Due to undetermined hardening changes logging to syslog does not work
anymore, but we don't need it. We're running in a systemd unit so allow
logging to stdout instead.
KeepAlived: Support pkg override without overlaying
Co-authored-by: Antoine 'Toinux' Lesieur <toinux@nixos.local>
Co-authored-by: Arne Keller <arne.keller@posteo.de>
This patch fixes loading issues for pre shared keys for
peers without custom names. In this case the peer's public
key would be used in the name for the corresponding pre
shared key credential, causing a loading error.
The networking.wireguard base module already escapes some
base64 characters of the public key with escape sequences
starting with a backslash. This backslash is now replaced
with an underscore for use in the credential names.
This patch fixes an oversight in the initial implementation
of using systemd credentials in 6bc8dcc630
that would cause a warning to be logged about a missing credential
when presharedKeyFile wasn't set.
When obtaining the IP address from an interface iproute2 is missing:
"Unable to obtain information for 'bond-wan' -- missing ip or ifconfig command"
The prefix check to include iproute2 is incorrect for "usev4" and "usev6".
Currently the NixOS module checks for the "if" prefix. This prefix is
not valid with "usev4" and "usev6":
"Invalid Value for keyword 'usev4' = 'if'"
"ifv4" must be used with "usev4", and "ifv6" with "usev6".
I updated the nixos module to check for the correct prefix with "usev4"
and "usev6", and include iproute2 as necessary.
This fixes "frequency file /var/lib/ntp/ntp.drift.TEMP: Permission denied".
Creating a directory via StateDirectory makes that directory /var/lib/ntp owned by root:root.
However, when running ntpd we change to user ntp (see ntpFlags), so the process cannot
actually use that directory.
Actually creating a home directory for the user at that location solves that problem.
this should not result in any observable change by default, the
motivation is to make working on either one of these components in
isolation of the other a bit easier.
nm-file-secret agent is a small agent that can supply secrets of
connection profiles to NetworkManager by reading the contents of
preconfigured files.
These files could be supplied e.g. by nixos-sops or any other mechanism.
This patch fixes systemd credential loading for wireguard
with networkd not working when specifying more than one
credential per interface by properly flattening the resulting
multidimensional list instead of falling back on string concat
with a space.
Resolves#365402
Enabling networking.wireguard.useNetworkd currently requires users to
modify the permissions of their private key files. Since that is a bad
upgrade experience, the module should be disabled by default for now.
Once systemd credential support is added to the module, it should be
safe to once again enable it by default for networkd users.
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.
Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.
A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.
This commit was automatically created and can be verified using
nix-build a08b3a4d19.tar.gz \
--argstr baseRev b32a094368
result/bin/apply-formatting $NIXPKGS_PATH
