Maximilian Bosch
501bbad4ce
Merge pull request #182104 from mayflower/mail-exporter-secrets
...
nixos/prometheus-mail-exporter: support storing `passphrase` outside of the store, use umask when using envsubst
2022-07-20 20:42:14 +02:00
Maximilian Bosch
590e60d124
nixos/mxisd: umask to avoid accidental world-readability
2022-07-20 20:29:38 +02:00
Wei Tang
b0a0087d53
nixos/flannel: upgrade to etcdv3 ( #180315 )
2022-07-19 16:09:42 +10:00
oaksoaj
fc9e22fca1
yggdrasil: add group option back and remove systemd User= directive
...
The group configuration parameter allow to share access to yggdrasil
control socket with the users in the system. In the version we propose,
it is null by default so that only root can access the control socket,
but let user create their own group if they need.
Remove User= durective in systemd unit. Should a user with the specified
name already exist in the system, it would be used silently instead of a
dynamic user which could be a security concern.
2022-07-18 12:56:59 -05:00
oaksoaj
080774e28f
yggdrasil: reenable DynamicUser
...
Since version 0.4 Yggdrasil works again using systemd's DynamicUser option.
This patch reenables it to improve security.
We tested this with both persistent and non-persistent keys. Everything
seems to work fine.
2022-07-18 12:56:59 -05:00
Maximilian Bosch
179688c7c8
Merge pull request #181377 from mayflower/mxisd-secrets
...
nixos/mxisd: allow passing secrets
2022-07-18 15:10:49 +02:00
Maximilian Bosch
c2c82fbe43
nixos/mxisd: use a list for env file for mergeability
2022-07-18 13:47:09 +02:00
Sandro Jäckel
3920bb41f2
nixos/searx: improve searxng compatibility
2022-07-17 21:45:30 +02:00
Aaron Andersen
9b01242132
Merge pull request #131261 from bb2020/dlna
...
nixos/minidlna: convert to structural settings
2022-07-15 21:28:19 +02:00
Maximilian Bosch
d54d70f166
nixos/mxisd: allow passing secrets
...
Suppose you want to provide a LDAP-based directory search to your
homeserver via a service-user with a bind-password. To make sure that
this doesn't end up in the Nix store, it's now possible to set a
substitute for the bindPassword like
services.mxisd.extraConfig.ldap.connection = {
# host, bindDn etc.
bindPassword = "$LDAP_BIND_PW";
};
and write the actual secret into an environment file that's readable for
`mxisd.service` containing
LDAP_BIND_PW=<your secret bind pw>
and the following setting in the Nix expression:
services.mxisd.environmentFile = "/runs/ecrets/mxisd";
(cherry picked from commit aa25ce7aa1a89618e4257fd46c7d20879f54c728)
2022-07-13 19:19:17 +02:00
Sandro
78fff7ed35
Merge pull request #181197 from bjornfor/fix-ddclient-password-leak
2022-07-12 15:13:43 +02:00
Bjørn Forsman
e0f2f7f9ea
nixos/ddclient: don't leak password in process listings
...
...by using `replace-secret` instead of `sed` when injecting the
password into the ddclient config file. (Verified with `execsnoop`.)
Ref https://github.com/NixOS/nixpkgs/issues/156400 .
2022-07-12 10:23:40 +02:00
Pascal Wittmann
6d1cabe9d9
Merge pull request #158346 from kurnevsky/i2pd-yggdrasil
...
i2pd: add yggdrasil settings
2022-07-12 10:19:18 +02:00
Sandro
366683965e
Merge pull request #166308 from ncfavier/wg-resolvconf
...
nixos/resolvconf: allow different implementations
2022-07-10 21:00:00 +02:00
James Hannah
c6e76ab7c9
nixos/radvd: add package option
...
Allow package users to override the package for radvd.
2022-07-01 21:11:46 +02:00
Sandro
911a73340c
Merge pull request #175335 from wyndon/init-lokinet
2022-07-01 11:54:38 +02:00
bb2020
7113eb5574
nixos/minidlna: convert to structural settings
2022-07-01 11:05:38 +03:00
bb2020
449d6ce32b
nixos/minidlna: add more configuration options
2022-07-01 11:05:38 +03:00
wyndon
69e1e00ebb
nixos/lokinet: init
2022-06-30 16:01:50 +02:00
Pascal Bach
13df7151e1
Merge pull request #178783 from greizgh/fix-syncthing-doc
...
nixos/syncthing: fix services.syncthing.folders description
2022-06-27 22:37:56 +02:00
Aaron Andersen
28562b800e
Merge pull request #178154 from aanderse/nixos/prosody
...
nixos/prosody: conditionally provision required directories with StateDirectory
2022-06-26 22:45:18 +02:00
Sandro
74ea995b11
Merge pull request #174446 from jsimonetti/routedns-init
...
routedns: init at 0.1.5
2022-06-24 16:31:03 +02:00
Lassulus
8c2e25e98e
Merge pull request #177081 from azahi/trickster
...
trickster: 0.1.10 -> 1.1.5
2022-06-23 22:24:54 +02:00
Greizgh
ac1e34f0fe
nixos/syncthing: fix services.syncthing.folders description
...
It was improperly referencing overrideDevices instead of overrideFolders.
2022-06-23 20:44:59 +02:00
Bernardo Meurer
5332bc174a
Merge pull request #178483 from twitchyliquid64/tailscale-networkd
...
tailscale: ignore tailscale link when using networkd
2022-06-23 12:10:14 -04:00
ajs124
6c189d264e
Merge pull request #177077 from Lassulus/bitlbee_cfgdir
...
nixos/bitlbee: allow writing to configDir
2022-06-22 19:27:59 +02:00
Naïm Favier
4af5c46faa
nixos/dhcpcd: use networking.resolvconf.package
...
Allow using the appropriate resolver implementation to set DNS entries
(typically systemd-resolved instead of openresolv).
2022-06-21 22:58:44 +02:00
Naïm Favier
953a5bd3dd
nixos/tailscale: use networking.resolvconf.package
...
Allow using the appropriate resolver implementation to set DNS entries
(typically systemd-resolved instead of openresolv).
2022-06-21 22:58:44 +02:00
Naïm Favier
458ac47a1d
nixos/wg-quick: improve usage with systemd-networkd
...
Use `networking.resolvconf.package` to allow DNS entries to be set using
the system-wide resolver implementation instead of hardcoding systemd or
openresolv.
Extend the tests by adding DNS entries and making one of the peers use
systemd-networkd (hence systemd-resolved).
Also add a few `networkd`-specific settings.
2022-06-21 22:58:44 +02:00
Tom
3b8a162680
tailscale: ignore tailscale link when using networkd
2022-06-21 13:23:28 -07:00
Robert Hensing
e2c261f2c0
Merge pull request #176146 from pennae/module-docs-markdown
...
treewide: markdown option docs
2022-06-21 13:16:02 +02:00
Aaron Andersen
078a53824e
nixos/prosody: provide additional details in the user and group options description
2022-06-18 10:08:08 -04:00
Aaron Andersen
79bfd3c0d0
nixos/prosody: conditionally provision required directories with StateDirectory
2022-06-18 10:05:15 -04:00
Jeroen Simonetti
829167bd27
nixos/routedns: init
...
Signed-off-by: Jeroen Simonetti <jeroen@simonetti.nl>
2022-06-15 08:33:46 +02:00
Azat Bahawi
82497b0e9f
trickster: 0.1.10 -> 1.1.5
2022-06-14 01:51:45 +03:00
Jared Baur
f880ea69ba
nixos/globalprotect: add settings option for service configuration
2022-06-13 15:29:41 -07:00
Maximilian Bosch
fd2a89b983
nixos/wpa_supplicant: don't log that wpa_supplicant.conf is ignored with allowAuxiliaryImperativeNetworks = true
...
The warning is wrong with `allowAuxiliaryImperativeNetworks`[1] being
set to `true` because both files are included in this case with `-c` and
`-I`.
[1] https://nixos.org/manual/nixos/stable/options.html#opt-networking.wireless.allowAuxiliaryImperativeNetworks
2022-06-12 17:07:36 +02:00
pennae
320aa2a791
treewide: attempt at markdown option docs
2022-06-12 12:44:38 +02:00
Timothy DeHerrera
ec4e23d4e9
Merge pull request #171155 from cab404/wg-quick-files
...
nixos/wg-quick: added support for configuration files
2022-06-11 22:00:45 -07:00
Soham Sen
feff6ddbe7
expressvpn: init at 3.25.0.13
2022-06-11 17:10:33 +05:30
lassulus
a12e525410
nixos/bitlbee: allow writing to configDir
2022-06-09 21:05:16 +02:00
sohalt
f1669775bc
nixos/headscale: do not run gin webframework in debug mode
2022-06-07 23:22:05 +02:00
sohalt
18c899d963
nixos/headscale: only set oidc secret if not null
2022-06-07 23:21:13 +02:00
cab
8de1e9e2f8
nixos/wg-quick: added support for configuration files
2022-06-07 01:28:50 +04:00
pennae
e21c4d67d5
nixos/unifi: change deprecated default for openFirewall
...
this was deprecated 6 months ago in unstable for removal in 22.11,
so now seems like a good point to change the default.
2022-06-03 15:59:41 +02:00
Aaron Andersen
18a07645e5
Merge pull request #174959 from MoritzBoehme/openconnect-auto-start
...
nixos/openconnect: add autoStart option
2022-05-31 23:05:25 -04:00
Moritz Böhme
106bfcaf8a
nixos/openconnect: add autoStart option
2022-05-27 17:41:03 +02:00
Sandro
7fa8d8b2e2
Merge pull request #153481 from Tchekda/submit/bird-lg
2022-05-25 18:20:58 +02:00
pennae
023e25264c
Merge pull request #172983 from pennae/mosquitto-bind-interface
...
nixos/mosquitto: add bind_interface listener option, fix assertion messages
2022-05-23 10:53:08 +00:00
Martin Weinelt
05232d19b6
Merge pull request #163220 from fleaz/init-r53_ddns
2022-05-22 17:08:55 +02:00
Francesco Gazzetta
6bb9d0ce3b
nixos/zeronet: fix systemd after
2022-05-21 17:46:28 -04:00
Francesco Gazzetta
183e391256
nixos/zeronet: add package option
2022-05-21 17:46:28 -04:00
David Tchekachev
0f63bd3ba8
nixos/bird-lg: init
2022-05-20 15:44:00 +03:00
Jörg Thalheim
e56ae50ed9
Merge pull request #173109 from Mic92/upterm
...
nixos/upterm: additional hardening
2022-05-19 20:16:13 +01:00
Niklas Hambüchen
23aee34b6f
Merge pull request #171264 from NixOS/nebula-always-restart
...
nixos/nebula: Always restart
2022-05-19 14:05:49 +02:00
Anillc
6958412083
nixos/frr: add extraOptions option
...
Support passing options to daemons. For example, bgpd needs '-M rpki' to
enable rpki functions.
2022-05-19 16:02:47 +08:00
Silvan Mosberger
26ab617a10
Merge pull request #172393 from mweinelt/openssh/sntrup761x25519-sha512-kexmethod
...
nixos/openssh: Add sntrup761x25519-sha512 kexAlgo
2022-05-18 12:03:00 +02:00
Lassulus
a976121d57
Merge pull request #165474 from jian-lin/fix-wireguard-systemd-unit-dependency
...
nixos/wireguard: fix dependencies on network-related targets
2022-05-18 11:16:25 +02:00
Robert Schütz
ae758a85d7
nixos/radicale: give access to /dev/urandom
...
A git command was failing in the test with
error: unable to get random bytes for temporary file: Operation not permitted
error: unable to create temporary file: Operation not permitted
error: .Radicale.lock: failed to insert into database
error: unable to index file '.Radicale.lock'
2022-05-17 22:23:57 +02:00
github-actions[bot]
f10256fb7a
Merge master into staging-next
2022-05-16 12:02:51 +00:00
Sandro
6c0dc6d621
nixos/ddclient: turn verbose off by default
...
verbose is a debugging setting one step noisier than debug and should only be turned on when debugging because it leaks quite some credentials and tokens in the journalctl.
2022-05-16 01:49:08 +02:00
pennae
c1115d37ff
nixos/mosquitto: fix attribute path display in assertions
2022-05-15 10:33:38 +02:00
pennae
2145dbc4fc
nixos/mosquitto: add missing listener option bind_interface
...
we expose it under settings instead of at the listener toplevel because
mosquitto seems to pick the addresses it will listen on
nondeterministically from the set of addresses configured on the
interface being bound to. encouraging its use by putting it into the
toplevel options for a listener seems inadvisable.
2022-05-15 10:33:38 +02:00
Jörg Thalheim
eefafb54ef
nixos/upterm: additional hardening
...
Before:
$ ps aux | grep upterm
root 2575046 0.0 0.0 1085080
2022-05-15 09:57:52 +02:00
github-actions[bot]
bcb22e9a7b
Merge master into staging-next
2022-05-13 18:01:23 +00:00
Georg Haas
18ffb9690c
nixos/uptermd: init
2022-05-13 17:44:44 +02:00
Martin Weinelt
fa7ce6bc7f
nixos/openssh: Add sntrup761x25519-sha512 kexAlgo
...
Introduced in OpenSSH 9.0 it became the part of the default kexAlgorithm
selection, visibile in sshd_config(5).
It is also enabled by default in the OpenSSH client, as can be seen from
$ ssh -Q KexAlgorithms
Also clarifies that we use the referenced documents as the lower bound,
given that they haven't been updated for 5-7y.
2022-05-10 23:20:54 +02:00
github-actions[bot]
27575e98ee
Merge staging-next into staging
2022-05-09 12:08:45 +00:00
Janne Heß
e6fb1e63d1
Merge pull request #171650 from helsinki-systems/feat/config-systemd-package
...
treewide: pkgs.systemd -> config.systemd.package
2022-05-09 10:23:04 +02:00
github-actions[bot]
31938a3f5c
Merge staging-next into staging
2022-05-09 00:03:28 +00:00
Ivan Kozik
9db1d1782b
nixos/tinc: unbreak the service
...
The user is actually tinc.${network}, as Mic92 points out in
https://github.com/NixOS/nixpkgs/pull/171703#discussion_r867506032
Sorry, I broke this in https://github.com/NixOS/nixpkgs/pull/171703 earlier.
coreutils 9.1 chown does not complain in this case with a valid dotted user.
2022-05-08 16:04:20 +00:00
github-actions[bot]
00e5877c2f
Merge staging-next into staging
2022-05-07 00:02:47 +00:00
Sandro
d21ebc62bf
Merge pull request #170851 from danderson/danderson/ts-warn-rpf
...
nixos/tailscale: warn if strict reverse path filtering is in use.
2022-05-06 23:21:50 +02:00
github-actions[bot]
ad713fb84e
Merge staging-next into staging
2022-05-06 12:02:39 +00:00
Yureka
96aaf29234
Revert "Merge pull request #164398 from NinjaTrappeur/nin/pleroma-wrappers"
...
This reverts commit 05417a66e753e4f8d237
2022-05-06 12:38:28 +02:00
github-actions[bot]
4c4d0d6bc3
Merge staging-next into staging
2022-05-06 06:02:20 +00:00
Rick van Schijndel
32bebf42ea
Merge pull request #171703 from ivan/chown-colon
...
treewide: chown user:group instead of user.group to fix warnings from coreutils 9.1
2022-05-06 07:20:40 +02:00
David Anderson
3fdac0f981
nixos/tailscale: warn if strict reverse path filtering is in use.
...
Tailscale uses policy routing to enable certain traffic to bypass
routes that lead into the Tailscale mesh. NixOS's reverse path
filtering setup doesn't understand the policy routing at play,
and so incorrectly interprets some of this traffic as spoofed.
Since this only breaks some features of Tailscale, merely warn
users about it, rather than make it a hard error.
Updates tailscale/tailscale#4432
Signed-off-by: David Anderson <dave@natulte.net>
2022-05-05 18:28:48 -07:00
Sandro
b9e7f61c72
Merge pull request #171747 from danderson/danderson/tailscale-getent
...
nixos/tailscale: add glibc to PATH.
2022-05-06 03:10:00 +02:00
Sandro
e5e30371bc
Merge pull request #170210 from danderson/danderson/restart-tailscaled
...
nixos/tailscale: use systemctl restart during activation.
2022-05-06 03:09:01 +02:00
David Anderson
67b1fac192
nixos/tailscale: add glibc to PATH.
...
For some features, tailscaled uses getent(1) to get the shell
of OS users. getent(1) is in the glibc derivation. Without this
derivation in the path, tailscale falls back to /bin/sh for all
users.
Signed-off-by: David Anderson <dave@natulte.net>
2022-05-05 17:09:27 -07:00
Ivan Kozik
59a76614f3
treewide: chown user:group instead of user.group to fix warnings from coreutils 9.1
2022-05-05 22:05:18 +00:00
Janne Heß
57cd07f3a9
treewide: pkgs.systemd -> config.systemd.package
...
This ensures there is only one systemd package when e.g. testing the
next systemd version.
2022-05-05 20:00:31 +02:00
LuoChen
e4b942eccf
wg-quick: fix postUp always generated issue
2022-05-05 16:08:46 +08:00
Daniel Fullmer
ad38a2a646
nixos/ssh: remove empty host key files before generating new ones
...
In a previous PR [1], the conditional to generate a new host key file
was changed to also include the case when the file exists, but has zero
size. This could occur when the system is uncleanly powered off shortly
after first boot.
However, ssh-keygen prompts the user before overwriting a file. For
example:
$ touch hi
$ ssh-keygen -f hi
Generating public/private rsa key pair.
hi already exists.
Overwrite (y/n)?
So, lets just try to remove the empty file (if it exists) before running
ssh-keygen.
[1] https://github.com/NixOS/nixpkgs/pull/141258
2022-05-03 22:09:43 -07:00
fleaz
8b250ec5af
nixos/r53-ddns: init
2022-05-04 00:16:18 +02:00
Matthieu Coudron
5114d91cd8
Merge pull request #169802 from NinjaTrappeur/nin/prosody012
2022-05-03 11:04:17 +02:00
Niklas Hambüchen
73135fb85d
nixos/nebula: Always restart
...
Without this, if the network goes down for a while, systemd will give up after 5 restarts:
Scheduled restart job, restart counter is at 5.
Stopped Nebula VPN service for myvpn.
nebula@myvpn.service: Start request repeated too quickly.
Failed with result 'exit-code'.
Failed to start Nebula VPN service for myvpn.
Most network services need this, but for VPNs it's extra important.
2022-05-02 16:45:44 +02:00
Félix Baylac-Jacqué
20693a1e73
prosody: 0.11.13 -> 0.12.0
...
See https://blog.prosody.im/prosody-0.12.0-released for more
informations.
We remove the various lua wrappers introduced by
6799a9184316d0b4a69f
2022-05-02 12:43:19 +02:00
Lara
917be9fa32
asterisk: Create symlinks for each config individually
...
This commit refactors the way how configuration files are deployed to
the `/etc/asterisk` directory.
The current solution builds a Nix derivation containing all config files
and symlinks it to `/etc/asterisk`. The problem with that approach is
that it is not possible to provide additional configuration that should
not be written to the Nix store, i.e. files containing credentials.
The proposed solution changes the creation of configuration files so
that each configuration file gets symlinked to `/etc/asterisk`
individually so that it becomes possible to provide additional config
files to `/etc/asterisk` as well.
2022-05-02 10:32:34 +00:00
Bernardo Meurer
ecfb5500f7
nixos/cloudflare-dyndns: init
2022-05-01 16:50:31 -07:00
Arnout Engelen
2b85441bb0
Merge pull request #146241 from rgrunbla/wpa_supplicant-fix-writable
...
wpa_supplicant: prevent writing non-writable configuration
2022-04-27 11:35:49 +02:00
David Anderson
c9a1647ade
nixos/tailscale: use systemctl restart during activation.
...
This avoids the scenario where you activate a new config over Tailscale,
and a long delay between the "stop services" and "start services" phases
of the activation script lead to your terminal freezing for tens of
seconds, until tailscaled finally gets started again and the session
recovers.
Per the documentation of stopIfChanged, this is only safe to do if the
service definition is robust to stopping the old process using the new
service definition. As the maintainer of the upstream systemd unit, I
can confirm that Tailscale is robust to this scenario: it has to be
in order to work right on several other distros that just do
unpack-then-restart, rather than the more complex stop-unpack-start
dance.
Signed-off-by: David Anderson <dave@natulte.net>
2022-04-24 23:31:35 -07:00
Jonas Heinrich
24b53785cc
nixos/create_ap: add module
2022-04-23 07:17:44 -04:00
Jörg Thalheim
aa446f8d3c
Merge pull request #169437 from Mic92/consul
...
nixos/consul: allow ipv6-only
2022-04-21 07:22:02 +01:00
Lassulus
b424ce3fd2
Merge pull request #161587 from helsinki-systems/feat/bird2-reload-trigger
...
nixos/bird: reloadIfChanged -> reloadTriggers
2022-04-20 18:24:05 +01:00
Jörg Thalheim
325a525467
nixos/consul: allow ipv6-only
2022-04-20 17:32:06 +02:00
Alexandru Scvortov
4646491175
nixos/nbd: fix nbd-server config section ordering
...
Closes #169103
2022-04-18 17:28:09 +01:00
Artturi
063155ae92
Merge pull request #169106 from wahjava/fix-headscale-typo
...
headscale: Fix typo as per systemd.exec(5)
2022-04-18 02:19:15 +03:00
Madoura
b18031c413
treewide/meta: Remove chiiruno and replace with Madouura ( #169096 )
...
* maintainers: remove chiiruno
* nixos/zeronet.nix: replace chiiruno with Madouura
* nixos/hydron: replace chiiruno with Madouura
* nixos/tests/bcachefs: replace chiiruno with Madouura
* lutris: replace chiiruno with Madouura
* qtchan: replace chiiruno with Madouura
* tinygo: replace chiiruno with Madouura
* vlang: replace chiiruno with Madouura
* merkletools: replace chiiruno with Madouura
* easyjson: replace chiiruno with Madouura
* quicktemplate: replace chiiruno with Madouura
* statik: replace chiiruno with Madouura
* dumb: replace chiiruno with Madouura
* sndio: replace chiiruno with Madouura
* hydron: replace chiiruno with Madouura
* edid-decode-unstable: replace chiiruno with Madouura
* tewisay: replace chiiruno with Madouura
* svt-av1: replace chiiruno with Madouura
2022-04-18 02:13:36 +03:00
Ashish SHUKLA
4a973081b3
headscale: Fix typo as per systemd.exec(5)
2022-04-18 02:00:29 +05:30
pennae
04b5d464ba
Merge pull request #169029 from LeSuisse/nixos-tailscale-cert-uid
...
nixos/tailscale: allow to set `TS_PERMIT_CERT_UID` env variable
2022-04-17 19:51:31 +00:00
Silvan Mosberger
4de6cbc904
Merge pull request #168551 from infinisil/syncplay-no-gui
...
syncplay: Allow disabling GUI
2022-04-17 19:05:29 +02:00
Thomas Gerbet
f89894e2e3
nixos/tailscale: allow to set TS_PERMIT_CERT_UID env variable
...
This setting was introduced with Tailscale 1.22.0, see
https://github.com/tailscale/tailscale/releases/tag/v1.22.0
Co-authored-by: pennae <github@quasiparticle.net>
2022-04-17 12:13:24 +02:00
rnhmjoj
d39a10daa8
nixos/ncdns: listen on IPv6 by default
2022-04-14 21:07:15 +02:00
rnhmjoj
fd480f55df
nixos/pdns-recursor: update default values
...
1. Update the default values of several addresses-related settings
that have been changed by upstream.
2. Make `dns.address` take multiple addresses. This is needed
for dual stack, now working by default.
2022-04-14 17:31:16 +02:00
Silvan Mosberger
bf123996f9
nixos/syncplay: Switch to version without GUI
2022-04-13 23:58:51 +02:00
Thiago Kenji Okada
3a570f57a1
Merge pull request #167775 from otavio/topic/improve-shellhub-module
...
nixos: shellhub-agent: support more options
2022-04-13 19:56:14 +01:00
pennae
3acf560427
Merge pull request #165883 from alyaeanyx/openconnect-module
...
nixos/openconnect: Add NixOS module for declarative OpenConnect VPNs
2022-04-10 21:30:26 +00:00
Otavio Salvador
fcb69a8583
nixos/shellhub-agent: use package internally, avoiding it in PATH
...
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-04-10 13:32:10 -03:00
Otavio Salvador
d7a0f56c6a
nixos/shellhub-agent: avoid code duplication for environment
...
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-04-10 13:32:10 -03:00
Otavio Salvador
bd3b046ac8
nixos/shellhub-agent: use mkPackageOption to simplify code
...
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-04-10 13:32:10 -03:00
Otavio Salvador
8c4bc7f62c
nixos/shellhub-agent: allow setting the preferredHostname
...
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-04-10 13:32:10 -03:00
alyaeanyx
e4c93fb04c
nixos/openconnect: add hardening flags
2022-04-10 14:19:22 +02:00
Lassulus
df7337ebb4
Merge pull request #166456 from mweinelt/isc-dhcp
...
dhcp: 4.4.2-P1 -> 4.4.3 and make client & relay support optional
2022-04-10 11:05:29 +01:00
Lassulus
adc7fbbcdf
Merge pull request #164531 from jtojnar/networkmanager
...
nixos/networkmanager: Allow overriding installed plug-ins
2022-04-10 11:03:36 +01:00
Otavio Salvador
6729653309
nixos/shellhub-agent: allow setting the keepAliveInterval
...
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-04-09 20:11:12 -03:00
Otavio Salvador
60158bfc22
nixos/shellhub-agent: use new configuration variables
...
The old variables still work but will eventually stop to be supported so
move to the new ones.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-04-09 20:11:12 -03:00
Otavio Salvador
a62471fc65
nixos/shellhub-agent: use mkEnableOption to simplify code
...
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-04-09 20:11:12 -03:00
Otavio Salvador
6175188591
nixos/shellhub-agent: reformat code using nixpkgs-fmt
...
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-04-08 19:23:23 -03:00
Sandro
45b9690a75
Merge pull request #147975 from andersk/mozillavpn
2022-04-08 15:32:45 +02:00
alyaeanyx
0c066f0d0e
nixos/openconnect: add module
2022-04-08 11:39:09 +02:00
pennae
3838b7e07e
Merge pull request #166894 from CameronNemo/nixos-mod-envoy
...
nixos/envoy: init
2022-04-07 16:23:12 +00:00
Cameron Nemo
1b4b16e1bd
nixos/envoy: init
2022-04-07 14:43:53 +00:00
ajs124
821a184fa9
nixos/bird: reloadIfChanged -> reloadTriggers
2022-04-03 17:57:04 +01:00
Martin Weinelt
eb40e8633a
Merge pull request #167027 from helsinki-systems/drop/broken
2022-04-03 18:29:26 +02:00
Martin Weinelt
f2a00b4079
Merge pull request #163658 from dminuoso/kea-changes
2022-04-03 17:44:19 +02:00
Victor Nawothnig
799bda94db
nixos/kea: Allow specifying custom config file
2022-04-03 17:34:00 +02:00
ajs124
eb13e249f0
openfire: remove after being marked broken for over two years
...
It was marked in commit 567c1a360f
2022-04-03 16:14:18 +01:00
Artturi
c7ac6ff789
Merge pull request #162063 from martinetd/logrotate_size
...
logrotate: update to freeform
2022-04-01 06:21:11 +03:00
Silvan Mosberger
fda16bfd32
Merge pull request #165532 from Infinisil/syncplay-password
2022-04-01 04:37:22 +02:00
Dominique Martinet
e92c05349c
nixos/logrotate: convert to freeform
...
using freeform is the new standard way of using modules and should replace
extraConfig.
In particular, this will allow us to place a condition on mails
2022-04-01 07:09:26 +09:00
Martin Weinelt
a31f123c1c
networkmanager: remove dhcp and pass dhcpcd instead
...
The ISC DHCP client has reached its end of life.
2022-03-30 21:05:10 +02:00
Jared Baur
41e2604483
nixos/dhcpd6: Use fixed-address6 for dhcpd6 address reservations
2022-03-29 07:58:42 -07:00
Martin Weinelt
999f3c2b9d
pdns: rename from powerdns
...
https://github.com/PowerDNS/pdns
https://repology.org/project/pdns/versions
2022-03-28 18:04:19 +02:00
Emery Hemingway
ad15abe7ff
squid: 4.17 -> 5.4.1
...
* enable HTCP
* enable systemd support
* add NixOS option "services.squid.package"
2022-03-25 15:59:05 +00:00
Peter Hoeg
39a6621150
nixos/https-dns-proxy: init module
2022-03-24 15:36:28 +08:00
Silvan Mosberger
bc4631d8f0
nixos/syncplay: Add server password support
2022-03-24 04:46:26 +01:00
linj
0c795a8127
nixos/wireguard: fix dependencies on network-related targets
...
wireguard-${name}.service only sets up interfaces and doesn't need to
connect to the Internet.
See sections of these three network-related targets in systemd
manuals[1][2] for more information.
Also, remove the redundant multi-user.target in peer units.
Fixes #142152
[1]: https://www.freedesktop.org/software/systemd/man/systemd.special.html
[2]: https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
2022-03-23 18:23:35 +08:00
Sivizius
b4c2ffaffa
nixos/wg-quick: add autostart option to interfaces ( #162219 )
...
This adds the option `networking.wg-quick.interfaces.<name>.autostart`, which defaults to `true`, which is the previous behavior. With this option set to `false`, the systemd-unit will no longer be set to `wantedBy = [ "multi-user.target" ]` and therefore the tunnel has to be enabled/disabled via `systemctl start/stop wg-quick-<name>`.
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
2022-03-22 13:25:57 +00:00
Peter Hoeg
052632fd15
nixos/iwd: workaround for race condition where wlan device disappears
2022-03-22 19:36:51 +08:00
Ninjatrappeur
05417a66e7
Merge pull request #164398 from NinjaTrappeur/nin/pleroma-wrappers
2022-03-19 21:28:40 +01:00
Félix Baylac-Jacqué
b205832efe
nixos/pleroma: regenerate empty release cookie files
...
Since b9cfbcafdf0ca9573de1cdc06137c020e70e44a8, the lack of hexdump in
the closure lead to the generation of empty cookie files. This empty
cookie file is making pleroma to crash at startup now we correctly
read it.
We introduce a migration forcing these empty cookies to be
re-generated to something not empty.
2022-03-17 15:22:14 +01:00
Félix Baylac-Jacqué
71d9048f72
nixos/pleroma: inject release cookie path to the pleroma package
...
We inject the release cookie path to the pleroma derivation in order
to wrap pleroma_ctl with it. Doing this allows us to remove the
systemd-injected RELEASE_COOKIE path, which was sadly
buggy (RELEASE_COOKIE should point to the *content* of the cookie, not
the file containing it).
We take advantage of this to factor out the cookie path.
2022-03-17 15:22:14 +01:00
Jan Tojnar
d2efc3ef70
nixos/networkmanager: Allow overriding installed plug-ins
...
Now, one can just use `networking.networkmanager.plugins = lib.mkForce [];`
if they want to get rid of the plug-ins.
Co-authored-by: lassulus <lassulus@lassul.us>
2022-03-17 04:50:53 +01:00
Robert Hensing
0395086d0c
Merge pull request #162271 from Infinisil/warn-no-type
...
Throw an error for options without a type
2022-03-16 22:58:45 +01:00
Artturi
1389c15b77
Merge pull request #163304 from gravndal/amule-daemon
2022-03-12 16:18:29 +02:00
Scott Worley
131399effb
nixos/stunnel: Make free-form
...
This unlocks stunnel's other ~100 configuration directives, allowing
full stunnel use in NixOS.
2022-03-11 14:36:26 -08:00
Bobby Rong
8a56a49cc7
Merge pull request #162411 from kurnevsky/tox-node-service-fix
...
tox-node: fix config hash and url
2022-03-11 18:09:35 +08:00
Evgeny Kurnevsky
d94be44526
tox-node: fix config
2022-03-09 23:27:34 +03:00
Alexandru Scvortov
252f20aaa2
nbd: add programs.nbd, services.nbd, and test
...
Changes:
nbd: Update nixos/modules/services/networking/nbd.nix
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
nbd: Update nixos/modules/services/networking/nbd.nix
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
nbd: Update nixos/tests/nbd.nix
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
nbd: generalize options in nbd service
nbd: harden service
nbd: Update nixos/modules/services/networking/nbd.nix
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
nbd: Update nixos/modules/services/networking/nbd.nix
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
nbd: refactor code a bit and BindPaths automatically
2022-03-09 12:00:47 +00:00
Gaute Ravndal
fe6f628343
nixos/amuled: fix package reference in service definition
...
The amuleDaemon package was renamed to kebab-case in 81ef57d6
2022-03-08 12:14:25 +01:00
piegames
cd7e516b26
Merge pull request #156858 : nixos/polkit: don't enable by default
2022-03-05 14:48:35 +01:00
Yaya
38246ed194
nixos/snowflake-proxy: init
...
This commit introduces snowflake-proxy [1], a system to circumvent internet
censorship.
[1] https://snowflake.torproject.org/
2022-03-04 08:41:38 -06:00
Anders Kaseorg
abfcc2e0ff
mozillavpn: init at 2.7.1
...
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-03-01 22:41:23 -08:00
Silvan Mosberger
b2d803ca57
nixos/treewide: Add last missing option types
...
Co-Authored-By: Janne Heß <janne@hess.ooo>
2022-02-28 22:50:06 +01:00
Nick Cao
6e389e6367
nixos/bird: run service as non-root user, add test for reload
2022-02-27 16:19:22 +08:00
Martin Weinelt
308403c329
Merge pull request #161663 from felixsinger/update/pkgs/mumble
2022-02-26 22:38:26 +01:00
Felix Singer
c267e9ce37
mumble,murmur: 1.3.4 -> 1.4.231
...
Update version to 1.4.231.
Build 231 points to a specific commit from the 1.4.x branch adding many
fixes and improvements. Since this version is an unofficial release, add
an unstable prefix to the version string in Nixpkgs.
Signed-off-by: Felix Singer <felixsinger@posteo.net>
Signed-off-by: Franz Pletz <fpletz@fnordicwalking.de>
2022-02-26 22:08:22 +01:00
Jörg Thalheim
ad16194460
nixos/bird: improve systemd hardening / capability set
...
aligned with https://github.com/archlinux/svntogit-packages/blob/packages/bird/trunk/bird.service#L20-L21
2022-02-25 11:39:34 +01:00
Jörg Thalheim
9abf72f229
bird1: drop package + modules
...
reason: no longer maintained upstream.
2022-02-25 11:39:34 +01:00
Markus Kowalewski
5721945070
nixos/tetrd: add to module list and fix enable description
...
The module was dangling and and not listed.
2022-02-24 09:44:57 -08:00
Maciej Krüger
7feed2c0be
Merge pull request #160917 from pingiun/patch-12
2022-02-20 09:57:45 +01:00
Alyssa Ross
1176525f87
treewide: remove obsolete kernel version checks
...
We don't support Linux kernels older than 4.4 in Nixpkgs.
2022-02-19 21:09:19 +00:00
Jelle Besseling
5dd2d74296
eternal-terminal: remove pingiun as maintainer
2022-02-19 17:47:41 +01:00
Nikolay Amiantov
6786ceb9af
Merge pull request #159538 from abbradar/ntopng-redis
...
ntopng: bump, use a separate user and redis instance
2022-02-19 15:27:56 +03:00
Nikolay Amiantov
a347d52074
nixos/ntopng: http-port -> httpPort
2022-02-19 14:03:33 +03:00
Nikolay Amiantov
41f4d999ad
nixos/ntopng: update user and redis configuration
...
New ntopng version supports running as specified user. Create a separate
user for ntopng with a separate Redis instance.
Separate instance is only used for new `system.stateVersion`s to avoid
breaking existing setups. To configure that we add two new options,
`redis.address` and `redis.createInstance`. They can also be used to
specify your own Redis address.
2022-02-19 14:03:33 +03:00
Renaud
a632c843a7
Merge pull request #158259 from Yarny0/hylafax
...
hylafaxplus: 7.0.4 -> 7.0.5
2022-02-18 22:17:08 +01:00
Aaron Andersen
b3c0344c9d
Merge pull request #156763 from ratsclub/blocky
...
nixos/blocky: init
2022-02-18 11:27:25 -05:00
Pascal Bach
4c999b91a5
Merge pull request #156685 from schnusch/squid
...
nixos/squid: add services.squid.proxyAddress
2022-02-16 19:42:47 +01:00
Victor Freire
6532d3417e
nixos/blocky: init
2022-02-14 22:48:32 -03:00
Martin Weinelt
b3d39e3c59
Merge pull request #160037 from lourkeur/cleanup/firewall
2022-02-14 23:39:23 +01:00
Louis Bettens
625412d2bc
nixos/firewall: remove dead code
2022-02-14 20:55:25 +01:00
ajs124
0742020639
nixos/gogoclient: drop
2022-02-11 01:31:09 +01:00
Jonathan Ringer
5df08e00cd
Merge remote-tracking branch 'origin/master' into staging-next
...
Conflicts:
pkgs/development/python-modules/opensimplex/default.nix
pkgs/development/python-modules/pygame-gui/default.nix
pkgs/top-level/aliases.nix
pkgs/top-level/python-aliases.nix
2022-02-08 21:19:24 -08:00
Pierre Bourdon
833bcbc844
nixos/firewall: make 'networking.firewall.package' example less confusing
...
pkgs.iptables-nftables-compat == pkgs.iptables (default) since cf9ac2b5
2022-02-08 10:31:09 +01:00
Evgeny Kurnevsky
ef025e2998
i2pd: add yggdrasil settings
2022-02-07 22:57:23 +03:00
github-actions[bot]
9cdb39f965
Merge master into staging-next
2022-02-07 18:01:27 +00:00
gin66
cb648f080d
wg-netmanager: init at 0.3.6 ( #155149 )
...
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-02-07 16:46:51 +01:00
Vladimír Čunát
3dfddd89c6
Merge branch 'master' into staging-next
...
Trivial conflict in pkgs/top-level/aliases.nix
2022-02-06 10:29:49 +01:00
Emery Hemingway
e0fa89109b
nixos/yggdrasil: fix radvd example in manual
...
The Radvd "AdvDefaultLifetime" option should never be set to 0.
2022-02-05 23:20:08 +01:00
github-actions[bot]
c86cbc2a8a
Merge master into staging-next
2022-02-05 18:01:08 +00:00
rnhmjoj
6afcc5afc6
nixos/connman: fix evaluation
...
This was caused by 2a37dd8
2022-02-05 13:51:52 +01:00
Yarny0
21d6960e99
nixos/hylafax: use new type nonEmptyStr
...
The module option type `nonEmptyStr` was introduced in commit
a3c5f0cba8
2022-02-05 11:32:22 +01:00
github-actions[bot]
63e54d6343
Merge master into staging-next
2022-02-05 06:01:20 +00:00
Ellie Hermaszewska
58e445a1b5
Merge pull request #158078 from ashkitten/patch-2
...
nixos/syncplay: fix systemd service
2022-02-05 08:42:19 +08:00
Jan Tojnar
bfd44c17cd
Merge branch 'master' into staging-next
...
; Conflicts:
; pkgs/top-level/aliases.nix
2022-02-04 19:54:59 +01:00
rnhmjoj
3b8fa47f58
nixos/wireless: don't attempt fallback on WPA3 only networks
2022-02-04 08:46:32 +01:00
ash lea
959317df95
nixos/syncplay: fix systemd service
2022-02-03 22:59:34 -05:00
github-actions[bot]
f636a27dac
Merge staging-next into staging
2022-02-01 12:01:45 +00:00
Timo Kaufmann
c395fe1e8f
Merge pull request #156706 from Luflosi/i2pd-remove-script
...
nixos/i2pd: get rid of unnecessary shell script
2022-02-01 11:52:02 +01:00
K900
e68a2fffa1
nixos/murmur: remove extra space, fix build after #152372
2022-02-01 07:07:51 +00:00
github-actions[bot]
aee8ca6639
Merge staging-next into staging
2022-02-01 00:02:21 +00:00
pennae
7325eb455b
Merge pull request #157046 from kradalby/add-headscale-module
...
Add headscale module
2022-01-31 23:53:18 +00:00
Luflosi
fd6d59f2ed
nixos/i2pd: get rid of unnecessary shell script
...
I think calling i2pd directly in `ExecStart` is much nicer than having an extra shell script for no reason. It's also easier to see what's going on when looking at the generated systemd unit file.
2022-01-31 23:21:40 +01:00
Kristoffer Dalby
00db4205fb
nixos/headscale: Add headscale service module
2022-01-31 22:02:56 +00:00
github-actions[bot]
87efa4e516
Merge staging-next into staging
2022-01-31 12:01:50 +00:00
Jan Tojnar
54b828006e
Merge branch 'staging-next' into staging
2022-01-31 12:57:47 +01:00
Michele Guerini Rocco
09e2956012
Merge pull request #155895 from rnhmjoj/pr-dhcpd-hard
...
nixos/dhcpd: switch to DynamicUser [v2]
2022-01-31 10:06:57 +01:00
