Commit Graph

212 Commits

Author SHA1 Message Date
Florian Klink
ebfae82674 nixos/yubikey-agent: add missing mkIf
This accidentially added pkgs.yubikey-agent to
environment.systemPackages unconditionally.
2020-07-26 09:34:24 +02:00
Florian Klink
8f7a623af6
Merge pull request #92936 from philandstuff/add-yubikey-agent
yubikey-agent: init at 0.1.3
2020-07-23 17:52:30 +02:00
Nikola Knežević
53f42f245a
oauth2_proxy: 5.1.1 -> 6.0.0 (#93121)
The new release fixes one of the outstanding CVEs against oauth2_proxy:
https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv.

In addition, rename the owner and the project name to reflect the
changes upstream (it now belongs to the oauth2-proxy organization, and
the name is oauth2-proxy)
2020-07-19 22:08:33 -07:00
Philip Potter
e4029c34fc yubikey-agent: init at 0.1.3
This adds yubikey-agent as a package and a nixos module.

On macOS, we use `wrapProgram` to set pinentry_mac as default in PATH;
on Linux we rely on the user to set their preferred pinentry in PATH.
In particular, we use a systemd override to prefix PATH to select a
chosen pinentry program if specified.

On Linux, we need libnotify to provide the notify-send utility for
desktop notifications (such as "Waiting for Yubikey touch...").

This might work on other flavors of unix, but I haven't tested.

We reuse the programs.gnupg.agent.pinentryFlavor option for
yubikey-agent, but in doing so I hit a problem: pinentryFlavour's
default value is specified in a mkDefault, but only conditionally.  We
ought to be able to pick up the pinentryFlavour whether or not gpg-agent
is running.  As a result, this commit moves the default value to the
definition of programs.gnupg.agent.enable.
2020-07-16 15:29:33 +01:00
Benjamin Hipple
152a29fef8
Merge pull request #77557 from c0deaddict/feature/nginx-sso-package-option
nixos/nginx.sso: add package option
2020-07-05 21:24:22 -04:00
Samuel Gräfenstein
5bb0b72720
nixos/*: wheter -> whether 2020-07-04 15:20:41 +02:00
Silvan Mosberger
f03e85f703
Merge pull request #74589 from tmplt/fix-physlock
nixos/physlock: add suspend-then-hibernate to lockOn.suspend units
2020-06-17 18:06:52 +02:00
tmplt
51e995cc05 nixos/physlock: add suspend-then-hibernate to suspend/hibernate units 2020-06-16 23:42:56 +02:00
Jan Tojnar
0af23b05ab
Merge pull request #75435 from Elyhaka/fprintd 2020-05-25 12:22:48 +02:00
Philipp Bartsch
2827491c23 nixos/usbguard: update systemd sandboxing features
Apply upstream systemd service configuration options to improve
sandboxing.
2020-05-24 10:36:07 +02:00
Elyhaka
131a28e9f2
fprintd: 0.9.0 -> 1.90.1 2020-05-19 14:03:31 +02:00
Linus Heckemann
db010c5537
Merge pull request #85687 from mayflower/privacyidea
Init privacyIDEA packages and modules
2020-05-13 09:08:57 +02:00
Robin Gloster
f1f0e82c50
privacyidea: address reviews 2020-05-09 12:11:44 +02:00
zowoq
c59c4e3589 nixos/*: use $out instead of $bin with buildGoPackage 2020-04-28 20:30:29 +10:00
Bas van Dijk
784aa2913a
Merge pull request #79840 from knl/update-oauth2_proxy-to-5.0.0
oauth2_proxy: 3.2.0 -> 5.1.0
2020-04-22 12:15:07 +02:00
Robin Gloster
134c66b584
privacyidea module: init 2020-04-21 16:54:51 +02:00
Dominik Xaver Hörl
0412bde942 treewide: add bool type to enable options, or make use of mkEnableOption
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
2020-04-21 08:55:36 +02:00
Nikola Knezevic
3c551848be oauth2_proxy: Update NixOS module
Update to match the current flags and apply fixes to all breaking changes.
2020-04-20 10:11:46 +02:00
Pavol Rusnak
fadcfc3ea4
treewide: per RFC45, remove more unquoted URLs 2020-04-18 14:04:37 +02:00
Simon Lackerbauer
017dca51fa
fail2ban: fix firewall warning 2020-03-22 18:11:36 +01:00
Izorkin
c75398b10a nixos/fail2ban: disable work fail2ban without firewall 2020-03-18 09:54:19 +03:00
Jörg Thalheim
c23f10da6a
fail2ban: 0.10.5 -> 0.11.1 (#67931)
fail2ban: 0.10.5 -> 0.11.1
2020-01-31 08:58:58 +00:00
Izorkin
96e2669114 nixos/fail2ban: enable sandboxing 2020-01-29 23:15:56 +03:00
Izorkin
f1d7dfe29f nixos/fail2ban: add custom options 2020-01-29 23:15:56 +03:00
Izorkin
a55be8d794 nixos/fail2ban: update serviceConfig 2020-01-29 23:15:56 +03:00
Izorkin
182012ef43 nixos/fail2ban: add options to enable work service with iptables-compat 2020-01-29 23:15:56 +03:00
Izorkin
68d601d65c nixos/fail2ban: clean-up configuration 2020-01-29 23:15:56 +03:00
Matthijs Steen
44dff89215 bitwarden_rs: 1.9.1 -> 1.13.1 2020-01-28 17:26:49 +01:00
Andreas Brenk
36da345caa nixos/sshguard: use nftables backend if enabled
The current module assumes use of iptables and breaks if nftables is
used instead.

This change configures the correct backend based on the
config.networking.nftables.enable setting.
2020-01-27 14:42:28 +01:00
Yorick van Pelt
15e98e7428
nixos/vault: add ExecReload entry 2020-01-24 18:59:13 +01:00
Jos van Bakel
6f3b04eb71
nixos/nginx.sso: add package option 2020-01-12 14:35:23 +01:00
Robert Hensing
9884cb3ed0
Merge pull request #76861 from Infinisil/paths-as-submodules
lib/types: Allow paths as submodule values
2020-01-12 14:19:04 +01:00
markuskowa
59670b0c56
Merge pull request #76939 from lourkeur/fix_76184_tsocks
nixos/tsocks: Add types to the options
2020-01-09 21:33:18 +01:00
Silvan Mosberger
228a7b173e
nixos/certmgr: Flip either submodule path type
For upcoming allowance of paths as submodules
2020-01-08 23:54:45 +01:00
rnhmjoj
1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Louis Bettens
caa9ce1caa nixos/tsocks: Add types to the options 2020-01-05 00:15:26 +01:00
Silvan Mosberger
4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
EEva (JPotier)
9b78e5f35d vault: fix config when file backend is used
When the option services.vault.storageBackend is set to "file", a
systemd.tmpfiles.rules was added, with extraneous []. These are not
needed and have been removed.
2019-11-05 16:54:34 +01:00
Janne Heß
d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
worldofpeace
e2644036f6 fprintd: 0.8.1 -> 0.9.0
Resolves issues with StateDirectory not being set in
systemd unit.

https://gitlab.freedesktop.org/libfprint/fprintd/-/tags/V_0_9_0
2019-09-17 20:15:57 -04:00
Vladimír Čunát
f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Florian Klink
f74735c9d7 nixos: remove dependencies on local-fs.target
Since https://github.com/NixOS/nixpkgs/pull/61321, local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
2019-09-01 19:06:38 +02:00
Silvan Mosberger
478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk
ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
Danielle Lancashire
4b99f9ba0b
vault: add raft backend to vault service 2019-08-28 18:42:18 +02:00
Frederik Rietdijk
5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
volth
35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Sarah Brofeldt
3a64303a20
Merge pull request #63539 from ivan/usbguard-nox
usbguard-nox: init at 0.7.4
2019-08-23 16:25:13 +02:00
Marek Mahut
d7b3d2d0fd
Merge pull request #65995 from danderson/master
nixos/sshguard: create ipsets before starting, and clean up after stopping.
2019-08-19 21:05:42 +02:00
Silvan Mosberger
88bb9fa403
nixos/modules: Replace all nested types.either's with types.oneOf's 2019-08-08 23:35:52 +02:00