nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-13 23:53:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
683,299 Commits 200 Branches 125 Tags 6.9 GiB
86a6ef5f15
Commit Graph

20824 Commits

Author SHA1 Message Date
Felix Buehler
980a655feb nixos/services.kubernetes.addons.dns: remove with lib; 2024-09-15 10:43:47 +02:00
Felix Buehler
6ebec4f097 nixos/services.k3s: remove with lib; 2024-09-15 10:43:47 +02:00
Felix Buehler
1a519763fb nixos/services.lighthouse: remove with lib; 2024-09-15 10:43:47 +02:00
Felix Buehler
1674361601 nixos/services.geth: remove with lib; 2024-09-15 10:43:47 +02:00
Felix Buehler
bf759e5dd4 nixos/services.erigon: remove with lib; 2024-09-15 10:43:47 +02:00
Felix Buehler
561d58c49c nixos/services.zrepl: remove with lib; 2024-09-15 10:43:47 +02:00
Felix Buehler
8a7d699812 nixos/services.zfs.autoReplication: remove with lib; 2024-09-15 10:43:47 +02:00
Felix Buehler
e53c595a18 nixos/services.tarsnap: remove with lib; 2024-09-15 10:43:47 +02:00
Felix Buehler
8442ed34ac nixos/services.syncoid: remove with lib; 2024-09-15 10:43:47 +02:00
Felix Buehler
48d46271cb nixos/services.snapraid: remove with lib; 2024-09-15 10:43:47 +02:00
Felix Buehler
4682ba9d88 nixos/services.sanoid: remove with lib; 2024-09-15 10:43:46 +02:00
Felix Buehler
dfb290a6c6 nixos/services.rsnapshot: remove with lib; 2024-09-15 10:43:46 +02:00
Felix Buehler
27f54eb43e nixos/services.restic.backups: remove with lib; 2024-09-15 10:43:46 +02:00
Felix Buehler
9ad1866434 nixos/services.restic.server: remove with lib; 2024-09-15 10:43:46 +02:00
Felix Buehler
dee892a446 nixos/services.postgresqlWalReceiver: remove with lib; 2024-09-15 10:43:46 +02:00
Felix Buehler
5c0e7f70a5 nixos/services.postgresqlBackup: remove with lib; 2024-09-15 10:43:46 +02:00
Felix Buehler
02145eb692 nixos/services.mysqlBackup: remove with lib; 2024-09-15 10:43:46 +02:00
Felix Buehler
5e67f3e4c8 nixos/services.pgadmin: remove with lib; 2024-09-15 10:43:46 +02:00
Arjan Schrijver
ca139acf0e nixos/ly: unlock gnome-keyring on login when enabled 2024-09-14 20:44:41 +02:00
rnhmjoj
016f6f9f58
dnscrypt-wrapper: remove package and NixOS modules 2024-09-14 17:22:48 +02:00
Pascal Bach
b6c754755c nixos/paperless: fix documentation url 
The original paperless project is archived

Co-authored-by: Antoine Martin <antoine97.martin@gmail.com>
 2024-09-14 14:19:17 +02:00
Tomodachi94
b86ba024bd nixos/paperless: add system-paperless.slice 
Non-breaking change.

Part of #279915.
 2024-09-14 14:19:17 +02:00
Aleksana
36316edca3
nixos/samba: accept lists (#341244) 2024-09-14 09:30:23 +08:00
Yt
2ac0a6697a
nixos/windmill: add database.url option and defaults (#341675) 2024-09-13 23:07:19 +00:00
Robert Schütz
4c8a43881f nixos/samba: accept lists 2024-09-13 15:33:49 -07:00
tmarkov
b44fdbfc11 nixos/windmill: add database.url option and defaults 2024-09-14 00:36:55 +03:00
Felix Bühler
17c73de8dc
nixos/services.xserver.desktopManager.phosh: remove with lib; (#341243) 2024-09-13 22:15:01 +02:00
eyjhb
7c545e26a3 nixos/neo4j: always set http values, even when disabled 2024-09-13 15:22:34 +02:00
Parker Hoyes
c960ba48d1
nixos/nix-daemon: Enable cgroups delegation (#339310) 
When `use-cgroups` is enabled, the nix daemon creates sub-cgroups for the build processes (and itself if NixOS/nix#11412 is merged, see NixOS/nix#9675). `Delegate` should be set to prevent systemd from messing with the nix service's cgroups (https://github.com/systemd/systemd/blob/main/docs/CGROUP_DELEGATION.md) and ensure the OOM killer only targets the offending derivation and not the entire service (NixOS/nix#10374).
 2024-09-13 16:08:29 +03:00
Pascal Bach
e7bcab801c nixos/samba: ensure global section is always first 
The order of the [global] section matters as settings
defined there are only applied to shares that are defines
after it.
 2024-09-12 21:08:24 +02:00
Gaétan Lepage
d4474ed33b
nixos/invidious: add options for configuring inv-sig-helper (#340748) 2024-09-12 14:57:57 +02:00
Aaron Andersen
768f41fcf0
Revert "nixos/openvpn: add extraArgs option" (#341223) 2024-09-12 06:34:16 -04:00
Florian Agbuya
317a52a757 flarum: fix installation and migration logic 2024-09-12 16:14:41 +08:00
⛧-440729 [sophie]
81b0701a4d
nixos/invidious: add options for configuring inv-sig-helper 2024-09-12 09:08:02 +02:00
Aleksana
5126cb8d1f
ankisyncd: remove (#333609) 2024-09-12 09:13:29 +08:00
nikstur
24526ed710
nixos/userborn: respect createHome and convert home from path to string (#341180) 2024-09-11 23:44:34 +02:00
Felix Buehler
2b6ef00729 nixos/services.xserver.desktopManager.phosh: remove with lib; 2024-09-11 22:25:00 +02:00
Bjørn Forsman
1cb392fdcd nixos/ups: set env vars in the global environment 
This allows using upsdrvctl interactively, which otherwise tries to use
a missing ups.conf in the Nix store, instead of the correct
/etc/nut/ups.conf.
 2024-09-11 21:14:48 +02:00
Bjørn Forsman
801388a6fa nixos/ups: deduplicate environment variables 
No functional change, but more DRY.
 2024-09-11 21:14:48 +02:00
Michele Guerini Rocco
b94f259714
nixos/wireless: reimplement secrets using ext_password_backend (#180872) 2024-09-11 19:58:36 +02:00
Aaron Andersen
45dd09667f
Revert "nixos/openvpn: add extraArgs option" 2024-09-11 12:59:03 -04:00
Felix Bühler
3884721bad
nixos/services.mpd: remove with lib; (#339100) 2024-09-11 17:22:14 +02:00
Lin Yinfeng
33e796b66f
nixos/userborn: convert users.users.<name>.home to string 
If `opts.home` is not a string, an evaluation failure occurs in
`mapAttrs'`. Converting `opts.home` to string solves this issue.

The type of `users.users.<name>.home` is `lib.types.path`. Values
other than strings, e.g., derivations can also have the type
`lib.types.path`.
 2024-09-11 18:28:58 +08:00
Lin Yinfeng
d3fdfb473d
nixos/userborn: support users.users.<name>.createHome 2024-09-11 18:09:29 +08:00
John Titor
1c7e6a2de9
nixos/shairport-sync: Add pulse group also for pipewire 
Works according to https://github.com/mikebrady/shairport-sync/issues/1171

From 0e4664b497
 2024-09-11 15:21:14 +05:30
Dominique Martinet
2b5ca0f433 ankisyncd: remove 2024-09-11 13:53:06 +08:00
Aaron Andersen
7398438255
nixos/openvpn: add extraArgs option (#339016) 2024-09-10 19:36:32 -04:00
Emily
1a55636200
nixos/dokuwiki: don’t use lib.escapeShellArg (#340309) 2024-09-11 00:34:05 +01:00
Felix Bühler
c4dd50a721
nixos/services.snapserver: remove with lib; (#339099) 2024-09-10 22:17:09 +02:00
Felix Bühler
6cc52ec011
nixos/services.graphite: remove with lib; (#339095) 2024-09-10 22:15:56 +02:00
Felix Bühler
dc5ff75973
nixos/services.portunus: remove with lib; (#339097) 2024-09-10 21:41:55 +02:00
Felix Bühler
9ac4d48271
nixos/services.borgbackup: remove with lib; (#339098) 2024-09-10 21:41:29 +02:00
Felix Bühler
2954826541
nixos/services.taskserver: remove with lib; (#339104) 2024-09-10 21:41:05 +02:00
Felix Buehler
674e5ad68a nixos/services.mpd: remove with lib; 2024-09-10 21:40:16 +02:00
Felix Bühler
7a46626d03
nixos/services.rippled: remove with lib; (#339106) 2024-09-10 21:35:12 +02:00
Adam C. Stephens
fbbafbb834
nixos/services.radicle: remove with lib; (#339105) 2024-09-10 12:00:35 -04:00
Artturin
95db943c8d
nixos/teeworlds: add option environmentFile for injecting secrets (#334590) 2024-09-10 18:30:00 +03:00
Aleksana
1579b92dd4
todesk: init at 4.7.2.0 (#310474) 2024-09-10 21:42:59 +08:00
Kerstin
5a39b9e407
Gancio service fixes (#340782) 2024-09-10 13:34:07 +02:00
Jean-Baptiste Giraudeau
3a33b6c3a8
nixos/gancio: set default value for settings.baseurl 2024-09-10 13:13:32 +02:00
Jean-Baptiste Giraudeau
432bfec026
nixos/gancio: use unix socket between nginx and gancio 2024-09-10 13:13:28 +02:00
eyjhb
a719f91a85
nixos/teeworlds: use lib.getExe instead of hardcoded path 2024-09-10 11:40:24 +02:00
eyjhb
e233e7d385
nixos/teeworlds: add option environmentFile for injecting secrets 2024-09-10 11:39:55 +02:00
h7x4
c2090cb303
wstunnel: the ping frequency can now also be configured for the server (#339232) 2024-09-10 10:27:42 +02:00
Vladimír Čunát
28e9b6d60f
Merge staging-next 2024-09-01 (#338840) 2024-09-10 07:42:45 +02:00
github-actions[bot]
6811659137
Merge master into staging-next 2024-09-10 00:13:21 +00:00
Maximilian Bosch
862ecd674f
nixos/prometheus-exporters/pgbouncer: don't leak DB password into cmdline 
Since `connectionStringFile` reads the file and puts it into the
invocation of the exporter, it's part of the cmdline and thus
effectively world-readable.

Added a new `connectionEnvFile` which is supposed to be an environment
file of the form

  PGBOUNCER_EXPORTER_CONNECTION_STRING=...

that will be added to the systemd service. The exporter will read the
connection string from that value.
 2024-09-09 21:08:17 +02:00
Maximilian Bosch
4980a7d938
nixos/prometheus-exporters: fix assertions declared in exporter modules 
And it turns out, the test was using a removed option all along 🙃
 2024-09-09 21:08:17 +02:00
Martin Weinelt
58aa6d56f6
nixos/matrix-appservice-irc: allow disabling the ttl by setting it to 0 (#340841) 2024-09-09 20:58:45 +02:00
Martin Weinelt
420398889e
nixos/matrix-appservice-irc: allow disabling media lifetime 
Posting media URLs to IRC that vanish, when they can be refetched from
the remote server they were originated from is not great UX.
 2024-09-09 20:35:13 +02:00
Rick van Schijndel
f6b2548c60
nixos/hydra: unset SSL_CERT_FILE (#338536) 2024-09-09 20:29:36 +02:00
github-actions[bot]
a90b3d5ddb
Merge master into staging-next 2024-09-09 18:05:44 +00:00
Rick van Schijndel
0eb77d8da5
nixos/hydra: add system-hydra.slice, fix typo (#338532) 2024-09-09 19:47:21 +02:00
Felix Bühler
3ffbdee67c
nixos/services.snapper: remove with lib; (#339096) 2024-09-09 18:36:49 +02:00
Jean-Baptiste Giraudeau
58ec286785
nixos/gancio: actually enable ssl by default. 2024-09-09 15:48:52 +02:00
github-actions[bot]
92d531057e
Merge master into staging-next 2024-09-09 06:05:06 +00:00
Pol Dellaiera
bcb04b0967
open-webui: Add environmentFile option (#334830) 2024-09-09 03:28:37 +02:00
github-actions[bot]
f2b767ea43
Merge master into staging-next 2024-09-09 00:14:38 +00:00
Anthony ROUSSEL
603159799c nixos/samba: revert default values 2024-09-08 23:43:10 +02:00
Kerstin
e248589c0f
gancio: init at 1.19.0 (#279011) 2024-09-08 22:51:23 +02:00
Sarah Brofeldt
8a508485c4
nixos/kubernetes: add extraConfig to kubelet config (#338526) 2024-09-08 20:35:46 +02:00
Jean-Baptiste Giraudeau
f5e44554c4
nixos/gancio: init module 2024-09-08 18:09:57 +02:00
github-actions[bot]
69276ad883
Merge master into staging-next 2024-09-08 06:04:18 +00:00
Yuxuan Shui
036d05a466 nixos/samba: fix migration guide for securityType 2024-09-08 00:26:27 +01:00
github-actions[bot]
5a5ebe5a1c
Merge master into staging-next 2024-09-07 18:04:01 +00:00
Martin Weinelt
458c073712
neard: 0.18 -> 0.19-unstable-2024-07-02 (#337524) 2024-09-07 18:00:14 +02:00
Florian Klink
3aca239152
nixos/caddy: restart caddy on config change when "enableReload" is turned off (#335983) 2024-09-07 22:22:24 +07:00
ash
2bab9e4eba nixos/dokuwiki: factor out toPhpString 2024-09-07 15:30:54 +01:00
K900
d1c49286e9
nixos/samba: fix conditional activation of samba services (#340272) 2024-09-07 16:53:16 +03:00
ash
345c8a7310 nixos/dokuwiki: don’t use lib.escapeShellArg 
PHP strings don't obey shell quoting rules. See #333744.
 2024-09-07 14:39:07 +01:00
Weijia Wang
bad886d556
ayatana-indicator-bluetooth: init at 24.5.0 (#336982) 2024-09-07 14:46:32 +02:00
github-actions[bot]
de15243c9a
Merge master into staging-next 2024-09-07 12:04:51 +00:00
Azat Bahawi
3f2297f073
nixos/endlessh-go: fix firewall bugs (#339701) 2024-09-07 10:22:25 +00:00
Aleksana
b4b441a852
nixos/matterbridge: add services.matterbridge.package option (#340180) 2024-09-07 16:27:52 +08:00
Anthony ROUSSEL
1938960bfe nixos/samba: fix conditional activation of samba services 2024-09-07 10:16:03 +02:00
K900
f7e4fc6e56
Wireplumber 0.5.6 (#340154) 2024-09-07 09:46:17 +03:00
github-actions[bot]
b6b2ac4f61
Merge master into staging-next 2024-09-07 00:12:59 +00:00
kirillrdy
5f4c0543d2
Flarum: fix installation and client interface issues (#339202) 2024-09-07 06:32:54 +10:00
Gabriel Fontes
13f6e6da35
nixos/matterbridge: add services.matterbridge.package option 2024-09-06 17:07:41 -03:00
github-actions[bot]
079813d5c4
Merge master into staging-next 2024-09-06 18:03:54 +00:00
K900
a0134dd1d8 nixos/wireplumber: drop hack for systemwide setups 
Should not be necessary with 0.5.6.
 2024-09-06 20:58:12 +03:00
Bjørn Forsman
4861c28956 homebox: update URLs in documentation 
https://github.com/hay-kot/homebox was archived on 2024-06-12 and we use
the https://github.com/sysadminsmedia/homebox fork since the beginning,
in commit 4be8e799db
("homebox: init at 0.13.0").

Update the documentation to be in sync with the source we build from.
 2024-09-06 19:34:15 +02:00
Anthony Roussel
56ae1fb452 nixos/samba: split and sync SystemD services with upstream 2024-09-06 17:53:22 +02:00
Anthony Roussel
ac29b192d8 nixos/samba: use mkEnableOption when possible 2024-09-06 17:53:22 +02:00
Anthony Roussel
3f0b4964c3 nixos/samba: add documentation to systemd.services 2024-09-06 17:53:22 +02:00
Anthony Roussel
7a3bba220d nixos/samba: add services.samba.smbd.enable option 2024-09-06 17:53:22 +02:00
Anthony Roussel
ee6c8db585 nixos/samba: reorganize and rename module options 2024-09-06 17:53:22 +02:00
Anthony Roussel
3b48a7e013 nixos/samba: add documentation 2024-09-06 17:53:22 +02:00
Anthony Roussel
988c598106 nixos/samba: migrate to structural settings (RFC42) 2024-09-06 17:53:22 +02:00
github-actions[bot]
bd4b5a5be6
Merge master into staging-next 2024-09-06 12:05:08 +00:00
ajs124
54604767a2
remove myself from maintainer list of packages I don't use anymore (#339910) 2024-09-06 13:05:55 +02:00
OPNA2608
132b5ce9d3 nixos/lomiri: Add bluetooth indicator 2024-09-06 12:08:10 +02:00
github-actions[bot]
6802206bcc
Merge master into staging-next 2024-09-06 06:04:31 +00:00
Kier Davis
3732e94603
maintainers: remove kierdavis 2024-09-06 07:01:02 +01:00
Yt
fcc6387b76
nixos/stalwart-mail: package and configure webadmin (#314820) 2024-09-06 01:03:27 +00:00
github-actions[bot]
25ef10109d
Merge master into staging-next 2024-09-06 00:13:20 +00:00
Nick Cao
8edc668914
matrix: migrated links to new element-hq org (#339817) 2024-09-05 15:56:44 -04:00
Martin Weinelt
cd601fe2ed
matrix-appservice-irc: 2.0.1 -> 3.0.0 (#339603) 2024-09-05 20:08:28 +02:00
github-actions[bot]
769b11176d
Merge master into staging-next 2024-09-05 18:03:49 +00:00
Philip Taron
9c5c04ca43
nixos/services.ceph: remove with lib; (#339093) 2024-09-05 10:38:52 -07:00
paumr
0088e7d130 matrix: migrated links to new element-hq org 
The vector-im GitHub organisation has been renamed to element-hq:
1d586281f0/profile/README.md
 2024-09-05 16:40:06 +02:00
github-actions[bot]
37c947df6c
Merge master into staging-next 2024-09-05 12:05:31 +00:00
K900
1e41473cf0
nixos/orca: init, enable by default on Plasma (#339069) 2024-09-05 14:01:33 +03:00
K900
5a4ee0a587 nixos/pantheon: switch to Orca module 2024-09-05 11:52:53 +03:00
K900
69d2dc4d43 nixos/gnome: switch to Orca module 2024-09-05 11:52:53 +03:00
K900
029879164d nixos/cinnamon: switch to Orca module 2024-09-05 11:48:46 +03:00
Ryan Horiguchi
737d1ffb22 netdata: 1.46.1 -> 1.47.0 2024-09-05 10:19:35 +02:00
K900
cda3c82d92 nixos/plasma5: enable Orca by default 2024-09-05 10:55:34 +03:00
K900
0f03350dc9 nixos/plasma6: enable Orca by default 2024-09-05 10:55:34 +03:00
K900
64da401049 nixos/orca: init very simple module 2024-09-05 10:55:34 +03:00
Jonas Heinrich
880bd89c4d nixos/stalwart-mail: package and configure webadmin 2024-09-05 08:33:58 +02:00
github-actions[bot]
b00b35b402
Merge master into staging-next 2024-09-05 06:04:41 +00:00
Vivek Revankar
15b474ae05 nixos/endlessh-go: allow overriding package 
allow overriding the endlessh-go package used in the service
 2024-09-04 22:28:54 -07:00
Vivek
17a46028b9 nixos/endlessh-go: fix firewall bugs 
this change fixes 2 major bugs in the endlessh-go service's firewall options:

1. prometheus port unexpectedly allowed through firewall (services.endlessh-go.openFirewall)

the description of the option is "Whether to open a firewall port for the SSH listener." however as we can see, both the ssh listener AND the prometheus listener have their ports opened. this is especially troublesome because endlessh-go (i guess as an artifact of being developed for docker) defaults the prometheus listener to 0.0.0.0.

2. the prometheus port unexpectedly allowed through firewall when prometheus is disabled (services.endlessh-go.prometheus.enable)

even when prometheus is disabled, its port is allowed through the firewall
 2024-09-04 20:32:47 -07:00
rewine
0daec7844f
deepin desktop environment: 2024.09 update (#338402) 2024-09-05 10:08:27 +08:00
github-actions[bot]
74cdd9c9b1
Merge master into staging-next 2024-09-05 00:13:11 +00:00
Felix Bühler
d7ed3794f0
nixos/services.unpoller: remove with lib; (#339094) 2024-09-04 23:52:53 +02:00
Emily
42e6ee04b1
nixos/*: use pipewire by default (#339209) 2024-09-04 22:42:18 +01:00
Martin Weinelt
d3df411913
nixos/matrix-appservice-irc: media proxying support 
Adds required options for serving authenticated media and the key
generation logic.
 2024-09-04 21:05:50 +02:00
github-actions[bot]
563bb0fbc2
Merge master into staging-next 2024-09-04 18:04:23 +00:00
Philip Taron
271d117596
treewide: fix eval related to with lib; removal (#339356) 2024-09-04 09:42:58 -07:00
Maciej Krüger
bf757cefa9
Revert "nixos/firewall: fix reverse path check failures with IPsec" (#339393) 2024-09-04 18:39:17 +02:00
éclairevoyant
f6306c0961
treewide: fix eval related to with lib; removal 2024-09-04 12:21:09 -04:00
Aleksana
43aabb266d
nixos/github-runner: fix build failure (#339452) 2024-09-04 22:15:57 +08:00
github-actions[bot]
4be617cf77
Merge master into staging-next 2024-09-04 12:06:17 +00:00
K900
e90bac5a65 nixos/plasma5: clean up pulseaudio-related things 2024-09-04 13:56:51 +03:00
K900
5a0ceb9243 nixos/pantheon: don't enable Pulseaudio 2024-09-04 13:56:50 +03:00
K900
c6777a9dd8 nixos/lomiri: don't enable Pulseaudio 2024-09-04 13:56:50 +03:00
K900
2ed8e5f614 nixos/gnome: don't enable Pulseaudio 2024-09-04 13:56:42 +03:00
K900
8c2dd1b1be nixos/deepin: don't enable Pulseaudio 2024-09-04 13:56:42 +03:00
K900
6bd9daa1c6 nixos/cinnamon: don't enable Pulseaudio 2024-09-04 13:56:42 +03:00
K900
80a7f7effd nixos/budgie: don't enable Pulseaudio 2024-09-04 13:56:42 +03:00
K900
438fd16359 nixos/graphical-desktop: enable Pipewire audio by default 2024-09-04 13:56:42 +03:00
Kerstin Humm
21ac7729ae nixos/weblate: add borgbackup to path 2024-09-04 12:54:31 +02:00
Florian Agbuya
1032b5fa95 flarum: disable automatic DB creation 2024-09-04 16:33:30 +08:00
Florian Agbuya
249dacfaa8 flarum: fix flarum directory permissions 2024-09-04 16:33:18 +08:00
Doron Behar
024357143a
nixos/samba: add mount.cifs +s wrapper (#328901) 2024-09-04 07:55:39 +00:00
Sirio Balmelli
dc700df6b2
nixos/github-runner: fix build failure 
Shellcheck complains:

       > args=(
       >      ^-- SC2054 (warning): Use spaces, not commas, to separate array elements.

Add a comment disabling shellcheck in this case and annotating why.

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
 2024-09-04 09:20:11 +02:00
K900
23b4832da0 Merge remote-tracking branch 'origin/master' into staging-next 2024-09-04 08:53:48 +03:00
rewine
29d62536b9 deepin.nix: install dde-api-proxy 2024-09-04 10:16:56 +08:00
rewine
60348797ee deepin.dde-dock: remove 2024-09-04 10:16:54 +08:00
Sachi King
361fde84f9 Revert "nixos/firewall: fix reverse path check failures with IPsec" 
The inclusion of the "meta ipsec" rule in the default reverse path
filtering breaks systems not built with specific XFRM kernel config
options.  Specifically CONFIG_XFRM must be set, which gets selected
by CONFIG_NFT_XFRM, which is hidden behind CONFIG_XFRM_USER.

These options are not selected by default in most defconfig's provided
by the kernel with the exception of some device-specific defconfigs.

These options are not set by the nix kernel common_config, and I would
argue that IPSec support does not belong in a minimal kernel as that
elevates its support status above other in-kernel VPN interfaces.

The contributor of this feature does not seem interested in working
towards a solution that does not break systems running kernels built
with "autoModules = false" while supporting this feature, and as this
silently breaks firewalls into an insecure state and poses an immediate
security issue I propose this be reverted until a solution that does not
break such systems is proposed.
https://github.com/NixOS/nixpkgs/pull/310857#discussion_r1742834970

Devices used as firewalls, if they do not have the required kernel
config, will fail to load the new firewall rules and will upon boot pass
traffic without any filtering into the internal network.

Devices exposed directly to the internet, after reboot, will boot
without filtering potentially exposing services not intended to be
exposed to the internet, such as databases.

The following platforms in nixpkgs appear to be impacted:
 - pc_simplekernel
 - pogoplug4
 - sheevaplug
 - zero-gravitas
 - zero-sugar
 - utilite
 - guruplug
 - beaglebone
 - fuloong2f_n32

References to hardware without autoModules can be found in
nixos-hardware, as well as in active third-party repos on github.

I suspect there are other users impacted that do not have their configurations
public, as autoModules = true leads to long compile times when targeting
kernels to less standard hardware or hardware with quirks that require
patches that cannot be upstreamed.

This reverts commit 3c12ef3f21.
 2024-09-04 11:51:15 +10:00
Philip Taron
9e244d3d92
nixos/services.factorio: fix escapeShellArg (#339115) 2024-09-03 13:32:36 -07:00
Maximilian Bosch
6cc3e274c9
prometheus-openldap-exporter: remove (#338824) 2024-09-03 19:57:31 +02:00
Philip Taron
7f1830f117
nixos/services.thinkfan: fix undefined variables (#338951) 2024-09-03 09:18:28 -07:00
Maximilian Bosch
40012de7de
mautrix-signal: 0.6.3 -> 0.7.0 (#337534) 2024-09-03 17:18:01 +02:00
Aleksana
43b54f4834
nixos/services.bees: Fix evaluation (#339185) 2024-09-03 20:36:36 +08:00
github-actions[bot]
9b619f2f77
Merge master into staging-next 2024-09-03 12:05:18 +00:00
Bruno BELANYI
4d1e8c93a6
nixos/prowlarr: set HOME for the service (#317554) 2024-09-03 11:08:10 +01:00
Sandro
3bd4ec61c2
nixos/stargazer: module bug fix and hardening (#294795) 2024-09-03 11:56:05 +02:00
Benno Bielmeier
b8c7d88784 nixos/services.thinkfan: fix undefined variables 
In d9dc50dc11 the usage of `with lib;` has
been removed from thinkfan.nix. Unfortunately, adjusting the check line
and its usage of the functions all,id,zipListsWith has not been updated
resulting in evaluation errors complaining about "undefined variable".
Update: partly covered in 0646a0771b of #339084

rel: #208242
 2024-09-03 10:42:28 +02:00
r-vdp
20291241fd
wstunnel: the ping frequency can now also be configured for the server 
See: https://github.com/erebe/wstunnel/pull/338
 2024-09-03 10:38:43 +02:00
Pol Dellaiera
930e12b9e8
nixos/services.openssh: remove with lib; (#339092) 2024-09-03 10:18:32 +02:00
Christina Sørensen
ed1dc0d441
nixos/kubernetes: amend dns addon clusterDns list (#338801) 2024-09-03 09:01:25 +02:00
github-actions[bot]
b7b46e40c2
Merge master into staging-next 2024-09-03 06:04:33 +00:00
Emily
2419b85a5e
nixos/syncplay: add missing options (#338579) 2024-09-03 04:36:51 +01:00
Assistant
8119ec6478 nixos/syncplay: add missing options 
Exposes all currently available command-line arguments that were
missing, including some that were impossible to use with the catch-all
option `extraArgs` alone, requiring changes to other parts of the
system.
Those are now all self-contained in the module.
The service now uses systemd's `DynamicUsers`.
 2024-09-02 22:26:11 -04:00
Bernardo Meurer
fc13b0acdb
Merge branch 'master' into add-rutorrent-service 2024-09-03 01:18:16 +00:00
github-actions[bot]
a07f612219
Merge master into staging-next 2024-09-03 00:13:11 +00:00
Felix Buehler
e1281c7a9d nixos/services.factorio: fix escapeShellArg 2024-09-02 23:47:15 +02:00
Felix Buehler
5f8696e39c nixos/services.openssh: remove with lib; 2024-09-02 22:31:36 +02:00
Felix Buehler
31c38324dd nixos/services.ceph: remove with lib; 2024-09-02 22:30:59 +02:00
Felix Buehler
f57a188819 nixos/services.unpoller: remove with lib; 2024-09-02 22:30:26 +02:00
Felix Buehler
4f6d325a8a nixos/services.graphite: remove with lib; 2024-09-02 22:29:51 +02:00
Felix Buehler
d37789ce5d nixos/services.taskserver: remove with lib; 2024-09-02 22:29:22 +02:00
Felix Buehler
3687224301 nixos/services.snapper: remove with lib; 2024-09-02 22:28:48 +02:00
Felix Buehler
9ed63429ab nixos/services.rippled: remove with lib; 2024-09-02 22:28:20 +02:00
Felix Buehler
11dd437b65 nixos/services.radicle: remove with lib; 2024-09-02 22:27:51 +02:00
Felix Buehler
cd7695ae97 nixos/services.portunus: remove with lib; 2024-09-02 22:27:08 +02:00
Felix Buehler
f51cd10816 nixos/services.borgbackup: remove with lib; 2024-09-02 22:26:34 +02:00
Felix Buehler
60e8c03c9b nixos/services.snapserver: remove with lib; 2024-09-02 22:25:44 +02:00
Felix Bühler
1f34eeb672
nixos/services.thinkfan: fix all & id (#339084) 2024-09-02 22:21:06 +02:00
Felix Bühler
8dd85c637c
nixos/services.zammad: remove with lib; (#338051) 2024-09-02 21:42:59 +02:00
Felix Buehler
0646a0771b nixos/services.thinkfan: fix all & id 2024-09-02 21:12:56 +02:00
Frédéric Christ
aab2bd233c nixos/mautrix-signal: Adapt to new configuration 
With mautrix-signal v0.7.0 the bridge is built upon the bridgev2
architecture. With this, the configuration file was slightly rearranged.
Options like login_shared_secret_map and double_puppet_server_map were
dropped.
 2024-09-02 20:47:10 +02:00
Frédéric Christ
e38c90b7c9 nixos/mautrix-signal: Reformat code 2024-09-02 20:40:36 +02:00
Aaron Andersen
5e8cc27962 nixos/openvpn: add extraArgs option 2024-09-02 09:49:02 -04:00
Zhong Jianxin
422ae9928a nixos/services.bees: Fix evaluation 
```
error: undefined variable 'mod'
```
 2024-09-02 19:23:52 +08:00
github-actions[bot]
d834278999
Merge master into staging-next 2024-09-02 00:13:57 +00:00
Felix Bühler
06aee405da
nixos/services.neo4j: remove with lib; (#338049) 2024-09-01 20:52:52 +02:00