Commit Graph

530 Commits

Author SHA1 Message Date
Jenny
b769f673e7
nixos/authelia: start after network-online.target (#353542) 2024-11-08 09:00:14 +01:00
ThinkChaos
c5450fcb4b
nixos/authelia: start after network-online.target 2024-11-07 20:24:05 -05:00
Patrick
abeafd2a72
nixos/kanidm: allow not setting bindaddress 2024-11-05 13:53:58 +01:00
Aleksana
28efd5780e
nixos/oauth2-proxy: fix display-htpasswd-form flag name (#347287) 2024-10-28 21:14:58 +08:00
Kerstin Humm
b12bcabd24
maintainers: remove erictapen from packages that I don't really maintain anymore 2024-10-22 12:32:29 +02:00
Enno Richter
1c01774e61 nixos/oauth2-proxy: fix display-htpasswd-form flag name 2024-10-08 16:25:00 +02:00
Bjørn Forsman
48908e5b86 nixos: improve systemd slice names
Following
https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Description=,
update slice names to be short, descriptive and capitalized.
2024-10-02 20:24:13 +02:00
hatch01
abc51d1654
nixos/authelia: complete level enum 2024-09-18 23:34:21 +02:00
Azat Bahawi
3f2297f073
nixos/endlessh-go: fix firewall bugs (#339701) 2024-09-07 10:22:25 +00:00
Vivek Revankar
15b474ae05 nixos/endlessh-go: allow overriding package
allow overriding the endlessh-go package used in the service
2024-09-04 22:28:54 -07:00
Vivek
17a46028b9 nixos/endlessh-go: fix firewall bugs
this change fixes 2 major bugs in the endlessh-go service's firewall options:

1. prometheus port unexpectedly allowed through firewall (services.endlessh-go.openFirewall)

the description of the option is "Whether to open a firewall port for the SSH listener." however as we can see, both the ssh listener AND the prometheus listener have their ports opened. this is especially troublesome because endlessh-go (i guess as an artifact of being developed for docker) defaults the prometheus listener to 0.0.0.0.

2. the prometheus port unexpectedly allowed through firewall when prometheus is disabled (services.endlessh-go.prometheus.enable)

even when prometheus is disabled, its port is allowed through the firewall
2024-09-04 20:32:47 -07:00
TheRealGramdalf
5a1e877394 nixos/kanidm: fix systemd service type 2024-08-26 18:05:32 +00:00
TheRealGramdalf
8f18393d38 nixos/kanidm: inherit lib, nixfmt 2024-08-26 18:01:58 +00:00
Franz Pletz
39c0d9f53d
Merge pull request #336896 from tomodachi94/enhance/nixos/clamav/systemd-slices 2024-08-25 01:45:27 +02:00
Tomodachi94
695b1c874d
nixos/clamav: add system-clamav.slice
Tracking: https://github.com/NixOS/nixpkgs/issues/279915
2024-08-23 17:09:11 -07:00
oddlama
aa6cbcbf09
nixos/kanidm: run nixfmt-rfc-style 2024-08-23 20:55:03 +02:00
oddlama
391d05ce95
nixos/kanidm: update provisioning to allow multiple origin urls 2024-08-23 20:46:53 +02:00
oddlama
558fa6abc6
nixos/kanidm: add provisioning of groups, persons and oauth2 systems 2024-08-16 14:12:35 +02:00
K900
2cd35e2b45 nixos/vaultwarden: fix eval 2024-08-07 09:42:01 +03:00
Sandro
5d43833452
Merge pull request #325861 from Scrumplex/nixos/vaultwarden/fix-backup-24.11 2024-08-06 14:02:56 +02:00
Jörg Thalheim
5356420466 treewide: remove unused with statements from maintainer lists
$ find -type f -name '*.nix' -print0 | xargs -P "$(nproc)" -0 sed -i \
  -e 's!with lib.maintainers; \[ *\];![ ];!' \
  -e 's!with maintainers; \[ *\];![ ];!'
2024-07-29 10:06:20 +08:00
Nicolas Mémeint
1ceb55d4b9 nixos/authelia: Remove options incompatible with new settings
- Remove settings.server.{host,port} options
  - Replaced by settings.server.address
  - If any of settings.server.{host,port,path} are specified in the
    configuration, a warning is displayed and these values will be used
    instead of settings.server.address

- Change what secrets.oidcIssuerPrivateKeyFile maps to
  - Previously: AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE
  - Now: identity_providers.oidc.jwks[0].key
    - Not done directly in the NixOS settings config but as a separate
      YAML config file
    - Done that way because Go templates are not correctly handled by
      the YAML generator (#319716)

- Change secrets.jwtSecretFile env variable mapping
  - Previously: AUTHELIA_JWT_SECRET_FILE
  - Now: AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE
2024-07-17 17:26:46 +02:00
Sefa Eyeoglu
1d5188b3b4
nixos/vaultwarden: assert valid backupDir path
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
2024-07-14 19:54:27 +02:00
mib
8eac966310 nixos/clamav: add package option 2024-07-10 00:00:01 +02:00
Michael Weiss
10cbea2905
nixos/monetdb, nixos/sks: remove primeos from maintainers (#277366)
Remove myself as maintainer from modules that I don't use anymore
2024-07-04 18:17:43 +02:00
Jasper Woudenberg
71e88077ca maintainers: remove jwoudenberg 2024-07-02 01:35:17 +02:00
Sandro
33f83c6252
Merge pull request #316977 from eclairevoyant/fix-mkEnableOption
treewide: fix mkEnableOption usage
2024-06-25 22:42:16 +02:00
Sandro
5b0ea759a7
Merge pull request #318347 from caffineehacker/vaultwarden_backup
nixos/vaultwarden: backup all rsa_keys
2024-06-25 22:37:56 +02:00
P.
7e1ff7bd73
treewide: remove wolfangaukang as maintainer 2024-06-22 07:03:16 -06:00
Moritz Hedtke
ca0a8eb9a8 nixos/step-ca: remove mohe2015 as maintainer 2024-06-21 12:40:08 +02:00
Enno Richter
d14a54fcef
nixos/oauth2-proxy: prevent redirect loop when running on single domain (#319305) 2024-06-18 11:26:00 +02:00
Sandro
ca4f0becf9
nixos/oauth2-proxy: restart service when keyFile option changes (#320325) 2024-06-16 22:23:14 -04:00
Tim Waterhouse
72406a54e7
nixos/vaultwarden: backup all rsa_keys
The official documentation mentions rsa_key* as what should be backed up (https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#the-rsa_key-files). My particular install has rsa_key.pem and rsa_key.pub.pem so the existing command fails when trying to copy rsa_key.der. This change better aligns with the official documentation.
2024-06-15 20:49:59 -07:00
Martin Weinelt
be53df7236
nixos/vaultwarden: harden systemd unit
Drops the capability to bind to privileged ports.
2024-06-16 01:33:12 +02:00
Martin Weinelt
d8c8faf8c3
nixos/vaultwarden: update state directory name
Align the state directory name with the module name based on the
system state version.
2024-06-16 00:23:14 +02:00
éclairevoyant
7d8742da87
treewide: fix mkEnableOption usage 2024-06-14 02:41:42 -04:00
K900
69aa70cddf
Merge pull request #307766 from SuperSandro2000/oauth2-proxy-fix-headers
nixos/oauth2_proxy_nginx: fix proxy_set_header
2024-05-24 10:48:07 +03:00
Sandro
d836a3e678
Merge pull request #307499 from SuperSandro2000/bwdc-network-online
nixos/bitwarden-directory-connector-cli: add dependsOn network-online…
2024-05-23 20:47:05 +02:00
Sandro Jäckel
f221b4f5f5
nixos/oauth2_proxy_nginx: fix proxy_set_header 2024-05-23 16:34:37 +02:00
Jade Lovelace
f05ecf16e6
Merge pull request #250638 from benley/keycloak-systemd-notify
nixos/keycloak: Add systemd startup notification
2024-05-15 14:13:20 -07:00
Benjamin Staffin
b45bb628ea nixos/oauth2_proxy: Conditionally depend on keycloak.service
Co-Authored-By: Jade Lovelace <software@lfcode.ca>
2024-05-15 14:10:26 -07:00
oddlama
58286e510c
nixos/oauth2-proxy: fix invalid comparison between list and attrset 2024-05-09 16:58:33 +02:00
Niklas Hambüchen
8907c1017d
Merge pull request #309424 from NixOS/ReadWriteDirectories-ReadWritePaths
nixos/{zoneminder,caddy,traefik}: ReadWriteDirectories -> ReadWritePaths
2024-05-07 01:13:06 +02:00
Niklas Hambüchen
9d7a729277 treewide: ReadWriteDirectories -> ReadWritePaths.
These were renamed in systemd v231:
2a624c36e6
2024-05-07 01:06:02 +02:00
Bernardo Meurer
7c87bee77b
nixos/oauth2-proxy: fix missing lib. 2024-05-06 14:05:17 -04:00
Sandro
bafcff9b15
Merge pull request #273233 from SuperSandro2000/oauth2-proxy
nixos/oauth2-proxy{,-nginx}: renamed from oauth2_proxy, also renamed the servi…
2024-05-02 09:48:01 +02:00
Lynn
e654c8fd67 nixos/vault: change type and default of devRootTokenID
Previously you needed to set an devRootTokenID when dev=true despite the option being optional
Caused by wrong default value and not allowing null as value
2024-05-01 16:33:55 +02:00
Sandro Jäckel
e4de1c0b19
nixos/bitwarden-directory-connector-cli: add wants network-online.target
This fixes the following warning:

trace: warning: bitwarden-directory-connector-cli.timer is ordered after 'network-online.target' but doesn't depend on it
2024-04-28 23:46:42 +02:00
Sandro Jäckel
a19b4b84b0
nixos/oauth2-proxy{,-nginx}: remove with lib 2024-04-28 20:50:23 +02:00
Sandro Jäckel
34f87f3981
nixos/oauth2-proxy{,-nginx}: renamed from oauth2_proxy, also renamed the service, user, group 2024-04-28 20:50:23 +02:00