Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2017-04-10 | sysops: allow systemctl reset-failed | Igor Pashev | 1 | -1/+1 | |
2017-04-03 | mariadb: added patch for MDEV-12366 | Igor Pashev | 2 | -0/+18 | |
FLUSH PRIVILEGES can miss some roles | |||||
2017-03-31 | Sync Jenkins (core: 2.47 -> 2.52) | Igor Pashev | 1 | -8088/+10199 | |
2017-03-28 | mariadb: add some more mysqld options | Igor Pashev | 1 | -0/+4 | |
2017-03-25 | Add sysops group | Igor Pashev | 1 | -4/+11 | |
The wheel group is allowed to do everything by default. We need a separate group to really confine users. For example: $ sudo ls We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [sudo] password for pashev: Sorry, user pashev is not allowed to execute '/run/current-system/sw/bin/ls --color=tty' as root on vbox-manul. | |||||
2017-03-10 | rdsdump: wrap for mysql client binaries | Igor Pashev | 1 | -1/+4 | |
2017-03-02 | BREAKING: changed key names semantics | Igor Pashev | 1 | -1/+1 | |
"foo[bar]" becomes "foo@bar". Key names must be very carefully chosen due to different requirements from file system, systemd, etc. See https://github.com/NixOS/nixops/issues/614 | |||||
2017-02-20 | Sync Jenkins (core: 2.46 -> 2.47) | Igor Pashev | 1 | -429/+396 | |
2017-02-19 | gnupg app: set --max-cache-ttl to something big | Igor Pashev | 1 | -1/+3 | |
From the gpg-agent man page: Set the maximum time a cache entry is valid to n seconds. After this time a cache entry will be expired even if it has been accessed recently or has been set using gpg-preset-passphrase. The default is 2 hours (7200 seconds). | |||||
2017-02-19 | gnupg app: typo | Igor Pashev | 1 | -1/+1 | |
2017-02-18 | Added gnupg app | Igor Pashev | 2 | -0/+182 | |
2017-02-17 | mariadb: fixed order roles are removed in | Igor Pashev | 1 | -9/+9 | |
The list of SQL statements is constructed and then executed. Thus if you delete role `foo` which was granted another role `bar`, role `bar` has to be revoked before `foo` is removed. | |||||
2017-02-15 | Sync Jenkins (core: 2.44 -> 2.46) | Igor Pashev | 1 | -1007/+1316 | |
2017-02-14 | vbox: mount /jenkins | Igor Pashev | 1 | -0/+1 | |
2017-02-14 | README on parameters | Igor Pashev | 1 | -0/+40 | |
2017-02-07 | sproxy2: 1.94.0 -> 1.94.1 | Igor Pashev | 1 | -2/+2 | |
2017-02-07 | mariadb: support innodb_compression_default | Igor Pashev | 1 | -0/+1 | |
See https://jira.mariadb.org/browse/MDEV-9820 Since MariaDB Server 10.2.3 | |||||
2017-02-03 | Sync Jenkins (core: 2.41 -> 2.44) | Igor Pashev | 1 | -895/+1408 | |
2017-02-01 | nginx: --kill-who=main in post log rotate | Igor Pashev | 1 | -1/+2 | |
2017-02-01 | php-fpm: use simple mapAttrs' | Igor Pashev | 1 | -3/+4 | |
Instead of folding, since we produce single member attribute set. | |||||
2017-02-01 | php-fpm: enable logrotate | Igor Pashev | 1 | -5/+29 | |
2017-02-01 | php-fpm: make use of home directory | Igor Pashev | 3 | -22/+52 | |
Potentially breaking, these options are removed: pool.user, pool.listen.owner, pool.listen.mode. Since socket owner cannot be set now, nginx needs to belong to the appropriate PHP-FPM group. | |||||
2017-01-30 | sproxy2: 1.93.0 -> 1.94.0 | Igor Pashev | 1 | -2/+2 | |
2017-01-30 | php-fpm: refactored (can cause breakage) | Igor Pashev | 1 | -52/+52 | |
Moved some options under the `global` group (reflecting PHP FPM config file structure). Removed some submodules. | |||||
2017-01-30 | vbox: sproxy -> sproxy2 (one more) | Igor Pashev | 1 | -1/+1 | |
2017-01-30 | Added memcached app | Igor Pashev | 2 | -0/+138 | |
2017-01-29 | MariaDB: 10.1.18 -> 10.1.21 | Igor Pashev | 1 | -2/+2 | |
2017-01-22 | Sync Jenkins (core: 2.39 -> 2.41) | Igor Pashev | 1 | -1087/+1644 | |
2017-01-22 | Ditch original sproxy | Igor Pashev | 4 | -180/+0 | |
2017-01-22 | Fetch from Hackage where possible | Igor Pashev | 4 | -28/+12 | |
2017-01-21 | mariadb: manage roles faster | Igor Pashev | 1 | -25/+57 | |
This gets us closer to declarative granting. See https://github.com/zalora/nixsap/issues/4 | |||||
2017-01-20 | mariadb: use explicit package | Igor Pashev | 3 | -42/+41 | |
2017-01-20 | mariadb: typo | Igor Pashev | 1 | -2/+2 | |
With `either`, submodule attrs aren't checked, but the idea is good anyway, so let it be here for a while. See https://github.com/zalora/nixsap/issues/10 | |||||
2017-01-16 | jenkins: explicit path for find | Igor Pashev | 1 | -1/+1 | |
shellcheck started complaining. Similar to b99beab2b48d3bc8130602d6e8907d8acb3deab3 | |||||
2017-01-15 | postgresql app: no system package | Igor Pashev | 1 | -1/+0 | |
2017-01-13 | icinga2: shorten path | Igor Pashev | 1 | -2/+2 | |
2017-01-12 | ldapply: openldap is implicit | Igor Pashev | 1 | -2/+2 | |
2017-01-12 | ldapply: 0.1.0 -> 0.2.0 | Igor Pashev | 3 | -18/+10 | |
2017-01-12 | openldap: safer defaults | Igor Pashev | 1 | -1/+1 | |
"ber" can leak passwords. | |||||
2017-01-11 | mysqlbackup: explicit path for find | Igor Pashev | 1 | -1/+1 | |
Shellcheck began to complain: SC2185: Some finds don't have a default path. Specify '.' explicitly | |||||
2017-01-08 | Sync Jenkins (core: 2.37 -> 2.39) | Igor Pashev | 1 | -648/+666 | |
2017-01-08 | Added modular OpenLDAP 2.4.44 | Igor Pashev | 1 | -0/+57 | |
Enabled all backends, except perl, ndb, sql. Enabled all overlays. See also https://github.com/NixOS/nixpkgs/commit/8e319c5ddac707fb4cb3315f9eadea9a70fc8c84 Don't override original package to avoid massive rebuild of many packages including systemd. | |||||
2017-01-08 | Added openldap app | Igor Pashev | 2 | -0/+330 | |
2017-01-07 | Added ldapply 0.1.0+ | Igor Pashev | 3 | -0/+49 | |
LDIF idempotent apply tool | |||||
2017-01-06 | php-fpm: toString is implicit | Igor Pashev | 1 | -1/+1 | |
2016-12-24 | Mediwiki Sproxy: user_name == user_email | Igor Pashev | 1 | -10/+1 | |
2016-12-24 | nginx: added sproxy log format | Igor Pashev | 1 | -0/+6 | |
2016-12-24 | IcingaWeb2: 2.3.4 -> 2.4.0 | Igor Pashev | 1 | -2/+2 | |
Note that this new version should be able to work with new Icinga2 API instead of oldfashioned FIFO. This is not supported yet in nixsap :) | |||||
2016-12-22 | sproxy2: 1.92.0 -> 1.93.0 | Igor Pashev | 2 | -12/+37 | |
Changed semantics of some options. If previous versions `key` and `client_secret` were files, now they are strings. If you need files, use `key.file` and `client_secret.file`. | |||||
2016-12-22 | nginx: configure logrotate | Igor Pashev | 1 | -2/+16 | |