Raito Bezarius
69bb0f94de
nixos/nginx: first-class PROXY protocol support
...
PROXY protocol is a convenient way to carry information about the
originating address/port of a TCP connection across multiple layers of
proxies/NAT, etc.
Currently, it is possible to make use of it in NGINX's NixOS module, but
is painful when we want to enable it "globally".
Technically, this is achieved by reworking the defaultListen options and
the objective is to have a coherent way to specify default listeners in
the current API design.
See `mkDefaultListenVhost` and `defaultListen` for the details.
It adds a safeguard against running a NGINX with no HTTP listeners (e.g.
only PROXY listeners) while asking for ACME certificates over HTTP-01.
An interesting usecase of PROXY protocol is to enable seamless IPv4 to
IPv6 proxy with origin IPv4 address for IPv6-only NGINX servers, it is
demonstrated how to achieve this in the tests, using sniproxy.
Finally, the tests covers:
- NGINX `defaultListen` mechanisms are not broken by these changes;
- NGINX PROXY protocol listeners are working in a final usecase
(sniproxy);
- uses snakeoil TLS certs from ACME setup with wildcard certificates;
In the future, it is desirable to spoof-attack NGINX in this scenario to
ascertain that `set_real_ip_from` and all the layers are working as
intended and preventing any user from setting their origin IP address to
any arbitrary, opening up the NixOS module to bad™ vulnerabilities.
For now, it is quite hard to achieve while being minimalistic about the
tests dependencies.
2023-05-26 19:48:26 +02:00
Ryan Lahfa
435237d641
Merge pull request #233350 from GrahamDennis/grahamdennis/testing-networks
...
nixos/qemu-vm: add option for named network interfaces
2023-05-26 15:57:01 +02:00
Yaya
ae47862b93
nixos/doc: add release note for sftpgo
2023-05-25 22:46:15 +02:00
Will Fancher
fe43923a70
Merge pull request #229767 from mberndt123/mberndt123/stratis-rootfs
...
nixos/stratis: initrd support for stratis root volumes
2023-05-25 14:06:31 -04:00
Weijia Wang
67e3953505
foundationdb: default to foundationdb71
2023-05-25 01:08:10 +03:00
Weijia Wang
94dca479f4
Merge pull request #229321 from kira-bruneau/clonehero
...
clonehero: 0.23.2.2 -> 1.0.0.4080
2023-05-25 01:03:18 +03:00
Syboxez Blank
47a2d457b0
clonehero: 0.23.2.2 -> 1.0.0.4080
...
Co-authored-by: Kira Bruneau <kira.bruneau@pm.me>
2023-05-24 17:07:32 -04:00
Artturi
9cde82ecd2
Merge pull request #231996 from amjoseph-nixpkgs/pr/release-notes/powerpc64le-linux
2023-05-25 00:04:45 +03:00
Artturi
05bf5e1c91
Merge pull request #232001 from amjoseph-nixpkgs/pr/release-notes/powerpc-ieee-long-double
2023-05-25 00:03:40 +03:00
Graham Dennis
93502aa3b1
nixos/qemu-vm: add option for named network interfaces
...
Adds a new option to the virtualisation modules that enables specifying explicitly named network interfaces in QEMU VMs.
The existing `virtualisation.vlans` option is still supported for cases where the name of the network interface is irrelevant.
2023-05-24 08:54:20 +10:00
Bobby Rong
44b98d80ea
rl-2311: Add placeholder entries
...
This fixes manual-combined validation.
2023-05-23 12:59:58 +08:00
Raito Bezarius
2c28f1de7c
23.11 is Tapir
2023-05-22 21:16:04 +02:00
Martin Weinelt
f11d33afb7
nixos/frigate: init
2023-05-22 16:29:54 +02:00
Martin Weinelt
eae2018b54
nixos/go2rtc: init
2023-05-22 03:48:47 +02:00
Ryan Lahfa
270dcda1e8
Merge pull request #231062 from bobvanderlinden/espanso-update-2.1.8
...
espanso: 0.7.3 -> 2.1.8
2023-05-21 21:44:41 +02:00
Bob van der Linden
5762a20a25
espanso: 0.7.3 -> 2.1.8
2023-05-21 19:10:34 +02:00
Sandro
a74a4a2f32
Merge pull request #232534 from teutat3s/zhf/fix-prometheus-exporter-jitsi
...
jitsi-videobridge: refactor broken `apis` option to `colibriRestApi`
2023-05-21 18:43:59 +02:00
teutat3s
cb81bd9340
jitsi-videobridge: refactor broken apis option to
...
colibriRestApi
Refactor option to use jvb.conf and convert to boolean. Using the CLI
argument broke a while ago and is deprecated by upstream since 2021:
https://github.com/jitsi/jitsi-videobridge/pull/1738/files#diff-d9f589d2aae1673693461d7c3b9214324201ca1f43db63a3c773d4acfc52bc81
This fixes the currently broken test:
nixosTests.prometheus-exporters.jitsi
2023-05-21 15:31:14 +02:00
jarkad
2fa279fbf3
gajim: 1.6.1 -> 1.7.3
2023-05-20 22:34:46 +03:00
José Romildo Malaquias
85fb079d0f
Merge pull request #226270 from Flakebi/albert
...
albert: 0.17.6 -> 0.20.13
2023-05-20 09:16:13 -03:00
figsoda
701bcdbead
nixos: fix typos
2023-05-19 22:31:04 -04:00
Alyssa Ross
43465c94d4
nixos/mailman: randomly generate REST API token
2023-05-19 12:03:41 +02:00
Matthias Berndt
cb410a8c59
Merge remote-tracking branch 'upstream/master' into mberndt123/stratis-rootfs
2023-05-17 21:47:19 -04:00
Doron Behar
84d5e9b123
release-notes: Mention services.syncthing changes due to RFC 42
...
Fixup to #226088 and #232439 .
2023-05-17 22:25:49 +03:00
Matthias Berndt
92814241a8
improve stratis initrd support
...
it is now possible to supply a stratis pool uuid
for every filesystem, and if that filesystem
is required for boot, the relevant pool will be
started in the initramfs.
2023-05-16 22:48:36 -04:00
Sandro
efb55108b3
Merge pull request #231435 from drupol/openvscode-server/systemd-service
2023-05-16 14:14:29 +02:00
Pol Dellaiera
1d37fe1526
nixos/openvscode-server: init
2023-05-15 21:48:08 +02:00
Jonas Heinrich
8a4f016281
nixos/maddy: tls.loader add acme support, add secrets option
2023-05-15 15:00:16 -04:00
K900
d5c292af6b
Merge pull request #197524 from f2k1de/graylog4
...
graylog: init at 4.0.8, 4.3.9, 5.0.2
2023-05-15 19:42:04 +03:00
Sandro
872c89e5a7
Merge pull request #221750 from rhendric/rhendric/nixos/snapper
2023-05-15 17:24:25 +02:00
figsoda
783ebc7682
Merge pull request #231707 from figsoda/trip
2023-05-15 09:13:59 -04:00
Ryan Lahfa
8c4a3f67b5
Merge pull request #228956 from tensor5/pam-zfs-key
...
nixos/pam: enable unlocking ZFS home dataset
2023-05-15 11:42:30 +02:00
Adam Joseph
c87e1115d7
release-notes: mention that powerpc64 now uses IEEE-standard floats
2023-05-15 01:05:04 -07:00
Ryan Lahfa
fa06a3b646
Merge pull request #230888 from Misterio77/nextcloud-createlocally-optin
...
nixos/nextcloud: default createLocally to false
2023-05-15 09:28:15 +02:00
Nicola Squartini
5466f76755
nixos/pam: improve documentation of ZFS module
2023-05-15 09:22:39 +02:00
Adam Joseph
2983698c4b
release-notes: note ability to build powerpc64le-linux NixOS ISOs
...
This commit adds a mention to the release notes of the fact that
NixOS 23.05 can build installer ISOs for a new platform.
2023-05-15 00:21:41 -07:00
Nicola Squartini
09f4bf7f16
nixos/pam: enable unlocking ZFS home dataset
2023-05-15 09:20:40 +02:00
Ryan Lahfa
feb7fcde4b
Merge pull request #231481 from nikstur/rshim-user-space
...
rshim for Nvidia BlueField
2023-05-15 09:03:50 +02:00
Ryan Lahfa
e3bd7faa18
Merge pull request #226830 from Janik-Haag/birdwatcher
...
birdwatcher: init at 2.2.4, alice-lg: init at 6.0.0, nixos/birdwatcher: init, nixos/alice-lg: init
2023-05-15 08:42:10 +02:00
Janik H
40136a1f7f
nixos/birdwatcher: init
2023-05-15 02:52:06 +02:00
Janik H
8ed86700a2
nixos/alice-lg: init
2023-05-15 02:52:06 +02:00
nikstur
5435eaaa4d
nixos/rshim: init
2023-05-15 01:24:48 +02:00
Ryan Lahfa
285330f081
Merge pull request #230153 from mklca/swap-encrypt-enhancement
...
nixos/config/swap: improve randomEncrytion
2023-05-14 19:01:56 +02:00
Gabriel Fontes
f9f76529cd
nixos/nextcloud: default createLocally to false
2023-05-14 12:09:50 -03:00
Ryan Lahfa
8ef486b60e
Merge pull request #207194 from RaitoBezarius/pixelfed-module
...
pixelfed: init at 0.11.5, module, tests
2023-05-14 17:09:19 +02:00
figsoda
3aa6580f46
nixos/trippy: init
2023-05-14 10:05:29 -04:00
github-actions[bot]
2f665c348c
Merge master into staging-next
2023-05-13 00:02:05 +00:00
Harshil Jani
aa0b851e83
manual: fix matrix room link ( #231523 )
...
Co-authored-by: figsoda <figsoda@pm.me>
2023-05-12 18:55:19 -04:00
Isa
efbcbc5611
graylog: init at 4.0.8, 4.3.8, 5.0.6
2023-05-12 20:16:05 +02:00
github-actions[bot]
206417b7a2
Merge master into staging-next
2023-05-12 18:01:18 +00:00