tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-19 23:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
604140 commits 199 branches 75 tags 12 GiB
Commit graph

3737 commits

Author SHA1 Message Date
Maciej Krüger 5f300ad70c
networking/nftables: only delete our tables if flushRuleset is set to false 2023-08-28 00:40:19 +02:00
Maciej Krüger d5a0826686
networking/nftables: remove no longer relevant conflict warnings 2023-08-28 00:40:18 +02:00
Maciej Krüger cd3af25932
networking/nftables: enable flushing ruleset for older versions 
Co-authored-by: Naïm Favier <n@monade.li>
 2023-08-28 00:35:39 +02:00
Maciej Krüger 311d2fa994
*: migrate to using nftables.tables instead of ruleset directly 2023-08-28 00:30:29 +02:00
Maciej Krüger 048ef0d455
networking/nftables: add .tables property and disable ruleset flushing by default 
This allows for other unmanaged tables to co-exist peacefully on the os,
by having the nixos-managed tables be re-created atomically and the other
tables will simply be left untouched.
 2023-08-28 00:30:28 +02:00
Ilan Joselevich 49f76fea56
Merge pull request #251032 from Kranzes/twingate-resolved 
nixos/twingate: avoid conflicts with resolved
 2023-08-24 01:39:27 +03:00
Ilan Joselevich e739ef8066
nixos/twingate: avoid conflicts with resolved 2023-08-23 23:01:47 +03:00
Muhammad Falak R Wani 3f141be99c
tailscale: add mfrw as maintainer 
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
 2023-08-23 08:32:33 +05:30
Martin Weinelt 7c75694db9
Merge pull request #240982 from rnhmjoj/pr-jool 
nixos/jool: add service for setting up SIIT/NAT64
 2023-08-19 23:32:05 +02:00
K900 200eeb9ebe
Merge pull request #249101 from motiejus/headscale-oidc 
headscale.oidc: client_secret_path is a string
 2023-08-16 17:23:56 +03:00
Pol Dellaiera 11f3cbc0c3
Merge pull request #246181 from jvanbruegge/haproxy-package 
nixos/haproxy: allow to specify haproxy package
 2023-08-15 19:46:13 +02:00
Jan van Brügge 90da2c1223
nixos/haproxy: allow to specify haproxy package 2023-08-15 12:24:55 +01:00
Motiejus Jakštys 28cf78b857 headscale.oidc: client_secret_path is a string 
It can be include an environment-variable, like
`${CREDENTIALS_DIRECTORY}/some-path`, failing validation for
`types.path`.
 2023-08-14 13:03:06 +03:00
Atemu 7706f570a7 dnscrypt-proxy: rename from dnscrypt-proxy2 
An alias is added for dnscrypt-proxy2
 2023-08-13 16:03:31 +02:00
Nick Cao 722e1e2313
Merge pull request #247899 from DavHau/zerotier-docs 
nixos/zerotierone: document networks never left automatically
 2023-08-13 00:00:35 -06:00
oddlama bbac87a2dd
nixos/hostapd: add missing stringification of path in INI format 2023-08-11 22:44:08 +02:00
Evgeny Kurnevsky 5110d348b2
wstunnel: correct listen option 2023-08-11 11:58:40 +03:00
CnTeng 24f2116a7a nixos/dae: use network-online 2023-08-10 20:23:46 +08:00
Franz Pletz c13c1412bf
nixos/chrony: add enableMemoryLocking option 
Fixes #222629.
 2023-08-10 03:03:53 +02:00
DavHau 74c574a8db nixos/zerotierone: document networks never left automatically 
Removing a network from the joinNetworks list does not make the machine leave the network which is confusing.

This behavior is now clarified via the options description
 2023-08-08 11:31:33 +02:00
Michele Guerini Rocco ccc33bd3d7
Merge pull request #245852 from rnhmjoj/pr-fix-dnscrypt 
dnscrypt-wrapper fixes
 2023-08-08 10:34:27 +02:00
pokon548 dcf5ae3d0b nixos/dae: init 2023-08-07 14:32:32 +08:00
Emery Hemingway b6c5112152 nixos/ntopng: seperate interface config with newlines 2023-08-05 10:02:48 +01:00
ajs124 bf4d2e6c1e
Merge pull request #242538 from tnias/fix/apparmor 
apparmor: add some policies and improve abstractions and utils
 2023-08-04 13:05:52 +02:00
Martin Weinelt 667c4f2dc6
Merge pull request #224635 from helsinki-systems/drop/dhcpd 
dhcpd: remove
 2023-08-03 15:12:06 +02:00
Yureka 31d4a4af19 nixos/bird: fix checkConfig with cross-compilation 2023-07-31 13:48:55 +02:00
Pol Dellaiera 80d8a945dd
Merge pull request #245570 from jwygoda/tailscaled-autoconnect-options 
nixos/tailscale: add extraUpFlags option
 2023-07-29 06:12:26 +02:00
Jarosław Wygoda 2dbda3314f nixos/tailscale: add extraUpFlags option 2023-07-28 22:44:37 +02:00
Ryan Lahfa 2a0aaa7e8f
Merge pull request #245413 from oddlama/fix-hostapd-mac-allow 2023-07-28 19:19:02 +02:00
ajs124 413d9d3864 nixos/dhcp(46): remove 
package reached its EOL on 2022-10-04
see https://www.isc.org/blogs/isc-dhcp-eol/ for details
 2023-07-28 16:35:40 +02:00
pennae e2a43fbfb3
Merge pull request #244356 from datafoo/mosquitto-systemd-credentials 
nixos/mosquitto: leverage systemd credentials
 2023-07-26 18:23:06 +02:00
Florian Klink 7539b8f2d7
Merge pull request #244841 from flokli/networkmanager-fix-ppp-plugin 
nixos/networkmanager: create pppd lock directory
 2023-07-26 17:44:35 +02:00
oddlama 0ac2ba763f
nixos/hostapd: fix regression after refactoring to RFC42. 
Switching from submodule notation from ({name, ...}: {}) to (submob: {}) seems to require a different accessing scheme.
 2023-07-25 18:40:51 +02:00
Sandro Jäckel 83793ca898
nixos/fonts: rename fonts.enableDefaultFonts to fonts.enableDefaultPackages 
to better fit the renamed fonts.packages
 2023-07-25 00:55:25 +02:00
datafoo 533ff8546b nixos/mosquitto: leverage systemd credentials 
Use systemd credentials for all variations of user passwords.
Password files do not need special permissions anymore.
 2023-07-24 11:37:30 +02:00
Lassulus ceaab39b40
Merge pull request #230196 from doronbehar/nixos/syncthing 
nixos/syncthing: Use API to merge / override configurations
 2023-07-24 08:38:50 +02:00
Pol Dellaiera a30cc10e7f
Merge pull request #242703 from jwygoda/tailscaled-autoconnect 
nixos/tailscale: add authKeyFile option
 2023-07-24 04:48:42 +02:00
Doron Behar 047fa8dbdf nixos/syncthing: Use API to merge / override configurations 
If one sets either of `override{Device,folder}s` to false, the jq `*`
operator doesn't merge well the devices and folders, creating duplicate
IDs for folders as observed in #230146. This PR makes the script iterate
via Nix / Bash loop the devices and folders IDs and merges the keys
using upstream's `curl -X POST` support for single objects.

Hence this commit fixes #230146.
 2023-07-23 18:22:33 +03:00
Florian Klink 02a5e9c933 nixos/networkmanager: create pppd lock directory 
I digged up some 3G stick, which uses ppp to set up the connection.

It failed to spin up ppp, because ppp failed to find the directory it wants to create its lockfiles in:

```
Jul 22 16:47:49 tp ModemManager[926779]: <info>  [modem1] state changed (connected -> disconnecting)
Jul 22 16:47:49 tp ModemManager[926779]: <info>  [modem1] simple connect started...
Jul 22 16:47:49 tp ModemManager[926779]: <info>  [modem1] simple connect state (4/10): wait to get fully enabled
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] state changed (disconnecting -> registered)
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (5/10): wait after enabled
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1/bearer0] connection #11 finished: duration 1s
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (6/10): register
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (7/10): wait to get packet service state attached
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (8/10): bearer
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (9/10): connect
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] state changed (registered -> connecting)
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] state changed (connecting -> connected)
Jul 22 16:47:50 tp ModemManager[926779]: <info>  [modem1] simple connect state (10/10): all done
Jul 22 16:47:50 tp pppd[1576260]: Plugin /nix/store/yqdqzz6y6agcmrfj8b6pwqhjcjyb3ypr-networkmanager-1.42.6/lib/pppd/2.5.0/nm-pppd-plugin.so loaded.
Jul 22 16:47:50 tp NetworkManager[1576260]: Plugin /nix/store/yqdqzz6y6agcmrfj8b6pwqhjcjyb3ypr-networkmanager-1.42.6/lib/pppd/2.5.0/nm-pppd-plugin.so loaded.
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: initializing
Jul 22 16:47:50 tp pppd[1576260]: pppd 2.5.0 started by root, uid 0
Jul 22 16:47:50 tp pppd[1576260]: Can't create lock file /var/run/pppd/lock/LCK..ttyUSB0: No such file or directory
Jul 22 16:47:50 tp NetworkManager[1576260]: Can't create lock file /var/run/pppd/lock/LCK..ttyUSB0: No such file or directory
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: status 2 / phase 'serial connection'
Jul 22 16:47:50 tp pppd[1576260]: Exit.
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: status 0 / phase 'dead'
Jul 22 16:47:50 tp pppd[1576260]: nm-ppp-plugin: cleaning up
```

Creating the directories via tmpfiles.d got the connection to succeed,
and might also fix other connections using PPP.
 2023-07-22 17:00:17 +03:00
Felix Bühler 0a2745684e
Merge pull request #239624 from Stunkymonkey/use-optionalString-then 
treewide: use optionalString instead of 'then ""'
 2023-07-22 13:02:47 +02:00
Nick Cao 0b411c1e04
Merge pull request #244750 from therishidesai/rdesai/fix-hostapd-hardening 
nixos/hostapd: add AF_PACKET to RestrictAddressFamilies
 2023-07-21 21:16:22 -06:00
Rishi Desai efba841aeb nixos/hostapd: add AF_PACKET to RestrictAddressFamilies 2023-07-21 21:11:14 -05:00
rnhmjoj c7c288fbd5
nixos/dnscrypt-wrapper: avoid using polkit 2023-07-22 02:12:31 +02:00
Lassulus f8ad4849c3
Merge pull request #233386 from Lassulus/syncthing-fix 2023-07-22 01:02:04 +02:00
Ilan Joselevich b0db3b7c11
nixos/twingate: fix cp (-n -> --update=none) 2023-07-21 19:57:57 +03:00
rnhmjoj 1f28c8defc
nixos/jool: validate the configuration 
This checks the validity of both NAT64 and SIIT configurations
at build time. An error produces something like this:

    Validating Jool configuration... Error: Cannot parse '283.0.113.1' as an IPv4 address.
 2023-07-21 09:08:40 +02:00
rnhmjoj 4657ff6ca7
nixos/jool: add service for setting up SIIT/NAT64 2023-07-21 09:07:54 +02:00
Jarosław Wygoda 7fc0e3334e nixos/tailscale: add authKeyFile option 
Auth key registers new nodes without needing to sign in via a browser

Tailscale sends status changes with systemd-notify.
https://github.com/tailscale/tailscale/blob/v1.44.0/ipn/ipnlocal/local.go#L3670
 2023-07-17 18:52:07 +02:00
Colin e7059632c6 nixos/trust-dns: init 
Co-authored-by: Yt <happysalada@tuta.io>
 2023-07-16 15:24:10 +08:00
Nick Cao d9dd68efda
Merge pull request #243004 from baloo/baloo/keepalived/vrrp-router-id 
keepalived: fixup `virtualRouterId` documentation
 2023-07-15 05:36:10 -06:00
Arthur Gautier ee38adc8e2 keepalived: use ints.between 
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
 2023-07-14 20:52:48 +00:00
Lassulus a4ffd00fb9
Merge pull request #243251 from schnusch/cgit-regex 
nixos/cgit: fix \v and \f in regexEscape
 2023-07-14 22:03:44 +02:00
schnusch 8980fdd9b5 nixos/cgit: fix \v and \f in regexEscape 2023-07-14 21:14:01 +02:00
Philipp Bartsch 30ad9053ab nixos/murmur: add apparmor policy 2023-07-13 11:11:01 +02:00
Arthur Gautier c8920fc6d9 keepalived: fixup virtualRouterId documentation 
Router id 0 is an invalid option with keepalived
 2023-07-12 06:12:03 +00:00
chayleaf 4d4c73ff78 treewide: update path to getent 2023-07-12 02:32:23 +07:00
Ryan Lahfa 7be83143e8
Merge pull request #222536 from oddlama/master 2023-07-08 14:36:18 +02:00
Ryan Lahfa 0d2f526dbb
Merge pull request #241462 from SuperSandro2000/remove-ddclient 2023-07-08 14:33:00 +02:00
Ilan Joselevich 160edcf2c5
nixos/twingate: add package option and test 2023-07-07 20:03:54 +03:00
tv 0ab3a1fd78 nixos/nftables: add redirect for /etc/hosts 2023-07-05 13:56:27 +02:00
tv 75e405c156 nixos/nftables: use environment.etc for redirects 2023-07-05 13:56:16 +02:00
tv 9e51ec86e7 nixos/nftables: add checkRulesetRedirects option 2023-07-05 13:55:34 +02:00
Sandro Jäckel d35df28f65
ddclient: remove package and module on upstream maintainer request 2023-07-04 16:46:53 +02:00
Felix Bühler e770737241
Update nixos/modules/services/networking/libreswan.nix 
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2023-07-02 19:03:19 +02:00
oddlama 1fa9f03eec
nixos/hostapd: rewrite to support multi-AP, password from file, and more 
At this point this is basically a full rewrite of this module, which
is a breaking change and was necessary to properly expose the useful
parts of hostapd's config. The notable changes are:

- `hostapd` is now started with additional systemd sandbox/hardening options
- A single-daemon can now manage multiple distinct radios and BSSs, which is
  why all configuration had to be moved into `hostapd.radios`
- By default WPA3-SAE will be used, but WPA2 and WPA3-SAE-TRANSITION are
  supported, too
- Added passwordFile-like options for wpa and sae
- Add new relevant options for MAC ACL, WiFi5, WiFi6 and WiFi7 configuration
- Implements RFC42 as far as reasonable for hostapd
- Removes `with lib;`
 2023-07-02 13:32:41 +02:00
TQ Hirsch dd481f2ee3
pdns: Changed paths in /etc to use pdns instead of powerdns 2023-07-01 18:55:51 +08:00
TQ Hirsch d25e5e2107
nixos/powerdns, nixos/pdns-recurser: Symlink configuration into /etc 
This places a symlink to the running configuration where the admin
tools expect it, allowing users to control the powerdns server or
recursor without manually specifying a config file.
 2023-07-01 18:55:50 +08:00
Michele Guerini Rocco aedc167ecf
Merge pull request #240325 from 999eagle/update/searxng 
nixos/searx: add configuration for redis and limiter settings
 2023-06-30 22:22:43 +02:00
Sandro Jäckel 000004d123
nixos/thelounge: fix example rendering 2023-06-30 18:14:24 +02:00
Sandro Jäckel 9999996fd6
nixos/sshd: fix example rendering 2023-06-30 18:14:16 +02:00
Sophie Tauchert 0aa5adef62
nixos/searx: add configuration for redis and limiter settings 2023-06-30 07:38:59 +02:00
lassulus 345745b6da nixos/syncthing: fix syncthing-init running by default 
also remove empty values from the config
 2023-06-29 17:57:11 +03:00
lassulus c42a7b668c Revert "Merge pull request #233377 from ncfavier/revert-226088" 
This reverts commit 7b28ea6783, reversing
changes made to 3009b12817.
 2023-06-29 17:56:30 +03:00
Nick Cao e52b401a95
nixos/sing-box: set umask 0077 when generating configuration file 2023-06-27 16:08:55 +08:00
Nick Cao d2483a8cc7
nixos/sing-box: init 2023-06-27 13:58:02 +08:00
Marco Rebhan af614b53d1 nixos/avahi: Add package option 
Allows replacing the avahi package (e.g. for debugging) without having
to use an overlay, avoiding unnecessary package rebuilds.
 2023-06-25 11:01:58 -03:00
Felix Buehler 6672dde558 treewide: use optionalAttrs instead of 'else {}' 2023-06-25 11:01:34 -03:00
Felix Buehler 933a41a73f treewide: use optional instead of 'then []' 2023-06-25 09:11:40 -03:00
Felix Buehler f3719756b5 treewide: use optionalString instead of 'then ""' 2023-06-24 20:19:19 +02:00
Nick Cao cca08f710c
Merge pull request #237507 from Alexis211/document-wgautomesh-gossip-secret 
wgautomesh: clearer documentation for `gossip_secret_file`
 2023-06-24 22:48:34 +08:00
Naïm Favier 9a9ded1675
nixos/syncthing: fix escaping 2023-06-23 20:19:51 +02:00
Sandro 0b77630d18
Merge pull request #209068 from CRTified/adguard-dhcp 2023-06-20 13:37:34 +02:00
rnhmjoj 7d263715bd nixos/fakeroute: run as unprivileged user 2023-06-20 01:12:04 +00:00
deinferno 26ff15b981
nixos/tailscale: fix ipv6 nat (v6nat) support 2023-06-16 12:18:55 +00:00
Carl Richard Theodor Schneider 59207cc930 nixos/adguardhome: Add allowDHCP option 
This option conditionally adds the `CAP_NET_RAW` capability to the service,
which is mandatory for enabling the integrated DHCP server.
It also adds another test case to validate that the DHCP server successfully
provides IP addresses to clients.

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2023-06-15 12:27:35 +02:00
Pol Dellaiera f45bee3f4d
Merge pull request #237003 from pacien/ddclient-remove-ipv6-opt 
nixos/ddclient: remove obsolete ipv6 option
 2023-06-14 19:57:34 +02:00
Alex Auvolat bbd4ce7d5e wgautomesh: clearer documentation for gossip_secret_file 2023-06-13 10:01:12 +02:00
Marillindië e394dc22f9 xray: allow binding lower ports 
Set CapabilityBoundingSet, AmbientCapabilities and NoNewPrivileges as described in XTLS/xray-install.
 2023-06-11 09:03:50 +01:00
pacien 76cabe1644 nixos/ddclient: remove obsolete ipv6 option 
Since ddclient@24ba945 (v3.10.0), the type and meaning of the "ipv6"
option has changed. This resulted in the following warning when
starting the service:

    WARNING:  file /run/ddclient/ddclient.conf, line 13:
    Invalid Value for keyword 'ipv6' = 'no'

This therefore removes the matching boolean option.
More advanced configurations can use the "extraConfig" option instead.
 2023-06-10 11:25:54 +02:00
Sergey Ivanov bbc56fd1c7
gnunet: fix systemd service config (#151269) 
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2023-06-09 16:33:51 +00:00
Weijia Wang 0dfe118d22
Merge pull request #236259 from wegank/mongodb-drop 
mongodb-4_2: drop
 2023-06-08 14:40:30 +03:00
Pol Dellaiera fdcc0ecf37
Merge pull request #236303 from alyssais/StrictModes 
nixos/sshd: add StrictModes option
 2023-06-07 15:53:20 +02:00
pennae 912caf09f7 unifi: drop pennae from maintainers 
not using this any more, and really don't have the energy to deal with
neither the fallout of ubnt not officially supporting mongodb newer than
3.6, nor the hacks nixpkgs contains to work around that.
 2023-06-06 23:29:46 +02:00
Alyssa Ross eeabae56e7
nixos/sshd: add StrictModes option 2023-06-06 16:06:09 +00:00
Ryan Lahfa a06d736f1f
Merge pull request #227203 from badele/fix-smokeping-symbolic-links 
nixos/smokeping: fix smokeping symbolic links
 2023-06-06 16:02:58 +02:00
Weijia Wang 3f467ff45f mongodb-4_2: drop 2023-06-06 14:26:11 +03:00
Bruno Adelé 0498957eac
nixos/smokeping: Fix smokeping preStart systemd 2023-06-03 08:06:18 +02:00
Gabriel Fontes 147668b8cf nixos/sitespeed-io: init 2023-06-03 03:12:51 +00:00
K900 e534047e2d
Merge pull request #234620 from linj-fork/fix/murmur-after 
nixos/murmur: make it be after network.target again
 2023-06-02 18:13:12 +03:00
Kira Bruneau 7e820610e3
Merge pull request #234207 from emilylange/acme-dns 
acme-dns: init at 1.0; nixos/acme-dns: init; nixos/acme-dns: init
 2023-05-31 11:40:35 -04:00
emilylange d0af39521b
nixos/acme-dns: init 2023-05-31 15:08:37 +02:00
r-vdp 2b63df0a03 modules/sshd: print the offending keys when we detect duplicate sshd keys. 2023-05-31 12:07:06 +02:00
Lin Jian 0ae9df6c5e
nixos/murmur: make it be after network.target again 
network.target was changed to network-online.target in this PR[1] to
workaround an issue[2].

The murmur version in Nixpkgs has fixed that issue[2].

[1]: https://github.com/NixOS/nixpkgs/pull/42860
[2]: https://github.com/mumble-voip/mumble/issues/1629
 2023-05-28 21:03:40 +08:00
Victor Freire 77520d39ce nixos/legit: init 2023-05-27 16:20:05 +00:00
Sandro ef2a17c946
Merge pull request #232339 from bl1nk/bl1nk/thelounge-package-option 
nixos/thelounge: add package option
 2023-05-25 22:04:22 +02:00
nyanotech 3aad03a464 nixos/sshd: detect duplicate config keys 2023-05-25 00:01:03 +02:00
Naïm Favier d5e090d2d8
Revert "nixos/syncthing: use rfc42 style settings" 
This reverts commit 32866f8d58.
This reverts commit 40a2df0fb0.
This reverts commit 4762932601.
 2023-05-22 10:29:52 +02:00
Sandro a74a4a2f32
Merge pull request #232534 from teutat3s/zhf/fix-prometheus-exporter-jitsi 
jitsi-videobridge: refactor broken `apis` option to `colibriRestApi`
 2023-05-21 18:43:59 +02:00
teutat3s cb81bd9340
jitsi-videobridge: refactor broken apis option to 
colibriRestApi

Refactor option to use jvb.conf and convert to boolean. Using the CLI
argument broke a while ago and is deprecated by upstream since 2021:
https://github.com/jitsi/jitsi-videobridge/pull/1738/files#diff-d9f589d2aae1673693461d7c3b9214324201ca1f43db63a3c773d4acfc52bc81

This fixes the currently broken test:
nixosTests.prometheus-exporters.jitsi
 2023-05-21 15:31:14 +02:00
Koen Wilde 0f37581eab
nixos/libreswan: Use StateDirectory to setup ipsec/nss 
The systemd manual `systemd.exec(5)` addresses the partly overlapping
functionality of the `tmpfiles.d(5)` setting and other, more semantic
settings and recommends their use if they fit your needs because these
semantic versions offer more guarantees.

One of those guarantees is that they are guaranteed to be ready by the
time the process starts whereas `tmpfiles.d` can be executed
asynchronously. I believe this is the cause of some issues I ran into
where I had to manually create the `/var/lib/ipsec/nss` directory. This
patch fixed those issues for me.
 2023-05-20 15:11:23 +02:00
figsoda 701bcdbead nixos: fix typos 2023-05-19 22:31:04 -04:00
lassulus 4762932601 nixos/syncthing: fix disabled folders 2023-05-18 11:06:57 +02:00
Markus Cisler a0b7802372 nixos/thelounge: add package option 
Adds a package option to the thelounge NixOS module.
 2023-05-17 08:34:18 -07:00
Naïm Favier 40a2df0fb0
nixos/syncthing: fixup #226088 2023-05-17 16:53:01 +02:00
Lassulus 52bbee772a
Merge pull request #232019 from 4z3/master-wireguard 2023-05-16 22:29:17 +02:00
Doron Behar 9b0a03fc88
Merge pull request #226088 from Xyz00777/master 
nixos/syncthing: applied rfc42 and added some additional options
 2023-05-16 13:29:36 +03:00
tv 50b845c5a6 nixos/wireguard: allow customizing peer unit name 2023-05-16 10:28:24 +02:00
Xyz00777 32866f8d58 nixos/syncthing: use rfc42 style settings 2023-05-15 14:38:56 +02:00
Ryan Lahfa e3bd7faa18
Merge pull request #226830 from Janik-Haag/birdwatcher 
birdwatcher: init at 2.2.4, alice-lg: init at 6.0.0, nixos/birdwatcher: init, nixos/alice-lg: init
 2023-05-15 08:42:10 +02:00
Janik H 40136a1f7f nixos/birdwatcher: init 2023-05-15 02:52:06 +02:00
Janik H 8ed86700a2 nixos/alice-lg: init 2023-05-15 02:52:06 +02:00
Katze dfb8a2a7c4
nixos/syncplay: add saltFile and extraArgs option (#220096) 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2023-05-12 18:01:33 +02:00
Martin Weinelt 537d611a75 nixos/sshd: Remove algorithms that do MAC-then-encrypt 
Algorithms with the -etm suffix calculate the MAC after encryption,
which is generally considered safer.
 2023-05-11 12:54:32 +02:00
Thomas 1ed6468c27
nixos.tinyproxy: init 2023-05-11 09:52:38 +02:00
Ilan Joselevich 7ecf20b490
nixos/harmonia: adjust module and test to upstream 2023-05-10 22:28:03 +03:00
Jörg Thalheim 76ffeaf06c nixos/harmonia: init service 2023-05-10 14:52:31 +02:00
Bruno Adelé 7af8ace239
nixos/smokeping: Format smokeping source code 2023-05-05 22:46:30 +02:00
Sandro 5d0d352833
Merge pull request #220761 from elesiuta/picosnitch-init 2023-04-30 01:52:10 +02:00
Thomas Gerbet b4e503a783 strongswan: 5.9.8 -> 5.9.10 
Fixes CVE-2023-26463: https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html

Release notes:
https://www.strongswan.org/blog/2023/03/02/strongswan-5.9.10-released.html
https://www.strongswan.org/blog/2023/01/03/strongswan-5.9.9-released.html
 2023-04-26 01:08:29 +02:00
Moritz 'e1mo' Fromm 3dc05fbe40 nixos/bird-lg: Add support for traceroute-flags 2023-04-25 12:00:44 +02:00
Moritz 'e1mo' Fromm a2e2972ff3 nixos/bird-lg: Add maintainers 2023-04-25 10:41:35 +02:00
Moritz 'e1mo' Fromm b63e0d77b8 nixos/bird-lg: Rework command attribute generation 
Prior to this change, arguments were not escaped nor was the possiblity
for arguments to be empty accounted for. This led to a kinda broken
startup script were arguments were "shifted", e.g. leaving allowedIPs
empty in order to use the default would cause `--bird` (the following
arguments key) to be used as the value. This was also observable when
e.g. the navbarBrand had a space in it where only everything until the
first space would show up.

With the new approach, all arguments are consistently escaped and empty
ones left out.

`extraConfig` now supports and prefers lists of strings instead of
lines (still supported but warned). This is due to the fragility with
respect to e.g. forgetting trailing backslashes after each line.
`frontend.{servers,domain}` are unset by default since the frontend
needs (the upstream project itself has no empty defaults here) needs
them to be set. If not set, an error is caused at build-time.

`proxy.birdSocket` has a new default: The projects README[^1] states
`/var/run/bird/bird.ctl` as the current default value. And bird2 on
NixOS does use this path too.

[^1]: https://github.com/xddxdd/bird-lg-go#proxy
 2023-04-25 10:41:35 +02:00
Sandro 90e2a0670d
Merge pull request #225829 from IndeedNotJames/nixos.consul 2023-04-23 23:50:14 +02:00
Will Fancher 5c46e6f4e3 systemd-stage-1: Add assertions for unsupported options. 2023-04-21 13:05:12 -04:00
Nick Cao 515da5b664
Merge pull request #227243 from misuzu/netbird-update 
netbird: 0.14.6 -> 0.16.0
 2023-04-21 13:55:29 +08:00
IndeedNotJames 6ad64af778
nixos/consul: use lib.getExe where possible 
which allows the use of custom packages, that may not have binaries called `consul` or `consul-alerts` in their `/bin/*` (though arguably pretty unlikely to be ever used)
 2023-04-21 03:46:54 +02:00
IndeedNotJames 9c1f292155
nixos/consul: fix package reference in service $PATH 2023-04-21 03:46:54 +02:00
Artturi b83db86a9e
Merge pull request #222080 from Stunkymonkey/nixos-optionalString 2023-04-20 16:07:30 +03:00
misuzu d5bb5259e4 nixos/netbird: allow configuring dns 2023-04-20 14:22:19 +03:00
Ryan Lahfa 2fa5e844de
Merge pull request #223749 from Alexis211/add-wgautomesh 
wgautomesh: init at 0.1.0
 2023-04-19 08:26:09 +02:00
Sandro ce4159b4cd
Merge pull request #226514 from AtaraxiaSjel/update/ivpn 2023-04-19 00:57:19 +02:00
Dmitriy Kholkin 706060e47d
nixos/ivpn: init 2023-04-18 22:11:10 +03:00
Artturin eac28f38d6 treewide: fix lints 
Arg to lib.optional is a list

build time tool in buildInputs

*Flags not a list

https://github.com/nix-community/nixpkgs-lint
 2023-04-18 20:20:56 +03:00
Alex Auvolat a727a3d676 nixos/wgautomesh: init at 0.1.0 2023-04-17 12:37:18 +02:00
Sandro d85555f9ac
Merge pull request #224996 from SuperSandro2000/smokeping-ln-f 2023-04-16 23:05:25 +02:00
Janne Heß ee0bfeddf7
Merge pull request #226010 from helsinki-systems/drop/deprecated-ssh-files 
nixos/openssh: Drop deprecated locations
 2023-04-15 11:41:16 +02:00
Eric Lesiuta acfed64224 nixos/picosnitch: init 2023-04-14 22:09:48 -04:00
Aidan Gauland 0135b7a556 nixos/peroxide: correct option doc 
Correct the description for the option services.peroxide.enable.
 2023-04-14 14:47:55 +02:00
Janne Heß 98c3d190b2
nixos/openssh: Drop deprecated locations 
The changelog entry should give a good indication why I don't think this
is necessary anymore.
 2023-04-13 20:31:18 +02:00
Martin Weinelt 130be87c8d
Merge pull request #224549 from mweinelt/go-neb-unit-permissions 
nixos/go-neb: Replace PermissionsStartOnly with executable prefix
 2023-04-12 22:59:41 +02:00
Sandro Jäckel fdbd0834b2
nixos/smokeping: use ln with -f 2023-04-12 22:47:21 +02:00
Martin Weinelt 7a5a2fa8a4
Merge pull request #225785 from helsinki-systems/warn-dhcpd-eol 
nixos/dhcpd: warn of pending removal
 2023-04-12 00:08:42 +02:00
ajs124 e3702c0788 nixos/dhcpd: warn of pending removal 2023-04-11 23:47:40 +02:00
Sandro fd04c0caf0
Merge pull request #221380 from Majiir/ddclient-fix-permissions 2023-04-11 01:31:53 +02:00
Felix Buehler 327b0cff7a treewide: use more lib.optionalString 2023-04-07 13:38:33 +02:00
mrobbetts 3c1c5600e8
bind: replace hard-coded allow-query zone setting with a real zone parameter. (#224776) 2023-04-07 06:55:09 +02:00
alyaeanyx bd573376ad nixos/wstunnel: init 2023-04-06 09:51:30 +02:00
Florian Klink aa158ed243
Merge pull request #219496 from f2k1de/smokeping-css-js-fix 
smokeping: fix css and js symlink
 2023-04-05 21:56:33 +02:00
Florian Klink ea7dd83b0d
Merge pull request #224833 from flokli/smokeping-config 
nixos/smokeping: use /etc/smokeping.conf
 2023-04-05 21:54:57 +02:00
Florian Klink 9de75c8bbe nixos/smokeping: use /etc/smokeping.conf 
This allows other services to refer to the generated smokeping config,
which is e.g. necessary to run smokeping with nginx as frontend, rather
than thttpd.
 2023-04-05 16:51:26 +02:00
Yureka 53c20eae38
Revert "bind: remove hard-coded allow-query config setting" 2023-04-04 23:35:11 +02:00
Martin Weinelt 34464d6044
nixos/go-neb: Replace PermissionsStartOnly with executable prefix 
This should work as a drop-in replacement and satisfy #53852.
 2023-04-04 01:01:49 +02:00
Kerstin Humm 0b0cc93e79
remove myself (erictapen) from packages which I don't use anymore 2023-04-03 17:07:16 +02:00
Sandro ef6206c3ee
Merge pull request #224170 from mvnetbiz/ddclient 2023-04-02 01:29:59 +02:00
Izorkin 3ab26f9f00
nixos/dhcpcd: add IPv6rs option 2023-04-01 13:52:38 +03:00
Matt Votava ee88bac7be nixos/ddclient: add iproute2 to unit path if using "if" method 2023-03-31 21:54:21 -07:00
Peter Simons 7942e2e38f
Merge pull request #221108 from mrobbetts/bind_remove_allow_query 
bind: remove hard-coded `allow-query` config setting
 2023-03-29 07:50:47 +02:00
Christoph Heiss c9c9abc608 openssh: fix 'undefined variable' error 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
 2023-03-22 22:38:14 +01:00
Ryan Lahfa 5b88469c21
Merge pull request #217366 from puppe/fix-yggdrasil 
nixos/yggdrasil: fix configFile option
 2023-03-22 20:18:25 +01:00
K900 d0f7d224da nixos/firewall-nftables: avoid using wildcards 
Those were added in kernel 5.13, which is newer than our oldest supported.
 2023-03-22 17:45:05 +03:00
K900 5bf9765c0a
Merge pull request #217482 from motiejus/headscale_oidc_client_secret 
headscale: natively support oidc.client_secret_path
 2023-03-22 14:30:03 +03:00
Aidan Gauland 7fb4aae81f
nixos/peroxide: add module for peroxide service 2023-03-18 07:43:59 +13:00
Sandro 7ec767ff54
Merge pull request #173697 from jmbaur/avahi-daemon-deny-interfaces 
nixos/avahi: add denyInterfaces option
 2023-03-17 17:11:49 +01:00
Weijia Wang 32f39395a7
Merge pull request #210101 from helsinki-systems/upd/jitsi 
Update of all Jitsi Meet components
 2023-03-17 12:23:14 +02:00
Bernardo Meurer 6e55733359
Merge pull request #219747 from Stunkymonkey/deprecate-isNull 2023-03-16 11:10:22 -03:00
Majiir Paktu 1021a7d928 nixos/ddclient: fix permissions warning 2023-03-15 17:47:08 -04:00
Matthew Robbetts f5b754881d bind: remove hard-coded allow-query config file entry, so it can be customized via extraConfig 2023-03-13 20:47:02 -07:00
Lassulus 47233b27c9
Merge pull request #167319 from schnusch/cgit 2023-03-13 09:51:08 +07:00
Ben Wolsieffer b92dae961c nixos/chrony: allow @chown syscall set 
The module was allowing specific chown syscalls, which is brittle because
there are several and different ones are used by glibc on different
architectures. For example, fchownat was already added to the allowlist for
aarch64, while on armv6l chrony crashes because chown32 is not in the
allowlist.

systemd provides the @chown syscall set, which includes all the chown
syscalls and avoids this brittleness. I believe the syscalls would all be
equivalent from an attacker's perspective, so there is unlikely to be any
security impact.
 2023-03-12 18:10:56 -05:00
Jonas Heinrich 9f10a2e82a
Merge pull request #218633 from onny/networkd-dispatcher-rules 
nixos/networkd-dispatcher: add rules option
 2023-03-08 20:41:06 +01:00
K900 23b0152ffb
Merge pull request #218530 from K900/murmur-dbus 
nixos/murmur: expose dbus
 2023-03-08 18:35:56 +03:00
K900 d8d8b55e7d nixos/murmur: expose dbus 2023-03-08 18:03:51 +03:00
Motiejus Jakštys 2b168ba3f0 headscale: rename oidc.client_secret_file to oidc.client_secret_path 
Headscale now supports passing the OIDC client secret via a file, as
added in [juanfont/headscale#1127][1127]. Lets use that.

The headscale option is `client_secret_path`; let's make it consistent
and rename the Nix option to this. Note that I wasn't able to do this:

    mkRenamedOptionModule [ ... "client_secret_file" ] [ ... "client_secret_path" ]

I get such error:

    error: evaluation aborted with the following error message: 'cannot find attribute `services.headscale.settings.oidc.client_secret_file''

[1127]: https://github.com/juanfont/headscale/pull/1127
 2023-03-08 11:26:45 +02:00
Jonas Heinrich 26e14e57af nixos/networkd-dispatcher: add rules option 2023-03-08 10:20:47 +01:00
Felix Buehler d10e69c86b treewide: deprecate isNull 
https://nixos.org/manual/nix/stable/language/builtins.html#builtins-isNull
 2023-03-06 22:40:04 +01:00
SEIAROTg 5a4dc2128e
nixos/wireguard: fix mtu after switching netns. 
mtu is set after switching netns and thus the new netns should be used.
 2023-03-04 18:51:12 +00:00
Isa 8225d6db3a smokeping: fix css and js symlink 2023-03-04 14:39:43 +01:00
K900 18f85de76d nixos/firewall: assert that the kernel supports conntrack helper auto-loading 2023-03-04 10:53:47 +03:00
Arian van Putten 17ca3dd2a6
Merge pull request #217852 from justinas/teleport-12 
teleport: 11.3.4 -> 12.0.2, reintroduce teleport_11
 2023-03-02 11:18:24 +01:00
Yureka 55da71c10e
nixos/nftables: add checkRuleset option (#216531) 
* nixos/nftables: add checkRuleset option

* lkl: 2022-05-18 -> 2023-01-27
 2023-03-02 10:28:01 +01:00
Justinas Stankevicius 31b5597cbd nixos/teleport: add "package" option 2023-02-28 13:22:50 +02:00
Jared Baur ea0dc2c5eb
nixos/avahi: add denyInterfaces option 2023-02-27 15:41:53 -08:00
Daniel Olsen ea31ef91af nixos/headscale: update oidc options 2023-02-27 15:17:16 +01:00
Robert Schütz 9e1d4dff3e nixos/openvpn: use writeShellScript 
Previously the upScript would fail with

    Syntax error: "(" unexpected (expecting "done")

on line 7 if /bin/sh is not bash.
 2023-02-26 10:12:28 -08:00
Naïm Favier 129b6f7812
Merge pull request #216504 from ncfavier/unbound-state-dir-writable 
nixos/unbound: make stateDir writable
 2023-02-23 14:23:53 +01:00
Robert Schütz 89c8ef30a6 nixos/imaginary: bind to localhost by default 2023-02-22 17:37:36 -08:00
Sandro 5b7d323435
Merge pull request #216909 from emilytrau/tailscale-tweaks 2023-02-21 23:21:09 +01:00
Martin Puppe 8bc615d0e0 nixos/yggdrasil: correct documentation 
The option `LinkLocalTCPPort` does not exist anymore in recent versions
of Yggdrasil. The port for incoming link-local connections is now
configured as part of the `MulticastInterfaces` option. Our
documentation should reflect that.
 2023-02-20 23:10:54 +01:00
Martin Puppe cf8b1fb85e nixos/yggdrasil: support HJSON files as configFile 
Yggdrasil uses HJSON as its configuration file format. The NixOS module
meanwhile only supports pure JSON. This commit adds support for HJSON
files.
 2023-02-20 23:10:54 +01:00
Martin Puppe 78ac812356 nixos/yggdrasil: fix configFile option 
As far as I can tell the configFile option cannot have worked as
intended. The Yggdrasil systemd service uses a dynamic user. As it was,
there was no way to set the correct permissions on a config file
beforehand which would allow the dynamic user to read the config file
without making it readable for all users. But since the config file can
contain a private key it *must not* be world-readable.

The file must only be readable by root. The file has to be copied and
the permissions have to be fixed during service startup. This can either
be done in a ExecStartPre directive with the '+' prefix (which executes
that command with elevated privileges), or it can be done more
declarative with the LoadCredential directive. I have chosen the latter
approach because it delegates more work to systemd itself. It should be
noted that this has the minor tradeoff that the config file must not be
larger than 1 MB. This is a limit which systemd imposes on credential
files. But I think 1 MB ought to be enough for anybody ;).
 2023-02-20 23:04:24 +01:00
Martin Puppe 9b2e2e8006 nixos/yggdrasil: nixpkgs-fmt 2023-02-20 22:02:59 +01:00
Jonas Heinrich 553c376a49 nixos/networkd-dispatcher: init 2023-02-19 04:42:25 -05:00
Nick Cao a1291d0d02
Merge pull request #205784 from Eliot00/v2raya-fix 
v2raya: v2rayA should start after nftables
 2023-02-19 15:08:29 +08:00
Emily Trau 949b1df785 nixos/tailscale: fix config priority conflict 2023-02-18 13:28:04 +11:00
pennae 047bd73c5e nixos/wireguard: make publicKeys singleLineStrs 
using readFile instead of fileContents (or using indented strings) can
leave a trailing newline that causes build errors in systemd units and
has previously caused runtime errors in wireguard scripts. use
singleLineStr to strip a trailing newline if it exists, and to fail if
more than one is present.
 2023-02-16 11:56:12 +01:00
Naïm Favier 5cf311c036
nixos/unbound: make stateDir writable 2023-02-15 18:14:58 +01:00
Robert Schütz 7b60fce843
Merge pull request #215222 from dotlambda/nixos-imaginary-init 
nixos/imaginary: init
 2023-02-12 08:42:19 -08:00
Andreas Stührk 8dade1f713 nixos/envoy: add option requireValidConfig to make config validation errors non-fatal 
Co-authored-by: Vincent Haupert <vincent@yaxi.tech>
 2023-02-11 18:21:21 +01:00
Vincent Haupert 84220a7098 nixos/envoy: add package option 2023-02-11 18:21:21 +01:00
Vincent Haupert 3c3da8768b nixos/envoy: further service hardening 2023-02-11 18:21:21 +01:00
Vincent Haupert 8fff553f7e nixos/envoy: sort serviceConfig entries 2023-02-11 18:21:21 +01:00
Vincent Haupert 989a1a6ef5 nixos/envoy: use lists in serviceConfig where appropriate 
Using type `list` instead of `str` in `serviceConfig` entries which
accept multiple values allows easier extension of the unit
configuration.
 2023-02-11 18:21:21 +01:00
Robert Schütz efee1b5234 nixos/imaginary: init 2023-02-11 09:18:42 -08:00
Naïm Favier 86a387351a
Merge branch 'master' into nixos/hostapd 2023-02-11 14:03:56 +01:00
bb2020 76bf633dc2 nixos/minidlna: minor changes 2023-02-09 21:11:20 +03:00
pennae bf4c0c1900 nixos/*: remove trailing period in mkEnableOptions 
those are added by mkEnableOption, and .. is replaced to … by markdown
processing.
 2023-02-08 15:23:34 +01:00
Will Fancher 1406dd02a9 sshd: Cyphers -> Ciphers 2023-02-07 13:54:36 -05:00
Sandro 98a5726add
Merge pull request #204390 from gbtb/openvpn_client_restart_after_suspend 
Resolves https://github.com/NixOS/nixpkgs/issues/52528
 2023-02-07 01:06:24 +01:00
Matthieu Coudron ef5da70d66
services.openssh: rename several settings (#211991) 
* services.openssh: rename several settings

... to match the sshd config format (makes transition smoother), namely:
services.openssh.forwardX11 -> services.openssh.settings.X11Forwarding
services.openssh.cyphers -> services.openssh.settings.Cyphers
services.openssh.macs -> services.openssh.settings.Macs
services.openssh.kexAlgorithms -> services.openssh.settings.KexAlgorithms
services.openssh.gatewayPorts -> services.openssh.settings.GatewayPorts

* release-notes: mention openssh renaming

* chore: regenerated release-notes
 2023-02-07 00:11:18 +01:00
Sandro d47709d1ef
Merge pull request #208189 from numinit/update-nebula-module 2023-02-06 23:14:58 +01:00
Robert Obryk 0a6dd02620 nixos/firefox-syncserver: enable recommendedProxySettings 
The syncserver requires a Host header identical to the one provided by
the client.
 2023-02-05 23:47:19 +01:00
Malte Voos 3449f83618 maintainers/malvo: update information 2023-02-05 15:05:51 +01:00
Morgan Jones e99f342f11 nixos/nebula: harden systemd unit 2023-02-04 16:24:45 -08:00
Morgan Jones 9d649fd78c nixos/nebula: add tests for relays; clean up nebula passthru test 2023-02-04 16:24:45 -08:00
Morgan Jones 90581c977f nixos/nebula: don't run as root; support relays 2023-02-04 16:24:45 -08:00
Elliot e78f2115bf
v2raya: v2rayA should start after nftables 2023-02-03 10:22:23 +08:00
Sebastian Sellmeier f531b17f7d
avahi-daemon: add ConfigurationDirectory to ensure "avahi/services" exists 2023-02-01 21:43:29 +01:00
ajs124 adc59137e9 nixos/jicofo: fix after update 
2943c21ff7
removed the cli parameters

migrate from legacy config while we're at it
 2023-02-01 16:32:23 +01:00
Izorkin 59dbe319ce nixos/gitea: update SystemCallFilter 2023-01-31 10:08:32 -06:00
Izorkin 48ecda0962 nixos/chrony: disable PrivateDevices setting 2023-01-31 10:08:32 -06:00
Weijia Wang 5f83b5d199
Merge pull request #208801 from LeSuisse/multipath-tools-0.9.4 
multipath-tools: 0.9.3 -> 0.9.4
 2023-01-31 14:57:49 +01:00
Nick Cao db77921d65
Merge pull request #205118 from SharzyL/fix-openconnect-protocol 
nixos/openconnect: support alternative protocol
 2023-01-31 19:53:53 +08:00
schnusch 45f06d9712 nixos/cgit: add package option 2023-01-31 12:13:56 +01:00
schnusch 218c7795a6 nixos/cgit: init 2023-01-31 12:06:12 +01:00
pennae 5b6dcece88
Merge pull request #212684 from pennae/nixos-render-docs 
nixos-render-docs: init, use for some manual rendering to docbook
 2023-01-30 19:26:07 +01:00
Michele Guerini Rocco 72c6c848ee
Merge pull request #212685 from rnhmjoj/pr-connman 
nixos/wireless: fix failure on missing config file
 2023-01-30 13:32:58 +01:00
pennae 0a6e6cf7e6 nixos/manual: render module chapters with nixos-render-docs 
this converts meta.doc into an md pointer, not an xml pointer. since we
no longer need xml for manual chapters we can also remove support for
manual chapters from md-to-db.sh

since pandoc converts smart quotes to docbook quote elements and our
nixos-render-docs does not we lose this distinction in the rendered
output. that's probably not that bad, our stylesheet didn't make use of
this anyway (and pre-23.05 versions of the chapters didn't use quote
elements either).

also updates the nixpkgs manual to clarify that option docs support all
extensions (although it doesn't support headings at all, so heading
anchors don't work by extension).
 2023-01-27 20:07:34 +01:00
rnhmjoj 688d658a96
nixos/wireless: fix failure on missing config file 
This change prevents doing the secret substitution when the config is
missing, which would result in an error.

The service can be useful even without configuration; for example
connman controls wpa_supplicant using dbus and as such it does not need
a config file nor any other declarative options.
 2023-01-26 00:31:21 +01:00
Sandro e3d6edd75f
Merge pull request #209045 from Izorkin/update-dhcpcd-ipv6rs 2023-01-23 23:25:03 +01:00
Bernardo Meurer 271dbd928e
nixos/blocky: restart on failure 2023-01-23 11:45:56 -05:00
pennae e067d9e33e nixos/redsocks: fix option description formatting 2023-01-22 17:50:09 +01:00
Nick Cao c2de985844
Merge pull request #211559 from GTrunSec/nomad-credential 
nixos/nomad: add LoadCredential option
 2023-01-22 08:27:44 +08:00
Naïm Favier 8bf63a5ed4
Merge pull request #211992 from ncfavier/remove-stray-spaces 2023-01-21 21:51:52 +01:00
Naïm Favier 3aa1337a71
nixos: remove stray spaces 2023-01-21 21:46:53 +01:00
Naïm Favier 363158603a nixos: fix backticks in Markdown descriptions 2023-01-21 18:08:38 +01:00
guangtao 6c46078aad nixos/nomad: add LoadCredential option 2023-01-21 06:09:22 -08:00
guangtao b5a3f795c3 nixos/nomad: fix multi-plugin-dir path 2023-01-18 22:22:43 -08:00
maifel-maifel 4dbc2fe873
nixos/syncthing: point out pitfalls with extraOptions (#210208) 
Co-authored-by: digital <git-voopaipa@dinid.net>
 2023-01-16 13:12:12 +01:00
Sandro 6fecd5a257
Merge pull request #204342 from anpandey/znc 2023-01-16 02:07:30 +01:00
Matthieu Coudron 293de575cb modules.openssh: provide default settings 
else evaluation fails
 2023-01-16 00:11:53 +01:00
Matthieu Coudron 83e2f6f3da services.openssh: fix doc 2023-01-16 00:06:40 +01:00
Ryan Lahfa b42ea74b96
Merge pull request #206655 from vlinkz/distroname 
nixos/version: add system.nixos.distroName and system.nixos.distroId options
 2023-01-15 17:39:55 +01:00
Matthieu Coudron cf10d7aef8
services.openssh: support freeform settings (#193757) 
* services.openssh: support freeform settings

Keep "extraConfig" but introduces "settings".

Also renames several options

(mkRenamedOptionModule [ "services" "openssh" "kbdInteractiveAuthentication" ] [  "services" "openssh" "settings" "KbdInteractiveAuthentication" ])
(mkRenamedOptionModule [ "services" "openssh" "passwordAuthentication" ] [  "services" "openssh" "settings" "PasswordAuthentication" ])
(mkRenamedOptionModule [ "services" "openssh" "useDns" ] [  "services" "openssh" "settings" "UseDns" ])
(mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [  "services" "openssh" "settings" "PermitRootLogin" ])

* updated doc
* regen doc
 2023-01-15 16:32:46 +01:00
Victor Fuentes d3528cdc3d
nixos/version: add config.system.nixos.distroName and config.system.nixos.distroId 2023-01-14 16:19:06 -05:00
github-actions[bot] 49722fd14a
Merge master into staging-next 2023-01-13 18:01:34 +00:00
Izorkin 0e9cb9fcfd
nixos/dhcpcd: don't solicit or accept ipv6 router advertisements if use static addresses 2023-01-12 09:57:17 +03:00
pennae 53fc887582 nixos/manual: move "edit the MD file" comments to generated XML 2023-01-10 12:34:37 +01:00
pennae bf92eaebe4 nixos/manual: generate module chapters with md-to-db.sh 2023-01-10 10:32:00 +01:00
pennae dc7788efb8 nixos/manual: regenerate chapter xml files 
apparently pandoc has changed behavior over the past releases, so the
files are no longer in sync. occasionally this requires edits
to the markdown source to not remove an anchor that was there
before (albeit wth a very questionable id), or where things were simply
being misrendered due to syntax errors.
 2023-01-10 10:31:59 +01:00
pennae 23ea73b416 nixos/manual: enable smart quotes for all MD chapters 2023-01-10 10:31:59 +01:00
pennae e4897cdf16 nixos/yggdrasil: convert manual chapter to MD 2023-01-10 10:31:57 +01:00
pennae 963c6f54aa nixos/prosody: convert manual chapter to MD 2023-01-10 10:31:57 +01:00
pennae 5917123885 nixos/pleroma: convert manual chapter to MD 2023-01-10 10:31:57 +01:00
pennae 0715ecf936 nixos/manual: normalize <programlisting> 
makes sure that program listing tags are separated from their contents
by exactly a newline character. this makes the markdown translation
easier to verify (since no new newlines need to be inserted), and
there's no rendering difference anyway.
 2023-01-10 10:31:52 +01:00
pennae 80a78f2e1e nixos/manual: remove links from program listings 
markdown cannot represent those links. remove them all now instead of in
each chapter conversion to keep the diff for each chapter small and more
understandable.
 2023-01-10 10:31:52 +01:00
github-actions[bot] e4fc9a910a
Merge master into staging-next 2023-01-09 12:01:24 +00:00
Naïm Favier bff4bb5540
Merge pull request #208762 from ncfavier/link-manpages-options-doc 2023-01-09 11:57:01 +01:00
github-actions[bot] e3480cf1cc
Merge master into staging-next 2023-01-06 00:02:28 +00:00
Thiago Kenji Okada 1deddf959c
Merge pull request #209175 from gador/unifi-fix-monogdb-version 
nixos/unifi: fix mongodb to a stable version
 2023-01-05 20:39:14 +00:00
Florian Brandes 45d27d43c4 nixos/unifi: fix mongodb to a stable version 
Otherwise unifi might break on a next big update
just like https://github.com/NixOS/nixpkgs/pull/207382#issuecomment-1371303817

Also this requires an update of the unifi package. With the LTS
version, newer mongodb versions aren't supported. The current supported
version of unifi 7 is mongodb 3.6 acording to
https://community.ui.com/releases/UniFi-Network-Application-7-0-20/3e4a4099-c063-42f6-8e21-5fb2c99fcea9 which isn't even supplied by nixpkgs anymore.

mongodb-4_2 isn't officially supported, but works.

Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
 2023-01-05 15:16:02 +01:00
github-actions[bot] 0c8280b1c4
Merge staging-next into staging 2023-01-05 06:01:39 +00:00
Aneesh Agrawal 1e94e9146f radicale: Drop self (aneeshusa) from maintainership 
I have switched to using etebase/etesync.
 2023-01-05 00:14:38 -05:00
pennae 9da5f12ecf modules: add mkPackageOptionMD 
another transitional option factory, like mkAliasOptionModuleMD.
 2023-01-05 02:33:13 +01:00
pennae 4c1cfbdb84 modules: add mkAliasOptionModuleMD 
mkAliasOptionModule should not default to mdDoc descriptions because
that can break out-of-tree users of documentation infrastructure. add an
explicitly-MD variant for now, to be removed some time after the MD
transition is complete.
 2023-01-05 02:33:13 +01:00
github-actions[bot] e076f677a1
Merge staging-next into staging 2023-01-03 18:01:45 +00:00
Izorkin b943fb24b7 chrony: update sandboxing options 2023-01-03 07:04:55 -06:00
Naïm Favier 4fb500d629
nixos/doc: fix some manpage references 2023-01-03 14:03:35 +01:00
Thomas Gerbet ad9521e07e multipath-tools: 0.9.3 -> 0.9.4 
https://github.com/opensvc/multipath-tools/compare/0.9.3...0.9.4

Fixed a bunch of issues and warnings occuring during the build.
`passthru.tests` is however still broken.
 2023-01-02 21:34:35 +01:00
Jan Tojnar 5810109b42 Merge branch 'staging-next' into staging 
- readline6 attribute removed from all-packages.nix in d879125d61
- readline attribute was bumped to readline82 in 50adabdd60
 2023-01-02 03:04:32 +01:00
Naïm Favier 1596c87bdb
Merge pull request #195945 from ncfavier/wg-quick-nftables 2023-01-01 14:13:01 +01:00
0x4A6F 7e159b1a67 nixos/cloudflared: systemd dependency fix 
- also wait for network-online.target:
  fixes startup error on reboot without functioning networking
- restart on-failure (upstream service definition)
 2023-01-01 11:01:02 +01:00
Ryan Lahfa 06542b21a0
Merge pull request #205636 from LoveIsGrief/webhook-module 
nixos/webhook: add support for a webhook service option
 2022-12-31 22:31:38 +01:00
Joel 4c365aa9fc
nixos/cloudfared: fix options that are required having defaults 
> ERR Couldn't start tunnel error="The last ingress rule must match all URLs (i.e. it should not have a hostname or path filter)"
 2022-12-30 20:54:06 +10:00
Joel 1cee5ecfeb
nixos/cloudflared: fix invalid systemd unit description 2022-12-30 20:54:06 +10:00
alyaeanyx ebe0608ada nixos/openconnect: fix null cases for user and passwordFile options 2022-12-30 10:10:54 +01:00
Maximilian Bosch 6873c69ada
Merge pull request #207774 from NetaliDev/pdns-secretfile 
nixos/powerdns: add secretFile option
 2022-12-29 12:28:13 +01:00
Lucas Franceschino e8e932bc80
nixos/webhook: init 2022-12-29 01:24:46 +01:00
github-actions[bot] 351a07ba79
Merge staging-next into staging 2022-12-29 00:03:11 +00:00
Naïm Favier e182da8622
Merge pull request #206939 from tavi-vi/tinc-restart-fix 2022-12-28 22:21:41 +01:00
Sergei Trofimovich 092d57c076 Merge remote-tracking branch 'origin/staging-next' into staging 
Conflicts:
    pkgs/development/tools/language-servers/ansible-language-server/default.nix
 2022-12-28 09:35:37 +00:00
Naïm Favier dc1e00bd8b
nixos/wg-quick: use networking.firewall.package 
Use `nftables` if available.
 2022-12-26 10:28:03 +01:00
netali 64a957a7d1
nixos/powerdns: add secretFile option 2022-12-26 02:12:31 +01:00
Maciej Krüger 94373a589b
Merge pull request #203011 from duament/firewall-nftables 2022-12-26 00:57:24 +01:00
github-actions[bot] 583c7499e5
Merge staging-next into staging 2022-12-25 18:01:38 +00:00
Andrew Childs 4ec86b13c9
pleroma: 2.4.4 -> 2.5.0 (#207521) 2022-12-25 13:38:55 +01:00
github-actions[bot] b48679133a
Merge staging-next into staging 2022-12-25 12:01:40 +00:00
Phosu Parsons ff9dbe90d7 services.pixiecore: add quick option 2022-12-25 09:33:38 +01:00
Jan Tojnar 72c37eddec Merge branch 'staging-next' into staging 2022-12-25 01:30:47 +01:00
Kristoffer Dalby 571780384a
headscale: Update to 0.17.1, conform module to RFC0042 
This commit upgrades headscale to the newest version, 0.17.0 and updates
the module with the current breaking config changes.

In addition, the module is rewritten to conform with RFC0042 to try to
prevent some drift between the module and the upstream.

A new maintainer, Misterio77, is added as maintainer.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Co-authored-by: Gabriel Fontes <hi@m7.rs>
Co-authored-by: Geoffrey Huntley <ghuntley@ghuntley.com>
 2022-12-23 15:47:53 +01:00
Rvfg a43c7b2a70
nixos/{firewall, nat}: add a nftables based implementation 2022-12-23 00:49:24 +08:00
Bobby Rong ce96f00944
Merge pull request #205417 from kurnevsky/tox-node-0.2.0 
tox-node: 0.1.1 -> 0.2.0
 2022-12-22 23:30:51 +08:00
Evgeny Kurnevsky d7b2de44c3
tox-node: 0.1.1 -> 0.2.0 2022-12-22 00:38:16 +03:00
Sandro 5b450caa5e
Merge pull request #202245 from tylerjl/rpcbind-tmpfiles-dependency 2022-12-21 20:35:50 +01:00
pennae 4cdcad6b26 nixos/firefox-syncserver: remove unnecessary service option 
Stderr does not exist as a systemd option (StandardError would've been
correct), but since "journal" is the default by association this mistake
never had any effect. just remove the key entirely.
 2022-12-21 10:29:25 +01:00
pennae 13d725908c syncstorage-rs: 0.12.5 -> 0.13.1 
this includes a module update because the package update breaks the
module. would rather not break system bisection if possible.
 2022-12-21 10:29:25 +01:00
Tavi 705392e011 nixos/services.tinc: Fix whitespace 
Fix indentation for previous commit
 2022-12-19 21:19:02 -05:00
Tavi ca591e7008 nixos/services.tinc: Add all generated /etc/ files to reloadTriggers 
Bug fix for issue #66431. Adds all files created as a result of
hostSettings configuration to the created service's reloadTriggers,
or to restartTriggers if the version of tinc isn't 1.1pre or later.
 2022-12-19 20:35:00 -05:00
github-actions[bot] dc7ebb0163
Merge staging-next into staging 2022-12-18 18:01:41 +00:00
figsoda 6bb0dbf91f nixos: fix typos 2022-12-17 19:31:14 -05:00
github-actions[bot] 7984a7dacb
Merge staging-next into staging 2022-12-18 00:05:50 +00:00
github-actions[bot] 887e342eaa
Merge staging-next into staging 2022-12-17 18:01:35 +00:00
Julien Moutinho 15046139d5 nixos/mmsd: init 2022-12-17 17:36:43 +01:00
Michael Hoang 68e514ed1c nixos/tailscale: Add useRoutingFeatures option 2022-12-17 22:38:14 +11:00
github-actions[bot] f61e6f8d8e
Merge staging-next into staging 2022-12-16 18:02:14 +00:00
Frank Moda e27e857def nixos/cloudflared: guard config with enable flag 2022-12-16 11:30:44 -05:00
Vladimír Čunát 59a68f487d
Merge branch 'staging-next' into staging 2022-12-16 11:20:50 +01:00
Artturin 05a2dfd674 lib.replaceChars: warn about being a deprecated alias 
replaceStrings has been in nix since 2015(nix 1.10)

so it is safe to remove the fallback

d6d5885c15
 2022-12-15 22:25:51 +02:00
github-actions[bot] 9e23ec4f1c
Merge staging-next into staging 2022-12-15 00:03:02 +00:00
Sandro b5f35b1c85
Merge pull request #205399 from SuperSandro2000/fix-avahi 2022-12-14 23:34:12 +01:00
github-actions[bot] c0b33aa433
Merge staging-next into staging 2022-12-14 06:01:42 +00:00
ajs124 f98e6d6290 unifi7: 7.2.95 -> 7.3.76 
https://community.ui.com/releases/UniFi-Network-Application-7-3-76/85c75fc7-3e0f-4e99-aa90-7068af4f1141
 2022-12-14 02:47:04 +01:00
github-actions[bot] cfbecb45cc
Merge staging-next into staging 2022-12-12 18:01:51 +00:00
Bernardo Meurer d2578f1dac
Merge pull request #171875 from bbigras/cloudflared 
nixos/cloudflared: init
 2022-12-12 13:06:21 -03:00
gbtb 8399ff1e34 nixos/openvpn: applied nixpkgs-fmt 2022-12-12 23:39:11 +10:00
gbtb 3d17d6fff6 nixos/openvpn: added restartAfterSleep option 
Additional systemd unit that hooks to sleep.target and kills openvpn processes
 2022-12-12 23:37:57 +10:00
github-actions[bot] f14765eb08
Merge staging-next into staging 2022-12-11 18:01:53 +00:00
Bobby Rong 0e857e0089
Merge pull request #204807 from Eliot00/v2raya-init 
v2raya: init at 2.0.0
 2022-12-11 23:06:00 +08:00
K900 a95574fd2e
Merge pull request #204560 from jcumming/resilio_config_passthru 
passthrough config if there are no secrets defined (address #204559)
 2022-12-11 17:50:37 +03:00
Elliot 08d651764f
v2raya: init at 2.0.0 
Update nixos/modules/services/networking/v2raya.nix

Co-authored-by: zendo <linzway@qq.com>

Update nixos/modules/services/networking/v2raya.nix

Co-authored-by: zendo <linzway@qq.com>

Update pkgs/tools/networking/v2raya/default.nix

Co-authored-by: zendo <linzway@qq.com>

Update pkgs/tools/networking/v2raya/default.nix

Co-authored-by: zendo <linzway@qq.com>

Update nixos/modules/services/networking/v2raya.nix

Co-authored-by: zendo <linzway@qq.com>

Update pkgs/tools/networking/v2raya/default.nix

Co-authored-by: zendo <linzway@qq.com>

Update nixos/modules/services/networking/v2raya.nix

Co-authored-by: zendo <linzway@qq.com>
 2022-12-11 22:23:12 +08:00
Robert Hensing 16f5747575
Merge pull request #175649 from Artturin/opt-in-structured-attrs 
stdenv: support opt-in __structuredAttrs
 2022-12-10 21:12:43 +01:00
Bruno Bigras c770b44aff nixos/cloudflared: init 2022-12-10 14:07:26 -05:00
Sandro Jäckel 89b5dddf99
nixos/avahi: revert closing firewall port by default 2022-12-10 03:40:39 +01:00
Ryan Lahfa 022c7d777a
Merge pull request #196837 from KoviRobi/dnsmasq-attrsets-config 
nixos/dnsmasq: Use attrs instead of plain text config
 2022-12-08 23:47:08 +01:00
Artturin c01f509e44 treewide: source .attrs in builders 
if theres a source $stdenv then this is needed

for structuredAttrs
 2022-12-08 21:09:02 +02:00
Naïm Favier 0ff3b35356 nixos/doc: fix some options 2022-12-08 17:52:52 +01:00
SharzyL 44319dc911
nixos/openconnect: use alternative protocol 2022-12-08 16:34:50 +08:00
Daniel Nagy ad866e565d
treewide: switch to port type for nixos modules 2022-12-08 00:00:00 +01:00
Wael Nasreddine 69dff6a36c
Merge pull request #144455 from Twingate/master 2022-12-06 09:33:20 -08:00
Ankit Pandey 4fed4b8da8 nixos/znc: Doc fix about services.znc.config 
We need to disable `services.znc.mutable` to make changes apply even
after the first deploy, not enable it (it's already enabled by default).
 2022-12-05 17:26:38 -08:00
Solene Rapenne 659803e879 nixos/tmate-ssh-server: openFirewall default to false 2022-12-05 12:03:09 +01:00
Solene Rapenne efeb1e50d9 nixos/avahi-daemon: openFirewall default to false 2022-12-05 12:03:09 +01:00
Jack Cummings 75f2f8e753 passthrough config if there are no secrets defined 2022-12-04 16:37:51 -08:00
Robert Kovacsics 2c00429560 nixos/dnsmasq: Use attrs instead of plain text config 
This should make it easier to configure in multiple places, override
defaults, etc.
 2022-12-04 23:08:37 +00:00
Jasper Woudenberg bc3b07cb93 resilio: Add jwoudenberg as extra maintainer 2022-12-02 12:08:33 -06:00
Jasper Woudenberg c8f9d170d4 nixos/resilio: support secret files 
When using the declarative shared folder configuration for resilio sync
it is now possible to pass a path from which to read the secret should
be read at runtime. The path will not be added to the nix store.

The 'secret' parameter to specify the secret directly is still
supported. This option will still store the secret in the nix store.

This commit follows the pattern described in this issue, for upstream
programs that do not provide support for setting a password using a
file: https://github.com/NixOS/nixpkgs/issues/24288
 2022-12-02 12:08:33 -06:00
Artturi dadca5c5e1
Merge pull request #140890 from seb314/wireguard/dyndns-restart-on-failure 
wireguard: non-invasive fix for permanent disconnects on unstable network (e.g. laptops) from dyndns endpoints
 2022-12-02 17:47:47 +02:00
Daniel Nagy dbe8182e74
treewide: switch to port type for nixos modules 2022-12-01 22:30:00 +01:00
Ryan Lahfa 5d87a1b9b8
Merge pull request #195735 from hax404/tayga_init 
nixos/tayga: init
 2022-12-01 21:14:50 +01:00
Alex Zero 16b7892876
nixos/tayga: init 2022-12-01 11:17:20 +01:00
figsoda d1c73c2543 nixos/keepalived: remove unnecessary parentheses 2022-11-30 17:59:52 -05:00
figsoda 55acad5c35 nixos/softether: apply statix suggestions 2022-11-30 17:56:56 -05:00
figsoda dfff1a2b83 nixos/prosody: simplify logic 2022-11-30 17:36:07 -05:00
Andrew Marshall 87245df5d3 nixos/stubby: Support fine-grained logLevel 
In much older versions, Stubby only supported debug logging, but that is
no longer true, so support the fine-grained log level.
 2022-11-29 20:14:00 -06:00
Tyler Langlois e217979fc7 nixos/rpcbind: add dependency for systemd-tmpfiles-setup 
The inline comments explain the reasoning behind this change. This
work was initiated due to failing tests explicitly for glusterfs, but
my hunch is that any nixosTest adjacent to rpcbind will start working
again.

Ref: https://github.com/NixOS/nixpkgs/issues/175339
 2022-11-21 13:43:28 -07:00
Jörg Thalheim 83b468db28
Merge pull request #196148 from Mic92/tailscale 
tailscale: improve formatting on warning message
 2022-11-20 20:12:46 +01:00
David Wilemski c9543015d0
nixos/firewall: remove stray quote from package option 
This quote is not needed and shows up rendered in the manpage documenting this option.
 2022-11-19 22:04:52 -06:00
Patrick Jackson b0c6f4ae05 nixos/mullvad-vpn: add mullvad-exclude wrapper & systemPackage 2022-11-17 07:31:40 -08:00
Carl Richard Theodor Schneider 647ed242dc nixos/adguardhome: allow for empty/unmanaged configs 
This commit fixes broken non-declarative configs by
making the assertions more relaxed.
It also allows to remove the forced configuration merge by making
`settings` `null`able (now the default).

Both cases (trivial non-declarative config and `null`able config) are
verified with additional tests.

Fixes #198665
 2022-11-15 23:43:15 -05:00
clerie 159d73f7a3 nixos/chisel-server: add module 2022-11-13 12:02:34 +01:00
Robert Schütz 257ec177c8 nixos/syncthing: disallow relative paths 
Relative paths are interpreted relative to the working directory, which
is currently unset and thus defaults to `/`. However we want to change
the working directory in a future release such that relative paths are
interpreted relative to `/var/lib/syncthing`.
 2022-11-12 11:37:23 -08:00
Daniel Nagy b4674b39c1
treewide: use mkEnableOption in nixos modules 2022-11-10 09:30:00 +01:00
Daniel Nagy 095269c862
treewide: use types.port in nixos modules 2022-11-10 09:30:00 +01:00
Guillaume Girol 255ac994b8 nixos/firefox-syncserver: fix setup failure due to duplicate key 
in some circumstances, the setup service would fail with:
ERROR 1062 (23000) at line 5: Duplicate entry '1' for key 'PRIMARY'
so let's use an upsert instead of insert. This also simplifies the
script.

Besides, also fix that when the setup script changes, the corresponding
script is not restarted as it is usually not active, so we trigger a
restart of the main systemd service.
 2022-11-09 23:39:08 +01:00
Robert Hensing 93a905ec4f
Merge pull request #194759 from hercules-ci/fqdn-or-hostname 
nixos: Add `networking.fqdnOrHostName`
 2022-11-09 13:53:57 +01:00
Bjørn Forsman 25617e3def nixos/blocky: fix description 
Before: "Whether to enable Fast and lightweight [...]"
After: "Whether to enable blocky, a fast and lightweight [...]"
 2022-11-08 20:59:06 +01:00
Maximilian Bosch 67e61879c5
Merge pull request #199416 from symphorien/wg-add-peer 
nixos/wireguard: start new peers when they are added
 2022-11-07 12:20:06 +01:00
Jörg Thalheim 1d442b3b68
Merge pull request #186087 from Mic92/consul 
nixos/consul: use signal instead of api for reload
 2022-11-06 20:32:19 +01:00
Guillaume Girol c5df8359df nixos/wireguard: start new peers when they are added 
when a new peer is added, it does not modify any active units, because
the interface unit remains the same. therefore the new peer is not added
until next reboot or manual action.
 2022-11-04 15:35:21 +01:00
Oleksandr Chupryna acf17b3b4b nixos/twingate: init module 2022-11-04 13:36:45 +01:00
ajs124 42ec4ec905
Merge pull request #198303 from cleeyv/jitsi-update 
Update of all Jitsi Meet components
 2022-11-03 22:57:04 +01:00
Erik Arvstedt 828cd4c895
nixos/bitcoind: fix rare startup error 
Previously, dhcpcd and bitcoind starting up in parallel could lead to
the following error in bitcoind:
```
bitcoind: libevent: getaddrinfo: address family for nodename not supported
bitcoind: Binding RPC on address 127.0.0.1 port 8332 failed.
bitcoind: Unable to bind any endpoint for
```
After the initial failure, the bitcoind service would always restart successfully.

This race condition, where both applications were simultaneously
manipulating network resources, was only triggered under specific
hardware conditions.

Fix it by running bitcoind after dhcp has started (by running after
`network-online.target`).
This bug and the fix only affect the default NixOS scripted
networking backend.
 2022-11-02 12:31:40 +01:00
Sandro 796cc1ad51
Merge pull request #198532 from raindev/syncthing-devices-folders 2022-11-01 23:28:33 +01:00
Sandro 4d4fdde2cf
Merge pull request #197876 from iopq/alt-history 2022-10-30 19:51:28 +01:00
Andrew Barchuk 43bc09e037
nixos/syncthing: keep manually added dirs/devices 
If folders and devices are not configured explicitly, do not wipe the
changes done via the web GUI. Currently the list of devices or folders
will be reset unless overrideFolders/overrideDevices is disabled.
 2022-10-30 00:22:00 +02:00
seb314 82c5c3c9a9 wireguard: when dyn-dns refresh is enabled, reconnect after failures 
Make the dynamic-dns refresh systemd service (controlled via the
preexisting option dynamicEndpointRefreshSecond) robust to e.g. dns
failures that happen on intermittent network connections.

Background:

When dns resolution fails with a 'permanent' error ("Name or service not
known" instead of "Temporary failure in name resolution"), wireguard
won't retry despite WG_ENDPOINT_RESOLUTION_RETRIES=infinity.

-> This change should improve reliability/connectivity.

somewhat related thread: https://github.com/NixOS/nixpkgs/issues/63869
 2022-10-28 19:16:05 +02:00
iopq 96f7444bc8 nixos/xray: init service 2022-10-28 23:53:41 +08:00
Cleeyv 2ef91019db jibri: 8.0-93 -> 8.0-139 
- Fix of accidental downgrade in #158911
- Update of runtime from Java 8 -> 11
 2022-10-28 11:42:55 -04:00
pennae 15372dc4d4 nixos/mosquitto: clarify hashedPassword generation 
unfortunately we cannot use other tools (like mkpasswd) instead of
mosquitto_passwd because mosquitto is incompatible with the standard
crypt format.
 2022-10-28 17:39:30 +02:00
Naïm Favier 94d24f136e
nixos/vdirsyncer: fix description 2022-10-28 11:59:34 +02:00
Patrick Jackson 1c1af8d2f2 nixos/mullvad-vpn: add patricksjackson to maintainers 2022-10-27 12:38:48 -07:00
Patrick Jackson 3aa131978d nixos/mullvad-vpn: add the package option 2022-10-27 12:38:48 -07:00
Sandro b99ffef2de
Merge pull request #197688 from MidAutumnMoon/go-119-services-fix-2 2022-10-27 00:49:35 +02:00
Sandro dc5fa53b83
Merge pull request #197657 from MidAutumnMoon/go-119-services-fix 2022-10-27 00:48:28 +02:00
Sandro 8ebdb3e6fe
Merge pull request #176701 from CRTified/adguardhome-schemaversion 2022-10-26 22:52:04 +02:00
Sandro 4d1f158bf0
Merge pull request #161640 from schnusch/vdirsyncer 2022-10-26 22:22:19 +02:00
Niklas Hambüchen f5c5386870 nixos/smokeping: Don't show 413 Forbidden on thttpd /. Fixes #197704 2022-10-25 23:11:50 +02:00
Carl Richard Theodor Schneider 1526a1b041 adguardhome: Add schema_version 
This will add `passthru.schema_version` to be used as default value for
the adguardhome module.
It will also update the `update.sh` to keep the `schema_version` in sync
with the version by inspecting the sourcecode.

This might break existing configs, if they use deprecated values that don't
appear in newer schema_versions and schema_version wasn't set explicitly.
Explicit declarations of schema_version always have higher priority.

This also removes the `host` and `config` settings in favour of using the
appropriate `settings`.

Fixes #173938

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2022-10-25 17:35:27 +02:00
MidAutumnMoon 9b8fd74d68
nixos/nats: set proper SystemCallFilter 2022-10-25 16:47:46 +08:00
MidAutumnMoon 7742cd543d
nixos/yggdrasil: set proper SystemCallFilter 2022-10-25 16:09:31 +08:00
MidAutumnMoon bd8413e8e1
nixos/snowflake-proxy: set proper SystemCallFilter 2022-10-25 15:41:54 +08:00
MidAutumnMoon ba8041fc2b
nixos/croc: set proper SystemCallFilter 2022-10-25 11:51:40 +08:00
MidAutumnMoon db029623b7 nixos/dnscrypt-proxy2: properly set SystemCallFilter 2022-10-24 22:20:42 +10:00
schnusch 72ee279ab4 nixos/vdirsyncer: init 
inspired by borgbackup
 2022-10-23 23:23:13 +02:00
github-actions[bot] 18a6423900
Merge master into staging-next 2022-10-17 00:04:21 +00:00
Nick Cao 46982f4194
nixos/iwd: allow setting iwd package 2022-10-16 23:12:26 +08:00
Jörg Thalheim e24daea3d3 tailscale: improve formatting on warning message 2022-10-15 16:50:34 +02:00
github-actions[bot] 886633ba43
Merge master into staging-next 2022-10-15 00:04:00 +00:00
Sandro bdca71e9c0
Merge pull request #191924 from SuperSandro2000/ddclient-daemon 2022-10-14 23:52:14 +02:00
github-actions[bot] 283841a1ce
Merge master into staging-next 2022-10-14 06:20:50 +00:00
Timothy DeHerrera 912a3deedc
Merge pull request #110197 from milahu/patch-1 
firewall: move rpfilter to mangle.PREROUTING to fix conntrack
 2022-10-13 21:04:40 -06:00