Commit graph

17441 commits

Author SHA1 Message Date
Niklas Hambüchen
959c4e82bc
Merge pull request #100255 from nh2/sshd-default-log-level-info
sshd service: Default to INFO logLevel (upstream default)
2021-06-23 02:06:54 +02:00
Niklas Hambüchen
4bd5f1115f
Merge pull request #127166 from nh2/xserver-config-mkAfter-docs
services.xorg.config: Extend docs
2021-06-23 01:55:58 +02:00
Niklas Hambüchen
a48fea4c5e sshd service: Default to INFO logLevel (upstream default).
The previous justification for using "VERBOSE" is incorrect,
because OpenSSH does use level INFO to log "which key was used
to log in" for sccessful logins, see:
6247812c76/auth.c (L323-L328)

Also update description to the wording of the sshd_config man page.

`fail2ban` needs, sshd to be "VERBOSE" to work well, thus
the `fail2ban` module sets it to "VERBOSE" if enabled.

The docs are updated accordingly.
2021-06-23 01:49:11 +02:00
Niklas Hambüchen
e85693afde
Merge pull request #127157 from nh2/xserver-readable-config-indentation
xserver: Generate readable config indentation
2021-06-23 01:16:50 +02:00
Maximilian Bosch
5aad4e73b6
privacyIDEA: 3.5.2 -> 3.6
ChangeLog: https://github.com/privacyidea/privacyidea/releases/tag/v3.6

Unfortunately we have to use `sqlalchemy` at 1.3 for `sqlsoup`. As
`sqlalchemy` is required by a lot of packages, I decided to move this
package out of `pythonPackages` itself and instantiate a new
`pythonPackages` inside the expression where `sqlalchemy` points to
`sqlalchemy_1_3`.
2021-06-22 15:36:36 +02:00
Sandro
5f44b42bf4
Merge pull request #127641 from xfix/promethus-state-permissions 2021-06-22 10:23:56 +02:00
Linus Heckemann
203e81e4ee
Merge pull request #125281 from zhaofengli/phosh-systemd
phosh: 0.10.2 -> 0.11.0
2021-06-22 08:23:29 +02:00
Konrad Borowski
447b1cf03d nixos/prometheus: allow state access for service only
There is no reason for Prometheus state files to be
world-readable.
2021-06-21 10:16:47 +02:00
Sandro
84a79c2f0f
Merge pull request #126284 from aanderse/zabbix-user-params
zabbixAgent: add bash to $PATH
2021-06-20 17:58:43 +02:00
Sandro
e6a012fb00
Merge pull request #127063 from talyz/fail2ban-restart
nixos/fail2ban: Remove `reloadIfChanged = true`
2021-06-20 17:57:57 +02:00
illustris
e0089c38ca nixos/jitsi-meet: include jitsi prosody plugins in prosody extraPluginPaths 2021-06-20 12:36:51 +02:00
illustris
34b9ba2e61 nixos/jitsi-meet: Update jitsi prosody configs
Changes made as per b6f7f8fba7
2021-06-20 12:36:51 +02:00
Martin Weinelt
af664bf942
Merge pull request #127127 from mweinelt/home-assistant
nixos/home-assistant: update hardening
2021-06-18 20:15:05 +02:00
Niklas Hambüchen
65d3180336 services.xorg.config: Extend docs 2021-06-17 04:08:21 +02:00
Niklas Hambüchen
685e8ff7dd xserver: Generate readable config indentation 2021-06-17 03:34:40 +02:00
Martin Weinelt
36659d1efa
nixos/home-assistant: update hardening
This makes access to serial devices contingent on using certain
components and restricts the default setup even further.
2021-06-16 21:31:24 +02:00
Sandro
22a29f491a
Merge pull request #124566 from mweinelt/synapse-jemalloc 2021-06-16 17:52:56 +02:00
talyz
b4c069b147
nixos/fail2ban: Remove reloadIfChanged = true
This makes the service fail when upgrading the package, so let's
properly restart it instead.
2021-06-16 13:52:46 +02:00
Erik Skytthe
d1b4158155
nixos/grafana: Change services.grafana.provision.datasources.*.type to be open (#126831) 2021-06-16 11:12:51 +02:00
markuskowa
5ad54b5bc9
Merge pull request #126785 from oxzi/ucarp-1.5.2
ucarp: init at 1.5.2 / nixos/ucarp: init / nixos/test/ucarp: init
2021-06-16 10:54:23 +02:00
Sandro
b8958bbfa6
Merge pull request #126874 from legendofmiracles/espanso-cleanup
espanso: add runtime dependencies correctly, nixos/espanso remove path hack
2021-06-16 03:01:18 +02:00
Martin Weinelt
60c62214f5
nixos/solanum: implement reload and allow config changes
Reload only works with a static configuration path as there is no way to
pass the dynamically generated config path to a running solanum
instance, therefore we symlink the configuration to
/etc/solanum/ircd.conf.

But that will prevent reloads of the ircd, because the systemd unit
wouldn't change when the configuration changes. That is why we add the
actual location of the config file to restartTriggers and enable
reloadIfChanged, so changes will not restart, but reload on changes.
2021-06-16 00:19:35 +02:00
Robert Hensing
c2c47cc85b
Merge pull request #126922 from hercules-ci/ssh-keys-example
nixos/ssh: Add an example of verbatim keys
2021-06-15 21:38:19 +02:00
Alvar Penning
8673a40eda nixos/ucarp: init 2021-06-15 18:13:31 +02:00
Martin Weinelt
fb49094c3f
nixos/home-assistant: NixOS is an unsupported installation method
Trying to steer NixOS users away from reporting bugs to the upstream,
when they don't have the capacity to support bugs that could be the
result of our downstreaming setup.
2021-06-15 15:31:01 +02:00
Sandro
2b49e4e735
Merge pull request #107728 from nessdoor/master 2021-06-15 14:40:21 +02:00
Robert Hensing
dab747106e nixos/ssh: Document authorizedKeysFiles properly 2021-06-15 12:23:09 +02:00
Robert Hensing
8352cc9a23 nixos/ssh: Add an example of verbatim keys
This confused someone on SO.
2021-06-15 11:51:41 +02:00
Bernardo Meurer
2d29f4f2e7
Merge pull request #112971 from lovesegfault/roon-bridge
roon-bridge: init at 1.8-795
2021-06-14 19:57:20 -07:00
Aamaruvi Yogamani
358aa90e30
nixos/auto-cpufreq: fix service wantedBy 2021-06-14 20:01:26 -04:00
legendofmiracles
3e7ec42d68
espanso: add runtime dependencies correctly, nixos/espanso remove path hack 2021-06-14 13:09:57 -06:00
Profpatsch
799cdbd834 tailscale: add interfaceName option
tailscale allows to specify the interface name.
The upstream systemd unit does not expose it directly however, only
via the `FLAGS` environment variable.

I can’t be 100% sure that the escaping is correct, but this is as good
as we can do for now, unless upstream changes their unit file.
2021-06-14 11:25:08 +02:00
Kim Lindberger
26706834a5
Merge pull request #86967 from jakobrs/more-general-fsbefore
nixos/lib/utils: Add `fileSystems.<name>.depends` option and generalise fsBefore (fixes #86955)
2021-06-14 10:50:07 +02:00
Robert Hensing
ab11d2114e
Merge pull request #126680 from roberth/empty
emptyFile, emptyDirectory: init
2021-06-13 20:45:21 +02:00
Bernardo Meurer
c8f95fd174
nixos.roon-bridge: init 2021-06-13 03:38:42 -07:00
Sandro
3d6416cc20
nixos/synergy: add encryption support to server (#125002)
Co-authored-by: Joshua Trees <me@jtrees.io>
2021-06-12 21:35:04 +02:00
Michele Guerini Rocco
ff4f74259a
Merge pull request #126658 from ncfavier/patch-2
nixos/console: allow console.font to be a path
2021-06-12 18:47:18 +02:00
Robert Hensing
d48591123f nixos/apache-httpd: Use pkgs.emptyDirectory 2021-06-12 17:28:42 +02:00
Naïm Favier
39bc736382
nixos/console: allow console.font to be a path
As for console.keyMap, all uses of this option are compatible with paths. This allows doing things like `console.font = pkgs.runCommand ...`.
2021-06-12 13:24:32 +02:00
misuzu
ad502ab5c5 nixos/sourcehut: automatically build and import qemu image for docker 2021-06-11 11:48:49 -04:00
Domen Kožar
2072bba95d
Merge pull request #125311 from jansol/pipewire
pipewire: 0.3.27 -> 0.3.30
2021-06-11 16:48:52 +02:00
Joshua Trees
706ce9e230 nixos/synergy: add encryption support
Make it possible to use the Synergy server with TLS encryption without
resorting to the GUI.
2021-06-11 14:52:34 +02:00
Maciej Krüger
3f062397a5
x2goserver: fix rename whole module 2021-06-11 09:07:23 +02:00
Maciej Krüger
6dbeea0b40
nixos/x2goserver: put into networking, like xrdp 2021-06-11 08:13:49 +02:00
Maciej Krüger
03071fd5e3
nixos/xrdp: add openFirewall option 2021-06-11 08:13:48 +02:00
Anderson Torres
0b37436b8d
Merge pull request #126439 from Artturin/add-corectrl-module
nixos/corectrl: init module
2021-06-11 01:19:38 -03:00
Artturin
9f396c9584 nixos/corectrl: init module 2021-06-11 03:00:29 +03:00
Zhaofeng Li
544bf2c29b nixos/phosh: Enable OpenGL by default 2021-06-10 23:43:40 +00:00
Milan Pässler
55cd291bbd pleroma-otp: remove 2021-06-10 22:53:00 +02:00
Maciej Krüger
c0c34eb757
Merge pull request #125619 from mkg20001/bulky 2021-06-10 08:51:44 +00:00