1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Commit graph

2099 commits

Author SHA1 Message Date
WORLDofPEACE 46e5b14b4a
nixos/dnscrypt-proxy2: version the example file
I've frequently used the master version that has non backwards compatible keys.
2020-09-28 06:28:12 -04:00
Mario Rodas 8b8f54d38b
Merge pull request #98263 from asdf8dfafjk/patch-3
nixos/onedrive: Remove verbose flag
2020-09-19 13:46:17 -05:00
asdf8dfafjk 5e166f892d
nixos/onedrive: Remove verbose flag 2020-09-19 11:32:42 +05:30
Ryan Mulligan ad1c7eb7b6 nixos/heyefi: remove module and package
heyefi is no longer maintained by me; the company that made the sd
cards is defunct and the cards depended on their servers to work.
2020-09-18 21:55:07 -07:00
Marek Mahut 52532b7c36
Merge pull request #91256 from prusnak/seeks
seeks: remove, upstream unmaintained
2020-09-18 16:32:33 +02:00
Henri Menke 9d60354fae nixos/shadowsocks: add test without plugin 2020-09-14 22:35:05 +02:00
Henri Menke e587b5a8a8 nixos/shadowsocks: add extraConfig 2020-09-14 22:35:05 +02:00
Kevin Cox 91032af924
Merge pull request #97592 from NixOS/kevincox-chrony-state
chrony: Create state directory with correct owner.
2020-09-10 09:49:55 -04:00
Kevin Cox 57b9d5c144
chrony: Create state directory with correct owner.
Fixes https://github.com/NixOS/nixpkgs/issues/97546
2020-09-09 15:48:48 -04:00
Piotr Bogdan cb141359bf nixos/openvpn: path now requires conversion to a string
Following changes in https://github.com/NixOS/nixpkgs/pull/91092 the `path` attribute is now a list
instead of being a string. This resulted resulted in the following evaluation error:

"cannot coerce a list to a string, at [...]/nixos/modules/services/networking/openvpn.nix:16:18"

so we now need to convert it to the right type ourselves.

Closes https://github.com/NixOS/nixpkgs/issues/97360.
2020-09-08 11:09:04 +01:00
Pavol Rusnak 2e0542ebac
seeks: remove, upstream unmaintained 2020-06-22 13:43:29 +02:00
Aaron Andersen b6108e021b
Merge pull request #89327 from mweinelt/go-neb-module
nixos/go-neb: init
2020-06-16 06:30:29 -04:00
Matt Layher 562beabff3
nixos/corerad: use passAsFile while converting settings JSON to TOML
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-14 13:30:17 -04:00
Silvan Mosberger 00e448172f
Merge pull request #89781 from mdlayher/mdl-corerad-settings 2020-06-14 16:48:54 +02:00
Matt Layher f1a4b100fd
nixos/corerad: add settings option to supersede configFile
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-14 10:07:16 -04:00
rnhmjoj e23c57c347
nixos/ncdns: init module 2020-06-14 01:09:33 +02:00
rnhmjoj 2e5019b92c
dnschain: remove package and NixOS module
The software is unmaintained since ~2014 and the package
can't be built anymore (issue #89205).
2020-06-13 12:33:31 +02:00
Martin Weinelt 642e9916c6
nixos/go-neb: init 2020-06-02 15:25:05 +02:00
Mario Rodas c9d9ba0f7b
Merge pull request #83307 from servalcatty/fix/v2ray-check
nixos/v2ray: check v2ray config during the build time
2020-05-31 16:32:03 -05:00
Florian Klink 09a7612cbe
Merge pull request #88434 from pstch/patch-2
nixos/haproxy: add reloading support, use upstream service hardening
2020-05-31 23:11:44 +02:00
Hugo Geoffroy c784d3ab76 nixos/haproxy: add reloading support, use upstream service hardening
Refactor the systemd service definition for the haproxy reverse proxy,
using the upstream systemd service definition. This allows the service
to be reloaded on changes, preserving existing server state, and adds
some hardening options.
2020-05-31 22:35:27 +02:00
Florian Klink 414e1c6305
Merge pull request #88887 from mweinelt/vsftpd
vsftpd: listen on both address families
2020-05-31 16:34:01 +02:00
Michele Guerini Rocco a4f9e8bf68
Merge pull request #85900 from rnhmjoj/dnscrypt
nixos/dnscrypt-wrapper: use dnscrypt-proxy1
2020-05-27 19:52:53 +02:00
Marek Mahut 8f1c621b4e Merge pull request #88881 from mmahut/ergo
ergo: init at 3.2.5
2020-05-27 11:34:24 +02:00
Marek Mahut fdc48e5c7e nixos/ergo: init 2020-05-26 21:47:31 +02:00
Martin Weinelt c18fae4a35 vsftpd: listen on both address families 2020-05-25 20:14:20 +02:00
rnhmjoj 743eea4c5f
nixos/dnscrypt-wrapper: make provider keys configurable 2020-05-25 09:16:23 +02:00
rnhmjoj fd3727a313
nixos/dnscrypt-wrapper: use dnscrypt-proxy1 2020-05-25 09:16:23 +02:00
Aaron Andersen 563a3f5a81 nixos/networkmanager: apply --filter-policy=STRICT to modemmanager service 2020-05-23 20:49:13 -04:00
snicket2100 866b411ab6 nixos/dnscrypt-proxy2: service restart on failure
it does happen that `dnscrypt-proxy` exit when it is unable to
synchronise its resolvers metadata on startup. this can happen due
to network connectivity issues for example. not restarting it automatically
means no dns resolution will work until a manual restart is performed.
2020-05-22 06:43:10 +02:00
Florian Klink 1955982190 nixos/wpa_supplicant: always run systemctl of the currently running systemd 2020-05-21 10:31:08 +02:00
Florian Klink 52e104cfdf nixos/nsd: always run systemctl of the currently running systemd 2020-05-21 10:30:40 +02:00
Florian Klink b0222a5e9c nixos/dhcpcd: always run systemctl of the currently running systemd 2020-05-21 10:30:21 +02:00
Emery Hemingway ac97b19a2a nixos/yggdrasil: change config priority, persistentKeys
Favor the configuration in "configFile" over "config" to allow
"configFile" to override "config" without a system rebuild.

Add a "persistentKeys" option to generate keys and addresses that
persist across service restarts. This is useful for self-configuring
boot media.
2020-05-21 12:11:13 +05:30
Florian Klink 4a85559ffc
Merge pull request #87016 from flokli/nsswitch-cleanup
nixos/nsswitch cleanup nss modules
2020-05-14 14:55:43 +02:00
betaboon fd41795f58 nixos/pixiecore: fix escaping of cmdline 2020-05-12 15:14:49 +02:00
Florian Klink fd21793de6 nixos/avahi: move nss database configuration into avahi module 2020-05-11 16:14:50 +02:00
Vojtěch Káně e7ab236cab monero: fix rcp.restricted option
According to https://monerodocs.org/interacting/monerod-reference/#node-rpc-api
the correct option is restricted-rpc, not restrict-rpc.
2020-05-11 12:11:58 +02:00
0x4A6F 71a137a297
nixos/xandikos: update listen-address parameter 2020-05-08 18:20:55 +02:00
Vladimír Čunát 54eb2d1018
Merge branch 'staging-next'
Status on Hydra for linuxes seems good enough:
https://hydra.nixos.org/eval/1585703?filter=linux&compare=1585482&full=#tabs-now-fail
2020-05-06 08:20:05 +02:00
Frederik Rietdijk 9875bbae75 Merge master into staging-next 2020-05-05 19:51:09 +02:00
Lassulus ef0f57ff8a
Merge pull request #86712 from rardiol/hostapd
nixos/hostapd: country selection, CRDA, logging
2020-05-05 19:51:09 +02:00
Ricardo Ardissone a55b736a65 nixos/hostapd: conditionally enable ieee80211d 2020-05-04 21:28:56 -03:00
Ricardo Ardissone d6d0442243 nixos/hostapd: add logLevel option 2020-05-04 00:31:09 -03:00
Ricardo Ardissone c09c054231 nixos/hostapd: add countryCode option 2020-05-04 00:31:09 -03:00
Ricardo Ardissone 151d32d22c nixos/hostapd: use CRDA
Needed for regulatory compliance and unlocking some channels.
2020-05-03 23:57:33 -03:00
Martin Milata ce0c39be0b nixos/prosody: add MUC extraConfig, fix extraConfig order
Add extraConfig option for the muc submodule.

Also move the global extraConfig before all components and
virtualhosts, because the manual states:

    The configuration is divided into two parts. The first part is known as
    the "global" section. All settings here apply to the whole server, and
    are the default for all virtual hosts.

    The second half of the file is a series of VirtualHost and Component
    definitions. Settings under each VirtualHost or Component line apply
    only to that host.

Before, if at least one muc was defined, or uploadHttp enabled, the
global extraConfig would end up after "muc" or "http_upload" component
making it apply to that component only and not globally.
2020-05-04 00:10:33 +02:00
Frederik Rietdijk afb1041148 Merge master into staging-next 2020-05-02 09:39:00 +02:00
Emery Hemingway 0d49162aa0 nixos/yggdrasil: add group option
Allow users to access the Yggdrasil control socket by group.
2020-05-02 01:21:55 +05:30
Florian Klink e148a72377
Merge pull request #86067 from NinjaTrappeur/nin-sane-prosody-defaults
nixos/prosody: make module defaults comply with XEP-0423
2020-05-01 20:07:13 +02:00
Félix Baylac-Jacqué f5b1e6bc21
nixos/prosody: add NixOS manual entry
We add a Prosody entry to the NixOS manual showing how to setup a
basic XEP-0423 compliant Prosody service. This example also showcase
how to generate the associated ACME certificates.

Note: The <programlisting> body might look poorly indented, but trust
me, it's necessary. If we try to increase their indentation level, the
HTML output will end up containing a lot of unecesseray heading spaces
breaking the formatting...
2020-05-01 19:57:33 +02:00
Ed Cragg df2f8d9150 thelounge: write out default path for thelounge
The output file is found and handled by thelounge itself [1], leaving
the user free to override THELOUNGE_HOME in the environment if they
choose, but having a sensible default to make `thelounge` generally
usable in most cases.

This solution follows discussion on #70318.

[1] 9ef5c6c67e/src/command-line/utils.js (L56)
2020-05-01 14:46:46 +01:00
Félix Baylac-Jacqué 353a8b58e6
nixos/prosody: leverage systemd sandbox features to harden service
We are leveraging the systemd sandboxing features to prevent the
service accessing locations it shouldn't do. Most notably, we are here
preventing the prosody service from accessing /home and providing it
with a private /dev and /tmp.

Please consult man systemd.exec for further informations.
2020-04-30 20:40:00 +02:00
Félix Baylac-Jacqué 8aea528872
nixos/prosody: make defaults comply with XEP-0423
Setting up a XMPP chat server is a pretty deep rabbit whole to jump in
when you're not familiar with this whole universe. Your experience
with this environment will greatly depends on whether or not your
server implements the right set of XEPs.

To tackle this problem, the XMPP community came with the idea of
creating a meta-XEP in charge of listing the desirable XEPs to comply
with. This meta-XMP is issued every year under an new XEP number. The
2020 one being XEP-0423[1].

This prosody nixos module refactoring makes complying with XEP-0423
easier. All the necessary extensions are enabled by default. For some
extensions (MUC and HTTP_UPLOAD), we need some input from the user and
cannot provide a sensible default nixpkgs-wide. For those, we guide
the user using a couple of assertions explaining the remaining manual
steps to perform.

We took advantage of this substential refactoring to refresh the
associated nixos test.

Changelog:
- Update the prosody package to provide the necessary community
  modules in order to comply with XEP-0423. This is a tradeoff, as
  depending on their configuration, the user might end up not using them
  and wasting some disk space. That being said, adding those will
  allow the XEP-0423 users, which I expect to be the majority of
  users, to leverage a bit more the binary cache.
- Add a muc submodule populated with the prosody muc defaults.
- Add a http_upload submodule in charge of setting up a basic http
  server handling the user uploads. This submodule is in is
  spinning up an HTTP(s) server in charge of receiving and serving the
  user's attachments.
- Advertise both the MUCs and the http_upload endpoints using mod disco.
- Use the slixmpp library in place of the now defunct sleekxmpp for
  the prosody NixOS test.
- Update the nixos test to setup and test the MUC and http upload
  features.
- Add a couple of assertions triggered if the setup is not xep-0423
  compliant.

[1] https://xmpp.org/extensions/xep-0423.html
2020-04-30 20:39:54 +02:00
Thibaut Marty 4a0beed5c0 treewide: fix modules options types where the default is null
They can be caught with `nixos-option -r` on an empty ({...}:{}) NixOS
configuration.
2020-04-28 19:13:59 +02:00
zowoq c59c4e3589 nixos/*: use $out instead of $bin with buildGoPackage 2020-04-28 20:30:29 +10:00
Dominik Xaver Hörl c10d82358f treewide: add types to boolean / enable options or make use of mkEnableOption 2020-04-27 09:32:01 +02:00
Florian Klink c1a6e60335
Merge pull request #85598 from danderson/tailscale-fix-cachedir
nixos/tailscale: set a CacheDir in the systemd unit.
2020-04-21 22:38:32 +02:00
Dominik Xaver Hörl 0412bde942 treewide: add bool type to enable options, or make use of mkEnableOption
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
2020-04-21 08:55:36 +02:00
David Anderson cee5ddbb28 nixos/tailscale: set a CacheDir in the systemd unit.
Fixes a bug where tailscaled drops some files into / when CacheDir
is unset.

Signed-off-by: David Anderson <dave@natulte.net>
2020-04-20 15:35:55 -07:00
worldofpeace f882896cc8
Merge pull request #73934 from flokli/nixos-test-port-cockroachdb
nixosTests.cockroachdb: port to python
2020-04-19 16:30:45 -04:00
Langston Barrett 5de2e78016 nixos/networkmanager: restart dispatcher when nameservers change
Without this, you can change the list of appended or prepended nameservers in
your NetworkManager config, and nixos-rebuild doesn't cause those changes to
come into effect.
2020-04-15 13:50:51 -07:00
snicket2100 2b0ee787dd mosquitto: systemd service sandboxing
running the service in a sandbox. read-only root file system,
with tmpfs mounted in /tmp, hidden /root and /home,
temporary /dev. the only writeable path is the data directory,
which according to my experiments is enough for the service
to work correctly.
2020-04-13 10:46:56 +02:00
Tony Olagbaiye c1c9905aae nixos/nftables: fix typo in ruleset example 2020-04-10 23:48:52 +01:00
Florian Klink 502073b09a nixos/rxe: fix option description
This caused an opening xml tag in our docbook pipeline and failed the
manual build.
2020-04-05 15:30:08 +02:00
Frederik Rietdijk e50c67ad7e
Merge pull request #83618 from NixOS/staging-next
Staging next
2020-04-05 13:13:21 +02:00
Frederik Rietdijk 518d5be4f5 ssh validationPackage is a single value, not a list 2020-04-05 13:04:25 +02:00
Frederik Rietdijk 92124ed660 Merge master into staging-next 2020-04-03 21:54:40 +02:00
Silvan Mosberger eb0148e90b
Merge pull request #84074 from Infinisil/fix-literal-option-examples
nixos/treewide: Fix incorrectly rendered examples
2020-04-03 15:41:53 +02:00
Bastian Köcher 644d643d68 nixos/wg-quick: Fix after wireguard got upstreamed 2020-04-03 12:39:35 +02:00
Florian Klink f25a301a0a nixos/chrony: move to StateDirectory and tmpfiles.d 2020-04-03 00:34:18 +02:00
Bruno Bigras 544821654d
nixos/pixiecore: init (#83406)
Co-authored-by: raunovv <rauno@oyenetwork.com>
Co-authored-by: Jörg Thalheim <joerg@thalheim.io>
2020-04-02 13:06:21 +01:00
Silvan Mosberger 1d0fc9729d
nixos/treewide: Fix incorrectly rendered examples
Many options define their example to be a Nix value without using
literalExample. This sometimes gets rendered incorrectly in the manual,
causing confusion like in https://github.com/NixOS/nixpkgs/issues/25516

This fixes it by using literalExample for such options. The list of
option to fix was determined with this expression:

  let
    nixos = import ./nixos { configuration = {}; };
    lib = import ./lib;
    valid = d: {
      # escapeNixIdentifier from https://github.com/NixOS/nixpkgs/pull/82461
      set = lib.all (n: lib.strings.escapeNixIdentifier n == n) (lib.attrNames d) && lib.all (v: valid v) (lib.attrValues d);
      list = lib.all (v: valid v) d;
    }.${builtins.typeOf d} or true;

    optionList = lib.optionAttrSetToDocList nixos.options;

  in map (opt: {
    file = lib.elemAt opt.declarations 0;
    loc = lib.options.showOption opt.loc;
  }) (lib.filter (opt: if opt ? example then ! valid opt.example else false) optionList)

which when evaluated will output all options that use a Nix identifier
that would need escaping as an attribute name.
2020-04-02 07:49:25 +02:00
worldofpeace b0ac19e050 nixos: add freedesktop/gnome/myself maintainers 2020-04-01 20:53:09 -04:00
Mario Rodas c47ec3067d
Merge pull request #70762 from xfix/nixos-mullvad-vpn
nixos/mullvad-vpn: add service
2020-04-01 08:26:07 -05:00
Marek Mahut dd3da96318 nixos/magic-wormhole-mailbox-server: moving from mail to networking 2020-03-31 16:29:39 +02:00
Jörg Thalheim 10059e4b71
Merge remote-tracking branch 'upstream/master' into HEAD 2020-03-29 14:08:10 +01:00
worldofpeace d5cfaf5c39
Merge pull request #83473 from doronbehar/update-connman
connman: 1.37 -> 1.38
2020-03-28 18:18:14 -04:00
Frederik Rietdijk a36be028f5 Merge staging-next into staging 2020-03-28 21:15:15 +01:00
Doron Behar bffec3d884 nixos/connman: add TODOs regarding connman + network-manager 2020-03-28 12:28:29 +03:00
Doron Behar 480397693e nixos/connman: add option to use specific package 2020-03-28 12:06:54 +03:00
Marek Mahut 870a6e262d nixos/quorum: init 2020-03-27 19:31:01 +01:00
Serval 75afd2fc34
nixos/v2ray: check v2ray config during the build time 2020-03-25 01:51:56 +08:00
Orivej Desh 1b89aa3f7a Merge branch 'master' into staging 2020-03-23 00:53:16 +00:00
markuskowa a9d7a1ee5b
Merge pull request #81277 from markuskowa/upd-rdma-core
nixos/rdma-core: 27.0 -> 28.0, update RXE module
2020-03-22 18:01:09 +01:00
Darius Jahandarie 5fa345922f nixos/supplicant: Don't *stop* supplicant on machine resume. Fixes #51582 2020-03-20 11:08:34 -04:00
Jesper Geertsen Jonsson 02c2c864d1 resilio: fix a list being assigned to the option config.users.groups 2020-03-19 11:25:56 -05:00
Florian Klink 4e53f84c79 nixos/zerotierone: switch from manually generating the .link file to use the module
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.

With our module fixed, there's no need to manually manage the text file
anymore.

This was originally applied in 3d1079a20d,
but was reverted due to 1115959a8d causing
evaluation errors on hydra.
2020-03-19 14:16:26 +01:00
Martin Baillie 6e055c9f4a tailscale: init at 0.96-33
Signed-off-by: Martin Baillie <martin@baillie.email>
2020-03-18 05:07:47 +00:00
Niklas Hambüchen 9d45737ae7
Merge pull request #82767 from thefloweringash/rpfilter-assertion-types
nixos/firewall: fix types in reverse path assertion
2020-03-18 04:11:01 +01:00
Andrew Childs e110f5ecc1 nixos/firewall: fix types in reverse path assertion
Broken by 0f973e273c in #73533

The type of the checkReversePath option allows "strict" and "loose" as
well as boolean values.
2020-03-18 10:54:55 +09:00
goibhniu 5241e5a193
Merge pull request #79851 from mmilata/supybot-enhancements
nixos/supybot: switch to python3, enable systemd sandboxing, add option for installing plugins
2020-03-17 19:07:41 +00:00
Léo Gaspard a0307bad46
Merge pull request #79120 from symphorien/iodine
Iodine: ipv6 support, updates, hardening, nixos test....
2020-03-16 23:42:12 +01:00
Pierre Bourdon b8ef2285b5 nixos/stubby: set Type=notify on the systemd service
Fixes some dependency ordering problems at boot time with services that
require DNS. Without Type=notify these services might be started before
stubby was ready to accept DNS requests.
2020-03-16 10:10:45 +05:30
Silvan Mosberger 779b7ff3d8
Merge pull request #80931 from LEXUGE/master
smartdns: init at 30
2020-03-15 15:36:05 +01:00
adisbladis c00777042f
Merge pull request #82620 from aanderse/ssh-silent
nixos/ssh: silence ssh-keygen during configuration validation
2020-03-15 01:21:38 +00:00
Harry Ying 629d3bab18
nixos/smartdns: init first generation config 2020-03-15 08:53:20 +08:00
Aaron Andersen f383fa344e nixos/sshd: only include AuthorizedKeysCommand and AuthorizedKeysCommandUser options if explicitly set 2020-03-14 19:50:11 -04:00
Aaron Andersen f5951f520c nixos/ssh: silence ssh-keygen during configuration validation 2020-03-14 19:37:30 -04:00
Florian Klink 74f451b851
Merge pull request #82413 from aanderse/authorized-keys-command
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-14 23:58:47 +01:00
Andrew Childs 2c121f4215 nixos/firewall: fix inverted assertion for reverse path filtering
Previously the assertion passed if the kernel had support OR the
filter was *enabled*. In the case of a kernel without support, the
`checkReversePath` option defaulted to false, and then failed the
assertion.
2020-03-14 04:32:07 +00:00
Vladimír Čunát 0729b8c55e
Revert Merge #82310: nixos/systemd: apply .link
...even when networkd is disabled

This reverts commit ce78f3ac70, reversing
changes made to dc34da0755.

I'm sorry; Hydra has been unable to evaluate, always returning
> error: unexpected EOF reading a line
and I've been unable to reproduce the problem locally.  Bisecting
pointed to this merge, but I still can't see what exactly was wrong.
2020-03-13 22:05:33 +01:00
Aaron Andersen dbe59eca84 nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options 2020-03-12 21:00:12 -04:00
Florian Klink ce78f3ac70
Merge pull request #82310 from flokli/systemd-network-link-no-networkd
nixos/systemd: apply .link even when networkd is disabled
2020-03-12 15:47:59 -07:00
Markus Kowalewski 2c7f8d56dc
nixos/rxe: use iproute instead of rdma-core
The rdma-core packages dropped rxe_cfg in favour
of iproute's rdma utility (see https://github.com/linux-rdma/rdma-core/pull/678/files)
2020-03-12 22:32:44 +01:00
adisbladis f3adcbd150
Merge pull request #82411 from adisbladis/ntpd-extraconfig
services.ntpd: Add extraConfig parameter
2020-03-12 16:37:25 +00:00
Silvan Mosberger 8f2109cda4
Merge pull request #81945 from Infinisil/hostFiles
Introduce `networking.hostFiles` option
2020-03-12 15:56:30 +01:00
adisbladis 63c35a9c28
services.ntpd: Add extraConfig parameter 2020-03-12 14:44:59 +00:00
Jörg Thalheim 154f9e1bd9
Merge pull request #82340 from nyanloutre/vsftpd_pam_fix
nixos/vsftpd: fix missing default pam_service_name
2020-03-11 22:29:43 +00:00
Jörg Thalheim 9aa23e31b3
Merge pull request #80904 from talyz/haproxy-fixes
nixos/haproxy: Revive the haproxy user and group
2020-03-11 22:23:13 +00:00
nyanloutre 7ab00c48d8
nixos/vsftpd: fix missing default pam_service_name
9458ec4 removed the ftp pam service which was used by default by vsftpd
2020-03-11 21:15:47 +01:00
talyz bb7ad853fb nixos/haproxy: Revive the haproxy user and group
Running haproxy with "DynamicUser = true" doesn't really work, since
it prohibits specifying a TLS certificate bundle with limited
permissions. This revives the haproxy user and group, but makes them
dynamically allocated by NixOS, rather than statically allocated. It
also adds options to specify which user and group haproxy runs as.
2020-03-11 19:52:37 +01:00
Florian Klink 3d1079a20d nixos/zerotierone: switch from manually generating the .link file to use the module
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.

With our module fixed, there's no need to manually manage the text file
anymore.
2020-03-11 10:21:37 +01:00
Linus Heckemann dfc70d37f4
Merge pull request #82252 from mayflower/radius-http2
FreeRADIUS improvements
2020-03-10 16:01:46 +01:00
Linus Heckemann 065716ab95 nixos/freeradius: depend on network.target, not online 2020-03-10 15:54:29 +01:00
Linus Heckemann 0587329191 freeradius: make debug logging optional 2020-03-10 15:54:02 +01:00
Martin Milata 1affd47cc1 nixos/supybot: python3 switch, add plugin options
Python2 seems to be no longer supported by limnoria upstream.
2020-03-09 23:32:54 +01:00
Martin Milata 57f5fb62d4 nixos/supybot: enable systemd sandboxing options 2020-03-09 23:32:54 +01:00
Martin Milata b150e08169 nixos/supybot: stateDir in /var/lib, use tmpfiles
Moving the stateDir is needed in order to use ProtectSystem=strict
systemd option.
2020-03-09 23:29:04 +01:00
Silvan Mosberger 64ee425a01
nixos/cjdns: Fix connectTo example rendering 2020-03-07 02:01:41 +01:00
Silvan Mosberger 1906320e68
nixos/cjdns: Don't use IFD for extra hosts 2020-03-07 02:01:19 +01:00
Luis Ressel b19c485b22
nixos/wireguard: Fix typo in error message
generatePrivateKey -> generatePrivateKeyFile
2020-03-06 16:19:23 +01:00
Julien Moutinho 47f27938e7 shorewall: fix RestartTriggers 2020-03-05 00:01:44 +01:00
Thomas Dy 97a61c8903 nixos/nat: fix multiple destination ports with loopback 2020-03-04 18:11:31 +09:00
Andreas Rammhold ca5048cba4
Merge pull request #79925 from mrkkrp/mk/add-nix-store-gcs-proxy-service
Add nix-store-gcs-proxy service
2020-03-02 16:04:16 +01:00
Mark Karpov 96b472e95d
module/nix-store-gcs-proxy: init 2020-03-02 16:01:14 +01:00
obadz c31958449f
Merge pull request #77405 from danielfullmer/zerotier-mac-fix
nixos/zerotierone: prevent systemd from changing MAC address
2020-03-01 18:49:00 -07:00
worldofpeace 21c971a732
Merge pull request #81118 from tilpner/gitdaemon-usercreation
nixos/git-daemon: only create git user if it will be used
2020-03-01 13:40:57 +00:00
Jörg Thalheim 9218a58964
nixos/sslh: don't run as nogroup
See #55370
2020-02-28 15:32:36 +00:00
Vladimír Čunát 5f881209f9
nixos/kresd: never force extraFeatures = false
Fixes #81109.  Regressed in PR #78392 (26858063).
2020-02-26 15:10:53 +01:00
tilpner 6df119a6ec
nixos/git-daemon: only create git user if it will be used 2020-02-26 15:04:36 +01:00
Jörg Thalheim 8cfd003295
stubby: configure cache directory
This is needed for local dnssec validation
2020-02-24 10:51:43 +00:00
Lengyel Balazs 50fb52d4e1 fix wireguard service as well after it got upstreamed. 2020-02-22 00:32:15 +01:00
Jörg Thalheim 1ddb140d95
Merge pull request #53033 from netixx/openvswitch-improved-systemd
openvswitch: better integration with systemd
2020-02-21 08:24:49 +00:00
Edward Tjörnhammar 9bab9e2ec6
nixos/i2pd: address #63103
As a comment to 1d61efb7f1
Note that collect returns a list from a set
2020-02-19 13:15:28 +01:00
Julien Moutinho f9be656873
shorewall: fix warnings due to types.loaOf being deprecated (#80154) 2020-02-16 12:53:49 +02:00
Jörg Thalheim 466c1df3e2
Merge pull request #79266 from Mic92/knot
nixos/knot: add keyFiles option
2020-02-15 11:15:03 +00:00
Jyun-Yan You 0f8d1ac47d nixos/pppd: fix build error 2020-02-14 12:51:50 +08:00
Symphorien Gibol 44fd320c0f nixos/iodine: protect passwordFiles with toString
It should prevent copying the files to a store path
2020-02-13 21:30:14 +01:00
Will Dietz ac8a92543b
iwd: drop tmpfiles snippet, services use StateDirectory already
Originally added in [1], and iwd added StateDirectory to its services
in [2] -- 4 days later.

("StateDirectory wasn't used when tmpfile snippet was added to NixOS")
(nevermind git -> release delay)

[1] 6e54e9253a
[2] upstream iwd git rev: 71ae0bee9c6320dae0083ed8c1700bc8fff1defb
2020-02-12 19:29:28 -06:00
Jörg Thalheim e2ef8b439f
knot: add keyFiles option
This useful to include tsig keys using nixops without adding those
world-readable to the nix store.
2020-02-12 16:36:42 +00:00
Jörg Thalheim 88029bce39
knot: drop dynamic user
This makes it hard to include secret files.
Also using tools like keymgr becomes harder.
2020-02-12 16:34:10 +00:00
Martin Milata d99808c720 nixos/supybot: fix username
Broken in 1d61efb7f1.
2020-02-10 17:56:51 +01:00
Silvan Mosberger 6169eef798
Merge pull request #78024 from wamserma/minidlna-interval
minidlna: provide configuration option for announce interval
2020-02-10 01:25:47 +01:00
Markus S. Wamser 696979e0bc modules/wireguard: fix typo in documentation 2020-02-07 20:54:35 +01:00
symphorien d2d5d89c2c
nixos/iodine: improve wording of some descriptions
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:47:43 +00:00
symphorien dfa67635d6
nixos/iodine: fix typo in description
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:42:27 +00:00
symphorien 1addf1fd94
nixos/iodine: improve description of some options
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:42:07 +00:00
Frederik Rietdijk 419bc0a4cd Revert "Revert "Merge master into staging-next""
In 87a19e9048 I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a5 I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c7979. This was however wrong, as it "removed" master.

This reverts commit 0be87c7979.
2020-02-05 19:41:25 +01:00
Frederik Rietdijk 0be87c7979 Revert "Merge master into staging-next"
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048.

This reverts commit ac241fb7a5, reversing
changes made to 76a439239e.
2020-02-05 19:18:35 +01:00
Vladimír Čunát baeed035ea
Merge #78628: knot-resolver: 4.3.0 -> 5.0.1
The service needed lots of changes. A few smaller changes
are added into the PR, e.g. replacement for PR #72014.
See the commit messages for details.
2020-02-05 16:57:02 +01:00
Symphorien Gibol 00a91d919d nixos/iodine: hardening 2020-02-04 20:54:29 +01:00
Symphorien Gibol 7437bff7d1 nixos/iodine: nixpkgs-fmt 2020-02-04 20:54:29 +01:00
worldofpeace 74e4cb7ea4
Merge pull request #78543 from Atemu/dnscrypt-proxy2-service
nixos/dnscrypt-proxy2: init
2020-02-02 23:02:06 -05:00
Maximilian Bosch c2d2c2d0ca
Merge pull request #72931 from Ma27/restart-dhcp-on-exit-hook-change
nixos/dhcpcd: restart dhcpcd if exit hook changed
2020-02-02 18:33:34 +01:00
Yegor Timoshenko 92d689d66b nixos/dnscrypt-proxy2: init
This removes the original dnscrypt-proxy module as well.

Co-authored-by: Atemu <atemu.main@gmail.com>
Co-authored-by: Silvan Mosberger <contact@infinisil.com>
Co-authored-by: ryneeverett <ryneeverett@gmail.com>
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-02-02 11:11:27 -05:00
Maximilian Bosch f9bb054180
Merge pull request #78968 from ju1m/nsd_types_lines
nsd : use types.lines where appropriate
2020-02-01 09:51:23 +01:00
Julien Moutinho 1a1e5f7be5 nsd: use types.lines where appropriate 2020-01-31 20:40:48 +01:00
Vladimír Čunát 02bf0557c0
nixos/kresd: add .instances option 2020-01-31 15:22:52 +01:00
Vladimír Čunát ae74a0e27c
(nixos/)knot-resolver: 4.3.0 -> 5.0.0
Minor incompatibilities due to moving to upstream defaults:
  - capabilities are used instead of systemd.socket units
  - the control socket moved:
    /run/kresd/control -> /run/knot-resolver/control/1
  - cacheDir moved and isn't configurable anymore
  - different user+group names, without static IDs

Thanks Mic92 for multiple ideas.
2020-01-31 15:22:52 +01:00
Vladimír Čunát 0a8fb01b80
nixos/kresd: fix a recent error in description 2020-01-31 15:06:27 +01:00
Aaron Andersen 7adffb14cd
Merge pull request #78419 from utsl42/fix-unifi-install
nixos/unifi: use systemd tmpfiles instead of preStart
2020-01-29 18:55:57 -05:00
worldofpeace c693bd142c
Merge pull request #78745 from bene1618/dhcpcd
nixos/dhcpcd: Add option for dhcpcd waiting behaviour
2020-01-29 18:08:20 -05:00
Mario Rodas deedf24c88
Merge pull request #75922 from tadfisher/kbfs-fixes
kbfs, nixos/keybase, nixos/kbfs: fix KBFS, add enableRedirector option
2020-01-28 19:13:40 -05:00
Benedikt Hunger 0767de3dc8 nixos/dhcpcd: Add option for dhcpcd waiting behaviour 2020-01-28 12:52:19 +01:00
Alyssa Ross e99ec699a4 nixos/bitlbee: don't assign list to users.groups
Warns about loaOf deprecation warning.
2020-01-27 02:51:02 +00:00
Nathan Hawkins b0208cb80f nixos/unifi: use systemd tmpfiles instead of preStart 2020-01-24 10:06:29 -05:00
Jörg Thalheim 2685806371
nixos/kresd: add listenDoH option 2020-01-23 23:22:37 +00:00
Jörg Thalheim bfa278ee5a
nixos/knot: set defaultText for package option
the package attributes looks nicer in the manual
2020-01-23 23:17:04 +00:00
Florian Klink dea2d64c35
Merge pull request #78134 from NinjaTrappeur/nin-harden-syncthing
nixos/syncthing.nix: Sandbox the systemd service.
2020-01-21 22:30:04 +01:00
zimbatm 93204f1d8a
nixos/matterbridge: fix package access
was broken by 4371ecb8a6 due to the
switch to buildGoModule
2020-01-21 13:17:18 +01:00
zimbatm b54c60b689
nixos/zerotierone: simplify the unit
There is no need to stop/start the unit when the machine is online or
offline.

This should fix the shutdown locking issues.

nixos zerotier: sometimes it doesn't shutdown
2020-01-21 13:14:38 +01:00
Félix Baylac-Jacqué ff8f2928ee
nixos/syncthing.nix: Sandbox the systemd service.
Using systemd sandboxing features to harden the syncthing service.
2020-01-20 21:48:48 +01:00
Markus S. Wamser d4718f180b minidlna: provide configuration option for announce interval
Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
2020-01-19 14:06:27 +01:00
Matt Layher 5089214a3d nixos/corerad: init 2020-01-16 12:38:36 -08:00
Silvan Mosberger 55b0129a14
Merge pull request #76178 from 0x4A6F/master-xandikos
xandikos: add tests and module
2020-01-13 23:48:22 +01:00
Martin Milata d9319e8e87 nixos/ndppd: enable systemd sandboxing 2020-01-13 11:11:32 +00:00
Robin Gloster 8305186bb4
Merge pull request #77554 from lheckemann/fix-wpa-multiple1
nixos/wpa_supplicant: fix use with multiple interfaces
2020-01-13 12:07:54 +01:00
Linus Heckemann bbd6d219e4 nixos/wpa_supplicant: fix #61391 2020-01-12 14:14:16 +01:00
volth 6abba2294d nixos/nat: use nixos-nat-out instead of OUTPUT 2020-01-12 00:06:49 +01:00
0x4A6F c9ca370e32
nixos/xandikos: init 2020-01-11 16:08:45 +01:00
Daniel Fullmer 27b8253655 nixos/zerotierone: prevent systemd from changing MAC address 2020-01-09 17:51:44 -05:00
markuskowa 2913973aa7
Merge pull request #76938 from lourkeur/fix_76184_gnunet
nixos/gnunet: Add types to the options
2020-01-09 21:33:50 +01:00
Pascal Bach 0319241132 nixos/mxisd: fix empty user name 2020-01-08 23:18:26 +01:00
Milan Pässler 2a31a6a412 tree-wide: fix errors and warning related to loaOf deprecation 2020-01-07 06:23:28 +01:00
rnhmjoj 1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Louis Bettens d49737836a nixos/gnunet: Add types to the options 2020-01-05 00:07:50 +01:00
Christian Kauhaus 129c73802f
Merge pull request #76153 from arcnmx/connman-iwd
nixos/connman: optional iwd backend
2020-01-02 21:35:54 +01:00
Silvan Mosberger cdf79db19d
Module system improvements for NixOS as a submodule (#75031)
Module system improvements for NixOS as a submodule
2020-01-02 20:38:45 +01:00
Silvan Mosberger bc42515736
nixos/syncthing: Fix submodule name usage
Module arguments should be taken from the arguments directly. This
allows evalModule's specialArgs to override them if necessary
2020-01-02 09:59:35 +01:00
Tim J. Baumann 36b98fdf26 networkmanager: fix dispatcherScripts example
Before, the example script didn't actually exit when the event type
didn't match "up".
2020-01-01 15:32:15 +01:00
Ryan Mulligan 3a644e30b9
Merge pull request #46131 from ju1m/shorewall
shorewall: init at 5.2.3.3
2019-12-30 10:04:31 -08:00
Julien Moutinho 56a73dfb35 shorewall: init at 5.2.3.3
nixos/shorewall: init
2019-12-30 09:42:03 -08:00
Vladimír Čunát c3d4998e41
Merge #75803: kresd service: unify listen declarations 2019-12-27 15:55:38 +01:00
Tad Fisher b4bacff13f nixos/keybase, nixos/kbfs: update service configs; add redirector 2019-12-23 22:55:06 -08:00
Florian Klink eeaf1f702d
Merge pull request #75103 from sternenseemann/spacecookie
services/spacecookie: init
2019-12-23 11:09:52 +01:00
arcnmx 7753d58e89 nixos/connman: optional iwd backend 2019-12-21 13:48:15 -08:00
Florian Klink e46abc6b8d
Merge pull request #76069 from misuzu/package-3proxy
nixos/3proxy: manual validation fix
2019-12-20 02:15:45 +01:00
misuzu b6f87c688b nixos/3proxy: manual validation fix 2019-12-20 00:17:49 +02:00
Michael Raskin 6210c15573
Merge pull request #67507 from misuzu/package-3proxy
3proxy: init at 0.8.13
2019-12-19 15:42:15 +00:00