tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-19 23:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
832315 commits 199 branches 75 tags 12 GiB
Commit graph

4793 commits

Author SHA1 Message Date
nicoo b375b56327 nixos/ncdns: remove dead code, mark unused parameters with _ 
Found using `deadnix`.
 2024-12-04 20:50:46 +00:00
nicoo adaee656c2 nixos/ncdns: Replace custom config format handling with pkgs.formats.toml 2024-12-04 20:50:46 +00:00
misuzu 52b4f50573
nixos/zeronet: fix settings option (#128976) 2024-12-04 21:42:01 +02:00
Frédéric Christ 07e283f2b1 modules/avahi: Enable IPv6 by default 
Avahi's default for `use-ipv6` is yes as well. I see no reason why we
should do this differently.
 2024-12-04 11:06:49 +01:00
misuzu b4837eea02
nixos/nbd: remove with lib; (#343506) 2024-12-04 00:51:47 +02:00
Wolfgang Walther 0f009407d9
various: remove syslog.target unit dependency (#154633) 
Resolves #149721
 2024-12-03 21:17:38 +01:00
Franz Pletz b9867333b6
nixos/fireqos: fix service not being enabled (#361402) 2024-12-03 21:12:39 +01:00
Leona Maroni 638568b385
nixos/frr: make runtime directory world-readable (#358930) 2024-12-03 16:34:58 +01:00
Martin Weinelt 566e53c2ad
nixos/knot: add missing CLIs to wrapper (#361139) 2024-12-03 13:40:06 +01:00
Franz Pletz c91e47f589
nixos/fireqos: modernize 2024-12-03 11:11:45 +01:00
budimanjojo 7ed1bb9467
nixos/fireqos: fix service not being enabled 
Signed-off-by: budimanjojo <budimanjojo@gmail.com>
 2024-12-03 16:44:27 +07:00
Alexander Sieg 46402be060 nixos/knot: add missing CLIs to wrapper 2024-12-02 17:17:19 +01:00
Sefa Eyeoglu 94d17479d4
nixos/searxng: limiter.toml reference moved (#348761) 2024-12-02 17:09:16 +01:00
misuzu 400af872ce
networkd-dispatcher: don't patch conf file path, add extraArgs option (#265348) 2024-12-02 17:37:50 +02:00
Martin Weinelt 3828bc6e11
nixos/kea: fix settings example (#361068) 2024-12-02 14:13:16 +01:00
bloominstrong 798c3d20d3 nixos/kea: fix settings example 
As of 2.6.0 subnet-ids need to be provided in the setitngs, adding that to the dhcp{4,6}.settings example
 2024-12-02 21:49:10 +10:00
Alexander Sieg 12c4224d83
nixos/shairport-sync: restart the systemd service on failure (#357253) 2024-12-02 11:52:31 +01:00
misuzu dd9a2e26ac
nixos/nat: Match iptables behavior with nftables, add externalIP check (#277016) 2024-12-02 12:02:45 +02:00
misuzu 491c8c8e0a
nixos/netbird: fix coturn configuration (#356267) 2024-12-01 23:07:35 +02:00
Nick Cao 7fd3ecc74d
nixos/strongswan: update start_action option (#360731) 2024-12-01 13:47:27 -05:00
Michele Guerini Rocco 49f57fdb25
nixos/hostapd: allow octothorpe characters in SAE password (#356079) 2024-12-01 17:35:23 +01:00
RMT fc46ecd8c9
nixos/strongswan: update start_action option 2024-12-01 22:34:44 +08:00
Rick van Schijndel 35a2fc6117
nixos/aria2: allow fine tuning download file permissions (#359045) 2024-12-01 11:52:02 +01:00
TNE 46b2df60a5 nixos/nat: Allow NAT to still function when a forward default DROP iptables rule is in effect. 
This allows feature parity with the nftables "filterForward" firewall option when adding a ip forwarding default drop iptables rule.
 2024-12-01 09:36:02 +01:00
TNE 622376ecb0 nixos/nat: Prevent NAT reflection on connections not coming from behind the NAT 2024-12-01 09:36:02 +01:00
TNE 6cb4e7d591 nixos/nat: Only connections made to the nat.externalIP will be port forwarded. 2024-12-01 09:36:02 +01:00
Azat Bahawi 130bb06af1
nixos/zapret: extra features (#356339) 2024-11-30 21:08:58 +03:00
Felix Buehler 07894f4f30 nixos/services.stunnel: remove with lib; 2024-11-28 19:08:42 +01:00
Felix Buehler 93d6b8180e nixos/services.oink: remove with lib; 2024-11-28 19:08:42 +01:00
Felix Buehler 2d4a4c110a nixos/services.nylon: remove with lib; 2024-11-28 19:08:42 +01:00
Felix Buehler 2bf4393a9b nixos/networking.nftables: remove with lib; 2024-11-28 19:08:42 +01:00
Felix Buehler 83cc2cd01f nixos/services.nebula: remove with lib; 2024-11-28 19:08:42 +01:00
Felix Buehler e14d1dc198 nixos/services.ncdns: remove with lib; 2024-11-28 19:08:42 +01:00
Leona Maroni 57decfd591
nixos/wg-access-server: bugfix missing cfg dns.enabled (#352839) 2024-11-27 18:04:46 +01:00
MakiseKurisu e9e23cd28c
nixos/aria2: allow fine tuning download file permissions 2024-11-26 00:04:31 +08:00
Jared Baur 7b87a185a8 nixos/clatd: use clat-dev if it exists in settings 
Otherwise, fallback to the default interface name `clat`.
 2024-11-25 23:24:11 +11:00
Jared Baur 7665f6cb34 nixos/clatd: fix NetworkManager integration for dispatcher script 2024-11-25 23:24:11 +11:00
Molly Miller f014b0d415 nixos/frr: make runtime directory world-readable 
FRR intends for non-root users to connect to the VTY sockets if they
are members of the frrvty group, however this is not possible if
non-root/non-frr users cannot access the runtime directory. The
sockets used by the FRR daemons for internal IPC are also created in
the runtime directory, however these are created with appropriately
restrictive permissions to prevent interference.
 2024-11-25 10:10:06 +01:00
Majiir Paktu 3c7196f05b nixos/networkd-dispatcher: add extraArgs option 
The service file in the package adds $networkd_dispatcher_args to
ExecStart=.
 2024-11-23 14:17:57 -05:00
Sandro d1c079db10
nixos/suricata: Fix module and add to module-list (#349826) 2024-11-23 18:30:55 +01:00
Sefa Eyeoglu ecd6e1eed1
nixos/netbird: fix port conflict on metrics endpoint (#357105) 2024-11-22 20:03:23 +01:00
Dmitry Voronin 3890e029e3
nixos/zapret: extra features 2024-11-22 04:45:46 +03:00
TheRealGramdalf bfc160a84c nixos/netbird: fix port conflict on metrics endpoint 2024-11-21 05:31:53 +00:00
Naïm Favier b294762bb9
nixos/libreswan: use environment.etc."ipsec.secrets".text 
This is to ensure compatibility with the networkmanager module, which
uses the `text` option.
 2024-11-20 19:59:02 +01:00
TobTobXX 26fbd1adbe
nixos/bind: Fix cacheNetworks option 
services.bind.cacheNetworks should only apply to recursive queryies, as
per the option documentation:
> Note that this is for recursive queries – all networks are allowed to
> query zones configured with the zones option by default [...].

This would correspond to the `allow-query-cache` option in named.conf,
as per the BIND docs[1]:
> Specifies which hosts (an IP address list) can access this server’s
> cache and thus effectively controls recursion.

And not `allow-query`, which restricts all requests (including requests
where the server has authority) [2]:
> Specifies which hosts (an IP address list) are allowed to send queries
> to this resolver.
> [...]
> Note:
> `allow-query-cache` is used to specify access to the cache.

[1]: https://bind9.readthedocs.io/en/v9.20.0/reference.html#namedconf-statement-allow-query-cache
[2]: https://bind9.readthedocs.io/en/v9.20.0/reference.html#namedconf-statement-allow-query
 2024-11-20 10:47:06 +01:00
Jordan Williams dde8ee1179
nixos/shairport-sync: restart the systemd service on failure 
This ensures shairport-sync is running, even after crashes.
 2024-11-19 06:51:12 -06:00
Martin Joerg 0afba0d517 python312Packages.magic-wormhole-mailbox-server: 0.4.1 -> 0.5.1 
https://github.com/magic-wormhole/magic-wormhole-mailbox-server/compare/refs/tags/0.4.1...refs/tags/0.5.1
https://github.com/magic-wormhole/magic-wormhole-mailbox-server/blob/0.5.1/NEWS.md

Python 3.12 is now supported
 2024-11-18 07:37:49 +00:00
royce-c 9af100479c nixos/chrony: fix memory locking issue with graphene-hardened-light 
The chronyd.service fails with 'graphene-hardened-light' unless enableMemoryLocking is set to false.
 2024-11-17 16:07:36 -08:00
Jared Baur 027e77778c
nixos/hostapd: allow octothorpe characters in SAE password 
The `saePasswordsFile` option mentions that lines beginning with `#` are
ignored, however the current regexp ignores all lines with `#` located
anywhere in the line. In order to better fit the documentation, the
regexp has been changed to only allow `#` at the beginning of the line,
with optional whitespace.
 2024-11-17 11:39:17 -08:00
Tom Fitzhenry a2337e4f6c nixos/spiped: use systemctl restart during activation 
As is common with other networking services, stopIfChanged=true (the default) can cause O(seconds) downtime during activation.

Reduce this downtime by disabling stopIfChanged as done in:
* sshd https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L569
* tailscale https://github.com/NixOS/nixpkgs/pull/170210
 2024-11-17 20:39:25 +11:00
Tom Fitzhenry 235d103ff7 nixos/clatd: add enableNetworkManagerIntegration option 2024-11-17 20:38:55 +11:00
jopejoe1 95b30da133
nixos/shairport-sync: add package option (#355985) 2024-11-16 03:12:02 +01:00
Yaroslav Bolyukin 4b8fee2274
nixos/netbird: fix coturn configuration 2024-11-15 21:05:56 +01:00
Weijia Wang cedd087b81
globalprotect-openconnect: Reinstate v1 (#355758) 2024-11-15 18:25:57 +01:00
Colin c00cdccd00
nixos/teleport: add required utils to path (#332810) 2024-11-15 13:16:39 +00:00
Jordan Williams 697fa78c9a
nixos/shairport-sync: add package option 2024-11-15 06:47:24 -06:00
bb2020 93d38a29e0 nixos/minidlna: add option 2024-11-15 15:18:54 +03:00
bb2020 547251956b nixos/minidlna: remove with lib 2024-11-15 15:18:43 +03:00
Guilhem Saurel 39e22be299 nixos/mptcpd: init 
Co-authored-by: Martin Weinelt <mweinelt@users.noreply.github.com>
 2024-11-15 08:53:01 +01:00
Colin 9bd0271b22
nixos/minidlna: add package option (#345770) 2024-11-15 06:29:43 +00:00
Rahul Rameshbabu b6bac07973
globalprotect-openconnect: Reformat expressions using RFC style 
The original work did not use the new nixfmt style.

Signed-off-by: Rahul Rameshbabu <sergeantsagara@protonmail.com>
 2024-11-14 09:28:04 -08:00
Rahul Rameshbabu 8f2fa04fd9
Revert "globalprotect-openconnect: remove deprecated 1.x package" 
This reverts commit b08d6a664f.

Signed-off-by: Rahul Rameshbabu <sergeantsagara@protonmail.com>
 2024-11-13 13:41:34 -08:00
Franz Pletz bb6d800c3a
iwd: update settings documentation (#352989) 2024-11-06 12:17:24 +01:00
Guilhem Saurel 71f467fc88 iwd: update settings documentation 
The link https://iwd.wiki.kernel.org/networkconfigurationsettings is
currently broken, as it redirect to the 404
https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/networkconfigurationsettings ; the correct link is
https://archive.kernel.org/oldwiki/iwd.wiki.kernel.org/networkconfigurationsettings.html but it is marked as obsolete, and tell the user to read the iwd.network(5) man.

Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
 2024-11-06 11:10:42 +01:00
Sandro a633b5fb12
OpenVPN: don't fail to restart stopped units (#345993) 2024-11-06 01:16:43 +01:00
Sandro Jäckel 22fea14d11
nixos/tftpd: cleanup 2024-11-04 15:55:13 +01:00
Sandro Jäckel 8440f6cc6f
nixos/tftpd: format with nixmft-rfc-style 2024-11-04 15:54:39 +01:00
Sandro Jäckel 7e6a0edf64
nixos/tftpd: remove with lib 2024-11-04 15:49:59 +01:00
PAEPCKE, Michael a58c8fee1e
nixos/wg-access-server: bugfix dns.enabled (yaml) 2024-11-01 17:09:34 +00:00
Nico Felbinger 9e608d46a9
nixos/suricata: add description fields for configuration 2024-11-01 14:42:53 +01:00
Yureka 959cb6b020 nixos/fastnetmon-advanced: set dbus implementation to dbus-broker 
Fixes "Failed to restart gobgp.service: Transport endpoint is not connected"

Fixes the nixos test

Change-Id: I96fe6ce8e69ec3038b349d45a8046ed93333dddb
 2024-10-31 01:50:34 +01:00
DCsunset acda73926d nixos/murmur: support setting user and group for service 2024-10-30 08:21:48 +00:00
DCsunset 2f0c3c88cb nixos/murmur: support setting custom state directory 2024-10-30 08:21:48 +00:00
Aleksana dbe33f99b7
nixos/soju: use message-store instead of deprecated log in config (#338650) 2024-10-29 17:37:21 +08:00
Aleksana 5fd2f5aac6
tailscaled: Add option to disable Taildrop (#346957) 2024-10-29 17:19:31 +08:00
Nico Felbinger 32d516c84d
nixos/radicale: fix links to documentation 2024-10-28 19:56:12 +01:00
Felix Bühler 3f8d6caed2
nixos/xl2tpd: prefer 'install' over 'chmod/chown' (#302388) 2024-10-27 19:21:21 +01:00
Martin Weinelt 5e10c1522b
nixos/avahi-daemon: set up sandboxing (#348406) 2024-10-26 16:22:04 +02:00
Martin Weinelt ca4f13857c
nixos/coturn: set up sandboxing (#348396) 2024-10-26 16:21:46 +02:00
Michele Guerini Rocco 9a415c28ae
dhcpcd: fix more permissions errors (#351225) 2024-10-26 02:00:23 +02:00
rnhmjoj 483e44684d
dhcpcd: fix permissions error with secondary IPv4 addresses 
If dhcpcd receives a secondary IPv4 address from the DHCP server it
tries to enable automatic promotion from secondary to primary by writing
`1` to /proc/sys/net/ipv4/conf/%s/promote_secondaries.
 2024-10-25 21:33:30 +02:00
Felix Bühler 29cdb4373e
pptpd: prefer 'install' over 'chmod/chown' (#308085) 2024-10-25 20:48:22 +02:00
Aadniz 4b44081827 nixos/searxng: limiter.toml reference moved 
fd814aac86 (diff-c33cdfa4503c019bc49259acad45fc0a895a127b20ae3ffefaa12b7c439d4aa2)
 2024-10-25 14:27:12 +02:00
Sefa Eyeoglu 15aad9d3a1
nixos/ntpd: cleanup; add tests (#349633) 2024-10-24 15:21:01 +02:00
Martin Weinelt 8a2439f1c2
nixos/avahi-daemon: set up sandboxing 2024-10-24 15:04:14 +02:00
rcerc 42d887adbf nixos/supplicant: Always provide a first configuration file argument 
`wpa_supplicant` refuses to start when `configFile.path == null` because this
omits the `-c` (‘Configuration file’) option, which it requires even if the
`-I` (‘additional configuration file’) option is provided. If `configFile.path
== null`, pass `extraConfFile` with `-c` instead of `-I` to prevent this.
 2024-10-24 08:25:02 +02:00
Kerstin Humm b12bcabd24
maintainers: remove erictapen from packages that I don't really maintain anymore 2024-10-22 12:32:29 +02:00
K900 099cde3a92
Revert "nixos/ssh: disable authorizedKeysInHomedir by default" 2024-10-20 21:32:29 +03:00
Jake Hillion ba01c8bab3 nixos/resilio: set rslsync gid 2024-10-20 17:51:14 +01:00
nicoo 06929a6fb0
nixos/ssh: disable authorizedKeysInHomedir by default (#309025) 2024-10-20 16:19:25 +00:00
Tomo 8d642257fb
nodePackages.shout: drop (#349715) 2024-10-19 18:46:30 -07:00
Pyrox 4e632e9c3f
nixos/ntpd: Add hardening 2024-10-19 14:26:17 -04:00
Pyrox 53bc9450bc
nixos/ntpd: Use StateDirectory instead of a preStart script 2024-10-19 14:26:00 -04:00
Tomo 76c7c2dd88 nodePackages.shout: drop 
shout has been deprecated since 2016:
90a62c56af

Also, move the top-level `shout` alias to `pkgs/top-level/aliases.nix`.

Part of #229475
 2024-10-19 17:53:20 +00:00
Nick Cao f8b17f235e
nixos/sing-box: generate config file into RuntimeDirectory (#338457) 2024-10-19 10:11:00 -04:00
Pyrox 297f21e357
nixos/ntpd: format with nixfmt-rfc-style 2024-10-19 04:39:16 -04:00
Peder Bergebakken Sundt 03d8f52dc6
nixos/tailscale: document tailscale-autoconnect (#347881) 2024-10-19 07:01:26 +02:00
Peder Bergebakken Sundt 465201822e
nixos/mihomo: fix option type and test (#345891) 2024-10-19 06:58:41 +02:00
Sandro f0bc4f6bbf
nixos-firewall-tool: add nftables support (#324615) 2024-10-18 23:57:39 +02:00
HackerNCoder 63cd2b8e03 nixos/bind: rndc-confgen should not chown file 2024-10-18 22:23:28 +02:00
nicoo 6c62fbf539 nixos/sshd: warn if no authorized keys, and no authentication method other than pubkeys, were configured 2024-10-18 20:23:02 +00:00
nicoo 1f08575e3a nixos/sshd: Disable authorizedKeysInHomedir if stateVersion >= 24.11 
Co-authored-by: Valentin Gagarin <valentin@gagarin.work>
 2024-10-18 20:21:12 +00:00
Stanisław Pitucha 87c458e3ce
nixos/go-camo: fix shellcheck findings with enableStrictShellChecks enabled (#349557) 2024-10-19 06:22:18 +11:00
jmir1 858b5c6762 nixos/ddclient: Fix ip command with usev4 and usev6 2024-10-18 20:32:16 +02:00
Gary Guo cabbab19e2
nixos-firewall-tool: add nftables support 
Co-authored-by: Rvfg <i@rvf6.com>
 2024-10-18 20:16:27 +02:00
HackerNCoder 4855723c87 nixos/bind: Make ProtectSystem strict, add missing SystemCallFilters 
ReadWritePaths now gets the directory of zone files
 2024-10-18 19:36:10 +02:00
HackerNCoder 1cb6d22386 nixos/bind: harden systemd service 2024-10-18 16:38:30 +02:00
Vladimír Čunát a8f84a9dff
nixos/kresd: add link to upstream doc (#311915) 2024-10-18 10:22:18 +02:00
David McFarland cd286b21e4
resolvconf: use correct output files when used with dnsmasq (#349320) 2024-10-17 16:44:18 -03:00
David McFarland 403604ca66 resolvconf: use correct output files when used with dnsmasq 2024-10-17 14:20:57 -03:00
Adam Stephens bece21421b
nixos/atticd: wants network-online.target 
fixes:

trace: evaluation warning: atticd.service is ordered after 'network-online.target' but doesn't depend on it
 2024-10-16 12:36:19 -04:00
K900 70cc7b62f2
nixos/murmur: Set UMask to 027 (#348652) 2024-10-16 05:16:09 +03:00
Robert Schütz fb2d897809
nixos/headscale: don't set deprecated options in config (#347991) 2024-10-15 16:22:18 -07:00
Azat Bahawi e2337957df
nixos/zapret: init (#347805) 2024-10-15 20:37:40 +00:00
Dmitry Voronin 5a5c04d1ea
nixos/zapret: init 2024-10-15 21:51:53 +03:00
Peder Bergebakken Sundt 13bf1d6259
nixos/resilio: add package option (#346427) 2024-10-15 20:38:41 +02:00
Martin Weinelt 72dd22a02d
nixos/coturn: reindent, unclutter 
Make the module slightly easier to browse.
 2024-10-15 18:31:52 +02:00
Martin Weinelt 6d9089c67d
nixos/coturn: set up sandboxing 2024-10-15 18:31:52 +02:00
Felix Singer 13f6e2d85f nixos/murmur: Set UMask to 027 
Group only needs limited access, while other users don't need access at
all. So set the UMask to 027.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2024-10-15 02:43:42 +02:00
Sandro Jäckel db12279890
nixos/go-camo: fix shellcheck findings with enableStrictShellChecks enabled 2024-10-14 18:21:30 +02:00
Michele Guerini Rocco 35618d0b14
nixos/dhcpcd: fix race between namespace setup and resolvconf (#348305) 2024-10-14 15:44:32 +02:00
Adam C. Stephens 86420f4ee8
nixos/atticd: init module (#347749) 2024-10-14 09:33:35 -04:00
Vladimír Čunát 46954f61c6
nixos/knotd: extend SystemCallFilter 
It was breaking knot-dns.tests.knot
New knotd uses fchown to cover cases where user changes during startup.
In typical Linux cases the user is kept the same and there are
capabilities instead, but the syscall still happens and got caught here.
 2024-10-14 10:26:46 +02:00
rnhmjoj 52e2e7027d
dhcpcd: fix race between namespace setup and resolvconf 
systemd requires paths in `ReadWritePaths=` to exist before setting up
the service sandbox, so dhcpcd should be ordered after resolvconf.
Making resolvconf a oneshot service ensure `After=resolvconf.service`
works correctly.
 2024-10-14 08:02:46 +02:00
Adam Stephens 8d4f3f2b3e
nixos/atticd: init module 
Copied from 1b29816235/nixos/atticd.nix and modified
 2024-10-13 08:23:34 -04:00
Robert Schütz cc4d29d353 nixos/headscale: assert that dns.base_domain is set when using MagicDNS 2024-10-12 18:28:17 -07:00
Robert Schütz 0673e98248 nixos/headscale: update option descriptions 2024-10-11 20:17:15 -07:00
Robert Schütz dfb0f00fc9 nixos/headscale: don't set deprecated options in config 
We cannot use `mkRenamedOptionModule` or `mkRemovedOptionModule` inside
a freeform option. Thus we have to manually assert these deprecated
options aren't used rather than aliasing them to their replacement.
 2024-10-11 20:05:29 -07:00
Robert Schütz d4ae06c73b nixos/headscale: assert that server_url does not contain base_domain 2024-10-11 13:29:04 -07:00
Peder Bergebakken Sundt 233d422887 nixos/tailscale: document tailscale-autoconnect 2024-10-11 10:59:49 +02:00
github-actions[bot] aa2334f4a8
Merge master into staging-next 2024-10-11 00:14:02 +00:00
h7x4 e49f3574ab
nixos/fedimintd: make nginx url forwarding path configurable (#347604) 2024-10-10 21:14:20 +02:00
github-actions[bot] a5883bc172
Merge master into staging-next 2024-10-10 12:05:39 +00:00
Franz Pletz 1479e0c4de
nixos/frr: refactor (#327099) 2024-10-10 12:55:34 +02:00
Pol Dellaiera a72a8bcfb3
treewide: fix typo chown -> chmod (#347678) 2024-10-10 10:55:34 +02:00
r-vdp 9f1d2e97af
nixos/shorewall: Fix typo, chown -> chmod 2024-10-10 09:02:58 +02:00
Dawid Ciężarkiewicz 570454c295
nixos/fedimintd: make nginx url forwarding path configurable 
Some users would like to customize it.

Also, in current versions of fedimint p2p port in the URL
must be set, due to some bug, so update the example value
to reflect that.
 2024-10-09 14:28:51 -07:00
Frank Doepper ecdfb14ef9 nixos/frr: refactor 
- use upstream service and scripts
- switch to integrated-vtysh-config, abandon per-daemon config
- use always daemon names in options (e.g. ospf -> ospfd)
- zebra, mgmtd and staticd are always enabled
- abandon vtyListenAddress, vtyListenPort options; use
  just "extraOptions" or "options" instead, respectively
- extend test to test staticd
- update release-notes
- pkgs.servers.frr: fix sbindir and remove FHS PATH
- introduce services.frr.openFilesLimit option
 2024-10-09 22:49:50 +02:00
K900 0717a4da77 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-09 21:08:25 +03:00
Franz Pletz ca912828ba
nixos/dhcpcd: allow jemalloc and mimalloc memory allocators (#346938) 2024-10-09 17:27:26 +02:00
Franz Pletz 689b9903ac
nixos/tailscale-derper: init (#306533) 2024-10-09 17:05:01 +02:00
Franz Pletz ae4102c9f3
headscale (module and package): 0.22.3 -> 0.23.0 (#340054) 2024-10-09 17:01:18 +02:00
K900 956f9243c0 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-08 21:15:13 +03:00
Izorkin c3e32a04ae
nixos/dhcpcd: allow jemalloc and mimalloc memory allocators 2024-10-08 14:12:27 +03:00
Florian Klink 146e83d76b
dhcpcd: enable sandboxing options (#208780) 2024-10-08 13:09:11 +03:00
github-actions[bot] 5fa43e7396
Merge master into staging-next 2024-10-07 06:05:15 +00:00
Emily 1a53b400e5
mongodb: mongodb-5_0 -> mongodb-7_0; mongodb-5_0: drop; unifi: unifi7 -> unifi8; unifi{7,-video}: drop (#345625) 2024-10-07 01:38:54 +01:00
Emily b0395df085 unifi7: drop 2024-10-06 22:47:41 +01:00
Dionysis Grigoropoulos 8e9ae86774
tailscaled: Add option to disable Taildrop 2024-10-07 00:22:59 +03:00
Izorkin 611b1d53b7
dhcpcd: enable sandboxing options 2024-10-06 23:46:18 +03:00
github-actions[bot] 7ab01e096c
Merge master into staging-next 2024-10-06 18:03:58 +00:00
Sandro 020c26717f
nixos/quorum: fix geth args, fix test (#341181) 2024-10-06 14:06:31 +02:00
github-actions[bot] ff851b037d
Merge master into staging-next 2024-10-06 00:15:37 +00:00
Nick Cao 9e012ecbf2
nixos/sing-box: generate config file into RuntimeDirectory 2024-10-05 18:18:23 -04:00
h7x4 25f2846361
nixos/bind: set type of zones.*.extraConfig to lines (#346424) 2024-10-05 21:07:26 +02:00
github-actions[bot] 94cb2166da
Merge master into staging-next 2024-10-05 12:05:30 +00:00
r-vdp 94532d1530 nixos/syncthing: remove syncthing-resume service 
It was removed upstream in https://github.com/syncthing/syncthing/pull/9611
and the stub generated by nixos now prints an error in the logs due to
it not having a ExecStart line.
 2024-10-05 12:55:39 +02:00
github-actions[bot] e9c8665026
Merge master into staging-next 2024-10-05 00:14:01 +00:00
Anthony Roussel 17fd7e3eea
nixos/gns3-server: fix ubridge support (#303442) 2024-10-04 22:16:13 +02:00
Peder Bergebakken Sundt f0ad87bdd7 nixos/resilio: add package option 2024-10-04 15:13:04 +02:00
Felix Stupp 6de4d04fdb
nixos/bind: set type of zones.*.extraConfig to lines 
allowing multiple definitions of that option to be merged, because:
- their order should be irrelevant
- it might make sense to declare multiples of them at different locations
 2024-10-04 14:49:12 +02:00
github-actions[bot] 579054c806
Merge master into staging-next 2024-10-04 00:14:14 +00:00
h7x4 c760c830d4
nixos/fedimintd: init service (#322815) 2024-10-03 23:53:30 +02:00
Nico Felbinger 924ee0c2bc nixos/suricata: init module 2024-10-03 22:50:30 +02:00
Dawid Ciężarkiewicz ba727987d4
nixos/fedimintd: init services 2024-10-03 13:05:12 -07:00
Sandro Jäckel d82d689716
nixos/tailscale-derper: init 2024-10-03 22:04:40 +02:00
github-actions[bot] 0e9a6f22a1
Merge master into staging-next 2024-10-03 00:14:11 +00:00
lassulus def08aa2e3
jitsi-meet: Default NAT harvester, Excalidraw Caddy, Prosody lockdown (#280615) 2024-10-02 21:08:06 +01:00
Adam Dinwoodie 2a15702bc8 nixos/openvpn: don't fail to restart stopped units 
The current OpenVPN restart-after-sleep script will return a non-zero
exit code if the system resumes from sleep and there are no active
OpenVPN units, resulting in systemd reporting the system as degraded.
Avoid that by only attempting to restart OpenVPN programs that are
actually running at the time.  This also means that any user-managed
OpenVPN sessions won't be affected by NixOS's OpenVPN handling.
 2024-10-02 19:36:48 +01:00
aktaboot 15119b8244 nixos/mullvad-vpn: remove unneeded hacks 
iproute2 rt_tables are no longer used upstream

and loose Reverse-Path seems to no longer be needed, according to my local test
 2024-10-02 17:20:21 +02:00
github-actions[bot] 58677f23e2
Merge master into staging-next 2024-10-02 12:05:45 +00:00
Peder Bergebakken Sundt ed72e91db1 nixos/mihomo: fix option type 2024-10-02 10:57:28 +02:00
Daniel Nagy 1d8136e1ae
nixos/i2pd: fix build 2024-10-02 09:45:00 +02:00
Gautier DI FOLCO 5970720f1c
nixos/minidlna: add package option 2024-10-01 23:39:36 +02:00
Kristoffer Dalby abb3b0089b
nixos/headscale: update module to headscale 0.23.0 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2024-10-01 21:53:33 +02:00
Kristoffer Dalby 5dd728a081
nixos/headscale: modernize 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
 2024-10-01 20:40:19 +02:00
K900 3f7da3dfa9 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-01 08:44:24 +03:00
h7x4 636185e25a
seafile: 10.0.1 -> 11.0.12 (#318727) 2024-09-30 23:53:02 +02:00
K900 b29cb6c1f9 Merge remote-tracking branch 'origin/master' into staging-next 2024-09-30 20:23:25 +03:00
Erin Yuki Schlarb 61cf88212d jitsi-videobridge: Set configurable default NAT harvester address to make the 
service work behind NAT without additional manual configuration
 2024-09-30 18:19:33 +02:00
Martin Weinelt b47b572e21
nixos/freeradius: fix group assignment for radius user 2024-09-30 15:50:13 +02:00
Alyssa Ross ac037f0b18
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
	pkgs/development/compilers/llvm/common/default.nix
 2024-09-29 20:10:12 +02:00
Naïm Camille Favier 7cba8410f7
nixos/networkmanager: set up /etc/ipsec.secrets as required by the L2TP plugin (#340325) 2024-09-29 18:56:59 +02:00
github-actions[bot] 8e5ca58e0a
Merge master into staging-next 2024-09-29 12:05:05 +00:00
Bruno Bigras 1336b64235
Add veilid module (#330585) 2024-09-29 04:30:44 -04:00
Michele Guerini Rocco a08c2e29b9
nixos/monero: remove with lib; (#343474) 2024-09-29 09:36:21 +02:00
github-actions[bot] 080ddac139
Merge master into staging-next 2024-09-29 00:15:45 +00:00
melvyn 073099d0f7
nixos/seafile: add persistent user, configurable storage path, gc service 2024-09-28 19:09:58 -04:00
melvyn d3b5dc8da1
nixos/seafile: add persistent user, configurable storage path, gc service 2024-09-28 17:57:02 -04:00
Franz Pletz e8486ebc7f
freeradius: add option to compile with postgres (#265762) 2024-09-28 22:56:08 +02:00
Daniel Nagy 6512103dfe
nixos/monero: remove with lib; 2024-09-28 22:30:00 +02:00
github-actions[bot] 8693fc15c4
Merge master into staging-next 2024-09-28 18:04:13 +00:00
Franz Pletz 79a01a8631
pleroma: 2.6.3 -> 2.7.0 (#333283) 2024-09-28 15:36:27 +02:00
Franz Pletz 1ee99a4837
tailscaled: after NetworkManager-wait-online (#344678) 2024-09-28 15:26:00 +02:00
Franz Pletz a3f79b7d63
tailscale: add su to path (#344947) 2024-09-28 15:22:40 +02:00
github-actions[bot] aef46265d9
Merge master into staging-next 2024-09-28 12:05:16 +00:00
Jörg Thalheim 076f2f69f3
sshd: fix shellcheck warnings in prestart script (#340484) 2024-09-28 09:49:25 +02:00
github-actions[bot] 9badc90a26
Merge master into staging-next 2024-09-28 00:13:56 +00:00
Mikilio 938d190ed2
tailscale: add su to path 
this adds access to `su` via security wrappers
 2024-09-27 23:05:20 +02:00
Atemu e8d40a7f34
nixos/i2pd: remove with lib; (#343476) 2024-09-27 21:58:59 +02:00
Gary Guo 162f0719e9 nixos/freeradius: fix radius group 
A group must be selected since it no longer defaults to nogroup
 2024-09-27 20:11:57 +01:00
Gary Guo d0481239c1 nixos/freeradius: add option to override package 2024-09-27 20:11:56 +01:00
Picnoir 50ffaf03bb nixos/pleroma: format module with nixfmt 2024-09-27 19:30:14 +02:00
Picnoir aa666ce8f1 nixos/pleroma: move migrations to their own systemd unit 
Running the migrations in a systemd execStartPre was a mistake. The
migrations can be pretty long to run and easily time-out.

Moving this to a proper oneshot service solves this issue and makes
this fits better the systemd execution model. We can now easily filter
the migrations logs.
 2024-09-27 19:29:41 +02:00
github-actions[bot] c8c18095f9
Merge master into staging-next 2024-09-26 18:04:33 +00:00
Marin 0d822ccdbc tailscaled: after NetworkManager-wait-online 
The wait will only be enabled on machines with NetworkManager enabled.

Closes #180175
 2024-09-26 12:12:46 -04:00
Lucas Chaim 9e6338ffaf nixos/tailscale: add authKeyParameters 
Adds `config.services.tailscale.authKeyParameters`
 2024-09-26 07:28:19 -03:00
K900 a9128ce2f2 Merge remote-tracking branch 'origin/master' into staging-next 2024-09-25 21:07:19 +03:00
Robert James Hernandez 6c527bf0fb nixos/scion: init scion-ip-gateway module 2024-09-25 19:08:33 +02:00
Artturin f0e657f3b1 Merge branch 'master' into staging-next 2024-09-25 06:05:01 +03:00
Artturin e0464e4788 treewide: replace stdenv.is with stdenv.hostPlatform.is 
In preparation for the deprecation of `stdenv.isX`.

These shorthands are not conducive to cross-compilation because they
hide the platforms.

Darwin might get cross-compilation for which the continued usage of `stdenv.isDarwin` will get in the way

One example of why this is bad and especially affects compiler packages
https://www.github.com/NixOS/nixpkgs/pull/343059

There are too many files to go through manually but a treewide should
get users thinking when they see a `hostPlatform.isX` in a place where it
doesn't make sense.

```
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv.is" "stdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv'.is" "stdenv'.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "clangStdenv.is" "clangStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "gccStdenv.is" "gccStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenvNoCC.is" "stdenvNoCC.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "inherit (stdenv) is" "inherit (stdenv.hostPlatform) is"
fd --type f "\.nix" | xargs sd --fixed-strings "buildStdenv.is" "buildStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "effectiveStdenv.is" "effectiveStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "originalStdenv.is" "originalStdenv.hostPlatform.is"
```
 2024-09-25 00:04:37 +03:00
Anthony ROUSSEL c1104aee4d nixos/gns3-server: disable SystemD hardening 2024-09-23 20:46:18 +02:00
Anthony Roussel 77edd2b066 nixos/gns3-server: disable SystemD DisableUser 
Usage of DynamicUser is compatible with SUID wrappers.
GNS3 needs to call ubridge via its SUID Wrapper to work.
 2024-09-23 20:46:17 +02:00
Anthony Roussel 46044101f3 nixos/gns3-server: fix ubridge_path 2024-09-23 20:46:17 +02:00
github-actions[bot] 9a6f63ebed
Merge master into staging-next 2024-09-23 18:04:34 +00:00
Daniel Nagy 201d35822e
nixos/nar-serve: remove with lib; (#343472) 2024-09-23 15:40:56 +02:00
figboy9 56f8f810ae nixos/veilid: fix description link 2024-09-23 13:30:38 +09:00
github-actions[bot] 6bb2408295
Merge master into staging-next 2024-09-22 12:05:17 +00:00
Weijia Wang 84cd38f778
globalprotect-openconnect: add core logic and packages for 2.x releases (#316526) 2024-09-22 12:07:33 +02:00
Felix Singer 421d1b8974 nixos/{redmine,murmur}: Add Felix Singer as maintainer 
I'm maintaining the associated packages. So it makes sense to add myself
to their modules as well.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2024-09-22 08:35:08 +02:00
Rahul Rameshbabu b08d6a664f
globalprotect-openconnect: remove deprecated 1.x package 
The 1.x iteration of globalprotect-openconnect is no longer being
developed. Remove related components from nixpkgs.

Signed-off-by: Rahul Rameshbabu <sergeantsagara@protonmail.com>
 2024-09-21 10:20:21 -07:00
Daniel Nagy 06791fce8f
nixos/nbd: remove with lib; 2024-09-21 16:00:00 +02:00
github-actions[bot] d3ae261fc3
Merge master into staging-next 2024-09-21 12:05:16 +00:00
Daniel Nagy 608bd15ce5
nixos/i2pd: remove with lib; 2024-09-21 12:45:00 +02:00
Sandro a2fe2c872a
tailscale: only autoconnect after backend is up (#338210) 2024-09-21 11:27:18 +02:00
Daniel Nagy 991fd5f462 nixos/yggdrasil: add nagy as maintainer 2024-09-21 06:30:54 +00:00
Daniel Nagy cb7635612e nixos/yggdrasil: remove with lib; 2024-09-21 06:30:54 +00:00
github-actions[bot] 754402a237
Merge staging-next into staging 2024-09-21 00:13:41 +00:00
Ryan Horiguchi c26ca03c4d nixos/dnsmasq: remove deprecated option "extraConfig" 2024-09-20 22:44:16 +02:00
K900 d8a54461fc Merge remote-tracking branch 'origin/staging-next' into staging 2024-09-20 07:27:56 +03:00
rnhmjoj 7efc956510
Revert "nixos/wireless: link config to /etc by default" 
This reverts commit 89eb93dc3f.

It broken setups where /etc/wpa_supplicant.conf is configured
imperatively and reloading of the service on configuration changes.
 2024-09-19 16:36:34 +02:00
github-actions[bot] b638e02a58
Merge staging-next into staging 2024-09-18 00:13:59 +00:00
h7x4 f954d6185c
wstunnel: exclude TLS arguments when enableHTTPS is false (#342203) 2024-09-17 21:30:58 +02:00
K900 87cbfcba1c Merge remote-tracking branch 'origin/staging-next' into staging 2024-09-17 21:07:02 +03:00
Michele Guerini Rocco e3191b8ded
nixos/dhcpcd: harden and run as unprivileged user (#336988) 2024-09-17 19:21:11 +02:00
K900 1047f0a6bf nixos/hostapd: set default channel to auto 
The current default, 7, is, to put it nicely, absolutely ridiculous.

On 2.4 GHz, the only channels you should use are 1, 6 and 11, because
every other channel overlaps one of those and causes interference.

On 5/6 GHz, channel 7 does not exist at all.

Also, it's 2024, most things will support automatic channel selection,
and those that don't will likely need extra care to support prehistoric
hardware anyway.
 2024-09-17 19:07:47 +03:00
Raymond Douglas e868bfa5b1
wstunnel: exclude TLS arguments when enableHTTPS is false 2024-09-16 14:27:42 -07:00
Felix Buehler 4cbff7e5d4 nixos/services.cloudflared: fix filterConfig 2024-09-16 20:47:07 +02:00
Sandro fd3ddb6b60
dnscrypt-wrapper: remove package and NixOS modules (#341838) 2024-09-16 11:25:30 +02:00
rnhmjoj 234b7541be
dhcpcd: move database to /var/lib 2024-09-16 08:07:56 +02:00
rnhmjoj b447fd58c7
nixos/dhcpcd: harden and run as unprivileged user 2024-09-16 08:07:55 +02:00
rnhmjoj aff5d1d523
nixos/dhcpcd: remove ntpd workaround 
This workaround for NTP daemons has been there for 12 years and is most
likely not needed anymore.
 2024-09-16 08:07:55 +02:00
rnhmjoj a432668acf
dhcpcd: disable privsep by default 
The priviledge separation mode has several downsides:

  - it's incompatible with alternative memory allocators, including
    graphene-hardened;

  - it needs an unreleased patch to fix a crash;

  - it results in none less than 6 subprocesses running at any time,
    increasing the memory usage;

  - the privileged process (albeit not doing any networking related
    tasks) is still running as root, so it has complete access to the
    system.

Let's disable this by default and instead run dhcpcd as an unpriviledge
user with only the necessary capabilities.
 2024-09-16 01:23:54 +02:00
azahi 94c62f5036
nixos/networking.firewall: fix refactor regression 
This fixes a regression that was introduced in #335631
 2024-09-16 01:10:55 +03:00
Masum Reza a5cfe01240
nixos/shairport-sync: Add pulse group also for pipewire (#341172) 2024-09-15 23:39:57 +05:30
misuzu 2505777e0c nixos/netbird: remove misuzu as maintainer 2024-09-15 12:57:13 +00:00
Felix Buehler 1cd7970bb8 nixos/services.matterbridge: remove with lib; 2024-09-15 10:43:57 +02:00
Felix Buehler 252e9bb1e7 nixos/services.lxd-image-server: remove with lib; 2024-09-15 10:43:57 +02:00
Felix Buehler 2e30f07cc0 nixos/services.logmein-hamachi: remove with lib; 2024-09-15 10:43:57 +02:00
Felix Buehler 196a14a174 nixos/services.lldpd: remove with lib; 2024-09-15 10:43:57 +02:00
Felix Buehler 0d57426bae nixos/services.lambdabot: remove with lib; 2024-09-15 10:43:57 +02:00
Felix Buehler 081c71df4b nixos/services.keybase: remove with lib; 2024-09-15 10:43:57 +02:00
Felix Buehler f3bb24eb64 nixos/services.jotta-cli: remove with lib; 2024-09-15 10:43:57 +02:00
Felix Buehler 6c50168c7c nixos/services.jitsi-videobridge: remove with lib; 2024-09-15 10:43:57 +02:00
Felix Buehler fee0a07c28 nixos/services.jigasi: remove with lib; 2024-09-15 10:43:57 +02:00
Felix Buehler 0cca8e9756 nixos/services.jicofo: remove with lib; 2024-09-15 10:43:56 +02:00
Felix Buehler 050c81941d nixos/services.ivpn: remove with lib; 2024-09-15 10:43:56 +02:00
Felix Buehler aa27551b00 nixos/services.iodine: remove with lib; 2024-09-15 10:43:56 +02:00
Felix Buehler b610b3cac2 nixos/services.inadyn: remove with lib; 2024-09-15 10:43:56 +02:00
Felix Buehler f69dd2df9a nixos/services.i2p: remove with lib; 2024-09-15 10:43:56 +02:00
Felix Buehler 49224ecc3b nixos/services.htpdate: remove with lib; 2024-09-15 10:43:56 +02:00
Felix Buehler 9ceab680a6 nixos/services.haproxy: remove with lib; 2024-09-15 10:43:56 +02:00
Felix Buehler f30e72ffbb nixos/services.hans: remove with lib; 2024-09-15 10:43:56 +02:00
Felix Buehler a811ef8255 nixos/services.gobgpd: remove with lib; 2024-09-15 10:43:56 +02:00
Felix Buehler 90a98fc103 nixos/services.go-shadowsocks2: remove with lib; 2024-09-15 10:43:55 +02:00
Felix Buehler 2ec70782ab nixos/services.go-neb: remove with lib; 2024-09-15 10:43:55 +02:00
Felix Buehler 9ca9ac0b51 nixos/services.go-autoconfig: remove with lib; 2024-09-15 10:43:55 +02:00
Felix Buehler 3e72e14a6d nixos/services.gnunet: remove with lib; 2024-09-15 10:43:55 +02:00
Felix Buehler 7a65f58698 nixos/services.globalprotect: remove with lib; 2024-09-15 10:43:55 +02:00
Felix Buehler 878c5dc6eb nixos/services.gitDaemon: remove with lib; 2024-09-15 10:43:55 +02:00
Felix Buehler 0b865525e8 nixos/services.gdomap: remove with lib; 2024-09-15 10:43:55 +02:00
Felix Buehler d0901224e1 nixos/services.gateone: remove with lib; 2024-09-15 10:43:55 +02:00
Felix Buehler 191b68cd26 nixos/services.frr: remove with lib; 2024-09-15 10:43:55 +02:00
Felix Buehler fdcec053e6 nixos/services.frp: remove with lib; 2024-09-15 10:43:55 +02:00
Felix Buehler 7cc95389d1 nixos/services.freeradius: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler a49fa6ee3b nixos/services.freenet: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler 688b08939c nixos/services.flannel: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler 00d0e3ba98 nixos/networking.firewall: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler e915ced804 nixos/networking.firewall.nftables: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler 15edaa6e16 nixos/networking.firewall.iptables: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler f12d3df878 nixos/services.fireqos: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler 17f8650ace nixos/services.ferm: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler abc0a6e035 nixos/services.expressvpn: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler 19e88959ef nixos/services.eternal-terminal: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler 6233a59db3 nixos/services.epmd: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler a09250d8ab nixos/services.envoy: remove with lib; 2024-09-15 10:43:54 +02:00
Felix Buehler aa2c039ab0 nixos/services.ejabberd: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler e59cdc8e99 nixos/services.doh-proxy-rust: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler 504abe12d1 nixos/services.dnsmasq: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler 3a05a07ef7 nixos/services.dnsdist: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler 56576f90e3 nixos/services.dnscache: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler 630754ae20 nixos/networking.dhcpcd: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler 8681b42c62 nixos/services.ddclient: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler 657cd334e6 nixos/services.dante: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler 4589149299 nixos/services.create_ap: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler 7fcd972c94 nixos/services.coturn: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler bd2d5c89ce nixos/services.corerad: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler c4bbbbbb10 nixos/services.coredns: remove with lib; 2024-09-15 10:43:53 +02:00
Felix Buehler 6c6b5e7f80 nixos/services.consul: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler 5438332690 nixos/services.cntlm: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler 5506afac27 nixos/services.cloudflared: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler 14f2d0a94b nixos/services.cloudflare-dyndns: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler a3c69c111e nixos/services.clatd: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler 742185f18c nixos/services.cjdns: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler f6077c6bcd nixos/services.chisel-server: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler 87c989da08 nixos/services.cgit: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler 8e6795a029 nixos/services.blocky: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler 939ba8a2c3 nixos/services.blockbook-frontend: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler d9c47dac16 nixos/services.bitlbee: remove with lib; 2024-09-15 10:43:52 +02:00
Felix Buehler 416649cbe6 nixos/services.birdwatcher: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler c666e7b2dd nixos/services.bird-lg: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler 9ce866bc9b nixos/services.bind: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler 42facf73b7 nixos/services.biboumi: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler 6bf37cd201 nixos/services.bee: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler 7da36d70ff nixos/services.babeld: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler eb8d4ed264 nixos/services.avahi: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler d861803952 nixos/services.autossh: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler 06032d6956 nixos/services.atftpd: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler 681161adb6 nixos/services.asterisk: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler d63146859b nixos/services.amule: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler 46dc82d477 nixos/services.alice-lg: remove with lib; 2024-09-15 10:43:51 +02:00
Felix Buehler b1bbe81c8d nixos/services.adguardhome: remove with lib; 2024-09-15 10:43:50 +02:00
Felix Buehler 02bb53fbc3 nixos/services._3proxy: remove with lib; 2024-09-15 10:43:50 +02:00
figboy9 ca5cb00a4c nixos/veilid: format with nixfmt-rfc-style 2024-09-15 10:37:36 +09:00
figboy9 a01561ab26 nixos/veilid: add a description of options 2024-09-15 10:35:52 +09:00
rnhmjoj 016f6f9f58
dnscrypt-wrapper: remove package and NixOS modules 2024-09-14 17:22:48 +02:00
figboy9 16002b1628 fix systemd service based on veilid package 2024-09-14 18:25:26 +09:00
figboy9 55a594468a change dataDir 2024-09-14 18:20:01 +09:00
figboy9 0ea2046bc5 make opening the firewall optional 2024-09-14 18:15:14 +09:00
figboy9 318014034a reduce options 2024-09-14 18:03:02 +09:00
Michael Hoang d25d241e38
Update nixos/modules/services/networking/tailscale.nix 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2024-09-12 23:06:23 +10:00
Aaron Andersen 768f41fcf0
Revert "nixos/openvpn: add extraArgs option" (#341223) 2024-09-12 06:34:16 -04:00
Michele Guerini Rocco b94f259714
nixos/wireless: reimplement secrets using ext_password_backend (#180872) 2024-09-11 19:58:36 +02:00
Aaron Andersen 45dd09667f
Revert "nixos/openvpn: add extraArgs option" 2024-09-11 12:59:03 -04:00
ghpzin 5ab2ff7a7a
nixos/quorum: update geth flags 
- upstream commit changing ws args:
c989bca173
- upstream commit changing minerthreads arg:
f0998415ba
 2024-09-11 13:25:32 +03:00
John Titor 1c7e6a2de9
nixos/shairport-sync: Add pulse group also for pipewire 
Works according to https://github.com/mikebrady/shairport-sync/issues/1171

From 0e4664b497
 2024-09-11 15:21:14 +05:30
Aaron Andersen 7398438255
nixos/openvpn: add extraArgs option (#339016) 2024-09-10 19:36:32 -04:00
h7x4 c2090cb303
wstunnel: the ping frequency can now also be configured for the server (#339232) 2024-09-10 10:27:42 +02:00
r-vdp 342b5a8b85
sshd: fix shellcheck warnings in prestart script 2024-09-08 12:24:00 +02:00
Naïm Favier 6840ba251c
nixos/networkmanager: set up /etc/ipsec.secrets as required by the L2TP plugin 
The networkmanager-l2tp plugin expects /etc/ipsec.secrets to include /etc/ipsec.d/ipsec.nm-l2tp.secrets;
see https://github.com/NixOS/nixpkgs/issues/64965

In order for this to continue working if the strongswan module is
enabled, we use `"ipsec.secrets".text` instead of `.source` so that the
configurations of both modules are concatenated.
 2024-09-07 17:28:25 +02:00
Gabriel Fontes 13f6e6da35
nixos/matterbridge: add services.matterbridge.package option 2024-09-06 17:07:41 -03:00
Sachi King 361fde84f9 Revert "nixos/firewall: fix reverse path check failures with IPsec" 
The inclusion of the "meta ipsec" rule in the default reverse path
filtering breaks systems not built with specific XFRM kernel config
options.  Specifically CONFIG_XFRM must be set, which gets selected
by CONFIG_NFT_XFRM, which is hidden behind CONFIG_XFRM_USER.

These options are not selected by default in most defconfig's provided
by the kernel with the exception of some device-specific defconfigs.

These options are not set by the nix kernel common_config, and I would
argue that IPSec support does not belong in a minimal kernel as that
elevates its support status above other in-kernel VPN interfaces.

The contributor of this feature does not seem interested in working
towards a solution that does not break systems running kernels built
with "autoModules = false" while supporting this feature, and as this
silently breaks firewalls into an insecure state and poses an immediate
security issue I propose this be reverted until a solution that does not
break such systems is proposed.
https://github.com/NixOS/nixpkgs/pull/310857#discussion_r1742834970

Devices used as firewalls, if they do not have the required kernel
config, will fail to load the new firewall rules and will upon boot pass
traffic without any filtering into the internal network.

Devices exposed directly to the internet, after reboot, will boot
without filtering potentially exposing services not intended to be
exposed to the internet, such as databases.

The following platforms in nixpkgs appear to be impacted:
 - pc_simplekernel
 - pogoplug4
 - sheevaplug
 - zero-gravitas
 - zero-sugar
 - utilite
 - guruplug
 - beaglebone
 - fuloong2f_n32

References to hardware without autoModules can be found in
nixos-hardware, as well as in active third-party repos on github.

I suspect there are other users impacted that do not have their configurations
public, as autoModules = true leads to long compile times when targeting
kernels to less standard hardware or hardware with quirks that require
patches that cannot be upstreamed.

This reverts commit 3c12ef3f21.
 2024-09-04 11:51:15 +10:00
r-vdp 20291241fd
wstunnel: the ping frequency can now also be configured for the server 
See: https://github.com/erebe/wstunnel/pull/338
 2024-09-03 10:38:43 +02:00
Pol Dellaiera 930e12b9e8
nixos/services.openssh: remove with lib; (#339092) 2024-09-03 10:18:32 +02:00
Assistant 8119ec6478 nixos/syncplay: add missing options 
Exposes all currently available command-line arguments that were
missing, including some that were impossible to use with the catch-all
option `extraArgs` alone, requiring changes to other parts of the
system.
Those are now all self-contained in the module.
The service now uses systemd's `DynamicUsers`.
 2024-09-02 22:26:11 -04:00
Felix Buehler 5f8696e39c nixos/services.openssh: remove with lib; 2024-09-02 22:31:36 +02:00
Aaron Andersen 5e8cc27962 nixos/openvpn: add extraArgs option 2024-09-02 09:49:02 -04:00
ilmari-lauhakangas 930f82eaf3
nixos/soju: use message-store instead of deprecated log in config 
From message-store section in https://soju.im/doc/soju.1.html :
"(log is a deprecated alias for this directive.)"
 2024-08-31 19:05:42 +03:00
Felix Buehler 97070a2ea6 nixos/services.libreswan: remove with lib; 2024-08-30 23:01:18 +02:00
Felix Buehler 92f17f012d nixos/services.kresd: remove with lib; 2024-08-30 23:01:16 +02:00
Felix Buehler 5960372742 nixos/services.kea: remove with lib; 2024-08-30 23:00:56 +02:00
Felix Buehler 717fa0dea5 nixos/services.dnscrypt-wrapper: remove with lib; 2024-08-30 23:00:56 +02:00
Michael Hoang 185948bd01 tailscale: only autoconnect after backend is up 
Previously, if this service started before the backend is up,
`StatusText` would be empty leading to the service trying to run
`tailscale up` even if this device is already logged in.
 2024-08-30 01:27:40 +10:00
Philip Taron f26f92db9a
nixos/services.mosquitto: remove with lib; (#338022) 2024-08-28 15:05:19 -07:00
Felix Buehler 481df957a6 nixos/services.mosquitto: remove with lib; 2024-08-28 22:53:06 +02:00
Florian Klink c8912137a3
wstunnel: 9.7.4 -> 10.0.1 (#335185) 2024-08-28 10:56:59 +02:00
Herwig Hochleitner 98ce61be57
nixos/smokeping: do homedir management with systemd.tmpfiles (#332050) 
- ensures that everything in /var/lib/smokeping belongs to the service
- add nginx user to smokeping group, instead of allowing world to cd
  into somkeping homedir
 2024-08-27 14:37:34 +02:00
Emily 1162c1ed62
{tvheadend,antennas}: drop (#336395) 2024-08-27 02:47:56 +01:00
Maciej Krüger 00f536f650
Merge pull request #310857 from rnhmjoj/pr-firewall 
nixos/firewall: fix reverse path check failures with IPsec
 2024-08-25 15:06:49 +02:00
rnhmjoj 89eb93dc3f
nixos/wireless: link config to /etc by default 
This links the generated configuration to /etc/wpa_supplicant.conf
unless `allowAuxiliaryImperativeNetworks`. In the latter case the
file in /etc should be writable and the generated one remains only
in the Nix store.
 2024-08-22 21:46:05 +02:00
Emily a565cfeac3 antennas: drop 2024-08-22 15:51:27 +01:00
Emily 6fa5767e07 tvheadend: drop 
Closes: #332259
 2024-08-22 15:51:27 +01:00
r-vdp 6cac9e409c
wstunnel: reformat with nixfmt 2024-08-21 10:46:04 +02:00
Jörg Thalheim c43e67f69b
Merge pull request #335344 from Mic92/harmonia 
nixos/harmonia: switch to non-deprecated SIGN_KEY_PATHS
 2024-08-21 07:01:22 +02:00
Emily 25bdc22ac8
Merge pull request #334495 from Sigmanificient/liboop 
{liboop,lsh}: drop
 2024-08-20 19:02:29 +01:00
Sigmanificient e959525e15 lsh: drop 2024-08-20 12:02:12 +02:00
euxane 1768115589 nixos/cgit: handle list setting type 
The cgitrc file allows list of values to be set for some keys as
multiple definition lines.

This allows setting multiple "css" files to include or multiple
"readme" branch and file lookup paths to be set.
 2024-08-19 08:13:49 +02:00
rnhmjoj f235dda87f
nixos/wireless: reimplement secrets using ext_password_backend 
This replaces the current implementation (splicing the secrets into the
configuration file using environment variables) with the new built-in
mechanism ext_password_backend.

With some minor syntax changes, it works exactly as before, except the
heavy lifting is done by wpa_supplicant and probably less error-prone.
 2024-08-18 08:46:00 +02:00
Jörg Thalheim aa994dd296 harmonia: switch to non-deprecated SIGN_KEY_PATHS 2024-08-17 13:11:06 +02:00
Morgan Jones 99714ac2fc
nixos/nebula: add missing with maintainers 2024-08-16 12:13:40 -07:00
Franz Pletz 4bd91be1ad
Merge pull request #333462 from Luflosi/nixos-iperf3-package-option 2024-08-16 14:46:53 +02:00
Jörg Thalheim d9e8fc4b72
Merge pull request #323785 from Mic92/zerotier 
nixos/zerotierone: clean up local.conf symlinks unconditionally
 2024-08-16 09:35:35 +02:00
iopq 16782bd556 v2raya: add cliPackage option 
v2raya can now be run using the xray cli package as well
 2024-08-16 15:31:59 +08:00
a-kenji 0f13d8a4ba nixos/unbound: fix typos in description and comment 2024-08-14 23:53:58 +02:00
Adam C. Stephens 0536436018
Merge pull request #316466 from uninsane/rebrand-trust-dns 
hickory-dns: rename from trust-dns
 2024-08-11 07:35:03 -04:00
Colin f9df9508f4 hickory-dns: rename from trust-dns 2024-08-11 07:59:32 +00:00
Rob Sears bdcd19eff5
package reference was removed in 03d57d7 (#333504) 2024-08-09 21:42:42 +02:00
Sandro 03d57d7420
Merge pull request #332806 from isabelroses/fix/wpa_supplicant 2024-08-09 18:19:56 +02:00
Luflosi d80d811a6f
nixos/iperf3: add package option 2024-08-09 16:01:01 +02:00
Bjørn Forsman 4265f4354c nixos/mosquitto: fix "listeners" option default 
The option type is listOf, so the default should be an empty list, not
empty attrset.
 2024-08-08 23:59:36 +02:00
Justinas Stankevicius 3fa182e7ec nixos/teleport: add required utils to path 2024-08-06 22:43:34 +03:00
isabel 78a5508605
nixos/wpa_supplicant: don't use removed wpa_supplicant_ro_ssids 2024-08-06 20:33:23 +01:00
Sandro 8b43ee5545
Merge pull request #330522 from xokdvium/dev/init-rathole 
nixos/rathole: init module
 2024-08-05 18:07:25 +02:00
Lin Jian 48966eacad
Merge pull request #328365 from Guanran928/cloudflare-dyndns 
nixos/cloudflare-dyndns: introduce package option
 2024-08-03 15:10:25 +08:00
Lin Jian 7b9ef31afd
Merge pull request #331800 from Guanran928/treewide/remove-periods-from-lib-mkenableoption 
treewide: remove periods from lib.mkEnableOption
 2024-08-03 12:53:41 +08:00
Felix Uhl 57d30c7a61
nixos/wg-quick: add generatePrivateKeyFile option (#331253) 
This option is already present in the wireguard module, but missing from
the wg-quick module. This is very annoying, because it means you can't
easily get a safe and valid configuration on first boot when using
wg-quick.

This change adds the same option with the same description text and the
same script, but instead of generating an entire systemd unit dedicated
to creating the key file, it adds the script as a PreUp script, which
is a much simpler solution.

I've tested this in my own configuration, and it does indeed work.
wg-quick allows multiple PreUp scripts, which are run in order, and
all PreUp scripts are run before the private key is read from disk,
see `man wg-quick`.
 2024-08-03 00:07:27 +04:00
Guanran Wang ea6f4d5e86
treewide: remove periods from lib.mkEnableOption 
Co-authored-by: éclairevoyant <848000+eclairevoyant@users.noreply.github.com>
 2024-08-02 23:55:32 +08:00
tomberek 3758fa1f50
Merge pull request #299339 from teto/teto/wireguard-compact-unit 
networking.wireguard: generate leaner units
 2024-08-02 03:18:16 -04:00
tomberek 7d29722746
Merge pull request #322035 from jpds/nixos-nats-validate-config 
nixos/nats: Implemented configuration verification
 2024-08-02 02:37:48 -04:00
Bjørn Forsman 849492e6e2 nixos/deconz: mention RaspBee hardware 2024-08-01 16:48:38 +02:00
Bjørn Forsman aeaf887dcb nixos/deconz: update URL to hardware products 
There are multiple products/versions, so replace the "version 2" URL
with a landing page for all products.
 2024-08-01 16:48:38 +02:00
Michele Guerini Rocco de8d752e98
Merge pull request #319188 from buckley310/2024-06-11-wpa-supplicant 
nixos/wireless: fix quotes in config path
 2024-08-01 09:32:05 +02:00
euxane 4f2da6c9c1 nixos/fcgiwrap: add option migration instruction errors 
This adds migration instructions for the removed global shared instance
configuration of fcgiwrap.

Adding those explicit messages to the previous options requires moving
the newly defined options from `services.fcgiwrap.*` to
`services.fcgiwrap.instances.*` due to an option namespace clash.

`mkRenamedOptionModule` was not used because the previous options do
not directly map to the new ones. In particular, `user` and `group`
were described as setting the socket's permission, but were actually
setting the process' running user.

Co-authored-by: Minijackson <minijackson@riseup.net>
 2024-07-31 11:02:37 +02:00
zimbatm 5a353f15cc nixos/nar-serve: add domain option 2024-07-31 09:57:37 +02:00
zimbatm ed47bba9ad nixos/nar-serve: add package option 2024-07-31 09:57:36 +02:00
K900 7f2ec487cc nixos/i2pd: actually fix, clean up a little bit 2024-07-30 11:07:37 +03:00
K900 268299ad04 nixos/i2pd: fix warning 2024-07-29 23:36:08 +03:00
Jörg Thalheim 5356420466 treewide: remove unused with statements from maintainer lists 
$ find -type f -name '*.nix' -print0 | xargs -P "$(nproc)" -0 sed -i \
  -e 's!with lib.maintainers; \[ *\];![ ];!' \
  -e 's!with maintainers; \[ *\];![ ];!'
 2024-07-29 10:06:20 +08:00
figboy9 67b152a087 Add figboy9 to module maintainers 2024-07-28 14:42:12 +09:00
figboy9 69c6e3352d nixos/veilid: Add veilid service module 2024-07-28 14:03:49 +09:00
Sergei Zimmerman e3e6e94010
nixos/rathole: init module 
Adds a module for rathole package. The package itself
and this module is very similar to frp, so the options
and tests are not very far off from those for frp.
 2024-07-28 01:25:01 +03:00
Florian Klink 21e3a4214f nixos/wvdial: init module 2024-07-27 19:11:02 +03:00
Aleksana 577a9c43f3
Merge pull request #330042 from Sigmanificient/remove-leading-space-description 
treewide: remove trailing space in description
 2024-07-26 23:48:02 +08:00
Dennis Stengele 6f3ba8d714
nixos/zeronsd: init module and package (#253610) 
* zeronsd: init at 0.5.2

* nixos/zeronsd: init at 0.5.2

This is the module for the new zeronsd package.
 2024-07-26 15:20:56 +02:00
Sigmanificient 543cd40ecc treewide: remove trailing space in description 
Done using `grep -rP 'description\s+=\s+"[^"]+[ ]";' | cut -d ':' -f 1 |
xargs -i nvim {}` and sorting the opened files by hand, avoiding
generated packages list
 2024-07-26 03:38:50 +02:00
Masum Reza 81cb83b07f
Merge pull request #290008 from eum3l/add-opengfw 
opengfw: init at 0.4.0 (+NixOS module)
 2024-07-24 20:39:41 +05:30
eum3l 86ae0fca93 nixos/opengfw: init 2024-07-24 15:11:23 +02:00
Silvan Mosberger 473e469d5a
Merge pull request #328381 from tie/map-attrs-flatten 2024-07-24 13:32:34 +02:00
Franz Pletz b12aaa9f9b
Merge pull request #316139 from Luflosi/bind-service-wait-for-ready-status 2024-07-23 00:19:53 +02:00
Jörg Thalheim f09ab69a7e nixos/zerotierone: clean up local.conf symlinks unconditionally 2024-07-20 16:39:56 +02:00
Ivan Trubach 7919709a23 nixos/modules: use mapAttrsToList instead of mapAttrsFlatten 2024-07-19 11:39:39 +03:00
Guanran Wang 782e8513d3
nixos/cloudflare-dyndns: introduce package option 2024-07-19 14:45:09 +08:00
Matthew Croughan be9599e3d4
nixos/scion: introduce package option (#327765) 2024-07-19 02:30:10 +02:00
Darragh Elliott 61820de2d4 ddns-updater: Add module, test, update script 2024-07-17 21:56:05 +00:00
Shiva Kaul 04967c307f nixos/spiped: remove broken chmod's from preStart 
Remove `chmod`s which were (1) broken and (2) no longer considered good Nix practice.
 2024-07-14 22:04:53 +10:00
Martin Weinelt e62de266ad
Merge pull request #326149 from mguentner/remove_mxisd_ma1sd 
nixos/mxisd: remove module
 2024-07-12 13:15:11 +02:00
Maximilian Güntner 23e62062bc
nixos/mxisd: remove module 
mxisd and ma1sd are both unmaintained
 2024-07-12 11:44:59 +02:00
Masum Reza ae20d8d61a
Merge pull request #325951 from mjoerg/magic-wormhole-python-3.12 
magic-wormhole: make usable with Python 3.12
 2024-07-11 15:32:13 +05:30
Sandro 24cefb01b3
Merge pull request #284419 from ocfox/realm 2024-07-11 10:46:47 +02:00
Trey Fortmuller 7b32ea9abb
nixos/cloudflare-warp: init 
Co-authored-by: John Titor <50095635+JohnRTitor@users.noreply.github.com>
removed `with lib;` at the top level
cleanup
 2024-07-10 22:48:57 +05:30
ocfox 86ce0733d2
nixos/realm: init 
Co-authored-by: Nick Cao <nickcao@nichi.co>
Co-authored-by: oluceps <i@oluceps.uk>
 2024-07-10 16:43:17 +02:00
Martin Joerg a85c314882 nixos/magic-wormhole-mailbox-server: use Python 3.11, adopt 
magic-wormhole-mailbox-server is not yet supported with Python 3.12.
https://github.com/magic-wormhole/magic-wormhole-mailbox-server/issues/41
 2024-07-09 22:22:56 +00:00
Martin Joerg 12de9a7469 nixos/magic-wormhole-mailbox-server: nixfmt 2024-07-09 22:22:56 +00:00
Franz Pletz f1d54d49b9
Merge pull request #325459 from numinit/nebula-module-tweaks 
nixos/nebula: support non-path host keys
 2024-07-09 16:59:35 +02:00
Franz Pletz 31c99a61da
Merge pull request #325286 from bjornfor/nixos-deconz-fix-service-stop 
nixos/deconz: treat SIGTERM exit status as success
 2024-07-09 15:07:36 +02:00
matthewcroughan c53e5201f4 nixos/scion: make storing path database optional 
Storing the SCION path sqlite databases persistently on disk is a valid
setup that improves performance, but may have outstanding bugs that need
to be investigated, so this makes persisent storage optional, off by
default.
 2024-07-08 13:26:30 +02:00
Morgan Jones de5e0cf11b
nixos/nebula: add numinit as maintainer 
I maintain the package and coauthored this module, so should be on it.
:-)
 2024-07-08 01:06:58 -07:00
Morgan Jones 95f1ebd2aa
nixos/nebula: loosen ProtectSystem 
"strict" may be too strict for some PKCS#11 providers.
 2024-07-08 01:04:15 -07:00
Morgan Jones b81827b992
nixos/nebula: allow string or path for keys 
Nebula will be getting PKCS#11 support soon, and this will allow
keys to be specified as PKCS#11 URIs instead of paths.
 2024-07-08 01:03:40 -07:00
Felix Buehler 72a4f148f9 nixos/bee: prefer 'install' over 'chmod' 2024-07-07 17:47:28 +02:00
Bjørn Forsman 5aab6344c2 nixos/deconz: treat SIGTERM exit status as success 
deconz doesn't handle SIGTERM and terminates with code 143 (128 + 15
(SIGTERM) instead of 0. This results in systemd marking the service as
failed when a user stops it (with `systemctl stop deconz`). Fix it by
treating code 143 as success.
 2024-07-07 16:11:11 +02:00
Aaron Andersen 6fa3ecdc73
Merge pull request #324464 from hraban/cloudflare-dyndns-frequency 
cloudflare-dyndns: configurable systemd frequency
 2024-07-04 21:02:43 -04:00
Masum Reza 9ec0508f83
Merge pull request #171855 from ju1m/prosody 
nixos/prosody: support mod_http_file_share
 2024-07-04 21:59:29 +05:30
Hraban Luyat 406351b470 cloudflare-dyndns: configurable systemd frequency 2024-07-03 22:50:45 -04:00
Tomas Kala 6930dd3dee nixos/blocky: Add an option for the package to be used 
Previously, the blocky package was hardcoded to the one in pkgs. This
change allows to set it, so the user can configure the blocky service to
run blocky from nixpkgs-unstable, for example.
 2024-07-03 13:42:34 +02:00
Thomas Gerbet 8ddb1bb721
Merge pull request #318599 from pacien/nixos-fcgiwrap-isolation 
nixos/fcgiwrap: refactor to fix permissions
 2024-07-02 21:52:33 +02:00
Sandro 15705830ce
Merge pull request #321061 from SomeoneSerge/prosody-logs 
nixos/prosody: provide an (internal) escape hatch for overriding the …
 2024-07-02 20:36:07 +02:00
Sandro 230c213fae
Merge pull request #314767 from Guanran928/mihomo 
nixos/mihomo: add assertion for configFile
 2024-07-02 20:27:36 +02:00
Cat ed1b6699c0
nixos/syncthing: implement folder type (#308832) 
* Syncthing: implemented folder type

* Syncthing: fix syntax (via @johnhamelink )

This commit should be rebased/squashed into the previous one if ofborg cleares it!

Co-authored-by: John Hamelink <me@johnhame.link>

---------

Co-authored-by: John Hamelink <me@johnhame.link>
 2024-07-02 19:49:03 +08:00
Janik H. 76cd1d2211 maintainers: drop janik 
I guess my time has come as well...

With this commit, I'm not just dropping my maintainer entry, but I'm also
resigning from my duties as a board observer and NixCon project lead.
I also terminated my Summer of Nix contract today.
I'll also stop hosting the local NixOS meetup.

The only "project" I'll finish under the NixOS Foundation umbrella is
Google Summer of Code because the mentees aren't even remotely
responsible for why I'm leaving, and it would be unfair to leave them
hanging.

I'm grateful for all the things I was able to learn, for all the experiences
I could gather, and for all the friends I made along the way.
NixOS is what makes computers bearable for me, so I'll go and work on
some fork (*something something* you always meet twice in life).
 2024-07-02 02:36:42 +02:00
Jasper Woudenberg 71e88077ca maintainers: remove jwoudenberg 2024-07-02 01:35:17 +02:00
Marcus Ramberg a449a2a14a
Merge pull request #321079 from res0Nanz/master 
nixos/cloudflared: fix links in doc
 2024-07-01 23:39:57 +02:00
pennae 5c5aaaaaae maintainers: remove pennae 
https://discourse.nixos.org/t/nca-jonringer-joint-announcement/48231
https://web.archive.org/web/20240701165505/https://discourse.nixos.org/t/nca-jonringer-joint-announcement/48231

we had little faith in the NCA process, but this is going deep, *deep*
into the territory of wilfully insulting all those had placed even a
modicum of trust in that process.

have you fucking nazi bar.
 2024-07-01 18:56:40 +02:00
Someone Serge 12c6d79e72 nixos/prosody: provide an escape hatch for overriding the logging configuration 2024-07-01 01:24:19 +00:00
tomberek 079457313a
Merge pull request #321930 from jtbx-prs/oink-after-network 
nixos/oink: wait for network.target
 2024-06-29 20:42:03 -04:00
Eman Lear 6c00b71662
Merge branch 'master' into master 2024-06-30 02:19:21 +08:00
Matthew Croughan d76ad79b4d
nixos/scion: use RuntimeDirectory instead of StateDirectory (#323200) 
It was wrong to use StateDirectory to keep the scion-control and
scion-router runtime databases on disk for the next run. I observed that
doing this means a reboot, or power outage can corrupt the temporary
runtime databases for the next service start, leading scion ping and
other functionality to stop working permanently, since those files are
not managed in an atomic manner by the golang code.
 2024-06-28 22:16:36 +02:00
Silvan Mosberger c8dec6df38
Merge pull request #322801 from eclairevoyant/discourage-mkpackageoptionmd 
lib: deprecate mkPackageOptionMD
 2024-06-27 20:15:08 +02:00
matthewcroughan 23c24527dc nixos/scion: add scion package when scion.enable = true 2024-06-27 11:52:04 +02:00
matthewcroughan 973108d3ed nixos/scion: use recursiveUpdate instead of // 2024-06-27 11:51:28 +02:00
éclairevoyant aeee4fc133
treewide: replace mkPackageOptionMD with mkPackageOption 2024-06-26 23:05:42 -04:00
Sandro 33f83c6252
Merge pull request #316977 from eclairevoyant/fix-mkEnableOption 
treewide: fix mkEnableOption usage
 2024-06-25 22:42:16 +02:00
Sandro 1813936aff
Merge pull request #272895 from xanderio/wg-access-server-0.10.1 
wg-access-server: init at 0.12.1
 2024-06-25 21:21:19 +02:00
Alexander Sieg 369cfec06d
nixos/wg-access-server: init module 2024-06-25 10:59:30 +02:00
Jonathan Davies 5ea0207b73
nixos/nats: Implemented configuration verification 2024-06-23 21:56:59 +01:00
Ryze 10962c7ca2
nixos/zerotierone: fix default value for localConf 2024-06-23 18:10:59 +03:00
Jeremy Baxter 923a86602e nixos/oink: wait for network.target 2024-06-23 21:34:40 +12:00
Gooxey d3140c11a5 nixos/antennas: removed WorkingDirectory setting 
Antennas could not start because the specifed directory did not exist
 2024-06-23 09:23:42 +02:00
euxane 3d10deb7a5 nixos/cgit: fix GIT_PROJECT_ROOT ownership 
The GIT_PROJECT_ROOT directory is now created at runtime instead of
being assembled at build time.

This fixes ownership issues which prevented those repositories to be
read by users other than root. This also avoids creating symlinks in
the nix store pointing to the outside.
 2024-06-22 19:45:25 +02:00
euxane 2d8626bf0a nixos/cgit: configurable user instead of root 
This allows running cgit instances using dedicated users instead of
root. This is now set to "cgit" by default.
 2024-06-22 19:45:25 +02:00
euxane c5dc3e2034 nixos/fcgiwrap: adapt consumer modules and tests 2024-06-22 19:45:25 +02:00
euxane 8101ae41f8 nixos/fcgiwrap: adapt consumer modules and tests 2024-06-22 19:45:25 +02:00
euxane bf2ad6f48c nixos/fcgiwrap: adapt consumer modules and tests 
This also fixes the gitolite-fcgiwrap test by running git through
fcgiwrap as the proper user.
 2024-06-22 19:45:25 +02:00
Jörg Thalheim 9f180c5438
Merge pull request #280517 from Mic92/zerotierone 
nixos/zerotierone: make localConf mergeable
 2024-06-21 15:32:05 +02:00
Jörg Thalheim 09ead1f6eb nixos/zerotierone: make localConf mergeable 2024-06-21 15:17:45 +02:00
Tom Hubrecht 938372e46e nixos/netbird: Remove thubrecht as maintainer 2024-06-21 09:32:46 +02:00
res0Nanz 16d8c11a33 nixos/networkd-dispatcher: fix links in doc 
Ill-formatted markdown links fixed.
 2024-06-20 00:52:12 +08:00
res0Nanz ae96067a6d nixos/cloudflared: fix links in doc 
Ill-formatted markdown links fixed.
 2024-06-20 00:49:01 +08:00
h7x4 4c7c3ceb12
nixosTests.wstunnel: init 
Co-authored-by: r-vdp <ramses@well-founded.dev>
 2024-06-18 11:07:06 +03:00
r-vdp 53e7bea45c
nixos/wstunnel: update the wstunnel module to work with the new rust implementation 
Co-authored-by: h7x4 <h7x4@nani.wtf>
 2024-06-18 11:07:06 +03:00
Tim Häring 7a7060c5bf
nixos/aria2: fix missing default 2024-06-15 12:55:06 +02:00
Tim Häring f6d3113164
nixos/aria2: fix remove not needed code 2024-06-15 12:51:29 +02:00
éclairevoyant 7d8742da87
treewide: fix mkEnableOption usage 2024-06-14 02:41:42 -04:00
Nick Cao 06b68ac5a3
Merge pull request #317840 from NeverBehave/pkg-ws-tunnel-rust 
wstunnel: 0.5.1.0 -> 9.6.1
 2024-06-13 13:31:08 -04:00
NeverBehave 3fb0e045a5 nixos/wstunnel: adopt rust new cli flags 2024-06-13 00:58:02 +00:00
Pol Dellaiera 7d270d53b9
Merge pull request #303429 from timhae/aria2-module 
Aria2 module settings
 2024-06-12 19:23:44 +02:00
Sean Buckley 36175fb9ad nixos/wireless: fix quotes in config path 2024-06-11 20:45:04 -04:00
Sandro da3214b120
Merge pull request #309551 from aca/master 2024-06-10 15:48:32 +02:00
Weijia Wang 9520d06979
Merge pull request #266450 from CRTified/adguardhome-fix-246461 
nixos/adguardhome: run --check-config before merging
 2024-06-10 12:46:26 +02:00
Guanran928 e27092e106
metacubexd: init at 1.140.0 (#297721) 
* metacubexd: init at 1.140.0

* nixos/mihomo: add example for cfg.webui
 2024-06-10 12:45:19 +02:00
Florian Klink 6a3a382d5b nixos/mycelium: add mycelium binary to systemPackages 
It's now possible to invoke `mycelium {routes,peers} list`.
 2024-06-08 15:01:32 +03:00
Thomas Churchman d226935fd7 nixos/ddclient: deprecate use, implement use{v4,v6} 
Upstream replaced `use` with `use{v4,v6}`:
4a1b06630b/ChangeLog.md (new-features)
 2024-06-07 17:28:25 +02:00
Keith Pine 6fda200fa4 nixos/inadyn: fix cache directory path 
The CacheDirectory subdirectory is already part of $CACHE_DIRECTORY.
 2024-06-07 09:03:24 +02:00
PatrickDaG 0fdf6e2917
nixos/netbird: fix defaults (#314656) 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2024-06-07 00:02:06 +02:00
rnhmjoj 3c12ef3f21
nixos/firewall: fix reverse path check failures with IPsec 
The endpoint of an IPsec tunnel receives encrypted IPsec packets that
are first decrypted and then forwarded to the intended destination.
The decrypted traffic appears to originate from the same interface it
came in from, so in most cases these packets will fail the reverse path
check even if legitimate.

This change adds an exception to not reject packets that were previously
IPsec-encrypted, meaning the have been accepted, decrypted and are in
the process of being forwarded to their final destinal.

Sources:

  - https://www.kernel.org/doc/Documentation/networking/xfrm_device.txt
  - https://git.netfilter.org/nftables/commit/?id=49f6e9a846c6c8325b95debe04d5ebc3c01246fb
  - https://git.netfilter.org/nftables/commit/?id=8f55ed41d007061bd8aae94fee2bda172c0e8996
  - https://thermalcircle.de/doku.php?id=blog:linux:nftables_demystifying_ipsec_expressions
 2024-06-05 15:18:35 +02:00
Thomas Gerbet ef6fea2d86 openssh: move Kerberos support into a dedicated package 
The `openssh` and `openssh_hpn` packages are now built without
the Kerberos support by default in an effort to reduce the attack surface.

The Kerberos support is likely used only by a fraction of the total users
(I'm guessing mainly users integrating SSH in an Active Directory env) so
dropping it should not impact too many users. It should also be noted that
the Kerberos/GSSAPI auth is disabled by default in the configuration.
`opensshWithKerberos` and `openssh_hpnWithKerberos` are added in order
to provide an easy migration path for users needing this support.

The `openssh_gssapi` package is kept untouched.
 2024-06-05 19:45:31 +10:00
Sandro Jäckel 41452802cb
treewide: fix all obviously wrong mkEnableOptions 2024-06-03 13:20:32 +02:00
Guanran Wang 818fe57b73
nixos/mihomo: format using nixfmt 2024-06-03 10:20:58 +08:00
Guanran Wang f1034cab06
nixos/mihomo: drop default value from cfg.configFile 2024-06-03 10:20:58 +08:00
Ryan Horiguchi ea63e59edc nixos/adguardhome: fix typo 2024-06-02 21:01:11 +02:00
Sandro c6c60cca65
Merge pull request #315112 from sikmir/git-daemon 2024-06-02 17:08:43 +02:00
Julien Moutinho d4954e0df2 nixos/prosody: support mod_http_file_share 2024-06-01 22:23:20 +02:00
Luflosi 8e945401d5
bind: make systemd service wait for BIND to be ready 
Without this change, the systemd unit will be marked as ready even though BIND has not finished starting yet.
This causes other units that depend on BIND to start even though BIND is not ready yet.
From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900788: "Bind9 will daemonize itself _when it is ready_."

Also modify the NixOS test. With this change, waiting for the unit alone will ensure that BIND is ready to accept queries. I would have expected to see the test failing without this commit but with the `machine.wait_for_open_port(53)` line removed but I found this to not be the case most of the time. This is probably the case because the situation is inherently racy and on my machine BIND happens to start in time most of the time.
 2024-05-31 13:33:29 +02:00
Franz Pletz 4e1b4397d9
Merge pull request #312472 from Ma27/networkd-option-rename 
nixos/networkd: get rid of *Config attributes in lists
 2024-05-30 04:06:01 +02:00
Martin Weinelt e0f4e4b535
Merge pull request #274425 from woffs/fix-274286 
nixos/frr: adapt to frr-9
 2024-05-30 02:33:26 +02:00
lassulus d6f07be682
Merge pull request #314889 from DavHau/pr_sshd 
nixos/openssh: allow removing settings
 2024-05-30 01:01:07 +02:00
Frank Doepper 4df955130e nixos/frr: adapt to frr-9 
- fix #274286
- remove `-f configfile` from ExecStart
- use /etc/frr/${service}d.conf
- enable mgmtd when staticd is enabled
- don't frr-reload.py mgmtd
- remove obsolete lib.mdDoc
 2024-05-29 11:07:39 +02:00
Nikolay Korotkiy ecddd99c6a
nixos/gitDaemon: add package option 2024-05-27 18:50:15 +04:00
Thomas Gerbet 00015f3ef9
Merge pull request #309036 from tomfitzhenry/sshd-package 
nixos/ssh: add services.openssh.package
 2024-05-27 09:40:31 +02:00
DavHau 3fe773a174 nixos/openssh: allow removing settings 
# Motivation
So far it was not possible to configure sshd to allow password authentication only for a specific user. This is because in the generated config a `Match User xxx` section would be required before the global `PasswordAuthentication` is defined, as otherwise the global option always takes precedence.
The same problem occurs with multiple other options under `settings`.

# Done
This PR fixes that issue for all settings by simply allowing them to be overridden with `null`, which leads to a removal of that setting from the config.
The user can then correctly configure user specific settings using extraConfig, like this:
```
    Match User user1
    PasswordAuthentication yes
    Match all
    PasswordAuthentication no
```
 2024-05-26 18:46:27 +02:00