Comparing changes
Open a pull request
base repository: NixOS/nixpkgs
base: e67dd25516a3^
head repository: NixOS/nixpkgs
compare: 7a6c7716a264
- 19 commits
- 14 files changed
- 10 contributors
Commits on Sep 18, 2019
-
-
-
-
-
Same as zfsUnstable for the moment. We still keep the zfsUnstable expression as we likely need it in the near future again. Also remove spl since it is no longer needed.
-
Ryan Trinkle committed
Sep 18, 2019 -
wireguard: add generatePrivateKeyFile option + test
Ideally, private keys never leave the host they're generated on - like SSH. Setting generatePrivateKeyFile to true causes the PK to be generate automatically.
-
-
wireguard service: allow empty interfaces
This is needed in case one wants to use wg-quick on NixOS.
-
As a oneshot service, if the startup failed it would never be attempted again. This is problematic when peer's addresses require DNS. DNS may not be reliably available at the time wireguard starts. Converting this to a simple service with Restart and RestartAfter directives allows the service to be reattempted, but at the cost of losing the oneshot semantics. Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
sjau authored and Ryan Trinkle committedSep 18, 2019 -
wireguard: add each peer in a separate service
Before, changing any peers caused the entire WireGuard interface to be torn down and rebuilt. By configuring each peer in a separate service we're able to only restart the affected peers. Adding each peer individually also means individual peer configurations can fail, but the overall interface and all other peers will still be added. A WireGuard peer's internal identifier is its public key. This means it is the only reliable identifier to use for the systemd service.
-
-
wireguard: Don't fail if modprobe fails
This can lead to unnecessary failures if the kernel module is already loaded: Jun 06 12:38:50 chef bglisn9bz0y5403vdw9hny0ij43r41jk-unit-script-wireguard-wg0-start[13261]: modprobe: FATAL: Module wireguard not found in directory /run/booted-system/kernel-modules/lib/modules/4.19.36
-
nixos/wireguard: add peer service to interface dependencies (#62828)
Previously each oneshot peer service only ran once and was not restarted together with the interface unit. Because of this, defined peers were missing after restarting their corresponding interface unit. Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
-
wireguard: allow routes to overlap with other routes
Previously, `ip route replace` was tripped-up by non-wireguard routes that overlap the wireguard routes. This commit fixes that by using `ip route add` separately and also adds a metric of 10000 to avoid competing with local interfaces for traffic
Ryan Trinkle committedSep 18, 2019 -
Ryan Trinkle committed
Sep 18, 2019 -
Ryan Trinkle committed
Sep 18, 2019 -
Try starting container network before postStart
Ryan Trinkle committedSep 18, 2019 -
git-subrepo: init at 0.4.0 (#67217)
* git-subrepo: init at 0.4.0 * Apply suggestions from code review Co-Authored-By: worldofpeace <worldofpeace@protonmail.ch>
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff e67dd25516a3^...7a6c7716a264