Florian Klink
ebfae82674
nixos/yubikey-agent: add missing mkIf
...
This accidentially added pkgs.yubikey-agent to
environment.systemPackages unconditionally.
2020-07-26 09:34:24 +02:00
Florian Klink
8f7a623af6
Merge pull request #92936 from philandstuff/add-yubikey-agent
...
yubikey-agent: init at 0.1.3
2020-07-23 17:52:30 +02:00
Nikola Knežević
53f42f245a
oauth2_proxy: 5.1.1 -> 6.0.0 ( #93121 )
...
The new release fixes one of the outstanding CVEs against oauth2_proxy:
https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv .
In addition, rename the owner and the project name to reflect the
changes upstream (it now belongs to the oauth2-proxy organization, and
the name is oauth2-proxy)
2020-07-19 22:08:33 -07:00
Philip Potter
e4029c34fc
yubikey-agent: init at 0.1.3
...
This adds yubikey-agent as a package and a nixos module.
On macOS, we use `wrapProgram` to set pinentry_mac as default in PATH;
on Linux we rely on the user to set their preferred pinentry in PATH.
In particular, we use a systemd override to prefix PATH to select a
chosen pinentry program if specified.
On Linux, we need libnotify to provide the notify-send utility for
desktop notifications (such as "Waiting for Yubikey touch...").
This might work on other flavors of unix, but I haven't tested.
We reuse the programs.gnupg.agent.pinentryFlavor option for
yubikey-agent, but in doing so I hit a problem: pinentryFlavour's
default value is specified in a mkDefault, but only conditionally. We
ought to be able to pick up the pinentryFlavour whether or not gpg-agent
is running. As a result, this commit moves the default value to the
definition of programs.gnupg.agent.enable.
2020-07-16 15:29:33 +01:00
Benjamin Hipple
152a29fef8
Merge pull request #77557 from c0deaddict/feature/nginx-sso-package-option
...
nixos/nginx.sso: add package option
2020-07-05 21:24:22 -04:00
Samuel Gräfenstein
5bb0b72720
nixos/*: wheter -> whether
2020-07-04 15:20:41 +02:00
Silvan Mosberger
f03e85f703
Merge pull request #74589 from tmplt/fix-physlock
...
nixos/physlock: add suspend-then-hibernate to lockOn.suspend units
2020-06-17 18:06:52 +02:00
tmplt
51e995cc05
nixos/physlock: add suspend-then-hibernate to suspend/hibernate units
2020-06-16 23:42:56 +02:00
Jan Tojnar
0af23b05ab
Merge pull request #75435 from Elyhaka/fprintd
2020-05-25 12:22:48 +02:00
Philipp Bartsch
2827491c23
nixos/usbguard: update systemd sandboxing features
...
Apply upstream systemd service configuration options to improve
sandboxing.
2020-05-24 10:36:07 +02:00
Elyhaka
131a28e9f2
fprintd: 0.9.0 -> 1.90.1
2020-05-19 14:03:31 +02:00
Linus Heckemann
db010c5537
Merge pull request #85687 from mayflower/privacyidea
...
Init privacyIDEA packages and modules
2020-05-13 09:08:57 +02:00
Robin Gloster
f1f0e82c50
privacyidea: address reviews
2020-05-09 12:11:44 +02:00
zowoq
c59c4e3589
nixos/*: use $out instead of $bin with buildGoPackage
2020-04-28 20:30:29 +10:00
Bas van Dijk
784aa2913a
Merge pull request #79840 from knl/update-oauth2_proxy-to-5.0.0
...
oauth2_proxy: 3.2.0 -> 5.1.0
2020-04-22 12:15:07 +02:00
Robin Gloster
134c66b584
privacyidea module: init
2020-04-21 16:54:51 +02:00
Dominik Xaver Hörl
0412bde942
treewide: add bool type to enable options, or make use of mkEnableOption
...
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
2020-04-21 08:55:36 +02:00
Nikola Knezevic
3c551848be
oauth2_proxy: Update NixOS module
...
Update to match the current flags and apply fixes to all breaking changes.
2020-04-20 10:11:46 +02:00
Pavol Rusnak
fadcfc3ea4
treewide: per RFC45, remove more unquoted URLs
2020-04-18 14:04:37 +02:00
Simon Lackerbauer
017dca51fa
fail2ban: fix firewall warning
2020-03-22 18:11:36 +01:00
Izorkin
c75398b10a
nixos/fail2ban: disable work fail2ban without firewall
2020-03-18 09:54:19 +03:00
Jörg Thalheim
c23f10da6a
fail2ban: 0.10.5 -> 0.11.1 ( #67931 )
...
fail2ban: 0.10.5 -> 0.11.1
2020-01-31 08:58:58 +00:00
Izorkin
96e2669114
nixos/fail2ban: enable sandboxing
2020-01-29 23:15:56 +03:00
Izorkin
f1d7dfe29f
nixos/fail2ban: add custom options
2020-01-29 23:15:56 +03:00
Izorkin
a55be8d794
nixos/fail2ban: update serviceConfig
2020-01-29 23:15:56 +03:00
Izorkin
182012ef43
nixos/fail2ban: add options to enable work service with iptables-compat
2020-01-29 23:15:56 +03:00
Izorkin
68d601d65c
nixos/fail2ban: clean-up configuration
2020-01-29 23:15:56 +03:00
Matthijs Steen
44dff89215
bitwarden_rs: 1.9.1 -> 1.13.1
2020-01-28 17:26:49 +01:00
Andreas Brenk
36da345caa
nixos/sshguard: use nftables backend if enabled
...
The current module assumes use of iptables and breaks if nftables is
used instead.
This change configures the correct backend based on the
config.networking.nftables.enable setting.
2020-01-27 14:42:28 +01:00
Yorick van Pelt
15e98e7428
nixos/vault: add ExecReload entry
2020-01-24 18:59:13 +01:00
Jos van Bakel
6f3b04eb71
nixos/nginx.sso: add package option
2020-01-12 14:35:23 +01:00
Robert Hensing
9884cb3ed0
Merge pull request #76861 from Infinisil/paths-as-submodules
...
lib/types: Allow paths as submodule values
2020-01-12 14:19:04 +01:00
markuskowa
59670b0c56
Merge pull request #76939 from lourkeur/fix_76184_tsocks
...
nixos/tsocks: Add types to the options
2020-01-09 21:33:18 +01:00
Silvan Mosberger
228a7b173e
nixos/certmgr: Flip either submodule path type
...
For upcoming allowance of paths as submodules
2020-01-08 23:54:45 +01:00
rnhmjoj
1d61efb7f1
treewide: use attrs instead of list for types.loaOf options
2020-01-06 10:39:18 -05:00
Louis Bettens
caa9ce1caa
nixos/tsocks: Add types to the options
2020-01-05 00:15:26 +01:00
Silvan Mosberger
4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
...
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
EEva (JPotier)
9b78e5f35d
vault: fix config when file backend is used
...
When the option services.vault.storageBackend is set to "file", a
systemd.tmpfiles.rules was added, with extraneous []. These are not
needed and have been removed.
2019-11-05 16:54:34 +01:00
Janne Heß
d6c08776ba
treewide: Switch to system users
2019-10-12 22:25:28 +02:00
worldofpeace
e2644036f6
fprintd: 0.8.1 -> 0.9.0
...
Resolves issues with StateDirectory not being set in
systemd unit.
https://gitlab.freedesktop.org/libfprint/fprintd/-/tags/V_0_9_0
2019-09-17 20:15:57 -04:00
Vladimír Čunát
f21211ebfe
Merge branch 'master' into staging
2019-09-02 23:25:24 +02:00
Florian Klink
f74735c9d7
nixos: remove dependencies on local-fs.target
...
Since https://github.com/NixOS/nixpkgs/pull/61321 , local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
2019-09-01 19:06:38 +02:00
Silvan Mosberger
478e7184f8
nixos/modules: Remove all usages of types.string
...
And replace them with a more appropriate type
Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk
ad1d58c622
Merge staging-next into staging
2019-08-31 10:04:20 +02:00
Danielle Lancashire
4b99f9ba0b
vault: add raft backend to vault service
2019-08-28 18:42:18 +02:00
Frederik Rietdijk
5061fe0c2c
Merge staging-next into staging
2019-08-28 08:26:42 +02:00
volth
35d68ef143
treewide: remove redundant quotes
2019-08-26 21:40:19 +00:00
Sarah Brofeldt
3a64303a20
Merge pull request #63539 from ivan/usbguard-nox
...
usbguard-nox: init at 0.7.4
2019-08-23 16:25:13 +02:00
Marek Mahut
d7b3d2d0fd
Merge pull request #65995 from danderson/master
...
nixos/sshguard: create ipsets before starting, and clean up after stopping.
2019-08-19 21:05:42 +02:00
Silvan Mosberger
88bb9fa403
nixos/modules: Replace all nested types.either's with types.oneOf's
2019-08-08 23:35:52 +02:00