Commit Graph

1445 Commits

Author SHA1 Message Date
Janne Heß
9e25ebc03a nixos/iperf: Init the module 2018-09-06 12:38:30 +02:00
Yorick
1ee3ad6732 wireguard: change preStop to postStop, require network.target (#45569)
* wireguard: change preStop to postStop, require network.target

* wireguard service: network.target -> network-online.target
2018-09-02 17:07:55 +02:00
Florian Klink
953b77f07b bird: set reloadIfChanged to true (#45924)
This will trigger the reload instead of restart command if a definition
changes, which is much more desireable for a routing daemon.
2018-09-02 06:51:32 +02:00
Samuel Dionne-Riel
ca47cc90c2
Merge pull request #39142 from teto/nm_dispatchers
[RDY] networkmanager: enrich dispatcher PATH
2018-09-01 23:26:36 -04:00
Graham Christensen
34d2ec7c09
nixos docs: give IDs to things 2018-09-01 16:20:49 -04:00
John Ericson
2c4a75e9ef
Merge pull request #45820 from obsidiansystems/dont-use-obsolete-platform-aliases
treewide: Dont use obsolete platform aliases
2018-08-31 09:56:10 -04:00
チルノ
17564e0ed9 nixos/zeronet: init (#44842) 2018-08-31 11:40:23 +01:00
John Ericson
2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
Jan Tojnar
8a8056c302
Merge pull request #45058 from michaelpj/imp/freedesktop-modules
freedesktop modules: init
2018-08-30 16:14:35 +01:00
Nikolay Amiantov
69407cb013 firewall service: respect marks in rpfilter (#39054)
This allows one to add rules which change a packet's routing table:

iptables -t raw -I PREROUTING 1 -m set --match-set myset src -j MARK --set-mark 2
ip rule add fwmark 2 table 1 priority 1000
ip route add default dev wg0 table 1

to the beginning of raw table PREROUTING chain, and still have rpfilter.
2018-08-29 20:50:53 +02:00
Vladyslav Mykhailichenko
d73fd69952 iwd: 0.4 -> 0.7 2018-08-25 15:26:52 +03:00
Sarah Brofeldt
4c6171c173 nixos/dhcpcd: Wait for devices to settle 2018-08-22 00:20:28 +02:00
Tobias Happ
ca3e9a7096 teamspeak_server: 3.0.13.6 -> 3.3.0 2018-08-17 00:25:31 +02:00
Michael Peyton Jones
13e2e19158
xdg: add modules for supporting various XDG specs 2018-08-16 21:23:34 +01:00
Franz Pletz
0371570807
Merge pull request #44524 from vincentbernat/fix/dhcpcd-systemd
dhcpcd service: order before network target
2018-08-13 20:24:22 +00:00
Franz Pletz
f167e88794
Merge pull request #44658 from dlahoti/patch-2
add `extraConfig` section to `networking.wireless`
2018-08-10 09:38:23 +00:00
Deven Lahoti
8d6128208d nixos/wireless: add extraConfig section to networking.wireless
This allows the user to add `wpa_supplicant` config options not yet supported by Nix without having to write the entire `wpa_supplicant.conf` file manually.
2018-08-09 15:20:44 -05:00
Silvan Mosberger
565479374b
Merge pull request #42469 from ghuntley/patch-4
zerotier: added option to customise the port used
2018-08-08 17:02:25 +02:00
Geoffrey Huntley
5b66ddb943 nixos/zerotier: added option to customise the port used 2018-08-09 00:00:12 +10:00
Matthieu Coudron
f0980c40c1 networkmanager: make hooks easier to use
First change is to override the nm-dispatcher systemd service so that
it puts coreutils (wc/env/...) and iproute in PATH.
Second change is to make sure userscripts have the execute bit.
2018-08-07 17:53:56 +09:00
Vincent Bernat
48f7778d99 dhcpcd service: order before network target
This reverts a change applied in PR #18491. When interfaces are
configured by DHCP (typical in a cloud environment), ordering after
network.target cause trouble to applications expecting some network to
be present on boot (for example, cloud-init is quite brittle when
network hasn't been configured for `cloud-init.service`) and on
shutdown (for example, collectd needs to flush metrics on shutdown).

When ordering after network.target, we ensure applications relying on
network.target won't have any network reachability on boot and
potentially on shutdown.

Therefore, I think ordering before network.target is better.
2018-08-05 23:07:54 +02:00
Maximilian Bosch
cd5e01edd9 ocserv: init at 0.12.1 (#42871)
`ocserv` is a VPN server which follows the openconnect protocol
(https://github.com/openconnect/protocol). The packaging is slightly
inspired by the AUR version
(https://aur.archlinux.org/packages/ocserv/).

This patch initializes the package written in C, the man pages and a
module for a simple systemd unit to run the VPN server. The package
supports the following authentication methods for the server:

* `plain` (mostly username/password)
* `pam`

The third method (`radius`) is currently not supported since `nixpkgs`
misses a packaged client.

The module can be used like this:

``` nix
{
  services.ocserv = {
    enable = true;
    config = ''
      ...
    '';
  };
}
```

The option `services.ocserv.config` is required on purpose to
ensure that nobody just enables the service and experiences unexpected
side-effects on the system. For a full reference, please refer to the
man pages, the online docs or the example value.

The docs recommend to simply use `nobody` as user, so no extra user has
been added to the internal user list. Instead a configuration like
this can be used:

```
run-as-user = nobody
run-as-group = nogroup
```

/cc @tenten8401
Fixes #42594
2018-08-01 21:39:09 +02:00
Silvan Mosberger
c3f00f7c16
Merge pull request #44061 from ljani/avahi-extraconfig
nixos/avahi: add support for extraConfig
2018-07-29 20:07:11 +02:00
Jani
d17770d0d5 nixos/avahi: add support for extraConfig 2018-07-28 12:48:08 +03:00
Tuomas Tynkkynen
96190535e5 Revert "nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1"
This reverts commit 095fe5b43d.

Pointless renames considered harmful. All they do is force people to
spend extra work updating their configs for no benefit, and hindering
the ability to switch between unstable and stable versions of NixOS.

Like, what was the value of having the "nixos." there? I mean, by
definition anything in a NixOS module has something to do with NixOS...
2018-07-28 00:12:55 +03:00
Jörg Thalheim
e9ff0f9448
Merge pull request #43863 from volth/unused4
[bot] nixos/*: remove unused arguments in lambdas
2018-07-21 16:39:08 +01:00
volth
2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
volth
6d2857a311 [bot] treewide: remove unused 'inherit' in let blocks 2018-07-20 19:38:19 +00:00
Frederik Rietdijk
1a6af9f88e
Merge pull request #43857 from volth/unused
[bot] treewide: remove unreferenced code
2018-07-20 21:06:32 +02:00
volth
87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Erik Arvstedt
aecf24a0eb openvpn: document how to import an external config 2018-07-20 10:51:52 +02:00
Alexey Lebedeff
c00d17aae3 epmd: Introduce erlang port mapper daemon service
Having socket-activated epmd means that there always be only a single
instance managed centrally. Because Erlang also starts it
automatically if not available, and in worst case scenario 'epmd' can
be started by some Erlang application running under systemd. And then
restarting this application unit will cause complete loss of names in
'epmd' (if other Erlang system are also installed on this host).

E.g. see at which lengths RabbitMQ goes to recover from such
situations:
7741b37b1e/src/rabbit_epmd_monitor.erl (L36)

Having the only one socket-activated epmd completely solves this
problem.
2018-07-19 17:32:29 +02:00
Franz Pletz
ea9078b76b
Merge pull request #41745 from rvolosatovs/fix/sshd
nixos: Add more ssh-keygen params
2018-07-14 16:29:46 +00:00
xeji
51d0309651
Merge pull request #38324 from rvl/znc-uri-prefix
znc: add uriPrefix option
2018-07-10 09:38:50 +02:00
Rickard Nilsson
d80292dbd2 nixos: Add option networking.networkmanager.dynamicHosts
This allows non-privileged users to configure local DNS
entries by editing hosts files read by NetworkManager's dnsmasq
instance.

Cherry-picked from e6c3d5a507909c4e0c0a5013040684cce89c35ce and
5a566004a2b12c3d91bf0acdb704f1b40770c28f.
2018-07-07 17:15:35 +02:00
Graham Christensen
078925c954
quagga module: Use a deep merge via imports instead of the shallow merge
The deep merge caused all the options to be unset when generating docs, unless quagga was enabled.

Using imports, instead, properly allows the documentation to be generated.
2018-07-05 22:11:29 -04:00
Ingo Blechschmidt
c97b1a44d1 supplicant: Fix tiny typo in the documentation 2018-07-04 00:14:45 +02:00
Silvan Mosberger
bdac6ac4b2
Merge pull request #42860 from ldesgoui/fix-murmur-service
murmur service: prevent silent launch failure by waiting until network is available
2018-07-03 17:34:07 +02:00
Silvan Mosberger
59dd0e6c69
Merge pull request #41222 from gnidorah/firewall
nixos/firewall: per-interface port options
2018-07-03 17:21:55 +02:00
Michael Raskin
b43c4d8b75
Merge pull request #42798 from flokli/users-users
tree-wide: users.extraUsers -> users.users, users.extraGroups -> users.groups
2018-07-02 11:23:10 +00:00
ldesgoui
16a46139d3 murmur: prevent silent launch failure 2018-07-02 05:30:43 +02:00
Jörg Thalheim
6e54e9253a iwd: set statedir to /var/lib/iwd 2018-07-01 10:59:35 +01:00
adisbladis
dd608f80db
Merge pull request #42709 from jollheef/master
hostapd: use WPA2 instead of WPA1 by default
2018-06-30 21:44:19 +08:00
Mikhail Klementev
d8f6ca1afa hostapd: use WPA2 instead of WPA1 by default 2018-06-30 11:33:11 +00:00
Florian Klink
fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Benjamin Staffin
dca7e24a11
networkmanager: Expand dns description, integrate with other services (#41898)
Rather than special-casing the dns options in networkmanager.nix, use
the module system to let unbound and systemd-resolved contribute to
the newtorkmanager config.
2018-06-29 13:41:46 -04:00
Jesper Geertsen Jonsson
1327218d8a zerotier: interface names changed; fix no dhcp
Since ZT v1.2.8:
ZT interface names are no longer named zt<sequence number>.
Instead they are by default named zt<network hash>.

https://www.zerotier.com/blog/2018-05-04-128.shtml
2018-06-27 15:43:55 +02:00
aszlig
a346f153b5
nixos/strongswan-swanctl: Fix build of manual
Commit 401370287a introduced a small error
where the closing tag of <literal/> was an opening tag instead.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @basvandijk, @xeji
2018-06-26 10:02:07 +02:00
xeji
7e77094f39
Merge pull request #42518 from LumiGuide/strongswan-swanctl-5.6.3
strongswan-swanctl: adapt options to strongswan-5.6.3
2018-06-25 15:01:56 +02:00
gnidorah
c60c8aa759 nixos/firewall: per-interface port options 2018-06-24 16:49:10 +03:00
Bas van Dijk
401370287a strongswan-swanctl: adapt options to strongswan-5.6.3
This time there was only one change between 5.6.2..5.6.3:

2c7a4b0704
2018-06-24 11:32:10 +02:00
Bas van Dijk
56ef106848 chrony: disable the whole timesyncd module when chronyd is enabled
Peviously only the timesyncd systemd unit was disabled. This meant
that when you activate a system that has chronyd enabled the following
strange startup behaviour takes place:

  systemd[1]: Starting chrony NTP daemon...
  systemd[1]: Stopping Network Time Synchronization...
  systemd[1]: Stopped chrony NTP daemon.
  systemd[1]: Starting Network Time Synchronization...
2018-06-22 12:02:35 +02:00
Matthew Justin Bauer
3925077548
Merge pull request #41485 from teto/owamp
[RDY] Owamp : Get one way (network) latencies between synchronized computers
2018-06-20 21:45:36 -04:00
Yegor Timoshenko
b5d6a49085
nixos/networkmanager: add extraConfig 2018-06-18 22:21:27 +08:00
volth
baa1098a4a
nixos/xrdp: add fonts.enableDefaultFonts 2018-06-17 11:23:30 +00:00
xeji
bffc59badd
Merge pull request #37289 from disassembler/dnsdist
nixos/dnsdist: init module
2018-06-13 13:56:53 +02:00
volth
3ae018592d
nixos/tinc: minor fixes 2018-06-12 23:27:52 +00:00
Roman Volosatovs
1846a85b77
sshd: Add issue references to services.openssh.authorizedKeysFiles 2018-06-12 18:30:53 +02:00
Roman Volosatovs
9953edaf75
sshd: Support more ssh-keygen parameters 2018-06-12 18:26:20 +02:00
volth
d79a5057d3 nixos/nat: optional networking.nat.externalInterface (#41864)
to prevent "cannot coerce null to string" raise before the assertions are checked
2018-06-12 15:14:15 +02:00
volth
b25a2c9614 nixos/unbound: add restart (#41885) 2018-06-12 14:29:25 +02:00
volth
d4daddad75 nixos/nat: optional networking.nat.externalInterface (#41758) 2018-06-10 18:29:32 +02:00
Izorkin
9ef30fd56a sshd: change location of config file (#41744)
create symlink /etc/ssh/sshd_config
2018-06-10 01:39:06 +02:00
volth
2874e56c05 nixos/sslh: add transparent proxying support (#41412)
[x] Support transparent proxying. This means services behind sslh (Apache, sshd and so on) will see the external IP and ports as if the external world connected directly to them.
 [x] Run sslh daemon as unprivileged user instead of root (it is not only for security, transparent proxying requires it)
 [x] Removed pidFile support (it is not compatible with running sslh daemon as unprivileged user)
 [x] listenAddress default changed from "config.networking.hostName" (which resolves to meaningless "127.0.0.1" as with current /etc/hosts production) to "0.0.0.0" (all addresses)
2018-06-09 00:38:51 +02:00
Matthieu Coudron
358296c05a owamp: adding module
You can retrieve the one way latency between your client and the remote
host via owping.
2018-06-05 22:15:28 +09:00
Joachim F
ae512f2d8e
Merge pull request #34886 from leenaars/mortyproxy
morty: init -> 0.2.0
2018-06-02 10:26:09 +00:00
Matthew Justin Bauer
20ca7af00f
Merge pull request #40171 from teto/ntp
[RDY] openntpd: make -s flag work
2018-06-01 23:16:20 -04:00
Matthew Justin Bauer
76d0d7ceb5
Merge pull request #40692 from Izorkin/sshd
sshd: add custom options
2018-06-01 23:08:28 -04:00
coretemp
2d3db84ddb dnscrypt-proxy: make man 8 dnscrypt-proxy work (#41039) 2018-05-31 23:15:19 +02:00
Michiel Leenaars
e9ff80d24a morty: init as service 2018-05-30 18:13:53 +02:00
aszlig
94bc38e6c1
nixos/bind: Allow to set extra options
BIND doesn't allow the options section (or any section I'd guess) to be
defined more than once, so whenever you want to set an additional option
you're stuck using weird hacks like this:

services.bind.forwarders = lib.mkForce [ "}; empty-zones-enable no; #" ];

This basically exploits the fact that values coming from the module
options aren't escaped and thus works in a similar vain to how SQL
injection works.

Another option would be to just set configFile to a file that includes
all the options, including zones. That obviously makes the configuration
way less extensible and more awkward to use with the module system.

To make sure this change does work correctly I added a small test just
for that. The test could use some improvements, but better to have a
test rather than none at all. For a future improvement the test could be
merged with the NSD test, because both use the same zone file format.

This change has been reviewed in #40053 and after not getting any
opposition, I'm hereby adding this to master.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @peti, @edolstra
Closes: #40053
2018-05-30 05:07:39 +02:00
Samuel Leathers
fef6b9ac0c
Merge pull request #40801 from xeji/test/dnscrypt-proxy
nixos/dnscrypt-proxy: fix apparmor profile and test
2018-05-19 21:11:17 -04:00
Uli Baum
8dbd8f4d69 nixos/dnscrypt-proxy: fix apparmor profile and test
Test failed because of an incomplete apparmor profile.
- fix apparmor profile
- improve test timing, prevent non-deterministic failure
2018-05-20 02:25:42 +02:00
xeji
f4ec18aaac
nixos/cjdns: fix service for i686 (#40740)
service failed to start because of MemoryDenyWriteExecute = true,
which seems not to work on i686
2018-05-20 01:01:42 +02:00
Izorkin
ad11b960e9 sshd: add custom options 2018-05-19 11:52:00 +03:00
Kirill Elagin
865abfa609
wireguard: Enable tools on other platforms
Wireguard is now split into two pretty much independent packages:
`wireguard` (Linux-specific kernel module) and `wireguard-tools`,
which is cross-platform.
2018-05-19 01:17:26 +03:00
baroncharlus
380cdd8dd7 Add stubby resolver daemon service module (#38667)
* networking/stubby.nix: implementing systemd service module for stubby

This change implements stubby, the DNS-over-TLS stub resolver daemon.
The motivation for this change was the desire to use stubby's
DNS-over-TLS funcitonality in tandem with unbound, which requires
passing certain configuration parameters. This module implements those
config parameters by exposing them for use in configuration.nix.

* networking/stubby.nix: merging back module list

re-merging the module list to remove unecessary changes.

* networking/stubby.nix: removing unecessary capabilities flag

This change removes the unecessary flag for toggling the capabilities
which allows the daemon to bind to low ports.

* networking/stubby.nix: adding debug level logging bool

Adding the option to turn on debug logging.

* networking/stubby.nix: clarifying idleTimeout and adding systemd target

Improving docs to note that idleTimeout is expressed in ms. Adding the
nss-lookup `before' target to the systemd service definition.

* networking/stubby.nix: Restrict options with types.enum

This change restricts fallbackProtocol and authenticationMode to accept
only valid options instead of any list or str types (respectively). This
change also fixes typo in the CapabilityBoundingSet systemd setting.

* networking/stubby.nix: cleaning up documentation

Cleaning up docs, adding literal tags to settings, and removing
whitespace.

* networking/stubby.nix: fixing missing linebreak in comments

* networking/stubby.nix: cleaning errant comments
2018-05-16 15:16:30 +02:00
Jan Malakhovski
095fe5b43d nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1 2018-05-12 19:27:09 +00:00
Robert Schütz
d283368d73
Merge pull request #39681 from pstn/gnunet-service
nixos/gnunet: create switch for package.
2018-05-11 14:13:17 +02:00
Philipp Steinpass
c3dba0b7a7 nixos/gnunet: create switch for package. 2018-05-11 13:54:00 +02:00
Yegor Timoshenko
35375aa7ed
hostapd: remove assertion (allow 5GHz channels) 2018-05-11 13:56:18 +03:00
Sarah Brofeldt
3befef8279
Merge pull request #39671 from johanot/keepalived-vrrpInstanceTracking
nixos/keepalived: Implemented vrrp-instance track scripts and track interfaces
2018-05-09 20:54:36 +02:00
jD91mZM2
6c4c36fcbc
NetworkManager: add noDns option 2018-05-08 13:42:39 +02:00
Matthieu Coudron
f5e169c608 openntpd: make -s flag work
after seeing
`adjtime failed: Invalid argument` in my syslog, I tried using
`ntpd -s` but it would trigger
`/etc/ntpd.conf: No such file or directory`
see https://github.com/NixOS/nixpkgs/issues/31885

Instead of running the daemon with a specific config file, use the
standard file so that user are able to use the ntp executable without
having to look for the current config file.
2018-05-08 19:15:57 +09:00
Johan Thomsen
41d4bd29ac nixos/keepalived: Implemented vrrp-instance tracking scripts and interfaces.
Tracking scripts in particular, cannot be included in extraOpts, because script declaration has to be above script usage in keepalived.conf.
Changes are fully backward compatible.
2018-05-08 11:25:53 +02:00
aszlig
1eeeceb9c7
nixos/nsd: Allow to configure root zone
When trying to run NSD to serve the root zone, one gets the following
error message:

error: illegal name: '.'

This is because the name of the zone is used as the derivation name for
building the zone file. However, Nix doesn't allow derivation names
starting with a period.

So whenever the zone is "." now, the file name generated is "root"
instead of ".".

I also added an assertion that makes sure the user sets
services.nsd.rootServer, otherwise NSD will fail at runtime because it
prevents serving the root zone without an explicit compile-time option.

Tested this by adding a root zone to the "nsd" NixOS VM test.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @hrdinka, @qknight
2018-05-07 04:05:41 +02:00
Joachim F
e97d8fc0cb
Merge pull request #39455 from Ekleog/matterbridge-configfile
matterbridge module: add configPath option as a workaround, waiting for nix encryption
2018-05-06 17:29:43 +00:00
xeji
cd960b965f
Merge pull request #38622 from obadz/minidlna-module
nixos/minidlna: add loglevel config
2018-05-06 00:13:39 +02:00
xeji
76c8e5ea3b
Merge pull request #39055 from abbradar/reload-stop
firewall service: run stop commands in reload
2018-05-05 22:13:15 +02:00
gnidorah
9f1da66587 ndppd module: init (#35533) 2018-05-05 00:33:20 -05:00
Samuel Leathers
f515ca67f5
nixos/dnsdist: initial service 2018-05-02 10:30:30 -04:00
Graham Christensen
d1165dba99
Merge pull request #38831 from rdnetto/improve-cross-refs
Improve cross referencing in NixOS Manual
2018-04-30 21:30:20 -04:00
Badi Abdul-Wahid
df3566c956 unifi, nixos/unifi: support LTS (5.6.36) and release (5.7.20)
Ubiquiti has both a LTS and current version of their Unifi controller software.

The latter adds new features, but may drop support for some devices.

This adds the capability to use either for the unifi module but defaults
to the LTS version, which was the previous behavior.
2018-04-28 00:27:33 +02:00
Nikolay Amiantov
b827307c52 dante service: default for logoutput
Log to journald via syslog by default; also improve option type.
2018-04-26 13:57:11 +03:00
Nikolay Amiantov
bd140fb41d dante service: restart only on failure
Normal exit code shouldn't result in a restart.
2018-04-26 13:57:11 +03:00
Léo Gaspard
e199143f11
matterbridge module: add configPath option as a workaround, waiting for nix encryption 2018-04-25 01:37:37 +02:00
gnidorah
ce8f347ca8 nixos/hans, nixos/iodine: fix passwordFile attribute 2018-04-23 23:40:47 +03:00
Matthew Justin Bauer
14e66c1659
Merge pull request #36734 from gnidorah/hans
nixos/hans: init
2018-04-23 11:42:09 -05:00
Nikolay Amiantov
7c90a86770 wireguard service: use scripts instead of ExecStarts/Stops
This is more in line with what other services do; also looks cleaner.
It changes configuration entries for pre-and post-hooks type to lines from
lists of strings which are more logical for them; coersion is provided for
backwards compatibility.

Finally, add several steps to improve robustness:

1. Load kernel module on start if not loaded;
2. Don't remove wireguard interface on start; it is removed on service stop. If
   it's not something is wrong.
2018-04-22 13:33:11 -05:00
Matthew Justin Bauer
e4717c902f
Merge pull request #27958 from LumiGuide/strongswan-swanctl
nixos: add the strongswan-swanctl service
2018-04-21 15:47:39 -05:00
Matthew Justin Bauer
7a516cd0c3
Merge branch 'master' into feat/nsd/dnssec 2018-04-21 14:48:30 -05:00
Erik Arvstedt
683eeab299 openvpn: remove redundant timestamps from log output
The systemd journal is already logging and showing timestamps
2018-04-21 14:17:22 +02:00
Silvan Mosberger
ee3fd4ad53
nixos/sshd: add options for kexAlgorithms, ciphers and MACs 2018-04-20 19:05:19 +02:00
Peter Hoeg
740bafa9a0
Merge pull request #36864 from peterhoeg/f/ddclient
nixos ddclient: support multiple domains and run via systemd timer [WIP]
2018-04-19 05:12:29 +00:00
Matthew Justin Bauer
8fb93be481
Merge pull request #38705 from tokudan/murmur_tmpfix
murmur: fix /tmp usage
2018-04-18 22:12:29 -05:00
Matthew Justin Bauer
ef7f1c5e03
Merge pull request #36440 from dywedir/iwd
iwd: 2017-12-14 -> 0.1
2018-04-17 10:53:37 -05:00
Matthew Justin Bauer
1a1f26ab3f
Merge pull request #37786 from woffs/fixing-quagga
quagga service: fix service and re-enable test
2018-04-17 10:12:11 -05:00
Nikolay Amiantov
b81aa02800 firewall service: run stop commands in reload
Do cleanup of user-created additional rules.

Of course it'd be much better to just use iptables-{save,restore} for
declarative management, but as it's still not there...
2018-04-17 12:41:36 +03:00
Peter Hoeg
642c8a8d8d nixos ddclient: support multiple domains and run via systemd timer
a) Some providers can update multiple domains - support that.

b) Make "zone" and "script" configurable. Some providers require these.

c) Instead of leaving the ddclient daemon running all the time, use a systemd
timer to kick it off.

d) Don't use a predefined user - run everything via DynamicUser

e) Add documentation
2018-04-15 10:17:46 +08:00
Nikolay Amiantov
803dca34bb
Merge pull request #38896 from abbradar/shadowsocks
Update shadowsocks-libuv and add shadowsocks service
2018-04-13 15:55:55 +03:00
Nikolay Amiantov
dccd5a8601 dnscache service: cleanup and add forwardOnly 2018-04-13 15:38:13 +03:00
Nikolay Amiantov
98270cb959 dnscache service: fix bug with several assigned DNS servers 2018-04-13 15:35:03 +03:00
Nikolay Amiantov
f7651b35b8 shadowsocks service: init 2018-04-13 13:39:21 +03:00
Márton Boros
ec1419bad8 nixos/prosody: fix pidfile path 2018-04-13 11:38:52 +02:00
Márton Boros
d260e95cb9 nixos/prosody: add user, group options 2018-04-13 11:38:29 +02:00
Reuben D'Netto
42a84598fb Added cross-references to NixOS manual 2018-04-12 09:39:14 +10:00
Daniel Frank
e0de2d7ae6 murmur: fix /tmp usage 2018-04-10 20:27:59 +02:00
Márton Boros
615fefb3a5 nixos/prosody: add dataDir option 2018-04-09 14:19:42 +02:00
obadz
f3657a05d8 minidlna nixos module: add loglevel config 2018-04-09 00:16:06 +01:00
Michael Raskin
195521350a
Merge pull request #38111 from oxij/tree/cleanups
assorted cleanups
2018-04-05 07:08:05 +00:00
Joachim Schiele
7be79f22f2
nixos/dhcp: fix permissions of statedir
nixos/dhcp: fix permissions of statedir
2018-04-04 16:26:25 +02:00
Rodney Lorrimar
d06b547cc0
znc: add uriPrefix option
Allows the ZNC web interface to be hosted behind a reverse proxy as a
subdirectory.

https://wiki.znc.in/Reverse_Proxy#As_subdirectory
2018-04-02 11:09:57 +01:00
Franz Pletz
35f474d61d
nixos/unbound: don't fail on root trust anchor updates
Exit code on updates is 1 which makes the inital start of unbound fail.
2018-04-01 23:56:42 +02:00
Jan Malakhovski
44b8202cab nixos: tcpcrypt: /var/run -> /run, don't drop files out of rundir 2018-03-30 06:56:38 +00:00
obadz
0a9d7f0809 zerotier module: add option to join networks and open port 2018-03-28 22:18:25 +01:00
gnidorah
30a56d72db hans: rename option 2018-03-28 10:36:04 +03:00
gnidorah
33c34aff2f hans, iodine: correct script 2018-03-28 10:34:57 +03:00
gnidorah
276d10dae6 nixos/iodine: passwordFile option #24288 2018-03-27 22:44:29 +03:00
gnidorah
16c5866cec nixos/hans: passwordFile option #24288 2018-03-27 22:25:31 +03:00
gnidorah
b2be363fea nixos/hans: init 2018-03-27 22:25:22 +03:00
Bas van Dijk
e9de38eb61 strongswan-swanctl: actually removed the strongswan parameter files 2018-03-26 17:18:08 +02:00
Frank Doepper
66deb3aa29 quagga service: fix service and re-enable test
adding quagga to quaggavty
reverting 8a18e1f
2018-03-25 21:26:45 +02:00
Florian Klink
6ac74d60ad networkmanager-pptp: remove package
Currently broken on NixOS due to hardcoded modprobe binary path (see
bug #30756 from Oct 2017), no activity on a proposed fix for months.
As the protocol is terribly broken anyways, let's better remove it
completely, and not talk about anymore ;-)

Closes #30756.
2018-03-23 22:24:50 +01:00
Robin Gloster
76ea0e1b2e
Merge pull request #32960 from florianjacob/prosody-0.10
Prosody 0.10.0
2018-03-22 14:12:57 +01:00
Robin Gloster
0a80f2c0f4
prosody: improve module handling 2018-03-22 03:40:46 +01:00
Tuomas Tynkkynen
2fec9c6e29 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/development/tools/build-managers/conan/default.nix
2018-03-13 23:04:18 +02:00
Florian Jacob
226965da67 prosody: 0.9.12 -> 0.10.0
updating config options, removing luazlib as mod_compression was removed
for security reasons.
2018-03-12 20:19:03 +01:00
Silvan Mosberger
86ca617948
resilio: Adjust option description to 3d17573 2018-03-11 01:18:34 +01:00
Jan Malakhovski
7079e744d4 Merge branch 'master' into staging
Resolved the following conflicts (by carefully applying patches from the both
branches since the fork point):

   pkgs/development/libraries/epoxy/default.nix
   pkgs/development/libraries/gtk+/3.x.nix
   pkgs/development/python-modules/asgiref/default.nix
   pkgs/development/python-modules/daphne/default.nix
   pkgs/os-specific/linux/systemd/default.nix
2018-03-10 20:38:13 +00:00
Vladyslav M
2a147bea02 iwd: 2017-12-14 -> 0.1 2018-03-07 20:28:12 +02:00
volth
30877b1ed8 nix-serve: nix 2.0 fixes 2018-03-05 19:32:42 +00:00
Jörg Thalheim
9936ed4920
Merge pull request #31019 from teto/strongswan_rebased
[RFC/RDY] make l2tp work with Strongswan
2018-03-03 15:56:05 +00:00
Shea Levy
fec543436d
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
Bas van Dijk
85abad9e1c strongswan-swanctl: fixed type of 'file' options 2018-02-28 12:01:31 +01:00
Bas van Dijk
018f66020f strongswan-swanctl: disable the structured strongswan config for now in favour of a literal config
This reduces the number of option by over 600.
2018-02-28 11:44:22 +01:00
Bas van Dijk
592a89befc strongswan-swanctl: support strongswan-5.6.2 configuration options 2018-02-28 11:04:41 +01:00
Bas van Dijk
7c94804680 strongswan-swanctl: don't generate options for charon
This reduces the number of options from 1152 to 756.
2018-02-28 10:41:54 +01:00
Bas van Dijk
7cc5ee2354 strongswan-swanctl: support strongswan-5.6.1 configuration options
I determined which options got changed by executing the following
commands in the strongswan repository:

  git diff -U20 5.6.0..5.6.1 src/swanctl/swanctl.opt
  git diff -U20 5.6.0..5.6.1 conf
2018-02-28 10:41:54 +01:00
Bas van Dijk
bd24b3addd nixos: add the strongswan-swanctl service
The strongswan-swanctl systemd service starts charon-systemd. This implements a IKE daemon
very similar to charon, but it's specifically designed for use with systemd. It uses the
systemd libraries for a native integration.

Instead of using starter and an ipsec.conf based configuration, the daemon is directly
managed by systemd and configured with the swanctl configuration backend.

See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd

Note that the strongswan.conf and swantctl.conf configuration files are automatically
generated based on NixOS options under services.strongswan-swanctl.strongswan and
services.strongswan-swanctl.swanctl respectively.
2018-02-28 10:41:54 +01:00
Peter Hoeg
f9cc3c08e2
Merge pull request #35432 from timokau/syncthing-deprecate-inotify
syncthing,qsyncthingtray: remove syncthing-inotify
2018-02-26 11:04:33 +08:00