colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
505,283 Commits 125 Branches 0 Tags 3.4 GiB
9858973dad
Commit Graph

408 Commits

Author SHA1 Message Date
André Schröder
9858973dad nixos/vaultwarden: Fix Markdown syntax of link 
The typo was introduced in 1d41cff3dc
 2023-07-17 23:41:44 +02:00
Oliver Richter
9d6cd34766 esdm: init at 0.6.0 
Signed-off-by: Oliver Richter <richter-oliver@gmx.net>
 2023-07-13 16:08:12 +02:00
Lassulus
0e1fc501c6
Merge pull request #241927 from ether42/usbguard 
nixos/usbguard: rename services.usbguard.implictPolicyTarget to services.usbguard.implicitPolicyTarget
 2023-07-12 18:58:30 +02:00
Felix Buehler
bec27fabee treewide: use lib.optional instead of 'then []' 2023-07-12 09:36:28 +01:00
Kevin Boulain
680ee304ca nixos/usbguard: rename services.usbguard.implictPolicyTarget to services.usbguard.implicitPolicyTarget 2023-07-06 15:34:40 +02:00
Lassulus
f751061a08
Merge pull request #237477 from accelbread/usbguard-dbus-support 
nixos/usbguard: add USBGuard dbus daemon option
 2023-07-05 23:13:10 +02:00
Ryan Lahfa
7672c1e9ae
Merge pull request #201907 from Tom-Hubrecht/fail2ban 2023-07-02 13:57:47 +02:00
Niklas Hambüchen
080757c6c5 nixos/vaultwarden: Bind to localhost by default. See #100192 2023-07-01 15:35:28 +02:00
Tom Hubrecht
208ee8b2e2 nixos/fail2ban: use attrsets for settings instead of strings 2023-06-30 22:27:40 +02:00
Felix Buehler
933a41a73f treewide: use optional instead of 'then []' 2023-06-25 09:11:40 -03:00
Jelle Besseling
53a3ddfab8
vault: set coredump ulimit to 0 2023-06-22 16:44:30 +02:00
Archit Gupta
cbb69aa1c1 nixos/usbguard: add USBGuard dbus daemon option 
The usbguard package includes the dbus daemon, but the NixOS config
option does not provide a service file or its necessary polkit rules.

Enabling the dbus daemon allows use of Gnome's USBGuard support.
 2023-06-12 21:38:07 -07:00
Max
847a7f1102 nixos/kanidm: auto-restart kanidm-unixd-tasks 2023-06-11 17:17:42 +02:00
pennae
727086540f
Merge pull request #233238 from emilylange/username-change 
maintainers: rename indeednotjames to emilylange
 2023-05-21 17:07:05 +02:00
emilylange
b0e7f7f5db
maintainers: rename indeednotjames to emilylange 2023-05-21 16:01:35 +02:00
figsoda
701bcdbead nixos: fix typos 2023-05-19 22:31:04 -04:00
Izorkin
edb40b3e4f nixos/fail2ban: others small update 2023-05-03 08:45:26 +02:00
Izorkin
544ebba973 nixos/fail2ban: update bantime options 2023-05-03 08:45:26 +02:00
Thomas
4e8bde773f
nixos/{consul-template,vault-agent}: init 2023-04-24 06:55:57 +02:00
Tom Hubrecht
e41c569429 nixos/authelia: Allow using Unix sockets 2023-04-20 23:53:16 +02:00
datafoo
066166cf49 nixos/fail2ban: add extraSettings option 2023-04-20 16:57:24 +02:00
Artturi
b83db86a9e
Merge pull request #222080 from Stunkymonkey/nixos-optionalString 2023-04-20 16:07:30 +03:00
Flakebi
603e89eef9 kanidm: BindMount certificate paths 
Bind mount the base dirs of the tls key and chain into the service.

Make sure to bind every directory just once. The test failed on ofborg
when /nix/store and the certificate path in /nix/store/<some path> were
bound.
 2023-04-20 02:32:37 +02:00
datafoo
3403ee0602 nixos/fail2ban: add bantime option 2023-04-19 19:18:31 +02:00
Felix Buehler
327b0cff7a treewide: use more lib.optionalString 2023-04-07 13:38:33 +02:00
06kellyjac
9b60eef4bd authelia: move module under security and minor fixes 
Fixed test access to lib
Added nixos test to passthru
 2023-03-27 12:00:07 +01:00
Flakebi
12db8314d7
fail2ban: 0.11.2 -> 1.0.2 
Update to 1.0.2: https://github.com/fail2ban/fail2ban/blob/1.0.2/ChangeLog#ver-102-20221109---finally-war-game-test-tape-not-a-nuclear-alarm
1.0.1 contained a few breaking changes, but I think they have little
impact.

I changed the module to use the systemd service shipping with fail2ban
(now added to the package).
 2023-02-15 10:11:38 +01:00
Marin
785cd824a3 nixos/yubikey-agent: Add dependency to pcsd.service 
Issue: after installing, running `yubikey-agent -setup` produces the
following error:
```
nixOS: Failed to connect to the YubiKey: connecting to pscs: the Smart
card resource manager is not running
```

More on this issue: https://github.com/FiloSottile/yubikey-agent/issues/137
 2023-02-11 09:32:24 -05:00
pennae
bf4c0c1900 nixos/*: remove trailing period in mkEnableOptions 
those are added by mkEnableOption, and .. is replaced to … by markdown
processing.
 2023-02-08 15:23:34 +01:00
Maximilian Bosch
918c22bd5f
privacyidea: fix build 
The previous changes for the 3.8 update are ready, but staging got
merged into master, so there are a few more challenges to tackle:

* Use python 3.10 now since it's actually supported and less effort to
  build (3.9 isn't recursed into anymore).
* sphinx doesn't build with these overrides, so patch it out entirely
  (i.e. drop `sphinxHook` where it's causing problems).
* backport a few jinja2 fixes for python 3.10 that were fixed in later
  versions, but break because this env is stuck to 2.11.
 2023-02-06 20:28:26 +01:00
Maximilian Bosch
f6c8d04d11
nixos/privacyidea: fix db uri 
Fixes db migration on 3.8. See also https://github.com/privacyidea/privacyidea/issues/3447
 2023-02-06 17:29:47 +01:00
Naïm Favier
3aa1337a71
nixos: remove stray spaces 2023-01-21 21:46:53 +01:00
Matthieu Coudron
cf10d7aef8
services.openssh: support freeform settings (#193757) 
* services.openssh: support freeform settings

Keep "extraConfig" but introduces "settings".

Also renames several options

(mkRenamedOptionModule [ "services" "openssh" "kbdInteractiveAuthentication" ] [  "services" "openssh" "settings" "KbdInteractiveAuthentication" ])
(mkRenamedOptionModule [ "services" "openssh" "passwordAuthentication" ] [  "services" "openssh" "settings" "PasswordAuthentication" ])
(mkRenamedOptionModule [ "services" "openssh" "useDns" ] [  "services" "openssh" "settings" "UseDns" ])
(mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [  "services" "openssh" "settings" "PermitRootLogin" ])

* updated doc
* regen doc
 2023-01-15 16:32:46 +01:00
Naïm Favier
88a7218236
nixos/fail2ban: support nftables with default configuration 2023-01-07 11:26:40 +01:00
Sandro
c8c8ac5cc6
Merge pull request #203449 from yaxitech/azure-quote-provider 2022-12-24 16:19:39 +01:00
figsoda
6bb0dbf91f nixos: fix typos 2022-12-17 19:31:14 -05:00
Martin Weinelt
0497d5b99f
vaultwarden: Add update script to keep web vault in sync 
- Adds an update script to fetch the compatible web vault version
- Removes `vaultwarden-vault` from top-level to prevent independent
  updates through e.g. r-ryantm. Istead the vault is now accessible
  at `vaultwarden.webvault`.
- The name webvault was chosen because it is the title of the projects
  README and it makes it clearer, that this is the web UI.
 2022-12-14 15:00:20 +01:00
Naïm Favier
0ff3b35356 nixos/doc: fix some options 2022-12-08 17:52:52 +01:00
Vincent Haupert
dbff3c22c1 nixos/aesmd: add option environment 2022-12-04 20:12:50 +01:00
Andreas Stührk
da0dc8339c nixos/aesmd: add option to configure quote provider library 
Changes sgx-psw to append `aesm` to `LD_LIBRARY_PATH`:
- Append instead of prepend to allow for overriding in service config
- As we already add a wrapper to add `aesm` to `LD_LIBRARY_PATH` it is
  not necessary to also set in `LD_LIBRARY_PATH` of the systemd service.

Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
 2022-12-04 20:12:50 +01:00
Ryan Lahfa
39f399f6ff
Merge pull request #199395 from owm111/physlock-m 
nixos/physlock: add muteKernelMessages option
 2022-12-01 14:51:50 +01:00
Jonas Heinrich
3aff916914 nixos/opensnitch: Add option to configure rules 2022-11-28 14:19:16 -05:00
Flakebi
887020f39c nixos/kanidm: Add tls options 
Since 1.1.0-alpha.10 kanidm requires TLS to be set up or it won't start.
 2022-11-26 21:42:35 +01:00
figsoda
d1dd00b618 nixos/vaultwarden: use lib.concatMapAttrs 2022-11-17 12:54:28 -05:00
Owen McGrath
ee090cd808 nixos/physlock: add muteKernelMessages options 
Add an option for physlock's -m flag, which mutes kernel messages on the
console. This ensures that the password prompt is the only thing on the
screen and isn't lost in a flood of kernel messages.
 2022-11-03 15:22:09 -05:00
Sandro
a01b2b807e
Merge pull request #197221 from azahi/endlessh-module 2022-11-01 23:44:25 +01:00
MidAutumnMoon
7415970a3e nixos/endlessh-go: set proper SystemCallFilter 2022-10-24 22:21:02 +10:00
Azat Bahawi
76ccbea152
nixos/endlessh: init module 2022-10-22 16:07:52 +03:00
Artturin
7e49471316 treewide: optional -> optionals where the argument is a list 
the argument to optional should not be list
 2022-10-10 15:40:21 +03:00
Sandro
f5802f496d
Merge pull request #187026 from azahi/endlessh-go 2022-10-09 16:50:02 +02:00