| Commit message (Collapse) | Author | Age |
... | |
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| |_|_|_|/ / / /
|/| | | | | | | |
nixos/varnish: made compatible with varnish 5.1.2, add modules
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* nixos/varnish: command line compatible with varnish 5.2.1, fixes
https://github.com/NixOS/nixpkgs/issues/27409
* nixos/varnish: add support for modules (services.varnish.extraModules)
* varnish-modules: init at 0.10.2
* varnish-geoip: init at 1.0.2
* varnish-rtstatus: init at 1.2.0
* varnish-digest: init at 1.0.1
* added services.varnish.extraCommandLine option
|
| |_|/ / / / /
|/| | | | | | |
|
| |_|_|_|/ /
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* modules sks and pgpkeyserver-lite:
runs the sks keyserver with optional nginx proxy for webgui.
* Add calbrecht to maintainers
* module sks: fix default hkpAddress value
* module pgpkeyserver-lite: make hkpAddress a string type option
and use (builtins.head services.sks.hkpAddress) as default value
* module sks: remove leftover service dependencies
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
module gitlab-runner: introduce configOptions and configFile
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Also removes configText, functionality is now provided more conveniently by configOptions.
Keep in mind that this breaks compatibility with previous configurations,
configFile provides a means to protect the CI token from being written into the nix store.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This interferes with sendmail because suid won't work. Fixes #26611.
|
|\ \ \ \ \ \ \ |
|
| | |_|/ / / /
| |/| | | | | |
|
|/ / / / / / |
|
|/ / / / / |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The "headless" configuration option is ignored because we unconditionally
reference pkgs.open-vm-tools.
This fixes that.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
"Builder called die: Cannot wrap
/nix/store/XXX-munin-available-plugins/plugin.sh because it is not an
executable file"
[Bjørn: Keep DRY, quote "$file".]
|
|\ \ \ \ \
| | | | | |
| | | | | | |
postage: init at 3.2.17 & add NixOS module
|
| | | | | | |
|
| | | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Also see c2cf696430055498467dd9deec59939e8d52a43e.
|
|\ \ \ \ \ \ |
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
replace "Mac OS X" and "OS X" with "macOS"
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
as it is the official name since 2016
https://en.wikipedia.org/wiki/Macintosh_operating_systems#Desktop
exception are parts refering to older versions of macOS like
"GUI support for Mac OS X 10.6 - 10.12. Note that Emacs 23 and later [...]"
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Couple of changes:
- move home to /var/lib/ddclient so we can enable ProtectSystem=full
- do not stick binary into systemPackages as it will only run as a daemon
- run as dedicated user/group
- document why we cannot run as type=forking (output is swallowed)
- secure things by running with ProtectSystem and PrivateTmp
- .pid file goes into /run/ddclient
- let nix create the home directory instead of handling it manually
- make the interval configurable
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| |_|_|_|_|/ / /
|/| | | | | | | |
libvirt: 3.5.0 -> 3.6.0
|
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Although it is quite safe to restart ```libvirtd``` when there are only ```qemu``` machines, in case if there are ```libvirt_lxc``` containers, a restart may result in putting the whole system into an odd state: the containers go on running but the new ```libvirtd``` daemons do not see them.
|
| | | | | | | | |
|
| | |_|_|_|_|/
| |/| | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
firefox syncserver service: fix PYTHONPATH
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
marked as broken for > 1 yr, development is frozen and author recommends
moving to https://github.com/ripple/ripple-lib
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nixos/mosquitto: Fix instructions for password gen
|
| | |_|_|/ / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Fixes https://github.com/NixOS/nixpkgs/issues/27996.
Updates instructions for generating hashes passwords for use in a
Mosquitto password file. Using `mosquitto_passwd` to generate these
hashes is a little less convenient, but the results are more likely to
be compatible with the mosquitto daemon.
As far as I can tell, the hashes generated with `mkpassd` did not work
as intended. But this may have been hidden by another bug:
https://github.com/NixOS/nixpkgs/issues/27130.
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* nixos/tor: add hiddenServices option
This change allows to configure hidden services more conveniently.
* nixos/tor: fix default/example mixup
* nixos/tor: use docbook in documentation
Also use more elegant optionalString for optional strings.
* tor: seperate hidden service port by newline
* tor: better example for hidden service path
a path below /var/lib/tor is usually used for hidden services
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
The PAM service name used before this commit was "sambda", with an
extra 'd'. For some reason I don't quite fully understand this typo
prevents GDM from starting. This change fixes that as tested in VMs
built using "nixos-rebuild -I nixpkgs=<mypkgs> build-vm".
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
rsync service: allow running as user (plus some tweaks)
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
influxdb (on nixos): reduce closure size by 99.99% (and a bit)
|
| | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
wireguard: add per-peer routing table option
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Do the right thing, and use multiple interfaces for policy routing. For example, WireGuard interfaces do not allow multiple routes for the same CIDR range.
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Most users will be served well by the default "table" setting ("main").
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
This adds a convenient per-peer option to set the routing table that associated routes are added to. This functionality is very useful for isolating interfaces from the kernel's global routing and forcing all traffic of a virtual interface (or a group of processes, via e.g. "ip rule add uidrange 10000-10009 lookup 42") through Wireguard.
|
|\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
nixos/tinc: do not tell systemd where is pidfile
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
```Tinc```'s pid file has more info than just a pid
```
# cat /run/tinc.dmz.pid
12209 7BD4A657B4A04364D268D188A0F4AA972A05247D802149246BBE1F1E689CABA1 127.0.0.1 port 656
```
so ```systemd``` fails to parse it.
It results in long (re)start times when ```systemd``` waits for a correct pid file to appear.
|
| | | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|/ / / /
|/| | | | | | | | | | | |
Post fix up
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
defined
|