tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-14 19:58:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
875953 commits 213 branches 129 tags 14 GiB
Commit graph

5038 commits

Author SHA1 Message Date
Sandro Jäckel c8094c2f03
nixos/prosody: fix logged error that /etc/mime.types cannot be found 2025-08-03 21:35:30 +02:00
Sandro Jäckel d323803eee
nixos/prosody: minor formatting cleanup 2025-08-03 21:35:30 +02:00
Sandro Jäckel 4e12c9b92e
nixos/prosody: remove obsoloted http_upload and replace it with http_file_share 2025-08-03 21:35:30 +02:00
Sandro Jäckel c26ed9f391
nixos/prosody: remove vcard_muc as it has been obsoloted 
Sadly I did not find a way to use lib.mkRemovedOptionModule for this
option that did not break eval. :(
 2025-08-03 21:35:29 +02:00
Sandro Jäckel 246e3fbf0f
nixos/prosody: allow listening on port 80 
Co-authored-by: mirror230469 <215964377+mirror230469@users.noreply.github.com>
 2025-08-03 21:35:28 +02:00
Sandro Jäckel e46dcd7074
prosody: 0.12.5 -> 13.0.2, nixos/prosody: fix startup 
Co-authored-by: mirror230469 <215964377+mirror230469@users.noreply.github.com>
 2025-08-03 21:35:28 +02:00
Pavol Rusnak ffba411e71
cjdns: 21.4 -> 22.1 (#426168) 2025-08-03 11:54:24 +02:00
sternenseemann 0515216cef nixos/inspircd: sync with upstream systemd.service file 
We could in theory just re-use the upstream one, but it sets User=root
which I'm not entirely comfortable with. Instead, add the settings we
were missing from that file here. Sadly, upstream doesn't configure a
syscall filter or similar.
 2025-08-03 02:53:03 +02:00
sternenseemann 0f56042556 inspircd: 3.18.0 -> 4.7.0 
https://docs.inspircd.org/4/breaking-changes/
https://docs.inspircd.org/4/overview/

https://docs.inspircd.org/4/change-log/#inspircd-401
https://docs.inspircd.org/4/change-log/#inspircd-410
https://docs.inspircd.org/4/change-log/#inspircd-420
https://docs.inspircd.org/4/change-log/#inspircd-430
https://docs.inspircd.org/4/change-log/#inspircd-440
https://docs.inspircd.org/4/change-log/#inspircd-450
https://docs.inspircd.org/4/change-log/#inspircd-460
https://docs.inspircd.org/4/change-log/#inspircd-470

Packaging-relevant changes:

- inspircd no longer has the start subcommand, but needs to be invoked
  directly.
- New extra modules: log_syslog and log_json
- Removed extra modules: regex_tre, regex_pcre, ssl_mbedtls
  You probably should not use them anymore, but they can be
  obtained via the module manager in theory — though I doubt it works
  with Nix (another item for the todo list, I guess):
  https://docs.inspircd.org/4/module-manager/
 2025-08-03 02:53:03 +02:00
jaredmontoya 25750b264d nixos/i2pd: add ssu2 options 2025-08-02 22:46:40 +02:00
Aleksana 5f4f85bb00
nixos/cgit: use alias option for assets (#390448) 2025-08-01 23:24:46 +08:00
Sandro Jäckel a5e26447d7
nixos/prosody: fix empty config check output, fix some errors which are not fatal 2025-08-01 05:17:37 +02:00
Sandro Jäckel e2e3e77ab0
nixos/prosody: add config check option 2025-08-01 04:10:49 +02:00
Sandro Jäckel 8c9a0efe30
nixos/prosody: deadnix, remove extra new lines, minor cleanup 2025-08-01 03:12:29 +02:00
Benedikt von Blomberg 4f6691c9ff nixos/ddclient: added assertions for passwordFile and secretsFile 
nix fmt
 2025-07-29 15:17:35 +02:00
Benedikt von Blomberg 38a03fc480 nixos/services.ddclient: make username optional 2025-07-29 15:17:35 +02:00
Benedikt von Blomberg a1ed19f38d nixos/services.ddclient: add secretsFile option 2025-07-29 15:17:35 +02:00
Axel Karjalainen d634694bdd nixos/cgit: use alias option for assets 
This makes it easier to replace an asset by just setting the Nginx
virtual host's `locations."= robots.txt".alias`. Previously you had to
either replace the extraConfig with mkForce or clear it and use the
`alias` option.
 2025-07-29 15:20:24 +03:00
Martin Weinelt 5dd6d1d43b
kea: 2.6.3 -> 3.0.0 (#428872) 2025-07-29 03:51:17 +02:00
Martin Weinelt 66e035f411
kea: 2.6.3 -> 3.0.0 
https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes/release-notes-3.0.0
 2025-07-29 03:43:54 +02:00
Amadej Kastelic 7476494b3b
nixos/cjdns: update for cjdns 22.1 compatibility 2025-07-27 15:28:40 +02:00
Ryan Horiguchi 51b0961214 nixos/dnsmasq: add config option to retrive config file path 2025-07-27 00:49:28 +02:00
Sandro a9b0143df6
speedify: init at 15.6.4-12495 (#415937) 2025-07-26 13:20:51 +02:00
Sandro ce6b0611ca
searxng: 0-unstable-2025-07-16 -> 0-unstable-2025-07-18 (#426391) 2025-07-26 02:21:09 +02:00
Philip Taron d392f98f00
services.openssh: use notify-reload for sshd (#427620) 2025-07-25 16:02:49 -07:00
Martin Weinelt fde8885198
kea: 2.6.2 -> 2.6.3 
https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt

https://kb.isc.org/docs/cve-2025-32801
https://kb.isc.org/docs/cve-2025-32802
https://kb.isc.org/docs/cve-2025-32803

Fixes: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803
 2025-07-25 14:12:39 +02:00
Zahrun 1c26e0e7a9 speedify: init at 15.6.4-12495 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
Co-authored-by: emaryn <197520219+emaryn@users.noreply.github.com>
 2025-07-25 15:54:44 +05:30
Sandro Jäckel 04e7d4607d
searxng: 0-unstable-2025-07-16 -> 0-unstable-2025-07-18 2025-07-24 22:55:01 +02:00
Wolfgang Walther 5a0711127c
treewide: run nixfmt 1.0.0 2025-07-24 13:55:40 +02:00
Wolfgang Walther 62fe016519
treewide: run treefmt with mdcr/nixfmt 2025-07-24 13:52:31 +02:00
Wolfgang Walther 6c47e7d5da
treewide: fix syntax errors in nix code blocks 
Fixes all code blocks with "nix" language in markdown files for syntax
errors to be able to run nixfmt in the next step.
 2025-07-24 13:52:29 +02:00
Michele Guerini Rocco 2e7f98d013
nixos/searx: use envsubst instead of sed for reading environment variables (#419149) 2025-07-23 22:21:01 +02:00
ssoss edadf6cc0f services.openssh: use notify-reload for sshd 2025-07-23 01:24:58 +00:00
mivorasu d80ed4cb91 treewide: conform descriptions to the standards 
Co-authored-by: Pol Dellaiera <pol.dellaiera@protonmail.com>
 2025-07-22 23:44:23 +00:00
Moonsn 99e4bf5792
nixos/tailscale-derper: add enableNginx option to make nginx optional (#425734) 2025-07-22 23:45:10 +02:00
Vladimír Čunát 998f38e992
nixos/kresd: don't explicitly set group id (#413360) 2025-07-22 13:49:53 +02:00
Matthew Croughan 530db85404
nixos/atalkd: init (#425554) 2025-07-21 18:29:33 +01:00
matthewcroughan 75929b4612 nixos/atalkd: init 2025-07-21 18:16:26 +01:00
Andrey Albershteyn 13a041b174 headscale: support PKCE verifier 
The headscale 0.24.0 introduced support for PKCE verifier. Add options
to set these parameters in the config.
 2025-07-21 16:48:18 +02:00
Marie Ramlow f0e5db7021 nixos/g3proxy: run proxy with --systemd --control-dir %t/g3proxy 2025-07-20 01:35:21 +02:00
Sean Behan ca88da9ce3
nixos/searx: use envsubst instead of sed for reading environment variables 
- use envsubst instead of sed for reading in environment variables
- update usage examples
- add release notes
 2025-07-18 15:51:03 +02:00
Aleksana 03b3a97679
nixos/newt: init (#414337) 2025-07-18 19:07:59 +08:00
Glen Huang 9d50f2dd2f nixos/dnsmasq: make dnsmasq --test test the config file 
Currently it's testing an empty configuration
 2025-07-17 20:30:39 +08:00
jack 9501130c38 nixos/newt: init 2025-07-17 13:04:13 +02:00
Sandro Jäckel 11ba4eb03e
searxng: 0-unstable-2025-07-08 -> 0-unstable-2025-07-16 2025-07-16 21:07:45 +02:00
Sandro Jäckel 3e32a1a27c
nixos/searx: move faviconcache to /var/cache 2025-07-15 17:41:15 +02:00
Sandro Jäckel 1d42336757
nixos/searx: don't delete /run/searx/ on init service restarts 2025-07-15 17:41:14 +02:00
Sandro Jäckel 8e34970572
nixos/searx: restart uwsgi when searx changes 2025-07-15 17:41:13 +02:00
Sandro Jäckel e626de7d9a
nixos/searx: add configureNginx setting to automatically configure nginx with uwsgi over a socket 2025-07-15 17:41:12 +02:00
Sandro Jäckel fe8e665cc3
nixos/searx: fix lsp findings 2025-07-15 17:41:12 +02:00
Sandro Jäckel d88324eff3
nixos/searx: match maintainers with searxng package 2025-07-15 17:41:11 +02:00
Sandro Jäckel 7e7377e043
nixos/searx: cleanup, sort config 2025-07-15 17:41:11 +02:00
Sandro Jäckel 681b727dc6
nixos/searx: rename runInUwsgi to configureUwsgi 2025-07-15 17:41:10 +02:00
Sandro Jäckel 3497e6a8af
nixos/searx: drop searx compatibility 2025-07-15 17:41:10 +02:00
Aleksana c19390a96d
nixos/pihole-ftl: fix openFirewall ports (#424348) 2025-07-15 10:51:41 +08:00
NullCube 8af12908c2 nixos/anubis: add missing botPolicy option implementation 2025-07-14 08:49:32 -07:00
nixpkgs-ci[bot] 8287b2917e
Merge master into staging-next 2025-07-12 18:05:06 +00:00
Wolfgang Walther 4bfecfb345
r53-ddns: 1.1.0 -> 1.3.0 (#405048) 2025-07-12 17:18:18 +00:00
Patrick Gehrsitz 9da74b34fe
nixos/pihole-ftl: add openFirewallDNS to docs example 2025-07-11 17:32:21 +02:00
Patrick Gehrsitz 4883f43d36
nixos/pihole-ftl: add openFirewallDNS ports 2025-07-11 17:19:58 +02:00
Patrick Gehrsitz 1536ddeea9
nixos/pihole-ftl: fix openFirewallDHCP ports 2025-07-11 17:18:22 +02:00
K900 77e81dbfc2 Merge remote-tracking branch 'origin/master' into staging-next 2025-07-11 09:24:31 +03:00
Michele Guerini Rocco bcb3614b35
nixos/syncthing: get systemd units from cfg.package & install syncthing command and man page (#422094) 2025-07-11 00:01:02 +02:00
nixpkgs-ci[bot] dc26f5f38f
Merge master into staging-next 2025-07-08 06:06:09 +00:00
Franz Pletz b1c964b557
nixos/tests/chrony: graphene-hardened works without mlock 
Fix #423330. Broken by #416715.
 2025-07-08 01:44:35 +02:00
nixpkgs-ci[bot] 07ab953baa
Merge master into staging-next 2025-07-06 16:43:42 +00:00
Michele Guerini Rocco c2287094ea
nixos/searx: move network.target from wantedBy to after (#422924) 2025-07-06 17:00:46 +02:00
nixpkgs-ci[bot] 60677469ef
Merge master into staging-next 2025-07-06 12:06:26 +00:00
provokateurin bcc1b762e9
nixos/searx: move network.target from wantedBy to after 
In 623664e84f this part was refactored,
however network.target does not make sense in wantedBy and must be part of after.
 2025-07-06 13:49:15 +02:00
Jaco Malan 1fb02bc8f9
nixos/monero: add environmentFile option 2025-07-06 10:33:44 +02:00
nixpkgs-ci[bot] 61be326d8b
Merge master into staging-next 2025-07-05 18:05:00 +00:00
Ivan Dimitrov ff75103a7c
nixos/monero: allow pruning with option (#421289) 2025-07-05 14:28:39 +02:00
nixpkgs-ci[bot] 04de8eaaf8
Merge staging-next into staging 2025-07-04 06:07:14 +00:00
Martin Weinelt a289362e80
networkmanager: drop hard dependency on openconnect and cleanup plugin handling (#421042) 2025-07-04 03:08:40 +02:00
nixpkgs-ci[bot] 4725dc1d5d
Merge staging-next into staging 2025-07-03 18:06:42 +00:00
Sandro Jäckel f88e1c39e9
treewide: move StartLimitIntervalSec/StartLimitBurst to unitConfig 2025-07-03 15:48:28 +02:00
Jason Yundt de0be57ef7 nixos/syncthing: install syncthing command and man page 
Before this change, setting services.syncthing.enable to true would
enable Syncthing, but it wouldn’t add Syncthing’s man page to your
system. This change ensures that the man page is available.

I tested this change using this Nix expression:

  let
    nixpkgsRepo = /path/to/nixpkgs/repo;
    pkgs = import nixpkgsRepo { };
  in pkgs.testers.runNixOSTest {
    name = "syncthing-man-page-test";
    nodes.machine = {
      services.syncthing.enable = true;
    };
    testScript = ''
      start_all()
      machine.succeed("man syncthing > log.txt")
      machine.copy_from_vm("log.txt", ".")
    '';
  }
 2025-07-03 08:19:06 -04:00
Jason Yundt 816afcf9c0 nixos/syncthing: get systemd units from cfg.package 
Before this change, the syncthing module used two potentially different
packages for Syncthing. Sometimes, it would use cfg.package and
sometimes it would use pkgs.syncthing. This change makes the syncthing
module more consistent by making it always use cfg.package.

The reference to pkgs.syncthing was added in
1026bebee6. I looked through that commit
message and the thread for the pull request that it came from [1], and I
couldn’t find anything that explained why pkgs.syncthing was used over
cfg.package. I’m guessing that using pkgs.syncthing over cfg.package was
a mistake, but I’m not sure.

[1]: <https://github.com/NixOS/nixpkgs/pull/18973>
 2025-07-03 07:37:23 -04:00
Alyssa Ross e0910df589
Merge remote-tracking branch 'origin/staging-next' into staging 
Conflicts:
	pkgs/by-name/me/meson/package.nix
 2025-07-02 14:49:42 +02:00
Yang, Bo 3f377cfde8
nixos/avahi-daemon: add dependency to ensure /run/avahi-daemon is created before socket activation (#417635) 2025-07-02 13:03:14 +02:00
nixpkgs-ci[bot] 536476f3aa
Merge staging-next into staging 2025-07-01 12:08:22 +00:00
Sandro ace047b8d5
nixos/xrdp: use --replace-fail with substituteInPlace, try #2 (#392512) 2025-07-01 11:59:37 +02:00
nixpkgs-ci[bot] 62814d33b6
Merge staging-next into staging 2025-06-30 18:06:45 +00:00
Jonathan Davies 185eba3148
nixos/ntpd-rs: Validate the ntpd-rs.toml file 2025-06-30 15:24:05 +02:00
Martin Weinelt 312015eaaf
networkmanager-strongswan: rename from networkmanager_strongswan 
This is to follow the same structure as all other nm plugins.
 2025-06-30 14:45:37 +02:00
nixpkgs-ci[bot] eee21ba9fa
Merge staging-next into staging 2025-06-30 12:08:05 +00:00
Martin Weinelt ccdca43d80
nixos/networkmanager: drop default plugin list and toggle 
It is unclear where this list originated, but it doesn't make sense to
ship it with all networkmanager installations. The most excessive plugin
is openconnect, that ships a 250 MB closure including webkitgtk.

Instead users now have to specify the plugins they want explicitly. I
updated the option to give hints on how to find them as best as I can.
 2025-06-30 08:40:05 +02:00
Jörg Thalheim 34b498526c
nixos/easytier: init module (#398170) 2025-06-30 08:13:27 +02:00
Martin Weinelt 6e1cd10adb
nixos/networkmanager: clean up plugin handling 
There is no point in having a special option to enable strongswan, when
we can just parse the intent from the plugin list instead.

Also pick up relevant runtime dependency information from the plugin
package instead of providing additional options or hardcoding them.
 2025-06-29 22:53:27 +02:00
Marcel 14d4a883e8
nixos/bird: print config file with line numbers during config check 
Bird configuration errors only print the line number without context.
Printing the configuration file with line numbers helps to identify the
faulty expression.
 2025-06-29 22:39:24 +02:00
nixpkgs-ci[bot] ac8cb87605
Merge staging-next into staging 2025-06-29 18:05:51 +00:00
Wolfgang Walther ff0515b50b
nixos/chrony: fix defaultText rendering of enableMemoryLocking option (#420789) 2025-06-29 15:40:25 +00:00
Sandro 48f5657fb9
nixos/chrony: fix defaultText rendering of enableMemoryLocking option 2025-06-28 18:22:12 +02:00
L-Trump 725a756dbb nixos/easytier: init module 2025-06-28 23:22:51 +08:00
K900 5985f13b69 Merge remote-tracking branch 'origin/staging-next' into staging 2025-06-27 21:07:44 +03:00
Maximilian Bosch a064abed61
Merge: nixos/postgresql: move postStart into separate unit (#403645) 2025-06-27 18:09:54 +02:00
K900 6d81aa24da Merge remote-tracking branch 'origin/staging-next' into staging 2025-06-27 11:10:05 +03:00
Pol Dellaiera b5acd6e545
nixos/netbird: robustness improvements (#420183) 2025-06-26 19:07:24 +02:00
K900 da21cd73af
livekit-ingress: init (#409757) 2025-06-26 19:09:06 +03:00
Krzysztof Nazarewski 17c0c3293d
nixos/netbird: add iptables/nftables for debug bundle handling 2025-06-26 14:13:05 +02:00
Krzysztof Nazarewski 70e91e0956
nixos/netbird: openFirewall for remote DNS resolver 2025-06-26 14:13:05 +02:00
Wolfgang Walther 41c5662cbe
nixos/postgresql: move postStart into separate unit 
This avoids restarting the postgresql server, when only ensureDatabases
or ensureUsers have been changed. It will also allow to properly wait
for recovery to finish later.

To wait for "postgresql is ready" in other services, we now provide a
postgresql.target.

Resolves #400018

Co-authored-by: Marcel <me@m4rc3l.de>
 2025-06-24 15:26:47 +02:00
K900 c732ad18a8 Merge remote-tracking branch 'origin/staging-next' into staging 2025-06-24 10:22:21 +03:00
Philip Taron cd233b3496
nixos/sshd: don't set KDF rounds for host keys (#415385) 2025-06-23 15:58:06 -07:00
K900 a10dfa1005 Merge remote-tracking branch 'origin/staging-next' into staging 2025-06-23 21:07:45 +03:00
Martin Weinelt aefa79cfc9 nixos/livekit{,-ingress}: automatically configure redis for locally distributed setups 2025-06-23 18:35:25 +03:00
K900 f19355f5ed nixos/livekit-ingress: init 2025-06-23 18:35:24 +03:00
Greizgh fd3d596a1c
seafile: remove myself from maintainers 
I do not use seafile anymore and won't spend energy working on it.
 2025-06-23 14:57:48 +02:00
nixpkgs-ci[bot] b68b849d07
Merge staging-next into staging 2025-06-22 18:06:41 +00:00
Sandro f565429fb3
nixos/seafile: update outdated https links in package metadata (#412349) 2025-06-22 19:26:47 +02:00
Hannes Graf 09124156ca nixos/seafile: update outdated https links 2025-06-22 15:36:29 +02:00
nixpkgs-ci[bot] d9f7cbb224
Merge staging-next into staging 2025-06-22 00:20:02 +00:00
Wolfgang Walther e80ca91f80
net-tools: rename from nettools (#416056) 2025-06-21 18:29:34 +00:00
Jakob Kukla db7efc1412
nixos/atticd: fix user and group documentation mixup 2025-06-21 20:20:30 +02:00
zimbatm 39c01d22bf net-tools: rename from nettools 
By being in sync with the pname, it makes it easier to walk back from
the pname that shows in the /nix/store back to the attribute.

This change should not cause any rebuild.
 2025-06-21 19:57:36 +02:00
Aleksana 4e4c90af3a
nixos/stunnel: give up maintainerhsip (#418234) 2025-06-22 00:05:21 +08:00
Franz Pletz 5fecf8770b
nixos/chrony: add systemd service notify support (#416715) 2025-06-21 08:38:17 +02:00
Pavol Rusnak 4fab5e9fe9
fedimint: 0.5.1 -> 0.7.1 (#397967) 2025-06-20 21:28:34 +02:00
Dawid Ciężarkiewicz c0f52c28cd fedimint: 0.5.1 -> 0.7.1 
0.7 release of Fedimint includes deployment changes. Notably:

* Experimental Iroh p2p connectivity support (uses UDP)
* built-in admin UI
 2025-06-20 09:22:50 -07:00
Leon Schuermann 5fe0a4bef6 nixos/stunnel: give up maintainerhsip 2025-06-19 14:55:25 -04:00
r-vdp 3c853295d9
nixos/wstunnel: convert to RFC42-style settings 2025-06-18 17:31:13 +02:00
Matthew Croughan e9eb7be1d6
nixos/scion: upgrade to 0.12 and fix module accordingly (#417777) 2025-06-18 13:29:02 +01:00
Aleksana b95bc4d285
pihole-ftl: fix settings.webserver.tls.cert (#415532) 2025-06-18 17:10:37 +08:00
matthewcroughan b1b384ccb3 nixos/scion: changes for 0.12 
These are the necessary changes for updating to 0.12, which supports dispatcherless operation by foregoing the dispatcher's unix socket in favour of UDP
 2025-06-18 09:24:15 +01:00
Peder Bergebakken Sundt 42d7266f38
firezone-gui-client: 1.4.12 -> 1.5.1 (#414765) 2025-06-17 03:42:41 +02:00
Morgan Jones 41ace86393
services: openvpn: servers: authUserPass: allow to be a path (#395982) 2025-06-15 17:04:13 -07:00
Jacob Birkett 5f33d95144 services: openvpn: servers: authUserPass: allow to be a path 
This allows using an agenix file.
 2025-06-15 16:47:21 -07:00
Martin Weinelt ac4ce03274
nixos/pdns-recursor: configure as local resolver 
When pdns-recursor is enabled it should ideally be the default resolver
for the host as well. This is probably good for 95% of the use-cases out
there, and the default for unbound and kresd, but also bind and dnsmasq.
 2025-06-15 19:02:27 +02:00
Franz Pletz b333d60710
nixos/tests/chrony: not compatible with graphene-hardened anymore 
Version 4.7 introduced the incompatibility, see #416005.
 2025-06-14 16:56:34 +02:00
Franz Pletz 7a6c67e796
nixos/chrony: add systemd service notify support 2025-06-14 16:47:44 +02:00
Aleksana 5625b7eff6
nixos/doc: explain how to use the ff sync module with ff android (#413380) 2025-06-11 19:44:46 +08:00
Guillaume Girol a975ab0752 nixos/doc: explain how to use the ff sync module with ff android 
source https://mozilla-services.readthedocs.io/en/latest/howtos/run-sync-1.5.html#howto-run-sync15

Quotation:

```
Firefox for Android (“Daylight”, versions 79 and later) does support using a non-Mozilla-hosted Sync server. Before logging in, go to App Menu > Settings > About Firefox and click the logo 5 times. You should see a “debug menu enabled” notification. Go back to the main menu and you will see two options for a custom account server and a custom Sync server. Set the Sync server to the URL given above and then log in.

To configure Android Firefox 44 up to 78 to talk to your new Sync server, just set the “identity.sync.tokenserver.uri” exactly as above before signing in to Mozilla accounts and Sync on your Android device.

Important: after creating the Android account, changes to “identity.sync.tokenserver.uri” will be ignored. (If you need to change the URI, delete the Android account using the Settings > Sync > Disconnect… menu item, update the pref, and sign in again.) Non-default TokenServer URLs are displayed in the Settings > Sync panel in Firefox for Android, so you should be able to verify your URL there.
```

the /token/ prefix is experimentally wrong.
 2025-06-11 12:00:00 +00:00
Leon 8941989f24
pihole-ftl: fix settings.webserver.tls.cert 2025-06-10 11:34:48 +02:00
Yarny0 6acf53f654 nixos/sshd: don't use -a (KDF rounds) on host keys 
The nixos `sshd.nix` module contains a
mechanism to generate ssh host keys prior to
starting sshd if those host keys are missing.
The option `services.openssh.hostKeys` is used to
configure which host keys should exist or be created.
It also declares the key type and other key-related options.

One of those options is `rounds`.
That one is then forwarded to the
`ssh-keygen` program with the `-a` option.
It defines how many rounds of a key derivation function
are to be used on the key's passphrase before the result
is used to en-/decrypt the private key; cf. ssh-keygen(1).

ssh host keys are passwordless;
they are solely protected by filesystem access modes.
Hence, the `-a` option is irrelevant
and silently ignored by `ssh-keygen`.

The commit at hand therefore removes this option from
the host key generation script and the option examples.
 2025-06-09 21:06:20 +02:00
oddlama b2b1a8c052
nixos/firezone-gui-client: adjust to renamed tunnel service binary 2025-06-08 16:56:26 +02:00
Michele Guerini Rocco b16827a225
nixos/dhcpcd: specify withUdev when overriding the package for no udev (#414724) 2025-06-08 12:21:11 +02:00
Pol Dellaiera d7ed3c0dce
pihole-ftl: 6.1 -> 6.2.2 (#414788) 2025-06-08 09:51:06 +02:00
Peter Lehmann c586196e17 nixos/pdns-recursor: reload service on config change 2025-06-07 19:13:07 +02:00
williamvds e8b98ec709
pihole-ftl: update 6.1 -> 6.2.2 
Apply some review suggestions by @dotlambda
 2025-06-07 17:46:46 +01:00
7c6f434c 63eb46dcd5 nixos/dhcpcd: specify withUdev when overriding the package for no udev 2025-06-07 16:24:30 +02:00
Lin Jian 2302f3c9bd
nixos/dnscrypt-proxy2: add package option (#411451) 2025-06-06 21:21:30 +08:00
MidAutumnMoon 101965187e
nixos/dnscrypt-proxy2: add package option 
nixos/dnscrypt-proxy2: remove `with lib;`

Co-authored-by: Sizhe Zhao <prc.zhao@outlook.com>
 2025-06-06 18:15:30 +08:00
Felix Singer 31d18149ad nixos/murmur: Drop warnings regarding renamed/removed options 
These warnings were added around 5 years ago. That's long enough. So
drop them.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-06-06 07:52:35 +02:00
Felix Singer b6c81af12d nixos/murmur: Get rid global lib expansion 
Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-06-06 07:52:35 +02:00
Felix Singer 1c9df5c6de nixos/murmur: Use lib.mkEnableOption where possible 
While on it, replace occurrences of "Murmur" with "Mumble server" of
touched options.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-06-06 07:52:35 +02:00
williamvds 82b8a1e117
maintainers: rename williamvds -> averyvigolo 2025-06-04 21:27:11 +01:00
John Wiegley 8922d4f099
pihole: init at various (#361571) 
Adds pihole-ftl.service and pihole-ftl-log-deleter.service.

Authored-By: williamvds <william@williamvds.me>
 2025-06-04 08:12:30 -07:00
Paul Haerle ea34fcd8ae
nixos/tailscale-auth: restart on-failure and wait for tailscaled (#393038) 2025-06-04 13:50:31 +02:00
williamvds 8f5d24c1b2
nixos/pihole-ftl: init 
Add a module for pihole-ftl, which allows declaratively defining the
pihole.toml config file.

Also provide options for adlists to use, which can be added through the pihole
script (packaged as "pihole"). Other state such as clients and groups require
complex database operations, which is normally performed by the pihole
webapp (packaged as "pihole-web").

Extend the dnsmasq module to avoid duplication, since pihole-ftl is a soft-fork
of dnsmasq which maintains compatibility.

Provide the pihole script in `environment.systemPackages` so pihole-ftl can be
easily administrated.
 2025-06-03 23:15:18 +01:00
williamvds 4bdf75f1cb
dnsmasq: pass through config file as an option 
So that the pihole module reuse it. pihole-ftl is a fork of dnsmasq and its
configuration file is compatible.
 2025-06-03 23:15:17 +01:00
K900 716d4db111
Revert "nixos/murmur: Get rid of global lib expansion" 2025-06-03 09:13:00 +03:00
Arne Keller 8cc1462f3c
dsnet: init at 0.8.1, nixos/dsnet: init (#408421) 2025-06-02 23:14:24 +02:00
Linus Heckemann 2ce1d06baf nixos/kresd: don't explicitly set group id 
null is the default, but setting it explicitly rather than relying on
the default results in collisions if users want to set their own gid.
Requiring mkForce here shouldn't be necessary when the module doesn't
specifically rely on the auto-allocation behaviour.

Change-Id: Ia541ac4e9c4d85b240386049b9947c607674a2f5
 2025-06-02 22:26:20 +02:00
Callan Bryant eb01e02bd5 dsnet: init at 0.8.1 and init module 2025-06-02 20:41:52 +01:00
Felix Bühler 02abb271ea
nixos/murmur: Get rid of global lib expansion (#412693) 2025-06-02 21:04:25 +02:00
Pol Dellaiera 6d9d3014ba
treewide: fix typos in comments (#413240) 2025-06-02 18:43:07 +02:00
Peder Bergebakken Sundt c77ac9dfc3 treewide: fix typos 2025-06-02 16:07:07 +02:00
Michele Guerini Rocco 0e0842c978
nixos/monero: add an option to use ip ban-list (#412522) 2025-06-02 09:17:36 +02:00
alyaeanyx bdd58823ab maintainers: rename alyaeanyx -> pentane 2025-06-01 09:27:14 +02:00
Felix Singer 7c7c839a26 nixos/murmur: Drop warnings regarding renamed/removed options 
These warnings were added around 5 years ago. That's long enough. So
drop them.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-05-31 21:15:21 +02:00
Felix Singer f13ada1223 nixos/murmur: Get rid global lib expansion 
Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-05-31 21:15:21 +02:00
Felix Singer 9bca318775 nixos/murmur: Use lib.mkEnableOption where possible 
While on it, replace occurrences of "Murmur" with "Mumble server" of
touched options.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-05-31 21:15:21 +02:00
nat 1ffc904284
nixos/monero: add an option to use ip ban-list 2025-05-31 13:02:50 +02:00
nat 6617c167f7
nixos/monero: use lib.getExe 2025-05-31 02:05:50 +02:00
Kristoffer Dalby 0dd5cdaa3b
headscale: 0.25.1 -> 0.26.0, update nixos module and test accordingly 
Co-authored-by: Sandro <7258858+SuperSandro2000@users.noreply.github.com>
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2025-05-28 16:20:41 +02:00
Matthias Beyer c84ce50209
adguardhome: Build from source (#411034) 2025-05-27 11:50:16 +02:00
Aleksana 938e3fa749
nixos/networkmanager: add an enableDefaultPlugins option (#366842) 2025-05-26 20:34:24 +08:00
Aleksana 05ea790f13
nixos/anubis: Apply some more hardening settings (#410041) 2025-05-26 17:42:25 +08:00
Golbinex 6e99825c18 nixos/adguardhome: Update binary path 
The compiled binary filename has upper cases
 2025-05-26 07:24:42 +00:00
Aleksana f974b3e433
nixos/zeronsd: fix acl permissions (#391231) 2025-05-26 12:53:46 +08:00
Aleksana dcf345f2e9
nixos/syncthing: fix cert/key permission error (#408664) 2025-05-26 12:49:53 +08:00
Ryan Horiguchi 454aecb8c6 nixos/bind: add port option 2025-05-23 19:01:22 +02:00
Felix Singer 959c8e9311 nixos/anubis: Apply some more hardening settings 
Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-05-23 07:12:59 +02:00
Pop 017276a4aa
netbird: fix typo in warning message (#406819) 2025-05-23 11:32:04 +08:00
Sveske_Juice 3303249ed2 nixos/syncthing: fix cert/key permission error 2025-05-19 11:51:47 +02:00
Michele Guerini Rocco eebd349fdd
nixos/pdns-recursor: deprecate settings, add yaml-settings (#406534) 2025-05-19 10:30:07 +02:00
patka 92ceb4a51c
nixos/polipo: drop 
Upstream hasn't seen activity since 2014 and archived the project in 2021. There's no longer a need for HTTP proxies
 2025-05-18 09:19:45 +02:00
Adam C. Stephens d25ea431bd
Headscale service wait before restart (#400053) 2025-05-16 08:30:08 -04:00
lassulus 84049bd248
nixos/syncthing: define and handle encryptionPassword option (#383442) 2025-05-15 19:44:22 +02:00
isabel 84c1069ebe
nixos/cloudflared: fix cert.pem installation (#407128) 2025-05-15 15:32:56 +01:00
Sandro 5077b9edb6
nixos/headscale: fix derp.auto_update_enabled option (#406108) 2025-05-15 11:04:01 +02:00
Pedro Alves 75c7d0908e nixos/cloudflared: fix cert.pem installation 
There was a typo in the systemd service definition for cloudflared which
meant that the cert.pem file was not being correctly exposed.
 2025-05-14 20:13:42 +01:00
Arne Keller 2264d87679
cato-client: init at 5.2.1.1, nixos/cato-client: init (#339533) 2025-05-13 17:36:06 +02:00
rnhmjoj b71d4f5fb3
nixos/pdns-recursor: deprecate settings, add yaml-settings 2025-05-12 20:27:02 +02:00
Patrick Steinhardt 8578bd1117 nixos/headscale: fix derp.auto_update_enabled option 
The options part of "services.headscale.settings" get rendered directly
into a JSON file. As such, any declared values need to match the actual
config key that upstream uses or they are ineffective.

One such key is "derp.auto_update_enable", which controls whether or not
auto-updates for the DERP map are enabled. This key is misspellt though:
the config is called "derp.auto_update_enabled", and that has always
been the case since the config has been introduced in 57f46ded (Split
derp into its own config struct, 2021-10-22). Any unknown key is simply
ignored by Headscale, and as such the setting is ineffective.

Fix this by renaming the option.
 2025-05-11 20:12:05 +02:00
Patrick 7a564cf0cd
nixos/networkd-dispatcher: use writeShellApplication to ease use 2025-05-11 11:53:45 +02:00
isabel 92d64400d5
nixos/anubis: Fix defaultOptions not applying user-defined settings (#398790) 2025-05-11 08:56:46 +01:00
Gary Guo 7dd8c5b602 unifi8: drop 
This was an alias to the unifi package, which has been updated to v9.
To avoid confusion, remove this alias.
 2025-05-10 14:47:52 +01:00
sudoforge 8aa7a07653
nixos/iwd: move General.UseDefaultInterface to DriverQuirks.DefaultInterface 
`General.UseDefaultInterface` was deprecated last year, with a
recommendation to move to `DriverQuirks.DefaultInterface` [0] [1] [2].

[0]: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=5c7777ff0fbcdee3c5d3a3cf6b1f375f2e820644
[1]: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=d223f49fbc622e5b2f270711619ecbd542bed12e
[2]: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=a27b7823df12c5d185b39aa7777c546843c1c96f
 2025-05-08 21:35:40 -07:00
Franz Pletz 2634ca8249
nixos/ntpd-rs: Handle configuring NTP pools (#403903) 2025-05-08 18:28:32 +02:00
Johannes Kirschbauer 5ee93d2532
lib: refactor lib.attrsets.{mapAttrs', mapAttrsToList} and mapAttrs'' in the strongswan-swanctl module (#403581) 2025-05-08 09:42:40 +02:00
ccicnce113424 4551258940 lib: refactor lib.attrsets.{mapAttrs', mapAttrsToList} and mapAttrs'' in the strongswan-swanctl module 
The new implementation of `mapAttrsToList` is simpler than the previous one, avoiding an extra string conversion. Benchmarking shows a slight performance improvement. See the discussion here: https://discourse.nixos.org/t/another-implementation-of-mapattrstolist

Additionally, I searched nixpkgs for expressions equivalent to the old `mapAttrsToList` and replaced them with direct calls to the new implementation.
 2025-05-08 13:58:54 +08:00
fleaz d69eadeb94
nixos/r53-ddns: Add new option for record ttl 2025-05-07 22:23:19 +02:00
Wolfgang Walther c8d2eca963
.editorconfig: move subfolder config into separate .editorconfig files 
This avoids paths in the top-level file getting out-of-sync, because the
.editorconfig files would be moved together with the files they target.
 2025-05-07 20:01:35 +02:00
rnhmjoj 66db09eb62
nixos/dhcpcd: add option to allow setuid binaries 
The promise in the networking.dhcpcd.runHook description was broken by
further restrictions added in 21bb7ea9.
 2025-05-05 22:00:20 +02:00
rnhmjoj 54a6949722
nixos/tests/networking: test hostname via DHCP 2025-05-05 21:59:33 +02:00
rnhmjoj bf1cf6bffc
nixos/dhcpcd: fix hostname via DHCP 2025-05-05 21:53:45 +02:00
h7x4 beb9d5230c
coturn: add systemd support (#394670) 2025-05-05 12:53:47 +02:00
Jonathan Davies 86d94b2d88
nixos/ntpd-rs: Handle configuring timeserver FQDN as a pool 2025-05-04 14:30:12 +00:00
Henry-Hiles f2cdf605c3
nixos/livekit: Fix docs issues 2025-05-03 21:52:26 -04:00
Jeremy Fleischman 1b7b89c4ef
Demonstration of an alternate way to embed secrets into syncthing config 2025-05-03 12:43:42 -07:00
Wael Nasreddine c2dcf9be27
nixos/ncps: delete failing secretKeyPath assertion and wait for network-online.target (#396901) 2025-05-01 14:33:24 -07:00
Edward Hesketh 414b7c5a01
nixos/ncps: wait for network-online, remove failing assertion 
- Start after network-online as ncps requires all upstreams to be online
  and reachable when starting
- Remove a bad assertion causing failures at eval time when using
  secrets management systems
 2025-04-30 19:57:31 +01:00
Martin Weinelt 7cd06772e3
nixos/livekit: init, nixos/lk-jwt-service: init (#399627) 2025-04-29 12:44:07 +02:00
Vladimír Čunát 85f896ec76
nixos/kresd: add kresd-cli wrapper script (#388290) 2025-04-28 17:58:22 +02:00
r-vdp 58013c9fb2
nixos/mycelium: pull in network-online.target 
The test was failing because it waits for network-online.target which
was not part of the transaction.
 2025-04-28 10:42:15 +02:00
NullCube b2714cd757 nixos/anubis: adjust provided options 2025-04-26 15:22:26 -07:00
NullCube f826658cb4 nixos/anubis: fix user-defined defaultOptions not applying to instances 2025-04-26 15:22:26 -07:00
Jeremy Fleischman 7161a83931
services(cloudflare-dyndns): use new CLOUDFLARE_API_TOKEN_FILE setting 
We recently upgraded to cloudflare-dyndns 5.3:
24f9910708,
so we can now use this new `CLOUDFLARE_API_TOKEN_FILE` feature that
landed in v5.2: 1d563d2752
 2025-04-24 18:25:32 -07:00
NullCube a47513760e nixos/anubis: add nullcube as maintainer 2025-04-24 17:38:49 -07:00
Morgan Jones 36cddaaa6f
nixos/kismet: init module 
Use vwifi to write a proper test for Kismet. This test demonstrates how
to simulate wireless networks in NixOS tests, and extract meaningful
data by putting an interface in monitor mode using Kismet.
 2025-04-20 15:39:23 -07:00
Morgan Jones 583a74d8ad
nixos/vwifi: init module 
This module does not currently have its own test suite: it is intended
to be used in test suites for other modules that use wifi.
 2025-04-20 15:39:22 -07:00
Henry-Hiles d237673ba4
nixos/livekit: init 2025-04-20 12:22:51 -04:00
Nico Felbinger e0d1b49a46
chore: move meta option to top level in many modules 2025-04-19 18:27:48 +02:00
bornav 43ead788f9
Made service restart after 5s 2025-04-19 12:09:28 +02:00
Sandro Jäckel 52525af4aa
nixos/kresd: add kresd-cli wrapper script 2025-04-18 20:53:20 +02:00
Robert James Hernandez 9b70561e15 nixos/ax25/axlisten: init 2025-04-15 23:54:45 +00:00
Robert James Hernandez 4001d9db5d nixos/ax25/axports: init 2025-04-15 23:54:45 +00:00
nixpkgs-ci[bot] 049254d36c
Merge master into staging-next 2025-04-11 12:06:12 +00:00
Michael van Straten a890891acc nixos/godns: init module 
Initial implementation of the GoDNS service module. This module allows users to enable and configure the GoDNS service on their NixOS system. It includes options for specifying the GoDNS package and the path to the configuration file.
 2025-04-11 11:25:47 +02:00
nixpkgs-ci[bot] b66e31c26a
Merge master into staging-next 2025-04-09 16:04:15 +00:00
Adam C. Stephens f2200ca6ee
nixos/anubis: init module (#392018) 2025-04-09 09:23:35 -04:00
nixpkgs-ci[bot] 6c98e107c7
Merge master into staging-next 2025-04-09 00:15:45 +00:00
Ivan Trubach bcd6066a34
centrifugo: 5.4.9 -> 6.1.0 (#396824) 2025-04-09 00:03:46 +03:00
Vincent Breitmoser ffcc12d192 centrifugo: add release note and assertion for compatibility 2025-04-08 14:21:46 +02:00
K900 0842b11f2b Merge remote-tracking branch 'origin/master' into staging-next 2025-04-08 09:29:48 +03:00
Tristan Ross 3789fbc4fc
nixos/nebula: add CAP_NET_BIND_SERVICE when lighthouse node serves DNS (#353665) 2025-04-07 17:27:03 -07:00
K900 05bc93a58a Merge remote-tracking branch 'origin/master' into staging-next 2025-04-06 11:20:16 +03:00
Leona Maroni cfc266b7e3
nixos/bird-lg: Remove deprecation warnings (#394010) 2025-04-06 09:59:29 +02:00
fredrikr79 0e68b25955 nixos/coturn: allow unix socket 
hardening previously disallowed unix socket, which is used for the
systemd notify communication.
 2025-04-05 16:50:08 +02:00
fredrikr79 1a1b233998 nixos/coturn: switch systemd service type to notify 2025-04-05 16:50:08 +02:00
Cassie Cheung cadf4cfc83
nixos/anubis: init module 2025-04-05 21:48:39 +08:00
nixpkgs-ci[bot] 276f9ec976
Merge master into staging-next 2025-04-04 00:15:35 +00:00
Pol Dellaiera 03bf44b9ea
nixos/freenet: refactor, migrate to runTest (#391886) 2025-04-03 21:03:40 +02:00
nixpkgs-ci[bot] 51d40a0f08
Merge staging-next into staging 2025-04-03 12:06:39 +00:00
Daniel Nagy 0604d0aedd
nixos/freenet: refactor 2025-04-03 10:15:00 +02:00
Vojtěch Káně b25b9e656a nixos/dhcpcd: fix typo in documentation 
The manpage of dhcpcd says:

>If any interface reports a working carrier then dhcpcd will try to
>obtain a lease before forking to the background, otherwise it will fork
>right away.
 2025-04-03 10:10:37 +02:00
Silvan Mosberger e52d633a63 Merge remote-tracking branch 'upstream/staging-next' into staging 2025-04-02 18:30:54 +02:00
Aurimas Blažulionis d8b850d88f
syncthing: expose encryptionPassword 
- Change `folder.devices` type into `oneOf [(listOf str) (attrsOf
  (submodule { ... }))]`.
- Expose `encryptionPassord` within the attrSet of the devices option.

This allows the user to set the encrpyption password use to share the
folder's data with. We do this by file path, as opposed to string
literal, because we do not want to embed the encrpyption password into
the nix store.
 2025-04-01 14:20:31 -05:00
Aurimas Blažulionis 848e754b81
syncthing: handle encryptionPassword secret 
Rewrite the syncthing config update script to embed secrets into the
json request. Specifically, we handle the `encryptionPassword` secret.
With this code, the user can embed path to the encrpyption password for
a given device the folder is shared with, and have it loaded in, without
touching the nix store.
 2025-04-01 14:20:31 -05:00
K900 30edc74585 Merge remote-tracking branch 'origin/staging-next' into staging 2025-04-01 21:12:38 +03:00
Silvan Mosberger 374e6bcc40 treewide: Format all Nix files 
Format all Nix files using the officially approved formatter,
making the CI check introduced in the previous commit succeed:

  nix-build ci -A fmt.check

This is the next step of the of the [implementation](https://github.com/NixOS/nixfmt/issues/153)
of the accepted [RFC 166](https://github.com/NixOS/rfcs/pull/166).

This commit will lead to merge conflicts for a number of PRs,
up to an estimated ~1100 (~33%) among the PRs with activity in the past 2
months, but that should be lower than what it would be without the previous
[partial treewide format](https://github.com/NixOS/nixpkgs/pull/322537).

Merge conflicts caused by this commit can now automatically be resolved while rebasing using the
[auto-rebase script](8616af08d9/maintainers/scripts/auto-rebase).

If you run into any problems regarding any of this, please reach out to the
[formatting team](https://nixos.org/community/teams/formatting/) by
pinging @NixOS/nix-formatting.
 2025-04-01 20:10:43 +02:00
Tanya Arora 8125d74e21
nixos/dnsmasq: Fix failure on read-only /etc when resolveLocalQueries=false (#391738) 2025-04-01 17:59:21 +02:00
e1mo 6764561f3e
nixos/bird-lg: Remove deprecation warnings 
The deprecation warning has been in place for quite some time now, so it
should be safe to get rid of it and clean the module up a bit.
 2025-03-28 14:49:05 +01:00
nixpkgs-ci[bot] 3ed34914ea
Merge staging-next into staging 2025-03-28 00:15:57 +00:00
lassulus 3e7ce75dc1
jitsi-meet and prosody Added ownerallowkick patch and all_owners module (#155755) 2025-03-27 16:18:08 -07:00
Pol Dellaiera 952001e9bb
blocky: bugfix, add systemd hardening, log, adjust: startup targets (#388962) 2025-03-27 21:46:59 +01:00
Marcel Novotny 2411e6eecd Added Allowners muc module to prosody and jitsi-meet 2025-03-25 23:17:58 +01:00
Bouke van der Bijl 133974d017
nixos/tailscale-auth: restart on-failure and wait for tailscaled 2025-03-25 11:08:23 +01:00
PAEPCKE, Michael 00a39d3964
blocky: add systemd hardening, add log, readjust startup targets 2025-03-24 06:11:33 +00:00