about summary refs log tree commit diff
path: root/nixos/modules/services/networking
Commit message (Collapse)AuthorAge
* chrony: disable the whole timesyncd module when chronyd is enabledBas van Dijk2018-06-22
| | | | | | | | | | | Peviously only the timesyncd systemd unit was disabled. This meant that when you activate a system that has chronyd enabled the following strange startup behaviour takes place: systemd[1]: Starting chrony NTP daemon... systemd[1]: Stopping Network Time Synchronization... systemd[1]: Stopped chrony NTP daemon. systemd[1]: Starting Network Time Synchronization...
* Merge pull request #41485 from teto/owampMatthew Justin Bauer2018-06-20
|\ | | | | [RDY] Owamp : Get one way (network) latencies between synchronized computers
| * owamp: adding moduleMatthieu Coudron2018-06-05
| | | | | | | | | | You can retrieve the one way latency between your client and the remote host via owping.
* | nixos/networkmanager: add extraConfigYegor Timoshenko2018-06-18
| |
* | nixos/xrdp: add fonts.enableDefaultFontsvolth2018-06-17
| |
* | Merge pull request #37289 from disassembler/dnsdistxeji2018-06-13
|\ \ | | | | | | nixos/dnsdist: init module
| * | nixos/dnsdist: initial serviceSamuel Leathers2018-05-02
| | |
* | | nixos/tinc: minor fixesvolth2018-06-12
| | |
* | | nixos/nat: optional networking.nat.externalInterface (#41864)volth2018-06-12
| | | | | | | | | to prevent "cannot coerce null to string" raise before the assertions are checked
* | | nixos/unbound: add restart (#41885)volth2018-06-12
| | |
* | | nixos/nat: optional networking.nat.externalInterface (#41758)volth2018-06-10
| | |
* | | sshd: change location of config file (#41744)Izorkin2018-06-10
| | | | | | | | | create symlink /etc/ssh/sshd_config
* | | nixos/sslh: add transparent proxying support (#41412)volth2018-06-09
| | | | | | | | | | | | | | | | | | [x] Support transparent proxying. This means services behind sslh (Apache, sshd and so on) will see the external IP and ports as if the external world connected directly to them. [x] Run sslh daemon as unprivileged user instead of root (it is not only for security, transparent proxying requires it) [x] Removed pidFile support (it is not compatible with running sslh daemon as unprivileged user) [x] listenAddress default changed from "config.networking.hostName" (which resolves to meaningless "127.0.0.1" as with current /etc/hosts production) to "0.0.0.0" (all addresses)
* | | Merge pull request #34886 from leenaars/mortyproxyJoachim F2018-06-02
|\ \ \ | | | | | | | | morty: init -> 0.2.0
| * | | morty: init as serviceMichiel Leenaars2018-05-30
| | |/ | |/|
* | | Merge pull request #40171 from teto/ntpMatthew Justin Bauer2018-06-01
|\ \ \ | | | | | | | | [RDY] openntpd: make -s flag work
| * | | openntpd: make -s flag workMatthieu Coudron2018-05-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | after seeing `adjtime failed: Invalid argument` in my syslog, I tried using `ntpd -s` but it would trigger `/etc/ntpd.conf: No such file or directory` see https://github.com/NixOS/nixpkgs/issues/31885 Instead of running the daemon with a specific config file, use the standard file so that user are able to use the ntp executable without having to look for the current config file.
* | | | Merge pull request #40692 from Izorkin/sshdMatthew Justin Bauer2018-06-01
|\ \ \ \ | | | | | | | | | | sshd: add custom options
| * | | | sshd: add custom optionsIzorkin2018-05-19
| | | | |
* | | | | dnscrypt-proxy: make man 8 dnscrypt-proxy work (#41039)coretemp2018-05-31
| | | | |
* | | | | nixos/bind: Allow to set extra optionsaszlig2018-05-30
| |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BIND doesn't allow the options section (or any section I'd guess) to be defined more than once, so whenever you want to set an additional option you're stuck using weird hacks like this: services.bind.forwarders = lib.mkForce [ "}; empty-zones-enable no; #" ]; This basically exploits the fact that values coming from the module options aren't escaped and thus works in a similar vain to how SQL injection works. Another option would be to just set configFile to a file that includes all the options, including zones. That obviously makes the configuration way less extensible and more awkward to use with the module system. To make sure this change does work correctly I added a small test just for that. The test could use some improvements, but better to have a test rather than none at all. For a future improvement the test could be merged with the NSD test, because both use the same zone file format. This change has been reviewed in #40053 and after not getting any opposition, I'm hereby adding this to master. Signed-off-by: aszlig <aszlig@nix.build> Cc: @peti, @edolstra Closes: #40053
* | | | Merge pull request #40801 from xeji/test/dnscrypt-proxySamuel Leathers2018-05-19
|\ \ \ \ | | | | | | | | | | nixos/dnscrypt-proxy: fix apparmor profile and test
| * | | | nixos/dnscrypt-proxy: fix apparmor profile and testUli Baum2018-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test failed because of an incomplete apparmor profile. - fix apparmor profile - improve test timing, prevent non-deterministic failure
* | | | | nixos/cjdns: fix service for i686 (#40740)xeji2018-05-20
|/ / / / | | | | | | | | | | | | service failed to start because of MemoryDenyWriteExecute = true, which seems not to work on i686
* / / / wireguard: Enable tools on other platformsKirill Elagin2018-05-19
|/ / / | | | | | | | | | | | | | | | Wireguard is now split into two pretty much independent packages: `wireguard` (Linux-specific kernel module) and `wireguard-tools`, which is cross-platform.
* | | Add stubby resolver daemon service module (#38667)baroncharlus2018-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * networking/stubby.nix: implementing systemd service module for stubby This change implements stubby, the DNS-over-TLS stub resolver daemon. The motivation for this change was the desire to use stubby's DNS-over-TLS funcitonality in tandem with unbound, which requires passing certain configuration parameters. This module implements those config parameters by exposing them for use in configuration.nix. * networking/stubby.nix: merging back module list re-merging the module list to remove unecessary changes. * networking/stubby.nix: removing unecessary capabilities flag This change removes the unecessary flag for toggling the capabilities which allows the daemon to bind to low ports. * networking/stubby.nix: adding debug level logging bool Adding the option to turn on debug logging. * networking/stubby.nix: clarifying idleTimeout and adding systemd target Improving docs to note that idleTimeout is expressed in ms. Adding the nss-lookup `before' target to the systemd service definition. * networking/stubby.nix: Restrict options with types.enum This change restricts fallbackProtocol and authenticationMode to accept only valid options instead of any list or str types (respectively). This change also fixes typo in the CapabilityBoundingSet systemd setting. * networking/stubby.nix: cleaning up documentation Cleaning up docs, adding literal tags to settings, and removing whitespace. * networking/stubby.nix: fixing missing linebreak in comments * networking/stubby.nix: cleaning errant comments
* | | nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1Jan Malakhovski2018-05-12
| | |
* | | Merge pull request #39681 from pstn/gnunet-serviceRobert Schütz2018-05-11
|\ \ \ | | | | | | | | nixos/gnunet: create switch for package.
| * | | nixos/gnunet: create switch for package.Philipp Steinpass2018-05-11
| | | |
* | | | hostapd: remove assertion (allow 5GHz channels)Yegor Timoshenko2018-05-11
|/ / /
* | | Merge pull request #39671 from johanot/keepalived-vrrpInstanceTrackingSarah Brofeldt2018-05-09
|\ \ \ | | | | | | | | nixos/keepalived: Implemented vrrp-instance track scripts and track interfaces
| * | | nixos/keepalived: Implemented vrrp-instance tracking scripts and interfaces.Johan Thomsen2018-05-08
| | | | | | | | | | | | | | | | | | | | Tracking scripts in particular, cannot be included in extraOpts, because script declaration has to be above script usage in keepalived.conf. Changes are fully backward compatible.
* | | | NetworkManager: add noDns optionjD91mZM22018-05-08
|/ / /
* | | nixos/nsd: Allow to configure root zoneaszlig2018-05-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When trying to run NSD to serve the root zone, one gets the following error message: error: illegal name: '.' This is because the name of the zone is used as the derivation name for building the zone file. However, Nix doesn't allow derivation names starting with a period. So whenever the zone is "." now, the file name generated is "root" instead of ".". I also added an assertion that makes sure the user sets services.nsd.rootServer, otherwise NSD will fail at runtime because it prevents serving the root zone without an explicit compile-time option. Tested this by adding a root zone to the "nsd" NixOS VM test. Signed-off-by: aszlig <aszlig@nix.build> Cc: @hrdinka, @qknight
* | | Merge pull request #39455 from Ekleog/matterbridge-configfileJoachim F2018-05-06
|\ \ \ | | | | | | | | matterbridge module: add configPath option as a workaround, waiting for nix encryption
| * | | matterbridge module: add configPath option as a workaround, waiting for nix ↵Léo Gaspard2018-04-25
| | | | | | | | | | | | | | | | encryption
* | | | Merge pull request #38622 from obadz/minidlna-modulexeji2018-05-06
|\ \ \ \ | | | | | | | | | | nixos/minidlna: add loglevel config
| * | | | minidlna nixos module: add loglevel configobadz2018-04-09
| | | | |
* | | | | Merge pull request #39055 from abbradar/reload-stopxeji2018-05-05
|\ \ \ \ \ | |_|_|/ / |/| | | | firewall service: run stop commands in reload
| * | | | firewall service: run stop commands in reloadNikolay Amiantov2018-04-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do cleanup of user-created additional rules. Of course it'd be much better to just use iptables-{save,restore} for declarative management, but as it's still not there...
* | | | | ndppd module: init (#35533)gnidorah2018-05-05
| |_|_|/ |/| | |
* | | | Merge pull request #38831 from rdnetto/improve-cross-refsGraham Christensen2018-04-30
|\ \ \ \ | | | | | | | | | | Improve cross referencing in NixOS Manual
| * | | | Added cross-references to NixOS manualReuben D'Netto2018-04-12
| | | | |
* | | | | unifi, nixos/unifi: support LTS (5.6.36) and release (5.7.20)Badi Abdul-Wahid2018-04-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ubiquiti has both a LTS and current version of their Unifi controller software. The latter adds new features, but may drop support for some devices. This adds the capability to use either for the unifi module but defaults to the LTS version, which was the previous behavior.
* | | | | dante service: default for logoutputNikolay Amiantov2018-04-26
| | | | | | | | | | | | | | | | | | | | Log to journald via syslog by default; also improve option type.
* | | | | dante service: restart only on failureNikolay Amiantov2018-04-26
| | | | | | | | | | | | | | | | | | | | Normal exit code shouldn't result in a restart.
* | | | | nixos/hans, nixos/iodine: fix passwordFile attributegnidorah2018-04-23
| | | | |
* | | | | Merge pull request #36734 from gnidorah/hansMatthew Justin Bauer2018-04-23
|\ \ \ \ \ | | | | | | | | | | | | nixos/hans: init
| * | | | | hans: rename optiongnidorah2018-03-28
| | | | | |
| * | | | | hans, iodine: correct scriptgnidorah2018-03-28
| | | | | |
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-08 10:46:55 +0000