| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
| |
Peviously only the timesyncd systemd unit was disabled. This meant
that when you activate a system that has chronyd enabled the following
strange startup behaviour takes place:
systemd[1]: Starting chrony NTP daemon...
systemd[1]: Stopping Network Time Synchronization...
systemd[1]: Stopped chrony NTP daemon.
systemd[1]: Starting Network Time Synchronization...
|
|\
| |
| | |
[RDY] Owamp : Get one way (network) latencies between synchronized computers
|
| |
| |
| |
| |
| | |
You can retrieve the one way latency between your client and the remote
host via owping.
|
| | |
|
| | |
|
|\ \
| | |
| | | |
nixos/dnsdist: init module
|
| | | |
|
| | | |
|
| | |
| | |
| | | |
to prevent "cannot coerce null to string" raise before the assertions are checked
|
| | | |
|
| | | |
|
| | |
| | |
| | | |
create symlink /etc/ssh/sshd_config
|
| | |
| | |
| | |
| | |
| | |
| | | |
[x] Support transparent proxying. This means services behind sslh (Apache, sshd and so on) will see the external IP and ports as if the external world connected directly to them.
[x] Run sslh daemon as unprivileged user instead of root (it is not only for security, transparent proxying requires it)
[x] Removed pidFile support (it is not compatible with running sslh daemon as unprivileged user)
[x] listenAddress default changed from "config.networking.hostName" (which resolves to meaningless "127.0.0.1" as with current /etc/hosts production) to "0.0.0.0" (all addresses)
|
|\ \ \
| | | |
| | | | |
morty: init -> 0.2.0
|
| | |/
| |/| |
|
|\ \ \
| | | |
| | | | |
[RDY] openntpd: make -s flag work
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
after seeing
`adjtime failed: Invalid argument` in my syslog, I tried using
`ntpd -s` but it would trigger
`/etc/ntpd.conf: No such file or directory`
see https://github.com/NixOS/nixpkgs/issues/31885
Instead of running the daemon with a specific config file, use the
standard file so that user are able to use the ntp executable without
having to look for the current config file.
|
|\ \ \ \
| | | | |
| | | | | |
sshd: add custom options
|
| | | | | |
|
| | | | | |
|
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
BIND doesn't allow the options section (or any section I'd guess) to be
defined more than once, so whenever you want to set an additional option
you're stuck using weird hacks like this:
services.bind.forwarders = lib.mkForce [ "}; empty-zones-enable no; #" ];
This basically exploits the fact that values coming from the module
options aren't escaped and thus works in a similar vain to how SQL
injection works.
Another option would be to just set configFile to a file that includes
all the options, including zones. That obviously makes the configuration
way less extensible and more awkward to use with the module system.
To make sure this change does work correctly I added a small test just
for that. The test could use some improvements, but better to have a
test rather than none at all. For a future improvement the test could be
merged with the NSD test, because both use the same zone file format.
This change has been reviewed in #40053 and after not getting any
opposition, I'm hereby adding this to master.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @peti, @edolstra
Closes: #40053
|
|\ \ \ \
| | | | |
| | | | | |
nixos/dnscrypt-proxy: fix apparmor profile and test
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Test failed because of an incomplete apparmor profile.
- fix apparmor profile
- improve test timing, prevent non-deterministic failure
|
|/ / / /
| | | |
| | | |
| | | | |
service failed to start because of MemoryDenyWriteExecute = true,
which seems not to work on i686
|
|/ / /
| | |
| | |
| | |
| | |
| | | |
Wireguard is now split into two pretty much independent packages:
`wireguard` (Linux-specific kernel module) and `wireguard-tools`,
which is cross-platform.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* networking/stubby.nix: implementing systemd service module for stubby
This change implements stubby, the DNS-over-TLS stub resolver daemon.
The motivation for this change was the desire to use stubby's
DNS-over-TLS funcitonality in tandem with unbound, which requires
passing certain configuration parameters. This module implements those
config parameters by exposing them for use in configuration.nix.
* networking/stubby.nix: merging back module list
re-merging the module list to remove unecessary changes.
* networking/stubby.nix: removing unecessary capabilities flag
This change removes the unecessary flag for toggling the capabilities
which allows the daemon to bind to low ports.
* networking/stubby.nix: adding debug level logging bool
Adding the option to turn on debug logging.
* networking/stubby.nix: clarifying idleTimeout and adding systemd target
Improving docs to note that idleTimeout is expressed in ms. Adding the
nss-lookup `before' target to the systemd service definition.
* networking/stubby.nix: Restrict options with types.enum
This change restricts fallbackProtocol and authenticationMode to accept
only valid options instead of any list or str types (respectively). This
change also fixes typo in the CapabilityBoundingSet systemd setting.
* networking/stubby.nix: cleaning up documentation
Cleaning up docs, adding literal tags to settings, and removing
whitespace.
* networking/stubby.nix: fixing missing linebreak in comments
* networking/stubby.nix: cleaning errant comments
|
| | | |
|
|\ \ \
| | | |
| | | | |
nixos/gnunet: create switch for package.
|
| | | | |
|
|/ / / |
|
|\ \ \
| | | |
| | | | |
nixos/keepalived: Implemented vrrp-instance track scripts and track interfaces
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Tracking scripts in particular, cannot be included in extraOpts, because script declaration has to be above script usage in keepalived.conf.
Changes are fully backward compatible.
|
|/ / / |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When trying to run NSD to serve the root zone, one gets the following
error message:
error: illegal name: '.'
This is because the name of the zone is used as the derivation name for
building the zone file. However, Nix doesn't allow derivation names
starting with a period.
So whenever the zone is "." now, the file name generated is "root"
instead of ".".
I also added an assertion that makes sure the user sets
services.nsd.rootServer, otherwise NSD will fail at runtime because it
prevents serving the root zone without an explicit compile-time option.
Tested this by adding a root zone to the "nsd" NixOS VM test.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @hrdinka, @qknight
|
|\ \ \
| | | |
| | | | |
matterbridge module: add configPath option as a workaround, waiting for nix encryption
|
| | | |
| | | |
| | | |
| | | | |
encryption
|
|\ \ \ \
| | | | |
| | | | | |
nixos/minidlna: add loglevel config
|
| | | | | |
|
|\ \ \ \ \
| |_|_|/ /
|/| | | | |
firewall service: run stop commands in reload
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Do cleanup of user-created additional rules.
Of course it'd be much better to just use iptables-{save,restore} for
declarative management, but as it's still not there...
|
| |_|_|/
|/| | | |
|
|\ \ \ \
| | | | |
| | | | | |
Improve cross referencing in NixOS Manual
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Ubiquiti has both a LTS and current version of their Unifi controller software.
The latter adds new features, but may drop support for some devices.
This adds the capability to use either for the unifi module but defaults
to the LTS version, which was the previous behavior.
|
| | | | |
| | | | |
| | | | |
| | | | | |
Log to journald via syslog by default; also improve option type.
|
| | | | |
| | | | |
| | | | |
| | | | | |
Normal exit code shouldn't result in a restart.
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
nixos/hans: init
|
| | | | | | |
|
| | | | | | |
|