny are gone since the commit
8b793d1916387c67f8eeb137789b1b41a1f94537, so let's fix that.
No feature changes, only fixes the descriptions of allowedClientIDs and
disallowedClientIDs.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| | |
This is the recommended way for long-running services and ensures that
Taskserver will keep running until it has been stopped manually.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Using requiredBy is a bad idea for the initialisation units, because
whenever the Taskserver service is restarted the initialisation units
get restarted as well.
Also, make sure taskserver-init.service will be ordered *before*
taskserver.service.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
The Taskserver doesn't need access to the full /dev nor does it need a
shared /tmp. In addition, the initialisation services don't need network
access, so let's constrain them to the loopback device.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Apart from the options manual, this should cover the basics for setting
up a Taskserver. I am not a native speaker so this can and (probably)
should be improved, especially the wording/grammar.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| | |
Try to match the subcommands to act more like the subcommands from the
taskd binary and also add a subcommand to list groups.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As suggested by @matthiasbeyer:
"We might add a short note that this port has to be opened in the
firewall, or is this done by the service automatically?"
This commit now adds the listenPort to
networking.firewall.allowedTCPPorts as soon as the listenHost is not
"localhost".
In addition to that, this is now also documented in the listenHost
option declaration and I have removed disabling of the firewall from the
VM test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
No changes in functionality but rather just restructuring the module
definitions to be one mkMerge, which now uses mkIf from the top-level
scope of the CA initialization service so we can better abstract
additional options we might need there.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We want to make sure that the helper tool won't work if the automatic CA
wasn't properly set up. This not only avoids race conditions if the tool
is started before the actual service is running but it also fails if
something during CA setup has failed so the user can investigate what
went wrong.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need to explicitly make sure the CA is created before we actually
launch the main Taskserver service in order to avoid race conditions
where the preStart phase of the main service could possibly corrupt
certificates if it would be started in parallel.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is simply to add configuration lines to the generated configuration
file. The reason why I didn't went for an attribute set is that the
taskdrc file format doesn't map very well on Nix attributes, for example
the following can be set in taskdrc:
server = somestring
server.key = anotherstring
In order to use a Nix attribute set for that, it would be way too
complicated, for example if we want to represent the mentioned example
we'd have to do something like this:
{ server._top = somestring;
server.key = anotherstring;
}
Of course, this would work as well but nothing is more simple than just
appending raw strings.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
At least this should allow for some customisation of how the
certificates and keys are created. We now have two sub-namespaces within
PKI so it should be more clear which options you have to set if you want
to either manage your own CA or let the module create it automatically.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Whenever the nixos-taskserver tool was invoked manually for creating an
organisation/group/user we now add an empty file called .imperative to
the data directory.
During the preStart of the Taskserver service, we use process-json which
in turn now checks whether those .imperative files exist and if so, it
doesn't do anything with it.
This should now ensure that whenever there is a manually created user,
it doesn't get killed off by the declarative configuration in case it
shouldn't exist within that configuration.
In addition, we also add a small subtest to check whether this is
happening or not and fail if the imperatively created user got deleted
by process-json.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We only print the output whenever there is an error, otherwise let's
shut it up because it only shows information the user can gather through
other means. For example by invoking certtool manually, or by just
looking at private key files (the whole blurb it's outputting is in
there as well).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|