| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |\
| |
| | |
nixos: Add more ssh-keygen params
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
znc: add uriPrefix option
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allows the ZNC web interface to be hosted behind a reverse proxy as a
subdirectory.
https://wiki.znc.in/Reverse_Proxy#As_subdirectory
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows non-privileged users to configure local DNS
entries by editing hosts files read by NetworkManager's dnsmasq
instance.
Cherry-picked from e6c3d5a507909c4e0c0a5013040684cce89c35ce and
5a566004a2b12c3d91bf0acdb704f1b40770c28f.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
The deep merge caused all the options to be unset when generating docs, unless quagga was enabled.
Using imports, instead, properly allows the documentation to be generated.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
murmur service: prevent silent launch failure by waiting until network is available
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
nixos/firewall: per-interface port options
|
| | | | | | |
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
tree-wide: users.extraUsers -> users.users, users.extraGroups -> users.groups
|
| | | | | | |
|
| | | | | | |
|
| |\ \ \ \ \
| |/ / / /
|/| | | | |
hostapd: use WPA2 instead of WPA1 by default
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Rather than special-casing the dns options in networkmanager.nix, use
the module system to let unbound and systemd-resolved contribute to
the newtorkmanager config.
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since ZT v1.2.8:
ZT interface names are no longer named zt<sequence number>.
Instead they are by default named zt<network hash>.
https://www.zerotier.com/blog/2018-05-04-128.shtml
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Commit 401370287a9b74fc18539fe9c0bdc7ac9df9cf22 introduced a small error
where the closing tag of <literal/> was an opening tag instead.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @basvandijk, @xeji
|
| |\ \ \ \
| | | | |
| | | | | |
strongswan-swanctl: adapt options to strongswan-5.6.3
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This time there was only one change between 5.6.2..5.6.3:
https://github.com/strongswan/strongswan/commit/2c7a4b07045786ee493021020e2ad5bd6bb4d045
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Peviously only the timesyncd systemd unit was disabled. This meant
that when you activate a system that has chronyd enabled the following
strange startup behaviour takes place:
systemd[1]: Starting chrony NTP daemon...
systemd[1]: Stopping Network Time Synchronization...
systemd[1]: Stopped chrony NTP daemon.
systemd[1]: Starting Network Time Synchronization...
|
| |\ \ \ \
| | | | |
| | | | | |
[RDY] Owamp : Get one way (network) latencies between synchronized computers
|
| | |/ / /
| | | |
| | | |
| | | |
| | | | |
You can retrieve the one way latency between your client and the remote
host via owping.
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
nixos/dnsdist: init module
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | |
| | | | | |
to prevent "cannot coerce null to string" raise before the assertions are checked
|
| | | | | | |
|
| | | | | | |
|
| | |_|_|/
|/| | |
| | | | |
create symlink /etc/ssh/sshd_config
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[x] Support transparent proxying. This means services behind sslh (Apache, sshd and so on) will see the external IP and ports as if the external world connected directly to them.
[x] Run sslh daemon as unprivileged user instead of root (it is not only for security, transparent proxying requires it)
[x] Removed pidFile support (it is not compatible with running sslh daemon as unprivileged user)
[x] listenAddress default changed from "config.networking.hostName" (which resolves to meaningless "127.0.0.1" as with current /etc/hosts production) to "0.0.0.0" (all addresses)
|
| |\ \ \ \
| | | | |
| | | | | |
morty: init -> 0.2.0
|
| | | |/ /
| |/| | |
|
| |\ \ \ \
| | | | |
| | | | | |
[RDY] openntpd: make -s flag work
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
after seeing
`adjtime failed: Invalid argument` in my syslog, I tried using
`ntpd -s` but it would trigger
`/etc/ntpd.conf: No such file or directory`
see https://github.com/NixOS/nixpkgs/issues/31885
Instead of running the daemon with a specific config file, use the
standard file so that user are able to use the ntp executable without
having to look for the current config file.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
sshd: add custom options
|
| | | | | | | |
|
| | | | | | | |
|
| | |_|/ / /
|/| | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
BIND doesn't allow the options section (or any section I'd guess) to be
defined more than once, so whenever you want to set an additional option
you're stuck using weird hacks like this:
services.bind.forwarders = lib.mkForce [ "}; empty-zones-enable no; #" ];
This basically exploits the fact that values coming from the module
options aren't escaped and thus works in a similar vain to how SQL
injection works.
Another option would be to just set configFile to a file that includes
all the options, including zones. That obviously makes the configuration
way less extensible and more awkward to use with the module system.
To make sure this change does work correctly I added a small test just
for that. The test could use some improvements, but better to have a
test rather than none at all. For a future improvement the test could be
merged with the NSD test, because both use the same zone file format.
This change has been reviewed in #40053 and after not getting any
opposition, I'm hereby adding this to master.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @peti, @edolstra
Closes: #40053
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
nixos/dnscrypt-proxy: fix apparmor profile and test
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Test failed because of an incomplete apparmor profile.
- fix apparmor profile
- improve test timing, prevent non-deterministic failure
|
| |/ / / / /
| | | | |
| | | | |
| | | | | |
service failed to start because of MemoryDenyWriteExecute = true,
which seems not to work on i686
|
| |/ / / /
| | | |
| | | |
| | | |
| | | |
| | | | |
Wireguard is now split into two pretty much independent packages:
`wireguard` (Linux-specific kernel module) and `wireguard-tools`,
which is cross-platform.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* networking/stubby.nix: implementing systemd service module for stubby
This change implements stubby, the DNS-over-TLS stub resolver daemon.
The motivation for this change was the desire to use stubby's
DNS-over-TLS funcitonality in tandem with unbound, which requires
passing certain configuration parameters. This module implements those
config parameters by exposing them for use in configuration.nix.
* networking/stubby.nix: merging back module list
re-merging the module list to remove unecessary changes.
* networking/stubby.nix: removing unecessary capabilities flag
This change removes the unecessary flag for toggling the capabilities
which allows the daemon to bind to low ports.
* networking/stubby.nix: adding debug level logging bool
Adding the option to turn on debug logging.
* networking/stubby.nix: clarifying idleTimeout and adding systemd target
Improving docs to note that idleTimeout is expressed in ms. Adding the
nss-lookup `before' target to the systemd service definition.
* networking/stubby.nix: Restrict options with types.enum
This change restricts fallbackProtocol and authenticationMode to accept
only valid options instead of any list or str types (respectively). This
change also fixes typo in the CapabilityBoundingSet systemd setting.
* networking/stubby.nix: cleaning up documentation
Cleaning up docs, adding literal tags to settings, and removing
whitespace.
* networking/stubby.nix: fixing missing linebreak in comments
* networking/stubby.nix: cleaning errant comments
|
| | | | | |
|