3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

1940 commits

Author SHA1 Message Date
Janne Heß d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
Jan Tojnar 6c8aed6391
Merge branch 'master' into staging-next 2019-10-12 00:50:21 +02:00
Konrad Borowski 89f5dc24ed nixos/mullvad-vpn: add service
mullvad-vpn package is mostly useless without it.
2019-10-10 19:11:31 +02:00
Frederik Rietdijk a0c34f54cc Merge master into staging-next 2019-10-08 11:56:52 +02:00
Maximilian Güntner 176b1aeb4e
nixos/mxisd: add support for ma1sd
both servers only differ slighly so the module
can be reused
2019-10-07 18:57:15 +02:00
geistesk 7f9767954b nixos/go-shadowsocks2: init 2019-10-06 11:18:20 +02:00
Jörg Thalheim bf3360cdcf
nixos/zeronet: Improved config, dynamic user, remove static UI… (#70305)
nixos/zeronet: Improved config, dynamic user, remove static UID and GID
2019-10-04 10:23:13 +01:00
Okinan 5c18c08da9 nixos/zeronet: improved config, dynamic user 2019-10-03 17:03:32 -05:00
Elias Probst 86dea5559f nixos/networkmanager: allow iwd as Wi-Fi backend
This introduces an option wifi.backend to the networkmanager module.

Co-authored-by: Cole Mickens <cole.mickens@gmail.com>
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-10-02 21:52:58 -04:00
worldofpeace 9bc8169695 nixos/networkmanager: remove basePackages option
This option in now completely useless.
All the default configs for these packages
already have GNOME features default,
2019-09-29 20:36:49 -04:00
Frederik Rietdijk 503081fa5b Merge staging into staging-next 2019-09-29 11:05:22 +02:00
Vladimír Čunát 217cf982c7
Merge branch 'master' into staging-next 2019-09-27 22:13:02 +02:00
worldofpeace 985697bff7
Merge pull request #66652 from craigem/clarify_wireless_examples
nixos/doc: Clarify wireless examples
2019-09-26 22:56:20 -04:00
Craige McWhirter cce7486deb nixos/doc: Clarify wireless examples
This commits makes it clearer to a novice reader how to configure several
diferent types of SSID connections that were otherwise obscurely documented

Resolves #66650
2019-09-26 22:52:21 -04:00
Vladimír Čunát 192fb9d11b
Merge branch 'staging-next' into staging 2019-09-24 08:15:01 +02:00
Vladimír Čunát eab41878ac
Merge branch 'master' into staging-next 2019-09-24 08:14:34 +02:00
Jörg Thalheim bfed455de3
Merge pull request #68946 from volth/escape
treewide: fix string escapes
2019-09-24 04:19:12 +01:00
Jörg Thalheim 8c7667c325
Enable work variant firewall with iptables-compat (#66953)
Enable work variant firewall with iptables-compat
2019-09-22 09:28:16 +01:00
Jörg Thalheim ffa80e75b7
nixos/firewall: rename iptables-compat to iptables-nftables-compat 2019-09-22 09:09:43 +01:00
Vladimír Čunát 22a216849b
Re-Revert "Merge branch 'staging-next'"
This reverts commit f8a8fc6c7c.
2019-09-22 09:38:09 +02:00
Peter Hoeg 1c7aaf227c nixos/networkmanager: tiny cleanups
These are the leftovers of an older PR.

a. Send messages to auditd if auditing is enabled.
b. Add missing dbus configuration if dnsmasq is used for DNS
2019-09-22 13:33:43 +08:00
Vladimír Čunát f8a8fc6c7c
Revert "Merge branch 'staging-next'"
This reverts commit 41af38f372, reversing
changes made to f0fec244ca.

Let's delay this.  We have some serious regressions.
2019-09-21 20:05:09 +02:00
Vladimír Čunát 41af38f372
Merge branch 'staging-next' 2019-09-21 13:14:09 +02:00
Matthew Bauer d8b7b95ac6 Merge remote-tracking branch 'origin/master' into staging 2019-09-20 23:25:24 -04:00
Eelco Dolstra b0ccd6dd16
Revert "nixos/doc: re-format"
This reverts commit ea6e8775bd. The new
format is not an improvement.
2019-09-19 19:17:30 +02:00
Frederik Rietdijk f81d43b94c Merge staging-next into staging 2019-09-19 17:00:07 +02:00
Frederik Rietdijk 0b12d44c06 Merge master into staging-next 2019-09-19 16:59:42 +02:00
Marek Mahut 0358bc174b nixos/jormungandr: moving to a new section topics_of_interest 2019-09-19 10:51:59 +02:00
Jan Tojnar 0902f08e0d
Merge branch 'staging-next' into staging 2019-09-18 22:40:42 +02:00
Jan Tojnar 105abdd52c
Merge branch 'master' into staging-next 2019-09-18 22:40:03 +02:00
Jan Tojnar ea6e8775bd
nixos/doc: re-format 2019-09-18 22:13:35 +02:00
Jan Tojnar f5ef80b46d
Merge branch 'staging-next' into staging 2019-09-18 21:16:01 +02:00
Jan Tojnar 62791c3743
Merge branch 'master' into staging-next 2019-09-18 21:15:35 +02:00
Antoine R. Dumont (@ardumont) 35fe50352f nixos/minidlna: Allow more configuration options
This commits allows the user to configure:
- more minidlna options
- the ones not yet disclosed in nix (extending the existing minimal subset)
2019-09-17 19:51:33 +02:00
volth b384420f2c
nixos/prosody: fix escape 2019-09-17 00:20:05 +00:00
Vladimír Čunát 268872d996
Merge branch 'staging-next' into staging 2019-09-16 19:25:54 +02:00
Vladimír Čunát b6c6e1f9e8
Merge branch 'master' into staging-next 2019-09-15 13:18:54 +02:00
worldofpeace 1ff3a0c498 networkmanager: 1.18.2 -> 1.20.2
* libnm-glib is gone 👋️
* correct dbus_conf_dir
* remove legacy service symlink
* upstream defaults to 'internal' for dhcp
  NixOS module reflects this.

https://gitlab.freedesktop.org/NetworkManager/NetworkManager/blob/1.20.2/NEWS
2019-09-14 09:01:46 -04:00
Will Dietz 447d625edc networkmanager,modemmanager: fix service symlinks for systemd v243
Fixes problems such as:

systemd[1]: Failed to put bus name to hashmap: File exists
systemd[1]: dbus-org.freedesktop.nm-dispatcher.service: Two services allocated for the same bus name org.freedesktop.nm_dispatcher, refusing operation.

Problem is that systemd treats symlinks to files outside the service
path differently, causing our old workaround to look like two separate services.

These symlinks are intended to be a means for manually emulating
the behavior of the `Alias=` directive in these services.
Unfortunately even making these symlinks relative isn't enough,
since they don't make it to where it matters--
that only makes the links in /etc/static/systemd/system/*
relative, with systemd still being shown non-relative links
in /etc/systemd/system/*.

To fix this, drop all of this at the package level
and instead simply specify the aliases in the NixOS modules.

Also handle the same for modemmanager,
since the networkmanager NixOS module also handles that.
2019-09-14 08:05:27 -04:00
worldofpeace 3cb0ae999f
Revert "networkmanager,modemmanager: fix service symlinks for systemd v243" 2019-09-14 08:04:28 -04:00
Will Dietz f99bdb2b61
networkmanager,modemmanager: fix service symlinks for systemd v243
Fixes problems such as:

systemd[1]: Failed to put bus name to hashmap: File exists
systemd[1]: dbus-org.freedesktop.nm-dispatcher.service: Two services allocated for the same bus name org.freedesktop.nm_dispatcher, refusing operation.

Problem is that systemd treats symlinks to files outside the service
path differently, causing our old workaround to look like two separate services.

These symlinks are intended to be a means for manually emulating
the behavior of the `Alias=` directive in these services.
Unfortunately even making these symlinks relative isn't enough,
since they don't make it to where it matters--
that only makes the links in /etc/static/systemd/system/*
relative, with systemd still being shown non-relative links
in /etc/systemd/system/*.

To fix this, drop all of this at the package level
and instead simply specify the aliases in the NixOS modules.

Also handle the same for modemmanager,
since the networkmanager NixOS module also handles that.
2019-09-13 21:02:39 -05:00
Robin Gloster 7782ffb89a
Merge pull request #64364 from JohnAZoidberg/nm-wireless
Allow NetworkManager and wireless together
2019-09-13 13:18:14 +02:00
Austin Seipp 5a1ae55bbc nixos/chrony: keep in foreground
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-09-12 11:45:51 -05:00
Austin Seipp b8bda8cb4f nixos/chrony: remove redundant 'initstepslew.servers' option
This option was added in 6336048c58 but it
is essentially a complete duplicate of the existing cfg.servers and
there seems to be no reason to keep maintaining it.

Furthermore, it requires annoying duplication if you try to do option
merging, e.g. merging in sets into your configuration.nix that add
`services.chrony.initstepslew` options will overwrite the servers option
unless you keep it, but that means you just have to duplicate
config.networking.timeServers again anyway which is an implementation
detail!

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-09-12 11:45:51 -05:00
Austin Seipp 83180ea41f nixos/chrony: set iburst for ntp servers
'iburst' allows chrony to make very quick adjustments to the clock by
doing a couple rapid measurements outside of the default 'minpoll'
option. This helps improve rapid time adjustment at boot, and is enabled
by default.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-09-12 11:45:51 -05:00
Austin Seipp f0ad5ebdfb nixos/{chrony,ntpd,openntpd}: add myself as maintainer
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-09-12 11:45:51 -05:00
Austin Seipp a61e94329f nixos: shuffle all ntp services into their own dir
This is reckless, ill-advised, pointless, and I will be scorned for it,
but it makes me feel a lot better.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-09-12 11:45:51 -05:00
volth 3e792fb6df
nixos/nat: create nixos-nat-{pre,post,out} in ip6tables too 2019-09-10 21:58:19 +00:00
Michael Bishop 7256d10d00
Merge pull request #68368 from toonn/toxvpn-typo
nixos/toxvpn: Fix typo in option description
2019-09-09 14:35:22 -03:00
toonn a34b61ab30 nixos/toxvpn: Fix typo in option description 2019-09-09 19:31:48 +02:00
volth 7b8fb5c06c treewide: remove redundant quotes 2019-09-08 23:38:31 +00:00
Marek Mahut a2550e2af5
Merge pull request #68243 from mmahut/jormungandr
nixos/jormungandr: adding RUST_BACKTRACE until service is stable
2019-09-07 11:29:51 +02:00
worldofpeace 416f057bc3
Merge pull request #68213 from worldofpeace/ead/fix
nixos/iwd: add tmpfiles rule for ead service
2019-09-07 03:40:06 -04:00
Marek Mahut af9c515c8b nixos/jormungandr: adding RUST_BACKTRACE until service is stable 2019-09-07 08:31:28 +02:00
Frederik Rietdijk 66bc7fc1b3 Merge master into staging-next 2019-09-06 22:46:05 +02:00
Nikolay Amiantov daa9ea2987 murmur service: fix typo in description 2019-09-06 20:29:20 +03:00
worldofpeace 3722f1d20e nixos/iwd: add tmpfiles rule for ead service
This is needed for the wired service ead.service.
(in ReadWritePaths)
2019-09-06 11:32:55 -04:00
Vladimír Čunát 4aad2947f8
Merge branch 'master' into staging-next 2019-09-04 11:00:56 +02:00
Izorkin 32f6ce33ed nixos/firewall: add package option 2019-09-03 21:49:55 +03:00
Nikolay Amiantov 0a29a2e37c syncplay module: init 2019-09-03 00:30:12 +02:00
Vladimír Čunát f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Florian Klink f74735c9d7 nixos: remove dependencies on local-fs.target
Since https://github.com/NixOS/nixpkgs/pull/61321, local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
2019-09-01 19:06:38 +02:00
Silvan Mosberger 478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk 98ef78326d Merge staging-next into staging 2019-08-31 18:07:33 +02:00
Marek Mahut 74d7ce4248 nixos/{namecoind,bitcoind}: removing the altcoin prefix 2019-08-31 10:15:03 +02:00
Frederik Rietdijk ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
volth 08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
Frederik Rietdijk 5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
Maximilian Bosch 56a7bc05e1
nixos/treewide: drop dependencies to keys.target
The `keys.target` is used to indicate whether all NixOps keys were
successfully uploaded on an unattended reboot. However this can cause
startup issues e.g. with NixOS containers (see #67265) and can block
boots even though this might not be needed (e.g. with a dovecot2
instance running that doesn't need any of the NixOps keys).

As described in the NixOps manual[1], dependencies to keys should be
defined like this now:

``` nix
{
  systemd.services.myservice = {
    after = [ "secret-key.service" ];
    wants = [ "secret-key.service" ];
  };
}
```

However I'd leave the issue open until it's discussed whether or not to
keep `keys.target` in `nixpkgs`.

[1] https://nixos.org/nixops/manual/#idm140737322342384
2019-08-27 18:55:55 +02:00
rnhmjoj 05ddde928d
nixos/dnschain: disable DNSSEC for namecoin TLDs 2019-08-27 14:42:06 +02:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
rnhmjoj 0e0a533d9a
nixos/pdns-recursor: add luaConfig option 2019-08-26 17:46:04 +02:00
rnhmjoj 92d956267a
nixos/pdns-recursor: implement a settings option 2019-08-26 17:46:03 +02:00
Marek Mahut 81fe072a8f nixos/unifi: restarting on failure (#67456) 2019-08-25 18:22:03 -06:00
Marek Mahut 18dfe1a3f5
Merge pull request #67449 from mmahut/jormungandr
nixos/jormungandr: adding genesis tests
2019-08-25 19:54:03 +02:00
Marek Mahut f6ced211e6 nixos/jormungandr: changing the port to match upstream 2019-08-25 18:33:13 +02:00
Daniel Schaefer b4044a3f2a networkmanager: Allow NetworkManager and wireless together
When NetworkManager is configured to not manage all interfaces, it's
perfectly fine to have the rest be managed by the standard nixos
wireless scripts.

I use
  networking.networkmanager.unmanaged = [
    "*" "except:type:wwan" "except:type:gsm"
  ];
to control everything using networking.wireless except for the mobile
LTE modem which only works with NetworkManager.
2019-08-25 12:00:31 +02:00
Jan Tojnar edcecfee00
Merge pull request #67358 from jtojnar/ofono-progress
nixos/ofono: various improvements
2019-08-24 21:37:42 +02:00
Jan Tojnar 5db762126c
nixos/ofono: allow adding 3rd party plug-ins 2019-08-23 19:50:53 +02:00
Jan Tojnar f66613b3b6
nixos/ofono: add module 2019-08-23 19:50:53 +02:00
Marek Mahut ddc0521ebf nixos: adding jormungandr service 2019-08-22 07:10:16 +02:00
Marek Mahut 7c15694c29
Merge pull request #66271 from vdot0x23/patch-1
nixos/stubby: clearer wording for upstreamServers
2019-08-19 20:58:45 +02:00
Nikolay Amiantov 79ebe562fb shadowsocks service: support dual-stack server
Enable IPv6 by default.
2019-08-18 23:07:51 +03:00
Eric Litak ccf3557015 nixos/cjdns: add extraConfig option (#53502) 2019-08-18 18:47:56 +02:00
danbst d80cd26ff9 Merge branch 'master' into flip-map-foreach 2019-08-18 18:00:25 +03:00
Aaron Andersen 6f6468bef3
Merge pull request #65728 from Infinisil/types-eithers
lib/types: Add oneOf, extension of either to a list of types
2019-08-13 11:48:42 -04:00
Silvan Mosberger 88bb9fa403
nixos/modules: Replace all nested types.either's with types.oneOf's 2019-08-08 23:35:52 +02:00
vdot0x23 386f9739b5
nixos/stubby: Clearer wording for upstreamServers
Indicate that upstreamServers actually replaces defaults instead of adding to default.
2019-08-07 12:23:20 +00:00
WilliButz d6a4902662
nixos/unifi: create data directory with correct permissions 2019-08-05 15:09:16 +02:00
Danylo Hlynskyi 7585496eff
Merge branch 'master' into flip-map-foreach 2019-08-05 14:09:28 +03:00
danbst 0f8596ab3f mass replace "flip map -> forEach"
See `forEach`-introduction commit.
```
rg 'flip map ' --files-with-matches | xargs sed -i 's/flip map /forEach /g'
```
2019-08-05 14:03:38 +03:00
danbst 91bb646e98 Revert "mass replace "flip map -> foreach""
This reverts commit 3b0534310c.
2019-08-05 14:01:45 +03:00
Peter Hoeg f2639566b5
Merge pull request #30712 from peterhoeg/f/service
systemd user services shouldn't run as root and other "non-interactive" users
2019-08-02 11:58:27 +08:00
Alexey Shmalko e50539f7b5
syncthing: create default group if not overridden
The following configuration generates a systemd unit that doesn't
start.
```nix
{
  services.syncthing = {
    enable = true;
    user = "my-user";
  };
}
```

It fails with
```
systemd[1]: Started Syncthing service.
systemd[6745]: syncthing.service: Failed to determine group credentials: No such process
systemd[6745]: syncthing.service: Failed at step GROUP spawning /nix/store/n1ydz3i08nqp1ajc50ycy1zribmphqc9-syncthing-1.1.4-bin/bin/syncthing: No such process
systemd[1]: syncthing.service: Main process exited, code=exited, status=216/GROUP
systemd[1]: syncthing.service: Failed with result 'exit-code'.
```

This is due to the fact that `syncthing` group (default) is not
created if the user is overridden.

Add a separate check for setting up the default group, so that
user/group are created independently.
2019-07-29 21:56:12 +03:00
Jörg Thalheim 3b0f0741ea
Merge pull request #65335 from Baughn/wifi-crda
wifi: Include CRDA regulatory database
2019-07-29 07:02:22 +01:00
Svein Ove Aas 7ee6226bdd nixos/networkmanager: Include CRDA regulatory database 2019-07-28 22:10:28 +01:00
Svein Ove Aas ac50d8e709 nixos/wpa_supplicant: Include CRDA regulatory database 2019-07-28 22:10:28 +01:00
Peter Hoeg bede9851a1
Merge pull request #65078 from peterhoeg/f/st
nixos/syncthing: do not use nogroup
2019-07-24 13:22:08 +08:00
Mrmaxmeier 37a2f058ed nixos/thelounge: init
The Lounge is the official and community-managed fork of Shout.
This intends to replace the `shout` service.
2019-07-23 13:18:01 +02:00
Pierre Bourdon 6332bc25cd
nixos/bind: allow manual additions to zone config fragments 2019-07-20 17:50:37 +02:00
Nikolay Amiantov 294751a4fc
Merge pull request #62955 from abbradar/resolvconf
resolvconf service: init
2019-07-17 11:07:12 +03:00
Nikolay Amiantov 01b90dce78 resolvconf service: init
This is a refactor of how resolvconf is managed on NixOS. We split it
into a separate service which is enabled internally depending on whether
we want /etc/resolv.conf to be managed by it. Various services now take
advantage of those configuration options.

We also now use systemd instead of activation scripts to update
resolv.conf.

NetworkManager now uses the right option for rc-manager DNS
automatically, so the configuration option shouldn't be exposed.
2019-07-15 20:25:39 +03:00
danbst 3b0534310c mass replace "flip map -> foreach"
See `foreach`-introduction commit.
```
rg 'flip map ' --files-with-matches | xargs sed -i 's/flip map /foreach /g'
```
2019-07-14 13:46:10 +03:00
Nikolay Amiantov 8951505dc9
Merge pull request #62956 from abbradar/nm-fixes
NetworkManager fixes
2019-07-13 22:31:13 +03:00
Florian Klink a234b91271
Merge pull request #64621 from gloaming/dhcpcd-before-network-online
nixos/dhcpcd: Before network-online.target
2019-07-12 12:48:01 +02:00
Nikolay Amiantov 48b3e70534
Update nixos/modules/services/networking/networkmanager.nix
Co-Authored-By: worldofpeace <worldofpeace@protonmail.ch>
2019-07-11 18:37:51 +03:00
Craig Hall 2ae58dfc79 nixos/dhcpcd: Before network-online.target
Instead of network.target. Fixes #60900 (delayed boot).
2019-07-11 12:23:41 +01:00
Vladimír Čunát 9efdd2e434
knot-resolver: 3.2.1 -> 4.0.0
https://lists.nic.cz/pipermail/knot-resolver-users/2019/000136.html

Similar commit worked fine for me, including the nixos service.
I'd like to still improve the service to support easy passing of sockets
to http module.
2019-07-10 17:40:04 +02:00
Peter Hoeg 8317663b94 nixos/syncthing: do not use nogroup
We were already creating a group for the user under which to run syncthing but
we were defaulting to running as `nogroup`.

Additionally, use `install` instead of multiple calls to mkdir/cp/chown.
2019-07-10 21:29:25 +08:00
Matthieu Coudron 2ebeba4927 nixos/iperf: add openFirewall setting
Opens the specified tcp port.
2019-07-04 16:58:56 +02:00
talyz 732af03ace networkmanager: Documentation cleanup.
- Refer to external documentation for dns option
- Clean up macAddress option
- Improve references
2019-07-03 09:40:05 +00:00
talyz 80acb28bee networkmanager: Add rc-manager option
Add an option to set the rc-manager parameter in NetworkManager.conf,
which controls how NetworkManager handles resolv.conf. This sets the
default rc-manager to "resolvconf", which solves #61490. It
additionally allows the user to change rc-manager without interference
from configuration activations.
2019-07-03 09:40:05 +00:00
Graham Christensen 7b8a7cee78
Merge pull request #63699 from NinjaTrappeur/nin-hostapd-noscan
hostapd: add noscan mode
2019-06-25 18:08:58 -04:00
Graham Christensen 38c28ef10c
Merge pull request #56265 from aanderse/permissions-start-only
replace deprecated usage of PermissionsStartOnly (part 2)
2019-06-25 18:04:22 -04:00
Félix Baylac-Jacqué 5121f8d1e6
hostapd: starting hostapd systemd service at boot. 2019-06-24 00:26:27 +02:00
Félix Baylac-Jacqué 98deb87354
hostapd: Add noscan mode.
Applies OpenWRT's noscan patch to hostapd and the relevant option to
the hostapd module.

This noscan patch adds a new `noscan` option allowing us to create
some overlapping BSSs in HT40+/- mode.

Note: this option is disabled by default, we leave this up to the end
user whether it should be enabled or not.

Not being able to create those overlapping BSSs is basically
preventing us to use 802.11n in any urban area where chances to
overlap with another SSID are extremely high.

The patch we are using is a courtesy of the openwrt team and is
applied to the defaul hostapd package in both OpenWRT and Archlinux.
2019-06-24 00:26:20 +02:00
Matthew Bauer 808d6fc7de
Merge pull request #63087 from matthiasbeyer/fix-ddclient-extraconfig
Fix ddclient extraConfig
2019-06-20 15:28:04 -04:00
Frederik Rietdijk 41377252e5 Merge master into staging-next 2019-06-18 10:53:28 +02:00
Vladimír Čunát 0aa9f35a99
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1525828
2019-06-18 09:44:13 +02:00
Jan Tojnar 11cb382a4c
nixos/doc: Fix spurious indentation 2019-06-17 12:28:26 +02:00
volth f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Frederik Rietdijk 482c74cfb8 Merge staging into staging-next 2019-06-15 10:49:30 +02:00
Samuel Dionne-Riel 861bbbcb3c nixos/sshd: fixes validation for cross-compilation
See https://github.com/NixOS/nixpkgs/pull/62853
2019-06-15 00:56:42 -04:00
Lasse Blaauwbroek 0515392ed3 Fix ddclient extraConfig
The the extraConfig variable is added below the domain variable in the
ddclient config file. The domain variable should always be last.

(cherry picked from commit ba0ba6dc79)
2019-06-13 18:25:59 +02:00
Frederik Rietdijk 7953a65269 Merge staging-next into staging 2019-06-12 09:24:00 +02:00
Robin Gloster 68c30f0d9b
Merge pull request #62153 from WilliButz/avahi-refactor
avahi: set service directory and refactor module
2019-06-11 14:04:33 +00:00
Lucas Savva 24e974b904
bind: Remove deprecated flag from rndc-confgen
Fixes bind.service startup issue after NixOS/nixpkgs#61619
2019-06-11 09:05:56 +02:00
Nikolay Amiantov 493bb6035a networkmanager service: install strongswan configuration file only if enabled 2019-06-10 20:20:47 +03:00
Nikolay Amiantov 5be5991c80 networkmanager service: remove with pkgs
Avoid using `with` which isn't particularly needed.
2019-06-10 20:20:46 +03:00
Nikolay Amiantov 33b7e5f6c7 networkmanager service: fix simultaneous append and insert of nameservers
Before only one of them could work at the same time.
2019-06-10 18:54:32 +03:00
Nikolay Amiantov 68de116eb4 networkmanager service: override DNS when it's actually needed
Logic expression was incorrect before.
2019-06-10 18:54:27 +03:00
Frank Doepper f7ef7bacb7 openvpn: fix static key mini howto url 2019-06-10 13:02:45 +02:00
Jörg Thalheim 98e3b90b6c
Merge pull request #62269 from dasJ/fix-bird-reload
nixos/bird: Fix reload
2019-06-09 17:34:30 +01:00
WilliButz f491e94bac nixos/wireguard: add peer service to interface dependencies (#62828)
Previously each oneshot peer service only ran once and was not
restarted together with the interface unit. Because of this,
defined peers were missing after restarting their corresponding
interface unit.

Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
2019-06-09 11:51:45 +02:00
Nikolay Amiantov 05c1addde3 mtprotoproxy service: init 2019-06-09 11:49:03 +03:00
Eelco Dolstra 4bb48e7f99
wireguard: Don't fail if modprobe fails
This can lead to unnecessary failures if the kernel module is already
loaded:

  Jun 06 12:38:50 chef bglisn9bz0y5403vdw9hny0ij43r41jk-unit-script-wireguard-wg0-start[13261]: modprobe: FATAL: Module wireguard not found in directory /run/booted-system/kernel-modules/lib/modules/4.19.36
2019-06-06 12:40:30 +02:00
WilliButz 49302dc593
nixos/avahi: refactor module, add option extraServiceFiles
Types are now specified for all options.
The fixed uid and gid for the avahi user have been removed
and the user avahi is now in the group avahi.
The the generic opening of the firewall for UDP port 5353 is
now optional, but still defaults to true.

The option `extraServiceFiles` was added to specify avahi
service definitions, which are then placed in `/etc/avahi/services`.
2019-06-04 00:22:48 +02:00
Bas van Dijk 1959799d51 strongswan: 5.7.2 -> 5.8.0 2019-06-03 18:01:55 +02:00
Daniël de Kok c619bbbbef nixos/btsync: remove
Remove the btsync module. Bittorrent Sync was renamed to Resilio Sync in
2016, which is supported by the resilio module. Since Resilio Sync had
some security updates since 2016, it is not safe to run Bittorrent Sync
anymore.
2019-06-03 09:16:13 +02:00
Graham Christensen 1de35c7f5e
wireguard: attempt infinity times to resolve a peer 2019-05-31 14:51:31 -04:00
Graham Christensen dc44fc1760
wireguard: add each peer in a separate service
Before, changing any peers caused the entire WireGuard interface to
be torn down and rebuilt. By configuring each peer in a separate
service we're able to only restart the affected peers.

Adding each peer individually also means individual peer
configurations can fail, but the overall interface and all other peers
will still be added.

A WireGuard peer's internal identifier is its public key. This means
it is the only reliable identifier to use for the systemd service.
2019-05-31 14:51:25 -04:00
Will Dietz a72d6f9349
Merge pull request #60954 from dtzWill/fix/network-online-actually-online-with-networkmanager
networkmanager: network-online --wants--> NetworkManager-wait-online
2019-05-30 23:05:57 -05:00
Janne Heß 672495d596 nixos/bird: Fix reload
When calling reload, bird attempts to reload the file that was given in
the command line. As the change of ${configFile} is never picked up,
bird will just reload the old file.
This way, the configuration is placed at a known location and updated.
2019-05-31 01:21:18 +02:00
Nikolay Amiantov f23c110692 murmur service: log to journald by default
Save an option to log to file with new `logFile` option.

As a side effect deprecate `pidfile` option and instead use systemd's
RuntimeDirectory.
2019-05-30 15:43:32 +03:00
Matthew Bauer 0a2b9719fd
Merge pull request #62157 from Lassulus/syncthing-fix
nixos/syncthing: run init only if a devices or folders are set
2019-05-29 21:02:18 -04:00
lassulus 87e9e65b6f nixos/syncthing: run init only if devices or folders are set 2019-05-29 13:57:39 +02:00
lassulus ddfb687d5e nixos/syncthing: better examples for declarative options 2019-05-29 07:12:14 +09:00
Aaron Andersen 89dae4b1ae nixos/murmur: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:58 -04:00
Aaron Andersen e734494a59 nixos/autossh: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen e85d03e52b nixos/aria2: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen 46a5db0810 nixos/quassel: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:55 -04:00
Aaron Andersen 307a99bb01 nixos/squid: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:55 -04:00
Aaron Andersen dd9598cf54 nixos/teamspeak3: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen 0b7305e783 nixos/unifi: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen 4a4d3a2e04 nixos/zeronet: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen 93235b8a85 nixos/minidlna: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen 86fd8c910d nixos/charybdis: replace deprecated usage of PermissionsStartOnly 2019-05-25 13:48:41 -04:00
Maximilian Bosch 5fa93517f5
Merge pull request #61971 from sjau/wg_client_start
wireguard: restart on failure\nAs a oneshot service, if the startup f…
2019-05-25 16:36:56 +02:00
sjau 1bff53cb84
wireguard: restart on failure
As a oneshot service, if the startup failed it would never be attempted again.
This is problematic when peer's addresses require DNS. DNS may not be reliably available at
the time wireguard starts. Converting this to a simple service with Restart
and RestartAfter directives allows the service to be reattempted, but at
the cost of losing the oneshot semantics.

Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
2019-05-25 16:32:14 +02:00
Florian Klink e4de353830
wireguard service: allow empty interfaces (#61743)
wireguard service: allow empty interfaces
2019-05-25 16:30:27 +02:00
Nikolay Amiantov cfadd988e5 wireguard service: allow empty interfaces
This is needed in case one wants to use wg-quick on NixOS.
2019-05-25 11:17:36 +03:00
Milan Pässler 387d85b271 nixos/prosody: add authentication option (fixes #53134)
Passwords should not be stored in plain text by default. On existing
installations the next time a users user accounts will automatically
be upgraded from plain to hashed one-by-one as they log in.
2019-05-24 23:51:44 +02:00
Franz Pletz eb7c11d552
Merge pull request #58718 from Ma27/validate-ssh-configs
nixos/sshd: validate ssh configs during build
2019-05-24 18:30:04 +00:00
Maximilian Bosch 00a5222499
nixos/sshd: validate ssh configs during build
With `sshd -t` config validation for SSH is possible. Until now, the
config generated by Nix was applied without any validation (which is
especially a problem for advanced config like `Match` blocks).

When deploying broken ssh config with nixops to a remote machine it gets
even harder to fix the problem due to the broken ssh that makes reverts
with nixops impossible.

This change performs the validation in a Nix build environment by
creating a store path with the config and generating a mocked host key
which seems to be needed for the validation. With a broken config, the
deployment already fails during the build of the derivation.

The original attempt was done in #56345 by adding a submodule for Match
groups to make it harder screwing that up, however that made the module
far more complex and config should be described in an easier way as
described in NixOS/rfcs#42.
2019-05-24 20:16:53 +02:00
Carl Dong f15118a883 nixos/bitcoind: add bitcoind service 2019-05-22 15:48:57 -04:00
Ingolf Wanger e4f1e144a0 syncthing: made module more NixOps friendly 2019-05-22 22:39:34 +09:00
William Casarin 9a81e9cd9e xinetd: exec xinetd on launch
I noticed xinetd process doesn't get exec'd on launch, exec here so the bash
process doesn't stick around.

Signed-off-by: William Casarin <jb55@jb55.com>
2019-05-20 10:37:35 +01:00
lassulus a3e7e1bbc8 nixos/syncthing: add options for declarative device/folder config 2019-05-20 17:56:17 +09:00
Aaron Andersen b5a0c38e55
Merge pull request #59401 from mguentner/mxisd_1_3
mxisd: 1.2.0 -> 1.4.3
2019-05-19 07:00:47 -04:00
Robin Gloster 6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
Maximilian Güntner 1a84bfc0a2
mxisd: 1.2.0 -> 1.4.3 2019-05-16 21:14:13 +02:00
Linus Heckemann 2b13c29c3c
Merge pull request #60231 from mayflower/tinc-allow-networking-interfaces
nixos/tinc: remove ordering dependency on network.target
2019-05-14 17:51:20 +02:00
Will Dietz 45886612f0 networkmanager: network-online --wants--> NetworkManager-wait-online 2019-05-04 19:04:45 -05:00
Renaud 966ee252c2
Merge pull request #59367 from Ma27/fix-hostapd-interface-naming
nixos/hostapd: escape interface names for hostapd
2019-05-03 19:04:00 +02:00
Hsiang-Cheng Yang e775587d63 softether: 4.25 -> 4.29 (#60665)
* softether: 4.25 -> 4.29

* softether_4_29: restrict to x86_64-linux
Does not build on aarch64 because of upstream "-m64" compile flag
2019-05-02 19:38:37 +02:00
Silvan Mosberger a27dc9d3ab
nixos/znc: Fix config generator for certain null values
The type of ZNC's config option specifies that a configuration like

  config.User.paul = null;

should be valid, which is useful for clearing/disabling property sets
like Users and Networks. However until now the config generator
implementation didn't actually cover null values, meaning you'd get an
error like

  error: value is null while a set was expected, at /foo.nix:29:10

This fixes the implementation to correcly allow clearing of property
sets.
2019-05-01 00:06:11 +02:00
Daniel Schaefer 786f02f7a4 treewide: Remove usage of isNull
isNull "is deprecated; just write e == null instead" says the Nix manual
2019-04-29 14:05:50 +02:00
Silvan Mosberger 77fb90d27e
Merge pull request #59731 from ajs124/ejabberd_test
ejabberd: refactor module, add test
2019-04-27 23:36:52 +02:00
Lassulus 21fe4fd176
Merge pull request #58181 from fgaz/nixos/zeronet/fix1
nixos/zeronet: add fileserverPort option
2019-04-27 15:45:30 +09:00
Linus Heckemann d4cd164082 nixos/tinc: remove ordering dependency on network.target
This allows configuring IP addresses on a tinc interface using
networking.interfaces."tinc.${n}".ipv[46].addresses.

Previously, this would fail with timeouts, because of the dependency
chain
tinc.${netname}.service
--after--> network.target
--after--> network-addresses-tinc.${n}.service (and network-link-…)
--after--> sys-subsystem-net-devices-tinc.${n}.device

But the network interface doesn't exist until tinc creates it! So
systemd waits in vain for the interface to appear, and by then the
network-addresses-* and network-link-* units have failed. This leads
to the network link not being brought up and the network addresses not
being assigned, which in turn stops tinc from actually working.
2019-04-25 22:54:11 +02:00
Robin Gloster b2c1ed6355
Merge pull request #53043 from exi/wg-quick
nixos/modules/networking/wg-quick Add wg-quick options support
2019-04-24 17:16:32 +00:00
Maximilian Bosch 28a95c4f7f
Merge pull request #60138 from grahamc/wireguard-generate-key
wireguard: add generatePrivateKeyFile option + test
2019-04-24 16:00:34 +02:00
Graham Christensen 06c83a14e1
Wrap 'wg' commands in <command> 2019-04-24 07:46:01 -04:00
Graham Christensen f57fc6c881
wireguard: add generatePrivateKeyFile option + test
Ideally, private keys never leave the host they're generated on - like
SSH. Setting generatePrivateKeyFile to true causes the PK to be
generate automatically.
2019-04-24 07:46:01 -04:00
Silvan Mosberger ca37c23f91
Merge pull request #58096 from pacien/tedicross-init
tedicross: init at 0.8.7
2019-04-23 23:14:22 +02:00
pacien d3423dd5c2 nixos/tedicross: add module 2019-04-23 22:52:23 +02:00
ajs124 3e32e150cb nixos/ejabberd: migrate to tmpfiles, drop runit 2019-04-23 14:00:49 +02:00
Aaron Andersen 4a11ce7f26
cleanup redundant text in modules utilizing mkEnableOption
Closes #59911
2019-04-20 14:44:02 +02:00
Reno Reckling abf60791e2 nixos/modules/networking/wg-quick Add wg-quick options support
This is an implementation of wireguard support using wg-quick config
generation.

This seems preferrable to the existing wireguard support because
it handles many more routing and resolvconf edge cases than the
current wireguard support.

It also includes work-arounds to make key files work.

This has one quirk:
We need to set reverse path checking in the firewall to false because
it interferes with the way wg-quick sets up its routing.
2019-04-20 14:02:54 +02:00
Aaron Andersen 3464b50c61
Merge pull request #59389 from aanderse/issue/53853-1
replace deprecated usage of PermissionsStartOnly (part 1)
2019-04-18 20:46:28 -04:00
adisbladis 9a176d669a
nixos/tox-node: Add descriptions to module options.
Missing these broke the tarball build
https://hydra.nixos.org/build/92258938/nixlog/1
2019-04-15 17:11:10 +01:00
adisbladis 4b4caa9413
Merge pull request #59368 from suhr/tox-node
nixos/tox-node: init
2019-04-15 12:28:27 +03:00
adisbladis 454aa43213
nixos/tox-node: Dont hardcode bootstrap nodes
Get these from upstream tox-node package instead.
This is likely to cause less maintenance overhead over time and
following upstream bootstrap node changes is automated.
2019-04-15 09:27:32 +01:00
Сухарик 6cb40f7b0b
nixos/tox-node: init 2019-04-15 09:27:27 +01:00
Silvan Mosberger a63c182d53
Merge pull request #59315 from Infinisil/znc-docs-url
nixos/znc: Fix URL XML for config option
2019-04-14 17:33:49 +02:00
Aaron Andersen bb649d96b0 nixos/smokeping: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen 89cbee4d3e nixos/mxisd: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:01:00 -04:00
Aaron Andersen cefbee3edc nixos/syncthing: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-04-13 07:00:58 -04:00
Maximilian Bosch f975bbae11
nixos/hostapd: escape interface names for hostapd
Same problem as described in acbadcdbba.

When using multiple interfaces for wifi with `networking.wlanInterfaces`
and the interface for `hostapd` contains a dash, this will fail as
systemd escapes dashes in its device names.
2019-04-12 19:27:19 +02:00
Silvan Mosberger 92ae299998
Merge pull request #59081 from Yarny0/hylafax-updates
HylaFAX: fix ModemGroup, also minor metadata updates
2019-04-12 16:30:46 +02:00
Yarny0 e57156bcaa nixos/hylafax: fix faxq ModemGroup setting
The manpage claims that the "limit" in the setting::
  <name>:[<limit>:]<regex>
is optional and defaults to zero, implying no limit.
However, tests confirmed that it actually isn't optional.

Without limit, the setting ``any:.*`` places
outbound jobs on infinite hold if no particular
modem was specified on the sendfax command line.
The new default value ``any:0:.*`` from
this commit uses any available modem to
send jobs if not modem was given to sendfax.
2019-04-12 11:11:49 +02:00
Yarny0 1438f7b664 nixos/hylafax: add 'yarny' (= myself) as maintainer
I forgot to do this when I submitted this module with
commit 12fa95f2d6.
2019-04-12 11:11:48 +02:00
Silvan Mosberger 2d1fa68c83
Merge pull request #59044 from teto/strongswan_path
strongswan module: use strings for secrets.
2019-04-11 22:51:24 +02:00
Silvan Mosberger b8dc0f9a5b
nixos/znc: Fix URL XML for config option 2019-04-11 16:59:19 +02:00
Matthieu Coudron 08b8c6caf2 nixos/strongswan: use strings for secrets.
The nixos module artifically enforces type.path whereas the ipsec secret configuration files
accept pattern or relative paths.
Enforcing absolute paths already caused problems with l2tp vpn:
https://github.com/nm-l2tp/NetworkManager-l2tp/issues/108
2019-04-11 11:44:49 +09:00
Frederik Rietdijk d108b49168 Merge master into staging-next 2019-04-09 16:38:35 +02:00
Ingo Blechschmidt efff2e1aa6 iodine: improve password handling (#58806)
Before this change, only passwords not containing shell metacharacters could be
used, and because the password was passed as a command-line argument, local
users could (in a very small window of time) record the password and (in an
indefinity window of time) record the length of the password.

We also use the opportunity to add a call to `exec` in the systemd start
script, so that no shell needs to hang around waiting for iodine to stop.
2019-04-08 21:20:26 +02:00
Aneesh Agrawal 24ae4ae604 nixos/sshd: Remove obsolete Protocol options (#59136)
OpenSSH removed server side support for the v.1 Protocol
in version 7.4: https://www.openssh.com/txt/release-7.4,
making this option a no-op.
2019-04-08 09:49:31 +02:00
Florian Klink 2457510db4
Merge pull request #51918 from bobvanderlinden/var-run
tree-wide: nixos: /var/run -> /run
2019-04-07 20:09:46 +02:00
Jan Tojnar cb1a20499a
Merge branch 'master' into staging 2019-04-05 11:37:15 +02:00
Franz Pletz ff36d95878
nixos/quicktun: init 2019-04-02 12:16:48 +02:00
John Ericson 4ccb74011f Merge commit '18aa59b0f26fc707e7313f8467e67159e61600c2' from master into staging
There was one conflict in the NixOS manual; I checked that it still
built after resolving it.
2019-04-01 00:40:03 -04:00
Matthew Bauer d468f4b27e
Merge pull request #57139 from delroth/firewall-dedup
nixos/firewall: canonicalize ports lists
2019-03-25 22:15:17 -04:00
Bob van der Linden 323e8ef375
nixos/xrdp: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden 210b7134d3
nixos/wpa_supplicant: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden b9e27ec43e
nixos/supplicant: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden 8062476f73
nixos/raccoon: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden 34738dea2a
nixos/ocserv: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden cc5f08fed8
nixos/miniupnpd: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden 321bc431cc
nixos/lldpd: /var/run -> /run 2019-03-24 21:15:27 +01:00
Bob van der Linden 1e48222cbe
nixos/ircd-hybrid: /var/run -> /run 2019-03-24 21:15:27 +01:00
Bob van der Linden 937e733c04
nixos/htpdate: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden 1a567685b2
nixos/hostapd: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden 82dee48ef2
nixos/bind: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden 9afbe4c2bd
nixos/avahi-daemon: /var/run -> /run 2019-03-24 21:15:25 +01:00
Bob van der Linden 08558245a4
nixos/asterisk: /var/run -> /run 2019-03-24 21:13:19 +01:00
Francesco Gazzetta 58f682742e nixos/zeronet: add fileserverPort option
Without it, zeronet tried to write one to the read-only config file and
crashed
2019-03-23 17:58:57 +01:00
Wael M. Nasreddine 5af0780492
Merge remote-tracking branch 'origin/master' into staging
* origin/master: (693 commits)
  buildGoModule: use go_1_12 instead of go_1_11 (#58103)
  gitAndTools.lab: 0.15.2 -> 0.15.3 (#58091)
  signal-desktop: 1.22.0 -> 1.23.0
  added missing semicolon to documentation
  terminus_font_ttf: 4.46.0 -> 4.47.0
  buildGoModule: remove SSL env vars in favor of cacert in buildInputs (#58071)
  dav1d: init at 0.2.1
  dropbox-cli: 2018.11.28 -> 2019.02.14
  atlassian-confluence: 6.14.1 -> 6.14.2
  maintainers: update email for dywedir
  python.pkgs.hglib: use patch to specify hg path (#57926)
  chkrootkit: 0.52 -> 0.53
  radare2-cutter: 1.7.2 -> 1.8.0
  autorandr: 1.7 -> 1.8
  pythonPackages.pyhepmc: fix build
  llvm-polly/clang-polly: use latest llvm
  apulse: 0.1.11.1 -> 0.1.12, cleanup
  factorio: experimental 0.17.14 → 0.17.16 (#58000)
  sequeler: 0.6.7 -> 0.6.8
  nasc: 0.5.1 -> 0.5.2
  ...
2019-03-21 21:01:25 -07:00
Jörg Thalheim b488c60cdb network-manager: rename systemd service back to match upstream
Compatibility with other distributions/software and expectation
of users coming from other systems should have higher priority over consistency.
In particular this fixes #51375, where the NetworkManager-wait-online.service
broke as a result of this.
2019-03-19 23:48:08 +01:00
Martin Weinelt a978d3dcd2
nixos/knot: init 2019-03-14 01:28:53 +01:00
Markus 7e71cd8292 nixos/flannel: Add iptables package to service path 2019-03-12 15:30:33 +00:00
Pierre Bourdon 18bc8203a1
nixos/firewall: canonicalize firewall ports lists
Fixes #56086.
2019-03-09 20:02:04 +01:00
Pierre Bourdon 843215ac1c
nixos/firewall: use types.port where appropriate 2019-03-09 19:45:11 +01:00
Bas van Dijk e44e2455d3 strongswan-swanctl: fix module by setting the new SWANCTL_DIR envvar 2019-03-08 16:11:38 +01:00
Peter Hoeg 011fe4a246
Merge pull request #56571 from peterhoeg/u/mqtt
mosquitto: 1.5.5 -> 1.5.8
2019-03-04 12:23:45 +08:00
Peter Hoeg 0e40b7bfc2 mosquitto (nixos): notify systemd when started 2019-03-01 18:54:24 +08:00
David Duarte b381c27b58 nixos/coredns: init (#54931) 2019-03-01 11:10:44 +02:00
Andreas Rammhold 64c60a813d nixos/gnunet: fix typo in PrivateTmp parameter (#56343)
Systemd expects `PrivateTmp` and not `PrivateTemp` in the service
configuration.

I found this by chance while grepping through nixpkgs…
2019-02-25 15:53:36 +01:00
Nikita Uvarov 131e31cd1b
sshd: fix startWhenNeeded and listenAddresses combination
Previously, if startWhenNeeded was set, listenAddresses option was
ignored and daemon was listening on all interfaces.
Fixes #56325.
2019-02-25 00:51:58 +01:00
Silvan Mosberger c0318efe9a
Merge pull request #50504 from symphorien/local-closureInfo
nixos: add preferLocalBuild=true; on derivations for config files and closureInfo
2019-02-22 20:53:17 +01:00
Symphorien Gibol a915b33315 nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
Jörg Thalheim 183919a0c0
Merge pull request #56004 from eskimor/add-nix-serve-help
nixos-nix-serve: Add some hint on howto get valid signing keys.
2019-02-21 09:43:50 +00:00
Johan Thomsen 7028fac35b
nixos/kubernetes: use system.path to handle dependency on flannel subnet.env
The current postStart step on flannel causes flannel.service to
sometimes hang, even when it's commanded to stop.
2019-02-20 21:08:56 +01:00
Robert Klotzner 9f3fe63b5f Add some hint on howto get valid signing keys. 2019-02-20 12:32:08 +01:00
Silvan Mosberger ac953a4a6b
Merge pull request #55766 from Lucus16/bump-quassel
nixos/quassel: Add support for certificate file
2019-02-18 03:04:56 +01:00
Jaka Hudoklin 5ae048071d
Merge pull request #55649 from johanot/flannel-with-kubernetes-backend
nixos/flannel: add kubernetes as storage backend (and fix test)
2019-02-15 19:55:56 +01:00
Lars Jellema 85675c139f
nixos/quassel: Add support for certificate file 2019-02-14 14:36:21 +01:00
Johan Thomsen 94136fdc1b nixos/flannel: node name needs to be configured for flannel to work with kubernetes storage backend 2019-02-13 17:17:52 +01:00
Johan Thomsen 9522ca5ce9 nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-12 18:26:39 +01:00
Robert Helgesson 488a3f09cd
nixos/wpa_supplicant: use <citerefentry>
Fixes #55505
2019-02-10 13:23:28 +01:00
Jörg Thalheim 6c28dd858b
teamspeak: ipv6 support
Unlike the options descriptions the service was not listen to any
IPs because the address family was limited to ipv4.
2019-02-08 10:28:20 +00:00
Lily Ballard b0e79359bd nixos/unifi: Update TCP ports
Fixes #55377
2019-02-07 13:18:57 -08:00
Ioannis Koutras 6642f3f213 nixos/syncthing: setup user only on system service 2019-02-06 20:23:13 +01:00
Franz Pletz 2746973061
ndppd: don't use weird upstream systemd service unit 2019-02-03 14:39:28 +01:00
elseym 4ce1c59389
ndppd module: refactor 2019-02-03 14:28:54 +01:00
Danylo Hlynskyi 30c312341f
Merge pull request #54637 from danbst/small-eval-optimization
module system: small eval optimization
2019-01-31 00:42:24 +02:00
danbst 27982b408e types.optionSet: deprecate and remove last usages 2019-01-31 00:41:10 +02:00
Robert Schütz 0525fa54e8
Merge pull request #54739 from Nadrieril/fix-ffsync
Fix firefox sync-server
2019-01-30 16:26:31 +01:00
Nadrieril 375020cf99 nixos/syncserver: mild cleanup 2019-01-30 15:59:01 +01:00
Nadrieril 63c7fe0819 nixos/syncserver: use gunicorn
As described in `syncserver`'s documentation.
Makes it possible to run behind a reverse proxy.
2019-01-30 15:59:00 +01:00
Nadrieril 957d0589ad pythonPackages.syncserver: move to all-packages.nix and fix dependencies 2019-01-30 15:59:00 +01:00
Silvan Mosberger f2daf4295e
Merge pull request #54708 from erictapen/unifi-maintainer
unifi, nixos/unifi: add erictapen as maintainer
2019-01-27 19:02:40 +01:00
Justin Humm 38f23046a3
unifi, nixos/unifi: add erictapen as maintainer 2019-01-27 17:28:15 +01:00
Maximilian Bosch acbadcdbba
nixos/wpa_supplicant: escape interface names to listen on
Systemd provides some functionality to escape strings that are supposed
to be part of a unit name[1]. This seems to be used for interface names
in `sys-subsystem-net-devices-{interface}.device` and breaks
wpa_supplicant if the wireless interface name has a dash which is
encoded to \x2d.

Such an interface name is rather rare, but used i.e. when configuring
multiple wireless interfaces with `networking.wlanInterfaces`[2] to have on
interface for `wpa_supplicant` and another one for `hostapd`.

[1] https://www.freedesktop.org/software/systemd/man/systemd-escape.html
[2] https://nixos.org/nixos/options.html#networking.wlaninterfaces
2019-01-27 11:59:18 +01:00
Milan Pässler 24d5e30b5f nixos/prosody: add ExecReload
Add an ExecReload command to the prosody service, to allow reloading
prosody by sending SIGHUP to the main process, for example to update
certificates without restarting the server. This is exactly how the
`prosodyctl` tool does it.

Note: Currently there is a bug which prevents mod_http from reloading the
certificates properly: https://issues.prosody.im/1216.
2019-01-26 03:12:09 +01:00
Robert Irelan 8844f09d53 xrdp: fix clipboard for non-ASCII characters
Without this line, attempting to copy and paste non-ASCII characters
will result in error messages like the following (and pasting from the
server to the client will not work):

```
CLIPBOARD  clipboard_send_data_response_for_text: 823 : ERROR: clipboard_send_data_response_for_text: bad string
```
2019-01-22 09:52:53 -08:00
aszlig 6446d9eee8
nixos/nsd: Improve checking for empty dnssec zones
While at it (see previous commit), using attrNames in combination with
length is a bit verbose for checking whether the filtered attribute set
is empty, so let's just compare it against an empty attribute set.

Signed-off-by: aszlig <aszlig@nix.build>
2019-01-04 01:59:28 +01:00
aszlig 751bdacc9b
nixos/nsd: Don't override bind via nixpkgs.config
When generating values for the services.nsd.zones attribute using values
from pkgs, we'll run into an infinite recursion because the nsd module
has a condition on the top-level definition of nixpkgs.config.

While it would work to push the definition a few levels down, it will
still only work if we don't use bind tools for generating zones.

As far as I could see, Python support for BIND seems to be only needed
for the dnssec-* tools, so instead of using nixpkgs.config, we now
directly override pkgs.bind instead of globally in nixpkgs.

To illustrate the problem with a small test case, instantiating the
following Nix expression from the nixpkgs source root will cause the
mentioned infinite recursion:

  (import ./nixos {
    configuration = { lib, pkgs, ... }: {
      services.nsd.enable = true;
      services.nsd.zones = import (pkgs.writeText "foo.nix" ''
        { "foo.".data = "xyz";
          "foo.".dnssec = true;
        }
      '');
    };
  }).vm

With this change, generating zones via import-from-derivation is now
possible again.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @pngwjpgh
2019-01-04 01:49:50 +01:00
ajs124 325e314aae
sshd: Add restartTrigger for sshd_config
Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
2019-01-02 20:11:01 +01:00
Franz Pletz 0ea65cd96c
shairport-sync service: fix default arguments 2019-01-02 19:17:22 +01:00
Silvan Mosberger 070254317e
Revert "nixos/ddclient: make RuntimeDirectory and configFile private" 2018-12-29 16:53:43 +01:00
Jeremy Apthorp 654c3124b2
shairport-sync: don't daemonize
This flag causes the shairport-sync server to attempt to daemonize, but it looks like systemd is already handling that. With the `-d` argument, shairport-sync immediately exits—it seems that something (systemd I'm guessing?) is sending it SIGINT or SIGTERM.

The [upstream systemd unit](https://github.com/mikebrady/shairport-sync/blob/master/scripts/shairport-sync.service.in#L10) doesn't pass `-d`.
2018-12-19 22:37:25 -08:00
Satoshi Shishiku 5a93f6149a
prosody service: set cafile
Fix s2s_secure_auth.
2018-12-17 01:01:41 +01:00
Rickard Nilsson b20fcce195 nixos/nm-setup-hostsdir: RemainAfterExist -> RemainAfterExit 2018-12-15 08:33:28 +01:00
Renaud 0eb2f4b5f5
Merge pull request #50809 from sorki/wireguard_containers_wont_modprobe
wireguard: don't modprobe if boot.isContainer is set
2018-12-07 11:06:28 +01:00
Austin Seipp 4594b18070 nixos/chrony: fix misplaced ConditionCapability= directive
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-02 20:32:47 -06:00
Austin Seipp ee14496ae2 nixos/dhcpcd: (try to) restart chrony in the exitHook
As the comment notes, restarts/exits of dhcpcd generally require
restarting the NTP service since, if name resolution fails for a pool of
servers, the service might break itself. To be on the safe side, try
restarting Chrony in these instances, too.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-30 18:50:33 -06:00
Austin Seipp 7b8d9700e1 nixos/chrony: don't emit initstepslew when servers is empty
Setting the server list to be empty is useful e.g. for hardware-only
or virtualized reference clocks that are passed through to the system
directly. In this case, initstepslew has no effect, so don't emit it.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-30 18:50:32 -06:00
Brandon Black dacbd5a61a nixos/ntp: use upstream default restrictions to avoid DDoS (#50762)
Fixes #50732
2018-11-28 10:15:25 +00:00
Renaud 6a5fff3741
Merge pull request #51001 from c0bw3b/cleanup/more-https
Treewide: use more HTTPS-enabled sources
2018-11-25 16:22:34 +01:00
Franz Pletz c1d760f0bf
Merge pull request #50469 from mguentner/mxisd
mxisd: init at 1.2.0 plus service with test
2018-11-25 13:26:05 +00:00
Maximilian Güntner efae5d43ef
modules: add mxisd with test 2018-11-25 14:24:10 +01:00
Craig Younkins eff461c8ef treewide: systemd timeout arguments to use infinity instead of 0 (#50934)
Fixes https://github.com/NixOS/nixpkgs/issues/49700
2018-11-25 13:33:22 +01:00
c0bw3b c615b0504b nixos/flashpolicyd: fix url and use https 2018-11-24 23:13:09 +01:00
Jörg Thalheim d3aeed389c
Merge pull request #50641 from blaxill/firewallMerge
nixos/firewall: Always use global firewall.allowed rules
2018-11-23 11:42:16 +00:00
Ben Blaxill 308ab4ea25 Rename back to default and better release notes 2018-11-22 19:24:23 -05:00
Ben Blaxill 32779b4c74 Refactor out the set operations 2018-11-20 21:29:33 -05:00
Samuel Dionne-Riel a041dc8ab7
Merge pull request #50499 from delroth/syncthing-relay
syncthing-relay module: init
2018-11-20 01:40:23 +00:00
Richard Marko 3ffda36356 wireguard: don't modprobe if boot.isContainer is set 2018-11-20 01:17:04 +01:00
Ben Blaxill 551d2f7ed2 nixos/firewall: Always use global firewall.allowed rules
Apply global firewall.allowed* rules separately from the
interface specific rules.
2018-11-18 22:50:01 -05:00
Pierre Bourdon 08f24cadaa syncthing-relay module: init 2018-11-19 01:09:54 +01:00
Renaud 7f84561cc3
Merge pull request #49631 from janikrabe/master
oidentd: 2.2.2 -> 2.3.1
2018-11-19 00:31:02 +01:00
Silvan Mosberger e468a1091b
Merge pull request #48687 from danielrutz/port-type
Add port type
2018-11-10 15:12:07 +01:00
Janik Rabe 49e97f8f88 oidentd: 2.2.2 -> 2.3.1
* Added license: GPLv2.
* Updated homepage and description.
* CFLAGS are no longer necessary as of version 2.2.0.
* Option '-a ::' is no longer necessary as of version 2.2.0.
2018-11-07 14:51:45 +02:00
Niklas Hambüchen 2cb7f5fb1e consul: 0.9.3 -> 1.3.0.
Removes the old UI build tooling; it is no longer necessary
because as of 1.2.0 it's bundled into the server binary.
It doesn't even need to have JS built, because it's bundled into
the release commit's source tree (see #48714).

The UI is enabled by default, so the NixOS service is
updated to directly use `ui = webUi;` now.

Fixes #48714.
Fixes #44192.
Fixes #41243.
Fixes #35602.

Signed-off-by: Niklas Hambüchen <mail@nh2.me>
2018-11-03 18:39:46 +01:00
Austin Seipp 93aa285376 nixos: fix #48917 by setting SYSTEMD_TIMEDATED_NTP_SERVICES
Setting this variable in the environment of systemd-timedated allows
'timedatectl' to tell if an NTP service is running.

Closes #48917.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-11-02 09:10:15 -05:00
Joachim F 2dc0fc6516
Merge pull request #47526 from rnhmjoj/syncthing
nixos/syncthing: move configuration to condigDir
2018-11-02 12:02:51 +00:00
obadz c8c1ed2c78 nixos/zerotier: binds to network-online.target to avoid the 1m30s timeout before kill on shutdown 2018-11-01 23:00:25 +00:00
Léo Gaspard b9faae955c
redsocks module: add self as maintainer 2018-10-31 01:06:14 +09:00
Lassulus 334dd6f964 nixos/bitlbee: use purple-2 as purple_plugin_path (#49440) 2018-10-30 15:37:41 +01:00