Martin Baillie
6e055c9f4a
tailscale: init at 0.96-33
...
Signed-off-by: Martin Baillie <martin@baillie.email>
2020-03-18 05:07:47 +00:00
Niklas Hambüchen
9d45737ae7
Merge pull request #82767 from thefloweringash/rpfilter-assertion-types
...
nixos/firewall: fix types in reverse path assertion
2020-03-18 04:11:01 +01:00
Andrew Childs
e110f5ecc1
nixos/firewall: fix types in reverse path assertion
...
Broken by 0f973e273c284a97a8dffeab7d9c0b09a88b7139 in #73533
The type of the checkReversePath option allows "strict" and "loose" as
well as boolean values.
2020-03-18 10:54:55 +09:00
goibhniu
5241e5a193
Merge pull request #79851 from mmilata/supybot-enhancements
...
nixos/supybot: switch to python3, enable systemd sandboxing, add option for installing plugins
2020-03-17 19:07:41 +00:00
Léo Gaspard
a0307bad46
Merge pull request #79120 from symphorien/iodine
...
Iodine: ipv6 support, updates, hardening, nixos test....
2020-03-16 23:42:12 +01:00
Pierre Bourdon
b8ef2285b5
nixos/stubby: set Type=notify on the systemd service
...
Fixes some dependency ordering problems at boot time with services that
require DNS. Without Type=notify these services might be started before
stubby was ready to accept DNS requests.
2020-03-16 10:10:45 +05:30
Silvan Mosberger
779b7ff3d8
Merge pull request #80931 from LEXUGE/master
...
smartdns: init at 30
2020-03-15 15:36:05 +01:00
adisbladis
c00777042f
Merge pull request #82620 from aanderse/ssh-silent
...
nixos/ssh: silence ssh-keygen during configuration validation
2020-03-15 01:21:38 +00:00
Harry Ying
629d3bab18
nixos/smartdns: init first generation config
2020-03-15 08:53:20 +08:00
Aaron Andersen
f383fa344e
nixos/sshd: only include AuthorizedKeysCommand and AuthorizedKeysCommandUser options if explicitly set
2020-03-14 19:50:11 -04:00
Aaron Andersen
f5951f520c
nixos/ssh: silence ssh-keygen during configuration validation
2020-03-14 19:37:30 -04:00
Florian Klink
74f451b851
Merge pull request #82413 from aanderse/authorized-keys-command
...
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-14 23:58:47 +01:00
Andrew Childs
2c121f4215
nixos/firewall: fix inverted assertion for reverse path filtering
...
Previously the assertion passed if the kernel had support OR the
filter was *enabled*. In the case of a kernel without support, the
`checkReversePath` option defaulted to false, and then failed the
assertion.
2020-03-14 04:32:07 +00:00
Vladimír Čunát
0729b8c55e
Revert Merge #82310 : nixos/systemd: apply .link
...
...even when networkd is disabled
This reverts commit ce78f3ac70dc34da0755
2020-03-13 22:05:33 +01:00
Aaron Andersen
dbe59eca84
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-12 21:00:12 -04:00
Florian Klink
ce78f3ac70
Merge pull request #82310 from flokli/systemd-network-link-no-networkd
...
nixos/systemd: apply .link even when networkd is disabled
2020-03-12 15:47:59 -07:00
adisbladis
f3adcbd150
Merge pull request #82411 from adisbladis/ntpd-extraconfig
...
services.ntpd: Add extraConfig parameter
2020-03-12 16:37:25 +00:00
Silvan Mosberger
8f2109cda4
Merge pull request #81945 from Infinisil/hostFiles
...
Introduce `networking.hostFiles` option
2020-03-12 15:56:30 +01:00
adisbladis
63c35a9c28
services.ntpd: Add extraConfig parameter
2020-03-12 14:44:59 +00:00
Jörg Thalheim
154f9e1bd9
Merge pull request #82340 from nyanloutre/vsftpd_pam_fix
...
nixos/vsftpd: fix missing default pam_service_name
2020-03-11 22:29:43 +00:00
Jörg Thalheim
9aa23e31b3
Merge pull request #80904 from talyz/haproxy-fixes
...
nixos/haproxy: Revive the haproxy user and group
2020-03-11 22:23:13 +00:00
nyanloutre
7ab00c48d8
nixos/vsftpd: fix missing default pam_service_name
...
9458ec4
2020-03-11 21:15:47 +01:00
talyz
bb7ad853fb
nixos/haproxy: Revive the haproxy user and group
...
Running haproxy with "DynamicUser = true" doesn't really work, since
it prohibits specifying a TLS certificate bundle with limited
permissions. This revives the haproxy user and group, but makes them
dynamically allocated by NixOS, rather than statically allocated. It
also adds options to specify which user and group haproxy runs as.
2020-03-11 19:52:37 +01:00
Florian Klink
3d1079a20d
nixos/zerotierone: switch from manually generating the .link file to use the module
...
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.
With our module fixed, there's no need to manually manage the text file
anymore.
2020-03-11 10:21:37 +01:00
Linus Heckemann
dfc70d37f4
Merge pull request #82252 from mayflower/radius-http2
...
FreeRADIUS improvements
2020-03-10 16:01:46 +01:00
Linus Heckemann
065716ab95
nixos/freeradius: depend on network.target, not online
2020-03-10 15:54:29 +01:00
Linus Heckemann
0587329191
freeradius: make debug logging optional
2020-03-10 15:54:02 +01:00
Martin Milata
1affd47cc1
nixos/supybot: python3 switch, add plugin options
...
Python2 seems to be no longer supported by limnoria upstream.
2020-03-09 23:32:54 +01:00
Martin Milata
57f5fb62d4
nixos/supybot: enable systemd sandboxing options
2020-03-09 23:32:54 +01:00
Martin Milata
b150e08169
nixos/supybot: stateDir in /var/lib, use tmpfiles
...
Moving the stateDir is needed in order to use ProtectSystem=strict
systemd option.
2020-03-09 23:29:04 +01:00
Silvan Mosberger
64ee425a01
nixos/cjdns: Fix connectTo example rendering
2020-03-07 02:01:41 +01:00
Silvan Mosberger
1906320e68
nixos/cjdns: Don't use IFD for extra hosts
2020-03-07 02:01:19 +01:00
Luis Ressel
b19c485b22
nixos/wireguard: Fix typo in error message
...
generatePrivateKey -> generatePrivateKeyFile
2020-03-06 16:19:23 +01:00
Julien Moutinho
47f27938e7
shorewall: fix RestartTriggers
2020-03-05 00:01:44 +01:00
Thomas Dy
97a61c8903
nixos/nat: fix multiple destination ports with loopback
2020-03-04 18:11:31 +09:00
Andreas Rammhold
ca5048cba4
Merge pull request #79925 from mrkkrp/mk/add-nix-store-gcs-proxy-service
...
Add nix-store-gcs-proxy service
2020-03-02 16:04:16 +01:00
Mark Karpov
96b472e95d
module/nix-store-gcs-proxy: init
2020-03-02 16:01:14 +01:00
obadz
c31958449f
Merge pull request #77405 from danielfullmer/zerotier-mac-fix
...
nixos/zerotierone: prevent systemd from changing MAC address
2020-03-01 18:49:00 -07:00
worldofpeace
21c971a732
Merge pull request #81118 from tilpner/gitdaemon-usercreation
...
nixos/git-daemon: only create git user if it will be used
2020-03-01 13:40:57 +00:00
Jörg Thalheim
9218a58964
nixos/sslh: don't run as nogroup
...
See #55370
2020-02-28 15:32:36 +00:00
Vladimír Čunát
5f881209f9
nixos/kresd: never force extraFeatures = false
...
Fixes #81109 . Regressed in PR #78392 (26858063
2020-02-26 15:10:53 +01:00
tilpner
6df119a6ec
nixos/git-daemon: only create git user if it will be used
2020-02-26 15:04:36 +01:00
Jörg Thalheim
8cfd003295
stubby: configure cache directory
...
This is needed for local dnssec validation
2020-02-24 10:51:43 +00:00
Lengyel Balazs
50fb52d4e1
fix wireguard service as well after it got upstreamed.
2020-02-22 00:32:15 +01:00
Jörg Thalheim
1ddb140d95
Merge pull request #53033 from netixx/openvswitch-improved-systemd
...
openvswitch: better integration with systemd
2020-02-21 08:24:49 +00:00
Edward Tjörnhammar
9bab9e2ec6
nixos/i2pd: address #63103
...
As a comment to 1d61efb7f1
2020-02-19 13:15:28 +01:00
Julien Moutinho
f9be656873
shorewall: fix warnings due to types.loaOf being deprecated ( #80154 )
2020-02-16 12:53:49 +02:00
Jörg Thalheim
466c1df3e2
Merge pull request #79266 from Mic92/knot
...
nixos/knot: add keyFiles option
2020-02-15 11:15:03 +00:00
Jyun-Yan You
0f8d1ac47d
nixos/pppd: fix build error
2020-02-14 12:51:50 +08:00
Symphorien Gibol
44fd320c0f
nixos/iodine: protect passwordFiles with toString
...
It should prevent copying the files to a store path
2020-02-13 21:30:14 +01:00
