| Age | Commit message (Collapse) | Author |
|---|
|
|
|
As per its [Install] section upstream
|
|
|
|
these changes were generated with nixq 0.0.2, by running
nixq ">> lib.mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> mdDoc[remove] Argument[keep]" --batchmode nixos/**.nix
nixq ">> Inherit >> mdDoc[remove]" --batchmode nixos/**.nix
two mentions of the mdDoc function remain in nixos/, both of which
are inside of comments.
Since lib.mdDoc is already defined as just id, this commit is a no-op as
far as Nix (and the built manual) is concerned.
|
|
|
|
The previous code did not apply any changes to the upstream defaults on being presented with an empty list.
This changes the code to use the above behaviour on a `null` value while an empty list is passed through as normal which yields a systemd configuration line with empty value which resets it to an empty value.
Signed-off-by: benaryorg <binary@benary.org>
|
|
Historically, we allowed downgrade of DNSSEC, but some folks argue
this may decrease actually the security posture to do opportunistic DNSSEC.
In addition, the current implementation of (opportunistic) DNSSEC validation
is broken against "in the wild" servers which are usually slightly non-compliant.
systemd upstream recommended to me (in personal communication surrounding
the All Systems Go 2023 conference) to disable DNSSEC validation until
they work on it in a significant capacity, ideally, by next year.
|
|
This query yielded no results on search.nixos.org.
I don't think I can make all options magically appear, but you can
the other options by reading the text.
|
|
|
|
Expose the package that provides the system-wide `resolvconf` command
(either openresolv or systemd) to allow implementation-agnostic modules.
|
|
|
|
- The order of NSS (host) modules has been brought in line with upstream
recommendations:
- The `myhostname` module is placed before the `resolve` (optional) and `dns`
entries, but after `file` (to allow overriding via `/etc/hosts` /
`networking.extraHosts`, and prevent ISPs with catchall-DNS resolvers from
hijacking `.localhost` domains)
- The `mymachines` module, which provides hostname resolution for local
containers (registered with `systemd-machined`) is placed to the front, to
make sure its mappings are preferred over other resolvers.
- If systemd-networkd is enabled, the `resolve` module is placed before
`files` and `myhostname`, as it provides the same logic internally, with
caching.
- The `mdns(_minimal)` module has been updated to the new priorities.
If you use your own NSS host modules, make sure to update your priorities
according to these rules:
- NSS modules which should be queried before `resolved` DNS resolution should
use mkBefore.
- NSS modules which should be queried after `resolved`, `files` and
`myhostname`, but before `dns` should use the default priority
- NSS modules which should come after `dns` should use mkAfter.
|
|
This patch is no longer necessary with systemd v247.3.
This reverts commit c674a51382ce556f98c76f270275ecece3a4936a.
|
|
systemd started using dlopen() for some of their "optional"
dependencies.
Apparently, `libidn2` isn't so optional, and systemd-resolved doesn't
work without libidn2 present, breaking DNS resolution.
Fixes https://github.com/NixOS/nixpkgs/issues/107537
Upstream bug: https://github.com/systemd/systemd/issues/18078
|
|
|
|
This will make dbus socket activation for it work
When `systemd-resolved` is restarted; this would lead to unavailability
of DNS lookups. You're supposed to use DBUS socket activation to buffer
resolved requests; such that restarts happen without downtime
|
|
This reverts commit 7fe539f79900efb6b8b6265ade11fdab460ca1da.
|
|
This will make dbus socket activation for it work
When `systemd-resolved` is restarted; this would lead to unavailability
of DNS lookups. You're supposed to use DBUS socket activation to buffer
resolved requests; such that restarts happen without downtime
|
|
We keep the "only add the nss module if nscd is enabled" logic for now.
The assertion never was triggered, so it can be removed.
|
|
|
|
This is a refactor of how resolvconf is managed on NixOS. We split it
into a separate service which is enabled internally depending on whether
we want /etc/resolv.conf to be managed by it. Various services now take
advantage of those configuration options.
We also now use systemd instead of activation scripts to update
resolv.conf.
NetworkManager now uses the right option for rc-manager DNS
automatically, so the configuration option shouldn't be exposed.
|
|
E.g. these were using "<para>" at the *end* of a description. The real
WTF is that this is possible at all...
|
|
|
|
Rather than special-casing the dns options in networkmanager.nix, use
the module system to let unbound and systemd-resolved contribute to
the newtorkmanager config.
|
|
Co-Authored-By: Florian Klink <flokli@flokli.de>
Co-Authored-By: Andreas Rammhold <andreas@rammhold.de>
|
|
Also change LLMNR RFC to the correct id 4795.
|
|
Includes adding some more upstream units and removing obsolete (-.slice) ones.
|
|
|
|
This shuts up this error from dbus:
May 11 13:52:16 machine dbus-daemon[259]: Unknown username "systemd-network" in message bus configuration file
May 11 13:52:16 machine dbus-daemon[259]: Unknown username "systemd-resolve" in message bus configuration file
which happens because the D-Bus config for networkd/resolved is
enabled unconditionally, and we don't have an easy way to turn it off.
(cherry picked from commit f19b58fb6a5cc55af6d8d8ca7979f8e64255d2d0)
|
|
Otherwise, the enabled -> disabled transition won't be handled
correctly (switch-to-configuration currently assumes that if a unit is
running and exists, it should be restarted).
|
|
The systemd module was getting rather bloated.
|
