tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-14 03:36:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
812566 commits 208 branches 129 tags 14 GiB
Commit graph

4682 commits

Author SHA1 Message Date
Yarny0 6e51b48777 nixos/hylafax: use concatLines 
...instead of `concatStringsSep "\n"`
 2025-02-06 12:11:06 +01:00
Yarny0 455c195fe4 nixos/hylafax: use getExe' 
...for a few coreutils invocations.
 2025-02-06 12:11:06 +01:00
Yarny0 8378491df3 nixos/hylafax: unify lib imports 2025-02-06 12:11:06 +01:00
Jared Baur d4549901c8
nixos/nats: make config validation friendly to cross compilation 2025-02-04 12:08:41 -08:00
Sandro b1b6a16499
nixos/tailscale-derper: drop nginx upstream to improve reliability (#377640) 2025-02-02 22:18:04 +01:00
nikstur 9015a21afc
g3proxy: init at 1.10.4 (#378059) 2025-02-01 22:45:13 +01:00
Raito Bezarius f0652b5dff nixos/services/networking/g3proxy: init 
This adds a simple hardened systemd-based module for g3proxy, a generic
purpose forward proxy.

Change-Id: I8c6e5d2cc8a9faa2aea8c5df3af56756ffed542d
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Co-authored-by: Elias Coppens <elias.coppens@ens.fr>
 2025-02-01 22:34:53 +01:00
Nick Cao 45d60dfce5
nixos/sing-box: add assertions for deprecated geoip and geosite options 2025-02-01 09:23:52 -05:00
Nick Cao 3a661055bb
nixos/sing-box: unset deprecated geoip and geosite options by default 2025-02-01 09:23:36 -05:00
Michele Guerini Rocco 2e4d19a429
nixos/wireless: fix indentation of extraConfig (#377482) 2025-01-29 14:14:10 +01:00
wrvsrx fbf6812275
nixos/wireless: fix indentation of extraConfig 2025-01-29 16:15:13 +08:00
Sandro Jäckel 0405f0270c
nixos/tailscale-derper: drop nginx upstream to improve reliability 
When I initially tested this, the upstream seemed a good idea and worked
as expected but it no longer does and disconnects clients every 60
seconds indicated by the following line in tailscaled on the client:

magicsock: [0xc00444a640] derp.Recv(derp-901): derp.Recv: EOF

By connecting directly things work more reliable and there are no
connection resets every 60 seconds anymore.
 2025-01-29 00:25:11 +01:00
Krzysztof Nazarewski 9962b33f51 nixos/netbird: update docs & release notes 2025-01-28 12:34:55 +01:00
Krzysztof Nazarewski 49a26eda2a nixos/netbird: harden and extend options 2025-01-28 12:34:55 +01:00
Peder Bergebakken Sundt 75b2b7e946 nixos/*: undo manual linking to known manpage urls 
Made with:

jq <doc/manpage-urls.json 'to_entries[] | "rg -F \"[\(.key)](\(.value))\" nixos/ -l | xe sd -F \"[\(.key)](\(.value))\" \"{manpage}`\(.key)`\""' -r  | tr \" \' | bash -x

(requires ripgrep, sd and xe)
 2025-01-27 02:47:02 +01:00
Peder Bergebakken Sundt 953f72e76e nixos/*: tag manpage references 2025-01-27 02:47:01 +01:00
Michele Guerini Rocco 6f20987865
nixos/wireless: remove patch warning from allowAuxiliaryImperativeNetworks option (#374666) 2025-01-26 09:43:17 +01:00
Weijia Wang f6a5227d48
nixos/gdomap: fix eval (#376828) 2025-01-26 00:37:14 +01:00
Weijia Wang 614404df3e nixos/gdomap: fix eval 2025-01-26 00:30:30 +01:00
Christian Kögler 99c172d777
services.xray: pass the settings file with systemd loadCredential (#368763) 2025-01-25 22:29:58 +01:00
Joshua Kobschätzki bb1993232d squid: add config validation 
Inspired by NGINX config validation with pkgs.writers
 2025-01-25 18:49:34 +01:00
Anderson Torres bc80114502 various: remove AndersonTorres from modules maintainership 2025-01-22 21:47:09 -03:00
Kerstin f4e3779598
nixos/radicale: Allow AF_UNIX for systemd log (#373893) 2025-01-21 12:43:28 +01:00
Slava 167d6634f8 services.xray: pass the settings file with systemd loadCredential 
It enables passing a sops-nix secret as a `settingsFile`
@see https://github.com/Mic92/sops-nix/issues/198.

By default sops-nix secrets are accessible by only root. We can change owner to another user, but the xray service is defined with `dynamicUser=true`, which means, there is no user in the compile time.

Systemd `loadCredential` passes the secret file to the service, which is exactly what we need here.
 2025-01-20 15:52:14 +05:00
Remy D. Farley b99293177b nixos/yggdrasil-jumper: init 2025-01-19 09:45:46 +00:00
DCsunset f00f508bdb nixos/soju: add option to overwrite generated configFile 2025-01-18 03:59:10 +00:00
June Stepp c01d4db064
nixos/wireless: remove patch warning from allowAuxiliaryImperativeNetworks option 
The patch was removed in #330386.
 2025-01-17 16:53:44 -06:00
nixpkgs-ci[bot] df5a154f88
Merge master into staging-next 2025-01-17 18:04:22 +00:00
Motiejus Jakštys de0a499a56 nixos/headscale: remove much-loosened-up server_url check 
server_url check [has been loosened upstream][1] and backported to
NixOS[2]. The new, much looser check, is not practical to be implemented
in Nix (you are welcome to give it a try; I've implemented the original
one).

Since the surface area is much smaller now (and the scenario much less
common), I think we can remove this assertion altogether.

[1]: https://github.com/juanfont/headscale/pull/2248
[2]: https://github.com/NixOS/nixpkgs/pull/358255
 2025-01-17 08:03:26 +02:00
Flakebi 8f4bc44f88
nixos/radicale: Allow AF_UNIX for systemd log 
radicale tries to connect to the systemd unix socket for logging. This
currently fails because it is not allowed to open sockets, then it falls
back to logging to stdout (printing a warning).

Allow radical to open unix sockets to fix this. This gives slightly
better logging experience (e.g. errors are marked red when sent through
the systemd log socket).
 2025-01-15 01:09:54 +01:00
github-actions[bot] 74a6c68160
Merge master into staging-next 2025-01-12 18:04:11 +00:00
Nick Cao 57f5199439
nixos/strongswan-swanctl: link strongswan.conf to /etc 2025-01-11 11:03:29 -05:00
oddlama 19e38587b2
nixos/hostapd: run nixfmt-rfc-stylenixos/hostapd: add passwordFile option for structured sae password settings 2025-01-10 00:28:47 +01:00
oddlama 6f23ec7323
nixos/hostapd: run nixfmt-rfc-style 2025-01-10 00:28:45 +01:00
github-actions[bot] ded5a5e552
Merge master into staging-next 2025-01-09 00:14:35 +00:00
piegames 31777a589c
More string fixes (#367757) 2025-01-08 20:12:26 +01:00
github-actions[bot] 224fa5b082
Merge master into staging-next 2025-01-08 00:14:35 +00:00
Dict Xiong 165e372a15 nixos/doh-server: init 2025-01-07 23:37:47 +01:00
piegames dd7d5339f7 treewide: Fix incorrect string indentations 2025-01-07 19:49:28 +01:00
piegames 603733851b treewide: Fix incorrect string escapes 2025-01-07 19:49:28 +01:00
github-actions[bot] a0509da074
Merge master into staging-next 2025-01-07 18:04:37 +00:00
Izorkin 21bb7ea948
nixos/dhcpcd: update sandboxing options 2025-01-06 22:24:56 +03:00
K900 9e51fd8b02 Merge remote-tracking branch 'origin/master' into staging-next 2025-01-06 21:13:31 +03:00
Matthieu Coudron 55c0a30825
mptcpd: init at 0.13 (#355928) 2025-01-06 18:27:11 +01:00
Bjørn Forsman cc5645c6e0 nixos/dhcpcd: fix updating resolv.conf when using systemd-resolved 
Fix the regression between NixOS 24.05 and 24.11 where using dhcpcd
(e.g. networking.useDHCP) and systemd-resolved
(services.resolved.enable) result in no "search" entry getting added to
/etc/resolv.conf, and dhcpcd logging the following error:

  $ systemctl status dhcpcd
  [...] dhcpcd[2896]: Failed to set DNS configuration: Interactive authentication required.

Fix it by adding a polkit rule that gives the required permissions to
the 'dhcpcd' user to manipulate resolved. The rule was made by using
polkit logging and allowing each action.id until the above error went
away, and /etc/resolv.conf got the correct search entry.
 2025-01-06 18:07:52 +01:00
github-actions[bot] a65d8c74cd
Merge staging-next into staging 2025-01-06 06:05:48 +00:00
Pol Dellaiera 942e79dbd2
nixos/netbird: fix state directory mode (#371315) 2025-01-06 07:01:42 +01:00
Patrick 8e44bd9c66
nixos/netbird: fix state directory mode 2025-01-06 02:14:42 +01:00
William P 391398af52
add network-online dependency to netclient module to get rid of warning 2025-01-05 16:56:27 -05:00
github-actions[bot] 16abba216f
Merge staging-next into staging 2025-01-05 18:04:38 +00:00
Martin Weinelt 538b8b43e2
nixos/wstunnel: improve assertions (#368755) 2025-01-05 18:18:52 +01:00
Peder Bergebakken Sundt dbee3b0e98 Merge remote-tracking branch 'upstream/staging-next' into fix-merge-conflict-1735949935 2025-01-04 01:24:46 +01:00
Weijia Wang 3a21ca23ab
unifi-controller: patchelf unifi's sdnotify, nixos/unifi: enable sd_notify, always restart service (#361945) 2025-01-04 01:09:06 +01:00
github-actions[bot] d9159d2b18
Merge staging-next into staging 2025-01-03 00:14:58 +00:00
Wael Nasreddine 87b42d403e nixos/ncps: init service 2025-01-02 15:08:12 -08:00
github-actions[bot] 666690fdf4
Merge staging-next into staging 2025-01-01 18:05:06 +00:00
Martin Weinelt 269d596970
nixos/coturn: restore logging functionality 
Due to undetermined hardening changes logging to syslog does not work
anymore, but we don't need it. We're running in a systemd unit so allow
logging to stdout instead.
 2025-01-01 02:33:23 +01:00
github-actions[bot] 3588b4d239
Merge staging-next into staging 2024-12-31 18:04:49 +00:00
toinux a2c878df50
nixos/keepalived: add package option (#346462) 
KeepAlived: Support pkg override without overlaying

Co-authored-by: Antoine 'Toinux' Lesieur <toinux@nixos.local>
Co-authored-by: Arne Keller <arne.keller@posteo.de>
 2024-12-31 17:28:57 +01:00
github-actions[bot] d8e41027cf
Merge staging-next into staging 2024-12-31 12:05:50 +00:00
Gaétan Lepage 682b8079b6
nixos/biboumi + biboumi: fixup module + make optional libraries optional (#365342) 2024-12-31 09:35:11 +01:00
github-actions[bot] 92be6e3838
Merge staging-next into staging 2024-12-30 18:04:51 +00:00
AveryanAlex 0240773f49
nixos/wireguard: add AmneziaWG support 
Co-authored-by: azahi <azat@bahawi.net>
 2024-12-30 17:04:17 +03:00
AveryanAlex 1ce7180d60
nixos/wg-quick: add AmneziaWG support 
Co-authored-by: azahi <azat@bahawi.net>
 2024-12-30 17:04:16 +03:00
nicoo 238b407862
nixos: hardware.pulseaudio → services.pulseaudio (#369391) 2024-12-30 13:46:50 +00:00
github-actions[bot] e7344062a5
Merge staging-next into staging 2024-12-30 12:06:26 +00:00
Markus Kowalewski bea29cd04f
nixos/zenohd: add module and test (#368613) 2024-12-30 12:32:19 +01:00
Jan Tojnar ab44f61ec7 Merge branch 'staging-next' into staging 
Merge conflict in `pkgs/by-name/en/envision/package.nix` between efb2d2b815fe9f7d12f4aab42c83e759db5ec716 (staging) and b9d59c4515ea7cd4595d342c9d87877b544e6dbd+de7a60960219b303cc44ad446f9e7ddaf23b9944 (staging-next).
 2024-12-30 01:58:08 +01:00
Wolfgang Walther cf127c9dc3
treewide: load structured attributes in all bash builders consistently 
It's hard to put the sourcing of ./.attrs.sh into all builder
consistently - mistakes will happen. Thus, load structured attrs once in
make-derivation and then source the remaining builder on top.

This should fix quite a few builders with structured attributes in
principle. Most importantly it helps substitute / substituteAll, which
are required for bootstrap on some platforms.
 2024-12-29 18:36:47 +01:00
Franz Pletz 3a3b9dbba3
nixos/minidlna: refactor (#344018) 2024-12-29 16:21:13 +01:00
Arne Keller 5de8c5b941
nixos/chrony: fix memory locking issue with graphene-hardened-light (#356837) 2024-12-29 15:08:43 +01:00
github-actions[bot] 4e1d4f49f2
Merge staging-next into staging 2024-12-29 12:05:32 +00:00
misuzu 1bdf3ca3ad
nixos/wireguard-networkd: fix loading pre shared keys for peers without a custom name (#368684) 2024-12-29 11:33:22 +02:00
github-actions[bot] dcc5662394
Merge staging-next into staging 2024-12-29 00:16:35 +00:00
rnhmjoj 69b630d893
nixos/networkmanager: match upstream units Install sections 
The upstream NetworkManager.service unit[1] has this Install section:

  [Install]
  WantedBy=multi-user.target
  Also=NetworkManager-dispatcher.service
  Also=NetworkManager-wait-online.service

Let's just match that in NixOS and don't try to mess with
network.target. The latter should only be used to order units at
shutdown, not when booting.

[1]: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/main/data/NetworkManager.service.in?ref_type=heads
 2024-12-28 12:09:59 +01:00
alyaeanyx 16570980b6 nixos/wstunnel: improve assertions 
nixos/wstunnel: run nixfmt on module file
 2024-12-28 09:56:22 +01:00
Markus Kowalewski 6298d3e530
nixos/zenohd: add module and test 2024-12-28 02:09:38 +01:00
networkException c1eb3b68f8
nixos/wireguard-networkd: escape backslashes in systemd credential names 
This patch fixes loading issues for pre shared keys for
peers without custom names. In this case the peer's public
key would be used in the name for the corresponding pre
shared key credential, causing a loading error.

The networking.wireguard base module already escapes some
base64 characters of the public key with escape sequences
starting with a backslash. This backslash is now replaced
with an underscore for use in the credential names.
 2024-12-28 01:34:11 +01:00
networkException e7e42de5a7
nixos/wireguard-networkd: only set PresharedKey credential when given a file 
This patch fixes an oversight in the initial implementation
of using systemd credentials in 6bc8dcc630
that would cause a warning to be logged about a missing credential
when presharedKeyFile wasn't set.
 2024-12-27 23:14:32 +01:00
github-actions[bot] 455ed0b468
Merge staging-next into staging 2024-12-27 00:14:44 +00:00
Alex Martens 403dfb7c93 nixos/ddclient: fix missing iproute2 
When obtaining the IP address from an interface iproute2 is missing:

"Unable to obtain information for 'bond-wan' -- missing ip or ifconfig command"

The prefix check to include iproute2 is incorrect for "usev4" and "usev6".

Currently the NixOS module checks for the "if" prefix.  This prefix is
not valid with "usev4" and "usev6":

"Invalid Value for keyword 'usev4' = 'if'"

"ifv4" must be used with "usev4", and "ifv6" with "usev6".

I updated the nixos module to check for the correct prefix with "usev4"
and "usev6", and include iproute2 as necessary.
 2024-12-26 23:59:47 +01:00
Sebastian Sinnlos 7a485e4780 nixos/ddclient: update defaults for usev4/6 
Set to future upstream [default](5b104ad116) as current defaults are broken because the
endpoints of dyndns.com only serve http. See [ddclient issue 597](https://github.com/ddclient/ddclient/issues/597)
 2024-12-26 20:48:42 +01:00
github-actions[bot] b00dfff9f9
Merge staging-next into staging 2024-12-25 18:04:40 +00:00
misuzu db3422a82f
nixos/hostapd: remove CCMP from recommended ciphers (#367464) 2024-12-25 18:32:44 +02:00
oddlama 8b193d75ac
nixos/hostapd: remove CCMP-256 from recommended ciphers 2024-12-25 16:27:05 +01:00
github-actions[bot] f8f22218c9
Merge staging-next into staging 2024-12-23 00:15:27 +00:00
Stefan Frijters 31942f20f4 nixos/ntpd: fix permissions error when creating drift file 
This fixes "frequency file /var/lib/ntp/ntp.drift.TEMP: Permission denied".

Creating a directory via StateDirectory makes that directory /var/lib/ntp owned by root:root.
However, when running ntpd we change to user ntp (see ntpFlags), so the process cannot
actually use that directory.

Actually creating a home directory for the user at that location solves that problem.
 2024-12-22 16:20:31 -06:00
oddlama e130769df5
nixos/hostapd: remove unused imports 2024-12-22 22:10:46 +01:00
github-actions[bot] 915adfe15e
Merge staging-next into staging 2024-12-22 00:16:10 +00:00
Arne Keller 8e8d65e1ca
nixos/bind: harden systemd service (#349548) 2024-12-21 17:07:03 +01:00
Arne Keller b59477329f
nixos/mullvad-vpn: remove unneeded hacks (#341992) 2024-12-21 15:48:44 +01:00
K900 81932cf82a Merge remote-tracking branch 'origin/staging-next' into staging 2024-12-20 21:34:46 +03:00
Jan Tojnar b1ce176cd1
Merge nixos/networkmanager: add options to supply secrets to connection profiles based on secret files (#352960) 2024-12-20 15:35:15 +01:00
github-actions[bot] f970ef5718
Merge staging-next into staging 2024-12-20 12:06:14 +00:00
misuzu a01b0bf2fe
nixos/networkmanager: split modemmanager into a separate module (#316824) 2024-12-20 13:06:35 +02:00
Colin efc3208be2 nixos/networkmanager: add a package option 
this is helpful for testing module changes or making downstream patches
in a way which doesn't force large rebuilds as an overlay would.
 2024-12-20 10:03:47 +00:00
Colin 9d4d21b587 nixos/modemmanager: add a package option 
this is helpful for testing module changes or making downstream patches
in a way which doesn't force large rebuilds as an overlay would.
 2024-12-20 10:03:42 +00:00
Martin Weinelt dc24bbfc13
Merge remote-tracking branch 'origin/staging-next' into staging 2024-12-20 00:40:06 +01:00
Colin 5a04fc7e7d nixos/networkmanager: format with nixfmt 2024-12-19 22:44:47 +00:00
Colin 0deadd5baf nixos/networkmanager: split ModemManager bits into own module 
this should not result in any observable change by default, the
motivation is to make working on either one of these components in
isolation of the other a bit easier.
 2024-12-19 22:44:47 +00:00
Thiago Kenji Okada 8369379c1b
sunshine: resolve tray icon issues (#364438) 2024-12-19 20:50:33 +00:00
bb2020 cf63529fc5 nixos/minidlna: refactor 2024-12-19 21:21:14 +03:00
K900 7661b4ac55 Merge remote-tracking branch 'origin/staging-next' into staging 2024-12-19 12:47:54 +03:00
Arne Keller 222f73ddbe
nixos/tftpd: remove with lib, format with nixmft-rfc-style (#353658) 2024-12-18 19:36:30 +01:00
Arne Keller f610b7204c
whoogle-search: init at 0.9.0, add module (#350730) 2024-12-18 18:52:29 +01:00
Malte Voos 1cf796812a nixos/whoogle-seach: add module 2024-12-18 15:14:45 +01:00
lilly 24e0db1ba9
nixos/networkmanager: add nm-file-secret-agent options 
nm-file-secret agent is a small agent that can supply secrets of
connection profiles to NetworkManager by reading the contents of
preconfigured files.
These files could be supplied e.g. by nixos-sops or any other mechanism.
 2024-12-17 17:32:51 +01:00
โทสตัล 3284305eb3 allow the ability to skip the database 2024-12-17 19:55:46 +07:00
โทสตัล a7e3b6a1ae nixos/biboumi: update docs version 2024-12-17 19:55:46 +07:00
โทสตัล 6900d0cf3e nixos/biboumi: expose package for overriding 2024-12-17 19:55:46 +07:00
Morgan Helton f6262762b2
sunshine: fix tray icon and menu links 2024-12-16 18:43:39 -06:00
github-actions[bot] 969a164c41
Merge staging-next into staging 2024-12-17 00:16:02 +00:00
networkException 1fc937818d
nixos/wireguard-networkd: fix systemd credentials not working with multiple keys per interface 
This patch fixes systemd credential loading for wireguard
with networkd not working when specifying more than one
credential per interface by properly flattening the resulting
multidimensional list instead of falling back on string concat
with a space.

Resolves #365402
 2024-12-15 19:22:33 +01:00
Wolfgang Walther e58e0c158e
various: replace substituteAll with replaceVarsWith 
This covers cases which need to use replaceVarsWith because the use
isExecutable = true.
 2024-12-15 13:35:30 +01:00
marius david 0c032a628c services.flannel: add an extraNetworkConfig configuration, add br_netfilter kernel module 2024-12-15 10:10:38 +01:00
Michele Guerini Rocco 9bdcd51ed6
nixos/dhcpcd: fix when ipv6 is disabled (#362568) 2024-12-14 14:23:06 +01:00
misuzu 382e7cbf49
nixos/hickory-dns: make settings.zone freeform; expose configFile option (#363001) 2024-12-14 12:45:21 +02:00
Arne Keller e88362522c
nixos/resilio: set rslsync gid (#350055) 2024-12-12 22:32:16 +01:00
nicoo f6c5531461
nixos: Don't set !allowSubstitutes (#314664) 
It is set by `runCommandLocal` and prevents fetching the build output
from `cache.nixos.org` or another trusted substituter.
 2024-12-12 18:26:24 +00:00
Arne Keller 138ac300df
nixos/v2ray: change the type of config field (#163810) 2024-12-11 10:30:02 +01:00
Majiir Paktu e5a456f26f nixos/wireguard-networkd: re-enable by default for networkd users 2024-12-10 19:33:45 -05:00
Majiir Paktu 6bc8dcc630 nixos/wireguard-networkd: use systemd credentials for privateKeyFile and presharedKeyFile 2024-12-10 19:33:45 -05:00
Majiir Paktu cca305f3e3 nixos/wireguard-networkd: fix issue link 2024-12-10 16:57:53 -05:00
Majiir Paktu a93d42e97e nixos/wireguard-networkd: disable by default 
Enabling networking.wireguard.useNetworkd currently requires users to
modify the permissions of their private key files. Since that is a bad
upgrade experience, the module should be disabled by default for now.
Once systemd credential support is added to the module, it should be
safe to once again enable it by default for networkd users.
 2024-12-10 16:54:50 -05:00
misuzu ad12b26526
nixos/crab-hole: init (#341598) 2024-12-10 22:16:50 +02:00
NiklasVousten bd4a6b9aae nixos/crab-hole: init crab-hole 2024-12-10 21:08:31 +01:00
Silvan Mosberger 4f0dadbf38 treewide: format all inactive Nix files 
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.

Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.

A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.

This commit was automatically created and can be verified using

    nix-build a08b3a4d19.tar.gz \
      --argstr baseRev b32a094368
    result/bin/apply-formatting $NIXPKGS_PATH
 2024-12-10 20:26:33 +01:00
Weijia Wang dce92e62e7
v2raya: add cliPackage option (#334876) 2024-12-09 19:19:01 +01:00
Dmitry Voronin 9451bb51c2
nixos/zapret: remove maintainer 2024-12-09 11:00:01 +03:00
Colin 9117dd65a6 nixos/hickory-dns: expose configFile as a toplevel option 
this allows users the option to configure hickory-dns manually,
for example from the .toml files specified in hickory-dns examples
directory.
 2024-12-08 22:58:48 +00:00
Melvyn e857cfa8a1
nixos/seafile: fix systemd option capitalization for RandomizedDelaySec (#363324) 2024-12-08 15:50:45 -05:00
Majiir Paktu a5de36518f nixos/wireguard-networkd: init 
Adds a networkd backend for the networking.wireguard options.
 2024-12-07 20:01:17 -05:00
Colin 3715bf4e98 nixos/hickory-dns: give settings.zone a freeformType 
like the toplevel hickory-dns.settings, options here are handled by the
hickory-dns binary: users should be able to specify options that the
nixos module has overlooked.
 2024-12-08 00:54:56 +00:00
K900 745a890dbd
nixos/hostapd: remove HT40- from default capabilities (#362677) 2024-12-07 09:56:58 +03:00
Franz Pletz be4a655cf2
modules/avahi: Enable IPv6 by default (#361016) 2024-12-07 06:54:36 +01:00
Andrew Childs 8a97d662dd nixos/hostapd: remove HT40- from default capabilities 
The current default configuration, automatic channel selection with
the HT40- capability, is explicitly disallowed by an assertion in this
module.

This is a result of recent change to default to automatic channel
selection in 1047f0a6bf.
 2024-12-07 13:02:02 +09:00
Aaron Ecay ebbdb61935 fix dhcpcd when ipv6 is disabled 2024-12-06 20:47:15 +00:00
qubitnano 5d10e2bedb nixos/unifi: always restart service 
This allows the controller to restart when restoring from a backup
 2024-12-04 17:12:53 -05:00
qubitnano e5b5cf80c5 nixos/unifi: enable sd_notify 
Let's use unifi's sd_notify now that it's patched
 2024-12-04 17:12:53 -05:00
nicoo b375b56327 nixos/ncdns: remove dead code, mark unused parameters with _ 
Found using `deadnix`.
 2024-12-04 20:50:46 +00:00
nicoo adaee656c2 nixos/ncdns: Replace custom config format handling with pkgs.formats.toml 2024-12-04 20:50:46 +00:00
misuzu 52b4f50573
nixos/zeronet: fix settings option (#128976) 2024-12-04 21:42:01 +02:00
Frédéric Christ 07e283f2b1 modules/avahi: Enable IPv6 by default 
Avahi's default for `use-ipv6` is yes as well. I see no reason why we
should do this differently.
 2024-12-04 11:06:49 +01:00
misuzu b4837eea02
nixos/nbd: remove with lib; (#343506) 2024-12-04 00:51:47 +02:00
Wolfgang Walther 0f009407d9
various: remove syslog.target unit dependency (#154633) 
Resolves #149721
 2024-12-03 21:17:38 +01:00
Franz Pletz b9867333b6
nixos/fireqos: fix service not being enabled (#361402) 2024-12-03 21:12:39 +01:00
Leona Maroni 638568b385
nixos/frr: make runtime directory world-readable (#358930) 2024-12-03 16:34:58 +01:00
Martin Weinelt 566e53c2ad
nixos/knot: add missing CLIs to wrapper (#361139) 2024-12-03 13:40:06 +01:00
Franz Pletz c91e47f589
nixos/fireqos: modernize 2024-12-03 11:11:45 +01:00
budimanjojo 7ed1bb9467
nixos/fireqos: fix service not being enabled 
Signed-off-by: budimanjojo <budimanjojo@gmail.com>
 2024-12-03 16:44:27 +07:00
Alexander Sieg 46402be060 nixos/knot: add missing CLIs to wrapper 2024-12-02 17:17:19 +01:00
Sefa Eyeoglu 94d17479d4
nixos/searxng: limiter.toml reference moved (#348761) 2024-12-02 17:09:16 +01:00
misuzu 400af872ce
networkd-dispatcher: don't patch conf file path, add extraArgs option (#265348) 2024-12-02 17:37:50 +02:00
Martin Weinelt 3828bc6e11
nixos/kea: fix settings example (#361068) 2024-12-02 14:13:16 +01:00
bloominstrong 798c3d20d3 nixos/kea: fix settings example 
As of 2.6.0 subnet-ids need to be provided in the setitngs, adding that to the dhcp{4,6}.settings example
 2024-12-02 21:49:10 +10:00
Alexander Sieg 12c4224d83
nixos/shairport-sync: restart the systemd service on failure (#357253) 2024-12-02 11:52:31 +01:00
misuzu dd9a2e26ac
nixos/nat: Match iptables behavior with nftables, add externalIP check (#277016) 2024-12-02 12:02:45 +02:00
misuzu 491c8c8e0a
nixos/netbird: fix coturn configuration (#356267) 2024-12-01 23:07:35 +02:00
Nick Cao 7fd3ecc74d
nixos/strongswan: update start_action option (#360731) 2024-12-01 13:47:27 -05:00
Michele Guerini Rocco 49f57fdb25
nixos/hostapd: allow octothorpe characters in SAE password (#356079) 2024-12-01 17:35:23 +01:00
RMT fc46ecd8c9
nixos/strongswan: update start_action option 2024-12-01 22:34:44 +08:00
Rick van Schijndel 35a2fc6117
nixos/aria2: allow fine tuning download file permissions (#359045) 2024-12-01 11:52:02 +01:00
TNE 46b2df60a5 nixos/nat: Allow NAT to still function when a forward default DROP iptables rule is in effect. 
This allows feature parity with the nftables "filterForward" firewall option when adding a ip forwarding default drop iptables rule.
 2024-12-01 09:36:02 +01:00
TNE 622376ecb0 nixos/nat: Prevent NAT reflection on connections not coming from behind the NAT 2024-12-01 09:36:02 +01:00
TNE 6cb4e7d591 nixos/nat: Only connections made to the nat.externalIP will be port forwarded. 2024-12-01 09:36:02 +01:00
Azat Bahawi 130bb06af1
nixos/zapret: extra features (#356339) 2024-11-30 21:08:58 +03:00
Felix Buehler 07894f4f30 nixos/services.stunnel: remove with lib; 2024-11-28 19:08:42 +01:00
Felix Buehler 93d6b8180e nixos/services.oink: remove with lib; 2024-11-28 19:08:42 +01:00
Felix Buehler 2d4a4c110a nixos/services.nylon: remove with lib; 2024-11-28 19:08:42 +01:00
Felix Buehler 2bf4393a9b nixos/networking.nftables: remove with lib; 2024-11-28 19:08:42 +01:00
Felix Buehler 83cc2cd01f nixos/services.nebula: remove with lib; 2024-11-28 19:08:42 +01:00
Felix Buehler e14d1dc198 nixos/services.ncdns: remove with lib; 2024-11-28 19:08:42 +01:00
Leona Maroni 57decfd591
nixos/wg-access-server: bugfix missing cfg dns.enabled (#352839) 2024-11-27 18:04:46 +01:00
MakiseKurisu e9e23cd28c
nixos/aria2: allow fine tuning download file permissions 2024-11-26 00:04:31 +08:00
Jared Baur 7b87a185a8 nixos/clatd: use clat-dev if it exists in settings 
Otherwise, fallback to the default interface name `clat`.
 2024-11-25 23:24:11 +11:00
Jared Baur 7665f6cb34 nixos/clatd: fix NetworkManager integration for dispatcher script 2024-11-25 23:24:11 +11:00
Molly Miller f014b0d415 nixos/frr: make runtime directory world-readable 
FRR intends for non-root users to connect to the VTY sockets if they
are members of the frrvty group, however this is not possible if
non-root/non-frr users cannot access the runtime directory. The
sockets used by the FRR daemons for internal IPC are also created in
the runtime directory, however these are created with appropriately
restrictive permissions to prevent interference.
 2024-11-25 10:10:06 +01:00
Majiir Paktu 3c7196f05b nixos/networkd-dispatcher: add extraArgs option 
The service file in the package adds $networkd_dispatcher_args to
ExecStart=.
 2024-11-23 14:17:57 -05:00
Sandro d1c079db10
nixos/suricata: Fix module and add to module-list (#349826) 2024-11-23 18:30:55 +01:00
Sefa Eyeoglu ecd6e1eed1
nixos/netbird: fix port conflict on metrics endpoint (#357105) 2024-11-22 20:03:23 +01:00
Dmitry Voronin 3890e029e3
nixos/zapret: extra features 2024-11-22 04:45:46 +03:00
TheRealGramdalf bfc160a84c nixos/netbird: fix port conflict on metrics endpoint 2024-11-21 05:31:53 +00:00
Naïm Favier b294762bb9
nixos/libreswan: use environment.etc."ipsec.secrets".text 
This is to ensure compatibility with the networkmanager module, which
uses the `text` option.
 2024-11-20 19:59:02 +01:00
TobTobXX 26fbd1adbe
nixos/bind: Fix cacheNetworks option 
services.bind.cacheNetworks should only apply to recursive queryies, as
per the option documentation:
> Note that this is for recursive queries – all networks are allowed to
> query zones configured with the zones option by default [...].

This would correspond to the `allow-query-cache` option in named.conf,
as per the BIND docs[1]:
> Specifies which hosts (an IP address list) can access this server’s
> cache and thus effectively controls recursion.

And not `allow-query`, which restricts all requests (including requests
where the server has authority) [2]:
> Specifies which hosts (an IP address list) are allowed to send queries
> to this resolver.
> [...]
> Note:
> `allow-query-cache` is used to specify access to the cache.

[1]: https://bind9.readthedocs.io/en/v9.20.0/reference.html#namedconf-statement-allow-query-cache
[2]: https://bind9.readthedocs.io/en/v9.20.0/reference.html#namedconf-statement-allow-query
 2024-11-20 10:47:06 +01:00
Jordan Williams dde8ee1179
nixos/shairport-sync: restart the systemd service on failure 
This ensures shairport-sync is running, even after crashes.
 2024-11-19 06:51:12 -06:00
Martin Joerg 0afba0d517 python312Packages.magic-wormhole-mailbox-server: 0.4.1 -> 0.5.1 
https://github.com/magic-wormhole/magic-wormhole-mailbox-server/compare/refs/tags/0.4.1...refs/tags/0.5.1
https://github.com/magic-wormhole/magic-wormhole-mailbox-server/blob/0.5.1/NEWS.md

Python 3.12 is now supported
 2024-11-18 07:37:49 +00:00
royce-c 9af100479c nixos/chrony: fix memory locking issue with graphene-hardened-light 
The chronyd.service fails with 'graphene-hardened-light' unless enableMemoryLocking is set to false.
 2024-11-17 16:07:36 -08:00
Jared Baur 027e77778c
nixos/hostapd: allow octothorpe characters in SAE password 
The `saePasswordsFile` option mentions that lines beginning with `#` are
ignored, however the current regexp ignores all lines with `#` located
anywhere in the line. In order to better fit the documentation, the
regexp has been changed to only allow `#` at the beginning of the line,
with optional whitespace.
 2024-11-17 11:39:17 -08:00
Tom Fitzhenry a2337e4f6c nixos/spiped: use systemctl restart during activation 
As is common with other networking services, stopIfChanged=true (the default) can cause O(seconds) downtime during activation.

Reduce this downtime by disabling stopIfChanged as done in:
* sshd https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L569
* tailscale https://github.com/NixOS/nixpkgs/pull/170210
 2024-11-17 20:39:25 +11:00
Tom Fitzhenry 235d103ff7 nixos/clatd: add enableNetworkManagerIntegration option 2024-11-17 20:38:55 +11:00
jopejoe1 95b30da133
nixos/shairport-sync: add package option (#355985) 2024-11-16 03:12:02 +01:00
Yaroslav Bolyukin 4b8fee2274
nixos/netbird: fix coturn configuration 2024-11-15 21:05:56 +01:00
Weijia Wang cedd087b81
globalprotect-openconnect: Reinstate v1 (#355758) 2024-11-15 18:25:57 +01:00
Colin c00cdccd00
nixos/teleport: add required utils to path (#332810) 2024-11-15 13:16:39 +00:00
Jordan Williams 697fa78c9a
nixos/shairport-sync: add package option 2024-11-15 06:47:24 -06:00
bb2020 93d38a29e0 nixos/minidlna: add option 2024-11-15 15:18:54 +03:00
bb2020 547251956b nixos/minidlna: remove with lib 2024-11-15 15:18:43 +03:00
Guilhem Saurel 39e22be299 nixos/mptcpd: init 
Co-authored-by: Martin Weinelt <mweinelt@users.noreply.github.com>
 2024-11-15 08:53:01 +01:00
Colin 9bd0271b22
nixos/minidlna: add package option (#345770) 2024-11-15 06:29:43 +00:00
Rahul Rameshbabu b6bac07973
globalprotect-openconnect: Reformat expressions using RFC style 
The original work did not use the new nixfmt style.

Signed-off-by: Rahul Rameshbabu <sergeantsagara@protonmail.com>
 2024-11-14 09:28:04 -08:00
Rahul Rameshbabu 8f2fa04fd9
Revert "globalprotect-openconnect: remove deprecated 1.x package" 
This reverts commit b08d6a664f.

Signed-off-by: Rahul Rameshbabu <sergeantsagara@protonmail.com>
 2024-11-13 13:41:34 -08:00
Franz Pletz bb6d800c3a
iwd: update settings documentation (#352989) 2024-11-06 12:17:24 +01:00
Guilhem Saurel 71f467fc88 iwd: update settings documentation 
The link https://iwd.wiki.kernel.org/networkconfigurationsettings is
currently broken, as it redirect to the 404
https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/networkconfigurationsettings ; the correct link is
https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/networkconfigurationsettings.html but it is marked as obsolete, and tell the user to read the iwd.network(5) man.

Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
 2024-11-06 11:10:42 +01:00
Sandro a633b5fb12
OpenVPN: don't fail to restart stopped units (#345993) 2024-11-06 01:16:43 +01:00
Sandro Jäckel 22fea14d11
nixos/tftpd: cleanup 2024-11-04 15:55:13 +01:00
Sandro Jäckel 8440f6cc6f
nixos/tftpd: format with nixmft-rfc-style 2024-11-04 15:54:39 +01:00
Sandro Jäckel 7e6a0edf64
nixos/tftpd: remove with lib 2024-11-04 15:49:59 +01:00
PAEPCKE, Michael a58c8fee1e
nixos/wg-access-server: bugfix dns.enabled (yaml) 2024-11-01 17:09:34 +00:00
Nico Felbinger 9e608d46a9
nixos/suricata: add description fields for configuration 2024-11-01 14:42:53 +01:00
Yureka 959cb6b020 nixos/fastnetmon-advanced: set dbus implementation to dbus-broker 
Fixes "Failed to restart gobgp.service: Transport endpoint is not connected"

Fixes the nixos test

Change-Id: I96fe6ce8e69ec3038b349d45a8046ed93333dddb
 2024-10-31 01:50:34 +01:00
DCsunset acda73926d nixos/murmur: support setting user and group for service 2024-10-30 08:21:48 +00:00
DCsunset 2f0c3c88cb nixos/murmur: support setting custom state directory 2024-10-30 08:21:48 +00:00
Aleksana dbe33f99b7
nixos/soju: use message-store instead of deprecated log in config (#338650) 2024-10-29 17:37:21 +08:00
Aleksana 5fd2f5aac6
tailscaled: Add option to disable Taildrop (#346957) 2024-10-29 17:19:31 +08:00
Nico Felbinger 32d516c84d
nixos/radicale: fix links to documentation 2024-10-28 19:56:12 +01:00
Felix Bühler 3f8d6caed2
nixos/xl2tpd: prefer 'install' over 'chmod/chown' (#302388) 2024-10-27 19:21:21 +01:00
Martin Weinelt 5e10c1522b
nixos/avahi-daemon: set up sandboxing (#348406) 2024-10-26 16:22:04 +02:00
Martin Weinelt ca4f13857c
nixos/coturn: set up sandboxing (#348396) 2024-10-26 16:21:46 +02:00
Michele Guerini Rocco 9a415c28ae
dhcpcd: fix more permissions errors (#351225) 2024-10-26 02:00:23 +02:00
rnhmjoj 483e44684d
dhcpcd: fix permissions error with secondary IPv4 addresses 
If dhcpcd receives a secondary IPv4 address from the DHCP server it
tries to enable automatic promotion from secondary to primary by writing
`1` to /proc/sys/net/ipv4/conf/%s/promote_secondaries.
 2024-10-25 21:33:30 +02:00
Felix Bühler 29cdb4373e
pptpd: prefer 'install' over 'chmod/chown' (#308085) 2024-10-25 20:48:22 +02:00
Aadniz 4b44081827 nixos/searxng: limiter.toml reference moved 
fd814aac86 (diff-c33cdfa4503c019bc49259acad45fc0a895a127b20ae3ffefaa12b7c439d4aa2)
 2024-10-25 14:27:12 +02:00
Sefa Eyeoglu 15aad9d3a1
nixos/ntpd: cleanup; add tests (#349633) 2024-10-24 15:21:01 +02:00
Martin Weinelt 8a2439f1c2
nixos/avahi-daemon: set up sandboxing 2024-10-24 15:04:14 +02:00
rcerc 42d887adbf nixos/supplicant: Always provide a first configuration file argument 
`wpa_supplicant` refuses to start when `configFile.path == null` because this
omits the `-c` (‘Configuration file’) option, which it requires even if the
`-I` (‘additional configuration file’) option is provided. If `configFile.path
== null`, pass `extraConfFile` with `-c` instead of `-I` to prevent this.
 2024-10-24 08:25:02 +02:00
Kerstin Humm b12bcabd24
maintainers: remove erictapen from packages that I don't really maintain anymore 2024-10-22 12:32:29 +02:00
K900 099cde3a92
Revert "nixos/ssh: disable authorizedKeysInHomedir by default" 2024-10-20 21:32:29 +03:00
Jake Hillion ba01c8bab3 nixos/resilio: set rslsync gid 2024-10-20 17:51:14 +01:00
nicoo 06929a6fb0
nixos/ssh: disable authorizedKeysInHomedir by default (#309025) 2024-10-20 16:19:25 +00:00
Tomo 8d642257fb
nodePackages.shout: drop (#349715) 2024-10-19 18:46:30 -07:00
Pyrox 4e632e9c3f
nixos/ntpd: Add hardening 2024-10-19 14:26:17 -04:00
Pyrox 53bc9450bc
nixos/ntpd: Use StateDirectory instead of a preStart script 2024-10-19 14:26:00 -04:00
Tomo 76c7c2dd88 nodePackages.shout: drop 
shout has been deprecated since 2016:
90a62c56af

Also, move the top-level `shout` alias to `pkgs/top-level/aliases.nix`.

Part of #229475
 2024-10-19 17:53:20 +00:00
Nick Cao f8b17f235e
nixos/sing-box: generate config file into RuntimeDirectory (#338457) 2024-10-19 10:11:00 -04:00
Pyrox 297f21e357
nixos/ntpd: format with nixfmt-rfc-style 2024-10-19 04:39:16 -04:00
Peder Bergebakken Sundt 03d8f52dc6
nixos/tailscale: document tailscale-autoconnect (#347881) 2024-10-19 07:01:26 +02:00
Peder Bergebakken Sundt 465201822e
nixos/mihomo: fix option type and test (#345891) 2024-10-19 06:58:41 +02:00
Sandro f0bc4f6bbf
nixos-firewall-tool: add nftables support (#324615) 2024-10-18 23:57:39 +02:00
HackerNCoder 63cd2b8e03 nixos/bind: rndc-confgen should not chown file 2024-10-18 22:23:28 +02:00
nicoo 6c62fbf539 nixos/sshd: warn if no authorized keys, and no authentication method other than pubkeys, were configured 2024-10-18 20:23:02 +00:00
nicoo 1f08575e3a nixos/sshd: Disable authorizedKeysInHomedir if stateVersion >= 24.11 
Co-authored-by: Valentin Gagarin <valentin@gagarin.work>
 2024-10-18 20:21:12 +00:00
Stanisław Pitucha 87c458e3ce
nixos/go-camo: fix shellcheck findings with enableStrictShellChecks enabled (#349557) 2024-10-19 06:22:18 +11:00
jmir1 858b5c6762 nixos/ddclient: Fix ip command with usev4 and usev6 2024-10-18 20:32:16 +02:00
Gary Guo cabbab19e2
nixos-firewall-tool: add nftables support 
Co-authored-by: Rvfg <i@rvf6.com>
 2024-10-18 20:16:27 +02:00
HackerNCoder 4855723c87 nixos/bind: Make ProtectSystem strict, add missing SystemCallFilters 
ReadWritePaths now gets the directory of zone files
 2024-10-18 19:36:10 +02:00
HackerNCoder 1cb6d22386 nixos/bind: harden systemd service 2024-10-18 16:38:30 +02:00
Vladimír Čunát a8f84a9dff
nixos/kresd: add link to upstream doc (#311915) 2024-10-18 10:22:18 +02:00
David McFarland cd286b21e4
resolvconf: use correct output files when used with dnsmasq (#349320) 2024-10-17 16:44:18 -03:00
David McFarland 403604ca66 resolvconf: use correct output files when used with dnsmasq 2024-10-17 14:20:57 -03:00
Adam Stephens bece21421b
nixos/atticd: wants network-online.target 
fixes:

trace: evaluation warning: atticd.service is ordered after 'network-online.target' but doesn't depend on it
 2024-10-16 12:36:19 -04:00