| Commit message (Collapse) | Author | Age |
|\
| |
| | |
services.ntpd: Add extraConfig parameter
|
| | |
|
|\ \
| |/
|/| |
Introduce `networking.hostFiles` option
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When blocklists are built with a derivation, using extraHosts would
require IFD, since the result of the derivation needs to be converted to
a string again.
By introducing this option no IFD is needed for such use-cases, since
the fetched files can be assigned directly.
|
|\ \
| | |
| | | |
ankisyncd, nixos/ankisyncd: init at 2.1.0
|
| | | |
|
|\ \ \
| | | |
| | | | |
NixOS/auto-upgrade: Add optional randomized delay
|
| | | | |
|
| | | |
| | | |
| | | | |
Co-Authored-By: Pascal Hertleif <killercup@gmail.com>
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
tests: Fix signal-desktop
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
This test fails due to OOM on the VM. Setting the memory of the VM to
1024 lets the test succeed.
Cc: @flokli
|
|\ \ \ \
| | | | |
| | | | | |
nixos/firejail: add example for wrappedBinaries
|
| | | | | |
|
|\ \ \ \ \
| | | | | |
| | | | | | |
nixos/vsftpd: fix missing default pam_service_name
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
9458ec4 removed the ftp pam service which was used by default by vsftpd
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/haproxy: Revive the haproxy user and group
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Running haproxy with "DynamicUser = true" doesn't really work, since
it prohibits specifying a TLS certificate bundle with limited
permissions. This revives the haproxy user and group, but makes them
dynamically allocated by NixOS, rather than statically allocated. It
also adds options to specify which user and group haproxy runs as.
|
| | | | | | | |
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
nixos: fix module paths in rename.nix
|
| | | | | | | | |
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
tests/kubernetes: remove unreferenced variable and import from inexisting file
|
| | |_|_|_|_|_|/
| |/| | | | | | |
|
|\ \ \ \ \ \ \ \
| |_|/ / / / / /
|/| | | | | | | |
malcontent: 0.4.0 → 0.6.0
|
| | |_|/ / / /
| |/| | | | | |
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
FreeRADIUS improvements
|
| | | | | | | | |
|
| |/ / / / / / |
|
|\ \ \ \ \ \ \
| |_|_|_|_|/ /
|/| | | | | | |
switch-to-configuration: Add new option X-OnlyManualStart
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is to facilitate units that should _only_ be manually started and
not activated when a configuration is switched to.
More specifically this is to be used by the new Nixops deploy-*
targets created in https://github.com/NixOS/nixops/pull/1245 that are
triggered by Nixops before/after switch-to-configuration is called.
|
|/ / / / / / |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It doesn't belong into [Service]:
> Unknown key name 'ConditionPathExists' in section 'Service', ignoring.
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
buildLayeredImage: Allow empty store, no paths to add
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This is useful when buildLayeredImage is called in a generic way
that should allow simple (base) images to be built, which may not
reference any store paths.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
zoneminder: 1.32.3 -> 1.34.3
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| |_|_|_|/ / / /
|/| | | | | | | |
nixos/acme: apply chmod and ownership unconditionally
|
| | |_|_|_|/ /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Also separate directory and file permissions so the certificate files
don't end up with the executable bit.
Fixes #81335
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
nixos/wireguard: Fix typo in error message
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
generatePrivateKey -> generatePrivateKeyFile
|
|\ \ \ \ \ \ \ \
| |/ / / / / / /
|/| | | | | | | |
nixos/nginx: use Mozilla Intermediate TLS configuration
|
| | |_|_|/ / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate
is reliably kept up-to-date in terms of security and compatible with a
wide range of clients. They've probably had more care and thought put
into them than our defaults, and will be easier to keep updated in
the future.
The only removed (rather than changed) configuration option here is
ssl_ecdh_curve, per https://github.com/mozilla/server-side-tls/issues/189.
Resolves #80952.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
uwsgi: use pyhome instead of pythonpath for uwsgi vassals
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
shorewall: fix RestartTriggers
|