André Schröder
9858973dad
nixos/vaultwarden: Fix Markdown syntax of link
...
The typo was introduced in 1d41cff3dc
2023-07-17 23:41:44 +02:00
Oliver Richter
9d6cd34766
esdm: init at 0.6.0
...
Signed-off-by: Oliver Richter <richter-oliver@gmx.net>
2023-07-13 16:08:12 +02:00
Lassulus
0e1fc501c6
Merge pull request #241927 from ether42/usbguard
...
nixos/usbguard: rename services.usbguard.implictPolicyTarget to services.usbguard.implicitPolicyTarget
2023-07-12 18:58:30 +02:00
Felix Buehler
bec27fabee
treewide: use lib.optional instead of 'then []'
2023-07-12 09:36:28 +01:00
Kevin Boulain
680ee304ca
nixos/usbguard: rename services.usbguard.implictPolicyTarget to services.usbguard.implicitPolicyTarget
2023-07-06 15:34:40 +02:00
Lassulus
f751061a08
Merge pull request #237477 from accelbread/usbguard-dbus-support
...
nixos/usbguard: add USBGuard dbus daemon option
2023-07-05 23:13:10 +02:00
Ryan Lahfa
7672c1e9ae
Merge pull request #201907 from Tom-Hubrecht/fail2ban
2023-07-02 13:57:47 +02:00
Niklas Hambüchen
080757c6c5
nixos/vaultwarden: Bind to localhost by default. See #100192
2023-07-01 15:35:28 +02:00
Tom Hubrecht
208ee8b2e2
nixos/fail2ban: use attrsets for settings instead of strings
2023-06-30 22:27:40 +02:00
Felix Buehler
933a41a73f
treewide: use optional instead of 'then []'
2023-06-25 09:11:40 -03:00
Jelle Besseling
53a3ddfab8
vault: set coredump ulimit to 0
2023-06-22 16:44:30 +02:00
Archit Gupta
cbb69aa1c1
nixos/usbguard: add USBGuard dbus daemon option
...
The usbguard package includes the dbus daemon, but the NixOS config
option does not provide a service file or its necessary polkit rules.
Enabling the dbus daemon allows use of Gnome's USBGuard support.
2023-06-12 21:38:07 -07:00
Max
847a7f1102
nixos/kanidm: auto-restart kanidm-unixd-tasks
2023-06-11 17:17:42 +02:00
pennae
727086540f
Merge pull request #233238 from emilylange/username-change
...
maintainers: rename indeednotjames to emilylange
2023-05-21 17:07:05 +02:00
emilylange
b0e7f7f5db
maintainers: rename indeednotjames to emilylange
2023-05-21 16:01:35 +02:00
figsoda
701bcdbead
nixos: fix typos
2023-05-19 22:31:04 -04:00
Izorkin
edb40b3e4f
nixos/fail2ban: others small update
2023-05-03 08:45:26 +02:00
Izorkin
544ebba973
nixos/fail2ban: update bantime options
2023-05-03 08:45:26 +02:00
Thomas
4e8bde773f
nixos/{consul-template,vault-agent}: init
2023-04-24 06:55:57 +02:00
Tom Hubrecht
e41c569429
nixos/authelia: Allow using Unix sockets
2023-04-20 23:53:16 +02:00
datafoo
066166cf49
nixos/fail2ban: add extraSettings option
2023-04-20 16:57:24 +02:00
Artturi
b83db86a9e
Merge pull request #222080 from Stunkymonkey/nixos-optionalString
2023-04-20 16:07:30 +03:00
Flakebi
603e89eef9
kanidm: BindMount certificate paths
...
Bind mount the base dirs of the tls key and chain into the service.
Make sure to bind every directory just once. The test failed on ofborg
when /nix/store and the certificate path in /nix/store/<some path> were
bound.
2023-04-20 02:32:37 +02:00
datafoo
3403ee0602
nixos/fail2ban: add bantime option
2023-04-19 19:18:31 +02:00
Felix Buehler
327b0cff7a
treewide: use more lib.optionalString
2023-04-07 13:38:33 +02:00
06kellyjac
9b60eef4bd
authelia: move module under security and minor fixes
...
Fixed test access to lib
Added nixos test to passthru
2023-03-27 12:00:07 +01:00
Flakebi
12db8314d7
fail2ban: 0.11.2 -> 1.0.2
...
Update to 1.0.2: https://github.com/fail2ban/fail2ban/blob/1.0.2/ChangeLog#ver-102-20221109---finally-war-game-test-tape-not-a-nuclear-alarm
1.0.1 contained a few breaking changes, but I think they have little
impact.
I changed the module to use the systemd service shipping with fail2ban
(now added to the package).
2023-02-15 10:11:38 +01:00
Marin
785cd824a3
nixos/yubikey-agent: Add dependency to pcsd.service
...
Issue: after installing, running `yubikey-agent -setup` produces the
following error:
```
nixOS: Failed to connect to the YubiKey: connecting to pscs: the Smart
card resource manager is not running
```
More on this issue: https://github.com/FiloSottile/yubikey-agent/issues/137
2023-02-11 09:32:24 -05:00
pennae
bf4c0c1900
nixos/*: remove trailing period in mkEnableOptions
...
those are added by mkEnableOption, and .. is replaced to … by markdown
processing.
2023-02-08 15:23:34 +01:00
Maximilian Bosch
918c22bd5f
privacyidea: fix build
...
The previous changes for the 3.8 update are ready, but staging got
merged into master, so there are a few more challenges to tackle:
* Use python 3.10 now since it's actually supported and less effort to
build (3.9 isn't recursed into anymore).
* sphinx doesn't build with these overrides, so patch it out entirely
(i.e. drop `sphinxHook` where it's causing problems).
* backport a few jinja2 fixes for python 3.10 that were fixed in later
versions, but break because this env is stuck to 2.11.
2023-02-06 20:28:26 +01:00
Maximilian Bosch
f6c8d04d11
nixos/privacyidea: fix db uri
...
Fixes db migration on 3.8. See also https://github.com/privacyidea/privacyidea/issues/3447
2023-02-06 17:29:47 +01:00
Naïm Favier
3aa1337a71
nixos: remove stray spaces
2023-01-21 21:46:53 +01:00
Matthieu Coudron
cf10d7aef8
services.openssh: support freeform settings ( #193757 )
...
* services.openssh: support freeform settings
Keep "extraConfig" but introduces "settings".
Also renames several options
(mkRenamedOptionModule [ "services" "openssh" "kbdInteractiveAuthentication" ] [ "services" "openssh" "settings" "KbdInteractiveAuthentication" ])
(mkRenamedOptionModule [ "services" "openssh" "passwordAuthentication" ] [ "services" "openssh" "settings" "PasswordAuthentication" ])
(mkRenamedOptionModule [ "services" "openssh" "useDns" ] [ "services" "openssh" "settings" "UseDns" ])
(mkRenamedOptionModule [ "services" "openssh" "permitRootLogin" ] [ "services" "openssh" "settings" "PermitRootLogin" ])
* updated doc
* regen doc
2023-01-15 16:32:46 +01:00
Naïm Favier
88a7218236
nixos/fail2ban: support nftables with default configuration
2023-01-07 11:26:40 +01:00
Sandro
c8c8ac5cc6
Merge pull request #203449 from yaxitech/azure-quote-provider
2022-12-24 16:19:39 +01:00
figsoda
6bb0dbf91f
nixos: fix typos
2022-12-17 19:31:14 -05:00
Martin Weinelt
0497d5b99f
vaultwarden: Add update script to keep web vault in sync
...
- Adds an update script to fetch the compatible web vault version
- Removes `vaultwarden-vault` from top-level to prevent independent
updates through e.g. r-ryantm. Istead the vault is now accessible
at `vaultwarden.webvault`.
- The name webvault was chosen because it is the title of the projects
README and it makes it clearer, that this is the web UI.
2022-12-14 15:00:20 +01:00
Naïm Favier
0ff3b35356
nixos/doc: fix some options
2022-12-08 17:52:52 +01:00
Vincent Haupert
dbff3c22c1
nixos/aesmd: add option environment
2022-12-04 20:12:50 +01:00
Andreas Stührk
da0dc8339c
nixos/aesmd: add option to configure quote provider library
...
Changes sgx-psw to append `aesm` to `LD_LIBRARY_PATH`:
- Append instead of prepend to allow for overriding in service config
- As we already add a wrapper to add `aesm` to `LD_LIBRARY_PATH` it is
not necessary to also set in `LD_LIBRARY_PATH` of the systemd service.
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
2022-12-04 20:12:50 +01:00
Ryan Lahfa
39f399f6ff
Merge pull request #199395 from owm111/physlock-m
...
nixos/physlock: add muteKernelMessages option
2022-12-01 14:51:50 +01:00
Jonas Heinrich
3aff916914
nixos/opensnitch: Add option to configure rules
2022-11-28 14:19:16 -05:00
Flakebi
887020f39c
nixos/kanidm: Add tls options
...
Since 1.1.0-alpha.10 kanidm requires TLS to be set up or it won't start.
2022-11-26 21:42:35 +01:00
figsoda
d1dd00b618
nixos/vaultwarden: use lib.concatMapAttrs
2022-11-17 12:54:28 -05:00
Owen McGrath
ee090cd808
nixos/physlock: add muteKernelMessages options
...
Add an option for physlock's -m flag, which mutes kernel messages on the
console. This ensures that the password prompt is the only thing on the
screen and isn't lost in a flood of kernel messages.
2022-11-03 15:22:09 -05:00
Sandro
a01b2b807e
Merge pull request #197221 from azahi/endlessh-module
2022-11-01 23:44:25 +01:00
MidAutumnMoon
7415970a3e
nixos/endlessh-go: set proper SystemCallFilter
2022-10-24 22:21:02 +10:00
Azat Bahawi
76ccbea152
nixos/endlessh: init module
2022-10-22 16:07:52 +03:00
Artturin
7e49471316
treewide: optional -> optionals where the argument is a list
...
the argument to optional should not be list
2022-10-10 15:40:21 +03:00
Sandro
f5802f496d
Merge pull request #187026 from azahi/endlessh-go
2022-10-09 16:50:02 +02:00