| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
| |
This reverts commit d35df28f65208764f6f94ba330c98615d95b934c.
Upstream ddclient has new maintainers and made a new release (update in
next commit(s)).
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since ddclient@24ba945 (v3.10.0), the type and meaning of the "ipv6"
option has changed. This resulted in the following warning when
starting the service:
WARNING: file /run/ddclient/ddclient.conf, line 13:
Invalid Value for keyword 'ipv6' = 'no'
This therefore removes the matching boolean option.
More advanced configurations can use the "extraConfig" option instead.
|
|\ |
|
| | |
|
|/ |
|
| |
|
|
|
|
| |
Closes #191105
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the conversion procedure is simple:
- find all things that look like options, ie calls to either `mkOption`
or `lib.mkOption` that take an attrset. remember the attrset as the
option
- for all options, find a `description` attribute who's value is not a
call to `mdDoc` or `lib.mdDoc`
- textually convert the entire value of the attribute to MD with a few
simple regexes (the set from mdize-module.sh)
- if the change produced a change in the manual output, discard
- if the change kept the manual unchanged, add some text to the
description to make sure we've actually found an option. if the
manual changes this time, keep the converted description
this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
|
|
|
|
|
|
|
| |
...by using `replace-secret` instead of `sed` when injecting the
password into the ddclient config file. (Verified with `execsnoop`.)
Ref https://github.com/NixOS/nixpkgs/issues/156400.
|
|
|
| |
verbose is a debugging setting one step noisier than debug and should only be turned on when debugging because it leaks quite some credentials and tokens in the journalctl.
|
|
|
|
| |
revert if https://github.com/NixOS/nixpkgs/pull/154928 or a similar fix gets applied
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 6af3d13bec9b13e8fa8e19594ffbcbe085387bdd.
Reported by @arcnmx
(https://github.com/NixOS/nixpkgs/pull/148179#issuecomment-987197656):
Does this not completely break the service? It doesn't change the
owner to the same as the ddclient server (which is somewhat difficult
due to it being a DynamicUser), so this now makes the service
completely unusable because the config is only readable by its owner,
root:
ddclient[871397]: WARNING: file /run/ddclient/ddclient.conf: Cannot open file '/run/ddclient/ddclient.conf'. (Permission denied)
Given that the RuntimeDirectory was only readable by the ddclient
service, the warning this PR fixes was spurious and not indicative of
an actual information leak. I'm not sure of what a quick fix would be
due to DynamicUser, but would at least request a revert of this so the
service can work again?
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
|
|
|
|
|
|
|
| |
The the extraConfig variable is added below the domain variable in the
ddclient config file. The domain variable should always be last.
(cherry picked from commit ba0ba6dc7934a6b4cc5d4090739a3a1c839afe67)
|
| |
|
|
|
| |
/run/ddclient/ddclient.conf should be installed in mode 660 (readable and writeable only by ddclient.service user and group)
|
|
|
| |
ddclient will raise a warning if /run/ddclient/ is world-readable
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a) Some providers can update multiple domains - support that.
b) Make "zone" and "script" configurable. Some providers require these.
c) Instead of leaving the ddclient daemon running all the time, use a systemd
timer to kick it off.
d) Don't use a predefined user - run everything via DynamicUser
e) Add documentation
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Couple of changes:
- move home to /var/lib/ddclient so we can enable ProtectSystem=full
- do not stick binary into systemPackages as it will only run as a daemon
- run as dedicated user/group
- document why we cannot run as type=forking (output is swallowed)
- secure things by running with ProtectSystem and PrivateTmp
- .pid file goes into /run/ddclient
- let nix create the home directory instead of handling it manually
- make the interval configurable
|
| |
|
| |
|
|
|
|
|
|
| |
Fixes #20101
From PR #21417
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
ddclient: improve documentation
Adopted @joachifm's suggestions.
ddclient additional refinement
|
|
|
|
| |
Closes #16885.
|
|
|
|
|
|
| |
The ddclient daemon requires that the configuration file is only
accessible by the ddclient user. This since it typically contains login
information.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Otherwise connection to SSL hosts fails like this:
May 26 06:44:05 kbuilder ddclient[17084]: WARNING: cannot connect to dynamicdns.park-your-domain.com:443 socket:
IO::Socket::IP configuration failed SSL connect attempt failed with unknown error
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
|
|
|
|
|
|
|
|
|
| |
This avoids the following warning:
Apr 19 10:53:48 xen systemd[1]: [/nix/store/...-unit-ddclient.service/ddclient.service:19] Unknown lvalue 'type' in section 'Service'
As `Type=simple` is the default in systemd, the assignment to the
service type can be simply dropped.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* rewrite to systemd.services
* disable forking to give systemd better control
* verifiably run as ddclient user
* expose ssl option
* unset default value for dyndns server
* rename option "web" to "use" to be consistent with ddclient docs
* add descriptions
* add types to options
* clean up formatting
|
| |
|
| |
|
|
|