| Commit message (Collapse) | Author | Age |
| |
|
|\
| |
| | |
radicale: update to version 2
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit readds and updates the 1.x package from 1.1.4 to 1.1.6 which
also includes the needed command for migrating to 2.x
The module is adjusted to the version change, defaulting to radicale2 if
stateVersion >= 17.09 and radicale1 otherwise. It also now uses
ExecStart instead of the script service attribute. Some missing dots at
the end of sentences were also added.
I added a paragraph in the release notes on how to update to a newer
version.
|
| |
| |
| |
| | |
Now uses the upstream systemd unit which adds lots of hardening flags.
|
|\ \
| | |
| | | |
nixos: i2pd: bits and pieces
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
|\ \
| |/
|/| |
firefox syncserver service: run as non-root user by default
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
Couple of changes:
- move home to /var/lib/ddclient so we can enable ProtectSystem=full
- do not stick binary into systemPackages as it will only run as a daemon
- run as dedicated user/group
- document why we cannot run as type=forking (output is swallowed)
- secure things by running with ProtectSystem and PrivateTmp
- .pid file goes into /run/ddclient
- let nix create the home directory instead of handling it manually
- make the interval configurable
|
|\
| |
| | |
firefox syncserver service: fix PYTHONPATH
|
| | |
|
|\ \
| | |
| | | |
nixos/mosquitto: Fix instructions for password gen
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes https://github.com/NixOS/nixpkgs/issues/27996.
Updates instructions for generating hashes passwords for use in a
Mosquitto password file. Using `mosquitto_passwd` to generate these
hashes is a little less convenient, but the results are more likely to
be compatible with the mosquitto daemon.
As far as I can tell, the hashes generated with `mkpassd` did not work
as intended. But this may have been hidden by another bug:
https://github.com/NixOS/nixpkgs/issues/27130.
|
|\ \
| | |
| | | |
wireguard: add per-peer routing table option
|
| | |
| | |
| | | |
Do the right thing, and use multiple interfaces for policy routing. For example, WireGuard interfaces do not allow multiple routes for the same CIDR range.
|
| | |
| | |
| | | |
Most users will be served well by the default "table" setting ("main").
|
| |/
| |
| | |
This adds a convenient per-peer option to set the routing table that associated routes are added to. This functionality is very useful for isolating interfaces from the kernel's global routing and forcing all traffic of a virtual interface (or a group of processes, via e.g. "ip rule add uidrange 10000-10009 lookup 42") through Wireguard.
|
|\ \
| | |
| | | |
nixos/tinc: do not tell systemd where is pidfile
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
```Tinc```'s pid file has more info than just a pid
```
# cat /run/tinc.dmz.pid
12209 7BD4A657B4A04364D268D188A0F4AA972A05247D802149246BBE1F1E689CABA1 127.0.0.1 port 656
```
so ```systemd``` fails to parse it.
It results in long (re)start times when ```systemd``` waits for a correct pid file to appear.
|
|/ / |
|
| |
| |
| | |
Follow up https://github.com/NixOS/nixpkgs/pull/27756: tinc daemon may also create new files in ```/etc/tinc/$network/hosts```
|
|\ \
| |/
|/| |
networkmanager service: use unbound if enabled
|
| | |
|
|/
|
|
| |
This commit adds an option to allow udp port forwarding (see #24894).
|
|
|
|
|
| |
Dead and does not build with openssl 1.1.
Debian has removed it, too.
|
|
|
|
|
| |
Our controller was acting very sluggish at times and increasing
available RAM for the JVM fixes this.
|
| |
|
|
|
|
| |
Fixes #27510
|
| |
|
| |
|
|
|
| |
```restartTriggers``` pointed to the constant files in ```/nix/store/``` and had to effect.
|
| |
|
|
|
|
| |
Now user can execute e.g. "sudo tinc.netname dump nodes"
|
|
|
|
| |
use replace to make it succeed
|
|\
| |
| | |
coturn: allow use of ports < 1024
|
| | |
|
| |
| |
| | |
* wireguard: allow not storing private keys in world-readable /nix/store
|
| |
| |
| |
| |
| |
| |
| |
| | |
The systemd service file shipped with strongswan has strongswan started after `network-online`. It turns out that this is for good reason: failure to connect on boot otherwise.
See this thread on the mailing list, which my colleague initiated after finding that our NixOS strongswan config wouldn't connect on boot:
https://lists.strongswan.org/pipermail/users/2017-January/010359.html
Tested on a local config (which has the strongswan service config overridden).
|
|\ \
| | |
| | | |
bitlbee service: Add option to load libpurple plugins into bitlbee
|
| | | |
|
| | |
| | |
| | |
| | | |
should not be mistaken
|
|\ \ \
| |/ /
|/| | |
networkmanager service: use resolved if enabled
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* lib: introduce imap0, imap1
For historical reasons, imap starts counting at 1 and it's not
consistent with the rest of the lib.
So for now we split imap into imap0 that starts counting at zero and
imap1 that starts counting at 1. And imap is marked as deprecated.
See https://github.com/NixOS/nixpkgs/commit/c71e2d42359f9900ea2c290d141c0d606471da16#commitcomment-21873221
* replace uses of lib.imap
* lib: move imap to deprecated.nix
|