aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2017-04-10sysops: allow systemctl reset-failedIgor Pashev1-1/+1
2017-04-03mariadb: added patch for MDEV-12366Igor Pashev2-0/+18
FLUSH PRIVILEGES can miss some roles
2017-03-31Sync Jenkins (core: 2.47 -> 2.52)Igor Pashev1-8088/+10199
2017-03-28mariadb: add some more mysqld optionsIgor Pashev1-0/+4
2017-03-25Add sysops groupIgor Pashev1-4/+11
The wheel group is allowed to do everything by default. We need a separate group to really confine users. For example: $ sudo ls We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for pashev: Sorry, user pashev is not allowed to execute '/run/current-system/sw/bin/ls --color=tty' as root on vbox-manul.
2017-03-10rdsdump: wrap for mysql client binariesIgor Pashev1-1/+4
2017-03-02BREAKING: changed key names semanticsIgor Pashev1-1/+1
"foo[bar]" becomes "foo@bar". Key names must be very carefully chosen due to different requirements from file system, systemd, etc. See https://github.com/NixOS/nixops/issues/614
2017-02-20Sync Jenkins (core: 2.46 -> 2.47)Igor Pashev1-429/+396
2017-02-19gnupg app: set --max-cache-ttl to something bigIgor Pashev1-1/+3
From the gpg-agent man page: Set the maximum time a cache entry is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently or has been set using gpg-preset-passphrase. The default is 2 hours (7200 seconds).
2017-02-19gnupg app: typoIgor Pashev1-1/+1
2017-02-18Added gnupg appIgor Pashev2-0/+182
2017-02-17mariadb: fixed order roles are removed inIgor Pashev1-9/+9
The list of SQL statements is constructed and then executed. Thus if you delete role `foo` which was granted another role `bar`, role `bar` has to be revoked before `foo` is removed.
2017-02-15Sync Jenkins (core: 2.44 -> 2.46)Igor Pashev1-1007/+1316
2017-02-14vbox: mount /jenkinsIgor Pashev1-0/+1
2017-02-14README on parametersIgor Pashev1-0/+40
2017-02-07sproxy2: 1.94.0 -> 1.94.1Igor Pashev1-2/+2
2017-02-07mariadb: support innodb_compression_defaultIgor Pashev1-0/+1
See https://jira.mariadb.org/browse/MDEV-9820 Since MariaDB Server 10.2.3
2017-02-03Sync Jenkins (core: 2.41 -> 2.44)Igor Pashev1-895/+1408
2017-02-01nginx: --kill-who=main in post log rotateIgor Pashev1-1/+2
2017-02-01php-fpm: use simple mapAttrs'Igor Pashev1-3/+4
Instead of folding, since we produce single member attribute set.
2017-02-01php-fpm: enable logrotateIgor Pashev1-5/+29
2017-02-01php-fpm: make use of home directoryIgor Pashev3-22/+52
Potentially breaking, these options are removed: pool.user, pool.listen.owner, pool.listen.mode. Since socket owner cannot be set now, nginx needs to belong to the appropriate PHP-FPM group.
2017-01-30sproxy2: 1.93.0 -> 1.94.0Igor Pashev1-2/+2
2017-01-30php-fpm: refactored (can cause breakage)Igor Pashev1-52/+52
Moved some options under the `global` group (reflecting PHP FPM config file structure). Removed some submodules.
2017-01-30vbox: sproxy -> sproxy2 (one more)Igor Pashev1-1/+1
2017-01-30Added memcached appIgor Pashev2-0/+138
2017-01-29MariaDB: 10.1.18 -> 10.1.21Igor Pashev1-2/+2
2017-01-22Sync Jenkins (core: 2.39 -> 2.41)Igor Pashev1-1087/+1644
2017-01-22Ditch original sproxyIgor Pashev4-180/+0
2017-01-22Fetch from Hackage where possibleIgor Pashev4-28/+12
2017-01-21mariadb: manage roles fasterIgor Pashev1-25/+57
This gets us closer to declarative granting. See https://github.com/zalora/nixsap/issues/4
2017-01-20mariadb: use explicit packageIgor Pashev3-42/+41
2017-01-20mariadb: typoIgor Pashev1-2/+2
With `either`, submodule attrs aren't checked, but the idea is good anyway, so let it be here for a while. See https://github.com/zalora/nixsap/issues/10
2017-01-16jenkins: explicit path for findIgor Pashev1-1/+1
shellcheck started complaining. Similar to b99beab2b48d3bc8130602d6e8907d8acb3deab3
2017-01-15postgresql app: no system packageIgor Pashev1-1/+0
2017-01-13icinga2: shorten pathIgor Pashev1-2/+2
2017-01-12ldapply: openldap is implicitIgor Pashev1-2/+2
2017-01-12ldapply: 0.1.0 -> 0.2.0Igor Pashev3-18/+10
2017-01-12openldap: safer defaultsIgor Pashev1-1/+1
"ber" can leak passwords.
2017-01-11mysqlbackup: explicit path for findIgor Pashev1-1/+1
Shellcheck began to complain: SC2185: Some finds don't have a default path. Specify '.' explicitly
2017-01-08Sync Jenkins (core: 2.37 -> 2.39)Igor Pashev1-648/+666
2017-01-08Added modular OpenLDAP 2.4.44Igor Pashev1-0/+57
Enabled all backends, except perl, ndb, sql. Enabled all overlays. See also https://github.com/NixOS/nixpkgs/commit/8e319c5ddac707fb4cb3315f9eadea9a70fc8c84 Don't override original package to avoid massive rebuild of many packages including systemd.
2017-01-08Added openldap appIgor Pashev2-0/+330
2017-01-07Added ldapply 0.1.0+Igor Pashev3-0/+49
LDIF idempotent apply tool
2017-01-06php-fpm: toString is implicitIgor Pashev1-1/+1
2016-12-24Mediwiki Sproxy: user_name == user_emailIgor Pashev1-10/+1
2016-12-24nginx: added sproxy log formatIgor Pashev1-0/+6
2016-12-24IcingaWeb2: 2.3.4 -> 2.4.0Igor Pashev1-2/+2
Note that this new version should be able to work with new Icinga2 API instead of oldfashioned FIFO. This is not supported yet in nixsap :)
2016-12-22sproxy2: 1.92.0 -> 1.93.0Igor Pashev2-12/+37
Changed semantics of some options. If previous versions `key` and `client_secret` were files, now they are strings. If you need files, use `key.file` and `client_secret.file`.
2016-12-22nginx: configure logrotateIgor Pashev1-2/+16