nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-07 13:33:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
584,791 Commits 169 Branches 125 Tags 6.6 GiB
1293f046b5
Commit Graph

3682 Commits

Author SHA1 Message Date
Anthony Roussel
e30f48be94
treewide: fix redirected and broken URLs 
Using the script in maintainers/scripts/update-redirected-urls.sh
 2023-11-11 10:49:01 +01:00
Félix Baylac Jacqué
dfa45288af maintainers: ninjatrappeur -> picnoir 
I changed my nickname from Ninjatrappeur to Picnoir. My github id is
stable, it shouldn't break too much stuff.

I took advantage of this handle change to remove myself from the
hostapd maintainers: I don't use NixOS as a router anymore.
 2023-11-11 08:31:16 +01:00
github-actions[bot]
912311b7fd
Merge master into staging-next 2023-11-11 00:02:21 +00:00
tu-maurice
40c06a143f prayer: remove 2023-11-10 20:44:28 -03:00
Rvfg
92ee71866f
nixos/nat: fix nat-nftables 2023-11-09 23:06:01 +08:00
github-actions[bot]
00a0662a3c
Merge master into staging-next 2023-11-09 00:02:14 +00:00
Felix Bühler
7aaa664cc2
Merge pull request #263054 from uninsane/pr-trust-dns-0.24.0 
trust-dns: 0.23.0 -> 0.24.0
 2023-11-08 19:35:23 +01:00
Adam Joseph
ba2ed469c2
Merge branch 'master' into staging-next 2023-11-08 06:15:46 +00:00
Rodrigo Gryzinski
23a5f1f80d nixos/wireguard: add wireguard to default kernel modules 
Previously the module was only dynamically loaded on service startup,
this is needed in case security.lockKernelModules is enabled.
 2023-11-07 22:02:51 -03:00
Gary Guo
bc422e2f61 nixos/unbound: tighten sandboxing for unbound 2023-11-07 02:30:21 +00:00
Gary Guo
de6c5343b6 nixos/unbound: remove setuid/gid capability 
If username is set, then unbound will try to become that user using
`setusercontext`. But this is pointless since we are already instructing
systemd to launch unbound with that user.

So force username to be empty, which disables this behaviour in unbound.
This allows us to remove the capability granted, and also tighten the
syscall filter.
 2023-11-06 20:22:27 +00:00
Colin
83bf3ed892 trust-dns: 0.23.0 -> 0.24.0 
upstream is in the process of renaming to `hickory-dns`.
a consequence of this is that the main binary has been renamed from
`trust-dns` to `hickory-dns` and the repository has been moved (though
for the time being the old repo is still usable on account that it
redirects to the new one).
see: <https://bluejekyll.github.io/blog/posts/announcing-hickory-dns/>
 2023-11-06 15:38:23 +00:00
Weijia Wang
32da89a1a1 Merge branch 'master' into staging-next 2023-11-06 14:33:18 +01:00
Michele Guerini Rocco
8beca974f9
Merge pull request #263138 from tomfitzhenry/hostapd-optional-managementframeprotection 
nixos/hostapd: remove managementFrameProtection in favour of clearer default
 2023-11-06 11:17:07 +01:00
nicoo
6f28ce9856 nixos/x2goserver: Work with both Miller's sudo and sudo-rs 2023-11-05 20:59:15 +00:00
Gary Guo
c70614c0a4 nixos/unbound: fix wrong syscall filter 
This changes the syscall filter to match that of upstream. Note that

    SystemCallFilter=~foo bar

is completely different from

    SystemCallFilter=~foo
    SystemCallFilter=bar

The former one means that foo and bar are forbidden, and the latter
one means foo is forbidden and bar is granted!
 2023-11-05 20:32:51 +00:00
github-actions[bot]
bb38778356
Merge master into staging-next 2023-11-05 18:00:55 +00:00
Aaron Andersen
a707831d98
Merge pull request #256738 from toastal/prosody-libevent-deprecated 
prosody: remove deprecated libevent
 2023-11-05 08:36:25 -05:00
Stephen Huan
09cc3285cc
nixos/mullvad-vpn: use resolvconf if enabled 2023-11-01 16:47:11 -04:00
h7x4
5672d3d8b8
nixos/quicktun: clean up module 2023-11-01 20:10:14 +01:00
github-actions[bot]
81270bbdcf
Merge master into staging-next 2023-10-31 18:01:02 +00:00
K900
46bc9e79a9
Merge pull request #259765 from 70m6/bugfix/bitcoind-enable 
bugfix/bitcoind-enable
 2023-10-31 17:35:10 +03:00
Tom Barrett
a4b31637b5 bitcoind: only use enabled services 2023-10-31 15:29:17 +01:00
github-actions[bot]
931938d1df
Merge master into staging-next 2023-10-30 18:01:02 +00:00
Will Fancher
cca22054c0 systemd-stage-1: Add assertions for unsupported options. 2023-10-30 12:15:58 +01:00
Vladimír Čunát
5c89ba8ab4
Merge branch 'master' into staging-next 2023-10-30 06:12:04 +01:00
Michele Guerini Rocco
800965ce8c
Merge pull request #245855 from rnhmjoj/pr-sslh 
nixos/sslh: update and refactor for RFC42
 2023-10-29 23:19:38 +01:00
github-actions[bot]
64070c2fda
Merge master into staging-next 2023-10-29 18:01:23 +00:00
Rémy Grünblatt
c9e3cc43c7
nixos: fix iproute2 invocations (#263976) 
When using iproute2's ip binary, you can omit the dev parameter, e.g. ip link set up eth0 instead of ip link set up dev eth0.

This breaks if for some reason your device is named e.g. he, hel, … because it is interpreted as ip link set up help.

I just encountered this bug using networking.bridges trying to create an interface named he.

I used a grep on nixpkgs to try to find iproute2 invocations using variables without the dev keyword, and found a few, and fixed them by providing the dev keyword.

I merely fixed what I found, but the use of abbreviated commands makes it a bit hard to be sure everything has been found (e.g. ip l set … up instead of ip link set … up).
 2023-10-29 18:27:16 +01:00
rnhmjoj
7ecac99da7
sslh: 1.22c -> 2.0.0 2023-10-29 18:13:37 +01:00
rnhmjoj
3728338d40
nixos/sslh: refactor for RFC42 2023-10-29 18:13:37 +01:00
Aaron Andersen
3b848391b6
Merge pull request #227442 from christoph-heiss/openssh/allowusers 
openssh: add {Allow,Deny}{Users,Groups} settings
 2023-10-29 08:20:22 -04:00
github-actions[bot]
954eb09381
Merge master into staging-next 2023-10-29 00:02:24 +00:00
Weijia Wang
eaf8053ad5
Merge pull request #264036 from wegank/unifi-hotfix 
nixos/unifi: fix use of optionalString
 2023-10-29 00:33:19 +02:00
Weijia Wang
88e82879f4 nixos/unifi: fix use of optionalString 2023-10-28 23:01:44 +02:00
Christoph Heiss
cc8ba21629
nixos/sshd: add comment explaining different list option types 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
 2023-10-28 20:13:26 +02:00
github-actions[bot]
519b7ea0c3
Merge master into staging-next 2023-10-28 12:01:19 +00:00
Linus Heckemann
8670794565
Merge pull request #263203 from nikstur/replace-activation 
Replace simple activationScripts
 2023-10-28 10:17:15 +02:00
github-actions[bot]
4791949f6a
Merge master into staging-next 2023-10-28 00:02:23 +00:00
tomf
d18f272a39
Merge pull request #262408 from evandeaubl/master 
nixos/tailscale: add openFirewall option
 2023-10-28 05:19:41 +11:00
github-actions[bot]
96132a216a
Merge master into staging-next 2023-10-26 18:01:02 +00:00
Vladimír Čunát
d811555465
Merge branch 'staging' into staging-next 2023-10-26 10:36:50 +02:00
nikstur
b16365b393 nixos/iscsi: replace activationScript 
Move the functionality into preStart of the systemd service.
 2023-10-26 01:51:07 +02:00
nikstur
6987ff3a4f nixos/spiped: replace activationScript via tmpfiles 2023-10-26 01:44:21 +02:00
nikstur
6c800013bf nixos/strongswan-swanctl: replace activationScripts via tmpfiles 2023-10-26 01:44:20 +02:00
Patrick Jackson
4a938cc665 treewide: rename handle/GH account patricksjackson to arcuru 2023-10-25 15:42:48 -07:00
chayleaf
413011ddf4 kea: use separate runtime directories for each service 
Kea may clean the runtime directory when starting (or maybe systemd does
it). I ran into this issue when restarting Kea after changing its
configuration, so I think the fact it normally doesn't clean it is a
race condition (it's cleaned on service start, and normally all Kea
services start at roughly the same time).
 2023-10-26 02:51:43 +07:00
digital
a6253e6b12
nixos/syncthing: support syncthing gui and api over unix sockets (#247343) 2023-10-25 09:18:42 +02:00
Janik
e46b352ac4
Merge pull request #231065 from yu-re-ka/fnm-advanced-module 
nixos/fastnetmon-advanced: init
 2023-10-24 21:43:26 +02:00
Tom Fitzhenry
9e7c877de7 nixos/hostapd: remove managementFrameProtection 2023-10-24 23:54:44 +11:00
Tom Fitzhenry
9f7335d449 nixos/hostapd: document that legacy example should have optional MFP 
Thinkpad x230, for example, is unable to connect to the legacy example
if managementFrameProtection is required.
 2023-10-24 23:46:57 +11:00
Robin Gloster
e5d552f5b9
treewide: update globin's maintainership 2023-10-24 13:09:45 +02:00
Yureka
bf5f01ee52 nixos/fastnetmon-advanced: init 2023-10-23 22:51:19 +02:00
Lorenz Leutgeb
cc6c2d32f2
rosenpass: refactor, add module and test (#254813) 2023-10-23 19:29:30 +02:00
github-actions[bot]
f4afba2014
Merge staging-next into staging 2023-10-21 18:01:53 +00:00
Ryan Lahfa
0b0440e028
Merge pull request #254647 from Janik-Haag/networkManagerEnsureProfiles 
nixos/networkmanager: add declarative profiles
 2023-10-21 15:06:41 +01:00
github-actions[bot]
613d60266a
Merge staging-next into staging 2023-10-21 00:02:49 +00:00
Evan Deaubl
9407ed628d nixos/tailscale: add openFirewall option 2023-10-20 15:57:40 -07:00
Janik H
a316aa58d9
nixos/networkmanager: add declarative profiles 2023-10-21 00:20:36 +02:00
Bjørn Forsman
5c78e5b4aa nixos/ddclient: simplify with lib.getExe 2023-10-20 23:49:18 +02:00
Bjørn Forsman
8a8ec36615 Revert "ddclient: remove package and module on upstream maintainer request" 
This reverts commit d35df28f65.

Upstream ddclient has new maintainers and made a new release (update in
next commit(s)).
 2023-10-20 23:49:18 +02:00
github-actions[bot]
02a21c89b8
Merge staging-next into staging 2023-10-20 18:01:21 +00:00
Bjørn Forsman
142074c2a8 nixos: fix bad mkEnableOption descriptions 
Fix descriptions that don't account for (1) the "Whether to enable"
prefix or (2) the automatically added trailing dot.
 2023-10-20 16:22:40 +01:00
github-actions[bot]
024144542b
Merge staging-next into staging 2023-10-19 18:01:22 +00:00
Thiago Kenji Okada
383389d086
Merge pull request #254582 from oluceps/dae-fix-overr 
nixos/dae: fix override existed config issue
 2023-10-19 18:34:30 +01:00
Christoph Heiss
a077b7fadb
openssh: add {Allow,Deny}{Users,Groups} settings 
`settingsFormat` unfortunaly needed a bit of a rework, see also
discussion in #227442.

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
 2023-10-19 18:30:51 +02:00
github-actions[bot]
ba519bf3b1
Merge staging-next into staging 2023-10-17 00:02:46 +00:00
Bjørn Forsman
4164383dd4 nixos/deconz: init 
Add a NixOS module for the deCONZ Zigbee gateway service.
 2023-10-16 20:49:41 +02:00
github-actions[bot]
ae77d35744
Merge staging-next into staging 2023-10-16 00:03:09 +00:00
Vojtěch Káně
b8624bd312 nixos/firefox-syncserver: fix and update the docs and options descriptions 2023-10-15 13:33:40 +02:00
toastal
ccb0f87129 prosody: use default network, remove libevent, config deprecated 
`use_libevent` config option has been deprecated as there are 3
networking back-ends (see: https://prosody.im/doc/network_backend). It
is probably unwise to stray from the defaults (epoll).

Review instructed to flat-out remove it versus previously making it opt-in.
 2023-10-15 10:02:50 +07:00
Doron Behar
79c78d68c6 nixos/syncthing: get API key for every curl request 
Fixes #260262.
 2023-10-15 02:04:52 +03:00
github-actions[bot]
80ddbc41e6
Merge staging-next into staging 2023-10-12 18:01:34 +00:00
Weijia Wang
c3a3b38cb9
Merge pull request #258813 from SuperSandro2000/drop-searx 
searx: drop
 2023-10-12 19:55:39 +02:00
Aaron Andersen
bae7820f02
Merge pull request #259425 from aanderse/nixos/openssh-authorized-principals 
nixos/openssh: add support for authorized principals
 2023-10-12 10:30:52 -04:00
Sandro Jäckel
e793d18455 nixos/searx: little makeover 2023-10-11 23:48:29 +02:00
Sandro Jäckel
ad1f57095f searx: drop 
searx has been removed as it is unmaintained. Please switch to searxng.
 2023-10-11 23:48:28 +02:00
github-actions[bot]
e7a4ca9630
Merge staging-next into staging 2023-10-10 00:02:44 +00:00
Doron Behar
6843abd5fb
Merge pull request #231152 from tcheronneau/nixos.tinyproxy 
Adding tinyproxy service to NixOS
 2023-10-09 23:53:58 +03:00
Anderson Torres
52058530ce nixos/connman: refactor 2023-10-09 17:49:02 -03:00
github-actions[bot]
e1565d6a86
Merge staging-next into staging 2023-10-09 18:01:36 +00:00
Vladimír Zahradník
9053490648 nixos/netclient: init 2023-10-09 15:58:05 +02:00
github-actions[bot]
81871f4c87
Merge staging-next into staging 2023-10-08 12:01:52 +00:00
Doron Behar
50a077328a
Merge pull request #259259 from Lassulus/syncthing_stale 
nixos/syncthing: match stale ids by subtracting in jq
 2023-10-08 12:53:34 +03:00
Vladimír Čunát
2ec92384d7
Merge #258361: nixos/knot: compatibility with 23.05 config 2023-10-08 10:16:06 +02:00
Vladimír Čunát
6b66e2fc9c
nixos/knot: compatibility with 23.05 config 
- run conf-check iff keyFiles == [] (like in 23.05; this was my bug)
- support extraConfig + keyFiles

- but warning will still be shown if extraConfig is used,
  and it might be slightly confusing
 2023-10-08 10:14:54 +02:00
Alyssa Ross
182718fecc
Merge remote-tracking branch 'origin/staging-next' into staging 
Conflicts:
	pkgs/top-level/linux-kernels.nix
 2023-10-07 19:52:18 +00:00
Lin Jian
4a5f3d5a50
Merge pull request #259228 from nbdd0121/patch-1 
nixos/dnsmasq: allow custom package
 2023-10-07 21:04:22 +08:00
Gary Guo
7094f1ec0e nixos/dnsmasq: allow custom package 
Allow a custom package to be used for dnsmasq service.
 2023-10-07 11:53:25 +01:00
Lin Jian
272dba1e31
Merge pull request #257415 from ehmry/yggdrasil 
nixos/yggdrasil: add extraArgs option
 2023-10-07 02:05:36 +08:00
Aaron Andersen
76fb9da41f nixos/openssh: add support for authorized principals 2023-10-06 13:57:19 -04:00
Bjørn Forsman
e5b8b12ac9 nixos/coredns: add extraArgs option 2023-10-06 19:38:38 +02:00
Emery Hemingway
3fc4ecafeb nixos/yggdrasil: add extraArgs option 2023-10-06 17:59:14 +01:00
lassulus
82b59a8fb2 nixos/syncthing: match stale ids by subtracting in jq 2023-10-05 23:08:05 +02:00
Maximilian Bosch
8bc5104a6e
treewide: refactor .attrs.sh detection 
When specifying the `builder` attribute in `stdenv.mkDerivation`, this
will be effectively transformed into

    builtins.derivation {
      builder = stdenv.shell;
      args = [ "-e" builder ];
    }

This also means that `default-builder.sh` is never sourced and as a
result it's not guaranteed that `$NIX_ATTRS_SH_FILE` is set to a correct
location[1].

Also, we need to source `.attrs.sh` to source `$stdenv`. So, the
following is done now:

* If `$NIX_ATTRS_SH_FILE` points to a correct location, then use it.
  Directly using `.attrs.sh` is problematic for `nix-shell(1)` usage
  (see previous commit for more context), so prefer the environment
  variable if possible.

* Otherwise, if `.attrs.sh` exists, then use it. See [1] for when this
  can happen.

* If neither applies, it can be assumed that `__structuredAttrs` is
  turned off and thus nothing needs to be done.

[1] It's possible that it doesn't exist at all - in case of Nix 2.3 or
    it can point to a wrong location on older Nix versions with a bug in
    `__structuredAttrs`.
 2023-10-04 18:36:57 +02:00
Maximilian Bosch
e515dce892 nixos/sshd: fix sshd.conf validity check 
When using e.g. `{ addr = "[::]"; port = 22; }` at `listenAddresses`,
the check fails because of an escaping issue[1] with

    last 1 log lines:
    > Invalid test mode specification -f
    For full logs, run 'nix log /nix/store/c6pbpw5hjkjgipmarwyic9zyqr1xaix5-check-sshd-config.drv'

Using `lib.escapeShellArg` appears to solve the problem.

[1] https://github.com/NixOS/nixpkgs/pull/256090#issuecomment-1738063528
 2023-09-28 00:11:31 +00:00
Fabián Heredia Montiel
312aa96fe6
Merge pull request #256565 from bjornfor/nixos-wireguard-add-metric-option 
nixos/wireguard: add metric option
 2023-09-25 21:15:02 -06:00
Weijia Wang
c71554840b
Merge pull request #257104 from vifino/unifi-7.5.176 
unifi7: 7.4.156 -> 7.5.176
 2023-09-25 23:43:16 +02:00
Aaron Andersen
c51a273a92
Merge pull request #254370 from jakubgs/mtr-exporter/multi-job 
mtr-exporter: support specifying multiple jobs
 2023-09-24 11:39:23 -04:00
Adrian Pistol
191131077b unifi7: 7.4.156 -> 7.5.176 2023-09-24 17:25:08 +02:00
Maximilian Bosch
9bd9e20e9a
Merge pull request #256090 from CRTified/sshd-validation-fix 
nixos/sshd: Specify connection parameters for configuration validation
 2023-09-24 14:12:46 +02:00
Aryeh Hillman
b6766564ed Update wg-quick.nix 
Update wg-quick.nix such that a search for `WireGuard` in the `NixOS Options` section of search.nixos.org brings up the convenient `networking.wg-quick.interfaces.wg0.configFile` option.
 2023-09-24 13:24:27 +02:00
Jakub Sokołowski
4e587ac821
mtr-exporter: support specifying multiple jobs 
This ability has been added in `0.3.0` release:
https://github.com/mgumz/mtr-exporter/releases/tag/0.3.0
https://github.com/NixOS/nixpkgs/pull/252667

To achieve this a config is generated and symlinked at `/etc/mtr-exporter.conf`.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
 2023-09-24 09:13:31 +02:00
Vladimír Čunát
1869818c57
nixos/knot: add release notes and partial compatibility 2023-09-23 10:05:17 +02:00
Vladimír Čunát
ce85980e77
nixos/knot: also allow config by YAML file 2023-09-23 10:04:02 +02:00
Vladimír Čunát
7fb737dde6
nixos/knot: allow full configuration by nix values (RFC 42) 2023-09-23 10:04:02 +02:00
Bjørn Forsman
ed7c0c6e75 nixos/wireguard: add metric option 
This new option, networking.wireguard.interfaces.NAME.metric, allows
increasing the metric of the routes, effectively lowering priority.

(I'm using high metric to allow having the Wireguard interface always
up, even when the client machines are on their home network. Before I
had to stop the interface when home to avoid packet routing issues.)
 2023-09-21 22:19:21 +02:00
Sandro Jäckel
9a85d77152
nixos/networkmanager: default firewallBackend to nftables, remove firewallBackend 
Co-authored-by: Florian Klink <flokli@flokli.de>

Co-authored-by: Lin Jian <me@linj.tech>
 2023-09-21 16:18:57 +02:00
Sandro Jäckel
ad0ca163e1
nixos/networkmanager: cleanup, fix example rendering 2023-09-21 15:16:54 +02:00
zaldnoay
79599c86ae nixos/frp: fix example url of configure file 2023-09-20 13:55:53 +08:00
Carl Richard Theodor Schneider
716bde190c nixos/sshd: specify lport,laddr for config validation 2023-09-19 18:13:44 +02:00
zaldnoay
6cd38e43cd nixos/frp: init 2023-09-17 14:37:19 +08:00
Robert Schütz
1f832ad576
Merge pull request #254306 from dotlambda/tedicross-drop 
nodePackages.tedicross: drop
 2023-09-15 17:23:54 +00:00
Markus Theil
8e5d42e8e9 nixos/frr: add mgmtd to service list 
mgmtd is a new service in frr >= 9.0.

Signed-off-by: Markus Theil <theil.markus@gmail.com>
 2023-09-15 13:19:19 +02:00
Robert Schütz
536969cad3 nodePackages.tedicross: drop 
It fails to build with

    npm ERR! code 1
    npm ERR! path /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium
    npm ERR! command failed
    npm ERR! command sh -c node install.js --preinstall
    npm ERR! Static libsodium was not found at /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/deps/build/lib/libsodium so compiling libsodium from source.
    npm ERR! automake is required, but wasn't found on this system
    npm ERR! make: *** [Makefile:62: libsodium] Error 1
    npm ERR! /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/install.js:287
    npm ERR!             throw new Error(cmdLine + ' exited with code ' + code);
    npm ERR!             ^
    npm ERR!
    npm ERR! Error: make libsodium exited with code 2
    npm ERR!     at ChildProcess.<anonymous> (/nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/install.js:287:19)
    npm ERR!     at ChildProcess.emit (node:events:514:28)
    npm ERR!     at ChildProcess._handle.onexit (node:internal/child_process:291:12)
    npm ERR!
    npm ERR! Node.js v18.17.1
 2023-09-13 15:00:38 -07:00
Mario Rodas
5f9390646a
Merge pull request #254827 from hanleym/trust-dns 
trust-dns: 0.22.1 -> 0.23.0
 2023-09-13 06:56:03 -05:00
Ryan Lahfa
eb23738e85
Merge pull request #252283 from flokli/fcc-unlock-extra 2023-09-13 10:18:06 +02:00
chayleaf
7bfaf94b1e miniupnpd-nftables: init at 2.3.3 2023-09-13 13:06:59 +07:00
Michael Hanley
a60936606c trust-dns: 0.22.1 -> 0.23.0 2023-09-12 18:06:33 -04:00
Fabián Heredia Montiel
cc1fdc5376
Merge pull request #254181 from StillerHarpo/adguardhome 
nixos/adguardhome: Fix openFirewall
 2023-09-12 16:23:16 -05:00
Florian Klink
5d3ca06db3 nixos/modemmanager: remove enableBundledFccUnlockScripts option 
This removes the networking.networkmanager.enableBundledFccUnlockScripts
option, and updates the release notes.
 2023-09-12 22:57:31 +02:00
Florian Klink
8606f6c8e1 nixos/modemmanager: support additional FCC unlock scripts 
This commit introduces a `networking.networkmanager.fccUnlockScripts`
option, which allows specifying additional, usually vendor-provided
unlock scripts.

networking.networkmanager.enableBundledFccUnlockScripts is refactored to
make use of the same mechanism internally.
 2023-09-12 16:55:15 +02:00
Florian Klink
0bfc763df2 nixos/modemmanager: enableFccUnlock -> enableBundledFccUnlockScripts 
PR #155414 introduced an option to support enabling the FCC unlock
scripts that ModemManager provides, but since 1.18.4 doesn't execute
anymore.

However, this option is specifically only about the unlock scripts
provided with ModemManager so far. Rename the option to make this more
obvious.
 2023-09-12 16:55:15 +02:00
Florian Klink
5626174a09 nixos/networkmanager: nixpkgs-fmt 2023-09-12 16:55:15 +02:00
lelgenio
4f802070e5 nixos/websockify: use python3 websockify 2023-09-12 10:50:57 -03:00
oluceps
1ff1751906
nixos/dae: use port type instead int 2023-09-12 11:38:33 +08:00
oluceps
bc07451d4f
nixos/dae: fix override existed config issue 2023-09-12 00:29:56 +08:00
Maximilian Bosch
863598fdfc
Merge pull request #253427 from Yarny0/sshd-requiredrsasize 
nixos/sshd: don't validate mock host key, permit `RequiredRSASize`
 2023-09-11 17:40:23 +02:00
Yorick
df123af8b8
Merge pull request #248502 from kurnevsky/wstunnel 
wstunnel: correct listen option
 2023-09-09 18:45:45 +02:00
Florian Engel
20acd199f4
nixos/adguardhome: Fix openFirewall 
When not setting `settings` and setting `openFirewall = true`
evaluation would fail because it tries to access `settings.bind_port`
while `settings == null`
 2023-09-09 08:19:22 +02:00
Weijia Wang
cfb61436d7
Merge pull request #252978 from oluceps/dae-upup 
dae,nixos/dae: 0.2.4 -> 0.3.0
 2023-09-05 23:57:14 +02:00
Yarny0
bbefd70784 nixos/sshd: avoid mock host key, permit RequiredRSASize 
With this commit, the validation of `sshd_config`
is performed with `sshd -G` instead of `sshd -t`.
The former does not require a valid host key.
Checking the host key was never useful for us:
We just generated a dummy host key to
make the validation mechanism happy.
With this change the dummy key is no longer needed.

This change not only saves some CPU cycles
(avoid the generation of an RSA key),
but it also permits to set `RequiredRSASize` to a value
larger than the current rsa key default size (3072).
 2023-09-05 11:34:09 +02:00
Maciej Krüger
ca6ed1cc8d
Merge pull request #241680 from 4z3/networking.nftables.checkRulesetRedirects 2023-09-04 22:07:50 +02:00
rnhmjoj
355a9fa040
nixos/jool: allow to manage multiple instances 2023-09-04 18:38:25 +02:00
oluceps
ec0755d5f7
nixos/dae: add example link 
Co-authored-by: Mathias Zhang <me@zzzsy.top>
 2023-09-03 11:54:36 +08:00
zzzsyyy
8f070876da
nixos/dae: add confgFile option 
Co-authored-by: oluceps <nixos@oluceps.uk>
 2023-09-03 02:48:27 +08:00
oluceps
173ff5d2dd
nixos/dae: add more config options 2023-09-03 02:48:24 +08:00
Atemu
c54f4fdf8c
Merge pull request #248669 from Atemu/dnscrypt-proxy-update-alias 
dnscrypt-proxy: rename from dnscrypt-proxy2
 2023-09-01 14:37:13 +02:00
name_snrl
9345e48bb4 privoxy: fix types.string -> types.str 2023-08-30 23:08:13 +05:00
Emery Hemingway
55c8f51af5 nixos/nncp: add caller and daemon services 2023-08-29 21:31:19 +01:00
Nuno Alves
601e20354e
nixos/pixiecore: fix port 4011 from tcp to udp 2023-08-29 11:43:19 +01:00
Maciej Krüger
369e18f1c7
networking/nftables: ensure deletions 2023-08-28 00:44:16 +02:00
Maciej Krüger
6658b3fcf1
networking/nftables: make ruleset+rulesetFile non-exclusive 2023-08-28 00:40:22 +02:00
Maciej Krüger
a1dd69d761
networking/nftables: enable flushRuleset by default if rulset{,File} used 2023-08-28 00:40:21 +02:00
Maciej Krüger
55213b54f0
nixos/nftables: save deletions to file and run them afterwards 
Co-authored-by: duament
 2023-08-28 00:40:20 +02:00
Maciej Krüger
5f300ad70c
networking/nftables: only delete our tables if flushRuleset is set to false 2023-08-28 00:40:19 +02:00
Maciej Krüger
d5a0826686
networking/nftables: remove no longer relevant conflict warnings 2023-08-28 00:40:18 +02:00
Maciej Krüger
cd3af25932
networking/nftables: enable flushing ruleset for older versions 
Co-authored-by: Naïm Favier <n@monade.li>
 2023-08-28 00:35:39 +02:00
Maciej Krüger
311d2fa994
*: migrate to using nftables.tables instead of ruleset directly 2023-08-28 00:30:29 +02:00
Maciej Krüger
048ef0d455
networking/nftables: add .tables property and disable ruleset flushing by default 
This allows for other unmanaged tables to co-exist peacefully on the os,
by having the nixos-managed tables be re-created atomically and the other
tables will simply be left untouched.
 2023-08-28 00:30:28 +02:00
Ilan Joselevich
49f76fea56
Merge pull request #251032 from Kranzes/twingate-resolved 
nixos/twingate: avoid conflicts with resolved
 2023-08-24 01:39:27 +03:00
Ilan Joselevich
e739ef8066
nixos/twingate: avoid conflicts with resolved 2023-08-23 23:01:47 +03:00
Muhammad Falak R Wani
3f141be99c
tailscale: add mfrw as maintainer 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-08-23 08:32:33 +05:30
Martin Weinelt
7c75694db9
Merge pull request #240982 from rnhmjoj/pr-jool 
nixos/jool: add service for setting up SIIT/NAT64
 2023-08-19 23:32:05 +02:00
K900
200eeb9ebe
Merge pull request #249101 from motiejus/headscale-oidc 
headscale.oidc: client_secret_path is a string
 2023-08-16 17:23:56 +03:00
Pol Dellaiera
11f3cbc0c3
Merge pull request #246181 from jvanbruegge/haproxy-package 
nixos/haproxy: allow to specify haproxy package
 2023-08-15 19:46:13 +02:00
Jan van Brügge
90da2c1223
nixos/haproxy: allow to specify haproxy package 2023-08-15 12:24:55 +01:00
Motiejus Jakštys
28cf78b857 headscale.oidc: client_secret_path is a string 
It can be include an environment-variable, like
`${CREDENTIALS_DIRECTORY}/some-path`, failing validation for
`types.path`.
 2023-08-14 13:03:06 +03:00
Atemu
7706f570a7 dnscrypt-proxy: rename from dnscrypt-proxy2 
An alias is added for dnscrypt-proxy2
 2023-08-13 16:03:31 +02:00
Nick Cao
722e1e2313
Merge pull request #247899 from DavHau/zerotier-docs 
nixos/zerotierone: document networks never left automatically
 2023-08-13 00:00:35 -06:00
oddlama
bbac87a2dd
nixos/hostapd: add missing stringification of path in INI format 2023-08-11 22:44:08 +02:00
Evgeny Kurnevsky
5110d348b2
wstunnel: correct listen option 2023-08-11 11:58:40 +03:00
CnTeng
24f2116a7a nixos/dae: use network-online 2023-08-10 20:23:46 +08:00
Franz Pletz
c13c1412bf
nixos/chrony: add enableMemoryLocking option 
Fixes #222629.
 2023-08-10 03:03:53 +02:00
DavHau
74c574a8db nixos/zerotierone: document networks never left automatically 
Removing a network from the joinNetworks list does not make the machine leave the network which is confusing.

This behavior is now clarified via the options description
 2023-08-08 11:31:33 +02:00
Michele Guerini Rocco
ccc33bd3d7
Merge pull request #245852 from rnhmjoj/pr-fix-dnscrypt 
dnscrypt-wrapper fixes
 2023-08-08 10:34:27 +02:00
pokon548
dcf5ae3d0b nixos/dae: init 2023-08-07 14:32:32 +08:00
Emery Hemingway
b6c5112152 nixos/ntopng: seperate interface config with newlines 2023-08-05 10:02:48 +01:00
ajs124
bf4d2e6c1e
Merge pull request #242538 from tnias/fix/apparmor 
apparmor: add some policies and improve abstractions and utils
 2023-08-04 13:05:52 +02:00
Martin Weinelt
667c4f2dc6
Merge pull request #224635 from helsinki-systems/drop/dhcpd 
dhcpd: remove
 2023-08-03 15:12:06 +02:00
Yureka
31d4a4af19 nixos/bird: fix checkConfig with cross-compilation 2023-07-31 13:48:55 +02:00
Pol Dellaiera
80d8a945dd
Merge pull request #245570 from jwygoda/tailscaled-autoconnect-options 
nixos/tailscale: add extraUpFlags option
 2023-07-29 06:12:26 +02:00
Jarosław Wygoda
2dbda3314f nixos/tailscale: add extraUpFlags option 2023-07-28 22:44:37 +02:00
Ryan Lahfa
2a0aaa7e8f
Merge pull request #245413 from oddlama/fix-hostapd-mac-allow 2023-07-28 19:19:02 +02:00
ajs124
413d9d3864 nixos/dhcp(46): remove 
package reached its EOL on 2022-10-04
see https://www.isc.org/blogs/isc-dhcp-eol/ for details
 2023-07-28 16:35:40 +02:00
pennae
e2a43fbfb3
Merge pull request #244356 from datafoo/mosquitto-systemd-credentials 
nixos/mosquitto: leverage systemd credentials
 2023-07-26 18:23:06 +02:00
Florian Klink
7539b8f2d7
Merge pull request #244841 from flokli/networkmanager-fix-ppp-plugin 
nixos/networkmanager: create pppd lock directory
 2023-07-26 17:44:35 +02:00
oddlama
0ac2ba763f
nixos/hostapd: fix regression after refactoring to RFC42. 
Switching from submodule notation from ({name, ...}: {}) to (submob: {}) seems to require a different accessing scheme.
 2023-07-25 18:40:51 +02:00
Sandro Jäckel
83793ca898
nixos/fonts: rename fonts.enableDefaultFonts to fonts.enableDefaultPackages 
to better fit the renamed fonts.packages
 2023-07-25 00:55:25 +02:00
datafoo
533ff8546b nixos/mosquitto: leverage systemd credentials 
Use systemd credentials for all variations of user passwords.
Password files do not need special permissions anymore.
 2023-07-24 11:37:30 +02:00
Lassulus
ceaab39b40
Merge pull request #230196 from doronbehar/nixos/syncthing 
nixos/syncthing: Use API to merge / override configurations
 2023-07-24 08:38:50 +02:00
Pol Dellaiera
a30cc10e7f
Merge pull request #242703 from jwygoda/tailscaled-autoconnect 
nixos/tailscale: add authKeyFile option
 2023-07-24 04:48:42 +02:00
Doron Behar
047fa8dbdf nixos/syncthing: Use API to merge / override configurations 
If one sets either of `override{Device,folder}s` to false, the jq `*`
operator doesn't merge well the devices and folders, creating duplicate
IDs for folders as observed in #230146. This PR makes the script iterate
via Nix / Bash loop the devices and folders IDs and merges the keys
using upstream's `curl -X POST` support for single objects.

Hence this commit fixes #230146.
 2023-07-23 18:22:33 +03:00
Florian Klink
02a5e9c933 nixos/networkmanager: create pppd lock directory 
I digged up some 3G stick, which uses ppp to set up the connection.

It failed to spin up ppp, because ppp failed to find the directory it wants to create its lockfiles in:

```
Jul 22 16:47:49 tp ModemManager[926779]: <info>  [modem1] state changed (connected -> disconnecting)
Jul 22 16:47:49 tp ModemManager[926779]: <info>  [modem1] simple connect started...
Jul 22 16:47:49 tp ModemManager[926779]: <info>  [modem1] simple connect state (4/10): wait to get fully enabled
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] state changed (disconnecting -> registered)
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (5/10): wait after enabled
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1/bearer0] connection #11 finished: duration 1s
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (6/10): register
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (7/10): wait to get packet service state attached
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (8/10): bearer
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (9/10): connect
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] state changed (registered -> connecting)
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] state changed (connecting -> connected)
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (10/10): all done
Jul 22 16:47:50 tp pppd[1576260]: Plugin /nix/store/yqdqzz6y6agcmrfj8b6pwqhjcjyb3ypr-networkmanager-1.42.6/lib/pppd/2.5.0/nm-pppd-plugin.so loaded.
Jul 22 16:47:50 tp NetworkManager[1576260]: Plugin /nix/store/yqdqzz6y6agcmrfj8b6pwqhjcjyb3ypr-networkmanager-1.42.6/lib/pppd/2.5.0/nm-pppd-plugin.so loaded.
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: initializing
Jul 22 16:47:50 tp pppd[1576260]: pppd 2.5.0 started by root, uid 0
Jul 22 16:47:50 tp pppd[1576260]: Can't create lock file /var/run/pppd/lock/LCK..ttyUSB0: No such file or directory
Jul 22 16:47:50 tp NetworkManager[1576260]: Can't create lock file /var/run/pppd/lock/LCK..ttyUSB0: No such file or directory
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: status 2 / phase 'serial connection'
Jul 22 16:47:50 tp pppd[1576260]: Exit.
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: status 0 / phase 'dead'
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: cleaning up
```

Creating the directories via tmpfiles.d got the connection to succeed,
and might also fix other connections using PPP.
 2023-07-22 17:00:17 +03:00
Felix Bühler
0a2745684e
Merge pull request #239624 from Stunkymonkey/use-optionalString-then 
treewide: use optionalString instead of 'then ""'
 2023-07-22 13:02:47 +02:00
Nick Cao
0b411c1e04
Merge pull request #244750 from therishidesai/rdesai/fix-hostapd-hardening 
nixos/hostapd: add AF_PACKET to RestrictAddressFamilies
 2023-07-21 21:16:22 -06:00
Rishi Desai
efba841aeb nixos/hostapd: add AF_PACKET to RestrictAddressFamilies 2023-07-21 21:11:14 -05:00
rnhmjoj
c7c288fbd5
nixos/dnscrypt-wrapper: avoid using polkit 2023-07-22 02:12:31 +02:00
Lassulus
f8ad4849c3
Merge pull request #233386 from Lassulus/syncthing-fix 2023-07-22 01:02:04 +02:00
Ilan Joselevich
b0db3b7c11
nixos/twingate: fix cp (-n -> --update=none) 2023-07-21 19:57:57 +03:00
rnhmjoj
1f28c8defc
nixos/jool: validate the configuration 
This checks the validity of both NAT64 and SIIT configurations
at build time. An error produces something like this:

    Validating Jool configuration... Error: Cannot parse '283.0.113.1' as an IPv4 address.
 2023-07-21 09:08:40 +02:00
rnhmjoj
4657ff6ca7
nixos/jool: add service for setting up SIIT/NAT64 2023-07-21 09:07:54 +02:00
Jarosław Wygoda
7fc0e3334e nixos/tailscale: add authKeyFile option 
Auth key registers new nodes without needing to sign in via a browser

Tailscale sends status changes with systemd-notify.
https://github.com/tailscale/tailscale/blob/v1.44.0/ipn/ipnlocal/local.go#L3670
 2023-07-17 18:52:07 +02:00
Colin
e7059632c6 nixos/trust-dns: init 
Co-authored-by: Yt <happysalada@tuta.io>
 2023-07-16 15:24:10 +08:00
Nick Cao
d9dd68efda
Merge pull request #243004 from baloo/baloo/keepalived/vrrp-router-id 
keepalived: fixup `virtualRouterId` documentation
 2023-07-15 05:36:10 -06:00
Arthur Gautier
ee38adc8e2 keepalived: use ints.between 
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
 2023-07-14 20:52:48 +00:00
Lassulus
a4ffd00fb9
Merge pull request #243251 from schnusch/cgit-regex 
nixos/cgit: fix \v and \f in regexEscape
 2023-07-14 22:03:44 +02:00
schnusch
8980fdd9b5 nixos/cgit: fix \v and \f in regexEscape 2023-07-14 21:14:01 +02:00
Philipp Bartsch
30ad9053ab nixos/murmur: add apparmor policy 2023-07-13 11:11:01 +02:00
Arthur Gautier
c8920fc6d9 keepalived: fixup virtualRouterId documentation 
Router id 0 is an invalid option with keepalived
 2023-07-12 06:12:03 +00:00