dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
559,023 Commits 3 Branches 0 Tags 4.3 GiB
ded5462398
Commit Graph

3578 Commits

Author SHA1 Message Date
Jakub Sokołowski
4e587ac821
mtr-exporter: support specifying multiple jobs 
This ability has been added in `0.3.0` release:
https://github.com/mgumz/mtr-exporter/releases/tag/0.3.0
https://github.com/NixOS/nixpkgs/pull/252667

To achieve this a config is generated and symlinked at `/etc/mtr-exporter.conf`.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
 2023-09-24 09:13:31 +02:00
Vladimír Čunát
1869818c57
nixos/knot: add release notes and partial compatibility 2023-09-23 10:05:17 +02:00
Vladimír Čunát
ce85980e77
nixos/knot: also allow config by YAML file 2023-09-23 10:04:02 +02:00
Vladimír Čunát
7fb737dde6
nixos/knot: allow full configuration by nix values (RFC 42) 2023-09-23 10:04:02 +02:00
Bjørn Forsman
ed7c0c6e75 nixos/wireguard: add metric option 
This new option, networking.wireguard.interfaces.NAME.metric, allows
increasing the metric of the routes, effectively lowering priority.

(I'm using high metric to allow having the Wireguard interface always
up, even when the client machines are on their home network. Before I
had to stop the interface when home to avoid packet routing issues.)
 2023-09-21 22:19:21 +02:00
Sandro Jäckel
9a85d77152
nixos/networkmanager: default firewallBackend to nftables, remove firewallBackend 
Co-authored-by: Florian Klink <flokli@flokli.de>

Co-authored-by: Lin Jian <me@linj.tech>
 2023-09-21 16:18:57 +02:00
Sandro Jäckel
ad0ca163e1
nixos/networkmanager: cleanup, fix example rendering 2023-09-21 15:16:54 +02:00
zaldnoay
79599c86ae nixos/frp: fix example url of configure file 2023-09-20 13:55:53 +08:00
Carl Richard Theodor Schneider
716bde190c nixos/sshd: specify lport,laddr for config validation 2023-09-19 18:13:44 +02:00
zaldnoay
6cd38e43cd nixos/frp: init 2023-09-17 14:37:19 +08:00
Robert Schütz
1f832ad576
Merge pull request #254306 from dotlambda/tedicross-drop 
nodePackages.tedicross: drop
 2023-09-15 17:23:54 +00:00
Markus Theil
8e5d42e8e9 nixos/frr: add mgmtd to service list 
mgmtd is a new service in frr >= 9.0.

Signed-off-by: Markus Theil <theil.markus@gmail.com>
 2023-09-15 13:19:19 +02:00
Robert Schütz
536969cad3 nodePackages.tedicross: drop 
It fails to build with

    npm ERR! code 1
    npm ERR! path /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium
    npm ERR! command failed
    npm ERR! command sh -c node install.js --preinstall
    npm ERR! Static libsodium was not found at /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/deps/build/lib/libsodium so compiling libsodium from source.
    npm ERR! automake is required, but wasn't found on this system
    npm ERR! make: *** [Makefile:62: libsodium] Error 1
    npm ERR! /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/install.js:287
    npm ERR!             throw new Error(cmdLine + ' exited with code ' + code);
    npm ERR!             ^
    npm ERR!
    npm ERR! Error: make libsodium exited with code 2
    npm ERR!     at ChildProcess.<anonymous> (/nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/install.js:287:19)
    npm ERR!     at ChildProcess.emit (node:events:514:28)
    npm ERR!     at ChildProcess._handle.onexit (node:internal/child_process:291:12)
    npm ERR!
    npm ERR! Node.js v18.17.1
 2023-09-13 15:00:38 -07:00
Mario Rodas
5f9390646a
Merge pull request #254827 from hanleym/trust-dns 
trust-dns: 0.22.1 -> 0.23.0
 2023-09-13 06:56:03 -05:00
Ryan Lahfa
eb23738e85
Merge pull request #252283 from flokli/fcc-unlock-extra 2023-09-13 10:18:06 +02:00
Michael Hanley
a60936606c trust-dns: 0.22.1 -> 0.23.0 2023-09-12 18:06:33 -04:00
Fabián Heredia Montiel
cc1fdc5376
Merge pull request #254181 from StillerHarpo/adguardhome 
nixos/adguardhome: Fix openFirewall
 2023-09-12 16:23:16 -05:00
Florian Klink
5d3ca06db3 nixos/modemmanager: remove enableBundledFccUnlockScripts option 
This removes the networking.networkmanager.enableBundledFccUnlockScripts
option, and updates the release notes.
 2023-09-12 22:57:31 +02:00
Florian Klink
8606f6c8e1 nixos/modemmanager: support additional FCC unlock scripts 
This commit introduces a `networking.networkmanager.fccUnlockScripts`
option, which allows specifying additional, usually vendor-provided
unlock scripts.

networking.networkmanager.enableBundledFccUnlockScripts is refactored to
make use of the same mechanism internally.
 2023-09-12 16:55:15 +02:00
Florian Klink
0bfc763df2 nixos/modemmanager: enableFccUnlock -> enableBundledFccUnlockScripts 
PR #155414 introduced an option to support enabling the FCC unlock
scripts that ModemManager provides, but since 1.18.4 doesn't execute
anymore.

However, this option is specifically only about the unlock scripts
provided with ModemManager so far. Rename the option to make this more
obvious.
 2023-09-12 16:55:15 +02:00
Florian Klink
5626174a09 nixos/networkmanager: nixpkgs-fmt 2023-09-12 16:55:15 +02:00
lelgenio
4f802070e5 nixos/websockify: use python3 websockify 2023-09-12 10:50:57 -03:00
oluceps
1ff1751906
nixos/dae: use port type instead int 2023-09-12 11:38:33 +08:00
oluceps
bc07451d4f
nixos/dae: fix override existed config issue 2023-09-12 00:29:56 +08:00
Maximilian Bosch
863598fdfc
Merge pull request #253427 from Yarny0/sshd-requiredrsasize 
nixos/sshd: don't validate mock host key, permit `RequiredRSASize`
 2023-09-11 17:40:23 +02:00
Yorick
df123af8b8
Merge pull request #248502 from kurnevsky/wstunnel 
wstunnel: correct listen option
 2023-09-09 18:45:45 +02:00
Florian Engel
20acd199f4
nixos/adguardhome: Fix openFirewall 
When not setting `settings` and setting `openFirewall = true`
evaluation would fail because it tries to access `settings.bind_port`
while `settings == null`
 2023-09-09 08:19:22 +02:00
Weijia Wang
cfb61436d7
Merge pull request #252978 from oluceps/dae-upup 
dae,nixos/dae: 0.2.4 -> 0.3.0
 2023-09-05 23:57:14 +02:00
Yarny0
bbefd70784 nixos/sshd: avoid mock host key, permit RequiredRSASize 
With this commit, the validation of `sshd_config`
is performed with `sshd -G` instead of `sshd -t`.
The former does not require a valid host key.
Checking the host key was never useful for us:
We just generated a dummy host key to
make the validation mechanism happy.
With this change the dummy key is no longer needed.

This change not only saves some CPU cycles
(avoid the generation of an RSA key),
but it also permits to set `RequiredRSASize` to a value
larger than the current rsa key default size (3072).
 2023-09-05 11:34:09 +02:00
Maciej Krüger
ca6ed1cc8d
Merge pull request #241680 from 4z3/networking.nftables.checkRulesetRedirects 2023-09-04 22:07:50 +02:00
rnhmjoj
355a9fa040
nixos/jool: allow to manage multiple instances 2023-09-04 18:38:25 +02:00
oluceps
ec0755d5f7
nixos/dae: add example link 
Co-authored-by: Mathias Zhang <me@zzzsy.top>
 2023-09-03 11:54:36 +08:00
zzzsyyy
8f070876da
nixos/dae: add confgFile option 
Co-authored-by: oluceps <nixos@oluceps.uk>
 2023-09-03 02:48:27 +08:00
oluceps
173ff5d2dd
nixos/dae: add more config options 2023-09-03 02:48:24 +08:00
Atemu
c54f4fdf8c
Merge pull request #248669 from Atemu/dnscrypt-proxy-update-alias 
dnscrypt-proxy: rename from dnscrypt-proxy2
 2023-09-01 14:37:13 +02:00
name_snrl
9345e48bb4 privoxy: fix types.string -> types.str 2023-08-30 23:08:13 +05:00
Emery Hemingway
55c8f51af5 nixos/nncp: add caller and daemon services 2023-08-29 21:31:19 +01:00
Nuno Alves
601e20354e
nixos/pixiecore: fix port 4011 from tcp to udp 2023-08-29 11:43:19 +01:00
Maciej Krüger
369e18f1c7
networking/nftables: ensure deletions 2023-08-28 00:44:16 +02:00
Maciej Krüger
6658b3fcf1
networking/nftables: make ruleset+rulesetFile non-exclusive 2023-08-28 00:40:22 +02:00
Maciej Krüger
a1dd69d761
networking/nftables: enable flushRuleset by default if rulset{,File} used 2023-08-28 00:40:21 +02:00
Maciej Krüger
55213b54f0
nixos/nftables: save deletions to file and run them afterwards 
Co-authored-by: duament
 2023-08-28 00:40:20 +02:00
Maciej Krüger
5f300ad70c
networking/nftables: only delete our tables if flushRuleset is set to false 2023-08-28 00:40:19 +02:00
Maciej Krüger
d5a0826686
networking/nftables: remove no longer relevant conflict warnings 2023-08-28 00:40:18 +02:00
Maciej Krüger
cd3af25932
networking/nftables: enable flushing ruleset for older versions 
Co-authored-by: Naïm Favier <n@monade.li>
 2023-08-28 00:35:39 +02:00
Maciej Krüger
311d2fa994
*: migrate to using nftables.tables instead of ruleset directly 2023-08-28 00:30:29 +02:00
Maciej Krüger
048ef0d455
networking/nftables: add .tables property and disable ruleset flushing by default 
This allows for other unmanaged tables to co-exist peacefully on the os,
by having the nixos-managed tables be re-created atomically and the other
tables will simply be left untouched.
 2023-08-28 00:30:28 +02:00
Ilan Joselevich
49f76fea56
Merge pull request #251032 from Kranzes/twingate-resolved 
nixos/twingate: avoid conflicts with resolved
 2023-08-24 01:39:27 +03:00
Ilan Joselevich
e739ef8066
nixos/twingate: avoid conflicts with resolved 2023-08-23 23:01:47 +03:00
Muhammad Falak R Wani
3f141be99c
tailscale: add mfrw as maintainer 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-08-23 08:32:33 +05:30
Martin Weinelt
7c75694db9
Merge pull request #240982 from rnhmjoj/pr-jool 
nixos/jool: add service for setting up SIIT/NAT64
 2023-08-19 23:32:05 +02:00
K900
200eeb9ebe
Merge pull request #249101 from motiejus/headscale-oidc 
headscale.oidc: client_secret_path is a string
 2023-08-16 17:23:56 +03:00
Pol Dellaiera
11f3cbc0c3
Merge pull request #246181 from jvanbruegge/haproxy-package 
nixos/haproxy: allow to specify haproxy package
 2023-08-15 19:46:13 +02:00
Jan van Brügge
90da2c1223
nixos/haproxy: allow to specify haproxy package 2023-08-15 12:24:55 +01:00
Motiejus Jakštys
28cf78b857 headscale.oidc: client_secret_path is a string 
It can be include an environment-variable, like
`${CREDENTIALS_DIRECTORY}/some-path`, failing validation for
`types.path`.
 2023-08-14 13:03:06 +03:00
Atemu
7706f570a7 dnscrypt-proxy: rename from dnscrypt-proxy2 
An alias is added for dnscrypt-proxy2
 2023-08-13 16:03:31 +02:00
Nick Cao
722e1e2313
Merge pull request #247899 from DavHau/zerotier-docs 
nixos/zerotierone: document networks never left automatically
 2023-08-13 00:00:35 -06:00
oddlama
bbac87a2dd
nixos/hostapd: add missing stringification of path in INI format 2023-08-11 22:44:08 +02:00
Evgeny Kurnevsky
5110d348b2
wstunnel: correct listen option 2023-08-11 11:58:40 +03:00
CnTeng
24f2116a7a nixos/dae: use network-online 2023-08-10 20:23:46 +08:00
Franz Pletz
c13c1412bf
nixos/chrony: add enableMemoryLocking option 
Fixes #222629.
 2023-08-10 03:03:53 +02:00
DavHau
74c574a8db nixos/zerotierone: document networks never left automatically 
Removing a network from the joinNetworks list does not make the machine leave the network which is confusing.

This behavior is now clarified via the options description
 2023-08-08 11:31:33 +02:00
Michele Guerini Rocco
ccc33bd3d7
Merge pull request #245852 from rnhmjoj/pr-fix-dnscrypt 
dnscrypt-wrapper fixes
 2023-08-08 10:34:27 +02:00
pokon548
dcf5ae3d0b nixos/dae: init 2023-08-07 14:32:32 +08:00
Emery Hemingway
b6c5112152 nixos/ntopng: seperate interface config with newlines 2023-08-05 10:02:48 +01:00
ajs124
bf4d2e6c1e
Merge pull request #242538 from tnias/fix/apparmor 
apparmor: add some policies and improve abstractions and utils
 2023-08-04 13:05:52 +02:00
Martin Weinelt
667c4f2dc6
Merge pull request #224635 from helsinki-systems/drop/dhcpd 
dhcpd: remove
 2023-08-03 15:12:06 +02:00
Yureka
31d4a4af19 nixos/bird: fix checkConfig with cross-compilation 2023-07-31 13:48:55 +02:00
Pol Dellaiera
80d8a945dd
Merge pull request #245570 from jwygoda/tailscaled-autoconnect-options 
nixos/tailscale: add extraUpFlags option
 2023-07-29 06:12:26 +02:00
Jarosław Wygoda
2dbda3314f nixos/tailscale: add extraUpFlags option 2023-07-28 22:44:37 +02:00
Ryan Lahfa
2a0aaa7e8f
Merge pull request #245413 from oddlama/fix-hostapd-mac-allow 2023-07-28 19:19:02 +02:00
ajs124
413d9d3864 nixos/dhcp(46): remove 
package reached its EOL on 2022-10-04
see https://www.isc.org/blogs/isc-dhcp-eol/ for details
 2023-07-28 16:35:40 +02:00
pennae
e2a43fbfb3
Merge pull request #244356 from datafoo/mosquitto-systemd-credentials 
nixos/mosquitto: leverage systemd credentials
 2023-07-26 18:23:06 +02:00
Florian Klink
7539b8f2d7
Merge pull request #244841 from flokli/networkmanager-fix-ppp-plugin 
nixos/networkmanager: create pppd lock directory
 2023-07-26 17:44:35 +02:00
oddlama
0ac2ba763f
nixos/hostapd: fix regression after refactoring to RFC42. 
Switching from submodule notation from ({name, ...}: {}) to (submob: {}) seems to require a different accessing scheme.
 2023-07-25 18:40:51 +02:00
Sandro Jäckel
83793ca898
nixos/fonts: rename fonts.enableDefaultFonts to fonts.enableDefaultPackages 
to better fit the renamed fonts.packages
 2023-07-25 00:55:25 +02:00
datafoo
533ff8546b nixos/mosquitto: leverage systemd credentials 
Use systemd credentials for all variations of user passwords.
Password files do not need special permissions anymore.
 2023-07-24 11:37:30 +02:00
Lassulus
ceaab39b40
Merge pull request #230196 from doronbehar/nixos/syncthing 
nixos/syncthing: Use API to merge / override configurations
 2023-07-24 08:38:50 +02:00
Pol Dellaiera
a30cc10e7f
Merge pull request #242703 from jwygoda/tailscaled-autoconnect 
nixos/tailscale: add authKeyFile option
 2023-07-24 04:48:42 +02:00
Doron Behar
047fa8dbdf nixos/syncthing: Use API to merge / override configurations 
If one sets either of `override{Device,folder}s` to false, the jq `*`
operator doesn't merge well the devices and folders, creating duplicate
IDs for folders as observed in #230146. This PR makes the script iterate
via Nix / Bash loop the devices and folders IDs and merges the keys
using upstream's `curl -X POST` support for single objects.

Hence this commit fixes #230146.
 2023-07-23 18:22:33 +03:00
Florian Klink
02a5e9c933 nixos/networkmanager: create pppd lock directory 
I digged up some 3G stick, which uses ppp to set up the connection.

It failed to spin up ppp, because ppp failed to find the directory it wants to create its lockfiles in:

```
Jul 22 16:47:49 tp ModemManager[926779]: <info>  [modem1] state changed (connected -> disconnecting)
Jul 22 16:47:49 tp ModemManager[926779]: <info>  [modem1] simple connect started...
Jul 22 16:47:49 tp ModemManager[926779]: <info>  [modem1] simple connect state (4/10): wait to get fully enabled
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] state changed (disconnecting -> registered)
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (5/10): wait after enabled
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1/bearer0] connection #11 finished: duration 1s
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (6/10): register
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (7/10): wait to get packet service state attached
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (8/10): bearer
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (9/10): connect
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] state changed (registered -> connecting)
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] state changed (connecting -> connected)
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (10/10): all done
Jul 22 16:47:50 tp pppd[1576260]: Plugin /nix/store/yqdqzz6y6agcmrfj8b6pwqhjcjyb3ypr-networkmanager-1.42.6/lib/pppd/2.5.0/nm-pppd-plugin.so loaded.
Jul 22 16:47:50 tp NetworkManager[1576260]: Plugin /nix/store/yqdqzz6y6agcmrfj8b6pwqhjcjyb3ypr-networkmanager-1.42.6/lib/pppd/2.5.0/nm-pppd-plugin.so loaded.
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: initializing
Jul 22 16:47:50 tp pppd[1576260]: pppd 2.5.0 started by root, uid 0
Jul 22 16:47:50 tp pppd[1576260]: Can't create lock file /var/run/pppd/lock/LCK..ttyUSB0: No such file or directory
Jul 22 16:47:50 tp NetworkManager[1576260]: Can't create lock file /var/run/pppd/lock/LCK..ttyUSB0: No such file or directory
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: status 2 / phase 'serial connection'
Jul 22 16:47:50 tp pppd[1576260]: Exit.
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: status 0 / phase 'dead'
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: cleaning up
```

Creating the directories via tmpfiles.d got the connection to succeed,
and might also fix other connections using PPP.
 2023-07-22 17:00:17 +03:00
Felix Bühler
0a2745684e
Merge pull request #239624 from Stunkymonkey/use-optionalString-then 
treewide: use optionalString instead of 'then ""'
 2023-07-22 13:02:47 +02:00
Nick Cao
0b411c1e04
Merge pull request #244750 from therishidesai/rdesai/fix-hostapd-hardening 
nixos/hostapd: add AF_PACKET to RestrictAddressFamilies
 2023-07-21 21:16:22 -06:00
Rishi Desai
efba841aeb nixos/hostapd: add AF_PACKET to RestrictAddressFamilies 2023-07-21 21:11:14 -05:00
rnhmjoj
c7c288fbd5
nixos/dnscrypt-wrapper: avoid using polkit 2023-07-22 02:12:31 +02:00
Lassulus
f8ad4849c3
Merge pull request #233386 from Lassulus/syncthing-fix 2023-07-22 01:02:04 +02:00
Ilan Joselevich
b0db3b7c11
nixos/twingate: fix cp (-n -> --update=none) 2023-07-21 19:57:57 +03:00
rnhmjoj
1f28c8defc
nixos/jool: validate the configuration 
This checks the validity of both NAT64 and SIIT configurations
at build time. An error produces something like this:

    Validating Jool configuration... Error: Cannot parse '283.0.113.1' as an IPv4 address.
 2023-07-21 09:08:40 +02:00
rnhmjoj
4657ff6ca7
nixos/jool: add service for setting up SIIT/NAT64 2023-07-21 09:07:54 +02:00
Jarosław Wygoda
7fc0e3334e nixos/tailscale: add authKeyFile option 
Auth key registers new nodes without needing to sign in via a browser

Tailscale sends status changes with systemd-notify.
https://github.com/tailscale/tailscale/blob/v1.44.0/ipn/ipnlocal/local.go#L3670
 2023-07-17 18:52:07 +02:00
Colin
e7059632c6 nixos/trust-dns: init 
Co-authored-by: Yt <happysalada@tuta.io>
 2023-07-16 15:24:10 +08:00
Nick Cao
d9dd68efda
Merge pull request #243004 from baloo/baloo/keepalived/vrrp-router-id 
keepalived: fixup `virtualRouterId` documentation
 2023-07-15 05:36:10 -06:00
Arthur Gautier
ee38adc8e2 keepalived: use ints.between 
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
 2023-07-14 20:52:48 +00:00
Lassulus
a4ffd00fb9
Merge pull request #243251 from schnusch/cgit-regex 
nixos/cgit: fix \v and \f in regexEscape
 2023-07-14 22:03:44 +02:00
schnusch
8980fdd9b5 nixos/cgit: fix \v and \f in regexEscape 2023-07-14 21:14:01 +02:00
Philipp Bartsch
30ad9053ab nixos/murmur: add apparmor policy 2023-07-13 11:11:01 +02:00
Arthur Gautier
c8920fc6d9 keepalived: fixup virtualRouterId documentation 
Router id 0 is an invalid option with keepalived
 2023-07-12 06:12:03 +00:00
chayleaf
4d4c73ff78 treewide: update path to getent 2023-07-12 02:32:23 +07:00
Ryan Lahfa
7be83143e8
Merge pull request #222536 from oddlama/master 2023-07-08 14:36:18 +02:00
Ryan Lahfa
0d2f526dbb
Merge pull request #241462 from SuperSandro2000/remove-ddclient 2023-07-08 14:33:00 +02:00
Ilan Joselevich
160edcf2c5
nixos/twingate: add package option and test 2023-07-07 20:03:54 +03:00
tv
0ab3a1fd78 nixos/nftables: add redirect for /etc/hosts 2023-07-05 13:56:27 +02:00
tv
75e405c156 nixos/nftables: use environment.etc for redirects 2023-07-05 13:56:16 +02:00
tv
9e51ec86e7 nixos/nftables: add checkRulesetRedirects option 2023-07-05 13:55:34 +02:00
Sandro Jäckel
d35df28f65
ddclient: remove package and module on upstream maintainer request 2023-07-04 16:46:53 +02:00
Felix Bühler
e770737241
Update nixos/modules/services/networking/libreswan.nix 
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2023-07-02 19:03:19 +02:00
oddlama
1fa9f03eec
nixos/hostapd: rewrite to support multi-AP, password from file, and more 
At this point this is basically a full rewrite of this module, which
is a breaking change and was necessary to properly expose the useful
parts of hostapd's config. The notable changes are:

- `hostapd` is now started with additional systemd sandbox/hardening options
- A single-daemon can now manage multiple distinct radios and BSSs, which is
  why all configuration had to be moved into `hostapd.radios`
- By default WPA3-SAE will be used, but WPA2 and WPA3-SAE-TRANSITION are
  supported, too
- Added passwordFile-like options for wpa and sae
- Add new relevant options for MAC ACL, WiFi5, WiFi6 and WiFi7 configuration
- Implements RFC42 as far as reasonable for hostapd
- Removes `with lib;`
 2023-07-02 13:32:41 +02:00
TQ Hirsch
dd481f2ee3
pdns: Changed paths in /etc to use pdns instead of powerdns 2023-07-01 18:55:51 +08:00
TQ Hirsch
d25e5e2107
nixos/powerdns, nixos/pdns-recurser: Symlink configuration into /etc 
This places a symlink to the running configuration where the admin
tools expect it, allowing users to control the powerdns server or
recursor without manually specifying a config file.
 2023-07-01 18:55:50 +08:00
Michele Guerini Rocco
aedc167ecf
Merge pull request #240325 from 999eagle/update/searxng 
nixos/searx: add configuration for redis and limiter settings
 2023-06-30 22:22:43 +02:00
Sandro Jäckel
000004d123
nixos/thelounge: fix example rendering 2023-06-30 18:14:24 +02:00
Sandro Jäckel
9999996fd6
nixos/sshd: fix example rendering 2023-06-30 18:14:16 +02:00
Sophie Tauchert
0aa5adef62
nixos/searx: add configuration for redis and limiter settings 2023-06-30 07:38:59 +02:00
lassulus
345745b6da nixos/syncthing: fix syncthing-init running by default 
also remove empty values from the config
 2023-06-29 17:57:11 +03:00
lassulus
c42a7b668c Revert "Merge pull request #233377 from ncfavier/revert-226088" 
This reverts commit 7b28ea6783, reversing
changes made to 3009b12817.
 2023-06-29 17:56:30 +03:00
Nick Cao
e52b401a95
nixos/sing-box: set umask 0077 when generating configuration file 2023-06-27 16:08:55 +08:00
Nick Cao
d2483a8cc7
nixos/sing-box: init 2023-06-27 13:58:02 +08:00
Marco Rebhan
af614b53d1 nixos/avahi: Add package option 
Allows replacing the avahi package (e.g. for debugging) without having
to use an overlay, avoiding unnecessary package rebuilds.
 2023-06-25 11:01:58 -03:00
Felix Buehler
6672dde558 treewide: use optionalAttrs instead of 'else {}' 2023-06-25 11:01:34 -03:00
Felix Buehler
933a41a73f treewide: use optional instead of 'then []' 2023-06-25 09:11:40 -03:00
Felix Buehler
f3719756b5 treewide: use optionalString instead of 'then ""' 2023-06-24 20:19:19 +02:00
Nick Cao
cca08f710c
Merge pull request #237507 from Alexis211/document-wgautomesh-gossip-secret 
wgautomesh: clearer documentation for `gossip_secret_file`
 2023-06-24 22:48:34 +08:00
Naïm Favier
9a9ded1675
nixos/syncthing: fix escaping 2023-06-23 20:19:51 +02:00
Sandro
0b77630d18
Merge pull request #209068 from CRTified/adguard-dhcp 2023-06-20 13:37:34 +02:00
rnhmjoj
7d263715bd nixos/fakeroute: run as unprivileged user 2023-06-20 01:12:04 +00:00
deinferno
26ff15b981
nixos/tailscale: fix ipv6 nat (v6nat) support 2023-06-16 12:18:55 +00:00
Carl Richard Theodor Schneider
59207cc930 nixos/adguardhome: Add allowDHCP option 
This option conditionally adds the `CAP_NET_RAW` capability to the service,
which is mandatory for enabling the integrated DHCP server.
It also adds another test case to validate that the DHCP server successfully
provides IP addresses to clients.

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2023-06-15 12:27:35 +02:00
Pol Dellaiera
f45bee3f4d
Merge pull request #237003 from pacien/ddclient-remove-ipv6-opt 
nixos/ddclient: remove obsolete ipv6 option
 2023-06-14 19:57:34 +02:00
Alex Auvolat
bbd4ce7d5e wgautomesh: clearer documentation for gossip_secret_file 2023-06-13 10:01:12 +02:00
Marillindië
e394dc22f9 xray: allow binding lower ports 
Set CapabilityBoundingSet, AmbientCapabilities and NoNewPrivileges as described in XTLS/xray-install.
 2023-06-11 09:03:50 +01:00
pacien
76cabe1644 nixos/ddclient: remove obsolete ipv6 option 
Since ddclient@24ba945 (v3.10.0), the type and meaning of the "ipv6"
option has changed. This resulted in the following warning when
starting the service:

    WARNING:  file /run/ddclient/ddclient.conf, line 13:
    Invalid Value for keyword 'ipv6' = 'no'

This therefore removes the matching boolean option.
More advanced configurations can use the "extraConfig" option instead.
 2023-06-10 11:25:54 +02:00
Sergey Ivanov
bbc56fd1c7
gnunet: fix systemd service config (#151269) 
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2023-06-09 16:33:51 +00:00
Weijia Wang
0dfe118d22
Merge pull request #236259 from wegank/mongodb-drop 
mongodb-4_2: drop
 2023-06-08 14:40:30 +03:00
Pol Dellaiera
fdcc0ecf37
Merge pull request #236303 from alyssais/StrictModes 
nixos/sshd: add StrictModes option
 2023-06-07 15:53:20 +02:00
pennae
912caf09f7 unifi: drop pennae from maintainers 
not using this any more, and really don't have the energy to deal with
neither the fallout of ubnt not officially supporting mongodb newer than
3.6, nor the hacks nixpkgs contains to work around that.
 2023-06-06 23:29:46 +02:00
Alyssa Ross
eeabae56e7
nixos/sshd: add StrictModes option 2023-06-06 16:06:09 +00:00
Ryan Lahfa
a06d736f1f
Merge pull request #227203 from badele/fix-smokeping-symbolic-links 
nixos/smokeping: fix smokeping symbolic links
 2023-06-06 16:02:58 +02:00
Weijia Wang
3f467ff45f mongodb-4_2: drop 2023-06-06 14:26:11 +03:00
Bruno Adelé
0498957eac
nixos/smokeping: Fix smokeping preStart systemd 2023-06-03 08:06:18 +02:00
Gabriel Fontes
147668b8cf nixos/sitespeed-io: init 2023-06-03 03:12:51 +00:00
K900
e534047e2d
Merge pull request #234620 from linj-fork/fix/murmur-after 
nixos/murmur: make it be after network.target again
 2023-06-02 18:13:12 +03:00
Kira Bruneau
7e820610e3
Merge pull request #234207 from emilylange/acme-dns 
acme-dns: init at 1.0; nixos/acme-dns: init; nixos/acme-dns: init
 2023-05-31 11:40:35 -04:00
emilylange
d0af39521b
nixos/acme-dns: init 2023-05-31 15:08:37 +02:00
r-vdp
2b63df0a03 modules/sshd: print the offending keys when we detect duplicate sshd keys. 2023-05-31 12:07:06 +02:00
Lin Jian
0ae9df6c5e
nixos/murmur: make it be after network.target again 
network.target was changed to network-online.target in this PR[1] to
workaround an issue[2].

The murmur version in Nixpkgs has fixed that issue[2].

[1]: https://github.com/NixOS/nixpkgs/pull/42860
[2]: https://github.com/mumble-voip/mumble/issues/1629
 2023-05-28 21:03:40 +08:00
Victor Freire
77520d39ce nixos/legit: init 2023-05-27 16:20:05 +00:00
Sandro
ef2a17c946
Merge pull request #232339 from bl1nk/bl1nk/thelounge-package-option 
nixos/thelounge: add package option
 2023-05-25 22:04:22 +02:00
nyanotech
3aad03a464 nixos/sshd: detect duplicate config keys 2023-05-25 00:01:03 +02:00
Naïm Favier
d5e090d2d8
Revert "nixos/syncthing: use rfc42 style settings" 
This reverts commit 32866f8d58.
This reverts commit 40a2df0fb0.
This reverts commit 4762932601.
 2023-05-22 10:29:52 +02:00
Sandro
a74a4a2f32
Merge pull request #232534 from teutat3s/zhf/fix-prometheus-exporter-jitsi 
jitsi-videobridge: refactor broken `apis` option to `colibriRestApi`
 2023-05-21 18:43:59 +02:00
teutat3s
cb81bd9340
jitsi-videobridge: refactor broken apis option to 
colibriRestApi

Refactor option to use jvb.conf and convert to boolean. Using the CLI
argument broke a while ago and is deprecated by upstream since 2021:
https://github.com/jitsi/jitsi-videobridge/pull/1738/files#diff-d9f589d2aae1673693461d7c3b9214324201ca1f43db63a3c773d4acfc52bc81

This fixes the currently broken test:
nixosTests.prometheus-exporters.jitsi
 2023-05-21 15:31:14 +02:00
figsoda
701bcdbead nixos: fix typos 2023-05-19 22:31:04 -04:00
lassulus
4762932601 nixos/syncthing: fix disabled folders 2023-05-18 11:06:57 +02:00
Markus Cisler
a0b7802372 nixos/thelounge: add package option 
Adds a package option to the thelounge NixOS module.
 2023-05-17 08:34:18 -07:00
Naïm Favier
40a2df0fb0
nixos/syncthing: fixup #226088 2023-05-17 16:53:01 +02:00
Lassulus
52bbee772a
Merge pull request #232019 from 4z3/master-wireguard 2023-05-16 22:29:17 +02:00
Doron Behar
9b0a03fc88
Merge pull request #226088 from Xyz00777/master 
nixos/syncthing: applied rfc42 and added some additional options
 2023-05-16 13:29:36 +03:00
tv
50b845c5a6 nixos/wireguard: allow customizing peer unit name 2023-05-16 10:28:24 +02:00
Xyz00777
32866f8d58 nixos/syncthing: use rfc42 style settings 2023-05-15 14:38:56 +02:00
Ryan Lahfa
e3bd7faa18
Merge pull request #226830 from Janik-Haag/birdwatcher 
birdwatcher: init at 2.2.4, alice-lg: init at 6.0.0, nixos/birdwatcher: init, nixos/alice-lg: init
 2023-05-15 08:42:10 +02:00
Janik H
40136a1f7f nixos/birdwatcher: init 2023-05-15 02:52:06 +02:00
Janik H
8ed86700a2 nixos/alice-lg: init 2023-05-15 02:52:06 +02:00
Katze
dfb8a2a7c4
nixos/syncplay: add saltFile and extraArgs option (#220096) 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2023-05-12 18:01:33 +02:00
Martin Weinelt
537d611a75 nixos/sshd: Remove algorithms that do MAC-then-encrypt 
Algorithms with the -etm suffix calculate the MAC after encryption,
which is generally considered safer.
 2023-05-11 12:54:32 +02:00
Thomas
1ed6468c27
nixos.tinyproxy: init 2023-05-11 09:52:38 +02:00
Ilan Joselevich
7ecf20b490
nixos/harmonia: adjust module and test to upstream 2023-05-10 22:28:03 +03:00
Jörg Thalheim
76ffeaf06c nixos/harmonia: init service 2023-05-10 14:52:31 +02:00
Bruno Adelé
7af8ace239
nixos/smokeping: Format smokeping source code 2023-05-05 22:46:30 +02:00
Sandro
5d0d352833
Merge pull request #220761 from elesiuta/picosnitch-init 2023-04-30 01:52:10 +02:00
Thomas Gerbet
b4e503a783 strongswan: 5.9.8 -> 5.9.10 
Fixes CVE-2023-26463: https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html

Release notes:
https://www.strongswan.org/blog/2023/03/02/strongswan-5.9.10-released.html
https://www.strongswan.org/blog/2023/01/03/strongswan-5.9.9-released.html
 2023-04-26 01:08:29 +02:00
Moritz 'e1mo' Fromm
3dc05fbe40 nixos/bird-lg: Add support for traceroute-flags 2023-04-25 12:00:44 +02:00
Moritz 'e1mo' Fromm
a2e2972ff3 nixos/bird-lg: Add maintainers 2023-04-25 10:41:35 +02:00
Moritz 'e1mo' Fromm
b63e0d77b8 nixos/bird-lg: Rework command attribute generation 
Prior to this change, arguments were not escaped nor was the possiblity
for arguments to be empty accounted for. This led to a kinda broken
startup script were arguments were "shifted", e.g. leaving allowedIPs
empty in order to use the default would cause `--bird` (the following
arguments key) to be used as the value. This was also observable when
e.g. the navbarBrand had a space in it where only everything until the
first space would show up.

With the new approach, all arguments are consistently escaped and empty
ones left out.

`extraConfig` now supports and prefers lists of strings instead of
lines (still supported but warned). This is due to the fragility with
respect to e.g. forgetting trailing backslashes after each line.
`frontend.{servers,domain}` are unset by default since the frontend
needs (the upstream project itself has no empty defaults here) needs
them to be set. If not set, an error is caused at build-time.

`proxy.birdSocket` has a new default: The projects README[^1] states
`/var/run/bird/bird.ctl` as the current default value. And bird2 on
NixOS does use this path too.

[^1]: https://github.com/xddxdd/bird-lg-go#proxy
 2023-04-25 10:41:35 +02:00
Sandro
90e2a0670d
Merge pull request #225829 from IndeedNotJames/nixos.consul 2023-04-23 23:50:14 +02:00
Will Fancher
5c46e6f4e3 systemd-stage-1: Add assertions for unsupported options. 2023-04-21 13:05:12 -04:00
Nick Cao
515da5b664
Merge pull request #227243 from misuzu/netbird-update 
netbird: 0.14.6 -> 0.16.0
 2023-04-21 13:55:29 +08:00
IndeedNotJames
6ad64af778
nixos/consul: use lib.getExe where possible 
which allows the use of custom packages, that may not have binaries called `consul` or `consul-alerts` in their `/bin/*` (though arguably pretty unlikely to be ever used)
 2023-04-21 03:46:54 +02:00
IndeedNotJames
9c1f292155
nixos/consul: fix package reference in service $PATH 2023-04-21 03:46:54 +02:00
Artturi
b83db86a9e
Merge pull request #222080 from Stunkymonkey/nixos-optionalString 2023-04-20 16:07:30 +03:00
misuzu
d5bb5259e4 nixos/netbird: allow configuring dns 2023-04-20 14:22:19 +03:00
Ryan Lahfa
2fa5e844de
Merge pull request #223749 from Alexis211/add-wgautomesh 
wgautomesh: init at 0.1.0
 2023-04-19 08:26:09 +02:00
Sandro
ce4159b4cd
Merge pull request #226514 from AtaraxiaSjel/update/ivpn 2023-04-19 00:57:19 +02:00
Dmitriy Kholkin
706060e47d
nixos/ivpn: init 2023-04-18 22:11:10 +03:00
Artturin
eac28f38d6 treewide: fix lints 
Arg to lib.optional is a list

build time tool in buildInputs

*Flags not a list

https://github.com/nix-community/nixpkgs-lint
 2023-04-18 20:20:56 +03:00
Alex Auvolat
a727a3d676 nixos/wgautomesh: init at 0.1.0 2023-04-17 12:37:18 +02:00
Sandro
d85555f9ac
Merge pull request #224996 from SuperSandro2000/smokeping-ln-f 2023-04-16 23:05:25 +02:00
Janne Heß
ee0bfeddf7
Merge pull request #226010 from helsinki-systems/drop/deprecated-ssh-files 
nixos/openssh: Drop deprecated locations
 2023-04-15 11:41:16 +02:00
Eric Lesiuta
acfed64224 nixos/picosnitch: init 2023-04-14 22:09:48 -04:00
Aidan Gauland
0135b7a556 nixos/peroxide: correct option doc 
Correct the description for the option services.peroxide.enable.
 2023-04-14 14:47:55 +02:00
Janne Heß
98c3d190b2
nixos/openssh: Drop deprecated locations 
The changelog entry should give a good indication why I don't think this
is necessary anymore.
 2023-04-13 20:31:18 +02:00
Martin Weinelt
130be87c8d
Merge pull request #224549 from mweinelt/go-neb-unit-permissions 
nixos/go-neb: Replace PermissionsStartOnly with executable prefix
 2023-04-12 22:59:41 +02:00
Sandro Jäckel
fdbd0834b2
nixos/smokeping: use ln with -f 2023-04-12 22:47:21 +02:00
Martin Weinelt
7a5a2fa8a4
Merge pull request #225785 from helsinki-systems/warn-dhcpd-eol 
nixos/dhcpd: warn of pending removal
 2023-04-12 00:08:42 +02:00
ajs124
e3702c0788 nixos/dhcpd: warn of pending removal 2023-04-11 23:47:40 +02:00
Sandro
fd04c0caf0
Merge pull request #221380 from Majiir/ddclient-fix-permissions 2023-04-11 01:31:53 +02:00
Felix Buehler
327b0cff7a treewide: use more lib.optionalString 2023-04-07 13:38:33 +02:00
mrobbetts
3c1c5600e8
bind: replace hard-coded allow-query zone setting with a real zone parameter. (#224776) 2023-04-07 06:55:09 +02:00
alyaeanyx
bd573376ad nixos/wstunnel: init 2023-04-06 09:51:30 +02:00
Florian Klink
aa158ed243
Merge pull request #219496 from f2k1de/smokeping-css-js-fix 
smokeping: fix css and js symlink
 2023-04-05 21:56:33 +02:00
Florian Klink
ea7dd83b0d
Merge pull request #224833 from flokli/smokeping-config 
nixos/smokeping: use /etc/smokeping.conf
 2023-04-05 21:54:57 +02:00