JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
396,340 Commits 1 Branch 0 Tags 12 GiB
eb9760b8f7
Commit Graph

2884 Commits

Author SHA1 Message Date
Aaron Andersen
2aecc7fdc1
Merge pull request #183360 from Sohalt/nixos/headscale 
nixos/headscale: minor improvements
 2022-07-30 15:02:37 +02:00
Rick van Schijndel
9e9f6fc1c3
Merge pull request #152065 from chkno/stunnel-extraConfig 
nixos/stunnel: Make free-form
 2022-07-26 23:24:31 +02:00
Bernardo Meurer
1cfb6dab0f
Merge pull request #182789 from talyz/sshd-dont-delete-symlinks 
sshd: Don't remove symlinks to host key files
 2022-07-25 21:51:46 -07:00
Felix Buehler
17e93b090e services.murmur: add openFirewall option 2022-07-24 10:32:37 +02:00
Bjørn Forsman
65399c4742 nixos/syncthing: don't leak the secret API key in process listings 2022-07-23 13:59:11 +02:00
Sandro
98b4daa994
Merge pull request #181881 from SuperSandro2000/searx 2022-07-21 22:39:48 +02:00
talyz
ddf8182d5b
sshd: Don't remove symlinks to host key files 
If a host key file is a symlink pointing to an as of yet non-existent
file, we don't want to remove it, but instead follow the symlink and
create the file at that location.

See https://github.com/nix-community/impermanence/issues/101 for more
information on the issue the original behavior creates.
 2022-07-21 19:15:04 +02:00
Maximilian Bosch
501bbad4ce
Merge pull request #182104 from mayflower/mail-exporter-secrets 
nixos/prometheus-mail-exporter: support storing `passphrase` outside of the store, use umask when using envsubst
 2022-07-20 20:42:14 +02:00
Maximilian Bosch
590e60d124
nixos/mxisd: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Wei Tang
b0a0087d53
nixos/flannel: upgrade to etcdv3 (#180315) 2022-07-19 16:09:42 +10:00
oaksoaj
fc9e22fca1 yggdrasil: add group option back and remove systemd User= directive 
The group configuration parameter allow to share access to yggdrasil
control socket with the users in the system. In the version we propose,
it is null by default so that only root can access the control socket,
but let user create their own group if they need.

Remove User= durective in systemd unit. Should a user with the specified
name already exist in the system, it would be used silently instead of a
dynamic user which could be a security concern.
 2022-07-18 12:56:59 -05:00
oaksoaj
080774e28f yggdrasil: reenable DynamicUser 
Since version 0.4 Yggdrasil works again using systemd's DynamicUser option.
This patch reenables it to improve security.

We tested this with both persistent and non-persistent keys. Everything
seems to work fine.
 2022-07-18 12:56:59 -05:00
Maximilian Bosch
179688c7c8
Merge pull request #181377 from mayflower/mxisd-secrets 
nixos/mxisd: allow passing secrets
 2022-07-18 15:10:49 +02:00
Maximilian Bosch
c2c82fbe43
nixos/mxisd: use a list for env file for mergeability 2022-07-18 13:47:09 +02:00
Sandro Jäckel
3920bb41f2
nixos/searx: improve searxng compatibility 2022-07-17 21:45:30 +02:00
Aaron Andersen
9b01242132
Merge pull request #131261 from bb2020/dlna 
nixos/minidlna: convert to structural settings
 2022-07-15 21:28:19 +02:00
Maximilian Bosch
d54d70f166
nixos/mxisd: allow passing secrets 
Suppose you want to provide a LDAP-based directory search to your
homeserver via a service-user with a bind-password. To make sure that
this doesn't end up in the Nix store, it's now possible to set a
substitute for the bindPassword like

    services.mxisd.extraConfig.ldap.connection = {
      # host, bindDn etc.
      bindPassword = "$LDAP_BIND_PW";
    };

and write the actual secret into an environment file that's readable for
`mxisd.service` containing

    LDAP_BIND_PW=<your secret bind pw>

and the following setting in the Nix expression:

    services.mxisd.environmentFile = "/runs/ecrets/mxisd";

(cherry picked from commit aa25ce7aa1a89618e4257fd46c7d20879f54c728)
 2022-07-13 19:19:17 +02:00
Sandro
78fff7ed35
Merge pull request #181197 from bjornfor/fix-ddclient-password-leak 2022-07-12 15:13:43 +02:00
Bjørn Forsman
e0f2f7f9ea nixos/ddclient: don't leak password in process listings 
...by using `replace-secret` instead of `sed` when injecting the
password into the ddclient config file. (Verified with `execsnoop`.)

Ref https://github.com/NixOS/nixpkgs/issues/156400.
 2022-07-12 10:23:40 +02:00
Pascal Wittmann
6d1cabe9d9
Merge pull request #158346 from kurnevsky/i2pd-yggdrasil 
i2pd: add yggdrasil settings
 2022-07-12 10:19:18 +02:00
Sandro
366683965e
Merge pull request #166308 from ncfavier/wg-resolvconf 
nixos/resolvconf: allow different implementations
 2022-07-10 21:00:00 +02:00
James Hannah
c6e76ab7c9 nixos/radvd: add package option 
Allow package users to override the package for radvd.
 2022-07-01 21:11:46 +02:00
Sandro
911a73340c
Merge pull request #175335 from wyndon/init-lokinet 2022-07-01 11:54:38 +02:00
bb2020
7113eb5574 nixos/minidlna: convert to structural settings 2022-07-01 11:05:38 +03:00
bb2020
449d6ce32b nixos/minidlna: add more configuration options 2022-07-01 11:05:38 +03:00
wyndon
69e1e00ebb
nixos/lokinet: init 2022-06-30 16:01:50 +02:00
Pascal Bach
13df7151e1
Merge pull request #178783 from greizgh/fix-syncthing-doc 
nixos/syncthing: fix services.syncthing.folders description
 2022-06-27 22:37:56 +02:00
Aaron Andersen
28562b800e
Merge pull request #178154 from aanderse/nixos/prosody 
nixos/prosody: conditionally provision required directories with StateDirectory
 2022-06-26 22:45:18 +02:00
Sandro
74ea995b11
Merge pull request #174446 from jsimonetti/routedns-init 
routedns: init at 0.1.5
 2022-06-24 16:31:03 +02:00
Lassulus
8c2e25e98e
Merge pull request #177081 from azahi/trickster 
trickster: 0.1.10 -> 1.1.5
 2022-06-23 22:24:54 +02:00
Greizgh
ac1e34f0fe
nixos/syncthing: fix services.syncthing.folders description 
It was improperly referencing overrideDevices instead of overrideFolders.
 2022-06-23 20:44:59 +02:00
Bernardo Meurer
5332bc174a
Merge pull request #178483 from twitchyliquid64/tailscale-networkd 
tailscale: ignore tailscale link when using networkd
 2022-06-23 12:10:14 -04:00
ajs124
6c189d264e
Merge pull request #177077 from Lassulus/bitlbee_cfgdir 
nixos/bitlbee: allow writing to configDir
 2022-06-22 19:27:59 +02:00
Naïm Favier
4af5c46faa
nixos/dhcpcd: use networking.resolvconf.package 
Allow using the appropriate resolver implementation to set DNS entries
(typically systemd-resolved instead of openresolv).
 2022-06-21 22:58:44 +02:00
Naïm Favier
953a5bd3dd
nixos/tailscale: use networking.resolvconf.package 
Allow using the appropriate resolver implementation to set DNS entries
(typically systemd-resolved instead of openresolv).
 2022-06-21 22:58:44 +02:00
Naïm Favier
458ac47a1d
nixos/wg-quick: improve usage with systemd-networkd 
Use `networking.resolvconf.package` to allow DNS entries to be set using
the system-wide resolver implementation instead of hardcoding systemd or
openresolv.

Extend the tests by adding DNS entries and making one of the peers use
systemd-networkd (hence systemd-resolved).

Also add a few `networkd`-specific settings.
 2022-06-21 22:58:44 +02:00
Tom
3b8a162680 tailscale: ignore tailscale link when using networkd 2022-06-21 13:23:28 -07:00
Robert Hensing
e2c261f2c0
Merge pull request #176146 from pennae/module-docs-markdown 
treewide: markdown option docs
 2022-06-21 13:16:02 +02:00
Aaron Andersen
078a53824e nixos/prosody: provide additional details in the user and group options description 2022-06-18 10:08:08 -04:00
Aaron Andersen
79bfd3c0d0 nixos/prosody: conditionally provision required directories with StateDirectory 2022-06-18 10:05:15 -04:00
Jeroen Simonetti
829167bd27
nixos/routedns: init 
Signed-off-by: Jeroen Simonetti <jeroen@simonetti.nl>
 2022-06-15 08:33:46 +02:00
Azat Bahawi
82497b0e9f
trickster: 0.1.10 -> 1.1.5 2022-06-14 01:51:45 +03:00
Maximilian Bosch
fd2a89b983
nixos/wpa_supplicant: don't log that wpa_supplicant.conf is ignored with allowAuxiliaryImperativeNetworks = true 
The warning is wrong with `allowAuxiliaryImperativeNetworks`[1] being
set to `true` because both files are included in this case with `-c` and
`-I`.

[1] https://nixos.org/manual/nixos/stable/options.html#opt-networking.wireless.allowAuxiliaryImperativeNetworks
 2022-06-12 17:07:36 +02:00
pennae
320aa2a791 treewide: attempt at markdown option docs 2022-06-12 12:44:38 +02:00
Timothy DeHerrera
ec4e23d4e9
Merge pull request #171155 from cab404/wg-quick-files 
nixos/wg-quick: added support for configuration files
 2022-06-11 22:00:45 -07:00
Soham Sen
feff6ddbe7 expressvpn: init at 3.25.0.13 2022-06-11 17:10:33 +05:30
lassulus
a12e525410 nixos/bitlbee: allow writing to configDir 2022-06-09 21:05:16 +02:00
sohalt
f1669775bc nixos/headscale: do not run gin webframework in debug mode 2022-06-07 23:22:05 +02:00
sohalt
18c899d963 nixos/headscale: only set oidc secret if not null 2022-06-07 23:21:13 +02:00
cab
8de1e9e2f8
nixos/wg-quick: added support for configuration files 2022-06-07 01:28:50 +04:00