nixpkgs/nixos/modules/services
Luflosi 3c63da7cf8
nixos/tor: allow tor to read resolv.conf when using resolved
When `services.resolved.enable` is set to true, the file /etc/resolv.conf becomes a symlink to /etc/static/resolv.conf, which is a symlink to /run/systemd/resolve/stub-resolv.conf. Without this commit, tor does not have access to this file thanks to systemd confinement. This results in the following warning when tor starts:
```
[warn] Unable to stat resolver configuration in '/etc/resolv.conf': No such file or directory
[warn] Could not read your DNS config from '/etc/resolv.conf' - please investigate your DNS configuration. This is possibly a problem. Meanwhile, falling back to local DNS at 127.0.0.1.
```
To fix this, simply allow read-only access to the file when resolved is in use.
According to https://github.com/NixOS/nixpkgs/pull/161818#discussion_r824820462, the symlink may also point to /run/systemd/resolve/resolv.conf, so allow that as well.
2022-03-15 15:16:14 +01:00
..
admin nixos/pgadmin: init 2022-02-26 14:30:14 +01:00
amqp
audio nixos/squeezelite: add support for PulseAudio version 2022-03-13 21:08:52 +08:00
backup nixos/mysqlBackup: set service Type 2022-02-18 18:35:55 +01:00
blockchain/ethereum
cluster nixos/k3s: use the systemd driver for docker + unified cgroups 2022-03-05 11:30:53 -08:00
computing
continuous-integration modules/github-runner: Improve description of url 2022-03-11 10:26:39 +01:00
databases nixos/redis: bind on localhost by default 2022-02-28 13:37:47 +01:00
desktops Merge pull request #156858: nixos/polkit: don't enable by default 2022-03-05 14:48:35 +01:00
development add a defaultText 2022-02-23 16:19:10 -05:00
display-managers
editors
finance
games
hardware Merge pull request #156858: nixos/polkit: don't enable by default 2022-03-05 14:48:35 +01:00
home-automation nixos/zigbee2mqtt: move into home-automation category 2022-03-01 19:19:31 +01:00
logging logrotate: do not enable logrotate.service itself 2022-02-26 19:13:12 +09:00
mail
matrix nixos/synapse: move into matrix category 2022-03-04 23:57:35 +01:00
misc nixos/jellyfin: Disable PrivateDevices from hardening to allow GPU endpoints to be accessed 2022-03-13 17:01:10 +00:00
monitoring Merge pull request #162254 from Ma27/init-dmarc-exporter 2022-03-14 09:02:08 +01:00
network-filesystems ipfs-migrator: 1.7.1 -> 2.0.2 2022-02-25 11:12:19 -08:00
networking Merge pull request #163304 from gravndal/amule-daemon 2022-03-12 16:18:29 +02:00
printing
scheduling
search
security nixos/tor: allow tor to read resolv.conf when using resolved 2022-03-15 15:16:14 +01:00
system nixos/earlyoom: use the newly introduced systembus-notify option 2022-03-13 20:21:21 +08:00
torrent
ttys
video epgstation: make updateScript create EditorConfig-compliant files 2022-03-12 15:10:39 +09:00
wayland
web-apps plantuml-server 1.2021.12 -> 1.2022.2 2022-03-11 09:05:35 +01:00
web-servers Merge pull request #163716 from svanderburg/fixtomcat 2022-03-13 21:43:45 +01:00
x11 Merge pull request #163622 from ilya-fedin/mate-allow-remove-any-package 2022-03-14 15:26:58 +03:00