alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
292901 commits 217 branches 116 tags 4 GiB
Commit graph

2321 commits

Author SHA1 Message Date
Niklas Hambüchen d344dccf3d nixos/wireguard: Remove .path systemd unit for privkey. Fixes #123203 
As per `man systemd.path`:

> When a service unit triggered by a path unit terminates
> (regardless whether it exited successfully or failed),
> monitored paths are checked immediately again,
> **and the service accordingly restarted instantly**.

Thus the existence of the path unit made it impossible to stop the
wireguard service using e.g.

    systemctl stop wireguard-wg0.service

Systemd path units are not intended for program inputs such
as private key files.
This commit simply removes this usage; the private key is still
generated by the `generateKeyServiceUnit`.
 2021-05-28 17:44:19 -07:00
Martin Weinelt fcd6d0bc14
Merge pull request #124263 from Lassulus/solanum3 
solanum: remove obsolete BANDB settings/patches
 2021-05-25 20:51:32 +02:00
Sandro Jäckel 140828ce38
nixos/kresd: tell resolveconf to use local resolver 2021-05-25 16:37:00 +02:00
Niklas Hambüchen 83a8acc392
Merge pull request #121331 from nh2/wireguard-dynamicEndpointRefreshSeconds 
nixos/wireguard: Add `dynamicEndpointRefreshSeconds` option
 2021-05-24 21:49:05 +02:00
lassulus 8eb5701aaf solanum: remove obsolete BANDB settings/patches 2021-05-24 15:49:57 +02:00
Martin Weinelt 71fb79ee6b
Merge pull request #123828 from Lassulus/solanum2 
nixos/solanum: init
 2021-05-21 23:23:01 +02:00
lassulus 48c16e48aa nixos/solanum: init 2021-05-21 23:06:38 +02:00
eyJhb 6000f420e8
nixos/znc: fixed chown not working after hardening (#123883) 2021-05-21 19:07:53 +02:00
ajs124 c455f3ccaf
Merge pull request #123084 from Yarny0/hylafax 
hylafaxplus & nixos/hylafax: small improvements
 2021-05-21 14:20:57 +02:00
Jonas Chevalier 30c021fa15
Merge pull request #123744 from hercules-ci/init-ghostunnel 
ghostunnel: init
 2021-05-20 20:58:41 +02:00
Robert Hensing dc9cb63de4 nixos/ghostunnel: init 2021-05-20 10:41:52 +02:00
Paul Schyska 69202853ea
nixos/nsd: make nsd-checkconf work when configuration contains keys 2021-05-19 18:21:10 +02:00
Michele Guerini Rocco 376eabdac3
Merge pull request #123254 from rnhmjoj/ipsec 
libreswan: 3.2 -> 4.4
 2021-05-19 13:36:04 +02:00
Maciej Krüger 7458dcd956
Merge pull request #75242 from mkg20001/cjdns-fix 
services.cjdns: add missing, optional login & peerName attribute
 2021-05-18 18:22:29 +02:00
Robert Schütz d189df235a
Merge pull request #122241 from dotlambda/znc-harden 
nixos/znc: harden systemd unit
 2021-05-18 17:44:14 +02:00
Maciej Krüger 7409f9bab3
services.cjdns: add missing, optional login & peerName attribute 2021-05-18 17:39:04 +02:00
rnhmjoj 1a4db01c84
nixos/libreswan: update for version 4.x 
- Use upstream unit files
- Remove deprecated config options
- Add option to disable redirects
- Add option to configure policies
 2021-05-18 08:13:36 +02:00
Jörg Thalheim b900661f6e
Merge pull request #122825 from Izorkin/update-duplicates-systemcallfilters 
treewide: remove duplicates SystemCallFilters
 2021-05-17 12:06:06 +01:00
Sandro 700942d2a5
Merge pull request #121119 from SuperSandro2000/remove-gnidorah 
treewide: remove gnidorah
 2021-05-17 02:42:24 +02:00
Niklas Hambüchen 357cf46c8d wireguard module: Add dynamicEndpointRefreshSeconds option. 
See for an intro:
https://wiki.archlinux.org/index.php/WireGuard#Endpoint_with_changing_IP
 2021-05-16 20:11:51 +02:00
Yarny0 c2af1ff281 nixos/hylafax: enable ProtectKernelLogs for most services 
Also document that `ProtectClock` blocks access to serial line.
I couldn't found out why this is the case,
but faxgetty complains about the device file
not being accessible with `ProtectClock=true`.
 2021-05-14 22:55:50 +02:00
Robert Schütz e611d663f4
Merge pull request #120440 from dotlambda/radicale-settings 
nixos/radicale: add settings option
 2021-05-14 15:37:26 +02:00
Yarny0 4415846d5c nixos/hylafax: use runtimeShell where possible 
According to
https://github.com/NixOS/nixpkgs/pull/84556
this effort helps with cross-compilation.

This commit also renames a substituted variable `hylafax`
to `hylafaxplus` to permit substitution with `inherit`.
 2021-05-14 05:42:18 +02:00
Yarny0 89df33f882 nixos/hylafax: replace a nested expression with lib.pipe 
This avoids a tripple-nested function call,
and it looks slightly simpler (at least to me).
 2021-05-14 05:42:18 +02:00
Yarny0 449647daf5 nixos/hylafax: use lib.types.ints.positive 
I haven't realized earlier that there is
already an option type for postive integers.
 2021-05-14 05:42:17 +02:00
Izorkin feebe402f5
treewide: remove duplicates SystemCallFilters 2021-05-13 15:44:56 +03:00
Sandro f0bb4f066a
Merge pull request #95050 from paumr/bind-fmt 2021-05-10 19:06:00 +02:00
Michele Guerini Rocco d0cbcce8d4
Merge pull request #121395 from bjornfor/nixos-wpa-supplicant 
nixos/wpa_supplicant: prefer 'install' over 'touch/chmod/mkdir/chgrp'
 2021-05-10 08:16:39 +02:00
paumr 5390d4b946 nixos/bind: formatted with nixpkgs-fmt 2021-05-08 23:13:58 +02:00
Robert Schütz 314a64a026 nixos/znc: fix example 2021-05-08 22:54:19 +02:00
Robert Schütz 5986f233a6 nixos/znc: remove trailing slash from dataDir 2021-05-08 22:54:19 +02:00
Robert Schütz 4400ee83ec nixos/znc: harden systemd unit 2021-05-08 22:54:15 +02:00
Robert Hensing 4433ba90aa
Merge pull request #121927 from rissson/nixos-unbound-fix-top-level-include 
nixos/unbound: allow list of strings in top-level settings option type
 2021-05-08 22:00:57 +02:00
Marc 'risson' Schmitt 0340cd2abe
nixos/unbound: allow list of strings in top-level settings option type 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2021-05-08 19:55:17 +02:00
Aaron Andersen 9254b82706
Merge pull request #121746 from j0hax/monero-options 
nixos/monero: add dataDir option
 2021-05-08 11:43:49 -04:00
Gemini Lasswell 28f51d7757 nixos/yggdrasil: set directory permissions before writing keys 
Remove the opportunity for someone to read the keys in between when
they are written and when the chmod is done.  Addresses #121293.
 2021-05-08 09:49:19 +02:00
Johannes Arnold c0853b6e2c nixos/monero: use isSystemUser = true 2021-05-08 02:13:25 +02:00
Maximilian Bosch a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple 
wpa_supplicant: allow both imperative and declarative networks
 2021-05-06 11:01:35 +02:00
Johannes Arnold ff65166f44 nixos/monero: fix typo 2021-05-04 21:57:21 +00:00
Johannes Arnold 7cf3ffbddd nixos/monero: add dataDir option 2021-05-04 21:56:45 +00:00
Robert Schütz 762be5c86d nixos/radicale: harden systemd unit 2021-05-04 17:43:26 +02:00
Michele Guerini Rocco 93c5837be5
Merge pull request #121512 from rnhmjoj/searx 
searx: set settings.yml permissions using umask
 2021-05-04 11:43:12 +02:00
Robert Schütz 022c5b0922 nixos/radicale: add settings option 
The radicale version is no longer chosen automatically based on
system.stateVersion because that gave the impression that old versions
are still supported.
 2021-05-04 10:22:05 +02:00
Andreas Rammhold 3ec6977d30
Merge pull request #89572 from rissson/nixos/unbound 
nixos/unbound: add settings option, deprecate extraConfig
 2021-05-03 21:49:24 +02:00
Marc 'risson' Schmitt 52f6733203
nixos/unbound: deprecate extraConfig in favor of settings 
Follow RFC 42 by having a settings option that is
then converted into an unbound configuration file
instead of having an extraConfig option.

Existing options have been renamed or kept if
possible.

An enableRemoteAccess has been added. It sets remote-control setting to
true in unbound.conf which in turn enables the new wrapping of
unbound-control to access the server locally.  Also includes options
'remoteAccessInterfaces' and 'remoteAccessPort' for remote access.

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2021-05-03 21:27:15 +02:00
Silvan Mosberger a221e6c330
Merge pull request #121172 from eyJhb/bind-list-to-attrs 
nixos/bind: refactor zones from a list to attrset
 2021-05-03 21:21:22 +02:00
eyjhb 757a455dde
nixos/bind: refactor zones from a list to attrset 
This commit uses coercedTo to make zones a attrset instead of list.
Makes it easier to access/change zones in multiple places.
 2021-05-03 20:04:42 +02:00
Silvan Mosberger 3e930b7e4a
Merge pull request #121294 from nh2/issue-121288-wireguard-fix-chmod-race 
wireguard module: generatePrivateKeyFile: Fix chmod security race
 2021-05-03 16:24:42 +02:00
Luke Granger-Brown 4b42da3d85
Merge pull request #120791 from mweinelt/babeld 
babeld: 1.9.2 -> 1.10
 2021-05-03 10:00:12 +01:00
rnhmjoj 9ea6c1979c
nixos/searx: set settings.yml permissions using umask 
This should solve a leakage of secrets as suggested in #121293
 2021-05-03 09:53:50 +02:00