Commit Graph

545 Commits

Author SHA1 Message Date
Michael Weiss
4a600af1b1 doc: Document a workaround for using an FQDN as hostname
Since #76542 this workaround is required to use a FQDN as hostname. See
#94011 and #94022 for the related discussion. Due to some
potential/unresolved issues (legacy software, backward compatibility,
etc.) we're documenting this workaround [0].

[0]: https://github.com/NixOS/nixpkgs/issues/94011#issuecomment-705952300
2020-10-10 10:48:54 -07:00
Michael Weiss
826ed96c10
nixos/networking: Switch to home.arpa as an example for the domain
The special-use domain "home.arpa." is designated for non-unique use in
residential home networks [0] and registered as such [1]. Therefore it
is more appropriate than "home." which could cause conflicts or result
in queries that leak out and reach the root name servers.

[0]: https://tools.ietf.org/html/rfc8375
[1]: https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
2020-10-10 17:41:42 +02:00
Vladimír Čunát
420f89ceb2
Revert "apparmor: fix and improve the service"
This reverts commit fb6d63f3fd.

I really hope this finally fixes #99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011

Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
2020-10-07 12:22:18 +02:00
0x4A6F
c232d4b587
nixos: Conform with RFC 1123 in networking.hostName
Conform to RFC 1123 [0], specifically to "2.1 Host Names and Numbers",
which allow starting host name with alphanumerical instead of alphabetical characters.
RFC 1123 updates RFC 952 [1], which is referenced in "man 5 hosts".

[0]: https://tools.ietf.org/html/rfc1123
[1]: https://tools.ietf.org/html/rfc952
2020-10-01 22:06:00 +00:00
Julien Moutinho
fb6d63f3fd apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
WORLDofPEACE
18348c7829
Merge pull request #96042 from rnhmjoj/loaOf
treewide: completely remove types.loaOf
2020-09-02 08:45:37 -04:00
rnhmjoj
20d491a317
treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00
V
b63b5eda68 rfkill: remove
rfkill was subsumed by util-linux in 2017 [1], and the upstream has not
been updated in over 5 years [2]. This package shadows the rfkill from
util-linux, so it can be completely removed with no breaking changes,
because util-linux is in the base package set in nixos/system-path.

[1] d17fb726b5
[2] https://git.sipsolutions.net/rfkill.git/log/
2020-08-24 02:49:27 +02:00
Jörg Thalheim
7acb961c67
Merge pull request #93395 from hmenke/zfs
ZFS: Request credentials only for selected pools
2020-08-15 09:19:49 +01:00
asdf8dfafjk
8e52c2a63e
nixos/networking: Enhance hostId description (#94800)
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-08-08 20:30:50 +01:00
Jörg Thalheim
ba930d8679
nixos/modules: remove trailing whitespace
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
2020-08-07 14:45:39 +01:00
Jörg Thalheim
5e09542c3b
Merge pull request #89416 from Kloenk/autoUpgrade-flakes
nixos/autoUpgrade: add flake support
2020-08-06 21:45:07 +01:00
volth
7503f280c8
nixos/systemd: fix TUN networking in LXC containers (#81481)
in LXC container /dev/net/tun is pre-available, "dev-net-tun.device" always fails
2020-08-05 21:12:57 -05:00
Keshav Kini
5e86bba082 nixos/boot: some documentation improvements
- Give a more accurate description of how fileSystems.<name/>.neededForBoot
  works

- Give a more detailed description of how fileSystems.<name/>.encrypted.keyFile
  works
2020-07-29 14:39:21 -07:00
ajs124
2a2b31ba4a nixos/tasks/lvm: fix systemd tmpfiles 2020-07-25 20:43:12 +02:00
Henri Menke
fc4ea9ecba
ZFS: Request credentials only for selected pools
This change introduces more fine-grained requestEncryptionCredentials.
While previously when requestEncryptionCredentials = true, the
credentials for all imported pools and all datasets in these imported
pools were requested, it is now possible to select exactly the pools and
datasets for which credentials should be requested.

It is still possible to set requestEncryptionCredentials = true, which
continues to act as a wildcard for all pools and datasets, so the change
is backwards compatible.
2020-07-21 19:36:10 +12:00
ajs124
1a1e7237de nixos/tasks/lvm: add dmeventd and lvmthin support
Introduce a pkgs.lvm2_dmeventd that contains dmeventd support, and
enable if services.lvm.dmeventd.enable is true.
2020-07-14 12:00:32 +02:00
Finn Behrens
c9daa81eff
nixos/autoUpgrade: add flake support 2020-07-09 23:03:56 +02:00
Graham Christensen
9d335706a0
Merge pull request #92092 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Update description for requestEncryptionCredentials
2020-07-02 17:25:53 -04:00
Will Fancher
b5f7b79a2d ZFS: Update description for requestEncryptionCredentials 2020-07-02 16:08:50 -04:00
Graham Christensen
105e63469d
Merge pull request #91344 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
2020-07-02 14:15:18 -04:00
Will Fancher
e2f1594695 ZFS: Set IFS=$'\t' for the read command in stage 2 load-key
Co-authored-by: Graham Christensen <graham@grahamc.com>
2020-07-02 13:50:29 -04:00
Will Fancher
05f8cba1b6 ZFS: Pipe /dev/null into the stage 2 load-key script
Just in case something reads stdin, so that `while read ds kl` doesn't
miss anything
2020-07-02 13:50:28 -04:00
Will Fancher
0d55d48f0f ZFS: Ask for stage 2 encryption passwords using systemd-ask-password 2020-06-23 06:25:21 -04:00
Timo Kaufmann
4843eab3a1
Merge pull request #84135 from symphorien/btrfs-scrub-success
nixos/btrfs autoScrub: don't fail when scrub finishes successfully
2020-06-19 22:55:19 +02:00
Michele Guerini Rocco
a2fd1ba544
Merge pull request #89159 from datafoo/fix-issue-89158
nixos/networking: check interface state files exist before acting on them
2020-06-12 15:31:57 +02:00
Michael Weiss
a6afdbb70b
nixos: Allow empty hostnames again
This fixes a regression from 993baa587c which requires
networking.hostName to be a valid DNS label [0].
Unfortunately we missed the fact that the hostnames may also be empty,
if the user wants to obtain it from a DHCP server. This is even required
by a few modules/images (e.g. Amazon EC2, Azure, and Google Compute).

[0]: https://github.com/NixOS/nixpkgs/pull/76542#issuecomment-638138666
2020-06-03 15:23:37 +02:00
Florian Klink
4cd605f3ca
Merge pull request #62671 from kfiz/networking-proxy_arp-fix
tasks/network-interfaces.nix: Enable ip_forwarding for ipv4 and p…
2020-05-31 22:22:49 +02:00
datafoo
8f16f66b27 nixos/networking: check interface state files exist before acting on them
Fix #89158
2020-05-29 12:20:06 +02:00
Doro Rose
5d3a72f683 networking-interfaces.nix: remove broken NDP bits from proxyARP
The `networking.interfaces.<name?>.proxyARP` option previously mentioned it would also enable IPv6 forwarding and `proxy_ndp`.

However, the `proxy_ndp` option was never actually set (the non-existing `net.ipv6.conf.proxy_arp` sysctl was set
instead). In addition `proxy_ndp` also needs individual entries for each ip to proxy for.

Proxy ARP and Proxy NDP are two different concepts, and enabling the latter
should be a conscious decision.

This commit removes the broken NDP support, and disables explicitly
enabling IPv6 forwarding (which is the default in most cases anyways)

Fixes #62339.
2020-05-26 00:53:10 +02:00
Michael Weiss
993baa587c
nixos: Require networking.hostName to be a valid DNS label
This also means that the hostname must not contain the domain name part
anymore (i.e. must not be a FQDN).
See RFC 1035 [0], "man 5 hostname", or the kernel documentation [1].
Note: For legacy reasons we also allow underscores inside of the label
but this is not recommended and intentionally left undocumented.

[0]: https://tools.ietf.org/html/rfc1035
[1]: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#domainname-hostname

Co-authored-by: zimbatm <zimbatm@zimbatm.com>
2020-05-25 18:13:39 +02:00
Florian Klink
822918df4c nixos/scripted-networking: use udev to configure link MACAddress and MTUBytes
The `network-link-${i.name}` units raced with other things trying to
configure the interface, or ran before the interface was available.

Instead of running our own set of shell scripts on boot, and hoping
they're executed at the right time, we can make use of udev to configure
the interface *while they appear*, by providing `.link` files in
/etc/systemd/network/*.link to set MACAddress and MTUBytes.

This doesn't require networkd to be enabled, and is populated properly
on non-networkd systems since
https://github.com/NixOS/nixpkgs/pull/82941.

This continues clean-up work done in
https://github.com/NixOS/nixpkgs/pull/85170 for the scripted networking
stack.

The only leftover part of the `network-link-${i.name}` unit (bringing
the interface up) is moved to the beginning of the
`network-addresses-${i.name}` unit.

Fixes: https://github.com/NixOS/nixpkgs/issues/74471
Closes: https://github.com/NixOS/nixpkgs/pull/87116
2020-05-22 10:58:00 +02:00
Florian Klink
ad26d7c044 nixos/network-interfaces-scripted: always run systemctl of the currently running systemd 2020-05-21 10:33:51 +02:00
datafoo
431106a17e nixos/zfs: add missing dependendy nettools
Fix #87823
2020-05-18 11:25:00 +02:00
Florian Klink
532528190b nixos/networking: move network-link-${i.name} to scripted networking
The unit sets MTU and MAC Address even with networkd enabled, which
isn't necessary anymore, as networkd handles this by itself.
2020-04-13 22:03:35 +02:00
Florian Klink
ca391c8a4f nixos/networking: add assertion catching setting mac addresses on tun devices
Setting a MAC Address on a tun interface isn't supported, and invoking
the corresponding command fails.
2020-04-13 22:03:35 +02:00
Florian Klink
cddc7a28b8 nixos/networking: fix setting .macAddress and .mtu with networkd
This needs to be set in the .linkConfig of a .network
2020-04-13 22:03:35 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Jörg Thalheim
5fb2a9d8c7
Merge pull request #79828 from Mic92/zed
nixos/zfs: populate PATH with needed programs for zed
2020-04-02 13:42:01 +01:00
Symphorien Gibol
55d16d5334 nixos/btrfs autoScrub: don't fail when scrub finishes successfully 2020-04-02 12:00:00 +00:00
Robin Gloster
d6fa642608
Merge pull request #81161 from wedens/libvirt-6.0.0
libvirt: 5.4.0 -> 6.1.0
2020-03-30 13:19:00 +00:00
David Costa
2e4a45c921 nixos/network-interfaces: fix examples types
make literalExample receive string arguments.
Fix nixos/nixos-homepage#255
2020-03-29 01:00:59 +01:00
Peter Hoeg
8a31cf1459 zfs: document systemd-udev-settle dependency 2020-03-21 11:15:06 +08:00
volth
687aa06c70 nixos/scripted-networking: fix bridge setup when libvirtd uses socket activation 2020-03-15 11:29:14 +07:00
Léo Gaspard
26b1ef1506
Merge pull request #80141 from symphorien/scrub
nixos/btrfs: make autoScrub not prevent shutdown or suspend
2020-03-12 22:39:34 +01:00
lewo
cbb21b2a8a
Merge pull request #81214 from buckley310/updateDelay
NixOS/auto-upgrade: Add optional randomized delay
2020-03-12 09:06:32 +01:00
Sean Buckley
9d3aa711fe NixOS/auto-upgrade: refine option description 2020-03-03 22:14:31 -05:00
Jörg Thalheim
8f543ed80d
nixos/zfs: continue trimming also if one pool fails
fixes https://github.com/NixOS/nixpkgs/issues/81602
2020-03-03 11:22:07 +00:00
Sean Buckley
14a1aa4a3d
NixOS/auto-upgrade: fix wording
Co-Authored-By: Pascal Hertleif <killercup@gmail.com>
2020-02-28 12:03:41 -05:00
Sean Buckley
b6cad64ef6 NixOS/auto-upgrade: Add optional randomized delay 2020-02-27 16:40:10 -05:00