| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
nixos.mautrix-facebook: Fix appservice name
|
| | |
| |
| |
| | |
It appears that newer mautrix-facebook versions default to the appservice name `facebook`. This was breaking our registration and causing mautrix-facebook to fail to start. This changes the name back and makes the registration generated match whatever the setting in the app is.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
PROXY protocol is a convenient way to carry information about the
originating address/port of a TCP connection across multiple layers of
proxies/NAT, etc.
Currently, it is possible to make use of it in NGINX's NixOS module, but
is painful when we want to enable it "globally".
Technically, this is achieved by reworking the defaultListen options and
the objective is to have a coherent way to specify default listeners in
the current API design.
See `mkDefaultListenVhost` and `defaultListen` for the details.
It adds a safeguard against running a NGINX with no HTTP listeners (e.g.
only PROXY listeners) while asking for ACME certificates over HTTP-01.
An interesting usecase of PROXY protocol is to enable seamless IPv4 to
IPv6 proxy with origin IPv4 address for IPv6-only NGINX servers, it is
demonstrated how to achieve this in the tests, using sniproxy.
Finally, the tests covers:
- NGINX `defaultListen` mechanisms are not broken by these changes;
- NGINX PROXY protocol listeners are working in a final usecase
(sniproxy);
- uses snakeoil TLS certs from ACME setup with wildcard certificates;
In the future, it is desirable to spoof-attack NGINX in this scenario to
ascertain that `set_real_ip_from` and all the layers are working as
intended and preventing any user from setting their origin IP address to
any arbitrary, opening up the NixOS module to bad™ vulnerabilities.
For now, it is quite hard to achieve while being minimalistic about the
tests dependencies.
|
| |\ \
| | |
| | | |
nixos/qemu-vm: add option for named network interfaces
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Adds a new option to the virtualisation modules that enables specifying explicitly named network interfaces in QEMU VMs.
The existing `virtualisation.vlans` option is still supported for cases where the name of the network interface is irrelevant.
|
| |\ \ \
| | | |
| | | | |
nixos/tests/nar-serve: Fix
|
| | | |/
| |/| |
|
| | | |
| | |
| | |
| | | |
Signed-off-by: lucasew <lucas59356@gmail.com>
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
A fully featured and highly configurable SFTP server with optional
HTTP/S, FTP/S and WebDAV support.
https://github.com/drakkan/sftpgo
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This commit adds a comma in front of the given options, which makes the
mounts still succeed even if no options are given.
Fixes #233946
|
| |\ \ \
| | | |
| | | | |
nixos/proxmox-image: fix qemu build failure
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
nixos/thelounge: add package option
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Adds a package option to the thelounge NixOS module.
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
mir: Pull patch to fix evdev device misses
|
| | | | | | | |
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/stratis: initrd support for stratis root volumes
|
| | | | | | | | |
|
| | | | | | | | |
|
| | |\ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
it is now possible to supply a stratis pool uuid
for every filesystem, and if that filesystem
is required for boot, the relevant pool will be
started in the initramfs.
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ |
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Relates to #229910.
|
| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
clonehero: 0.23.2.2 -> 1.0.0.4080
|
| | | |_|_|_|_|_|/ /
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | | |
Co-authored-by: Kira Bruneau <kira.bruneau@pm.me>
|
| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
amjoseph-nixpkgs/pr/release-notes/powerpc64le-linux
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This commit adds a mention to the release notes of the fact that
NixOS 23.05 can build installer ISOs for a new platform.
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
amjoseph-nixpkgs/pr/release-notes/powerpc-ieee-long-double
|
| | |/ / / / / / / / / |
|
| |\ \ \ \ \ \ \ \ \ \
| |_|/ / / / / / / /
|/| | | | | | | | | |
nixos/synapse: allow omitting `trusted_key_servers[].verify_keys`
|
| | | |_|_|/ / / / /
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Synapse does not require the `verify_keys` attr/object to be set.
It made sense back in the day, when federation traffic used to use self-signed certificates. But this is no longer the case.
The previous `types.nullOr` didn't actually allow omitting `verify_keys` because Synapse's config parser is unable to parse that.
Not a breaking change.
Upstream docs: https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html?highlight=verify_keys#trusted_key_servers
|
| | | | | | | | | | |
|
| | |_|_|_|_|_|_|/
|/| | | | | | |
| | | | | | | |
| | | | | | | | |
match changes in 25f3323d60271ac9b668757322c47f96aa7ca726
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nixos/iso-image: enable BIOS boot by default if possible
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
The change introduced in commit e5b072eca165430efc4d7a179011a42aab4470a2
breaks backwards compatibility for some users, see
https://github.com/NixOS/nixpkgs/commit/e5b072eca165430efc4d7a179011a42aab4470a2#commitcomment-113775008
https://github.com/NixOS/nixpkgs/pull/219351#discussion_r1139773448
This change updates the implementation to enable BIOS boot if possible
for the build and host platforms, and also assert that BIOS boot is not
enabled for non-x86 host platforms.
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
outline: 0.68.1 -> 0.69.2
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \ \
| |/ / / / / / / / /
|/| | | | | | | | | |
nixos/hercules-ci-agent: sync module with upstream
|
| | | |_|_|_|_|_|_|/
| |/| | | | | | | |
|