alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
184900 commits 217 branches 121 tags 4.5 GiB
Commit graph

1576 commits

Author SHA1 Message Date
Maximilian Bosch 00a5222499
nixos/sshd: validate ssh configs during build 
With `sshd -t` config validation for SSH is possible. Until now, the
config generated by Nix was applied without any validation (which is
especially a problem for advanced config like `Match` blocks).

When deploying broken ssh config with nixops to a remote machine it gets
even harder to fix the problem due to the broken ssh that makes reverts
with nixops impossible.

This change performs the validation in a Nix build environment by
creating a store path with the config and generating a mocked host key
which seems to be needed for the validation. With a broken config, the
deployment already fails during the build of the derivation.

The original attempt was done in #56345 by adding a submodule for Match
groups to make it harder screwing that up, however that made the module
far more complex and config should be described in an easier way as
described in NixOS/rfcs#42.
 2019-05-24 20:16:53 +02:00
Carl Dong f15118a883 nixos/bitcoind: add bitcoind service 2019-05-22 15:48:57 -04:00
Ingolf Wanger e4f1e144a0 syncthing: made module more NixOps friendly 2019-05-22 22:39:34 +09:00
William Casarin 9a81e9cd9e xinetd: exec xinetd on launch 
I noticed xinetd process doesn't get exec'd on launch, exec here so the bash
process doesn't stick around.

Signed-off-by: William Casarin <jb55@jb55.com>
 2019-05-20 10:37:35 +01:00
lassulus a3e7e1bbc8 nixos/syncthing: add options for declarative device/folder config 2019-05-20 17:56:17 +09:00
Aaron Andersen b5a0c38e55
Merge pull request #59401 from mguentner/mxisd_1_3 
mxisd: 1.2.0 -> 1.4.3
 2019-05-19 07:00:47 -04:00
Robin Gloster 6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull 
treewide: Remove usage of isNull
 2019-05-18 09:36:24 +00:00
Maximilian Güntner 1a84bfc0a2
mxisd: 1.2.0 -> 1.4.3 2019-05-16 21:14:13 +02:00
Linus Heckemann 2b13c29c3c
Merge pull request #60231 from mayflower/tinc-allow-networking-interfaces 
nixos/tinc: remove ordering dependency on network.target
 2019-05-14 17:51:20 +02:00
Will Dietz 45886612f0 networkmanager: network-online --wants--> NetworkManager-wait-online 2019-05-04 19:04:45 -05:00
Renaud 966ee252c2
Merge pull request #59367 from Ma27/fix-hostapd-interface-naming 
nixos/hostapd: escape interface names for hostapd
 2019-05-03 19:04:00 +02:00
Hsiang-Cheng Yang e775587d63 softether: 4.25 -> 4.29 (#60665) 
* softether: 4.25 -> 4.29

* softether_4_29: restrict to x86_64-linux
Does not build on aarch64 because of upstream "-m64" compile flag
 2019-05-02 19:38:37 +02:00
Silvan Mosberger a27dc9d3ab
nixos/znc: Fix config generator for certain null values 
The type of ZNC's config option specifies that a configuration like

  config.User.paul = null;

should be valid, which is useful for clearing/disabling property sets
like Users and Networks. However until now the config generator
implementation didn't actually cover null values, meaning you'd get an
error like

  error: value is null while a set was expected, at /foo.nix:29:10

This fixes the implementation to correcly allow clearing of property
sets.
 2019-05-01 00:06:11 +02:00
Daniel Schaefer 786f02f7a4 treewide: Remove usage of isNull 
isNull "is deprecated; just write e == null instead" says the Nix manual
 2019-04-29 14:05:50 +02:00
Silvan Mosberger 77fb90d27e
Merge pull request #59731 from ajs124/ejabberd_test 
ejabberd: refactor module, add test
 2019-04-27 23:36:52 +02:00
Lassulus 21fe4fd176
Merge pull request #58181 from fgaz/nixos/zeronet/fix1 
nixos/zeronet: add fileserverPort option
 2019-04-27 15:45:30 +09:00
Linus Heckemann d4cd164082 nixos/tinc: remove ordering dependency on network.target 
This allows configuring IP addresses on a tinc interface using
networking.interfaces."tinc.${n}".ipv[46].addresses.

Previously, this would fail with timeouts, because of the dependency
chain
tinc.${netname}.service
--after--> network.target
--after--> network-addresses-tinc.${n}.service (and network-link-…)
--after--> sys-subsystem-net-devices-tinc.${n}.device

But the network interface doesn't exist until tinc creates it! So
systemd waits in vain for the interface to appear, and by then the
network-addresses-* and network-link-* units have failed. This leads
to the network link not being brought up and the network addresses not
being assigned, which in turn stops tinc from actually working.
 2019-04-25 22:54:11 +02:00
Robin Gloster b2c1ed6355
Merge pull request #53043 from exi/wg-quick 
nixos/modules/networking/wg-quick Add wg-quick options support
 2019-04-24 17:16:32 +00:00
Maximilian Bosch 28a95c4f7f
Merge pull request #60138 from grahamc/wireguard-generate-key 
wireguard: add generatePrivateKeyFile option + test
 2019-04-24 16:00:34 +02:00
Graham Christensen 06c83a14e1
Wrap 'wg' commands in <command> 2019-04-24 07:46:01 -04:00
Graham Christensen f57fc6c881
wireguard: add generatePrivateKeyFile option + test 
Ideally, private keys never leave the host they're generated on - like
SSH. Setting generatePrivateKeyFile to true causes the PK to be
generate automatically.
 2019-04-24 07:46:01 -04:00
Silvan Mosberger ca37c23f91
Merge pull request #58096 from pacien/tedicross-init 
tedicross: init at 0.8.7
 2019-04-23 23:14:22 +02:00
pacien d3423dd5c2 nixos/tedicross: add module 2019-04-23 22:52:23 +02:00
ajs124 3e32e150cb nixos/ejabberd: migrate to tmpfiles, drop runit 2019-04-23 14:00:49 +02:00
Aaron Andersen 4a11ce7f26
cleanup redundant text in modules utilizing mkEnableOption 
Closes #59911
 2019-04-20 14:44:02 +02:00
Reno Reckling abf60791e2 nixos/modules/networking/wg-quick Add wg-quick options support 
This is an implementation of wireguard support using wg-quick config
generation.

This seems preferrable to the existing wireguard support because
it handles many more routing and resolvconf edge cases than the
current wireguard support.

It also includes work-arounds to make key files work.

This has one quirk:
We need to set reverse path checking in the firewall to false because
it interferes with the way wg-quick sets up its routing.
 2019-04-20 14:02:54 +02:00
Aaron Andersen 3464b50c61
Merge pull request #59389 from aanderse/issue/53853-1 
replace deprecated usage of PermissionsStartOnly (part 1)
 2019-04-18 20:46:28 -04:00
adisbladis 9a176d669a
nixos/tox-node: Add descriptions to module options. 
Missing these broke the tarball build
https://hydra.nixos.org/build/92258938/nixlog/1
 2019-04-15 17:11:10 +01:00
adisbladis 4b4caa9413
Merge pull request #59368 from suhr/tox-node 
nixos/tox-node: init
 2019-04-15 12:28:27 +03:00
adisbladis 454aa43213
nixos/tox-node: Dont hardcode bootstrap nodes 
Get these from upstream tox-node package instead.
This is likely to cause less maintenance overhead over time and
following upstream bootstrap node changes is automated.
 2019-04-15 09:27:32 +01:00
Сухарик 6cb40f7b0b
nixos/tox-node: init 2019-04-15 09:27:27 +01:00
Silvan Mosberger a63c182d53
Merge pull request #59315 from Infinisil/znc-docs-url 
nixos/znc: Fix URL XML for config option
 2019-04-14 17:33:49 +02:00
Aaron Andersen bb649d96b0 nixos/smokeping: replace deprecated usage of PermissionsStartOnly 
see https://github.com/NixOS/nixpkgs/issues/53852
 2019-04-13 07:01:00 -04:00
Aaron Andersen 89cbee4d3e nixos/mxisd: replace deprecated usage of PermissionsStartOnly 
see https://github.com/NixOS/nixpkgs/issues/53852
 2019-04-13 07:01:00 -04:00
Aaron Andersen cefbee3edc nixos/syncthing: replace deprecated usage of PermissionsStartOnly 
see https://github.com/NixOS/nixpkgs/issues/53852
 2019-04-13 07:00:58 -04:00
Maximilian Bosch f975bbae11
nixos/hostapd: escape interface names for hostapd 
Same problem as described in acbadcdbba.

When using multiple interfaces for wifi with `networking.wlanInterfaces`
and the interface for `hostapd` contains a dash, this will fail as
systemd escapes dashes in its device names.
 2019-04-12 19:27:19 +02:00
Silvan Mosberger 92ae299998
Merge pull request #59081 from Yarny0/hylafax-updates 
HylaFAX: fix ModemGroup, also minor metadata updates
 2019-04-12 16:30:46 +02:00
Yarny0 e57156bcaa nixos/hylafax: fix faxq ModemGroup setting 
The manpage claims that the "limit" in the setting::
  <name>:[<limit>:]<regex>
is optional and defaults to zero, implying no limit.
However, tests confirmed that it actually isn't optional.

Without limit, the setting ``any:.*`` places
outbound jobs on infinite hold if no particular
modem was specified on the sendfax command line.
The new default value ``any:0:.*`` from
this commit uses any available modem to
send jobs if not modem was given to sendfax.
 2019-04-12 11:11:49 +02:00
Yarny0 1438f7b664 nixos/hylafax: add 'yarny' (= myself) as maintainer 
I forgot to do this when I submitted this module with
commit 12fa95f2d6.
 2019-04-12 11:11:48 +02:00
Silvan Mosberger 2d1fa68c83
Merge pull request #59044 from teto/strongswan_path 
strongswan module: use strings for secrets.
 2019-04-11 22:51:24 +02:00
Silvan Mosberger b8dc0f9a5b
nixos/znc: Fix URL XML for config option 2019-04-11 16:59:19 +02:00
Matthieu Coudron 08b8c6caf2 nixos/strongswan: use strings for secrets. 
The nixos module artifically enforces type.path whereas the ipsec secret configuration files
accept pattern or relative paths.
Enforcing absolute paths already caused problems with l2tp vpn:
https://github.com/nm-l2tp/NetworkManager-l2tp/issues/108
 2019-04-11 11:44:49 +09:00
Frederik Rietdijk d108b49168 Merge master into staging-next 2019-04-09 16:38:35 +02:00
Ingo Blechschmidt efff2e1aa6 iodine: improve password handling (#58806) 
Before this change, only passwords not containing shell metacharacters could be
used, and because the password was passed as a command-line argument, local
users could (in a very small window of time) record the password and (in an
indefinity window of time) record the length of the password.

We also use the opportunity to add a call to `exec` in the systemd start
script, so that no shell needs to hang around waiting for iodine to stop.
 2019-04-08 21:20:26 +02:00
Aneesh Agrawal 24ae4ae604 nixos/sshd: Remove obsolete Protocol options (#59136) 
OpenSSH removed server side support for the v.1 Protocol
in version 7.4: https://www.openssh.com/txt/release-7.4,
making this option a no-op.
 2019-04-08 09:49:31 +02:00
Florian Klink 2457510db4
Merge pull request #51918 from bobvanderlinden/var-run 
tree-wide: nixos: /var/run -> /run
 2019-04-07 20:09:46 +02:00
Jan Tojnar cb1a20499a
Merge branch 'master' into staging 2019-04-05 11:37:15 +02:00
Franz Pletz ff36d95878
nixos/quicktun: init 2019-04-02 12:16:48 +02:00
John Ericson 4ccb74011f Merge commit '18aa59b0f26fc707e7313f8467e67159e61600c2' from master into staging 
There was one conflict in the NixOS manual; I checked that it still
built after resolving it.
 2019-04-01 00:40:03 -04:00
Matthew Bauer d468f4b27e
Merge pull request #57139 from delroth/firewall-dedup 
nixos/firewall: canonicalize ports lists
 2019-03-25 22:15:17 -04:00
Bob van der Linden 323e8ef375
nixos/xrdp: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden 210b7134d3
nixos/wpa_supplicant: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden b9e27ec43e
nixos/supplicant: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden 8062476f73
nixos/raccoon: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden 34738dea2a
nixos/ocserv: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden cc5f08fed8
nixos/miniupnpd: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden 321bc431cc
nixos/lldpd: /var/run -> /run 2019-03-24 21:15:27 +01:00
Bob van der Linden 1e48222cbe
nixos/ircd-hybrid: /var/run -> /run 2019-03-24 21:15:27 +01:00
Bob van der Linden 937e733c04
nixos/htpdate: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden 1a567685b2
nixos/hostapd: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden 82dee48ef2
nixos/bind: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden 9afbe4c2bd
nixos/avahi-daemon: /var/run -> /run 2019-03-24 21:15:25 +01:00
Bob van der Linden 08558245a4
nixos/asterisk: /var/run -> /run 2019-03-24 21:13:19 +01:00
Francesco Gazzetta 58f682742e nixos/zeronet: add fileserverPort option 
Without it, zeronet tried to write one to the read-only config file and
crashed
 2019-03-23 17:58:57 +01:00
Wael M. Nasreddine 5af0780492
Merge remote-tracking branch 'origin/master' into staging 
* origin/master: (693 commits)
  buildGoModule: use go_1_12 instead of go_1_11 (#58103)
  gitAndTools.lab: 0.15.2 -> 0.15.3 (#58091)
  signal-desktop: 1.22.0 -> 1.23.0
  added missing semicolon to documentation
  terminus_font_ttf: 4.46.0 -> 4.47.0
  buildGoModule: remove SSL env vars in favor of cacert in buildInputs (#58071)
  dav1d: init at 0.2.1
  dropbox-cli: 2018.11.28 -> 2019.02.14
  atlassian-confluence: 6.14.1 -> 6.14.2
  maintainers: update email for dywedir
  python.pkgs.hglib: use patch to specify hg path (#57926)
  chkrootkit: 0.52 -> 0.53
  radare2-cutter: 1.7.2 -> 1.8.0
  autorandr: 1.7 -> 1.8
  pythonPackages.pyhepmc: fix build
  llvm-polly/clang-polly: use latest llvm
  apulse: 0.1.11.1 -> 0.1.12, cleanup
  factorio: experimental 0.17.14 → 0.17.16 (#58000)
  sequeler: 0.6.7 -> 0.6.8
  nasc: 0.5.1 -> 0.5.2
  ...
 2019-03-21 21:01:25 -07:00
Jörg Thalheim b488c60cdb network-manager: rename systemd service back to match upstream 
Compatibility with other distributions/software and expectation
of users coming from other systems should have higher priority over consistency.
In particular this fixes #51375, where the NetworkManager-wait-online.service
broke as a result of this.
 2019-03-19 23:48:08 +01:00
Martin Weinelt a978d3dcd2
nixos/knot: init 2019-03-14 01:28:53 +01:00
Markus 7e71cd8292 nixos/flannel: Add iptables package to service path 2019-03-12 15:30:33 +00:00
Pierre Bourdon 18bc8203a1
nixos/firewall: canonicalize firewall ports lists 
Fixes #56086.
 2019-03-09 20:02:04 +01:00
Pierre Bourdon 843215ac1c
nixos/firewall: use types.port where appropriate 2019-03-09 19:45:11 +01:00
Bas van Dijk e44e2455d3 strongswan-swanctl: fix module by setting the new SWANCTL_DIR envvar 2019-03-08 16:11:38 +01:00
Peter Hoeg 011fe4a246
Merge pull request #56571 from peterhoeg/u/mqtt 
mosquitto: 1.5.5 -> 1.5.8
 2019-03-04 12:23:45 +08:00
Peter Hoeg 0e40b7bfc2 mosquitto (nixos): notify systemd when started 2019-03-01 18:54:24 +08:00
David Duarte b381c27b58 nixos/coredns: init (#54931) 2019-03-01 11:10:44 +02:00
Andreas Rammhold 64c60a813d nixos/gnunet: fix typo in PrivateTmp parameter (#56343) 
Systemd expects `PrivateTmp` and not `PrivateTemp` in the service
configuration.

I found this by chance while grepping through nixpkgs…
 2019-02-25 15:53:36 +01:00
Nikita Uvarov 131e31cd1b
sshd: fix startWhenNeeded and listenAddresses combination 
Previously, if startWhenNeeded was set, listenAddresses option was
ignored and daemon was listening on all interfaces.
Fixes #56325.
 2019-02-25 00:51:58 +01:00
Silvan Mosberger c0318efe9a
Merge pull request #50504 from symphorien/local-closureInfo 
nixos: add preferLocalBuild=true; on derivations for config files and closureInfo
 2019-02-22 20:53:17 +01:00
Symphorien Gibol a915b33315 nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
Jörg Thalheim 183919a0c0
Merge pull request #56004 from eskimor/add-nix-serve-help 
nixos-nix-serve: Add some hint on howto get valid signing keys.
 2019-02-21 09:43:50 +00:00
Johan Thomsen 7028fac35b
nixos/kubernetes: use system.path to handle dependency on flannel subnet.env 
The current postStart step on flannel causes flannel.service to
sometimes hang, even when it's commanded to stop.
 2019-02-20 21:08:56 +01:00
Robert Klotzner 9f3fe63b5f Add some hint on howto get valid signing keys. 2019-02-20 12:32:08 +01:00
Silvan Mosberger ac953a4a6b
Merge pull request #55766 from Lucus16/bump-quassel 
nixos/quassel: Add support for certificate file
 2019-02-18 03:04:56 +01:00
Jaka Hudoklin 5ae048071d
Merge pull request #55649 from johanot/flannel-with-kubernetes-backend 
nixos/flannel: add kubernetes as storage backend (and fix test)
 2019-02-15 19:55:56 +01:00
Lars Jellema 85675c139f
nixos/quassel: Add support for certificate file 2019-02-14 14:36:21 +01:00
Johan Thomsen 94136fdc1b nixos/flannel: node name needs to be configured for flannel to work with kubernetes storage backend 2019-02-13 17:17:52 +01:00
Johan Thomsen 9522ca5ce9 nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-12 18:26:39 +01:00
Robert Helgesson 488a3f09cd
nixos/wpa_supplicant: use <citerefentry> 
Fixes #55505
 2019-02-10 13:23:28 +01:00
Jörg Thalheim 6c28dd858b
teamspeak: ipv6 support 
Unlike the options descriptions the service was not listen to any
IPs because the address family was limited to ipv4.
 2019-02-08 10:28:20 +00:00
Lily Ballard b0e79359bd nixos/unifi: Update TCP ports 
Fixes #55377
 2019-02-07 13:18:57 -08:00
Ioannis Koutras 6642f3f213 nixos/syncthing: setup user only on system service 2019-02-06 20:23:13 +01:00
Franz Pletz 2746973061
ndppd: don't use weird upstream systemd service unit 2019-02-03 14:39:28 +01:00
elseym 4ce1c59389
ndppd module: refactor 2019-02-03 14:28:54 +01:00
Danylo Hlynskyi 30c312341f
Merge pull request #54637 from danbst/small-eval-optimization 
module system: small eval optimization
 2019-01-31 00:42:24 +02:00
danbst 27982b408e types.optionSet: deprecate and remove last usages 2019-01-31 00:41:10 +02:00
Robert Schütz 0525fa54e8
Merge pull request #54739 from Nadrieril/fix-ffsync 
Fix firefox sync-server
 2019-01-30 16:26:31 +01:00
Nadrieril 375020cf99 nixos/syncserver: mild cleanup 2019-01-30 15:59:01 +01:00
Nadrieril 63c7fe0819 nixos/syncserver: use gunicorn 
As described in `syncserver`'s documentation.
Makes it possible to run behind a reverse proxy.
 2019-01-30 15:59:00 +01:00
Nadrieril 957d0589ad pythonPackages.syncserver: move to all-packages.nix and fix dependencies 2019-01-30 15:59:00 +01:00
Silvan Mosberger f2daf4295e
Merge pull request #54708 from erictapen/unifi-maintainer 
unifi, nixos/unifi: add erictapen as maintainer
 2019-01-27 19:02:40 +01:00
Justin Humm 38f23046a3
unifi, nixos/unifi: add erictapen as maintainer 2019-01-27 17:28:15 +01:00