Aaron Andersen
0a20166ca1
nixos/zabbixWeb: include DOUBLE_IEEE754 directive
2020-12-18 13:15:55 -05:00
Linus Heckemann
b1fc183639
Merge pull request #97145 from lheckemann/initrd-improvements
...
Initrd improvements
2020-12-18 18:15:27 +01:00
Silvan Mosberger
9e6737710c
Revert "Module-builtin assertions, disabling assertions and submodule assertions"
2020-12-18 16:44:37 +01:00
Silvan Mosberger
7698aa9776
Merge pull request #97023 from Infinisil/module-assertions
...
Module-builtin assertions, disabling assertions and submodule assertions
2020-12-18 14:17:52 +01:00
Lucas Savva
e3120397a5
nixos/acme: Remove dependency on system version for hash
...
This means that all systems running from master will trigger
new certificate creation on next rebuild. Race conditions around
multiple account creation are fixed in #106857 , not this commit.
2020-12-18 12:57:35 +00:00
github-actions[bot]
a4876421e8
Merge master into staging-next
2020-12-18 12:22:44 +00:00
Eelco Dolstra
a8c49a97a6
nix: 2.3.9 -> 2.3.10
2020-12-18 12:33:49 +01:00
Michele Guerini Rocco
d7b52849f8
Merge pull request #97362 from martinetd/wakeonlan
...
wakeonlan service: use powerUpCommands
2020-12-18 08:39:02 +01:00
Linus Heckemann
834cc5d5fa
nixos/initrd: docbookise "compressor" description
2020-12-17 23:01:08 +01:00
Silvan Mosberger
767d80099c
lib/modules: Introduce _module.checks.*.check
...
Previously the .enable option was used to encode the condition as well,
which lead to some oddness:
- In order to encode an assertion, one had to invert it
- To disable a check, one had to mkForce it
By introducing a separate .check option this is solved because:
- It can be used to encode assertions
- Disabling is done separately with .enable option, whose default can be
overridden without a mkForce
2020-12-17 21:52:24 +01:00
rnhmjoj
9728907cd3
console: remove console.extraTTYs option
...
This closes issue #88085
2020-12-17 21:29:33 +01:00
github-actions[bot]
8c3e8bd4b9
Merge master into staging-next
2020-12-17 18:17:15 +00:00
Izorkin
299f93dfdc
nixos/samba-wsdd: fix starting
2020-12-17 20:52:30 +03:00
Andreas Rammhold
fa0d499dbf
Merge pull request #106995 from andir/ml2pr/PATCH-nixos-users-groups-createHome-Ensure-HOME-permissions-fix-description
...
nixos/users-groups: createHome: Ensure HOME permissions, fix description
2020-12-17 17:23:46 +01:00
Dominik Xaver Hörl
d4ef25db5d
nixos/initrd: add compressorArgs, make compressor option public
2020-12-17 11:38:10 +01:00
Florian Klink
d349582c07
nixos/network-interfaces-systemd: fix IPv6 privacy extensions
...
networkd seems to be buggy with IPv6PrivacyExtensions=kernel being set,
and the addresses don't appear anymore. In fact, the corresponding
sysctl seems to be set to -1 again.
Fixes https://github.com/NixOS/nixpkgs/issues/106858 .
Upstream Issue: https://github.com/systemd/systemd/issues/18003
2020-12-17 07:29:25 +01:00
github-actions[bot]
c40424f79b
Merge staging-next into staging
2020-12-17 00:42:56 +00:00
Doron Behar
749c9f1f19
Merge pull request #92582 from truh/plantuml-server-squash
2020-12-16 22:02:57 +02:00
Markus Kowalewski
5df0cf7461
nixos/slurm: fix dbdserver config file handling
...
Since slurm-20.11.0.1 the dbd server requires slurmdbd.conf to be
in mode 600 to protect the database password. This change creates
slurmdbd.conf on-the-fly at service startup and thus avoids that
the database password ends up in the nix store.
2020-12-16 20:34:14 +01:00
José Romildo Malaquias
c5f07370f7
nixos/sddm: lxqt moved to libsForQt515
2020-12-16 10:43:21 -03:00
github-actions[bot]
c9bbcb2fc1
Merge staging-next into staging
2020-12-16 12:21:20 +00:00
Alyssa Ross
e17d4b05a1
nixos/tor: don't do privoxy stuff by default
...
It's very surprising that services.tor.client.enable would set
services.privoxy.enable. This violates the principle of least
astonishment, because it's Privoxy that can integrate with Tor, rather
than the other way around.
So this patch moves the Privoxy Tor integration to the Privoxy module,
and it also disables it by default. This change is documented in the
release notes.
Reported-by: V <v@anomalous.eu>
2020-12-16 12:20:03 +00:00
Klemens Nanni
8833983f26
nixos/users-groups: createHome: Ensure HOME permissions, fix description
...
configuration.nix(1) states
users.extraUsers.<name>.createHome
[...] If [...] the home directory already exists but is not
owned by the user, directory owner and group will be changed to
match the user.
i.e. ownership would change only if the user mismatched; the code
however ignores the owner, it is sufficient to enable `createHome`:
if ($u->{createHome}) {
make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
chown $u->{uid}, $u->{gid}, $u->{home};
}
Furthermore, permissions are ignored on already existing directories and
therefore may allow others to read private data eventually.
Given that createHome already acts as switch to not only create but
effectively own the home directory, manage permissions in the same
manner to ensure the intended default and cover all primary attributes.
Avoid yet another configuration option to have administrators make a
clear and simple choice between securely managing home directories
and optionally defering management to own code (taking care of custom
location, ownership, mode, extended attributes, etc.).
While here, simplify and thereby fix misleading documentation.
2020-12-16 03:40:29 +01:00
github-actions[bot]
bc3c95481e
Merge staging-next into staging
2020-12-16 00:41:26 +00:00
Guillaume Girol
824d2c92bd
Merge pull request #82584 from Atemu/dnscrypt-default-config
...
dnscrypt-proxy2: base settings on example config
2020-12-15 19:47:43 +00:00
github-actions[bot]
77b786a5d9
Merge staging-next into staging
2020-12-15 12:20:58 +00:00
Michele Guerini Rocco
12f367b51c
Merge pull request #104722 from rnhmjoj/wpa-fix
...
nixos/wireless: fix failure with no interfaces
2020-12-15 08:37:33 +01:00
github-actions[bot]
f8d9426a1b
Merge staging-next into staging
2020-12-15 00:39:51 +00:00
Linus Heckemann
c40f06022a
Merge pull request #106073 from minijackson/tinc-rfc42-and-tests
...
nixos/tinc: rfc42 and tests
2020-12-14 21:52:57 +01:00
github-actions[bot]
ec2fa1cee8
Merge staging-next into staging
2020-12-14 12:21:13 +00:00
Linus Heckemann
cc786acdce
Merge pull request #105397 from kisik21/mailman-other-mta-support
...
nixos/mailman: make Postfix support optional (provided you configure the MTA yourself)
2020-12-14 09:46:05 +01:00
Vika
ad023b0c88
nixos/mailman: make Postfix support optional (provided you configure the MTA yourself)
...
Mailman can now work with MTAs other than Postfix. You'll have to configure
it yourself using the options in `services.mailman.settings.mta`.
This addition is reflected in the release notes for 21.03.
2020-12-14 02:41:30 +03:00
Minijackson
499e366d7b
nixos/tinc: add settings and hostSettings for RFC42-style options
2020-12-13 21:33:38 +01:00
Thomas Tuegel
39b76030be
Merge pull request #104810 from Thra11/plasma-5-20
...
Plasma 5.20.4
2020-12-13 13:50:53 -06:00
Timo Kaufmann
d6dba0d7c1
Merge pull request #100774 from Atemu/startx-improvements
...
Startx improvements
2020-12-13 18:28:21 +01:00
Atemu
d3113a62b8
nixos/startx: send Xorg log to the default location
...
This partially reverts bf3d3dd19b
.
I don't know why we weren't getting a default logfile back then but Xorg
definitely provides one now ($XDG_DATA_HOME for regular users and /var/log for
root, see `man Xorg`)
2020-12-13 06:15:33 +01:00
Atemu
693a31ab7b
nixos/xserver: make logFile configurable
...
It makes sense for it to be /dev/null for all the displayManagers but startx,
it needs a different logFile configuration.
2020-12-13 06:15:33 +01:00
Atemu
c72c02ab26
nixos/startx: provide xserverArgs via xserverrc
...
Fixes #80198
2020-12-13 06:15:32 +01:00
Thomas Tuegel
58fd813daf
nixos/plasma5: install kirigami2 for SDDM theme
2020-12-12 16:07:19 -06:00
WilliButz
8727a0178f
Merge pull request #106788 from urbas/py-air-control-exporter-cli
...
nixos/prometheus-exporters/py-air-control: invoke exporter command
2020-12-12 21:48:01 +01:00
Florian Klink
536988b35e
nixos/console: fix Before= on the systemd-vconsole-setup unit
...
Only set Before=display-manager.service if it is actually present.
On headless systems, `systemctl list-units --state not-found` will
otherwise show display-manager.service.
Reported-In: https://github.com/NixOS/nixpkgs/issues/88597
2020-12-12 21:21:51 +01:00
Matej Urbas
4970fbedbc
nixos/prometheus-exporters/py-air-control: invoke exporter command
...
Package `py-air-control exporter` v0.1.5 comes with a new CLI. This change uses the new CLI (which simplifies the exporter's systemd service setup).
2020-12-12 20:19:54 +00:00
Florian Klink
ce0fdd4dc0
Merge pull request #106697 from aanderse/mpd
...
nixos/mpd: conditionally provision required directories with StateDirectory
2020-12-12 20:48:54 +01:00
Jörg Thalheim
95042a58fb
Merge pull request #106751 from urbas/sd-image-first-boot-awk-missing
...
nixos/sd-image: explicit reference to the gawk package
2020-12-12 16:37:54 +00:00
Jörg Thalheim
5f0d38f05b
Merge pull request #106715 from Mic92/tinc
2020-12-12 16:35:59 +00:00
Matej Urbas
aa38540423
nixos/sd-image: explicit reference to the gawk package
...
The `awk` command is not installed in the standard env. So this command fails if the `awk` command is not installed by some external module.
2020-12-12 15:43:09 +00:00
Linus Heckemann
f448ec3365
Merge pull request #98731 from mayflower/ldap-nss-optional
...
config.users.ldap: do not include nss module if turned off
2020-12-12 10:53:39 +01:00
Linus Heckemann
54e9ee81a4
Merge pull request #106672 from alyssais/mailman
...
mailman: run non-minutely jobs
2020-12-12 10:12:39 +01:00
Atemu
e4c49db668
nixos/dnscrypt-proxy2: base settings on example config
...
Dnscrypt-proxy needs some options to be set before it can do anything useful.
Currently, we only apply what the user configured which, by default, is nothing.
This leads to the dnscrypt-proxy2 service failing to start when you only set
`enable = true;` which is not a great user experience.
This patch makes the module take the example config from the upstream repo as a
base on top of which the user-specified settings are applied (it contains sane
defaults).
An option has been added to restore the old behaviour.
2020-12-12 09:15:11 +01:00
Jörg Thalheim
2cdec00dd2
nixos/tinc: add reload command
2020-12-12 07:37:16 +01:00
Aaron Andersen
77a8496907
nixos/mpd: conditionally provision required directories with StateDirectory
2020-12-11 19:35:43 -05:00
Aaron Andersen
9826371e44
Merge pull request #101224 from aanderse/ldap
...
nixos/ldap: restart nslcd when configuration changes
2020-12-11 17:18:12 -05:00
Guillaume Girol
a7b60e6bdf
Merge pull request #104727 from chkno/fuse-dot-sshfs
...
nixos/locate: Fix sshfs exclusion
2020-12-11 20:32:28 +00:00
Alyssa Ross
a2460414cb
nixos/mailman: run non-minutely jobs
...
Fixes: b478e0043c
("nixos/mailman: refactor")
2020-12-11 17:23:50 +00:00
Peter Hoeg
aa995fb0b7
nixos/sshguard: do not do IPv6 setup/teardown unconditionally
2020-12-11 16:19:45 +08:00
Peter Simons
21b8fe302f
Merge pull request #106580 from rissson/nixos-postfix-fix-mastercf-type
...
nixos/postfix: fix masterCf type
2020-12-11 09:14:47 +01:00
Jörg Thalheim
d22d9227f1
Merge pull request #106601 from Mic92/frab
...
frab: remove package
2020-12-11 05:27:55 +00:00
Jörg Thalheim
6fa3728805
frab: remove package
...
broken since 2018
2020-12-10 22:24:11 +01:00
Scott Worley
86f0dc221f
nixos/locate: Exclude fuse.sshfs
...
The "fuse" and "sshfs" entries already present are not keeping this find
invocation out of sshfs mounts, which present as fstype "fuse.sshfs"
2020-12-10 12:59:13 -08:00
Maximilian Bosch
07aff199ad
Merge pull request #106080 from Ma27/nginx-config-doc
...
nixos/nginx: improve documentation for `config`
2020-12-10 21:54:01 +01:00
WilliButz
df8ee3669f
Merge pull request #106067 from urbas/prometheus-exporter-py-air-control
...
nixos/prometheus-exporters/py-air-control: init
2020-12-10 20:51:56 +01:00
Matej Urbas
4948743705
nixos/prometheus-exporters/py-air-control: init
2020-12-10 19:02:30 +00:00
Marc 'risson' Schmitt
27dacb8b4b
nixos/postfix: fix masterCf type
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2020-12-10 18:49:05 +01:00
Maximilian Bosch
21be5b00da
Merge pull request #106473 from Ma27/improve-nextcloud-error
...
nixos/nextcloud: improve error message for invalid `dbpassFile`
2020-12-10 18:28:50 +01:00
Maximilian Bosch
81662d4798
nixos/nextcloud: improve error message for invalid dbpassFile
...
`file_exists` also returns `FALSE` if the file is in a directory that
can't be read by the user. This e.g. happens if permissions for
`nixops(1)`-deployment keys aren't configured correctly.
This patch improves the error message for invalid files to avoid
confusion[1].
[1] https://discourse.nixos.org/t/nixops-deploy-secrets-to-nextcloud/10414/4
2020-12-09 19:54:43 +01:00
Damien Diederen
98236860dc
nixos/zookeeper: adapt to zookeeper 3.6.2
...
This patch:
* Removes an invalid/useless classpath element;
* Removes an unnecessary environment variable;
* Creates the required '/version-2' data subdirectory;
* Redirects audit logging to the "console" (systemd) by default.
2020-12-09 15:46:38 +01:00
Peng Mei Yu
3cd1a6706c
unbound: Add AF_NETLINK to allowed address families.
...
Unbound throws the following error:
--8<---------------cut here---------------start------------->8---
error: failed to list interfaces: getifaddrs: Address family not supported by protocol
fatal error: could not open ports
--8<---------------cut here---------------end--------------->8---
The solution is pulled from upstream:
https://github.com/NLnetLabs/unbound/pull/351
2020-12-08 14:31:15 +08:00
Blaž Hrastnik
920c439915
thermald: Fix systemd service definition.
2020-12-08 08:26:36 +09:00
Maximilian Bosch
55ef9612a2
nixos/nginx: improve documentation for config
...
Unfortunately, I had a use-case where `services.nginx.config` was
necessary quite recently. While working on that config I had to look up
the module's code to understand which options can be used and which
don't.
To slightly improve the situation, I changed the documentation like
this:
* Added `types.str` as type since `config` is not mergeable on purpose.
It must be a string as it's rendered verbatim into `nginx.conf` and if
the type is `unspecified`, it can be confused with RFC42-like options.
* Mention which config options that don't generate config in
`nginx.conf` are NOT mutually exclusive.
2020-12-06 17:26:13 +01:00
Francesco Zanini
93d74f6536
zigbee2mqtt: 1.16.1 -> 1.16.2
2020-12-05 17:42:07 +01:00
freezeboy
903b2aa9a6
nixos/n8n: init module and test
2020-12-05 11:02:40 +01:00
Linus Heckemann
c14f14eeaf
Merge pull request #97505 from mayflower/grub-efi-mirroredboot
...
nixos/grub: allow multiple "nodev" devices for mirroredBoots
2020-12-04 18:37:50 +01:00
stigo
80e0a20892
Merge pull request #103813 from symphorien/firejail
...
nixos/firejail: allow to pass options to firejail
2020-12-04 09:00:15 +01:00
pacien
93335aa252
nixos/msmtp: add msmtp module
...
This adds a module for msmtp, a simple SMTP client which provides a
sendmail-compatible interface.
GitHub: see also nixpkgs issue #105710
2020-12-03 22:23:20 +01:00
rnhmjoj
296c415030
nixos/fish: make generateCaches easier to override
2020-12-03 22:00:33 +01:00
rnhmjoj
87d614441d
nixos/documentation: silence man-db cache warnings
...
The output of the man-db command used to generate the caches is
irrelevant and can confuse users, let's hide it.
2020-12-03 21:57:09 +01:00
Gabriel Ebner
6e8007341e
Merge pull request #105362 from gebner/pipewire0137
...
pipewire: 0.3.16 -> 0.3.17
2020-12-03 17:15:05 +01:00
Sandro
c1695ade0b
Merge pull request #105745 from archseer/thermald-2-4
2020-12-03 11:26:16 +01:00
Blaž Hrastnik
05bd810d5f
thermald: Always enable adaptive mode.
...
There was some issues with the fallback to passive mode on 2.3, but on
2.4 adaptive mode is always enabled upstream and thermald will fallback
to passive if necessary.
a6e68a65b5/data/thermald.service.in (L9)
2020-12-03 12:45:58 +09:00
Gabriel Ebner
906d68cf13
nixos/pipewire: enable volume control via alsa
2020-12-02 22:11:09 +01:00
Gabriel Ebner
b28f2f7386
nixos/pipewire: generate configuration file
2020-12-02 22:11:09 +01:00
Jörg Thalheim
11ee543052
sd-image: fix resizing if root is not the second partition.
2020-12-02 21:52:38 +01:00
pacien
a2c4419636
nixos/ssmtp: fix configuration generator to accomodate ssmtp
...
This replaces `concatStringsSep "\n"` with the proper generator to make sure
that the generated configuration file ends with a trailing `\n`, which is
required by ssmtp's picky configuration parser to take the last configuration
key into account.
GitHub: closes #105704
2020-12-02 16:41:06 +01:00
Silvan Mosberger
2526f22723
Merge pull request #102076 from Taneb/hoogle-dynamic-user
...
Set DynamicUser=true for hoogle
2020-12-02 12:58:10 +01:00
Austin Seipp
652ac69373
Merge pull request #103393 from happysalada/add_vector
...
nixos/vector: add module
2020-12-02 03:30:11 -06:00
Andreas Rammhold
26cc536edf
Merge pull request #104203 from andir/saned-max-connections
...
nixos/sane: bump the MaxConnections to a reasonable amount
2020-12-01 19:45:13 +01:00
Jörg Thalheim
b1ed5ffeab
Merge pull request #93293 from tnias/nixos_rspamd_20200716
2020-12-01 13:10:43 +00:00
Christine Dodrill
3d55480bf8
nixos/tailscale: add package as an option
...
This simplifies testing changes to the tailscale service on a local
machine. You can use this as such:
```nix
let
tailscale_patched = magic {};
in {
services.tailscale = {
enable = true;
package = tailscale_patched;
};
};
```
Signed-off-by: Christine Dodrill <me@christine.website>
2020-12-01 12:30:31 +01:00
Silvan Mosberger
a87ab948d2
Merge pull request #104836 from ncfavier/master
...
nixos/nat: support IPv6 NAT
2020-12-01 04:40:09 +01:00
Valérian Galliat
b93a5a1746
nixos/nat: support IPv6 NAT
2020-12-01 00:51:58 +01:00
Silvan Mosberger
8dea4df903
lib/modules: Remove _module.checks.*.triggerPath as it's not necessary
...
Previously this option was thought to be necessary to avoid infinite
recursion, but it actually isn't, since the check evaluation isn't fed
back into the module fixed-point.
2020-11-30 23:51:42 +01:00
Silvan Mosberger
c9cc8969b4
lib/modules: Rename _module.assertions to _module.checks
2020-11-30 23:51:41 +01:00
Silvan Mosberger
9523df7eb6
nixos/assertions: Use module-builtin assertion implementation
2020-11-30 23:51:22 +01:00
Silvan Mosberger
6df56e1cb8
Merge pull request #103866 from cole-h/doas
...
doas: 6.6.1 -> 6.8
2020-11-30 19:02:55 +01:00
Frederik Rietdijk
9a63b3d3d6
Merge pull request #104781 from NixOS/staging-next
...
Staging next
2020-11-30 18:27:29 +01:00
Nathan van Doorn
12c3e0a465
nixos/services/hoogle use DynamicUser instead of nobody
...
I've also removed PrivateTmp = true because this is implied by dynamic user.
I've left ProtectHome = true because I believe this is stronger than
ProtectHome = "read-only" which DynamicUser implies.
2020-11-30 13:36:19 +00:00
happysalada
627dfecadd
nixos/vector: add module
2020-11-30 16:22:08 +09:00
Jörg Thalheim
3b6ef967f3
nixos/rspamd: fix postfix integration
2020-11-30 07:29:32 +01:00
Florian Klink
a623bc0ba4
Merge pull request #104689 from petabyteboy/feature/gitlab-13-6-1
...
gitlab: 13.6.0 -> 13.6.1
2020-11-29 22:37:42 +01:00
Maximilian Bosch
752b6a95db
nixos/mautrix-telegram: update defaults
...
These three defaults must exist in the config now, otherwise
`mautrix-telegram` will refuse to start.
2020-11-29 21:28:07 +01:00
Gabriel Ebner
0155830275
nixos/pipewire: allow overriding the pipewire derivation
2020-11-29 17:43:07 +01:00
Gabriel Ebner
ce28fd3d22
nixos/pipewire: add media-session.d files
2020-11-29 17:43:07 +01:00
Gabriel Ebner
53029a15cc
nixos/pipewire: enable sound on alsa support
...
Otherwise sound.extraConfig has no effect.
2020-11-29 15:08:38 +01:00
Frederik Rietdijk
0d8491cb2b
Merge master into staging-next
2020-11-29 13:51:10 +01:00
Sarah Brofeldt
a7a5f7904c
Merge pull request #99173 from johanot/fix-initrd-ssh-commands-test
...
nixos/initrd-ssh: set more defensive pemissions on sshd test key
2020-11-29 11:27:03 +01:00
Jörg Thalheim
6f330ccedf
nixos/nginx: add streamConfig option
2020-11-29 10:55:01 +01:00
StigP
e2968a0442
Merge pull request #102061 from braunse/gogs-0-12-3
...
gogs: 0.11.91 -> 0.12.3
2020-11-29 10:01:47 +01:00
Ryan Mulligan
cb42d08df2
Merge pull request #62104 from Vizaxo/master
...
nixos/exwm: allow custom Emacs load script
2020-11-28 18:47:21 -08:00
Martin Weinelt
62ef710b54
Merge pull request #104268 from mvnetbiz/ha-allowpaths
...
home-assistant: add allowlist_external_dirs to systemd unit ReadWritePaths
2020-11-29 00:25:35 +01:00
Sander van der Burg
336628268f
nixos/disnix: reorder startup to take MongoDB and InfluxDB into account, add option to add Disnix profile to the system PATH
2020-11-28 20:15:21 +01:00
Sander van der Burg
5e392940cf
nixos/dysnomia: add InfluxDB configuration options, add option to use legacy modules, eliminate import from derivation hack
2020-11-28 20:15:21 +01:00
Silvan Mosberger
cb59ff4aab
Merge pull request #86225 from sorki/proxychains
...
nixos/proxychains: init
2020-11-28 19:45:32 +01:00
Frederik Rietdijk
9e062723b2
Merge master into staging-next
2020-11-28 08:53:47 +01:00
Sebastien Braun
5c87a6b8ea
gogs: 0.11.91 -> 0.12.3
2020-11-28 06:50:52 +01:00
Sandro
a390213f85
Merge pull request #85133 from snicket2100/mosquitto-service-sandboxing
...
mosquitto: systemd service sandboxing
2020-11-27 18:53:36 +01:00
Frederik Rietdijk
b2a3891e12
Merge master into staging-next
2020-11-27 15:09:19 +01:00
Milan Pässler
81aff9f411
nixos/gitlab: use bindsTo instead of requires for gitaly
2020-11-26 14:12:14 +01:00
Jan Tojnar
e95cc8519b
Merge pull request #104553 from jansol/pipewire
...
pipewire: 0.3.15 -> 0.3.16
2020-11-26 10:59:17 +01:00
Luke Granger-Brown
ad62155cb6
nixos/zram: add zramSwap.memoryMax option
...
This allows capping the total amount of memory that will be used for
zram-swap, in addition to the percentage-based calculation, which is
useful when blanket-applying a configuration to many machines.
This is based off the strategy used by Fedora for their rollout of
zram-swap-by-default in Fedora 33
(https://fedoraproject.org/wiki/Changes/SwapOnZRAM ), which caps the
maximum amount of memory used for zram at 4GiB.
In future it might be good to port this to the systemd zram-generator,
instead of using this separate infrastructure.
2020-11-25 13:43:38 +00:00
Frederik Rietdijk
5790bb073f
nixos auto-upgrade: remove flag when flake
...
The `--no-build-output` flag that is added by default is only valid
for the old cli, which is not used when flakes are used.
Follow-up to c9daa81eff
.
2020-11-25 08:34:04 +01:00
Florian Klink
5b3a952e04
Merge pull request #102938 from cruegge/dev-symlinks
...
nixos/stage-1: create /dev/std{in,out,err} symlinks
2020-11-25 01:57:21 +01:00
Stijn DW
3d3bcc5cc9
nixos/factorio: Don't open firewall ports by default
2020-11-24 23:14:57 +01:00
Stijn DW
d93434458b
nixos/factorio: add openFirewall option
2020-11-24 23:14:57 +01:00
Graham Christensen
d9c3f13df3
Merge pull request #104776 from grahamc/utillinux
...
utillinux: rename to util-linux
2020-11-24 15:14:36 -05:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux
2020-11-24 12:42:06 -05:00
adisbladis
302df2a9a1
Merge pull request #81661 from adisbladis/ssh-pam-sudo-keys
...
pam_ssh_agent_auth: Honour services.openssh.authorizedKeysFiles
2020-11-24 16:06:47 +01:00
Artturin
4db239272c
mullvad-vpn: add iproute2
2020-11-24 06:12:32 -08:00
Ryan Mulligan
91f1d7e405
Merge pull request #104734 from ju1m/fix-udev
...
nixos/network-interfaces: fix typo in udev rule syntax
2020-11-24 05:44:52 -08:00
Peter Simons
58f29d3ca8
Merge pull request #104721 from vkleen/postfix-smtp-fix
...
nixos.postfix: make postfix.enableSmtp work again
2020-11-24 08:58:35 +01:00
Jan Tojnar
6d99109b12
Merge branch 'staging-next' into staging
2020-11-24 05:44:44 +01:00
Julien Moutinho
2263fa5698
nixos/network-interfaces: fix typo in udev rule syntax
2020-11-24 04:21:44 +01:00
adisbladis
ba1fa0c604
pam_ssh_agent_auth: Honour services.openssh.authorizedKeysFiles
...
If a system administrator has explicitly configured key locations this
should be taken into account by `sudo`.
2020-11-24 02:47:07 +01:00
Viktor Kleen
6216c843ed
nixos/postfix: make postfix.enableSmtp work again
...
This fixes issue #104715 .
2020-11-23 23:46:06 +00:00
rnhmjoj
8f177612b1
nixos/wireless: fix failure with no interfaces
...
This resolves issue #101963 .
When the service is started and no interface is ready yet, wpa_supplicant
is being exec'd with no `-i` flags, thus failing. Once the interfaces
are ready, the udev rule would fire but wouldn't restart the unit because
it wasn't currently running (see systemctl(1) try-restart).
The solution is to exit (with a clear error message) but always restart
wpa_supplicant when the interfaces are modified.
2020-11-24 00:18:18 +01:00
Florian Klink
bbf3c9483b
Merge pull request #104520 from Izorkin/wsdd
...
wsdd: init at 0.6.2
2020-11-23 23:18:23 +01:00
Frederik Rietdijk
587538d087
Merge staging-next into staging
2020-11-23 18:10:33 +01:00
Izorkin
03760ab82e
nixos/samba-wsdd: init service samba-wsdd
2020-11-23 13:26:00 +03:00
Jan Solanti
aca97840da
pipewire: 0.3.15 -> 0.3.16
...
This release replaces the libpulseaudio shim with a pipewire module that acts as a fake pulseaudio server along with a systemd service that loads that module on demand.
2020-11-23 10:40:35 +02:00
Scott Worley
e0d27cfb31
nixos/locate: Whitespace: One pruneFS default per line
...
This makes merging less painful.
This is nixfmt's preferred format.
2020-11-22 21:53:08 -08:00
zowoq
dbbd289982
nixos/*: fix indentation
2020-11-23 08:42:51 +10:00
Florian Klink
c76891314d
Merge pull request #104094 from flokli/systemd-unified-cgroup-hierarchy
...
systemd: switch to unified cgroup hierarchy by default
2020-11-22 22:35:42 +01:00
Graham Christensen
1ee1134cb1
Merge pull request #104456 from endgame/refresh-instance-metadata-on-boot
...
Refresh instance metadata on boot
2020-11-22 08:23:14 -05:00
Florian Klink
904f124247
Merge pull request #99116 from jslight90/gitlab-13.4.0
...
GitLab 13.0.14 -> 13.6.0
2020-11-22 12:00:03 +01:00
Jack Kelly
43bfd7e5b1
{ec2,openstack}-metadata-fetcher: unconditionally fetch metadata
...
The metadata fetcher scripts run each time an instance starts, and it
is not safe to assume that responses from the instance metadata
service (IMDS) will be as they were on first boot.
Example: an EC2 instance can have its user data changed while
the instance is stopped. When the instance is restarted, we want to
see the new user data applied.
2020-11-22 11:04:46 +10:00
Jack Kelly
8c39655de3
{ec2,openstack}-metadata-fetcher: introduce wget_imds function
2020-11-22 11:04:46 +10:00
Jack Kelly
f8c3027812
openstack-metadata-fetcher: stop lying in log message
2020-11-22 11:04:46 +10:00
Kai Wohlfahrt
db5bb4e26b
nixos/openldap: Fix sssd-ldap test
...
Use this as a test of the migration warnings/functionality.
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
fefc26f844
nixos/openldap: use mkRenamedOptionModule
...
This offers less helpful warnings, but makes the implementation
considerably more straightforward.
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
ce1acd97a7
nixos/openldap: fix path + base64 value types
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
b2ebffe186
nixos/openldap: Fix indentation
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
3f892c2174
nixos/openldap: Remove extraConfig options
...
Instead of deprecating, as per PR feedback
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
2050376cae
nixos/openldap: Mention schemas in migration hint
2020-11-21 15:45:16 +00:00
Kai Wohlfahrt
5fafbee87a
nixos/openldap: Add release-notes for OLC config
2020-11-21 15:45:15 +00:00
Kai Wohlfahrt
adda7e62d0
nixos/openldap: Add support for base64 values
2020-11-21 15:39:20 +00:00
Kai Wohlfahrt
d05061c5cd
nixos/openldap: Pick some PR nits
2020-11-21 15:39:20 +00:00
Kai Wohlfahrt
9528faf182
nixos/openldap: Allow declarativeContents for multiple databases
2020-11-21 15:39:19 +00:00
Kai Wohlfahrt
057cb570be
nixos/openldap: Add delcarativeConfig by suffix
...
Adding by index could be an issue if the user wanted the data to be
added to a DB other than the first.
2020-11-21 15:39:19 +00:00
Kai Wohlfahrt
1fde3c3561
nixos/openldap: switch to slapd.d configuration
...
The old slapd.conf is deprecated. Replace with slapd.d, and use this
opportunity to write some structured settings.
Incidentally, this fixes the fact that openldap is reported up before
any checks have completed, by using forking mode.
2020-11-21 15:39:19 +00:00
Joachim F
547d660f64
Merge pull request #104052 from TredwellGit/nixos/malloc
...
nixos/malloc: fix Scudo
2020-11-21 14:31:58 +00:00
Frederik Rietdijk
1ffd7cf0d6
Merge master into staging-next
2020-11-21 08:43:10 +01:00
Milan Pässler
0f82bd767b
nixos/gitlab: start gitaly after gitlab
2020-11-21 01:38:11 +01:00
Jeff Slight
f98a6322e6
nixos/gitlab: add changes for gitlab 13.4.x
2020-11-20 19:26:30 +01:00
Graham Christensen
75d7828724
Merge pull request #98544 from Mic92/unfuck-update-user-group
...
nixos/update-user-groups: Fix encoding issues + atomic writes
2020-11-20 10:28:52 -05:00
Eelco Dolstra
80097e57c9
nix: 2.3.8 -> 2.3.9
2020-11-20 13:03:04 +01:00
Jan Tojnar
f6105d21e3
Merge branch 'master' into staging-next
2020-11-20 01:38:32 +01:00
Graham Christensen
7fa7bf2fda
Merge pull request #104193 from grahamc/ec2-metadata-imdsv2
...
NixOS EC2 AMI: Support IMDSv2
2020-11-19 16:11:32 -05:00
Frederik Rietdijk
ea7b8978ef
Merge master into staging-next
2020-11-19 20:08:15 +01:00
Graham Christensen
f2cfecdec3
nixos ami: preflight the imds token
...
According to Freenode's ##AWS, the metadata server can sometimes
take a few moments to get its shoes on, and the very first boot
of a machine can see failed requests for a few moments.
2020-11-19 13:56:44 -05:00
Graham Christensen
83ea88e03f
nixos: ec2 ami: support IMDSv2
...
AWS's metadata service has two versions. Version 1 allowed plain HTTP
requests to get metadata. However, this was frequently abused when a
user could trick an AWS-hosted server in to proxying requests to the
metadata service. Since the metadata service is frequently used to
generate AWS access keys, this is pretty gnarly. Version two is
identical except it requires the caller to request a token and provide
it on each request.
Today, starting a NixOS AMI in EC2 where the metadata service is
configured to only allow v2 requests fails: the user's SSH key is not
placed, and configuration provided by the user-data is not applied.
The server is useless. This patch addresses that.
Note the dependency on curl is not a joyful one, and it expand the
initrd by 30M. However, see the added comment for more information
about why this is needed. Note the idea of using `echo` and `nc` are
laughable. Don't do that.
2020-11-19 13:00:56 -05:00
Florian Klink
5d45f269aa
nixos/k3s: disable unifiedCgroupHierarchy
...
This gets automatically disabled by docker if the docker backend is
used, but the bundled containerd also doesn't seem to support cgroupsv2,
so disable it explicitly here, too.
2020-11-19 16:56:46 +01:00
Florian Klink
d22b3ed4bc
systemd: switch to unified cgroup hierarchy by default
...
See https://www.redhat.com/sysadmin/fedora-31-control-group-v2 for
details on why this is desirable, and how it impacts containers.
Users that need to keep using the old cgroup hierarchy can re-enable it
by setting `systemd.unifiedCgroupHierarchy` to `false`.
Well-known candidates not supporting that hierarchy, like docker and
hidepid=… will disable it automatically.
Fixes #73800
2020-11-19 16:56:46 +01:00
Jörg Thalheim
2bf5899d6a
Merge pull request #104105 from spacefrogg/openafs-1.9
2020-11-19 14:42:17 +01:00
Matt Votava
746efadcce
home-assistant: add allowlist_external_dirs to systemd unit ReadWritePaths
2020-11-19 04:29:03 -08:00
Silvan Mosberger
3307adf755
Merge pull request #98980 from JustinLovinger/idmapd
...
nixos/nfs: add idmapd.settings option
2020-11-18 22:46:48 +01:00
Jörg Thalheim
0f84e08fcd
nixos/telegraf: make example a bit more compact
2020-11-18 21:41:58 +01:00
Jörg Thalheim
69caedcc42
nixos/telegraf: null value for environmentFiles is invalid
...
it's also not needed given that empty list covers all use cases.
2020-11-18 21:41:55 +01:00
Andreas Rammhold
6f7d8e5528
nixos/sane: bump the MaxConnections to a reasonable amount
...
Whenever I try to scan from another computer it has to establish >2
connections in order to succeed. With the connections being limited to 1
I can not scan any document.
This is also what other distributions ([Debian], [ArchLinux], …) have
done in one way or another.
[Debian]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850649#5
[ArchLinux]: no limit: 99cba454bb/trunk/saned.socket (L4)
2020-11-18 20:25:44 +01:00
Graham Christensen
21339b41bf
nixos: openstack: have its own metadata fetcher expression
...
These two APIs have diverged over time and are no longer compatible.
2020-11-18 11:42:32 -05:00
Frederik Rietdijk
da12fc6838
Merge staging-next into staging
2020-11-18 15:36:56 +01:00
Janne Heß
e5e9887e38
nixos/dbus: Add AppArmor support
2020-11-18 10:10:36 +01:00
Michael Raitza
1f323ec2b4
openafs: remove 1.6; point to openafs_1_8
2020-11-17 21:31:59 +01:00
Vladimír Čunát
bdcd2d82ee
Merge #103633 : kresd service: switch .listenDoH
...
... to new implementation - and a couple other improvements.
2020-11-17 20:06:55 +01:00
Vladimír Čunát
e61ef63e4e
kresd service: switch .listenDoH to new implementation
...
Beware: extraFeatures are not needed *for this* anymore,
but their removal may still cause a regression in some configs
(example: prefill module).
2020-11-17 20:04:56 +01:00
TredwellGit
fc6948cd47
nixos/malloc: fix Scudo
...
Fixes segmentation faults.
https://github.com/NixOS/nixpkgs/issues/100799
2020-11-17 09:11:31 -05:00
Oleksii Filonenko
512c3c0a05
maintainers: rename filalex77 -> Br1ght0ne
2020-11-17 13:09:31 +02:00
Jörg Thalheim
e54cd0ef25
Merge pull request #103876 from Mic92/lvm-generator-fix
...
nixos/lvm2-activation-generator: fix warnings on activation
2020-11-16 18:37:36 +01:00
Florian Klink
462c5b26c5
Merge pull request #103966 from flokli/kernel-enable-ipv6
...
kernel config: explicitly enable CONFIG_IPV6
2020-11-16 16:32:50 +01:00
Maximilian Bosch
9fc484c373
Merge pull request #103717 from WilliButz/codimd/add-package-option
...
nixos/codimd: add package option, refactor prettyJSON
2020-11-16 13:46:17 +01:00
Florian Klink
13be37662d
kernel config: explicitly enable CONFIG_IPV6
...
We currently build CONFIG_IPV6=m.
This seems to be not really well-supported in mainline kernels - see
https://lore.kernel.org/netdev/20201115224509.2020651-1-flokli@flokli.de/T/#u
Compiling it as a module doesn't give too much benefit - even for people
who did explicitly set `enableIPv6` to false, the `ipv6` module was
still loaded, as soon as another module was loaded that requires it
(bridge,br_netfilter,wireguard,ip6table_mangle,sctp,…).
By compiling it in, we only loose the possibility to not add it to
`boot.kernelModules` anymore (as it's part of the kernel directly). The
space savings are negligible.
People wanting to disable IPv6 still get the appropriate sysctls and
options set (while having the kernel code loaded), nothing is really
changing here.
2020-11-16 13:07:49 +01:00
Andreas Rammhold
ad37c2c445
Merge pull request #102916 from andir/nixos-help
...
nixos-help: fixup .desktop file & smaller refactoring
2020-11-16 12:17:28 +01:00
Jörg Thalheim
8ac3a1503a
nixos/lvm2-activation-generator: fix warnings on activation
2020-11-15 08:06:05 +01:00
Cole Helbling
19c0927d30
nixos/doas: add noLog option
2020-11-14 19:16:56 -08:00
Jörg Thalheim
7534d92648
nixos/telegraf: allow multiple env files
2020-11-14 16:33:50 +01:00
Jörg Thalheim
8edc4619ab
nixos/telegraf: switch to setting types
...
This allows to split up configuration into multiple modules
2020-11-14 16:33:46 +01:00
Jörg Thalheim
157d7354d6
nixos/telegraf: add environmentFile option
2020-11-14 16:33:42 +01:00
Jörg Thalheim
9750813b89
nixos/telegraf: add support for native ping
2020-11-14 16:33:39 +01:00
Symphorien Gibol
6fa1646268
nixos/firejail: allow to pass options to firejail
2020-11-14 12:00:00 +00:00
WilliButz
74d354a397
nixos/codimd: add package option, refactor prettyJSON
...
This adds a `package` option to allow for easier overriding of the used
CodiMD version and `runCommandLocal` with `nativeBuildInputs` is now
used to pretty print the configuration.
2020-11-13 16:14:41 +01:00
Elis Hirwing
2789f47b97
Merge pull request #103531 from gnidorah/acpilight
...
nixos/acpilight: add to packages
2020-11-12 07:02:39 +01:00
gnidorah
ec26da1fc6
nixos/acpilight: add to packages
2020-11-12 05:22:18 +03:00
Kevin Cox
66c98ec550
Merge pull request #95751 from srhb/forceImportAll
...
nixos/zfs: Fix boot.zfs.forceImportAll
2020-11-11 20:32:42 -05:00
Gabriel Ebner
753656bbbc
Merge pull request #103225 from gebner/hsphfpd
...
pulseaudio: add hsphfpd support
2020-11-11 19:56:35 +01:00
Sarah Brofeldt
e0d51db401
nixos: boot.zfsImportAll = false; by default
...
Also add 21.03 release note
2020-11-11 18:46:05 +01:00
Sarah Brofeldt
a4010e0580
nixos/zfs: Respect forceImportAll in import service
2020-11-11 18:45:14 +01:00
Kevin Cox
dce7cc111a
Merge pull request #96912 from atlaua/aranea/qemu-vm-kernel-config
...
nixos/qemu-vm: Fix and update system.requiredKernelConfig entries
2020-11-11 07:29:14 -05:00
Kevin Cox
5dee9b5699
Merge pull request #96679 from midchildan/add-mackerel
...
mackerel-agent: init at 0.69.3
2020-11-11 06:59:22 -05:00
Maximilian Bosch
a805b2ea32
Merge pull request #103182 from pacien/ssmtp-assert-usestarttls-usetls
...
nixos/ssmtp: add assertion for useSTARTTLS dependency on useTLS
2020-11-11 10:51:00 +01:00
Aaron Andersen
e419de361d
Merge pull request #102376 from felschr/feat/cfdyndns-password-file
...
nixos/cfdyndns: add apikeyFile option
2020-11-10 18:08:25 -05:00
Edmund Wu
4d0ad2783d
nixos/*: hsphfpd support
2020-11-10 20:53:13 +01:00
ajs124
fd950b9fc7
Merge pull request #103196 from helsinki-systems/fix/plasma5-noaliases
...
nixos/plasma5: Fix when running without aliases
2020-11-10 16:59:34 +01:00
Felix Tenley
a33290b1a8
nixos/cfdyndns: add apikeyFile option
...
nixos/cfdyndns: remove apikey option
2020-11-10 14:00:16 +01:00
Jörg Thalheim
31a0b5dff6
nixos/promtail: fix access to journal
2020-11-10 10:49:27 +01:00
Jörg Thalheim
4c64fa224e
nixos/loki: mergeable configuration
...
type.attrs is not mergable
2020-11-10 10:49:25 +01:00
Jörg Thalheim
88d1da8e5d
nixos/promtail: use json type for configuration
2020-11-10 10:49:23 +01:00
Jörg Thalheim
689eb49d42
nixos/loki: add logcli to system path
...
Admins quite likely want to query loki for debugging purpose.
2020-11-10 10:49:21 +01:00
Frederik Rietdijk
379aaa1e0c
Merge master into staging-next
2020-11-10 10:11:08 +01:00
WORLDofPEACE
fcef646736
Merge pull request #93431 from sorki/audio/pulseJack
...
nixos/jack,pulseaudio: fix pulse connection to jackd service
2020-11-09 19:40:12 -05:00
Michele Guerini Rocco
e6b8587b25
Merge pull request #101755 from rnhmjoj/activation-type
...
nixos/activation-script: make scripts well-typed
2020-11-10 00:04:47 +01:00
Jan Tojnar
3a5ba30c13
fwupd: 1.4.6 → 1.5.1
...
* https://github.com/fwupd/fwupd/releases/tag/1.5.0
* https://github.com/fwupd/fwupd/releases/tag/1.5.1
* The changelog mentions removed dependency on efivar but we still need the package because it also contains efiboot required dependency. https://github.com/fwupd/fwupd/pull/2485
* Blacklist options were renamed.
* Test firmware was moved to a separate repo. We need to install it or some tests will be skipped. https://github.com/fwupd/fwupd/pull/2330
* Initially, there was an option to configure dbx but in the end, it was removed in favour of bespoke dbxtool. https://github.com/fwupd/fwupd/pull/2061 , https://github.com/fwupd/fwupd/pull/2318 , https://github.com/fwupd/fwupd/pull/2329
* Fwupd now checks hashes of plug-ins and will complain loudly that it is tainted when “invalid” plug-in is loaded (during testing).
* Installed tests complain about not being able to access cdn, even though we are not setting CI_NETWORK env var. We need a patch to fix that.
2020-11-09 22:50:17 +01:00
Edmund Wu
0e4d0d95d0
treewide: generate pulseaudio pulseDir
2020-11-09 19:24:42 +01:00
Frederik Rietdijk
20f001c01e
Merge master into staging-next
2020-11-09 14:33:52 +01:00
Jan Tojnar
8e7fca3a5c
nixos/plymouth: fix eval with aliases disabled
...
Fallout from https://github.com/NixOS/nixpkgs/pull/101369
2020-11-09 14:00:18 +01:00
Maximilian Bosch
e74d6735f0
Merge pull request #103170 from nh2/roundcube-restart-on-config-changes
...
roundcube service: Restart on config changes
2020-11-09 12:47:22 +01:00
Samuel Gräfenstein
88bf1b3e92
nixos/boot: add final newline to pbkdf2-sha512.c
2020-11-09 11:39:28 +00:00
Janne Heß
59239feacb
nixos/plasma5: Fix when running without aliases
2020-11-09 11:09:06 +01:00
pacien
f7c50a8aa0
nixos/ssmtp: add assertion for useSTARTTLS dependency on useTLS
...
services.ssmtp.useSTARTTLS has no effect when services.ssmtp.useTLS is disabled.
2020-11-09 04:35:12 +01:00
Marek Mahut
e02f6bfa26
Merge pull request #100418 from pltanton/master
...
fido2luks: 0.2.3 -> 0.2.15
2020-11-09 00:22:09 +01:00
Niklas Hambüchen
91b20fb1aa
roundcube service: Restart on config changes.
...
Until now, e.g. `extraConfig` changes did not reflect in
the system on `nixos-rebuild switch`.
2020-11-08 22:20:18 +01:00
Ninjatrappeur
5f5d38e88f
Merge pull request #101218 from andir/unbound-systemd
2020-11-08 16:55:29 +01:00
Gabriel Ebner
df88279649
Merge pull request #103004 from lovesegfault/octoprint-marlingcodedocumentation
...
octoprint: add marlingcodedocumentation
2020-11-08 11:42:08 +01:00
Niklas Hambüchen
169ab0b89f
redis service: Listen on localhost by default. Fixes #100192 .
...
All other database servers in NixOS also use this safe-by-default setting.
2020-11-08 01:15:33 +01:00
Julien Moutinho
c48faf07f4
transmission: fix #98904
2020-11-07 16:27:24 +01:00
midchildan
921a66edc4
nixos/mackerel-agent: init
2020-11-07 13:37:33 +09:00
Andika Demas Riyandi
038497d3b3
nar-serve: init at 0.3.0 ( #95420 )
...
* nar-serve: init at 0.3.0
* nixos/nar-serve: add new module
Co-authored-by: zimbatm <zimbatm@zimbatm.com>
2020-11-06 18:59:51 +01:00
Jonathan Ringer
0a6a075813
Merge pull request #102979 from AmineChikhaoui/ec2-amis-gpt
...
ec2-amis: update AMIs to use gpt partition table
2020-11-06 09:14:48 -08:00
Maximilian Bosch
68726901e1
Merge pull request #94673 from justinas/prom-sql-exporter
...
prometheus-sql-exporter: init at 0.3.0
2020-11-06 17:00:47 +01:00
Justinas Stankevicius
d447c2413c
nixos/prometheus-sql-exporter: new module
2020-11-06 16:35:38 +01:00
Frederik Rietdijk
99fb79ae84
Merge master into staging-next
2020-11-06 12:51:56 +01:00
Bernardo Meurer
7fede29d83
nixos/octoprint: remove references to deprecated/removed m33-fio plugin
2020-11-06 00:39:50 -08:00
AmineChikhaoui
43907de6a7
ec2-amis: update AMIs to use gpt partition table
...
Use changes made as part of #102182 .
2020-11-05 20:58:08 -05:00
Aaron Andersen
33d8766feb
Merge pull request #102202 from danderson/danderson/post-stop
...
nixos/tailscale: use upstream systemd service config.
2020-11-05 20:22:53 -05:00
Timo Kaufmann
1fd1c2ad88
Merge pull request #96639 from xfix/support-microsoft-usb-keyboards
...
nixos/availableKernelModules: add microsoft hid
2020-11-05 20:33:49 +01:00
Peter Hoeg
13ed0cce2f
nixos/systemd-resolved: fix incorrect user
2020-11-05 22:41:39 +08:00
Christoph Ruegge
bcc808c68f
Create /dev/std{in,out,err} symlinks in stage-1
...
This used to be done by udev, but that was removed in
systemd/systemd@6b2229c . The links are created by systemd at the end of
stage-2, but activation scripts might need them earlier.
2020-11-05 15:32:19 +01:00
Wout Mertens
91d70c1edb
Merge pull request #102273 from rnhmjoj/bluetooth
...
nixos/bluetooth: disable restart on unit changes
2020-11-05 14:21:13 +01:00
Andreas Rammhold
9a01e97824
nixos-help: bundle the desktop item with the script
...
This is to ensure that whenever we install the desktop item we also have
the script installed. Prior to b02719a
we always had the reference to
the script in the desktop item. Since desktop items are being copied to
home directories and thus "bit rod" over time that absolute path was
removed.
2020-11-05 11:56:31 +01:00
Andreas Rammhold
3560f0d913
nixos-help: use writeShellScriptBin and drop custom shebang line
2020-11-05 11:47:14 +01:00
Klemens Nanni
b02719a29c
nixos-help: Do $PATH lookup in nixos-manual.desktop instead of hardcoding derivation
...
See db236e588d
"steam: Do $PATH lookup in steam.desktop [...]".
tl;dr: Otherwise widget/panel/desktop icons in DEs like KDE break.
2020-11-05 11:45:56 +01:00
Jan Tojnar
a821be7531
Merge branch 'master' into staging-next
2020-11-05 09:42:47 +01:00
Daniel Schaefer
d4905b1370
Merge pull request #99003 from martinetd/stunnel-doc
2020-11-04 17:40:48 +08:00
Victor Nawothnig
27e9328895
Support virtio_scsi devices on nixos-generate-config
2020-11-04 10:00:28 +01:00
Frederik Rietdijk
10c57af49c
Merge staging-next into staging
2020-11-04 09:28:07 +01:00
Jörg Thalheim
f2ec450424
Merge pull request #101249 from Izorkin/dhcpd-ipv6
...
nixos/dhcpcd: if disabled IPv6 don't solicit or accept IPv6
2020-11-04 08:09:08 +01:00
David Anderson
503caab776
nixos/tailscale: use upstream systemd service config.
...
Signed-off-by: David Anderson <dave@natulte.net>
2020-11-03 19:37:48 -08:00
Fabián Heredia Montiel
acd3d3dd20
nixos/modules/services/network-filesystems/ipfs: refactor
...
Add `package` option to change the package used for the service.
2020-11-03 17:35:06 -06:00
Andreas Rammhold
5903ea5395
nixos/unbond: unbound should be required for nss-lookup.target
...
Other units depend on nss-lookup.target and expect the DNS resolution to
work once that target is reached. The previous version
`wants=nss-lookup.target` made this unit require the nss-lookup.target
to be reached before this was started.
Another change that we can probalby do is drop the before relationship
with the nss-lookup.target. That might just be implied with the current
version.
2020-11-03 19:21:39 +01:00
Andreas Rammhold
2aa64e5df5
nixos/unbound: add option to configure the local control socket path
...
This option allows users to specify a local UNIX control socket to
"remote control" the daemon. System users, that should be permitted to
access the daemon, must be in the `unbound` group in order to access the
socket. When a socket path is configured we are also creating the
required group.
Currently this only supports the UNIX socket mode while unbound actually
supports more advanced types. Users are still able to configure more
complex scenarios via the `extraConfig` attribute.
When this option is set to `null` (the default) it doesn't affect the
system configuration at all. The unbound defaults for control sockets
apply and no additional groups are created.
2020-11-03 19:21:25 +01:00
Andreas Rammhold
aadc07618a
nixos/unbound: drop ReadWritePaths from systemd unit configuration
...
Both of the configured paths should be implicit due to RuntimeDirectory
& StateDirectory.
2020-11-03 19:21:24 +01:00
Andreas Rammhold
72fbf05c17
nixos/unbound: note about the AmbientCapabilities
2020-11-03 19:21:24 +01:00
Andreas Rammhold
5e602f88d1
nixos/modules/services/networking/unbound: update systemd unit
...
Previously we just applied a very minimal set of restrictions and
trusted unbound to properly drop root privs and capabilities.
With this change I am (for the most part) just using the upstream
example unit file for unbound. The main difference is that we start
unbound was `unbound` user with the required capabilities instead of
letting unbound do the chroot & uid/gid changes.
The upstream unit configuration this is based on is a lot stricter with
all kinds of permissions then our previous variant. It also came with
the default of having the `Type` set to `notify`, therefore we are also
using the `unbound-with-systemd` package here. Unbound will start up,
read the configuration files and start listening on the configured ports
before systemd will declare the unit "running". This will likely help
with startup order and the occasional race condition during system
activation where the DNS service is started but not yet ready to answer
queries.
Aditionally to the much stricter runtime environmet I removed the
`/dev/urandom` mount lines we previously had in the code (that would
randomly fail during `stop`-phase).
The `preStart` script is now only required if we enabled the trust
anchor updates (which are still enabled by default).
Another beneefit of the refactoring is that we can now issue reloads via
either `pkill -HUP unbound` or `systemctl reload unbound` to reload the
running configuration without taking the daemon offline. A prerequisite
of this was that unbound configuration is available on a well known path
on the file system. I went for /etc/unbound/unbound.conf as that is the
default in the CLI tooling which in turn enables us to use
`unbound-control` without passing a custom configuration location.
2020-11-03 19:21:24 +01:00
Kevin Cox
f1153d8a0a
Merge pull request #102528 from wizeman/u/fix-chrony-perm2
...
nixos/chrony: fix owner of chrony drift file
2020-11-03 12:44:13 -05:00
Kim Lindberger
cf2d180a12
Merge pull request #99906 from talyz/keycloak
...
nixos/keycloak: Init
2020-11-03 18:31:19 +01:00
ajs124
2b03d12ace
Merge pull request #102551 from freezeboy/remove-freepops
...
freepops: remove
2020-11-03 17:51:51 +01:00
WilliButz
0916fea195
Merge pull request #102541 from helsinki-systems/init/promtail
...
nixos/promtail: Add a promtail module
2020-11-03 17:34:01 +01:00
Kevin Cox
8230e62f57
Merge pull request #100495 from DianaOlympos/riak-cs-delete
...
riak-cs: delete
2020-11-03 11:17:42 -05:00
Janne Heß
54217cac69
nixos/promtail: Add a promtail module
2020-11-03 14:36:56 +01:00
Timo Kaufmann
6c13df3fc0
Merge pull request #99632 from midchildan/update/epgstation
...
epgstation: 1.7.4 -> 1.7.5
2020-11-03 14:03:31 +01:00
Frederik Rietdijk
470f05cb5d
Merge staging-next into staging
2020-11-03 12:06:41 +01:00
freezeboy
ee0e1e0bcb
nixos(freepops): remove module
2020-11-03 10:45:29 +01:00
Silvan Mosberger
8a7ea52173
Merge pull request #99019 from sumnerevans/master
...
Add ability to configure executable for redshift service
2020-11-03 01:00:40 +01:00
Silvan Mosberger
aeaf78adb8
Merge pull request #102204 from danderson/danderson/transmission-dir
...
nixos/transmission: point at the settings dir in cfg.home.
2020-11-03 00:45:04 +01:00
Ricardo M. Correia
48f8b85e1c
nixos/chrony: fix owner of chrony drift file
...
It had become owned by root due to #97546 .
2020-11-02 21:41:49 +01:00
Graham Christensen
75a2bc94fa
Merge pull request #101192 from grahamc/nixpkgs-location-basic-auth
...
nginx: support basic auth in location blocks
2020-11-02 09:44:54 -05:00
Graham Christensen
3361a037b9
nginx: add a warning that nginx's basic auth isn't very good.
2020-11-02 08:16:01 -05:00
Graham Christensen
c7bf3828f0
nginx: add basic auth support for locations
2020-11-02 08:16:00 -05:00
Graham Christensen
33cf4f0e8e
nginx: factor out the generation of basic auth generation
2020-11-02 08:16:00 -05:00
Dominique Martinet
1fb299064b
stunnel: make servers accept more lenient
...
stunnel config's accept syntax is [host:]port -- this is required to e.g. listen on ipv6
where one would set :::port
2020-11-02 10:51:00 +01:00
Dominique Martinet
05eef8051b
stunnel service: fix servers example
...
examples incorrectly had 'enable' set, the option is not defined
and reproducing would error out
2020-11-01 18:17:57 +01:00
Maximilian Bosch
4f3f06d070
Merge pull request #101553 from Mic92/nextcloud
...
Nextcloud: fix ldap integration
2020-11-01 16:10:18 +01:00
Jörg Thalheim
7b5cebfa71
Merge pull request #102237 from oxzi/tlp-deprecation-note
...
nixos/tlp: Fix deprecation hint
2020-11-01 11:46:11 +01:00
Frederik Rietdijk
409ca6f1f9
Merge staging-next into staging
2020-11-01 11:06:35 +01:00
Frederik Rietdijk
54f7498601
Merge pull request #101369 from doronbehar/pkg/kdeApplications/qt515
...
kdeApplications: Use latest qt515 by default
2020-11-01 11:05:05 +01:00
Frederik Rietdijk
83dde6c52c
Merge staging-next into staging
2020-11-01 10:11:12 +01:00
Rouven Czerwinski
733181d766
nixos/icecream: add modules
...
This adds modules for the icecream scheduler and daemon.
Icecream can be used for distributed compilation, especially in
environments with diverse toolchains, since it sends the complete build
environment to the daemon.
Unfortunatley the daemon can't be run with DynamicUser = true, since the
daemon requires to be started as root in order to accept other build
environments, see [1].
[1]: https://github.com/icecc/icecream#using-icecream-in-heterogeneous-environments
2020-11-01 08:13:08 +01:00
rnhmjoj
497b7018e4
nixos/bluetooth: disable restart on unit changes
2020-10-31 21:46:42 +01:00
Philipp Kern
ec6b0950ef
nixos/prometheus: Support environmentFile ( #97933 )
...
For the same reason Alertmanager supports environmentFile to pass
secrets along, it is useful to support the same for Prometheus'
configuration to store bearer tokens outside the Nix store.
2020-10-31 20:52:13 +01:00
WORLDofPEACE
eaaf9254aa
Merge pull request #100520 from hyperfekt/patch-3
...
nixos-install: add passthrough --keep-going flag
2020-10-31 15:19:51 -04:00
hyperfekt
1338647a8c
nixos-install: pass through keep-going flag
2020-10-31 17:13:45 +01:00
lf-
644079e707
nixos/modules: deprecation warning for StartLimitInterval in [Service]
...
This implements
https://github.com/NixOS/nixpkgs/issues/45786#issuecomment-440091879
2020-10-31 16:50:35 +01:00
Niklas Hambüchen
c178fe4bbb
nixos/modules: Reformat warnings
section
2020-10-31 16:50:25 +01:00
Alvar Penning
0ad1519ad9
nixos/tlp: Fix deprecation hint
...
The deprecated extraConfig option refers to the config option, which
does not exists. The settings option should be used.
2020-10-31 16:33:45 +01:00
lf-
b37bbca521
nixos/modules: fix systemd start rate-limits
...
These were broken since 2016:
f0367da7d1
since StartLimitIntervalSec got moved into [Unit] from [Service].
StartLimitBurst has also been moved accordingly, so let's fix that one
too.
NixOS systems have been producing logs such as:
/nix/store/wf98r55aszi1bkmln1lvdbp7znsfr70i-unit-caddy.service/caddy.service:31:
Unknown key name 'StartLimitIntervalSec' in section 'Service', ignoring.
I have also removed some unnecessary duplication in units disabling
rate limiting since setting either interval or burst to zero disables it
(ad16158c10/src/basic/ratelimit.c (L16)
)
2020-10-31 01:35:56 -07:00
Jade
2df221ec8a
nixos/postgresql: fix inaccurate docs for authentication ( #97622 )
...
* nixos/postgresql: fix inaccurate docs for authentication
We actually use peer authentication, then md5 based authentication.
trust is not used.
* Use a link for mkForce docs
Co-authored-by: aszlig <aszlig@redmoonstudios.org>
Co-authored-by: lf- <lf-@users.noreply.github.com>
Co-authored-by: aszlig <aszlig@redmoonstudios.org>
2020-10-31 03:35:19 -04:00
WORLDofPEACE
7b3b82f7af
Merge pull request #100136 from xaverdh/nixos-install-support-impure
...
nixos-install: pass through impure flag
2020-10-31 01:17:07 -04:00
David Anderson
43effbbc59
nixos/transmission: point at the settings dir in cfg.home.
...
Without this, transmission starts with an empty config when using
a custom home location.
Signed-off-by: David Anderson <dave@natulte.net>
2020-10-30 19:03:42 -07:00
David Anderson
9a8d6011aa
nixos/tailscale: add tailscale to environment.systemPackages.
...
Use of Tailscale requires using the `tailscale` CLI to talk to the
daemon. If the CLI isn't in systemPackages, the resulting user experience
is confusing as the Tailscale daemon does nothing.
Signed-off-by: David Anderson <dave@natulte.net>
2020-10-30 17:58:14 -07:00
Mira Ressel
a7de454a76
nixos/qemu-vm: Update system.requiredKernelConfig
...
Verify that all kernel modules which are required for mounting
/nix/store in the VM are present.
2020-10-30 22:22:58 +01:00
Mira Ressel
8ee970442b
nixos/qemu-vm: Don't require CONFIG_EXPERIMENTAL
...
The kernel stopped using this config option with version 3.9 (back in
2013!).
2020-10-30 22:22:57 +01:00
Mira Ressel
ef5268bcab
nixos/qemu-vm: Fix condition in requiredKernelConfig
...
'optional' just takes a single item rather than a list
2020-10-30 22:22:13 +01:00
Graham Christensen
860a3a23c6
Merge pull request #102175 from grahamc/ami-random
...
amazon-image: random.trust_cpu=on to cut 10s from boot
2020-10-30 16:13:41 -04:00
Graham Christensen
82578fc725
Merge pull request #102172 from grahamc/stage-1-datestamps
...
stage-1: add datestamps to logs
2020-10-30 16:13:02 -04:00
Graham Christensen
b34cf366aa
Merge pull request #102171 from grahamc/faster-ext-resize
...
stage-1: modprobe ext{2,3,4} before resizing (so resizing takes less than 45 minutes)
2020-10-30 16:12:50 -04:00
WORLDofPEACE
214af51225
Merge pull request #101067 from deviant/remove-caddy-agree
...
nixos/caddy: remove services.caddy.agree
2020-10-30 16:02:44 -04:00
Doron Behar
77e081bb2b
nixos/sddm: Use libsForQt514.sddm if needed (for lxqt)
...
Currently lxqt is a desktop environment that's compiled against qt514.
To avoid possible issues (#101369 ), we (hopefully) use the same qt
version as the desktop environment at hand. LXQT should move to qt515,
and for the long term the correct qt version should be inherited by the
sddm module.
2020-10-30 20:37:59 +02:00
Doron Behar
e681f442c9
nixos/plasma: Fix attribute path to kinit
2020-10-30 20:37:58 +02:00
Graham Christensen
c851030763
amazon-image: random.trust_cpu=on to cut 10s from boot
...
Ubuntu and other distros already have this set via kernel config.
2020-10-30 13:45:19 -04:00
Graham Christensen
ece5c0f304
stage-1: modprobe ext{2,3,4} before resizing
...
I noticed booting a system with an ext4 root which expanded to 5T took
quite a long time (12 minutes in some cases, 43(!) in others.)
I changed stage-1 to run `resize2fs -d 62` for extra debug output and
timing information. It revealed the adjust_superblock step taking
almost all of the time:
[Fri Oct 30 11:10:15 UTC 2020] zero_high_bits_in_metadata: Memory used: 132k/0k (63k/70k), time: 0.00/ 0.00/ 0.00
[Fri Oct 30 11:21:09 UTC 2020] adjust_superblock: Memory used: 396k/4556k (295k/102k), time: 654.21/ 0.59/ 5.13
but when I ran resize2fs on a disk with the identical content growing
to the identical target size, it would only take about 30 seconds. I
looked at what happened between those two steps in the fast case with
strace and found:
```
235 getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=1795}, ru_stime={tv_sec=0, tv_usec=3590}, ...}) = 0
236 write(1, "zero_high_bits_in_metadata: Memo"..., 84zero_high_bits_in_metadata: Memory used: 132k/0k (72k/61k), time: 0.00/ 0.00/ 0.00
237 ) = 84
238 gettimeofday({tv_sec=1604061278, tv_usec=480147}, NULL) = 0
239 getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=1802}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
240 gettimeofday({tv_sec=1604061278, tv_usec=480192}, NULL) = 0
241 mmap(NULL, 2564096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa3c7355000
242 access("/sys/fs/ext4/features/lazy_itable_init", F_OK) = 0
243 brk(0xf85000) = 0xf85000
244 brk(0xfa6000) = 0xfa6000
245 gettimeofday({tv_sec=1604061278, tv_usec=538828}, NULL) = 0
246 getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=58720}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
247 write(1, "adjust_superblock: Memory used: "..., 79adjust_superblock: Memory used: 396k/2504k (305k/92k), time: 0.06/ 0.06/ 0.00
248 ) = 79
249 gettimeofday({tv_sec=1604061278, tv_usec=539119}, NULL) = 0
250 getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=58812}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
251 gettimeofday({tv_sec=1604061279, tv_usec=939}, NULL) = 0
252 getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=520411}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
253 write(1, "fix_uninit_block_bitmaps 2: Memo"..., 88fix_uninit_block_bitmaps 2: Memory used: 396k/2504k (305k/92k), time: 0.46/ 0.46/ 0.00
254 ) = 88
```
In particular the access to /sys/fs seemed interesting. Looking
at the source of resize2fs:
```
[root@ip-172-31-22-182:~/e2fsprogs-1.45.5]# rg -B2 -A1 /sys/fs/ext4/features/lazy_itable_init .
./resize/resize2fs.c
923- if (getenv("RESIZE2FS_FORCE_LAZY_ITABLE_INIT") ||
924- (!getenv("RESIZE2FS_FORCE_ITABLE_INIT") &&
925: access("/sys/fs/ext4/features/lazy_itable_init", F_OK) == 0))
926- lazy_itable_init = 1;
```
I confirmed /sys is mounted, and then found a bug suggesting the
ext4 module is maybe not loaded:
https://bugzilla.redhat.com/show_bug.cgi?id=1071909
My home server doesn't have ext4 loaded and had 3T to play with, so
I tried (and succeeded with) replicating the issue locally:
```
[root@kif:/scratch]# lsmod | grep -i ext
[root@kif:/scratch]# zfs create -V 3G rpool/scratch/ext4
[root@kif:/scratch]# time mkfs.ext4 /dev/zvol/rpool/scratch/ext4
mke2fs 1.45.5 (07-Jan-2020)
Discarding device blocks: done
Creating filesystem with 786432 4k blocks and 196608 inodes
Filesystem UUID: 560a4a8f-93dc-40cc-97a5-f10049bf801f
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
real 0m2.261s
user 0m0.000s
sys 0m0.025s
[root@kif:/scratch]# zfs set volsize=3T rpool/scratch/ext4
[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4
resize2fs 1.45.5 (07-Jan-2020)
fs has 11 inodes, 1 groups required.
fs requires 16390 data blocks.
With 1 group(s), we have 22234 blocks available.
Last group's overhead is 10534
Need 16390 data blocks in last group
Final size of last group is 26924
Estimated blocks needed: 26924
Extents safety margin: 49
Resizing the filesystem on /dev/zvol/rpool/scratch/ext4 to 805306368 (4k) blocks.
read_bitmaps: Memory used: 132k/0k (63k/70k), time: 0.00/ 0.00/ 0.00
read_bitmaps: I/O read: 1MB, write: 0MB, rate: 3802.28MB/s
fix_uninit_block_bitmaps 1: Memory used: 132k/0k (63k/70k), time: 0.00/ 0.00/ 0.00
resize_group_descriptors: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
move_bg_metadata: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
zero_high_bits_in_metadata: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
```
here it got stuck for quite some time ... straceing this 20 minutes in revealed this in a tight loop:
```
getuid() = 0
geteuid() = 0
getgid() = 0
getegid() = 0
prctl(PR_GET_DUMPABLE) = 1 (SUID_DUMP_USER)
fallocate(3, FALLOC_FL_ZERO_RANGE, 2222649901056, 2097152) = 0
fsync(3) = 0
```
it finally ended 43(!) minutes later:
```
adjust_superblock: Memory used: 264k/3592k (210k/55k), time: 2554.03/ 0.16/15.07
fix_uninit_block_bitmaps 2: Memory used: 264k/3592k (210k/55k), time: 0.16/ 0.16/ 0.00
blocks_to_move: Memory used: 264k/3592k (211k/54k), time: 0.00/ 0.00/ 0.00
Number of free blocks: 755396/780023556, Needed: 0
block_mover: Memory used: 264k/3592k (216k/49k), time: 0.05/ 0.01/ 0.00
block_mover: I/O read: 1MB, write: 0MB, rate: 18.68MB/s
inode_scan_and_fix: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
inode_ref_fix: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
move_itables: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
calculate_summary_stats: Memory used: 264k/3592k (216k/49k), time: 16.35/16.35/ 0.00
fix_resize_inode: Memory used: 264k/3592k (222k/43k), time: 0.04/ 0.00/ 0.00
fix_resize_inode: I/O read: 1MB, write: 0MB, rate: 22.80MB/s
fix_sb_journal_backup: Memory used: 264k/3592k (222k/43k), time: 0.00/ 0.00/ 0.00
overall resize2fs: Memory used: 264k/3592k (222k/43k), time: 2570.90/16.68/15.07
overall resize2fs: I/O read: 1MB, write: 1MB, rate: 0.00MB/s
The filesystem on /dev/zvol/rpool/scratch/ext4 is now 805306368 (4k) blocks long.
real 43m1.943s
user 0m16.761s
sys 0m15.069s
```
I then cleaned up and recreated the zvol, loaded the ext4 module, created the ext4 fs,
resized the volume, and resize2fs'd and it went quite quickly:
```
[root@kif:/scratch]# zfs destroy rpool/scratch/ext4
[root@kif:/scratch]# zfs create -V 3G rpool/scratch/ext4
[root@kif:/scratch]# modprobe ext4
[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4
[root@kif:/scratch]# time mkfs.ext4 /dev/zvol/rpool/scratch/ext4
mke2fs 1.45.5 (07-Jan-2020)
Discarding device blocks: done
Creating filesystem with 786432 4k blocks and 196608 inodes
Filesystem UUID: 5b415f2f-a8c4-4ba0-ac1d-78860de77610
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done
real 0m1.013s
user 0m0.001s
sys 0m0.023s
[root@kif:/scratch]# zfs set volsize=3T rpool/scratch/ext4
[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4
resize2fs 1.45.5 (07-Jan-2020)
fs has 11 inodes, 1 groups required.
fs requires 16390 data blocks.
With 1 group(s), we have 22234 blocks available.
Last group's overhead is 10534
Need 16390 data blocks in last group
Final size of last group is 26924
Estimated blocks needed: 26924
Extents safety margin: 49
Resizing the filesystem on /dev/zvol/rpool/scratch/ext4 to 805306368 (4k) blocks.
read_bitmaps: Memory used: 132k/0k (63k/70k), time: 0.00/ 0.00/ 0.00
read_bitmaps: I/O read: 1MB, write: 0MB, rate: 3389.83MB/s
fix_uninit_block_bitmaps 1: Memory used: 132k/0k (63k/70k), time: 0.00/ 0.00/ 0.00
resize_group_descriptors: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
move_bg_metadata: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
zero_high_bits_in_metadata: Memory used: 132k/0k (68k/65k), time: 0.00/ 0.00/ 0.00
adjust_superblock: Memory used: 264k/1540k (210k/55k), time: 0.02/ 0.02/ 0.00
fix_uninit_block_bitmaps 2: Memory used: 264k/1540k (210k/55k), time: 0.15/ 0.15/ 0.00
blocks_to_move: Memory used: 264k/1540k (211k/54k), time: 0.00/ 0.00/ 0.00
Number of free blocks: 755396/780023556, Needed: 0
block_mover: Memory used: 264k/3592k (216k/49k), time: 0.01/ 0.01/ 0.00
block_mover: I/O read: 1MB, write: 0MB, rate: 157.11MB/s
inode_scan_and_fix: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
inode_ref_fix: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
move_itables: Memory used: 264k/3592k (216k/49k), time: 0.00/ 0.00/ 0.00
calculate_summary_stats: Memory used: 264k/3592k (216k/49k), time: 16.20/16.20/ 0.00
fix_resize_inode: Memory used: 264k/3592k (222k/43k), time: 0.00/ 0.00/ 0.00
fix_resize_inode: I/O read: 1MB, write: 0MB, rate: 5319.15MB/s
fix_sb_journal_backup: Memory used: 264k/3592k (222k/43k), time: 0.00/ 0.00/ 0.00
overall resize2fs: Memory used: 264k/3592k (222k/43k), time: 16.45/16.38/ 0.00
overall resize2fs: I/O read: 1MB, write: 1MB, rate: 0.06MB/s
The filesystem on /dev/zvol/rpool/scratch/ext4 is now 805306368 (4k) blocks long.
real 0m17.908s
user 0m16.386s
sys 0m0.079s
```
Success!
2020-10-30 12:18:23 -04:00
Graham Christensen
a179781696
stage-1: add datestamps to logs
...
When the stage-1 logs get imported in to the journal, they all get
loaded with the same timestamp. This makes it difficult to identify
what might be taking a long time in early boot.
2020-10-30 12:16:35 -04:00
Timo Kaufmann
83f48e8348
Merge pull request #95011 from Atemu/undervolt-pl
...
undervolt: expose power limits as Nixopts
2020-10-30 09:32:50 +01:00
Michele Guerini Rocco
1102a46ffe
Merge pull request #101724 from pickfire/patch-3
...
fontdir: add ttc to font regex
2020-10-30 08:41:34 +01:00
Benjamin Hipple
e00752079e
Merge pull request #102018 from 1000101/blockbook-frontend
...
blockbook-frontend: fix&update extraConfig example
2020-10-29 22:30:07 -04:00
Tad Fisher
e07f4d6795
nixos/throttled: disable kernel msr warning
2020-10-29 15:04:18 -07:00
Florian Klink
b8d59e93c8
nixos/networkd: allow RouteMetric= in [DHCPv6] section
2020-10-29 19:47:42 +01:00
talyz
89e83833af
nixos/keycloak: Add support for MySQL and external DBs with SSL
...
- Add support for using MySQL as an option to PostgreSQL.
- Enable connecting to external DBs with SSL
- Add a database port config option
2020-10-29 12:47:10 +01:00
talyz
c6e4388449
nixos/keycloak: Add documentation
2020-10-29 12:08:01 +01:00
talyz
fe5a16aee6
nixos/keycloak: Document internal functions
2020-10-29 12:07:55 +01:00
1000101
4b8611c959
blockbook-frontend: fix&update extraConfig example
2020-10-29 11:41:41 +01:00
Philipp
fc856b89e5
nixos/murmur: add murmur group, don't run as nogroup
...
fixes #101980
2020-10-29 10:32:04 +01:00
Martin Weinelt
55746e0a4b
Merge pull request #98187 from mweinelt/nixos/babeld
...
nixos/babeld: lock down service
2020-10-29 01:24:11 +01:00
Minijackson
3fce272478
nixos/shiori: harden service with systemd
2020-10-28 20:46:30 +01:00
Thomas Depierre
63caecee7d
riak-cs: delete
2020-10-28 19:31:33 +01:00
Vladimír Čunát
0b32140b34
Merge branch 'staging-next' into staging
2020-10-28 18:48:56 +01:00
Linus Heckemann
2b06415ca1
Merge pull request #101370 from m1cr0man/ssl-test-certs
...
nixos/acme: Permissions and tests fixes
2020-10-28 17:21:57 +01:00
Andreas Rammhold
db0fe5c3eb
Merge branch master into staging to fix eval error
...
This fixes the eval error of the small (and "big"?) NixOS test set that
was fixed in 1088f05
& eba8f542
.
2020-10-28 03:03:27 +01:00
davidak
4166a767de
doc: improve 20.09 release notes
2020-10-27 21:11:22 +01:00
talyz
513599a6d7
nixos/keycloak: Init
2020-10-27 19:01:26 +01:00
AmineChikhaoui
8cae6703ef
ec2-amis: add stable NixOS 20.09 AMIs
...
Fixes #101694
2020-10-27 08:52:15 -04:00
Ryan Mulligan
178d373a8a
Merge pull request #83687 from primeos/wshowkeys
...
wshowkeys: init at 2020-03-29
2020-10-26 18:55:16 -07:00
WORLDofPEACE
ace69f768b
Revert "nixos/pantheon: install nixos wallpaper"
...
This reverts commit 5100e4f250
.
Fixes https://github.com/NixOS/nixpkgs/issues/100293
Though it's only a workaround for now.
See https://github.com/elementary/switchboard-plug-pantheon-shell/issues/246#issuecomment-716713218
We trigger the broken scenario where we have two subdirectories. Reverting
that commit undoes this.
2020-10-26 13:45:19 -04:00
Nick Hu
921287e7f0
Merge pull request #97726 from NickHu/pam_gnupg
...
pam: add support for pam_gnupg
2020-10-26 15:27:13 +00:00
Andreas Rammhold
1088f05940
Merge pull request #101598 from andir/nixos-build-vms-qemu
...
nixos/tests: follow-up to the closure reduction PR
2020-10-26 14:19:45 +01:00
rnhmjoj
bc35565463
nixos/activation-script: make scripts well-typed
2020-10-26 13:33:12 +01:00
rnhmjoj
9e04bba0af
nixos/dnscrypt-wrapper: fix key rotation script
...
Fix an error in the validation code when the public key is in a
nonstandard location. The check command fails and the key is
incorrectly assumed to be expiring.
2020-10-26 13:07:49 +01:00
Jörg Thalheim
dfaa313d43
Merge pull request #101737 from aneeshusa/nginx-allow-unsetting-ssl_ciphers
...
nixos/nginx: Allow unsetting ssl_ciphers
2020-10-26 06:41:19 +01:00
Aneesh Agrawal
924035bb97
nixos/nginx: Allow unsetting ssl_ciphers
...
When using the Modern config from the Mozilla SSL config generator,
the `ssl_ciphers` parameter does not need to be set
as only TLSv1.3 is permitted and all of its ciphers are reasonable.
2020-10-26 00:35:29 -04:00
Jörg Thalheim
b7a2a5f967
nixos/nextcloud: fix several php endpoints
2020-10-26 05:06:43 +01:00
Klemens Nanni
0b8a6e787c
nixos/avahi: Enable IPv6 by default
...
Treat it the same as IPv4 (I'm tempted to disable IPv4 by default);
this is the only option I still need to set manually to enjoy IPv6-only
networks including printer discovery!
2020-10-26 04:06:26 +01:00
Ivan Tham
f6136d06ff
fontdir: add ttc to font regex
...
.ttc fonts are used by noto-fonts-cjk
2020-10-26 10:45:22 +08:00
Klemens Nanni
3216b85713
nixos/system-path: Add mkpasswd(1)
...
Generating password hashes, e.g. when adding new users to the system
configuration, should work out-of-the-box and offline.
2020-10-26 03:40:11 +01:00
WORLDofPEACE
4d71306596
Merge pull request #101516 from worldofpeace/gnome-polishing
...
GNOME polishing from Q.A findings
2020-10-25 18:41:34 -04:00
Andreas Rammhold
d4fb7daafd
nixos-build-vms: use the driverInteractive attribute instead
...
This reverts commit aab534b894
& uses the
driverInteractive attribute for the test driver instead.
This has the same effect but removes the extra module in the
nixos-build-vms code.
2020-10-25 20:14:53 +01:00
Maximilian Bosch
a3041ab124
Merge pull request #101645 from andir/qemu-tests-fixup
...
nixos/tests: only apply qemu parameters if the options are defined
2020-10-25 19:25:50 +01:00
Benjamin Hipple
f98312fcb5
Merge pull request #79759 from lopsided98/syncoid-no-root
...
nixos/syncoid: automatically setup privilege delegation
2020-10-25 10:40:33 -04:00
Andreas Rammhold
f4d7493162
nixos/tests: only apply qemu parameters if the options are defined
...
This fixes an eval error that occurred on hydra with the small channel
and the `nixos.tests.boot.biosCdrom.x86_64-linux` attribute:
> $ nix-instantiate nixos/release-small.nix -A nixos.tests.boot.biosCdrom.x86_64-linux
> warning: unknown setting 'experimental-features'
> error: The option `virtualisation.qemu' does not exist. Definition values:
> - In `/home/andi/dev/nixos/nixpkgs/nixos/modules/testing/test-instrumentation.nix':
> {
> consoles = [ ];
> package = {
> _type = "override";
> content = <derivation /nix/store/q72h2cdcb9zjgiay5gdgzwddjkbjr7xq-qemu-host-cpu-only-for-vm-tests-5.1.0.drv>;
> ...
> (use '--show-trace' to show detailed location information)
In bc2188b
we changed test test-instrumentation to also set the QEMU
package that is being used. That change unfortunately caused us to
always assing values to the virtualisation.qemu.package option even when
the option is not defined. The original code was explicitly testing for
the consoles case but the then newly extended version did not adjust the
check as the intention was probably not clear.
With this commit we are always ensuring the entire virtualisation.qemu
section exists and can thus drop the individual tests for each of the
sections since the QEMU module always defines both the package and the
consoles option when it's root is defined..
2020-10-25 13:42:01 +01:00
Felix Tenley
542f75079b
nixos/mosquitto: add passwordFile and hashedPasswordFile options
2020-10-25 10:53:38 +01:00
Vladimír Čunát
2f6b00b15e
Merge branch 'staging-next' into staging
2020-10-25 09:47:04 +01:00
Gabriel Ebner
a8a018ddc0
Merge pull request #101409 from rycee/dbus-warning
2020-10-25 09:16:28 +01:00
Aaron Andersen
a160fa008d
Merge pull request #100063 from aanderse/nixos/powerdns
...
nixos/powerdns: use upstream systemd unit
2020-10-24 18:47:43 -04:00
Andreas Rammhold
250fb4611f
Merge pull request #100456 from maralorn/boolToString
...
treewide: De-inline uses of lib.boolToString
2020-10-25 00:45:11 +02:00
Robert Helgesson
94819fdb5f
nixos/dbus: re-add a dummy socketActivated option
...
If set, then issue a warning instead of an error as previously.
2020-10-24 23:01:00 +02:00
Aaron Andersen
4f5d3794d3
nixos/powerdns: use upstream systemd unit
2020-10-24 16:40:20 -04:00
Lucas Savva
79ecf069f5
nixos/acme: Add data.email to othersHash in nixos > 20.09
2020-10-24 20:40:02 +01:00
WORLDofPEACE
6bc94d149b
Merge pull request #101563 from worldofpeace/fix-pantheon-greeter-brightness
...
nixos/lightdm: make lightdm user shell bash
2020-10-24 11:56:34 -04:00
WORLDofPEACE
ef803ab1bb
Merge pull request #100199 from worldofpeace/seeded-config
...
nixos/tools: add desktopConfiguration option (to seed configuration into configuration.nix)
2020-10-24 11:35:33 -04:00
WORLDofPEACE
c134f6443a
nixos/lightdm: make lightdm user shell bash
...
In https://github.com/NixOS/nixpkgs/issues/100119 pantheon's greeter
has g-s-d running which allows brightness controls via pkexec.
This is changed in newer versions of g-s-d (pantheon uses a fork currently),
but whenever brightness is changed with a shell of `shadow` we get
```
Oct 10 23:51:44 kirXps pkexec[18722]: lightdm: Executing command [USER=root] [TTY=unknown] [CWD=/var/lib/lightdm] [COMMAND=/run/current-system/sw/bin/elementary-settings-daemon/gsd-backlight-helper /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-eDP-1/intel_backlight 65587]
```
I'm not sure this should be strictly needed, so we should try to
revert later on when pantheon's g-s-d is updated.
2020-10-24 11:28:18 -04:00
WORLDofPEACE
39d1599767
installation-cd-graphical-gnome: add firefox to favorite-apps
2020-10-24 11:14:44 -04:00
WORLDofPEACE
7df6af303e
nixos/gnome3: add gnome-calendar to favorites
2020-10-24 11:14:41 -04:00
WORLDofPEACE
9cee7772e6
nixos/gnome3: add favoriteAppsOverride option
...
Rather messy and only needed for the installation cd, so it's
an internal option.
2020-10-24 11:14:22 -04:00
WORLDofPEACE
d89deddd5d
nixos/flatpak: introduce guiPackages
...
This adds basically an indirection to systemPackages
to automatically install an interface for flatpak for their respective
environments. e.g if I enable pantheon and flatpak you'll get appcenter,
and on gnome you'll see gnome-software.
https://github.com/NixOS/nixpkgs/issues/99648#issuecomment-706691174
2020-10-24 11:14:02 -04:00
WORLDofPEACE
b1587f9e19
nixos/gnome3: don't ship gnome-software
...
This serves no purpose without flatpak https://github.com/NixOS/nixpkgs/issues/99648#issuecomment-706691174
2020-10-24 11:14:01 -04:00
Maximilian Bosch
48612c79b1
Merge pull request #101473 from Ma27/nixos-build-vms-qemu
...
nixos/nixos-build-vms: use `pkgs.qemu` for virtualisation
2020-10-24 14:43:52 +02:00
WORLDofPEACE
70dc25abd9
nixos/gnome3: don't put epiphany in favorite apps
2020-10-23 20:20:07 -04:00
Jan Tojnar
61afd7f80e
tracker_2: drop
...
It does not seem to work and only semi-broken apps like Books and Documents depend on it.
2020-10-24 01:18:49 +02:00
Jan Tojnar
4dd2437068
gnome-photos: use Tracker 3
2020-10-24 01:18:48 +02:00
Jan Tojnar
20e21721c8
gnome3: do not use alias for gnome-photos
2020-10-24 01:18:48 +02:00
Jan Tojnar
87e3d553cf
gnome-photos: 3.37.2 → 3.38.0
...
https://ftp.gnome.org/pub/GNOME/sources/gnome-photos/3.37/gnome-photos-3.37.91.news
https://ftp.gnome.org/pub/GNOME/sources/gnome-photos/3.37/gnome-photos-3.37.91.1.news
https://ftp.gnome.org/pub/GNOME/sources/gnome-photos/3.38/gnome-photos-3.38.0.news
2020-10-24 01:18:48 +02:00
Jan Tojnar
ea1923841a
nixos/gnome3: re-add tracker 2 dbus services
...
They are still needed by Photos, Books and Documents.
2020-10-24 01:18:48 +02:00
Jan Tojnar
d1eeb643e2
gnome3.mutter: 3.38.0 → 3.38.1
...
https://ftp.gnome.org/pub/GNOME/sources/mutter/3.38/mutter-3.38.1.news
It requires some udev rules on some devices.
2020-10-24 01:18:01 +02:00
WORLDofPEACE
e1317b8b7b
nixos/telepathy: add sessionPath
2020-10-24 01:17:29 +02:00
WORLDofPEACE
9c9e519318
nixos/gnome3: add core-developer-tools
...
See these issues/PRs in gnome-build-meta:
https://gitlab.gnome.org/GNOME/gnome-build-meta/-/merge_requests/588
https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/143
I'm unsure if devhelp gets API docs in a straightforward way in NixOS.
2020-10-24 01:17:29 +02:00
WORLDofPEACE
11d6c2fb35
nixos/gnome3: long lists
2020-10-24 01:17:28 +02:00
WORLDofPEACE
cd48c50e35
nixos/gnome3: update links
2020-10-24 01:17:28 +02:00
WORLDofPEACE
0b767c8b3d
nixos/gnome3: add gnome-connections to core-utilities
...
When we redid the default apps we didn't add gnome-boxes for
rdp/vnc. (plus it doesn't really work well in nixos). With gnome-connections
we can now have this functionality, as file sharing is a default function
in g-c-c Sharing.
2020-10-24 01:17:27 +02:00
Piotr Bogdan
f1f85419d2
nixos/gdm: add gdm to systemd.packages
...
GDM now provides gnome-session@gnome-login.target.d/session.conf though I'm not even sure if it's needed.
2020-10-24 01:15:14 +02:00
Doron Behar
c90450014f
Merge pull request #101480 from Flakebi/salt
2020-10-24 01:31:41 +03:00
Jan Tojnar
3a73543401
Merge pull request #93725 from nglen/pipewire
2020-10-24 00:05:33 +02:00
WilliButz
993437d0d6
Merge pull request #96511 from Zopieux/rtl_433_prom
...
Add rtl_433 Prometheus exporter
2020-10-23 23:24:38 +02:00
Nathaniel Glen
57510bf522
pipewire: cleanup path testing
2020-10-23 16:35:48 -04:00
Alexandre Macabies
121bc17ab9
nixos/prometheus-rtl_433-exporter: new module
2020-10-23 20:33:42 +02:00
Lucas Savva
76401c9a3b
nixos/acme: lego run whenen account is missing
2020-10-23 18:52:42 +01:00
Nathaniel Glen
f6745d06f5
nixos/pipewire: cleanup module
2020-10-23 13:51:41 -04:00
Flakebi
e0ea4826f4
salt: remove aneeshusa and add Flakebi as maintainer
2020-10-23 19:48:48 +02:00
WORLDofPEACE
b44e32988c
Merge pull request #101274 from worldofpeace/gnome-logout-button
...
nixos/display-managers: add sessionData.desktops to XDG_DATA_DIRS
2020-10-23 11:46:46 -04:00
Maximilian Bosch
aab534b894
nixos/nixos-build-vms: use pkgs.qemu
for virtualisation
...
When I test a change e.g. in the module system manually, I usually use
`nixos-build-vms(8)` which also gives me a QEMU window where I can play
around in the freshly built VM.
It seems as this has changed recently when the default package for
non-interactive VM tests using the same framework was switched to
`pkgs.qemu_test` to reduce the closure size. While this is a reasonable
decision for our CI tests, I think that you really want a QEMU window of
the VM by default when using `nixos-build-vms(8)`.
[1] bc2188b083
2020-10-23 17:37:57 +02:00
Anton Plotnikov
1321ae850c
fido2luks: 0.2.3 -> 0.2.15
...
Also remove interactive flag from initrd, because of broken io.
2020-10-23 11:03:31 +03:00
Joe Edmonds
1d420c8115
nixos/ssmtp: minor typo fix
2020-10-22 09:34:21 -07:00
Lucas Savva
89d134b3fd
nixos/acme: Use more secure chmods
...
Previous settings would make files executable in
the certs directories.
2020-10-22 14:04:31 +01:00
Eelco Dolstra
d28565a1c6
nix: 2.3.7 -> 2.3.8
2020-10-22 14:47:55 +02:00
Maximilian Bosch
98170761a8
Merge pull request #101222 from omasanori/ssh-kex
...
nixos/sshd: update kexAlgorithms, fix links
2020-10-22 13:27:47 +02:00
Eelco Dolstra
05bdfd6f2f
Merge pull request #98973 from Ma27/bump-hydra
...
hydra-unstable: 2020-09-02 -> 2020-10-20
2020-10-22 12:01:13 +02:00
Andreas Rammhold
89351525fa
Merge pull request #101246 from rnhmjoj/vm-fix
...
nixos: fix qemu_test being used in normal VMs
2020-10-22 11:09:05 +02:00
symphorien
9e8eaea484
nixos/sslh: fix usage of the now removed ssl probe ( #101087 )
...
and document
2020-10-21 21:34:35 +02:00
WORLDofPEACE
755ba171c7
nixos/display-managers: add sessionData.desktops to XDG_DATA_DIRS
...
Fixes #100108
Alternative to https://github.com/NixOS/nixpkgs/pull/100112 which doesn't break stuff.
2020-10-21 14:39:39 -04:00
Maximilian Bosch
1308817e05
nixos/hydra: remove hydra-migration upgrade path
...
This should NOT be backported to 20.09!
When 21.03 is released, the DB changes are about a year old and
operators had two release cycles for the upgrade. At this point it
should be fair to remove the compat layer to reduce the complexity of
the module itself.
2020-10-21 18:03:04 +02:00
rnhmjoj
bc2188b083
nixos: fix qemu_test being used in normal VMs
...
This is an attempt to fixup PR #49403 .
2020-10-21 16:38:04 +02:00
Izorkin
d59bfded58
nixos/dhcpcd: if disabled IPv6 don't solicit or accept IPv6
2020-10-21 14:56:08 +03:00
Martin Weinelt
c821e0d4be
nixos/babeld: lock down service
...
→ Overall exposure level for babeld.service: 2.2 OK 🙂
2020-10-21 12:26:02 +02:00
Justin Lovinger
1168e13bb0
nixos/nfs: add idmapd.settings option
...
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
2020-10-20 22:10:02 -04:00
Aaron Andersen
ae02e1fe53
nixos/ldap: minor cosmetic fixes
2020-10-20 19:50:18 -04:00
Aaron Andersen
a1acbfbfcb
nixos/ldap: add missing types
2020-10-20 19:50:18 -04:00