Darius Jahandarie
5fa345922f
nixos/supplicant: Don't *stop* supplicant on machine resume. Fixes #51582
2020-03-20 11:08:34 -04:00
Jesper Geertsen Jonsson
02c2c864d1
resilio: fix a list being assigned to the option config.users.groups
2020-03-19 11:25:56 -05:00
Florian Klink
4e53f84c79
nixos/zerotierone: switch from manually generating the .link file to use the module
...
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.
With our module fixed, there's no need to manually manage the text file
anymore.
This was originally applied in 3d1079a20d
,
but was reverted due to 1115959a8d
causing
evaluation errors on hydra.
2020-03-19 14:16:26 +01:00
Martin Baillie
6e055c9f4a
tailscale: init at 0.96-33
...
Signed-off-by: Martin Baillie <martin@baillie.email>
2020-03-18 05:07:47 +00:00
Niklas Hambüchen
9d45737ae7
Merge pull request #82767 from thefloweringash/rpfilter-assertion-types
...
nixos/firewall: fix types in reverse path assertion
2020-03-18 04:11:01 +01:00
Andrew Childs
e110f5ecc1
nixos/firewall: fix types in reverse path assertion
...
Broken by 0f973e273c284a97a8dffeab7d9c0b09a88b7139 in #73533
The type of the checkReversePath option allows "strict" and "loose" as
well as boolean values.
2020-03-18 10:54:55 +09:00
goibhniu
5241e5a193
Merge pull request #79851 from mmilata/supybot-enhancements
...
nixos/supybot: switch to python3, enable systemd sandboxing, add option for installing plugins
2020-03-17 19:07:41 +00:00
Léo Gaspard
a0307bad46
Merge pull request #79120 from symphorien/iodine
...
Iodine: ipv6 support, updates, hardening, nixos test....
2020-03-16 23:42:12 +01:00
Pierre Bourdon
b8ef2285b5
nixos/stubby: set Type=notify on the systemd service
...
Fixes some dependency ordering problems at boot time with services that
require DNS. Without Type=notify these services might be started before
stubby was ready to accept DNS requests.
2020-03-16 10:10:45 +05:30
Silvan Mosberger
779b7ff3d8
Merge pull request #80931 from LEXUGE/master
...
smartdns: init at 30
2020-03-15 15:36:05 +01:00
adisbladis
c00777042f
Merge pull request #82620 from aanderse/ssh-silent
...
nixos/ssh: silence ssh-keygen during configuration validation
2020-03-15 01:21:38 +00:00
Harry Ying
629d3bab18
nixos/smartdns: init first generation config
2020-03-15 08:53:20 +08:00
Aaron Andersen
f383fa344e
nixos/sshd: only include AuthorizedKeysCommand and AuthorizedKeysCommandUser options if explicitly set
2020-03-14 19:50:11 -04:00
Aaron Andersen
f5951f520c
nixos/ssh: silence ssh-keygen during configuration validation
2020-03-14 19:37:30 -04:00
Florian Klink
74f451b851
Merge pull request #82413 from aanderse/authorized-keys-command
...
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-14 23:58:47 +01:00
Andrew Childs
2c121f4215
nixos/firewall: fix inverted assertion for reverse path filtering
...
Previously the assertion passed if the kernel had support OR the
filter was *enabled*. In the case of a kernel without support, the
`checkReversePath` option defaulted to false, and then failed the
assertion.
2020-03-14 04:32:07 +00:00
Vladimír Čunát
0729b8c55e
Revert Merge #82310 : nixos/systemd: apply .link
...
...even when networkd is disabled
This reverts commit ce78f3ac70
, reversing
changes made to dc34da0755
.
I'm sorry; Hydra has been unable to evaluate, always returning
> error: unexpected EOF reading a line
and I've been unable to reproduce the problem locally. Bisecting
pointed to this merge, but I still can't see what exactly was wrong.
2020-03-13 22:05:33 +01:00
Aaron Andersen
dbe59eca84
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-12 21:00:12 -04:00
Florian Klink
ce78f3ac70
Merge pull request #82310 from flokli/systemd-network-link-no-networkd
...
nixos/systemd: apply .link even when networkd is disabled
2020-03-12 15:47:59 -07:00
Markus Kowalewski
2c7f8d56dc
nixos/rxe: use iproute instead of rdma-core
...
The rdma-core packages dropped rxe_cfg in favour
of iproute's rdma utility (see https://github.com/linux-rdma/rdma-core/pull/678/files )
2020-03-12 22:32:44 +01:00
adisbladis
f3adcbd150
Merge pull request #82411 from adisbladis/ntpd-extraconfig
...
services.ntpd: Add extraConfig parameter
2020-03-12 16:37:25 +00:00
Silvan Mosberger
8f2109cda4
Merge pull request #81945 from Infinisil/hostFiles
...
Introduce `networking.hostFiles` option
2020-03-12 15:56:30 +01:00
adisbladis
63c35a9c28
services.ntpd: Add extraConfig parameter
2020-03-12 14:44:59 +00:00
Jörg Thalheim
154f9e1bd9
Merge pull request #82340 from nyanloutre/vsftpd_pam_fix
...
nixos/vsftpd: fix missing default pam_service_name
2020-03-11 22:29:43 +00:00
Jörg Thalheim
9aa23e31b3
Merge pull request #80904 from talyz/haproxy-fixes
...
nixos/haproxy: Revive the haproxy user and group
2020-03-11 22:23:13 +00:00
nyanloutre
7ab00c48d8
nixos/vsftpd: fix missing default pam_service_name
...
9458ec4
removed the ftp pam service which was used by default by vsftpd
2020-03-11 21:15:47 +01:00
talyz
bb7ad853fb
nixos/haproxy: Revive the haproxy user and group
...
Running haproxy with "DynamicUser = true" doesn't really work, since
it prohibits specifying a TLS certificate bundle with limited
permissions. This revives the haproxy user and group, but makes them
dynamically allocated by NixOS, rather than statically allocated. It
also adds options to specify which user and group haproxy runs as.
2020-03-11 19:52:37 +01:00
Florian Klink
3d1079a20d
nixos/zerotierone: switch from manually generating the .link file to use the module
...
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.
With our module fixed, there's no need to manually manage the text file
anymore.
2020-03-11 10:21:37 +01:00
Linus Heckemann
dfc70d37f4
Merge pull request #82252 from mayflower/radius-http2
...
FreeRADIUS improvements
2020-03-10 16:01:46 +01:00
Linus Heckemann
065716ab95
nixos/freeradius: depend on network.target, not online
2020-03-10 15:54:29 +01:00
Linus Heckemann
0587329191
freeradius: make debug logging optional
2020-03-10 15:54:02 +01:00
Martin Milata
1affd47cc1
nixos/supybot: python3 switch, add plugin options
...
Python2 seems to be no longer supported by limnoria upstream.
2020-03-09 23:32:54 +01:00
Martin Milata
57f5fb62d4
nixos/supybot: enable systemd sandboxing options
2020-03-09 23:32:54 +01:00
Martin Milata
b150e08169
nixos/supybot: stateDir in /var/lib, use tmpfiles
...
Moving the stateDir is needed in order to use ProtectSystem=strict
systemd option.
2020-03-09 23:29:04 +01:00
Silvan Mosberger
64ee425a01
nixos/cjdns: Fix connectTo example rendering
2020-03-07 02:01:41 +01:00
Silvan Mosberger
1906320e68
nixos/cjdns: Don't use IFD for extra hosts
2020-03-07 02:01:19 +01:00
Luis Ressel
b19c485b22
nixos/wireguard: Fix typo in error message
...
generatePrivateKey -> generatePrivateKeyFile
2020-03-06 16:19:23 +01:00
Julien Moutinho
47f27938e7
shorewall: fix RestartTriggers
2020-03-05 00:01:44 +01:00
Thomas Dy
97a61c8903
nixos/nat: fix multiple destination ports with loopback
2020-03-04 18:11:31 +09:00
Andreas Rammhold
ca5048cba4
Merge pull request #79925 from mrkkrp/mk/add-nix-store-gcs-proxy-service
...
Add nix-store-gcs-proxy service
2020-03-02 16:04:16 +01:00
Mark Karpov
96b472e95d
module/nix-store-gcs-proxy: init
2020-03-02 16:01:14 +01:00
obadz
c31958449f
Merge pull request #77405 from danielfullmer/zerotier-mac-fix
...
nixos/zerotierone: prevent systemd from changing MAC address
2020-03-01 18:49:00 -07:00
worldofpeace
21c971a732
Merge pull request #81118 from tilpner/gitdaemon-usercreation
...
nixos/git-daemon: only create git user if it will be used
2020-03-01 13:40:57 +00:00
Jörg Thalheim
9218a58964
nixos/sslh: don't run as nogroup
...
See #55370
2020-02-28 15:32:36 +00:00
Vladimír Čunát
5f881209f9
nixos/kresd: never force extraFeatures = false
...
Fixes #81109 . Regressed in PR #78392 (26858063
).
2020-02-26 15:10:53 +01:00
tilpner
6df119a6ec
nixos/git-daemon: only create git user if it will be used
2020-02-26 15:04:36 +01:00
Jörg Thalheim
8cfd003295
stubby: configure cache directory
...
This is needed for local dnssec validation
2020-02-24 10:51:43 +00:00
Lengyel Balazs
50fb52d4e1
fix wireguard service as well after it got upstreamed.
2020-02-22 00:32:15 +01:00
Jörg Thalheim
1ddb140d95
Merge pull request #53033 from netixx/openvswitch-improved-systemd
...
openvswitch: better integration with systemd
2020-02-21 08:24:49 +00:00
Edward Tjörnhammar
9bab9e2ec6
nixos/i2pd: address #63103
...
As a comment to 1d61efb7f1
Note that collect returns a list from a set
2020-02-19 13:15:28 +01:00
Julien Moutinho
f9be656873
shorewall: fix warnings due to types.loaOf being deprecated ( #80154 )
2020-02-16 12:53:49 +02:00
Jörg Thalheim
466c1df3e2
Merge pull request #79266 from Mic92/knot
...
nixos/knot: add keyFiles option
2020-02-15 11:15:03 +00:00
Jyun-Yan You
0f8d1ac47d
nixos/pppd: fix build error
2020-02-14 12:51:50 +08:00
Symphorien Gibol
44fd320c0f
nixos/iodine: protect passwordFiles with toString
...
It should prevent copying the files to a store path
2020-02-13 21:30:14 +01:00
Will Dietz
ac8a92543b
iwd: drop tmpfiles snippet, services use StateDirectory already
...
Originally added in [1], and iwd added StateDirectory to its services
in [2] -- 4 days later.
("StateDirectory wasn't used when tmpfile snippet was added to NixOS")
(nevermind git -> release delay)
[1] 6e54e9253a
[2] upstream iwd git rev: 71ae0bee9c6320dae0083ed8c1700bc8fff1defb
2020-02-12 19:29:28 -06:00
Jörg Thalheim
e2ef8b439f
knot: add keyFiles option
...
This useful to include tsig keys using nixops without adding those
world-readable to the nix store.
2020-02-12 16:36:42 +00:00
Jörg Thalheim
88029bce39
knot: drop dynamic user
...
This makes it hard to include secret files.
Also using tools like keymgr becomes harder.
2020-02-12 16:34:10 +00:00
Martin Milata
d99808c720
nixos/supybot: fix username
...
Broken in 1d61efb7f1
.
2020-02-10 17:56:51 +01:00
Silvan Mosberger
6169eef798
Merge pull request #78024 from wamserma/minidlna-interval
...
minidlna: provide configuration option for announce interval
2020-02-10 01:25:47 +01:00
Markus S. Wamser
696979e0bc
modules/wireguard: fix typo in documentation
2020-02-07 20:54:35 +01:00
symphorien
d2d5d89c2c
nixos/iodine: improve wording of some descriptions
...
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:47:43 +00:00
symphorien
dfa67635d6
nixos/iodine: fix typo in description
...
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:42:27 +00:00
symphorien
1addf1fd94
nixos/iodine: improve description of some options
...
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:42:07 +00:00
Frederik Rietdijk
419bc0a4cd
Revert "Revert "Merge master into staging-next""
...
In 87a19e9048
I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a5
I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c7979
. This was however wrong, as it "removed" master.
This reverts commit 0be87c7979
.
2020-02-05 19:41:25 +01:00
Frederik Rietdijk
0be87c7979
Revert "Merge master into staging-next"
...
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048
.
This reverts commit ac241fb7a5
, reversing
changes made to 76a439239e
.
2020-02-05 19:18:35 +01:00
Vladimír Čunát
baeed035ea
Merge #78628 : knot-resolver: 4.3.0 -> 5.0.1
...
The service needed lots of changes. A few smaller changes
are added into the PR, e.g. replacement for PR #72014 .
See the commit messages for details.
2020-02-05 16:57:02 +01:00
Symphorien Gibol
00a91d919d
nixos/iodine: hardening
2020-02-04 20:54:29 +01:00
Symphorien Gibol
7437bff7d1
nixos/iodine: nixpkgs-fmt
2020-02-04 20:54:29 +01:00
worldofpeace
74e4cb7ea4
Merge pull request #78543 from Atemu/dnscrypt-proxy2-service
...
nixos/dnscrypt-proxy2: init
2020-02-02 23:02:06 -05:00
Maximilian Bosch
c2d2c2d0ca
Merge pull request #72931 from Ma27/restart-dhcp-on-exit-hook-change
...
nixos/dhcpcd: restart dhcpcd if exit hook changed
2020-02-02 18:33:34 +01:00
Yegor Timoshenko
92d689d66b
nixos/dnscrypt-proxy2: init
...
This removes the original dnscrypt-proxy module as well.
Co-authored-by: Atemu <atemu.main@gmail.com>
Co-authored-by: Silvan Mosberger <contact@infinisil.com>
Co-authored-by: ryneeverett <ryneeverett@gmail.com>
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-02-02 11:11:27 -05:00
Maximilian Bosch
f9bb054180
Merge pull request #78968 from ju1m/nsd_types_lines
...
nsd : use types.lines where appropriate
2020-02-01 09:51:23 +01:00
Julien Moutinho
1a1e5f7be5
nsd: use types.lines where appropriate
2020-01-31 20:40:48 +01:00
Vladimír Čunát
02bf0557c0
nixos/kresd: add .instances option
2020-01-31 15:22:52 +01:00
Vladimír Čunát
ae74a0e27c
(nixos/)knot-resolver: 4.3.0 -> 5.0.0
...
Minor incompatibilities due to moving to upstream defaults:
- capabilities are used instead of systemd.socket units
- the control socket moved:
/run/kresd/control -> /run/knot-resolver/control/1
- cacheDir moved and isn't configurable anymore
- different user+group names, without static IDs
Thanks Mic92 for multiple ideas.
2020-01-31 15:22:52 +01:00
Vladimír Čunát
0a8fb01b80
nixos/kresd: fix a recent error in description
2020-01-31 15:06:27 +01:00
Aaron Andersen
7adffb14cd
Merge pull request #78419 from utsl42/fix-unifi-install
...
nixos/unifi: use systemd tmpfiles instead of preStart
2020-01-29 18:55:57 -05:00
worldofpeace
c693bd142c
Merge pull request #78745 from bene1618/dhcpcd
...
nixos/dhcpcd: Add option for dhcpcd waiting behaviour
2020-01-29 18:08:20 -05:00
Mario Rodas
deedf24c88
Merge pull request #75922 from tadfisher/kbfs-fixes
...
kbfs, nixos/keybase, nixos/kbfs: fix KBFS, add enableRedirector option
2020-01-28 19:13:40 -05:00
Benedikt Hunger
0767de3dc8
nixos/dhcpcd: Add option for dhcpcd waiting behaviour
2020-01-28 12:52:19 +01:00
Alyssa Ross
e99ec699a4
nixos/bitlbee: don't assign list to users.groups
...
Warns about loaOf deprecation warning.
2020-01-27 02:51:02 +00:00
Nathan Hawkins
b0208cb80f
nixos/unifi: use systemd tmpfiles instead of preStart
2020-01-24 10:06:29 -05:00
Jörg Thalheim
2685806371
nixos/kresd: add listenDoH option
2020-01-23 23:22:37 +00:00
Jörg Thalheim
bfa278ee5a
nixos/knot: set defaultText for package option
...
the package attributes looks nicer in the manual
2020-01-23 23:17:04 +00:00
Florian Klink
dea2d64c35
Merge pull request #78134 from NinjaTrappeur/nin-harden-syncthing
...
nixos/syncthing.nix: Sandbox the systemd service.
2020-01-21 22:30:04 +01:00
zimbatm
93204f1d8a
nixos/matterbridge: fix package access
...
was broken by 4371ecb8a6
due to the
switch to buildGoModule
2020-01-21 13:17:18 +01:00
zimbatm
b54c60b689
nixos/zerotierone: simplify the unit
...
There is no need to stop/start the unit when the machine is online or
offline.
This should fix the shutdown locking issues.
nixos zerotier: sometimes it doesn't shutdown
2020-01-21 13:14:38 +01:00
Félix Baylac-Jacqué
ff8f2928ee
nixos/syncthing.nix: Sandbox the systemd service.
...
Using systemd sandboxing features to harden the syncthing service.
2020-01-20 21:48:48 +01:00
Markus S. Wamser
d4718f180b
minidlna: provide configuration option for announce interval
...
Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
2020-01-19 14:06:27 +01:00
Matt Layher
5089214a3d
nixos/corerad: init
2020-01-16 12:38:36 -08:00
Silvan Mosberger
55b0129a14
Merge pull request #76178 from 0x4A6F/master-xandikos
...
xandikos: add tests and module
2020-01-13 23:48:22 +01:00
Martin Milata
d9319e8e87
nixos/ndppd: enable systemd sandboxing
2020-01-13 11:11:32 +00:00
Robin Gloster
8305186bb4
Merge pull request #77554 from lheckemann/fix-wpa-multiple1
...
nixos/wpa_supplicant: fix use with multiple interfaces
2020-01-13 12:07:54 +01:00
Linus Heckemann
bbd6d219e4
nixos/wpa_supplicant: fix #61391
2020-01-12 14:14:16 +01:00
volth
6abba2294d
nixos/nat: use nixos-nat-out instead of OUTPUT
2020-01-12 00:06:49 +01:00
0x4A6F
c9ca370e32
nixos/xandikos: init
2020-01-11 16:08:45 +01:00
Daniel Fullmer
27b8253655
nixos/zerotierone: prevent systemd from changing MAC address
2020-01-09 17:51:44 -05:00
markuskowa
2913973aa7
Merge pull request #76938 from lourkeur/fix_76184_gnunet
...
nixos/gnunet: Add types to the options
2020-01-09 21:33:50 +01:00
Pascal Bach
0319241132
nixos/mxisd: fix empty user name
2020-01-08 23:18:26 +01:00
Milan Pässler
2a31a6a412
tree-wide: fix errors and warning related to loaOf deprecation
2020-01-07 06:23:28 +01:00