Aaron Andersen
6f0c1cdbd9
nixos/duosec: rename ikey option to integrationKey
2020-03-22 20:25:11 -04:00
Aaron Andersen
b9dca769f1
nixos/duosec: replace insecure skey option with secure secretKeyFile option
2020-03-22 20:23:55 -04:00
Aaron Andersen
4f9cea70bd
nixos/duosec: fix indentation
2020-03-21 10:34:12 -04:00
volth
4d57e56b71
$toplevel/system: use kernel's architecture
...
`$toplevel/system` of a system closure with `x86_64` kernel and `i686` userland should contain "x86_64-linux".
If `$toplevel/system` contains "i686-linux", the closure will be run using `qemu-system-i386`, which is able to run `x86_64` kernel on most Intel CPU, but fails on AMD.
So this fix is for a rare case of `x86_64` kernel + `i686` userland + AMD CPU
2020-03-20 16:55:44 +00:00
Eelco Dolstra
a0a61c3e34
nixos-option: Disable on Nix >= 2.4 because it doesn't compile
...
This is needed when using the overlay from the Nix flake.
2020-03-20 14:52:22 +01:00
Jesper Geertsen Jonsson
02c2c864d1
resilio: fix a list being assigned to the option config.users.groups
2020-03-19 11:25:56 -05:00
Florian Klink
4e53f84c79
nixos/zerotierone: switch from manually generating the .link file to use the module
...
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.
With our module fixed, there's no need to manually manage the text file
anymore.
This was originally applied in 3d1079a20d
,
but was reverted due to 1115959a8d
causing
evaluation errors on hydra.
2020-03-19 14:16:26 +01:00
Florian Klink
355c58e485
nixos/networkd: respect systemd.network.links also with disabled systemd-networkd
...
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.
This was originally applied in 36ef112a47
,
but was reverted due to 1115959a8d
causing
evaluation errors on hydra.
2020-03-19 14:15:32 +01:00
Martin Baillie
6e055c9f4a
tailscale: init at 0.96-33
...
Signed-off-by: Martin Baillie <martin@baillie.email>
2020-03-18 05:07:47 +00:00
Niklas Hambüchen
9d45737ae7
Merge pull request #82767 from thefloweringash/rpfilter-assertion-types
...
nixos/firewall: fix types in reverse path assertion
2020-03-18 04:11:01 +01:00
Andrew Childs
e110f5ecc1
nixos/firewall: fix types in reverse path assertion
...
Broken by 0f973e273c
in #73533
The type of the checkReversePath option allows "strict" and "loose" as
well as boolean values.
2020-03-18 10:54:55 +09:00
goibhniu
5241e5a193
Merge pull request #79851 from mmilata/supybot-enhancements
...
nixos/supybot: switch to python3, enable systemd sandboxing, add option for installing plugins
2020-03-17 19:07:41 +00:00
Léo Gaspard
a0307bad46
Merge pull request #79120 from symphorien/iodine
...
Iodine: ipv6 support, updates, hardening, nixos test....
2020-03-16 23:42:12 +01:00
Danylo Hlynskyi
fab05f17d1
Merge pull request #80114 from rnhmjoj/initrd
...
nixos/boot: add option to disable initrd
2020-03-16 20:04:24 +02:00
Maximilian Bosch
a2e06fc342
Merge pull request #80447 from Ma27/bump-matrix-synapse
...
matrix-synapse: 1.9.1 -> 1.11.1
2020-03-16 10:55:38 +01:00
Maximilian Bosch
849e16888f
nixos/doc/matrix-synapse: refactor
...
* Linkify all service options used in the code-examples.
* Demonstrated the use of `riot-web.override {}`.
* Moved the example how to configure a postgresql-database for
`matrix-synapse` to this document from the 20.03 release-notes.
2020-03-16 10:39:42 +01:00
Pierre Bourdon
b8ef2285b5
nixos/stubby: set Type=notify on the systemd service
...
Fixes some dependency ordering problems at boot time with services that
require DNS. Without Type=notify these services might be started before
stubby was ready to accept DNS requests.
2020-03-16 10:10:45 +05:30
Maximilian Bosch
8be61f7a36
matrix-synapse: 1.9.1 -> 1.11.1
...
https://github.com/matrix-org/synapse/releases/tag/v1.10.0
https://github.com/matrix-org/synapse/releases/tag/v1.10.1
https://github.com/matrix-org/synapse/releases/tag/v1.11.0
https://github.com/matrix-org/synapse/releases/tag/v1.11.1
2020-03-15 17:09:51 +01:00
Silvan Mosberger
7c3f3e9c51
Merge pull request #72029 from lschuermann/tpm2-module
...
nixos/tpm2: init
2020-03-15 15:47:06 +01:00
Silvan Mosberger
779b7ff3d8
Merge pull request #80931 from LEXUGE/master
...
smartdns: init at 30
2020-03-15 15:36:05 +01:00
Leon Schuermann
156b879c2e
nixos/tpm2: init
...
This commit adds udev rules, the userspace resource manager and
PKCS#11 module support.
2020-03-15 12:16:32 +01:00
adisbladis
c00777042f
Merge pull request #82620 from aanderse/ssh-silent
...
nixos/ssh: silence ssh-keygen during configuration validation
2020-03-15 01:21:38 +00:00
Harry Ying
629d3bab18
nixos/smartdns: init first generation config
2020-03-15 08:53:20 +08:00
Aaron Andersen
f383fa344e
nixos/sshd: only include AuthorizedKeysCommand and AuthorizedKeysCommandUser options if explicitly set
2020-03-14 19:50:11 -04:00
Aaron Andersen
f5951f520c
nixos/ssh: silence ssh-keygen during configuration validation
2020-03-14 19:37:30 -04:00
Florian Klink
74f451b851
Merge pull request #82413 from aanderse/authorized-keys-command
...
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-14 23:58:47 +01:00
zimbatm
001be890f7
folding@home: 6.02 -> 7.5.1
...
The v7 series is very different.
This commit introduces the 3 packages: fahclient, fahcontrol and
fahviewer. It also rebuilds the NixOS module to map better with the new
client.
2020-03-14 13:01:26 -07:00
Jörg Thalheim
4a8a014be4
Merge pull request #82468 from Mic92/kvmgt
...
nixos/kvmgt: udev rules + fix module initialisation
2020-03-14 07:17:28 +00:00
Andrew Childs
01f03f30db
nixos/prometheus: add checkConfig
...
Workaround for https://github.com/prometheus/prometheus/issues/5222
2020-03-14 04:40:55 +00:00
Andrew Childs
2c121f4215
nixos/firewall: fix inverted assertion for reverse path filtering
...
Previously the assertion passed if the kernel had support OR the
filter was *enabled*. In the case of a kernel without support, the
`checkReversePath` option defaulted to false, and then failed the
assertion.
2020-03-14 04:32:07 +00:00
Joachim Fasting
1b575dbd79
nixos/firejail: use local runCommand
...
Also:
- use `runtimeShell`; and
- remove unused `makeWrapper` input; and
- `exec()` to shed wrapping shell
2020-03-14 03:09:48 +00:00
Mario Rodas
ee599f376c
Merge pull request #71329 from tilpner/cadvisor-no-docker
...
nixos/cadvisor: don't enable docker
2020-03-13 20:35:46 -05:00
Vladimír Čunát
0729b8c55e
Revert Merge #82310 : nixos/systemd: apply .link
...
...even when networkd is disabled
This reverts commit ce78f3ac70
, reversing
changes made to dc34da0755
.
I'm sorry; Hydra has been unable to evaluate, always returning
> error: unexpected EOF reading a line
and I've been unable to reproduce the problem locally. Bisecting
pointed to this merge, but I still can't see what exactly was wrong.
2020-03-13 22:05:33 +01:00
Michele Guerini Rocco
7b15d6cee4
Merge pull request #81241 from thefloweringash/nesting-system
...
nixos/activation: propagate system to nested configurations
2020-03-13 09:58:10 +01:00
Jörg Thalheim
505d241ee3
nixos/kvmgt: add udev rules for unprivileged access
2020-03-13 07:04:26 +00:00
Jörg Thalheim
85aae79ca1
nixos/kvmgt: fix driver option
...
extraModprobeConfig could be applied too late i.e. if the driver has been
loaded in initrd, while the harddrive is still encrypted.
Using a kernelParams works in all cases however.
2020-03-13 07:03:45 +00:00
snicket2100
65abd808d5
firejail: system package on programs.firejail.enable
...
this way the man page etc. becomes available if we enable firejail with
`programs.firejail.enable = true`
2020-03-13 03:28:08 +00:00
Aaron Andersen
dbe59eca84
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-12 21:00:12 -04:00
Florian Klink
ce78f3ac70
Merge pull request #82310 from flokli/systemd-network-link-no-networkd
...
nixos/systemd: apply .link even when networkd is disabled
2020-03-12 15:47:59 -07:00
Léo Gaspard
693d834c37
Merge pull request #76739 from symphorien/mail_plugins
...
nixos/dovecot: add an option to enable mail_plugins
2020-03-12 22:44:23 +01:00
Léo Gaspard
26b1ef1506
Merge pull request #80141 from symphorien/scrub
...
nixos/btrfs: make autoScrub not prevent shutdown or suspend
2020-03-12 22:39:34 +01:00
adisbladis
f3adcbd150
Merge pull request #82411 from adisbladis/ntpd-extraconfig
...
services.ntpd: Add extraConfig parameter
2020-03-12 16:37:25 +00:00
Silvan Mosberger
8f2109cda4
Merge pull request #81945 from Infinisil/hostFiles
...
Introduce `networking.hostFiles` option
2020-03-12 15:56:30 +01:00
adisbladis
63c35a9c28
services.ntpd: Add extraConfig parameter
2020-03-12 14:44:59 +00:00
Léo Gaspard
06bdfc5e32
Merge pull request #82185 from matt-snider/master
...
ankisyncd, nixos/ankisyncd: init at 2.1.0
2020-03-12 11:47:42 +01:00
lewo
cbb21b2a8a
Merge pull request #81214 from buckley310/updateDelay
...
NixOS/auto-upgrade: Add optional randomized delay
2020-03-12 09:06:32 +01:00
Graham Christensen
10f625b3d2
Merge pull request #81402 from mmilata/firejail-example
...
nixos/firejail: add example for wrappedBinaries
2020-03-11 20:28:35 -04:00
Jörg Thalheim
154f9e1bd9
Merge pull request #82340 from nyanloutre/vsftpd_pam_fix
...
nixos/vsftpd: fix missing default pam_service_name
2020-03-11 22:29:43 +00:00
Jörg Thalheim
9aa23e31b3
Merge pull request #80904 from talyz/haproxy-fixes
...
nixos/haproxy: Revive the haproxy user and group
2020-03-11 22:23:13 +00:00
Maximilian Bosch
b7cdb64ac2
treewide: remove myself from a few packages I don't use anymore
2020-03-11 22:29:30 +01:00