nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-09 14:33:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
528,625 Commits 177 Branches 125 Tags 6.8 GiB
4e587ac821
Commit Graph

3422 Commits

Author SHA1 Message Date
Felix Bühler
e770737241
Update nixos/modules/services/networking/libreswan.nix 
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2023-07-02 19:03:19 +02:00
oddlama
1fa9f03eec
nixos/hostapd: rewrite to support multi-AP, password from file, and more 
At this point this is basically a full rewrite of this module, which
is a breaking change and was necessary to properly expose the useful
parts of hostapd's config. The notable changes are:

- `hostapd` is now started with additional systemd sandbox/hardening options
- A single-daemon can now manage multiple distinct radios and BSSs, which is
  why all configuration had to be moved into `hostapd.radios`
- By default WPA3-SAE will be used, but WPA2 and WPA3-SAE-TRANSITION are
  supported, too
- Added passwordFile-like options for wpa and sae
- Add new relevant options for MAC ACL, WiFi5, WiFi6 and WiFi7 configuration
- Implements RFC42 as far as reasonable for hostapd
- Removes `with lib;`
 2023-07-02 13:32:41 +02:00
TQ Hirsch
dd481f2ee3
pdns: Changed paths in /etc to use pdns instead of powerdns 2023-07-01 18:55:51 +08:00
TQ Hirsch
d25e5e2107
nixos/powerdns, nixos/pdns-recurser: Symlink configuration into /etc 
This places a symlink to the running configuration where the admin
tools expect it, allowing users to control the powerdns server or
recursor without manually specifying a config file.
 2023-07-01 18:55:50 +08:00
Michele Guerini Rocco
aedc167ecf
Merge pull request #240325 from 999eagle/update/searxng 
nixos/searx: add configuration for redis and limiter settings
 2023-06-30 22:22:43 +02:00
Sandro Jäckel
000004d123
nixos/thelounge: fix example rendering 2023-06-30 18:14:24 +02:00
Sandro Jäckel
9999996fd6
nixos/sshd: fix example rendering 2023-06-30 18:14:16 +02:00
Sophie Tauchert
0aa5adef62
nixos/searx: add configuration for redis and limiter settings 2023-06-30 07:38:59 +02:00
lassulus
345745b6da nixos/syncthing: fix syncthing-init running by default 
also remove empty values from the config
 2023-06-29 17:57:11 +03:00
lassulus
c42a7b668c Revert "Merge pull request #233377 from ncfavier/revert-226088" 
This reverts commit 7b28ea6783, reversing
changes made to 3009b12817.
 2023-06-29 17:56:30 +03:00
Nick Cao
e52b401a95
nixos/sing-box: set umask 0077 when generating configuration file 2023-06-27 16:08:55 +08:00
Nick Cao
d2483a8cc7
nixos/sing-box: init 2023-06-27 13:58:02 +08:00
Marco Rebhan
af614b53d1 nixos/avahi: Add package option 
Allows replacing the avahi package (e.g. for debugging) without having
to use an overlay, avoiding unnecessary package rebuilds.
 2023-06-25 11:01:58 -03:00
Felix Buehler
6672dde558 treewide: use optionalAttrs instead of 'else {}' 2023-06-25 11:01:34 -03:00
Felix Buehler
933a41a73f treewide: use optional instead of 'then []' 2023-06-25 09:11:40 -03:00
Felix Buehler
f3719756b5 treewide: use optionalString instead of 'then ""' 2023-06-24 20:19:19 +02:00
Nick Cao
cca08f710c
Merge pull request #237507 from Alexis211/document-wgautomesh-gossip-secret 
wgautomesh: clearer documentation for `gossip_secret_file`
 2023-06-24 22:48:34 +08:00
Naïm Favier
9a9ded1675
nixos/syncthing: fix escaping 2023-06-23 20:19:51 +02:00
Sandro
0b77630d18
Merge pull request #209068 from CRTified/adguard-dhcp 2023-06-20 13:37:34 +02:00
rnhmjoj
7d263715bd nixos/fakeroute: run as unprivileged user 2023-06-20 01:12:04 +00:00
deinferno
26ff15b981
nixos/tailscale: fix ipv6 nat (v6nat) support 2023-06-16 12:18:55 +00:00
Carl Richard Theodor Schneider
59207cc930 nixos/adguardhome: Add allowDHCP option 
This option conditionally adds the `CAP_NET_RAW` capability to the service,
which is mandatory for enabling the integrated DHCP server.
It also adds another test case to validate that the DHCP server successfully
provides IP addresses to clients.

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2023-06-15 12:27:35 +02:00
Pol Dellaiera
f45bee3f4d
Merge pull request #237003 from pacien/ddclient-remove-ipv6-opt 
nixos/ddclient: remove obsolete ipv6 option
 2023-06-14 19:57:34 +02:00
Alex Auvolat
bbd4ce7d5e wgautomesh: clearer documentation for gossip_secret_file 2023-06-13 10:01:12 +02:00
Marillindië
e394dc22f9 xray: allow binding lower ports 
Set CapabilityBoundingSet, AmbientCapabilities and NoNewPrivileges as described in XTLS/xray-install.
 2023-06-11 09:03:50 +01:00
pacien
76cabe1644 nixos/ddclient: remove obsolete ipv6 option 
Since ddclient@24ba945 (v3.10.0), the type and meaning of the "ipv6"
option has changed. This resulted in the following warning when
starting the service:

    WARNING:  file /run/ddclient/ddclient.conf, line 13:
    Invalid Value for keyword 'ipv6' = 'no'

This therefore removes the matching boolean option.
More advanced configurations can use the "extraConfig" option instead.
 2023-06-10 11:25:54 +02:00
Sergey Ivanov
bbc56fd1c7
gnunet: fix systemd service config (#151269) 
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2023-06-09 16:33:51 +00:00
Weijia Wang
0dfe118d22
Merge pull request #236259 from wegank/mongodb-drop 
mongodb-4_2: drop
 2023-06-08 14:40:30 +03:00
Pol Dellaiera
fdcc0ecf37
Merge pull request #236303 from alyssais/StrictModes 
nixos/sshd: add StrictModes option
 2023-06-07 15:53:20 +02:00
pennae
912caf09f7 unifi: drop pennae from maintainers 
not using this any more, and really don't have the energy to deal with
neither the fallout of ubnt not officially supporting mongodb newer than
3.6, nor the hacks nixpkgs contains to work around that.
 2023-06-06 23:29:46 +02:00
Alyssa Ross
eeabae56e7
nixos/sshd: add StrictModes option 2023-06-06 16:06:09 +00:00
Ryan Lahfa
a06d736f1f
Merge pull request #227203 from badele/fix-smokeping-symbolic-links 
nixos/smokeping: fix smokeping symbolic links
 2023-06-06 16:02:58 +02:00
Weijia Wang
3f467ff45f mongodb-4_2: drop 2023-06-06 14:26:11 +03:00
Bruno Adelé
0498957eac
nixos/smokeping: Fix smokeping preStart systemd 2023-06-03 08:06:18 +02:00
Gabriel Fontes
147668b8cf nixos/sitespeed-io: init 2023-06-03 03:12:51 +00:00
K900
e534047e2d
Merge pull request #234620 from linj-fork/fix/murmur-after 
nixos/murmur: make it be after network.target again
 2023-06-02 18:13:12 +03:00
Kira Bruneau
7e820610e3
Merge pull request #234207 from emilylange/acme-dns 
acme-dns: init at 1.0; nixos/acme-dns: init; nixos/acme-dns: init
 2023-05-31 11:40:35 -04:00
emilylange
d0af39521b
nixos/acme-dns: init 2023-05-31 15:08:37 +02:00
r-vdp
2b63df0a03 modules/sshd: print the offending keys when we detect duplicate sshd keys. 2023-05-31 12:07:06 +02:00
Lin Jian
0ae9df6c5e
nixos/murmur: make it be after network.target again 
network.target was changed to network-online.target in this PR[1] to
workaround an issue[2].

The murmur version in Nixpkgs has fixed that issue[2].

[1]: https://github.com/NixOS/nixpkgs/pull/42860
[2]: https://github.com/mumble-voip/mumble/issues/1629
 2023-05-28 21:03:40 +08:00
Victor Freire
77520d39ce nixos/legit: init 2023-05-27 16:20:05 +00:00
Sandro
ef2a17c946
Merge pull request #232339 from bl1nk/bl1nk/thelounge-package-option 
nixos/thelounge: add package option
 2023-05-25 22:04:22 +02:00
nyanotech
3aad03a464 nixos/sshd: detect duplicate config keys 2023-05-25 00:01:03 +02:00
Naïm Favier
d5e090d2d8
Revert "nixos/syncthing: use rfc42 style settings" 
This reverts commit 32866f8d58.
This reverts commit 40a2df0fb0.
This reverts commit 4762932601.
 2023-05-22 10:29:52 +02:00
Sandro
a74a4a2f32
Merge pull request #232534 from teutat3s/zhf/fix-prometheus-exporter-jitsi 
jitsi-videobridge: refactor broken `apis` option to `colibriRestApi`
 2023-05-21 18:43:59 +02:00
teutat3s
cb81bd9340
jitsi-videobridge: refactor broken apis option to 
colibriRestApi

Refactor option to use jvb.conf and convert to boolean. Using the CLI
argument broke a while ago and is deprecated by upstream since 2021:
https://github.com/jitsi/jitsi-videobridge/pull/1738/files#diff-d9f589d2aae1673693461d7c3b9214324201ca1f43db63a3c773d4acfc52bc81

This fixes the currently broken test:
nixosTests.prometheus-exporters.jitsi
 2023-05-21 15:31:14 +02:00
figsoda
701bcdbead nixos: fix typos 2023-05-19 22:31:04 -04:00
lassulus
4762932601 nixos/syncthing: fix disabled folders 2023-05-18 11:06:57 +02:00
Markus Cisler
a0b7802372 nixos/thelounge: add package option 
Adds a package option to the thelounge NixOS module.
 2023-05-17 08:34:18 -07:00
Naïm Favier
40a2df0fb0
nixos/syncthing: fixup #226088 2023-05-17 16:53:01 +02:00
Lassulus
52bbee772a
Merge pull request #232019 from 4z3/master-wireguard 2023-05-16 22:29:17 +02:00
Doron Behar
9b0a03fc88
Merge pull request #226088 from Xyz00777/master 
nixos/syncthing: applied rfc42 and added some additional options
 2023-05-16 13:29:36 +03:00
tv
50b845c5a6 nixos/wireguard: allow customizing peer unit name 2023-05-16 10:28:24 +02:00
Xyz00777
32866f8d58 nixos/syncthing: use rfc42 style settings 2023-05-15 14:38:56 +02:00
Ryan Lahfa
e3bd7faa18
Merge pull request #226830 from Janik-Haag/birdwatcher 
birdwatcher: init at 2.2.4, alice-lg: init at 6.0.0, nixos/birdwatcher: init, nixos/alice-lg: init
 2023-05-15 08:42:10 +02:00
Janik H
40136a1f7f nixos/birdwatcher: init 2023-05-15 02:52:06 +02:00
Janik H
8ed86700a2 nixos/alice-lg: init 2023-05-15 02:52:06 +02:00
Katze
dfb8a2a7c4
nixos/syncplay: add saltFile and extraArgs option (#220096) 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2023-05-12 18:01:33 +02:00
Martin Weinelt
537d611a75 nixos/sshd: Remove algorithms that do MAC-then-encrypt 
Algorithms with the -etm suffix calculate the MAC after encryption,
which is generally considered safer.
 2023-05-11 12:54:32 +02:00
Ilan Joselevich
7ecf20b490
nixos/harmonia: adjust module and test to upstream 2023-05-10 22:28:03 +03:00
Jörg Thalheim
76ffeaf06c nixos/harmonia: init service 2023-05-10 14:52:31 +02:00
Bruno Adelé
7af8ace239
nixos/smokeping: Format smokeping source code 2023-05-05 22:46:30 +02:00
Sandro
5d0d352833
Merge pull request #220761 from elesiuta/picosnitch-init 2023-04-30 01:52:10 +02:00
Thomas Gerbet
b4e503a783 strongswan: 5.9.8 -> 5.9.10 
Fixes CVE-2023-26463: https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html

Release notes:
https://www.strongswan.org/blog/2023/03/02/strongswan-5.9.10-released.html
https://www.strongswan.org/blog/2023/01/03/strongswan-5.9.9-released.html
 2023-04-26 01:08:29 +02:00
Moritz 'e1mo' Fromm
3dc05fbe40 nixos/bird-lg: Add support for traceroute-flags 2023-04-25 12:00:44 +02:00
Moritz 'e1mo' Fromm
a2e2972ff3 nixos/bird-lg: Add maintainers 2023-04-25 10:41:35 +02:00
Moritz 'e1mo' Fromm
b63e0d77b8 nixos/bird-lg: Rework command attribute generation 
Prior to this change, arguments were not escaped nor was the possiblity
for arguments to be empty accounted for. This led to a kinda broken
startup script were arguments were "shifted", e.g. leaving allowedIPs
empty in order to use the default would cause `--bird` (the following
arguments key) to be used as the value. This was also observable when
e.g. the navbarBrand had a space in it where only everything until the
first space would show up.

With the new approach, all arguments are consistently escaped and empty
ones left out.

`extraConfig` now supports and prefers lists of strings instead of
lines (still supported but warned). This is due to the fragility with
respect to e.g. forgetting trailing backslashes after each line.
`frontend.{servers,domain}` are unset by default since the frontend
needs (the upstream project itself has no empty defaults here) needs
them to be set. If not set, an error is caused at build-time.

`proxy.birdSocket` has a new default: The projects README[^1] states
`/var/run/bird/bird.ctl` as the current default value. And bird2 on
NixOS does use this path too.

[^1]: https://github.com/xddxdd/bird-lg-go#proxy
 2023-04-25 10:41:35 +02:00
Sandro
90e2a0670d
Merge pull request #225829 from IndeedNotJames/nixos.consul 2023-04-23 23:50:14 +02:00
Will Fancher
5c46e6f4e3 systemd-stage-1: Add assertions for unsupported options. 2023-04-21 13:05:12 -04:00
Nick Cao
515da5b664
Merge pull request #227243 from misuzu/netbird-update 
netbird: 0.14.6 -> 0.16.0
 2023-04-21 13:55:29 +08:00
IndeedNotJames
6ad64af778
nixos/consul: use lib.getExe where possible 
which allows the use of custom packages, that may not have binaries called `consul` or `consul-alerts` in their `/bin/*` (though arguably pretty unlikely to be ever used)
 2023-04-21 03:46:54 +02:00
IndeedNotJames
9c1f292155
nixos/consul: fix package reference in service $PATH 2023-04-21 03:46:54 +02:00
Artturi
b83db86a9e
Merge pull request #222080 from Stunkymonkey/nixos-optionalString 2023-04-20 16:07:30 +03:00
misuzu
d5bb5259e4 nixos/netbird: allow configuring dns 2023-04-20 14:22:19 +03:00
Ryan Lahfa
2fa5e844de
Merge pull request #223749 from Alexis211/add-wgautomesh 
wgautomesh: init at 0.1.0
 2023-04-19 08:26:09 +02:00
Sandro
ce4159b4cd
Merge pull request #226514 from AtaraxiaSjel/update/ivpn 2023-04-19 00:57:19 +02:00
Dmitriy Kholkin
706060e47d
nixos/ivpn: init 2023-04-18 22:11:10 +03:00
Artturin
eac28f38d6 treewide: fix lints 
Arg to lib.optional is a list

build time tool in buildInputs

*Flags not a list

https://github.com/nix-community/nixpkgs-lint
 2023-04-18 20:20:56 +03:00
Alex Auvolat
a727a3d676 nixos/wgautomesh: init at 0.1.0 2023-04-17 12:37:18 +02:00
Sandro
d85555f9ac
Merge pull request #224996 from SuperSandro2000/smokeping-ln-f 2023-04-16 23:05:25 +02:00
Janne Heß
ee0bfeddf7
Merge pull request #226010 from helsinki-systems/drop/deprecated-ssh-files 
nixos/openssh: Drop deprecated locations
 2023-04-15 11:41:16 +02:00
Eric Lesiuta
acfed64224 nixos/picosnitch: init 2023-04-14 22:09:48 -04:00
Aidan Gauland
0135b7a556 nixos/peroxide: correct option doc 
Correct the description for the option services.peroxide.enable.
 2023-04-14 14:47:55 +02:00
Janne Heß
98c3d190b2
nixos/openssh: Drop deprecated locations 
The changelog entry should give a good indication why I don't think this
is necessary anymore.
 2023-04-13 20:31:18 +02:00
Martin Weinelt
130be87c8d
Merge pull request #224549 from mweinelt/go-neb-unit-permissions 
nixos/go-neb: Replace PermissionsStartOnly with executable prefix
 2023-04-12 22:59:41 +02:00
Sandro Jäckel
fdbd0834b2
nixos/smokeping: use ln with -f 2023-04-12 22:47:21 +02:00
Martin Weinelt
7a5a2fa8a4
Merge pull request #225785 from helsinki-systems/warn-dhcpd-eol 
nixos/dhcpd: warn of pending removal
 2023-04-12 00:08:42 +02:00
ajs124
e3702c0788 nixos/dhcpd: warn of pending removal 2023-04-11 23:47:40 +02:00
Sandro
fd04c0caf0
Merge pull request #221380 from Majiir/ddclient-fix-permissions 2023-04-11 01:31:53 +02:00
Felix Buehler
327b0cff7a treewide: use more lib.optionalString 2023-04-07 13:38:33 +02:00
mrobbetts
3c1c5600e8
bind: replace hard-coded allow-query zone setting with a real zone parameter. (#224776) 2023-04-07 06:55:09 +02:00
alyaeanyx
bd573376ad nixos/wstunnel: init 2023-04-06 09:51:30 +02:00
Florian Klink
aa158ed243
Merge pull request #219496 from f2k1de/smokeping-css-js-fix 
smokeping: fix css and js symlink
 2023-04-05 21:56:33 +02:00
Florian Klink
ea7dd83b0d
Merge pull request #224833 from flokli/smokeping-config 
nixos/smokeping: use /etc/smokeping.conf
 2023-04-05 21:54:57 +02:00
Florian Klink
9de75c8bbe nixos/smokeping: use /etc/smokeping.conf 
This allows other services to refer to the generated smokeping config,
which is e.g. necessary to run smokeping with nginx as frontend, rather
than thttpd.
 2023-04-05 16:51:26 +02:00
Yureka
53c20eae38
Revert "bind: remove hard-coded allow-query config setting" 2023-04-04 23:35:11 +02:00
Martin Weinelt
34464d6044
nixos/go-neb: Replace PermissionsStartOnly with executable prefix 
This should work as a drop-in replacement and satisfy #53852.
 2023-04-04 01:01:49 +02:00
Kerstin Humm
0b0cc93e79
remove myself (erictapen) from packages which I don't use anymore 2023-04-03 17:07:16 +02:00
Sandro
ef6206c3ee
Merge pull request #224170 from mvnetbiz/ddclient 2023-04-02 01:29:59 +02:00
Izorkin
3ab26f9f00
nixos/dhcpcd: add IPv6rs option 2023-04-01 13:52:38 +03:00
Matt Votava
ee88bac7be nixos/ddclient: add iproute2 to unit path if using "if" method 2023-03-31 21:54:21 -07:00
Peter Simons
7942e2e38f
Merge pull request #221108 from mrobbetts/bind_remove_allow_query 
bind: remove hard-coded `allow-query` config setting
 2023-03-29 07:50:47 +02:00
Christoph Heiss
c9c9abc608 openssh: fix 'undefined variable' error 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
 2023-03-22 22:38:14 +01:00
Ryan Lahfa
5b88469c21
Merge pull request #217366 from puppe/fix-yggdrasil 
nixos/yggdrasil: fix configFile option
 2023-03-22 20:18:25 +01:00
K900
d0f7d224da nixos/firewall-nftables: avoid using wildcards 
Those were added in kernel 5.13, which is newer than our oldest supported.
 2023-03-22 17:45:05 +03:00
K900
5bf9765c0a
Merge pull request #217482 from motiejus/headscale_oidc_client_secret 
headscale: natively support oidc.client_secret_path
 2023-03-22 14:30:03 +03:00
Aidan Gauland
7fb4aae81f
nixos/peroxide: add module for peroxide service 2023-03-18 07:43:59 +13:00
Sandro
7ec767ff54
Merge pull request #173697 from jmbaur/avahi-daemon-deny-interfaces 
nixos/avahi: add denyInterfaces option
 2023-03-17 17:11:49 +01:00
Weijia Wang
32f39395a7
Merge pull request #210101 from helsinki-systems/upd/jitsi 
Update of all Jitsi Meet components
 2023-03-17 12:23:14 +02:00
Bernardo Meurer
6e55733359
Merge pull request #219747 from Stunkymonkey/deprecate-isNull 2023-03-16 11:10:22 -03:00
Majiir Paktu
1021a7d928 nixos/ddclient: fix permissions warning 2023-03-15 17:47:08 -04:00
Matthew Robbetts
f5b754881d bind: remove hard-coded allow-query config file entry, so it can be customized via extraConfig 2023-03-13 20:47:02 -07:00
Lassulus
47233b27c9
Merge pull request #167319 from schnusch/cgit 2023-03-13 09:51:08 +07:00
Ben Wolsieffer
b92dae961c nixos/chrony: allow @chown syscall set 
The module was allowing specific chown syscalls, which is brittle because
there are several and different ones are used by glibc on different
architectures. For example, fchownat was already added to the allowlist for
aarch64, while on armv6l chrony crashes because chown32 is not in the
allowlist.

systemd provides the @chown syscall set, which includes all the chown
syscalls and avoids this brittleness. I believe the syscalls would all be
equivalent from an attacker's perspective, so there is unlikely to be any
security impact.
 2023-03-12 18:10:56 -05:00
Jonas Heinrich
9f10a2e82a
Merge pull request #218633 from onny/networkd-dispatcher-rules 
nixos/networkd-dispatcher: add rules option
 2023-03-08 20:41:06 +01:00
K900
23b0152ffb
Merge pull request #218530 from K900/murmur-dbus 
nixos/murmur: expose dbus
 2023-03-08 18:35:56 +03:00
K900
d8d8b55e7d nixos/murmur: expose dbus 2023-03-08 18:03:51 +03:00
Motiejus Jakštys
2b168ba3f0 headscale: rename oidc.client_secret_file to oidc.client_secret_path 
Headscale now supports passing the OIDC client secret via a file, as
added in [juanfont/headscale#1127][1127]. Lets use that.

The headscale option is `client_secret_path`; let's make it consistent
and rename the Nix option to this. Note that I wasn't able to do this:

    mkRenamedOptionModule [ ... "client_secret_file" ] [ ... "client_secret_path" ]

I get such error:

    error: evaluation aborted with the following error message: 'cannot find attribute `services.headscale.settings.oidc.client_secret_file''

[1127]: https://github.com/juanfont/headscale/pull/1127
 2023-03-08 11:26:45 +02:00
Jonas Heinrich
26e14e57af nixos/networkd-dispatcher: add rules option 2023-03-08 10:20:47 +01:00
Felix Buehler
d10e69c86b treewide: deprecate isNull 
https://nixos.org/manual/nix/stable/language/builtins.html#builtins-isNull
 2023-03-06 22:40:04 +01:00
SEIAROTg
5a4dc2128e
nixos/wireguard: fix mtu after switching netns. 
mtu is set after switching netns and thus the new netns should be used.
 2023-03-04 18:51:12 +00:00
Isa
8225d6db3a smokeping: fix css and js symlink 2023-03-04 14:39:43 +01:00
K900
18f85de76d nixos/firewall: assert that the kernel supports conntrack helper auto-loading 2023-03-04 10:53:47 +03:00
Arian van Putten
17ca3dd2a6
Merge pull request #217852 from justinas/teleport-12 
teleport: 11.3.4 -> 12.0.2, reintroduce teleport_11
 2023-03-02 11:18:24 +01:00
Yureka
55da71c10e
nixos/nftables: add checkRuleset option (#216531) 
* nixos/nftables: add checkRuleset option

* lkl: 2022-05-18 -> 2023-01-27
 2023-03-02 10:28:01 +01:00
Justinas Stankevicius
31b5597cbd nixos/teleport: add "package" option 2023-02-28 13:22:50 +02:00
Jared Baur
ea0dc2c5eb
nixos/avahi: add denyInterfaces option 2023-02-27 15:41:53 -08:00
Daniel Olsen
ea31ef91af nixos/headscale: update oidc options 2023-02-27 15:17:16 +01:00
Robert Schütz
9e1d4dff3e nixos/openvpn: use writeShellScript 
Previously the upScript would fail with

    Syntax error: "(" unexpected (expecting "done")

on line 7 if /bin/sh is not bash.
 2023-02-26 10:12:28 -08:00
Naïm Favier
129b6f7812
Merge pull request #216504 from ncfavier/unbound-state-dir-writable 
nixos/unbound: make stateDir writable
 2023-02-23 14:23:53 +01:00
Robert Schütz
89c8ef30a6 nixos/imaginary: bind to localhost by default 2023-02-22 17:37:36 -08:00
Sandro
5b7d323435
Merge pull request #216909 from emilytrau/tailscale-tweaks 2023-02-21 23:21:09 +01:00
Martin Puppe
8bc615d0e0 nixos/yggdrasil: correct documentation 
The option `LinkLocalTCPPort` does not exist anymore in recent versions
of Yggdrasil. The port for incoming link-local connections is now
configured as part of the `MulticastInterfaces` option. Our
documentation should reflect that.
 2023-02-20 23:10:54 +01:00
Martin Puppe
cf8b1fb85e nixos/yggdrasil: support HJSON files as configFile 
Yggdrasil uses HJSON as its configuration file format. The NixOS module
meanwhile only supports pure JSON. This commit adds support for HJSON
files.
 2023-02-20 23:10:54 +01:00
Martin Puppe
78ac812356 nixos/yggdrasil: fix configFile option 
As far as I can tell the configFile option cannot have worked as
intended. The Yggdrasil systemd service uses a dynamic user. As it was,
there was no way to set the correct permissions on a config file
beforehand which would allow the dynamic user to read the config file
without making it readable for all users. But since the config file can
contain a private key it *must not* be world-readable.

The file must only be readable by root. The file has to be copied and
the permissions have to be fixed during service startup. This can either
be done in a ExecStartPre directive with the '+' prefix (which executes
that command with elevated privileges), or it can be done more
declarative with the LoadCredential directive. I have chosen the latter
approach because it delegates more work to systemd itself. It should be
noted that this has the minor tradeoff that the config file must not be
larger than 1 MB. This is a limit which systemd imposes on credential
files. But I think 1 MB ought to be enough for anybody ;).
 2023-02-20 23:04:24 +01:00
Martin Puppe
9b2e2e8006 nixos/yggdrasil: nixpkgs-fmt 2023-02-20 22:02:59 +01:00
Jonas Heinrich
553c376a49 nixos/networkd-dispatcher: init 2023-02-19 04:42:25 -05:00
Nick Cao
a1291d0d02
Merge pull request #205784 from Eliot00/v2raya-fix 
v2raya: v2rayA should start after nftables
 2023-02-19 15:08:29 +08:00
Emily Trau
949b1df785 nixos/tailscale: fix config priority conflict 2023-02-18 13:28:04 +11:00
pennae
047bd73c5e nixos/wireguard: make publicKeys singleLineStrs 
using readFile instead of fileContents (or using indented strings) can
leave a trailing newline that causes build errors in systemd units and
has previously caused runtime errors in wireguard scripts. use
singleLineStr to strip a trailing newline if it exists, and to fail if
more than one is present.
 2023-02-16 11:56:12 +01:00
Naïm Favier
5cf311c036
nixos/unbound: make stateDir writable 2023-02-15 18:14:58 +01:00
Robert Schütz
7b60fce843
Merge pull request #215222 from dotlambda/nixos-imaginary-init 
nixos/imaginary: init
 2023-02-12 08:42:19 -08:00
Andreas Stührk
8dade1f713 nixos/envoy: add option requireValidConfig to make config validation errors non-fatal 
Co-authored-by: Vincent Haupert <vincent@yaxi.tech>
 2023-02-11 18:21:21 +01:00
Vincent Haupert
84220a7098 nixos/envoy: add package option 2023-02-11 18:21:21 +01:00
Vincent Haupert
3c3da8768b nixos/envoy: further service hardening 2023-02-11 18:21:21 +01:00
Vincent Haupert
8fff553f7e nixos/envoy: sort serviceConfig entries 2023-02-11 18:21:21 +01:00
Vincent Haupert
989a1a6ef5 nixos/envoy: use lists in serviceConfig where appropriate 
Using type `list` instead of `str` in `serviceConfig` entries which
accept multiple values allows easier extension of the unit
configuration.
 2023-02-11 18:21:21 +01:00
Robert Schütz
efee1b5234 nixos/imaginary: init 2023-02-11 09:18:42 -08:00
Naïm Favier
86a387351a
Merge branch 'master' into nixos/hostapd 2023-02-11 14:03:56 +01:00
bb2020
76bf633dc2 nixos/minidlna: minor changes 2023-02-09 21:11:20 +03:00