nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-28 01:43:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
680,201 Commits 241 Branches 124 Tags 7.9 GiB
b94f259714
Commit Graph

522 Commits

Author SHA1 Message Date
Azat Bahawi
3f2297f073
nixos/endlessh-go: fix firewall bugs (#339701) 2024-09-07 10:22:25 +00:00
Vivek Revankar
15b474ae05 nixos/endlessh-go: allow overriding package 
allow overriding the endlessh-go package used in the service
 2024-09-04 22:28:54 -07:00
Vivek
17a46028b9 nixos/endlessh-go: fix firewall bugs 
this change fixes 2 major bugs in the endlessh-go service's firewall options:

1. prometheus port unexpectedly allowed through firewall (services.endlessh-go.openFirewall)

the description of the option is "Whether to open a firewall port for the SSH listener." however as we can see, both the ssh listener AND the prometheus listener have their ports opened. this is especially troublesome because endlessh-go (i guess as an artifact of being developed for docker) defaults the prometheus listener to 0.0.0.0.

2. the prometheus port unexpectedly allowed through firewall when prometheus is disabled (services.endlessh-go.prometheus.enable)

even when prometheus is disabled, its port is allowed through the firewall
 2024-09-04 20:32:47 -07:00
TheRealGramdalf
5a1e877394 nixos/kanidm: fix systemd service type 2024-08-26 18:05:32 +00:00
TheRealGramdalf
8f18393d38 nixos/kanidm: inherit lib, nixfmt 2024-08-26 18:01:58 +00:00
Franz Pletz
39c0d9f53d
Merge pull request #336896 from tomodachi94/enhance/nixos/clamav/systemd-slices 2024-08-25 01:45:27 +02:00
Tomodachi94
695b1c874d
nixos/clamav: add system-clamav.slice 
Tracking: https://github.com/NixOS/nixpkgs/issues/279915
 2024-08-23 17:09:11 -07:00
oddlama
aa6cbcbf09
nixos/kanidm: run nixfmt-rfc-style 2024-08-23 20:55:03 +02:00
oddlama
391d05ce95
nixos/kanidm: update provisioning to allow multiple origin urls 2024-08-23 20:46:53 +02:00
oddlama
558fa6abc6
nixos/kanidm: add provisioning of groups, persons and oauth2 systems 2024-08-16 14:12:35 +02:00
K900
2cd35e2b45 nixos/vaultwarden: fix eval 2024-08-07 09:42:01 +03:00
Sandro
5d43833452
Merge pull request #325861 from Scrumplex/nixos/vaultwarden/fix-backup-24.11 2024-08-06 14:02:56 +02:00
Jörg Thalheim
5356420466 treewide: remove unused with statements from maintainer lists 
$ find -type f -name '*.nix' -print0 | xargs -P "$(nproc)" -0 sed -i \
  -e 's!with lib.maintainers; \[ *\];![ ];!' \
  -e 's!with maintainers; \[ *\];![ ];!'
 2024-07-29 10:06:20 +08:00
Nicolas Mémeint
1ceb55d4b9 nixos/authelia: Remove options incompatible with new settings 
- Remove settings.server.{host,port} options
  - Replaced by settings.server.address
  - If any of settings.server.{host,port,path} are specified in the
    configuration, a warning is displayed and these values will be used
    instead of settings.server.address

- Change what secrets.oidcIssuerPrivateKeyFile maps to
  - Previously: AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE
  - Now: identity_providers.oidc.jwks[0].key
    - Not done directly in the NixOS settings config but as a separate
      YAML config file
    - Done that way because Go templates are not correctly handled by
      the YAML generator (#319716)

- Change secrets.jwtSecretFile env variable mapping
  - Previously: AUTHELIA_JWT_SECRET_FILE
  - Now: AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE
 2024-07-17 17:26:46 +02:00
Sefa Eyeoglu
1d5188b3b4
nixos/vaultwarden: assert valid backupDir path 
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
 2024-07-14 19:54:27 +02:00
mib
8eac966310 nixos/clamav: add package option 2024-07-10 00:00:01 +02:00
Michael Weiss
10cbea2905
nixos/monetdb, nixos/sks: remove primeos from maintainers (#277366) 
Remove myself as maintainer from modules that I don't use anymore
 2024-07-04 18:17:43 +02:00
Jasper Woudenberg
71e88077ca maintainers: remove jwoudenberg 2024-07-02 01:35:17 +02:00
Sandro
33f83c6252
Merge pull request #316977 from eclairevoyant/fix-mkEnableOption 
treewide: fix mkEnableOption usage
 2024-06-25 22:42:16 +02:00
Sandro
5b0ea759a7
Merge pull request #318347 from caffineehacker/vaultwarden_backup 
nixos/vaultwarden: backup all rsa_keys
 2024-06-25 22:37:56 +02:00
P.
7e1ff7bd73
treewide: remove wolfangaukang as maintainer 2024-06-22 07:03:16 -06:00
Moritz Hedtke
ca0a8eb9a8 nixos/step-ca: remove mohe2015 as maintainer 2024-06-21 12:40:08 +02:00
Enno Richter
d14a54fcef
nixos/oauth2-proxy: prevent redirect loop when running on single domain (#319305) 2024-06-18 11:26:00 +02:00
Sandro
ca4f0becf9
nixos/oauth2-proxy: restart service when keyFile option changes (#320325) 2024-06-16 22:23:14 -04:00
Tim Waterhouse
72406a54e7
nixos/vaultwarden: backup all rsa_keys 
The official documentation mentions rsa_key* as what should be backed up (https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#the-rsa_key-files). My particular install has rsa_key.pem and rsa_key.pub.pem so the existing command fails when trying to copy rsa_key.der. This change better aligns with the official documentation.
 2024-06-15 20:49:59 -07:00
Martin Weinelt
be53df7236
nixos/vaultwarden: harden systemd unit 
Drops the capability to bind to privileged ports.
 2024-06-16 01:33:12 +02:00
Martin Weinelt
d8c8faf8c3
nixos/vaultwarden: update state directory name 
Align the state directory name with the module name based on the
system state version.
 2024-06-16 00:23:14 +02:00
éclairevoyant
7d8742da87
treewide: fix mkEnableOption usage 2024-06-14 02:41:42 -04:00
K900
69aa70cddf
Merge pull request #307766 from SuperSandro2000/oauth2-proxy-fix-headers 
nixos/oauth2_proxy_nginx: fix proxy_set_header
 2024-05-24 10:48:07 +03:00
Sandro
d836a3e678
Merge pull request #307499 from SuperSandro2000/bwdc-network-online 
nixos/bitwarden-directory-connector-cli: add dependsOn network-online…
 2024-05-23 20:47:05 +02:00
Sandro Jäckel
f221b4f5f5
nixos/oauth2_proxy_nginx: fix proxy_set_header 2024-05-23 16:34:37 +02:00
Jade Lovelace
f05ecf16e6
Merge pull request #250638 from benley/keycloak-systemd-notify 
nixos/keycloak: Add systemd startup notification
 2024-05-15 14:13:20 -07:00
Benjamin Staffin
b45bb628ea nixos/oauth2_proxy: Conditionally depend on keycloak.service 
Co-Authored-By: Jade Lovelace <software@lfcode.ca>
 2024-05-15 14:10:26 -07:00
oddlama
58286e510c
nixos/oauth2-proxy: fix invalid comparison between list and attrset 2024-05-09 16:58:33 +02:00
Niklas Hambüchen
8907c1017d
Merge pull request #309424 from NixOS/ReadWriteDirectories-ReadWritePaths 
nixos/{zoneminder,caddy,traefik}: ReadWriteDirectories -> ReadWritePaths
 2024-05-07 01:13:06 +02:00
Niklas Hambüchen
9d7a729277 treewide: ReadWriteDirectories -> ReadWritePaths. 
These were renamed in systemd v231:
2a624c36e6
 2024-05-07 01:06:02 +02:00
Bernardo Meurer
7c87bee77b
nixos/oauth2-proxy: fix missing lib. 2024-05-06 14:05:17 -04:00
Sandro
bafcff9b15
Merge pull request #273233 from SuperSandro2000/oauth2-proxy 
nixos/oauth2-proxy{,-nginx}: renamed from oauth2_proxy, also renamed the servi…
 2024-05-02 09:48:01 +02:00
Lynn
e654c8fd67 nixos/vault: change type and default of devRootTokenID 
Previously you needed to set an devRootTokenID when dev=true despite the option being optional
Caused by wrong default value and not allowing null as value
 2024-05-01 16:33:55 +02:00
Sandro Jäckel
e4de1c0b19
nixos/bitwarden-directory-connector-cli: add wants network-online.target 
This fixes the following warning:

trace: warning: bitwarden-directory-connector-cli.timer is ordered after 'network-online.target' but doesn't depend on it
 2024-04-28 23:46:42 +02:00
Sandro Jäckel
a19b4b84b0
nixos/oauth2-proxy{,-nginx}: remove with lib 2024-04-28 20:50:23 +02:00
Sandro Jäckel
34f87f3981
nixos/oauth2-proxy{,-nginx}: renamed from oauth2_proxy, also renamed the service, user, group 2024-04-28 20:50:23 +02:00
K900
d85147ead0 nixos/oauth2_proxy_nginx: fix URL escaping 2024-04-27 15:00:42 +03:00
K900
ea525d3d11 nixos/oauth2_proxy_nginx: allow passing parameters to auth endpoint 2024-04-26 15:48:40 +03:00
networkException
3dd970f993
nixos/vaultwarden: drop outdated ownership requirements for environmentFile (#304825) 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2024-04-24 15:19:33 +02:00
Sandro
a3739c2563
Merge pull request #303224 from 0z13/oauth2_proxy-add-issuer-url 
nixos/oauth2_proxy: add oidc-issuer-url flag
 2024-04-21 19:49:59 +02:00
Jonathan Zielinski
87bbc5fbbe nixos/oauth2_proxy: add oidc-issuer-url flag 2024-04-18 15:20:53 +00:00
Sandro Jäckel
a911604762
nixos/oauth2-proxy-nginx: lift auth_request to http block 
With this change now all location blocks are protected by oauth2-proxy
and not only /
 2024-04-17 23:11:49 +02:00
stuebinm
6afb255d97 nixos: remove all uses of lib.mdDoc 
these changes were generated with nixq 0.0.2, by running

  nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
  nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
  nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix

two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.

Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
 2024-04-13 10:07:35 -07:00
Sandro
550f705f42
Merge pull request #301392 from McSinyx/yubi-pinentry-doc 2024-04-09 10:54:22 +02:00