Branch: refs/heads/release-17.03
Home: https://github.com/NixOS/nixpkgs
Commit: 9b767f19c690337407bbd1fc4a03b8533c918c0d
https://github.com/NixOS/nixpkgs/commit/9b767f19c690337407bbd1fc4a03b8533c918c0d
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: refactoring
Use mkMerge to make the code a little more ergonomic and easier
to follow (to my eyes, anyway ...). Also take the opportunity
to do some minor cleanups & tweaks, but no functional changes.
(cherry picked from commit adf044e1fbb723e65942da887486a873c022e3ac)
Commit: 4c1bdf24d31c641891203b00853452f7c22d851e
https://github.com/NixOS/nixpkgs/commit/4c1bdf24d31c641891203b00853452f7c22d851e
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: support updating before nss is up
Resolve download.dnscrypt.org using hostip with a bootstrap
resolver (hard-coded to Google Public DNS for now), to ensure
that we can get an up-to-date resolver list without working name
service lookups. This makes us more robust to the upstream
resolver list getting out of date and other DNS configuration
problems.
We use the curl --resolver switch to allow https cert validation
(we'd need to do --insecure if using just the ip addr). Note
that we don't rely on https for security but it's nice to have
it ...
(cherry picked from commit e72aaa73eacb15b82270fe702517be97d1beba37)
Commit: c3cff5f762f43a76a71fb9688d9e398a2f0935f7
https://github.com/NixOS/nixpkgs/commit/c3cff5f762f43a76a71fb9688d9e398a2f0935f7
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: more fs isolation for the updater
It'd be better to do the update as an unprivileged user; for
now, we do our best to minimize the surface available. We
filter mount syscalls to prevent the process from undoing the fs
isolation.
(cherry picked from commit 5f27abec233604ebe543e4fc833f282a7c835b3f)
Commit: b40b58febf44a19e5a47419cdd5b45e7bf13b715
https://github.com/NixOS/nixpkgs/commit/b40b58febf44a19e5a47419cdd5b45e7bf13b715
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: indicate update status
Make it easier for the user to tell when the list is updated
and, at their option, see what changed.
(cherry picked from commit 06520c7fb785b872e17112bf8be0b6ae1d7d0ec0)
Commit: 8c6b6b706434b6f43285a177c9815feff3572264
https://github.com/NixOS/nixpkgs/commit/8c6b6b706434b6f43285a177c9815feff3572264
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: use example.com in example values
It is the canonical example domain after all.
(cherry picked from commit c6da2c7c2bec396fe5557d08d595a2f75fea98fc)
Commit: 482a7a667b88427fbafbd440bcc1ec853a1702c4
https://github.com/NixOS/nixpkgs/commit/482a7a667b88427fbafbd440bcc1ec853a1702c4
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: inline top-level binding (cleanup)
(cherry picked from commit 563c8e14965e15833c465330dfba1d94854285cf)
Commit: 7f60074823697016f8d1d96ba42615f3d1759177
https://github.com/NixOS/nixpkgs/commit/7f60074823697016f8d1d96ba42615f3d1759177
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/rename.nix
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: inline option renamings
In an effort to make the module more self-contained.
(cherry picked from commit c0a8a9205b590828c2a174f751c80908e632f734)
Commit: 77916a4a9453b0c2acc80461d8c4ed63c8b17b98
https://github.com/NixOS/nixpkgs/commit/77916a4a9453b0c2acc80461d8c4ed63c8b17b98
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: support reload
(cherry picked from commit 83052ef9db71b5f70e65b25e255d61da3eaaa0ac)
Commit: 046ae1f6f2c70cd51eddb05b6b4e103bce6a0062
https://github.com/NixOS/nixpkgs/commit/046ae1f6f2c70cd51eddb05b6b4e103bce6a0062
Author: Joachim Fasting <joach...@fastmail.fm>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/services/networking/dnscrypt-proxy.nix
Log Message:
-----------
nixos/dnscrypt-proxy: simplify module logic related to apparmor
(cherry picked from commit 9325c3a61646fb1da6ff7377da23c119523d038a)
Commit: 20228826775e9310d129f0014eebacd0c47545e9
https://github.com/NixOS/nixpkgs/commit/20228826775e9310d129f0014eebacd0c47545e9
Author: Jan Malakhovski <o...@oxij.org>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/services/security/tor.nix
Log Message:
-----------
nixos: tor: add enableGeoIP
(cherry picked from commit 6d25f77a643762d718c49ab3fc86e0262d2d38fd)
Commit: 6a0155d2b7cb10aef1c63b654a2b172d78fd89b4
https://github.com/NixOS/nixpkgs/commit/6a0155d2b7cb10aef1c63b654a2b172d78fd89b4
Author: Jan Malakhovski <o...@oxij.org>
Date: 2017-03-19 (Sun, 19 Mar 2017)
Changed paths:
M nixos/modules/services/security/torify.nix
Log Message:
-----------
nixos: torify: disable by default, add some documentation as of why
This `tsocks` wrapper leaks DNS requests to clearnet, meanwhile Tor comes with
`torsocks` which doesn't.
Previous commits to this file state that all of this still useful somehow.
Assuming that it's true, at least let's not confuse users with two different
tools
and don't clash with the `tsocks` binary from nixpkgs by disabling this by
default.
(cherry picked from commit a04782581a96d5ee8b4001701432599959ac2dc2)
Compare: https://github.com/NixOS/nixpkgs/compare/bcea7502ed6f...6a0155d2b7cb_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits
