- run conf-check iff keyFiles == [] (like in 23.05; this was my bug)
- support extraConfig + keyFiles
- but warning will still be shown if extraConfig is used,
and it might be slightly confusing
When specifying the `builder` attribute in `stdenv.mkDerivation`, this
will be effectively transformed into
builtins.derivation {
builder = stdenv.shell;
args = [ "-e" builder ];
}
This also means that `default-builder.sh` is never sourced and as a
result it's not guaranteed that `$NIX_ATTRS_SH_FILE` is set to a correct
location[1].
Also, we need to source `.attrs.sh` to source `$stdenv`. So, the
following is done now:
* If `$NIX_ATTRS_SH_FILE` points to a correct location, then use it.
Directly using `.attrs.sh` is problematic for `nix-shell(1)` usage
(see previous commit for more context), so prefer the environment
variable if possible.
* Otherwise, if `.attrs.sh` exists, then use it. See [1] for when this
can happen.
* If neither applies, it can be assumed that `__structuredAttrs` is
turned off and thus nothing needs to be done.
[1] It's possible that it doesn't exist at all - in case of Nix 2.3 or
it can point to a wrong location on older Nix versions with a bug in
`__structuredAttrs`.
When using e.g. `{ addr = "[::]"; port = 22; }` at `listenAddresses`,
the check fails because of an escaping issue[1] with
last 1 log lines:
> Invalid test mode specification -f
For full logs, run 'nix log /nix/store/c6pbpw5hjkjgipmarwyic9zyqr1xaix5-check-sshd-config.drv'
Using `lib.escapeShellArg` appears to solve the problem.
[1] https://github.com/NixOS/nixpkgs/pull/256090#issuecomment-1738063528
Update wg-quick.nix such that a search for `WireGuard` in the `NixOS Options` section of search.nixos.org brings up the convenient `networking.wg-quick.interfaces.wg0.configFile` option.
This new option, networking.wireguard.interfaces.NAME.metric, allows
increasing the metric of the routes, effectively lowering priority.
(I'm using high metric to allow having the Wireguard interface always
up, even when the client machines are on their home network. Before I
had to stop the interface when home to avoid packet routing issues.)
It fails to build with
npm ERR! code 1
npm ERR! path /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium
npm ERR! command failed
npm ERR! command sh -c node install.js --preinstall
npm ERR! Static libsodium was not found at /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/deps/build/lib/libsodium so compiling libsodium from source.
npm ERR! automake is required, but wasn't found on this system
npm ERR! make: *** [Makefile:62: libsodium] Error 1
npm ERR! /nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/install.js:287
npm ERR! throw new Error(cmdLine + ' exited with code ' + code);
npm ERR! ^
npm ERR!
npm ERR! Error: make libsodium exited with code 2
npm ERR! at ChildProcess.<anonymous> (/nix/store/n7sdkr41nax0mn8drh3lxymqbmrradi4-tedicross-0.8.7/lib/node_modules/tedicross/node_modules/sodium/install.js:287:19)
npm ERR! at ChildProcess.emit (node:events:514:28)
npm ERR! at ChildProcess._handle.onexit (node:internal/child_process:291:12)
npm ERR!
npm ERR! Node.js v18.17.1
This commit introduces a `networking.networkmanager.fccUnlockScripts`
option, which allows specifying additional, usually vendor-provided
unlock scripts.
networking.networkmanager.enableBundledFccUnlockScripts is refactored to
make use of the same mechanism internally.
PR #155414 introduced an option to support enabling the FCC unlock
scripts that ModemManager provides, but since 1.18.4 doesn't execute
anymore.
However, this option is specifically only about the unlock scripts
provided with ModemManager so far. Rename the option to make this more
obvious.
When not setting `settings` and setting `openFirewall = true`
evaluation would fail because it tries to access `settings.bind_port`
while `settings == null`
With this commit, the validation of `sshd_config`
is performed with `sshd -G` instead of `sshd -t`.
The former does not require a valid host key.
Checking the host key was never useful for us:
We just generated a dummy host key to
make the validation mechanism happy.
With this change the dummy key is no longer needed.
This change not only saves some CPU cycles
(avoid the generation of an RSA key),
but it also permits to set `RequiredRSASize` to a value
larger than the current rsa key default size (3072).
