| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
The `--no-build-output` flag that is added by default is only valid
for the old cli, which is not used when flakes are used.
Follow-up to c9daa81eff922d9f77d136cfcff0ea05d40024e0.
|
| |
|
| |
|
|\
| |
| | |
nixos/nfs: add idmapd.settings option
|
| |
| |
| |
| | |
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
|
|\ \
| | |
| | | |
nixos/lvm2-activation-generator: fix warnings on activation
|
| | | |
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We currently build CONFIG_IPV6=m.
This seems to be not really well-supported in mainline kernels - see
https://lore.kernel.org/netdev/20201115224509.2020651-1-flokli@flokli.de/T/#u
Compiling it as a module doesn't give too much benefit - even for people
who did explicitly set `enableIPv6` to false, the `ipv6` module was
still loaded, as soon as another module was loaded that requires it
(bridge,br_netfilter,wireguard,ip6table_mangle,sctp,…).
By compiling it in, we only loose the possibility to not add it to
`boot.kernelModules` anymore (as it's part of the kernel directly). The
space savings are negligible.
People wanting to disable IPv6 still get the appropriate sysctls and
options set (while having the kernel code loaded), nothing is really
changing here.
|
| |
| |
| |
| | |
Also add 21.03 release note
|
|/ |
|
|
|
|
|
|
|
|
|
| |
Since #76542 this workaround is required to use a FQDN as hostname. See
#94011 and #94022 for the related discussion. Due to some
potential/unresolved issues (legacy software, backward compatibility,
etc.) we're documenting this workaround [0].
[0]: https://github.com/NixOS/nixpkgs/issues/94011#issuecomment-705952300
|
|
|
|
|
|
|
|
|
|
| |
The special-use domain "home.arpa." is designated for non-unique use in
residential home networks [0] and registered as such [1]. Therefore it
is more appropriate than "home." which could cause conflicts or result
in queries that leak out and reach the root name servers.
[0]: https://tools.ietf.org/html/rfc8375
[1]: https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit fb6d63f3fdd95a5468d43a0693c8ca7c1894363f.
I really hope this finally fixes #99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011
Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
|
|
|
|
|
|
|
|
|
| |
Conform to RFC 1123 [0], specifically to "2.1 Host Names and Numbers",
which allow starting host name with alphanumerical instead of alphabetical characters.
RFC 1123 updates RFC 952 [1], which is referenced in "man 5 hosts".
[0]: https://tools.ietf.org/html/rfc1123
[1]: https://tools.ietf.org/html/rfc952
|
| |
|
|\
| |
| | |
treewide: completely remove types.loaOf
|
| | |
|
|/
|
|
|
|
|
|
|
|
| |
rfkill was subsumed by util-linux in 2017 [1], and the upstream has not
been updated in over 5 years [2]. This package shadows the rfkill from
util-linux, so it can be completely removed with no breaking changes,
because util-linux is in the base package set in nixos/system-path.
[1] https://github.com/karelzak/util-linux/commit/d17fb726b562a69e8f174d46fa6cf794abc129cd
[2] https://git.sipsolutions.net/rfkill.git/log/
|
|\
| |
| | |
ZFS: Request credentials only for selected pools
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change introduces more fine-grained requestEncryptionCredentials.
While previously when requestEncryptionCredentials = true, the
credentials for all imported pools and all datasets in these imported
pools were requested, it is now possible to select exactly the pools and
datasets for which credentials should be requested.
It is still possible to set requestEncryptionCredentials = true, which
continues to act as a wildcard for all pools and datasets, so the change
is backwards compatible.
|
| |
| |
| | |
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
|
| |
| |
| |
| |
| | |
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
|
|\ \
| | |
| | | |
nixos/autoUpgrade: add flake support
|
| | | |
|
| | |
| | |
| | | |
in LXC container /dev/net/tun is pre-available, "dev-net-tun.device" always fails
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Give a more accurate description of how fileSystems.<name/>.neededForBoot
works
- Give a more detailed description of how fileSystems.<name/>.encrypted.keyFile
works
|
| | | |
|
| |/
|/|
| |
| |
| | |
Introduce a pkgs.lvm2_dmeventd that contains dmeventd support, and
enable if services.lvm.dmeventd.enable is true.
|
|\ \
| | |
| | |
| | |
| | | |
ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Update description for requestEncryptionCredentials
|
| | | |
|
|\| |
| | |
| | |
| | |
| | | |
ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
|
| | |
| | |
| | | |
Co-authored-by: Graham Christensen <graham@grahamc.com>
|
| | |
| | |
| | |
| | |
| | | |
Just in case something reads stdin, so that `while read ds kl` doesn't
miss anything
|
| | | |
|
|\ \ \
| |/ /
|/| | |
nixos/btrfs autoScrub: don't fail when scrub finishes successfully
|
| | | |
|
|\ \ \
| |_|/
|/| | |
nixos/networking: check interface state files exist before acting on them
|
| | |
| | |
| | |
| | | |
Fix #89158
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes a regression from 993baa587c4 which requires
networking.hostName to be a valid DNS label [0].
Unfortunately we missed the fact that the hostnames may also be empty,
if the user wants to obtain it from a DHCP server. This is even required
by a few modules/images (e.g. Amazon EC2, Azure, and Google Compute).
[0]: https://github.com/NixOS/nixpkgs/pull/76542#issuecomment-638138666
|
|\ \ \
| |/ /
|/| | |
tasks/network-interfaces.nix: Enable ip_forwarding for ipv4 and p…
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `networking.interfaces.<name?>.proxyARP` option previously mentioned it would also enable IPv6 forwarding and `proxy_ndp`.
However, the `proxy_ndp` option was never actually set (the non-existing `net.ipv6.conf.proxy_arp` sysctl was set
instead). In addition `proxy_ndp` also needs individual entries for each ip to proxy for.
Proxy ARP and Proxy NDP are two different concepts, and enabling the latter
should be a conscious decision.
This commit removes the broken NDP support, and disables explicitly
enabling IPv6 forwarding (which is the default in most cases anyways)
Fixes #62339.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This also means that the hostname must not contain the domain name part
anymore (i.e. must not be a FQDN).
See RFC 1035 [0], "man 5 hostname", or the kernel documentation [1].
Note: For legacy reasons we also allow underscores inside of the label
but this is not recommended and intentionally left undocumented.
[0]: https://tools.ietf.org/html/rfc1035
[1]: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#domainname-hostname
Co-authored-by: zimbatm <zimbatm@zimbatm.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `network-link-${i.name}` units raced with other things trying to
configure the interface, or ran before the interface was available.
Instead of running our own set of shell scripts on boot, and hoping
they're executed at the right time, we can make use of udev to configure
the interface *while they appear*, by providing `.link` files in
/etc/systemd/network/*.link to set MACAddress and MTUBytes.
This doesn't require networkd to be enabled, and is populated properly
on non-networkd systems since
https://github.com/NixOS/nixpkgs/pull/82941.
This continues clean-up work done in
https://github.com/NixOS/nixpkgs/pull/85170 for the scripted networking
stack.
The only leftover part of the `network-link-${i.name}` unit (bringing
the interface up) is moved to the beginning of the
`network-addresses-${i.name}` unit.
Fixes: https://github.com/NixOS/nixpkgs/issues/74471
Closes: https://github.com/NixOS/nixpkgs/pull/87116
|
| | |
| | |
| | |
| | | |
running systemd
|
|/ /
| |
| |
| | |
Fix #87823
|
| |
| |
| |
| |
| | |
The unit sets MTU and MAC Address even with networkd enabled, which
isn't necessary anymore, as networkd handles this by itself.
|
| |
| |
| |
| |
| | |
Setting a MAC Address on a tun interface isn't supported, and invoking
the corresponding command fails.
|
| |
| |
| |
| | |
This needs to be set in the .linkConfig of a .network
|
| | |
|
|\ \
| | |
| | | |
nixos/zfs: populate PATH with needed programs for zed
|