Commit Graph

1914 Commits

Author SHA1 Message Date
Darius Jahandarie
5fa345922f nixos/supplicant: Don't *stop* supplicant on machine resume. Fixes #51582 2020-03-20 11:08:34 -04:00
Jesper Geertsen Jonsson
02c2c864d1 resilio: fix a list being assigned to the option config.users.groups 2020-03-19 11:25:56 -05:00
Florian Klink
4e53f84c79 nixos/zerotierone: switch from manually generating the .link file to use the module
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.

With our module fixed, there's no need to manually manage the text file
anymore.

This was originally applied in 3d1079a20d,
but was reverted due to 1115959a8d causing
evaluation errors on hydra.
2020-03-19 14:16:26 +01:00
Martin Baillie
6e055c9f4a tailscale: init at 0.96-33
Signed-off-by: Martin Baillie <martin@baillie.email>
2020-03-18 05:07:47 +00:00
Niklas Hambüchen
9d45737ae7
Merge pull request #82767 from thefloweringash/rpfilter-assertion-types
nixos/firewall: fix types in reverse path assertion
2020-03-18 04:11:01 +01:00
Andrew Childs
e110f5ecc1 nixos/firewall: fix types in reverse path assertion
Broken by 0f973e273c284a97a8dffeab7d9c0b09a88b7139 in #73533

The type of the checkReversePath option allows "strict" and "loose" as
well as boolean values.
2020-03-18 10:54:55 +09:00
goibhniu
5241e5a193
Merge pull request #79851 from mmilata/supybot-enhancements
nixos/supybot: switch to python3, enable systemd sandboxing, add option for installing plugins
2020-03-17 19:07:41 +00:00
Léo Gaspard
a0307bad46
Merge pull request #79120 from symphorien/iodine
Iodine: ipv6 support, updates, hardening, nixos test....
2020-03-16 23:42:12 +01:00
Pierre Bourdon
b8ef2285b5 nixos/stubby: set Type=notify on the systemd service
Fixes some dependency ordering problems at boot time with services that
require DNS. Without Type=notify these services might be started before
stubby was ready to accept DNS requests.
2020-03-16 10:10:45 +05:30
Silvan Mosberger
779b7ff3d8
Merge pull request #80931 from LEXUGE/master
smartdns: init at 30
2020-03-15 15:36:05 +01:00
adisbladis
c00777042f
Merge pull request #82620 from aanderse/ssh-silent
nixos/ssh: silence ssh-keygen during configuration validation
2020-03-15 01:21:38 +00:00
Harry Ying
629d3bab18
nixos/smartdns: init first generation config 2020-03-15 08:53:20 +08:00
Aaron Andersen
f383fa344e nixos/sshd: only include AuthorizedKeysCommand and AuthorizedKeysCommandUser options if explicitly set 2020-03-14 19:50:11 -04:00
Aaron Andersen
f5951f520c nixos/ssh: silence ssh-keygen during configuration validation 2020-03-14 19:37:30 -04:00
Florian Klink
74f451b851
Merge pull request #82413 from aanderse/authorized-keys-command
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-14 23:58:47 +01:00
Andrew Childs
2c121f4215 nixos/firewall: fix inverted assertion for reverse path filtering
Previously the assertion passed if the kernel had support OR the
filter was *enabled*. In the case of a kernel without support, the
`checkReversePath` option defaulted to false, and then failed the
assertion.
2020-03-14 04:32:07 +00:00
Vladimír Čunát
0729b8c55e
Revert Merge #82310: nixos/systemd: apply .link
...even when networkd is disabled

This reverts commit ce78f3ac70, reversing
changes made to dc34da0755.

I'm sorry; Hydra has been unable to evaluate, always returning
> error: unexpected EOF reading a line
and I've been unable to reproduce the problem locally.  Bisecting
pointed to this merge, but I still can't see what exactly was wrong.
2020-03-13 22:05:33 +01:00
Aaron Andersen
dbe59eca84 nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options 2020-03-12 21:00:12 -04:00
Florian Klink
ce78f3ac70
Merge pull request #82310 from flokli/systemd-network-link-no-networkd
nixos/systemd: apply .link even when networkd is disabled
2020-03-12 15:47:59 -07:00
Markus Kowalewski
2c7f8d56dc
nixos/rxe: use iproute instead of rdma-core
The rdma-core packages dropped rxe_cfg in favour
of iproute's rdma utility (see https://github.com/linux-rdma/rdma-core/pull/678/files)
2020-03-12 22:32:44 +01:00
adisbladis
f3adcbd150
Merge pull request #82411 from adisbladis/ntpd-extraconfig
services.ntpd: Add extraConfig parameter
2020-03-12 16:37:25 +00:00
Silvan Mosberger
8f2109cda4
Merge pull request #81945 from Infinisil/hostFiles
Introduce `networking.hostFiles` option
2020-03-12 15:56:30 +01:00
adisbladis
63c35a9c28
services.ntpd: Add extraConfig parameter 2020-03-12 14:44:59 +00:00
Jörg Thalheim
154f9e1bd9
Merge pull request #82340 from nyanloutre/vsftpd_pam_fix
nixos/vsftpd: fix missing default pam_service_name
2020-03-11 22:29:43 +00:00
Jörg Thalheim
9aa23e31b3
Merge pull request #80904 from talyz/haproxy-fixes
nixos/haproxy: Revive the haproxy user and group
2020-03-11 22:23:13 +00:00
nyanloutre
7ab00c48d8
nixos/vsftpd: fix missing default pam_service_name
9458ec4 removed the ftp pam service which was used by default by vsftpd
2020-03-11 21:15:47 +01:00
talyz
bb7ad853fb nixos/haproxy: Revive the haproxy user and group
Running haproxy with "DynamicUser = true" doesn't really work, since
it prohibits specifying a TLS certificate bundle with limited
permissions. This revives the haproxy user and group, but makes them
dynamically allocated by NixOS, rather than statically allocated. It
also adds options to specify which user and group haproxy runs as.
2020-03-11 19:52:37 +01:00
Florian Klink
3d1079a20d nixos/zerotierone: switch from manually generating the .link file to use the module
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.

With our module fixed, there's no need to manually manage the text file
anymore.
2020-03-11 10:21:37 +01:00
Linus Heckemann
dfc70d37f4
Merge pull request #82252 from mayflower/radius-http2
FreeRADIUS improvements
2020-03-10 16:01:46 +01:00
Linus Heckemann
065716ab95 nixos/freeradius: depend on network.target, not online 2020-03-10 15:54:29 +01:00
Linus Heckemann
0587329191 freeradius: make debug logging optional 2020-03-10 15:54:02 +01:00
Martin Milata
1affd47cc1 nixos/supybot: python3 switch, add plugin options
Python2 seems to be no longer supported by limnoria upstream.
2020-03-09 23:32:54 +01:00
Martin Milata
57f5fb62d4 nixos/supybot: enable systemd sandboxing options 2020-03-09 23:32:54 +01:00
Martin Milata
b150e08169 nixos/supybot: stateDir in /var/lib, use tmpfiles
Moving the stateDir is needed in order to use ProtectSystem=strict
systemd option.
2020-03-09 23:29:04 +01:00
Silvan Mosberger
64ee425a01
nixos/cjdns: Fix connectTo example rendering 2020-03-07 02:01:41 +01:00
Silvan Mosberger
1906320e68
nixos/cjdns: Don't use IFD for extra hosts 2020-03-07 02:01:19 +01:00
Luis Ressel
b19c485b22
nixos/wireguard: Fix typo in error message
generatePrivateKey -> generatePrivateKeyFile
2020-03-06 16:19:23 +01:00
Julien Moutinho
47f27938e7 shorewall: fix RestartTriggers 2020-03-05 00:01:44 +01:00
Thomas Dy
97a61c8903 nixos/nat: fix multiple destination ports with loopback 2020-03-04 18:11:31 +09:00
Andreas Rammhold
ca5048cba4
Merge pull request #79925 from mrkkrp/mk/add-nix-store-gcs-proxy-service
Add nix-store-gcs-proxy service
2020-03-02 16:04:16 +01:00
Mark Karpov
96b472e95d
module/nix-store-gcs-proxy: init 2020-03-02 16:01:14 +01:00
obadz
c31958449f
Merge pull request #77405 from danielfullmer/zerotier-mac-fix
nixos/zerotierone: prevent systemd from changing MAC address
2020-03-01 18:49:00 -07:00
worldofpeace
21c971a732
Merge pull request #81118 from tilpner/gitdaemon-usercreation
nixos/git-daemon: only create git user if it will be used
2020-03-01 13:40:57 +00:00
Jörg Thalheim
9218a58964
nixos/sslh: don't run as nogroup
See #55370
2020-02-28 15:32:36 +00:00
Vladimír Čunát
5f881209f9
nixos/kresd: never force extraFeatures = false
Fixes #81109.  Regressed in PR #78392 (26858063).
2020-02-26 15:10:53 +01:00
tilpner
6df119a6ec
nixos/git-daemon: only create git user if it will be used 2020-02-26 15:04:36 +01:00
Jörg Thalheim
8cfd003295
stubby: configure cache directory
This is needed for local dnssec validation
2020-02-24 10:51:43 +00:00
Lengyel Balazs
50fb52d4e1 fix wireguard service as well after it got upstreamed. 2020-02-22 00:32:15 +01:00
Jörg Thalheim
1ddb140d95
Merge pull request #53033 from netixx/openvswitch-improved-systemd
openvswitch: better integration with systemd
2020-02-21 08:24:49 +00:00
Edward Tjörnhammar
9bab9e2ec6
nixos/i2pd: address #63103
As a comment to 1d61efb7f1
Note that collect returns a list from a set
2020-02-19 13:15:28 +01:00
Julien Moutinho
f9be656873
shorewall: fix warnings due to types.loaOf being deprecated (#80154) 2020-02-16 12:53:49 +02:00
Jörg Thalheim
466c1df3e2
Merge pull request #79266 from Mic92/knot
nixos/knot: add keyFiles option
2020-02-15 11:15:03 +00:00
Jyun-Yan You
0f8d1ac47d nixos/pppd: fix build error 2020-02-14 12:51:50 +08:00
Symphorien Gibol
44fd320c0f nixos/iodine: protect passwordFiles with toString
It should prevent copying the files to a store path
2020-02-13 21:30:14 +01:00
Will Dietz
ac8a92543b
iwd: drop tmpfiles snippet, services use StateDirectory already
Originally added in [1], and iwd added StateDirectory to its services
in [2] -- 4 days later.

("StateDirectory wasn't used when tmpfile snippet was added to NixOS")
(nevermind git -> release delay)

[1] 6e54e9253a
[2] upstream iwd git rev: 71ae0bee9c6320dae0083ed8c1700bc8fff1defb
2020-02-12 19:29:28 -06:00
Jörg Thalheim
e2ef8b439f
knot: add keyFiles option
This useful to include tsig keys using nixops without adding those
world-readable to the nix store.
2020-02-12 16:36:42 +00:00
Jörg Thalheim
88029bce39
knot: drop dynamic user
This makes it hard to include secret files.
Also using tools like keymgr becomes harder.
2020-02-12 16:34:10 +00:00
Martin Milata
d99808c720 nixos/supybot: fix username
Broken in 1d61efb7f1.
2020-02-10 17:56:51 +01:00
Silvan Mosberger
6169eef798
Merge pull request #78024 from wamserma/minidlna-interval
minidlna: provide configuration option for announce interval
2020-02-10 01:25:47 +01:00
Markus S. Wamser
696979e0bc modules/wireguard: fix typo in documentation 2020-02-07 20:54:35 +01:00
symphorien
d2d5d89c2c
nixos/iodine: improve wording of some descriptions
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:47:43 +00:00
symphorien
dfa67635d6
nixos/iodine: fix typo in description
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:42:27 +00:00
symphorien
1addf1fd94
nixos/iodine: improve description of some options
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:42:07 +00:00
Frederik Rietdijk
419bc0a4cd Revert "Revert "Merge master into staging-next""
In 87a19e9048 I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a5 I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c7979. This was however wrong, as it "removed" master.

This reverts commit 0be87c7979.
2020-02-05 19:41:25 +01:00
Frederik Rietdijk
0be87c7979 Revert "Merge master into staging-next"
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048.

This reverts commit ac241fb7a5, reversing
changes made to 76a439239e.
2020-02-05 19:18:35 +01:00
Vladimír Čunát
baeed035ea
Merge #78628: knot-resolver: 4.3.0 -> 5.0.1
The service needed lots of changes. A few smaller changes
are added into the PR, e.g. replacement for PR #72014.
See the commit messages for details.
2020-02-05 16:57:02 +01:00
Symphorien Gibol
00a91d919d nixos/iodine: hardening 2020-02-04 20:54:29 +01:00
Symphorien Gibol
7437bff7d1 nixos/iodine: nixpkgs-fmt 2020-02-04 20:54:29 +01:00
worldofpeace
74e4cb7ea4
Merge pull request #78543 from Atemu/dnscrypt-proxy2-service
nixos/dnscrypt-proxy2: init
2020-02-02 23:02:06 -05:00
Maximilian Bosch
c2d2c2d0ca
Merge pull request #72931 from Ma27/restart-dhcp-on-exit-hook-change
nixos/dhcpcd: restart dhcpcd if exit hook changed
2020-02-02 18:33:34 +01:00
Yegor Timoshenko
92d689d66b nixos/dnscrypt-proxy2: init
This removes the original dnscrypt-proxy module as well.

Co-authored-by: Atemu <atemu.main@gmail.com>
Co-authored-by: Silvan Mosberger <contact@infinisil.com>
Co-authored-by: ryneeverett <ryneeverett@gmail.com>
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-02-02 11:11:27 -05:00
Maximilian Bosch
f9bb054180
Merge pull request #78968 from ju1m/nsd_types_lines
nsd : use types.lines where appropriate
2020-02-01 09:51:23 +01:00
Julien Moutinho
1a1e5f7be5 nsd: use types.lines where appropriate 2020-01-31 20:40:48 +01:00
Vladimír Čunát
02bf0557c0
nixos/kresd: add .instances option 2020-01-31 15:22:52 +01:00
Vladimír Čunát
ae74a0e27c
(nixos/)knot-resolver: 4.3.0 -> 5.0.0
Minor incompatibilities due to moving to upstream defaults:
  - capabilities are used instead of systemd.socket units
  - the control socket moved:
    /run/kresd/control -> /run/knot-resolver/control/1
  - cacheDir moved and isn't configurable anymore
  - different user+group names, without static IDs

Thanks Mic92 for multiple ideas.
2020-01-31 15:22:52 +01:00
Vladimír Čunát
0a8fb01b80
nixos/kresd: fix a recent error in description 2020-01-31 15:06:27 +01:00
Aaron Andersen
7adffb14cd
Merge pull request #78419 from utsl42/fix-unifi-install
nixos/unifi: use systemd tmpfiles instead of preStart
2020-01-29 18:55:57 -05:00
worldofpeace
c693bd142c
Merge pull request #78745 from bene1618/dhcpcd
nixos/dhcpcd: Add option for dhcpcd waiting behaviour
2020-01-29 18:08:20 -05:00
Mario Rodas
deedf24c88
Merge pull request #75922 from tadfisher/kbfs-fixes
kbfs, nixos/keybase, nixos/kbfs: fix KBFS, add enableRedirector option
2020-01-28 19:13:40 -05:00
Benedikt Hunger
0767de3dc8 nixos/dhcpcd: Add option for dhcpcd waiting behaviour 2020-01-28 12:52:19 +01:00
Alyssa Ross
e99ec699a4 nixos/bitlbee: don't assign list to users.groups
Warns about loaOf deprecation warning.
2020-01-27 02:51:02 +00:00
Nathan Hawkins
b0208cb80f nixos/unifi: use systemd tmpfiles instead of preStart 2020-01-24 10:06:29 -05:00
Jörg Thalheim
2685806371
nixos/kresd: add listenDoH option 2020-01-23 23:22:37 +00:00
Jörg Thalheim
bfa278ee5a
nixos/knot: set defaultText for package option
the package attributes looks nicer in the manual
2020-01-23 23:17:04 +00:00
Florian Klink
dea2d64c35
Merge pull request #78134 from NinjaTrappeur/nin-harden-syncthing
nixos/syncthing.nix: Sandbox the systemd service.
2020-01-21 22:30:04 +01:00
zimbatm
93204f1d8a
nixos/matterbridge: fix package access
was broken by 4371ecb8a6 due to the
switch to buildGoModule
2020-01-21 13:17:18 +01:00
zimbatm
b54c60b689
nixos/zerotierone: simplify the unit
There is no need to stop/start the unit when the machine is online or
offline.

This should fix the shutdown locking issues.

nixos zerotier: sometimes it doesn't shutdown
2020-01-21 13:14:38 +01:00
Félix Baylac-Jacqué
ff8f2928ee
nixos/syncthing.nix: Sandbox the systemd service.
Using systemd sandboxing features to harden the syncthing service.
2020-01-20 21:48:48 +01:00
Markus S. Wamser
d4718f180b minidlna: provide configuration option for announce interval
Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
2020-01-19 14:06:27 +01:00
Matt Layher
5089214a3d nixos/corerad: init 2020-01-16 12:38:36 -08:00
Silvan Mosberger
55b0129a14
Merge pull request #76178 from 0x4A6F/master-xandikos
xandikos: add tests and module
2020-01-13 23:48:22 +01:00
Martin Milata
d9319e8e87 nixos/ndppd: enable systemd sandboxing 2020-01-13 11:11:32 +00:00
Robin Gloster
8305186bb4
Merge pull request #77554 from lheckemann/fix-wpa-multiple1
nixos/wpa_supplicant: fix use with multiple interfaces
2020-01-13 12:07:54 +01:00
Linus Heckemann
bbd6d219e4 nixos/wpa_supplicant: fix #61391 2020-01-12 14:14:16 +01:00
volth
6abba2294d nixos/nat: use nixos-nat-out instead of OUTPUT 2020-01-12 00:06:49 +01:00
0x4A6F
c9ca370e32
nixos/xandikos: init 2020-01-11 16:08:45 +01:00
Daniel Fullmer
27b8253655 nixos/zerotierone: prevent systemd from changing MAC address 2020-01-09 17:51:44 -05:00
markuskowa
2913973aa7
Merge pull request #76938 from lourkeur/fix_76184_gnunet
nixos/gnunet: Add types to the options
2020-01-09 21:33:50 +01:00
Pascal Bach
0319241132 nixos/mxisd: fix empty user name 2020-01-08 23:18:26 +01:00
Milan Pässler
2a31a6a412 tree-wide: fix errors and warning related to loaOf deprecation 2020-01-07 06:23:28 +01:00