1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 06:31:02 +00:00
Commit graph

1573 commits

Author SHA1 Message Date
Graham Christensen 7b8a7cee78
Merge pull request #63699 from NinjaTrappeur/nin-hostapd-noscan
hostapd: add noscan mode
2019-06-25 18:08:58 -04:00
Graham Christensen 38c28ef10c
Merge pull request #56265 from aanderse/permissions-start-only
replace deprecated usage of PermissionsStartOnly (part 2)
2019-06-25 18:04:22 -04:00
Félix Baylac-Jacqué 5121f8d1e6
hostapd: starting hostapd systemd service at boot. 2019-06-24 00:26:27 +02:00
Félix Baylac-Jacqué 98deb87354
hostapd: Add noscan mode.
Applies OpenWRT's noscan patch to hostapd and the relevant option to
the hostapd module.

This noscan patch adds a new `noscan` option allowing us to create
some overlapping BSSs in HT40+/- mode.

Note: this option is disabled by default, we leave this up to the end
user whether it should be enabled or not.

Not being able to create those overlapping BSSs is basically
preventing us to use 802.11n in any urban area where chances to
overlap with another SSID are extremely high.

The patch we are using is a courtesy of the openwrt team and is
applied to the defaul hostapd package in both OpenWRT and Archlinux.
2019-06-24 00:26:20 +02:00
Matthew Bauer 808d6fc7de
Merge pull request #63087 from matthiasbeyer/fix-ddclient-extraconfig
Fix ddclient extraConfig
2019-06-20 15:28:04 -04:00
Frederik Rietdijk 41377252e5 Merge master into staging-next 2019-06-18 10:53:28 +02:00
Vladimír Čunát 0aa9f35a99
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1525828
2019-06-18 09:44:13 +02:00
Jan Tojnar 11cb382a4c
nixos/doc: Fix spurious indentation 2019-06-17 12:28:26 +02:00
volth f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Frederik Rietdijk 482c74cfb8 Merge staging into staging-next 2019-06-15 10:49:30 +02:00
Samuel Dionne-Riel 861bbbcb3c nixos/sshd: fixes validation for cross-compilation
See https://github.com/NixOS/nixpkgs/pull/62853
2019-06-15 00:56:42 -04:00
Lasse Blaauwbroek 0515392ed3 Fix ddclient extraConfig
The the extraConfig variable is added below the domain variable in the
ddclient config file. The domain variable should always be last.

(cherry picked from commit ba0ba6dc79)
2019-06-13 18:25:59 +02:00
Frederik Rietdijk 7953a65269 Merge staging-next into staging 2019-06-12 09:24:00 +02:00
Robin Gloster 68c30f0d9b
Merge pull request #62153 from WilliButz/avahi-refactor
avahi: set service directory and refactor module
2019-06-11 14:04:33 +00:00
Lucas Savva 24e974b904
bind: Remove deprecated flag from rndc-confgen
Fixes bind.service startup issue after NixOS/nixpkgs#61619
2019-06-11 09:05:56 +02:00
Frank Doepper f7ef7bacb7 openvpn: fix static key mini howto url 2019-06-10 13:02:45 +02:00
Jörg Thalheim 98e3b90b6c
Merge pull request #62269 from dasJ/fix-bird-reload
nixos/bird: Fix reload
2019-06-09 17:34:30 +01:00
WilliButz f491e94bac nixos/wireguard: add peer service to interface dependencies (#62828)
Previously each oneshot peer service only ran once and was not
restarted together with the interface unit. Because of this,
defined peers were missing after restarting their corresponding
interface unit.

Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
2019-06-09 11:51:45 +02:00
Nikolay Amiantov 05c1addde3 mtprotoproxy service: init 2019-06-09 11:49:03 +03:00
Eelco Dolstra 4bb48e7f99
wireguard: Don't fail if modprobe fails
This can lead to unnecessary failures if the kernel module is already
loaded:

  Jun 06 12:38:50 chef bglisn9bz0y5403vdw9hny0ij43r41jk-unit-script-wireguard-wg0-start[13261]: modprobe: FATAL: Module wireguard not found in directory /run/booted-system/kernel-modules/lib/modules/4.19.36
2019-06-06 12:40:30 +02:00
WilliButz 49302dc593
nixos/avahi: refactor module, add option extraServiceFiles
Types are now specified for all options.
The fixed uid and gid for the avahi user have been removed
and the user avahi is now in the group avahi.
The the generic opening of the firewall for UDP port 5353 is
now optional, but still defaults to true.

The option `extraServiceFiles` was added to specify avahi
service definitions, which are then placed in `/etc/avahi/services`.
2019-06-04 00:22:48 +02:00
Bas van Dijk 1959799d51 strongswan: 5.7.2 -> 5.8.0 2019-06-03 18:01:55 +02:00
Daniël de Kok c619bbbbef nixos/btsync: remove
Remove the btsync module. Bittorrent Sync was renamed to Resilio Sync in
2016, which is supported by the resilio module. Since Resilio Sync had
some security updates since 2016, it is not safe to run Bittorrent Sync
anymore.
2019-06-03 09:16:13 +02:00
Graham Christensen 1de35c7f5e
wireguard: attempt infinity times to resolve a peer 2019-05-31 14:51:31 -04:00
Graham Christensen dc44fc1760
wireguard: add each peer in a separate service
Before, changing any peers caused the entire WireGuard interface to
be torn down and rebuilt. By configuring each peer in a separate
service we're able to only restart the affected peers.

Adding each peer individually also means individual peer
configurations can fail, but the overall interface and all other peers
will still be added.

A WireGuard peer's internal identifier is its public key. This means
it is the only reliable identifier to use for the systemd service.
2019-05-31 14:51:25 -04:00
Will Dietz a72d6f9349
Merge pull request #60954 from dtzWill/fix/network-online-actually-online-with-networkmanager
networkmanager: network-online --wants--> NetworkManager-wait-online
2019-05-30 23:05:57 -05:00
Janne Heß 672495d596 nixos/bird: Fix reload
When calling reload, bird attempts to reload the file that was given in
the command line. As the change of ${configFile} is never picked up,
bird will just reload the old file.
This way, the configuration is placed at a known location and updated.
2019-05-31 01:21:18 +02:00
Nikolay Amiantov f23c110692 murmur service: log to journald by default
Save an option to log to file with new `logFile` option.

As a side effect deprecate `pidfile` option and instead use systemd's
RuntimeDirectory.
2019-05-30 15:43:32 +03:00
Matthew Bauer 0a2b9719fd
Merge pull request #62157 from Lassulus/syncthing-fix
nixos/syncthing: run init only if a devices or folders are set
2019-05-29 21:02:18 -04:00
lassulus 87e9e65b6f nixos/syncthing: run init only if devices or folders are set 2019-05-29 13:57:39 +02:00
lassulus ddfb687d5e nixos/syncthing: better examples for declarative options 2019-05-29 07:12:14 +09:00
Aaron Andersen 89dae4b1ae nixos/murmur: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:58 -04:00
Aaron Andersen e734494a59 nixos/autossh: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen e85d03e52b nixos/aria2: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:56 -04:00
Aaron Andersen 46a5db0810 nixos/quassel: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:55 -04:00
Aaron Andersen 307a99bb01 nixos/squid: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:55 -04:00
Aaron Andersen dd9598cf54 nixos/teamspeak3: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen 0b7305e783 nixos/unifi: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen 4a4d3a2e04 nixos/zeronet: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen 93235b8a85 nixos/minidlna: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-05-26 07:20:54 -04:00
Aaron Andersen 86fd8c910d nixos/charybdis: replace deprecated usage of PermissionsStartOnly 2019-05-25 13:48:41 -04:00
Maximilian Bosch 5fa93517f5
Merge pull request #61971 from sjau/wg_client_start
wireguard: restart on failure\nAs a oneshot service, if the startup f…
2019-05-25 16:36:56 +02:00
sjau 1bff53cb84
wireguard: restart on failure
As a oneshot service, if the startup failed it would never be attempted again.
This is problematic when peer's addresses require DNS. DNS may not be reliably available at
the time wireguard starts. Converting this to a simple service with Restart
and RestartAfter directives allows the service to be reattempted, but at
the cost of losing the oneshot semantics.

Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
2019-05-25 16:32:14 +02:00
Florian Klink e4de353830
wireguard service: allow empty interfaces (#61743)
wireguard service: allow empty interfaces
2019-05-25 16:30:27 +02:00
Nikolay Amiantov cfadd988e5 wireguard service: allow empty interfaces
This is needed in case one wants to use wg-quick on NixOS.
2019-05-25 11:17:36 +03:00
Milan Pässler 387d85b271 nixos/prosody: add authentication option (fixes #53134)
Passwords should not be stored in plain text by default. On existing
installations the next time a users user accounts will automatically
be upgraded from plain to hashed one-by-one as they log in.
2019-05-24 23:51:44 +02:00
Franz Pletz eb7c11d552
Merge pull request #58718 from Ma27/validate-ssh-configs
nixos/sshd: validate ssh configs during build
2019-05-24 18:30:04 +00:00
Maximilian Bosch 00a5222499
nixos/sshd: validate ssh configs during build
With `sshd -t` config validation for SSH is possible. Until now, the
config generated by Nix was applied without any validation (which is
especially a problem for advanced config like `Match` blocks).

When deploying broken ssh config with nixops to a remote machine it gets
even harder to fix the problem due to the broken ssh that makes reverts
with nixops impossible.

This change performs the validation in a Nix build environment by
creating a store path with the config and generating a mocked host key
which seems to be needed for the validation. With a broken config, the
deployment already fails during the build of the derivation.

The original attempt was done in #56345 by adding a submodule for Match
groups to make it harder screwing that up, however that made the module
far more complex and config should be described in an easier way as
described in NixOS/rfcs#42.
2019-05-24 20:16:53 +02:00
Carl Dong f15118a883 nixos/bitcoind: add bitcoind service 2019-05-22 15:48:57 -04:00
Ingolf Wanger e4f1e144a0 syncthing: made module more NixOps friendly 2019-05-22 22:39:34 +09:00