movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-05 07:12:34 +03:00
Code Activity

Merge master into staging-next

Browse source
This commit is contained in:
github-actions[bot] 2023-01-09 12:01:24 +00:00 committed by GitHub
commit e4fc9a910a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
63 changed files with 467 additions and 275 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/services/backup/restic.nix
View file

@ -132,7 +132,7 @@ in
OnCalendar = "daily";
};
description = lib.mdDoc ''
When to run the backup. See man systemd.timer for details.
When to run the backup. See {manpage}`systemd.timer(5)` for details.
'';
example = {
OnCalendar = "00:05";

6
nixos/modules/services/networking/kresd.nix
View file

@ -79,7 +79,7 @@ in {
example = [ "53" ];
description = lib.mdDoc ''
What addresses and ports the server should listen on.
For detailed syntax see ListenStream in man systemd.socket.
For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`.
'';
};
listenTLS = mkOption {
@ -88,7 +88,7 @@ in {
example = [ "198.51.100.1:853" "[2001:db8::1]:853" "853" ];
description = lib.mdDoc ''
Addresses and ports on which kresd should provide DNS over TLS (see RFC 7858).
For detailed syntax see ListenStream in man systemd.socket.
For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`.
'';
};
listenDoH = mkOption {
@ -97,7 +97,7 @@ in {
example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ];
description = lib.mdDoc ''
Addresses and ports on which kresd should provide DNS over HTTPS/2 (see RFC 8484).
For detailed syntax see ListenStream in man systemd.socket.
For detailed syntax see ListenStream in {manpage}`systemd.socket(5)`.
'';
};
instances = mkOption {

19
nixos/modules/services/security/fail2ban.nix
View file

@ -62,11 +62,10 @@ in
};
packageFirewall = mkOption {
default = pkgs.iptables;
defaultText = literalExpression "pkgs.iptables";
default = config.networking.firewall.package;
defaultText = literalExpression "config.networking.firewall.package";
type = types.package;
example = literalExpression "pkgs.nftables";
description = lib.mdDoc "The firewall package used by fail2ban service.";
description = lib.mdDoc "The firewall package used by fail2ban service. Defaults to the package for your firewall (iptables or nftables).";
};
extraPackages = mkOption {
@ -86,24 +85,24 @@ in
};
banaction = mkOption {
default = "iptables-multiport";
default = if config.networking.nftables.enable then "nftables-multiport" else "iptables-multiport";
defaultText = literalExpression '' if config.networking.nftables.enable then "nftables-multiport" else "iptables-multiport" '';
type = types.str;
example = "nftables-multiport";
description = lib.mdDoc ''
Default banning action (e.g. iptables, iptables-new, iptables-multiport,
iptables-ipset-proto6-allports, shorewall, etc) It is used to
iptables-ipset-proto6-allports, shorewall, etc). It is used to
define action_* variables. Can be overridden globally or per
section within jail.local file
'';
};
banaction-allports = mkOption {
default = "iptables-allport";
default = if config.networking.nftables.enable then "nftables-allport" else "iptables-allport";
defaultText = literalExpression '' if config.networking.nftables.enable then "nftables-allport" else "iptables-allport" '';
type = types.str;
example = "nftables-allport";
description = lib.mdDoc ''
Default banning action (e.g. iptables, iptables-new, iptables-multiport,
shorewall, etc) It is used to define action_* variables. Can be overridden
shorewall, etc) for "allports" jails. It is used to define action_* variables. Can be overridden
globally or per section within jail.local file
'';
};

2
nixos/modules/system/boot/systemd/user.nix
View file

@ -46,7 +46,7 @@ in {
type = types.lines;
example = "DefaultCPUAccounting=yes";
description = lib.mdDoc ''
Extra config options for systemd user instances. See man systemd-user.conf for
Extra config options for systemd user instances. See {manpage}`systemd-user.conf(5)` for
available options.
'';
};

23
nixos/modules/system/etc/setup-etc.pl
View file

@ -13,8 +13,12 @@ sub atomicSymlink {
my $tmp = "$target.tmp";
unlink $tmp;
symlink $source, $tmp or return 0;
rename $tmp, $target or return 0;
return 1;
if (rename $tmp, $target) {
return 1;
} else {
unlink $tmp;
return 0;
}
}
@ -87,6 +91,12 @@ my @copied;
sub link {
my $fn = substr $File::Find::name, length($etc) + 1 or next;
# nixos-enter sets up /etc/resolv.conf as a bind mount, so skip it.
if ($fn eq "resolv.conf" and $ENV{'IN_NIXOS_ENTER'}) {
return;
}
my $target = "/etc/$fn";
File::Path::make_path(dirname $target);
$created{$fn} = 1;
@ -103,7 +113,7 @@ sub link {
if (-e "$_.mode") {
my $mode = read_file("$_.mode"); chomp $mode;
if ($mode eq "direct-symlink") {
atomicSymlink readlink("$static/$fn"), $target or warn;
atomicSymlink readlink("$static/$fn"), $target or warn "could not create symlink $target";
} else {
my $uid = read_file("$_.uid"); chomp $uid;
my $gid = read_file("$_.gid"); chomp $gid;
@ -112,12 +122,15 @@ sub link {
$gid = getgrnam $gid unless $gid =~ /^\+/;
chown int($uid), int($gid), "$target.tmp" or warn;
chmod oct($mode), "$target.tmp" or warn;
rename "$target.tmp", $target or warn;
unless (rename "$target.tmp", $target) {
warn "could not create target $target";
unlink "$target.tmp";
}
}
push @copied, $fn;
print CLEAN "$fn\n";
} elsif (-l "$_") {
atomicSymlink "$static/$fn", $target or warn;
atomicSymlink "$static/$fn", $target or warn "could not create symlink $target";
}
}