Martin Weinelt
9cc60287dc
Merge pull request #127554 from mweinelt/babel
...
nixos/babeld: update hardening
2021-06-23 21:53:20 +02:00
Michael Weiss
eb8a694d92
nixos/sway: Drop rxvt-unicode from the extraPackages default
...
Upstream switched to Alacritty for the default configuration.
2021-06-23 17:35:20 +02:00
Sandro
1956a52857
Merge pull request #126656 from jwoudenberg/add-system76-power
2021-06-23 12:54:22 +02:00
Niklas Hambüchen
959c4e82bc
Merge pull request #100255 from nh2/sshd-default-log-level-info
...
sshd service: Default to INFO logLevel (upstream default)
2021-06-23 02:06:54 +02:00
Niklas Hambüchen
4bd5f1115f
Merge pull request #127166 from nh2/xserver-config-mkAfter-docs
...
services.xorg.config: Extend docs
2021-06-23 01:55:58 +02:00
Niklas Hambüchen
a48fea4c5e
sshd service: Default to INFO logLevel (upstream default).
...
The previous justification for using "VERBOSE" is incorrect,
because OpenSSH does use level INFO to log "which key was used
to log in" for sccessful logins, see:
6247812c76/auth.c (L323-L328)
Also update description to the wording of the sshd_config man page.
`fail2ban` needs, sshd to be "VERBOSE" to work well, thus
the `fail2ban` module sets it to "VERBOSE" if enabled.
The docs are updated accordingly.
2021-06-23 01:49:11 +02:00
Niklas Hambüchen
e85693afde
Merge pull request #127157 from nh2/xserver-readable-config-indentation
...
xserver: Generate readable config indentation
2021-06-23 01:16:50 +02:00
Maximilian Bosch
5aad4e73b6
privacyIDEA: 3.5.2 -> 3.6
...
ChangeLog: https://github.com/privacyidea/privacyidea/releases/tag/v3.6
Unfortunately we have to use `sqlalchemy` at 1.3 for `sqlsoup`. As
`sqlalchemy` is required by a lot of packages, I decided to move this
package out of `pythonPackages` itself and instantiate a new
`pythonPackages` inside the expression where `sqlalchemy` points to
`sqlalchemy_1_3`.
2021-06-22 15:36:36 +02:00
Sandro
5f44b42bf4
Merge pull request #127641 from xfix/promethus-state-permissions
2021-06-22 10:23:56 +02:00
Linus Heckemann
203e81e4ee
Merge pull request #125281 from zhaofengli/phosh-systemd
...
phosh: 0.10.2 -> 0.11.0
2021-06-22 08:23:29 +02:00
Konrad Borowski
447b1cf03d
nixos/prometheus: allow state access for service only
...
There is no reason for Prometheus state files to be
world-readable.
2021-06-21 10:16:47 +02:00
Sandro
84a79c2f0f
Merge pull request #126284 from aanderse/zabbix-user-params
...
zabbixAgent: add bash to $PATH
2021-06-20 17:58:43 +02:00
Sandro
e6a012fb00
Merge pull request #127063 from talyz/fail2ban-restart
...
nixos/fail2ban: Remove `reloadIfChanged = true`
2021-06-20 17:57:57 +02:00
Martin Weinelt
8739f8cd7b
nixos/babeld: update hardening
2021-06-20 13:52:49 +02:00
illustris
e0089c38ca
nixos/jitsi-meet: include jitsi prosody plugins in prosody extraPluginPaths
2021-06-20 12:36:51 +02:00
illustris
34b9ba2e61
nixos/jitsi-meet: Update jitsi prosody configs
...
Changes made as per b6f7f8fba7
2021-06-20 12:36:51 +02:00
Martin Weinelt
af664bf942
Merge pull request #127127 from mweinelt/home-assistant
...
nixos/home-assistant: update hardening
2021-06-18 20:15:05 +02:00
Niklas Hambüchen
65d3180336
services.xorg.config: Extend docs
2021-06-17 04:08:21 +02:00
Niklas Hambüchen
685e8ff7dd
xserver: Generate readable config indentation
2021-06-17 03:34:40 +02:00
Martin Weinelt
36659d1efa
nixos/home-assistant: update hardening
...
This makes access to serial devices contingent on using certain
components and restricts the default setup even further.
2021-06-16 21:31:24 +02:00
Sandro
22a29f491a
Merge pull request #124566 from mweinelt/synapse-jemalloc
2021-06-16 17:52:56 +02:00
talyz
b4c069b147
nixos/fail2ban: Remove reloadIfChanged = true
...
This makes the service fail when upgrading the package, so let's
properly restart it instead.
2021-06-16 13:52:46 +02:00
Erik Skytthe
d1b4158155
nixos/grafana: Change services.grafana.provision.datasources.*.type to be open ( #126831 )
2021-06-16 11:12:51 +02:00
markuskowa
5ad54b5bc9
Merge pull request #126785 from oxzi/ucarp-1.5.2
...
ucarp: init at 1.5.2 / nixos/ucarp: init / nixos/test/ucarp: init
2021-06-16 10:54:23 +02:00
Sandro
b8958bbfa6
Merge pull request #126874 from legendofmiracles/espanso-cleanup
...
espanso: add runtime dependencies correctly, nixos/espanso remove path hack
2021-06-16 03:01:18 +02:00
Martin Weinelt
60c62214f5
nixos/solanum: implement reload and allow config changes
...
Reload only works with a static configuration path as there is no way to
pass the dynamically generated config path to a running solanum
instance, therefore we symlink the configuration to
/etc/solanum/ircd.conf.
But that will prevent reloads of the ircd, because the systemd unit
wouldn't change when the configuration changes. That is why we add the
actual location of the config file to restartTriggers and enable
reloadIfChanged, so changes will not restart, but reload on changes.
2021-06-16 00:19:35 +02:00
Robert Hensing
c2c47cc85b
Merge pull request #126922 from hercules-ci/ssh-keys-example
...
nixos/ssh: Add an example of verbatim keys
2021-06-15 21:38:19 +02:00
Alvar Penning
8673a40eda
nixos/ucarp: init
2021-06-15 18:13:31 +02:00
Martin Weinelt
fb49094c3f
nixos/home-assistant: NixOS is an unsupported installation method
...
Trying to steer NixOS users away from reporting bugs to the upstream,
when they don't have the capacity to support bugs that could be the
result of our downstreaming setup.
2021-06-15 15:31:01 +02:00
Sandro
2b49e4e735
Merge pull request #107728 from nessdoor/master
2021-06-15 14:40:21 +02:00
Robert Hensing
dab747106e
nixos/ssh: Document authorizedKeysFiles properly
2021-06-15 12:23:09 +02:00
Robert Hensing
8352cc9a23
nixos/ssh: Add an example of verbatim keys
...
This confused someone on SO.
2021-06-15 11:51:41 +02:00
Bernardo Meurer
2d29f4f2e7
Merge pull request #112971 from lovesegfault/roon-bridge
...
roon-bridge: init at 1.8-795
2021-06-14 19:57:20 -07:00
Aamaruvi Yogamani
358aa90e30
nixos/auto-cpufreq: fix service wantedBy
2021-06-14 20:01:26 -04:00
legendofmiracles
3e7ec42d68
espanso: add runtime dependencies correctly, nixos/espanso remove path hack
2021-06-14 13:09:57 -06:00
Profpatsch
799cdbd834
tailscale: add interfaceName
option
...
tailscale allows to specify the interface name.
The upstream systemd unit does not expose it directly however, only
via the `FLAGS` environment variable.
I can’t be 100% sure that the escaping is correct, but this is as good
as we can do for now, unless upstream changes their unit file.
2021-06-14 11:25:08 +02:00
Kim Lindberger
26706834a5
Merge pull request #86967 from jakobrs/more-general-fsbefore
...
nixos/lib/utils: Add `fileSystems.<name>.depends` option and generalise fsBefore (fixes #86955 )
2021-06-14 10:50:07 +02:00
Jasper Woudenberg
04d20258ea
system76-power: init at 1.1.16
2021-06-13 22:11:42 +02:00
Robert Hensing
ab11d2114e
Merge pull request #126680 from roberth/empty
...
emptyFile, emptyDirectory: init
2021-06-13 20:45:21 +02:00
Bernardo Meurer
c8f95fd174
nixos.roon-bridge: init
2021-06-13 03:38:42 -07:00
Sandro
3d6416cc20
nixos/synergy: add encryption support to server ( #125002 )
...
Co-authored-by: Joshua Trees <me@jtrees.io>
2021-06-12 21:35:04 +02:00
Michele Guerini Rocco
ff4f74259a
Merge pull request #126658 from ncfavier/patch-2
...
nixos/console: allow console.font to be a path
2021-06-12 18:47:18 +02:00
Robert Hensing
d48591123f
nixos/apache-httpd: Use pkgs.emptyDirectory
2021-06-12 17:28:42 +02:00
Naïm Favier
39bc736382
nixos/console: allow console.font to be a path
...
As for console.keyMap, all uses of this option are compatible with paths. This allows doing things like `console.font = pkgs.runCommand ...`.
2021-06-12 13:24:32 +02:00
misuzu
ad502ab5c5
nixos/sourcehut: automatically build and import qemu image for docker
2021-06-11 11:48:49 -04:00
Domen Kožar
2072bba95d
Merge pull request #125311 from jansol/pipewire
...
pipewire: 0.3.27 -> 0.3.30
2021-06-11 16:48:52 +02:00
Joshua Trees
706ce9e230
nixos/synergy: add encryption support
...
Make it possible to use the Synergy server with TLS encryption without
resorting to the GUI.
2021-06-11 14:52:34 +02:00
Maciej Krüger
3f062397a5
x2goserver: fix rename whole module
2021-06-11 09:07:23 +02:00
Maciej Krüger
6dbeea0b40
nixos/x2goserver: put into networking, like xrdp
2021-06-11 08:13:49 +02:00
Maciej Krüger
03071fd5e3
nixos/xrdp: add openFirewall option
2021-06-11 08:13:48 +02:00