Jack Kelly
6fd871dec4
rl-21.03: describe EC2 instance user/meta data reloading
2020-11-22 12:22:46 +10:00
Jack Kelly
43bfd7e5b1
{ec2,openstack}-metadata-fetcher: unconditionally fetch metadata
...
The metadata fetcher scripts run each time an instance starts, and it
is not safe to assume that responses from the instance metadata
service (IMDS) will be as they were on first boot.
Example: an EC2 instance can have its user data changed while
the instance is stopped. When the instance is restarted, we want to
see the new user data applied.
2020-11-22 11:04:46 +10:00
Jack Kelly
8c39655de3
{ec2,openstack}-metadata-fetcher: introduce wget_imds function
2020-11-22 11:04:46 +10:00
Jack Kelly
f8c3027812
openstack-metadata-fetcher: stop lying in log message
2020-11-22 11:04:46 +10:00
Jörg Thalheim
258903e725
Merge pull request #94610 from kwohlfahrt/openldap
2020-11-21 23:09:40 +01:00
Aaron Andersen
30c2069a9c
Merge pull request #78168 from active-group/subversion-apache-config-docs
...
nixos/doc: Rudimentary documentation for Subversion-inside-Apache HTTP.
2020-11-21 15:17:45 -05:00
Kai Wohlfahrt
c96f18feee
nixos/openldap: migrate sssd-ldap to new settings
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
db5bb4e26b
nixos/openldap: Fix sssd-ldap test
...
Use this as a test of the migration warnings/functionality.
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
fefc26f844
nixos/openldap: use mkRenamedOptionModule
...
This offers less helpful warnings, but makes the implementation
considerably more straightforward.
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
ce1acd97a7
nixos/openldap: fix path + base64 value types
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
b2ebffe186
nixos/openldap: Fix indentation
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
3f892c2174
nixos/openldap: Remove extraConfig options
...
Instead of deprecating, as per PR feedback
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
2050376cae
nixos/openldap: Mention schemas in migration hint
2020-11-21 15:45:16 +00:00
Kai Wohlfahrt
5fafbee87a
nixos/openldap: Add release-notes for OLC config
2020-11-21 15:45:15 +00:00
Kai Wohlfahrt
adda7e62d0
nixos/openldap: Add support for base64 values
2020-11-21 15:39:20 +00:00
Kai Wohlfahrt
d05061c5cd
nixos/openldap: Pick some PR nits
2020-11-21 15:39:20 +00:00
Kai Wohlfahrt
9528faf182
nixos/openldap: Allow declarativeContents for multiple databases
2020-11-21 15:39:19 +00:00
Kai Wohlfahrt
057cb570be
nixos/openldap: Add delcarativeConfig by suffix
...
Adding by index could be an issue if the user wanted the data to be
added to a DB other than the first.
2020-11-21 15:39:19 +00:00
Kai Wohlfahrt
1fde3c3561
nixos/openldap: switch to slapd.d configuration
...
The old slapd.conf is deprecated. Replace with slapd.d, and use this
opportunity to write some structured settings.
Incidentally, this fixes the fact that openldap is reported up before
any checks have completed, by using forking mode.
2020-11-21 15:39:19 +00:00
Joachim F
547d660f64
Merge pull request #104052 from TredwellGit/nixos/malloc
...
nixos/malloc: fix Scudo
2020-11-21 14:31:58 +00:00
Frederik Rietdijk
f36b838e2a
nixos test-driver: fix single line docstrings, fixes #104467
...
Single line docstrings should have the """ on a single line according to PEP 8.
It seems support for this landed in the latest version of Black.
2020-11-21 09:51:31 +01:00
Frederik Rietdijk
1ffd7cf0d6
Merge master into staging-next
2020-11-21 08:43:10 +01:00
Milan Pässler
d6e0d38b84
nixos/tests/gitlab: add 32 byte secrets
2020-11-21 01:39:08 +01:00
Milan Pässler
0f82bd767b
nixos/gitlab: start gitaly after gitlab
2020-11-21 01:38:11 +01:00
Guillaume Girol
01083f116d
Merge pull request #102235 from symphorien/paperwork2
...
Paperwork 2.0
2020-11-20 21:30:08 +00:00
Jeff Slight
f98a6322e6
nixos/gitlab: add changes for gitlab 13.4.x
2020-11-20 19:26:30 +01:00
Graham Christensen
75d7828724
Merge pull request #98544 from Mic92/unfuck-update-user-group
...
nixos/update-user-groups: Fix encoding issues + atomic writes
2020-11-20 10:28:52 -05:00
Florian Klink
90d5bdb12f
nixosTests.podman: run default backends, don't run runc rootless
...
The runc backend doesn't work with unified cgroup hierarchy, and it
failing is a known issue.
However, the default backends should work in both rootless and as-root
scenarios, so make sure we test these.
2020-11-20 16:23:35 +01:00
adisbladis
da3516f694
Merge pull request #104374 from adisbladis/dockertools-cross-aarch64
...
dockerTools: Always cross compile for another arch in the cross example
2020-11-20 14:57:26 +01:00
Eelco Dolstra
80097e57c9
nix: 2.3.8 -> 2.3.9
2020-11-20 13:03:04 +01:00
adisbladis
b7b22c5814
dockerTools: Always cross compile for another arch in the cross example
...
The example fails to build on aarch64, so lets cross build for gnu64.
2020-11-20 12:57:58 +01:00
Frederik Rietdijk
553b7a8bf0
Merge master into staging-next
2020-11-20 08:12:06 +01:00
Jan Tojnar
f6105d21e3
Merge branch 'master' into staging-next
2020-11-20 01:38:32 +01:00
Graham Christensen
b339462460
nixos: release-combined: only build the amazon image for x86_64,aarch64-linux -- exclude i686
2020-11-19 19:34:23 -05:00
Graham Christensen
1115df837e
Merge pull request #104322 from grahamc/amazon-image
...
nixos/release-small: add amazonImage
2020-11-19 18:45:07 -05:00
Graham Christensen
1ef139f3b0
nixos/release-small: add amazonImage
...
fixup breakage from #104193
2020-11-19 17:45:40 -05:00
Graham Christensen
7fa7bf2fda
Merge pull request #104193 from grahamc/ec2-metadata-imdsv2
...
NixOS EC2 AMI: Support IMDSv2
2020-11-19 16:11:32 -05:00
Robert Hensing
c68e739300
Merge pull request #104271 from adisbladis/dockertools-cross
...
dockerTools.buildLayeredImage: Fix cross compilation
2020-11-19 20:41:53 +01:00
Frederik Rietdijk
ea7b8978ef
Merge master into staging-next
2020-11-19 20:08:15 +01:00
Graham Christensen
0d87ce610e
nixos: release: add amazonImage as a channel blocker
2020-11-19 13:56:55 -05:00
Graham Christensen
f2cfecdec3
nixos ami: preflight the imds token
...
According to Freenode's ##AWS, the metadata server can sometimes
take a few moments to get its shoes on, and the very first boot
of a machine can see failed requests for a few moments.
2020-11-19 13:56:44 -05:00
Graham Christensen
83ea88e03f
nixos: ec2 ami: support IMDSv2
...
AWS's metadata service has two versions. Version 1 allowed plain HTTP
requests to get metadata. However, this was frequently abused when a
user could trick an AWS-hosted server in to proxying requests to the
metadata service. Since the metadata service is frequently used to
generate AWS access keys, this is pretty gnarly. Version two is
identical except it requires the caller to request a token and provide
it on each request.
Today, starting a NixOS AMI in EC2 where the metadata service is
configured to only allow v2 requests fails: the user's SSH key is not
placed, and configuration provided by the user-data is not applied.
The server is useless. This patch addresses that.
Note the dependency on curl is not a joyful one, and it expand the
initrd by 30M. However, see the added comment for more information
about why this is needed. Note the idea of using `echo` and `nc` are
laughable. Don't do that.
2020-11-19 13:00:56 -05:00
adisbladis
11367b2db1
dockerTools: Add cross compilation test
2020-11-19 18:13:22 +01:00
Florian Klink
f6832971f5
nixosTests.systemd: increase accounting coverage
...
For now, testing IO Accounting is skipped, as it seems to be either
broken, or hard to reproduce in a VM.
2020-11-19 16:56:46 +01:00
Florian Klink
5d45f269aa
nixos/k3s: disable unifiedCgroupHierarchy
...
This gets automatically disabled by docker if the docker backend is
used, but the bundled containerd also doesn't seem to support cgroupsv2,
so disable it explicitly here, too.
2020-11-19 16:56:46 +01:00
Florian Klink
d22b3ed4bc
systemd: switch to unified cgroup hierarchy by default
...
See https://www.redhat.com/sysadmin/fedora-31-control-group-v2 for
details on why this is desirable, and how it impacts containers.
Users that need to keep using the old cgroup hierarchy can re-enable it
by setting `systemd.unifiedCgroupHierarchy` to `false`.
Well-known candidates not supporting that hierarchy, like docker and
hidepid=… will disable it automatically.
Fixes #73800
2020-11-19 16:56:46 +01:00
Jörg Thalheim
2bf5899d6a
Merge pull request #104105 from spacefrogg/openafs-1.9
2020-11-19 14:42:17 +01:00
Matt Votava
746efadcce
home-assistant: add allowlist_external_dirs to systemd unit ReadWritePaths
2020-11-19 04:29:03 -08:00
Robert Hensing
c790ed8c4e
Merge pull request #96371 from asdf8dfafjk/fcitx_commit
...
fcitx: Add test (Unicode input, table input, m17n)
2020-11-19 11:05:36 +01:00
Silvan Mosberger
3307adf755
Merge pull request #98980 from JustinLovinger/idmapd
...
nixos/nfs: add idmapd.settings option
2020-11-18 22:46:48 +01:00
Jörg Thalheim
58bf9ed18b
nixos/telegraf: fix test
2020-11-18 21:42:01 +01:00
Jörg Thalheim
0f84e08fcd
nixos/telegraf: make example a bit more compact
2020-11-18 21:41:58 +01:00
Jörg Thalheim
69caedcc42
nixos/telegraf: null value for environmentFiles is invalid
...
it's also not needed given that empty list covers all use cases.
2020-11-18 21:41:55 +01:00
Andreas Rammhold
6f7d8e5528
nixos/sane: bump the MaxConnections to a reasonable amount
...
Whenever I try to scan from another computer it has to establish >2
connections in order to succeed. With the connections being limited to 1
I can not scan any document.
This is also what other distributions ([Debian], [ArchLinux], …) have
done in one way or another.
[Debian]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850649#5
[ArchLinux]: no limit: 99cba454bb/trunk/saned.socket (L4)
2020-11-18 20:25:44 +01:00
Graham Christensen
21339b41bf
nixos: openstack: have its own metadata fetcher expression
...
These two APIs have diverged over time and are no longer compatible.
2020-11-18 11:42:32 -05:00
Frederik Rietdijk
da12fc6838
Merge staging-next into staging
2020-11-18 15:36:56 +01:00
Emery Hemingway
7e25b71132
nixos: use nativeBuildInputs in make- iso9660-image and system-tarball
...
The tools used to create iso9660 images and tarballs are independent of
the platform of the closure contained within.
2020-11-18 14:05:30 +01:00
Janne Heß
e5e9887e38
nixos/dbus: Add AppArmor support
2020-11-18 10:10:36 +01:00
Michael Raitza
1f323ec2b4
openafs: remove 1.6; point to openafs_1_8
2020-11-17 21:31:59 +01:00
Vladimír Čunát
bdcd2d82ee
Merge #103633 : kresd service: switch .listenDoH
...
... to new implementation - and a couple other improvements.
2020-11-17 20:06:55 +01:00
Vladimír Čunát
e61ef63e4e
kresd service: switch .listenDoH to new implementation
...
Beware: extraFeatures are not needed *for this* anymore,
but their removal may still cause a regression in some configs
(example: prefill module).
2020-11-17 20:04:56 +01:00
Tim Steinbach
08e6c4d001
Merge pull request #104018 from NeQuissimus/xterm_update
...
xterm: 353 -> 362, add test, add update script
2020-11-17 12:15:19 -05:00
Tim Steinbach
0984125676
Merge pull request #103988 from NeQuissimus/nano_update
...
nano: Update script, test
2020-11-17 12:14:51 -05:00
TredwellGit
fc6948cd47
nixos/malloc: fix Scudo
...
Fixes segmentation faults.
https://github.com/NixOS/nixpkgs/issues/100799
2020-11-17 09:11:31 -05:00
Oleksii Filonenko
512c3c0a05
maintainers: rename filalex77 -> Br1ght0ne
2020-11-17 13:09:31 +02:00
Tim Steinbach
61e56265c2
xterm: Add test
2020-11-16 22:13:13 -05:00
Tim Steinbach
0338f728c0
nano: Add test
2020-11-16 14:00:34 -05:00
Jörg Thalheim
e54cd0ef25
Merge pull request #103876 from Mic92/lvm-generator-fix
...
nixos/lvm2-activation-generator: fix warnings on activation
2020-11-16 18:37:36 +01:00
Florian Klink
462c5b26c5
Merge pull request #103966 from flokli/kernel-enable-ipv6
...
kernel config: explicitly enable CONFIG_IPV6
2020-11-16 16:32:50 +01:00
Frederik Rietdijk
36b27ccf77
Merge pull request #103462 from NixOS/staging-next
...
Staging next
2020-11-16 15:23:47 +01:00
Maximilian Bosch
9fc484c373
Merge pull request #103717 from WilliButz/codimd/add-package-option
...
nixos/codimd: add package option, refactor prettyJSON
2020-11-16 13:46:17 +01:00
Florian Klink
13be37662d
kernel config: explicitly enable CONFIG_IPV6
...
We currently build CONFIG_IPV6=m.
This seems to be not really well-supported in mainline kernels - see
https://lore.kernel.org/netdev/20201115224509.2020651-1-flokli@flokli.de/T/#u
Compiling it as a module doesn't give too much benefit - even for people
who did explicitly set `enableIPv6` to false, the `ipv6` module was
still loaded, as soon as another module was loaded that requires it
(bridge,br_netfilter,wireguard,ip6table_mangle,sctp,…).
By compiling it in, we only loose the possibility to not add it to
`boot.kernelModules` anymore (as it's part of the kernel directly). The
space savings are negligible.
People wanting to disable IPv6 still get the appropriate sysctls and
options set (while having the kernel code loaded), nothing is really
changing here.
2020-11-16 13:07:49 +01:00
Andreas Rammhold
ad37c2c445
Merge pull request #102916 from andir/nixos-help
...
nixos-help: fixup .desktop file & smaller refactoring
2020-11-16 12:17:28 +01:00
Frederik Rietdijk
986c2d36da
Merge master into staging-next
2020-11-16 09:01:53 +01:00
Symphorien Gibol
3c9707d4a3
nixos: add release notes for the paperwork update.
2020-11-15 15:46:53 +01:00
Jörg Thalheim
8ac3a1503a
nixos/lvm2-activation-generator: fix warnings on activation
2020-11-15 08:06:05 +01:00
Cole Helbling
19c0927d30
nixos/doas: add noLog option
2020-11-14 19:16:56 -08:00
Jörg Thalheim
e2289a5f18
Merge pull request #98025 from Mic92/telegraf
2020-11-14 17:02:53 +01:00
Jörg Thalheim
7534d92648
nixos/telegraf: allow multiple env files
2020-11-14 16:33:50 +01:00
Jörg Thalheim
8edc4619ab
nixos/telegraf: switch to setting types
...
This allows to split up configuration into multiple modules
2020-11-14 16:33:46 +01:00
Jörg Thalheim
157d7354d6
nixos/telegraf: add environmentFile option
2020-11-14 16:33:42 +01:00
Jörg Thalheim
9750813b89
nixos/telegraf: add support for native ping
2020-11-14 16:33:39 +01:00
Mike Sperber
aaad9fd0da
nixos/doc: Rudimentary documentation for Subversion-inside-Apache HTTP.
...
Content thanks to: Aaron Andersen
2020-11-14 15:05:46 +01:00
Symphorien Gibol
6fa1646268
nixos/firejail: allow to pass options to firejail
2020-11-14 12:00:00 +00:00
Frederik Rietdijk
463f738cc6
Merge master into staging-next
2020-11-13 20:58:35 +01:00
WilliButz
74d354a397
nixos/codimd: add package option, refactor prettyJSON
...
This adds a `package` option to allow for easier overriding of the used
CodiMD version and `runCommandLocal` with `nativeBuildInputs` is now
used to pretty print the configuration.
2020-11-13 16:14:41 +01:00
Doron Behar
8769c817f4
Merge pull request #75615 from FSMaxB/patch-1
...
Add note about installing NixOS from distributions with /usr/sbin and…
2020-11-13 10:50:32 +02:00
Max Bruckner
be0555b8a8
nixos/doc: Add note about /usr/sbin and /sbin
...
An installation from Debian buster may fail without adding /usr/sbin to
$PATH because chroot is not in the PATH of a non-root user.
2020-11-13 10:30:20 +02:00
Maximilian Bosch
fca0aad258
Merge pull request #103500 from chkno/nixos-YY.MM-not-in-nixpkgs-channels
...
doc: 20.09 release notes: nixos-YY.MM branches no longer in nixos-channels repo
2020-11-12 23:27:27 +01:00
Martin Weinelt
9309563332
postfix: add passthru tests
2020-11-12 20:00:50 +01:00
Martin Weinelt
1b5a1c697d
nixos/tests/postfix: migrate test to use tlsTrustedAuthorities
...
Fixes: 632104e
("postfix: deprecated `sslCACert` in favour of
`tlsTrustedAuthorities`")
2020-11-12 19:38:27 +01:00
Elis Hirwing
2789f47b97
Merge pull request #103531 from gnidorah/acpilight
...
nixos/acpilight: add to packages
2020-11-12 07:02:39 +01:00
zowoq
31051812bc
nixos/doc/*: fix indentation
2020-11-12 14:24:00 +10:00
gnidorah
ec26da1fc6
nixos/acpilight: add to packages
2020-11-12 05:22:18 +03:00
Kevin Cox
66c98ec550
Merge pull request #95751 from srhb/forceImportAll
...
nixos/zfs: Fix boot.zfs.forceImportAll
2020-11-11 20:32:42 -05:00
Maximilian Bosch
c9e96d90de
Merge pull request #103499 from chkno/fix-doc-build
...
doc: Fix doc-building instructions
2020-11-11 23:42:35 +01:00
Scott Worley
f72a3142f0
doc: 20.09 release notes: nixos-YY.MM branches no longer in nixos-channels repo
...
Since 7c442a2f67
for https://github.com/NixOS/nixpkgs/issues/99257
2020-11-11 11:29:39 -08:00
Scott Worley
88b7340a79
doc: Fix doc-building instructions
2020-11-11 11:22:29 -08:00
Gabriel Ebner
753656bbbc
Merge pull request #103225 from gebner/hsphfpd
...
pulseaudio: add hsphfpd support
2020-11-11 19:56:35 +01:00
Sarah Brofeldt
e0d51db401
nixos: boot.zfsImportAll = false; by default
...
Also add 21.03 release note
2020-11-11 18:46:05 +01:00
Sarah Brofeldt
a4010e0580
nixos/zfs: Respect forceImportAll in import service
2020-11-11 18:45:14 +01:00
Sarah Brofeldt
ffe4dbf32f
nixos/tests/zfs: Test boot.zfs.forceImportAll
2020-11-11 18:45:14 +01:00
Frederik Rietdijk
4076ffe580
Merge staging-next into staging
2020-11-11 16:00:34 +01:00
Tim Steinbach
b9c505b7bf
sbt-extras: Add test
2020-11-11 09:32:06 -05:00
Kevin Cox
dce7cc111a
Merge pull request #96912 from atlaua/aranea/qemu-vm-kernel-config
...
nixos/qemu-vm: Fix and update system.requiredKernelConfig entries
2020-11-11 07:29:14 -05:00
Kevin Cox
5dee9b5699
Merge pull request #96679 from midchildan/add-mackerel
...
mackerel-agent: init at 0.69.3
2020-11-11 06:59:22 -05:00
Daniël de Kok
3497b757d3
Merge pull request #102472 from helsinki-systems/feat/vim-python3
...
vim: Get rid of Python 2 dependency
2020-11-11 11:52:02 +01:00
Maximilian Bosch
a805b2ea32
Merge pull request #103182 from pacien/ssmtp-assert-usestarttls-usetls
...
nixos/ssmtp: add assertion for useSTARTTLS dependency on useTLS
2020-11-11 10:51:00 +01:00
Aaron Andersen
e419de361d
Merge pull request #102376 from felschr/feat/cfdyndns-password-file
...
nixos/cfdyndns: add apikeyFile option
2020-11-10 18:08:25 -05:00
Edmund Wu
4d0ad2783d
nixos/*: hsphfpd support
2020-11-10 20:53:13 +01:00
ajs124
fd950b9fc7
Merge pull request #103196 from helsinki-systems/fix/plasma5-noaliases
...
nixos/plasma5: Fix when running without aliases
2020-11-10 16:59:34 +01:00
Felix Tenley
a33290b1a8
nixos/cfdyndns: add apikeyFile option
...
nixos/cfdyndns: remove apikey option
2020-11-10 14:00:16 +01:00
Jörg Thalheim
31a0b5dff6
nixos/promtail: fix access to journal
2020-11-10 10:49:27 +01:00
Jörg Thalheim
4c64fa224e
nixos/loki: mergeable configuration
...
type.attrs is not mergable
2020-11-10 10:49:25 +01:00
Jörg Thalheim
88d1da8e5d
nixos/promtail: use json type for configuration
2020-11-10 10:49:23 +01:00
Jörg Thalheim
689eb49d42
nixos/loki: add logcli to system path
...
Admins quite likely want to query loki for debugging purpose.
2020-11-10 10:49:21 +01:00
Frederik Rietdijk
0b2ca377b1
Merge staging-next into staging
2020-11-10 10:13:13 +01:00
Frederik Rietdijk
379aaa1e0c
Merge master into staging-next
2020-11-10 10:11:08 +01:00
WORLDofPEACE
fcef646736
Merge pull request #93431 from sorki/audio/pulseJack
...
nixos/jack,pulseaudio: fix pulse connection to jackd service
2020-11-09 19:40:12 -05:00
Michele Guerini Rocco
e6b8587b25
Merge pull request #101755 from rnhmjoj/activation-type
...
nixos/activation-script: make scripts well-typed
2020-11-10 00:04:47 +01:00
Jan Tojnar
3a5ba30c13
fwupd: 1.4.6 → 1.5.1
...
* https://github.com/fwupd/fwupd/releases/tag/1.5.0
* https://github.com/fwupd/fwupd/releases/tag/1.5.1
* The changelog mentions removed dependency on efivar but we still need the package because it also contains efiboot required dependency. https://github.com/fwupd/fwupd/pull/2485
* Blacklist options were renamed.
* Test firmware was moved to a separate repo. We need to install it or some tests will be skipped. https://github.com/fwupd/fwupd/pull/2330
* Initially, there was an option to configure dbx but in the end, it was removed in favour of bespoke dbxtool. https://github.com/fwupd/fwupd/pull/2061 , https://github.com/fwupd/fwupd/pull/2318 , https://github.com/fwupd/fwupd/pull/2329
* Fwupd now checks hashes of plug-ins and will complain loudly that it is tainted when “invalid” plug-in is loaded (during testing).
* Installed tests complain about not being able to access cdn, even though we are not setting CI_NETWORK env var. We need a patch to fix that.
2020-11-09 22:50:17 +01:00
Edmund Wu
0e4d0d95d0
treewide: generate pulseaudio pulseDir
2020-11-09 19:24:42 +01:00
Timo Kaufmann
b839d4a855
Merge pull request #98938 from raboof/nixos-manual-wayland
...
nixos.manual: introduce Wayland section
2020-11-09 16:59:12 +01:00
Doron Behar
9db44f61a7
rubyMinimal: remove
...
Due to being unused, and seemingly unusable, added appropriate release
notes.
2020-11-09 16:17:41 +02:00
Frederik Rietdijk
20f001c01e
Merge master into staging-next
2020-11-09 14:33:52 +01:00
Jan Tojnar
8e7fca3a5c
nixos/plymouth: fix eval with aliases disabled
...
Fallout from https://github.com/NixOS/nixpkgs/pull/101369
2020-11-09 14:00:18 +01:00
Janne Heß
576a928794
vim: Get rid of Python 2 dependency
2020-11-09 13:02:04 +01:00
Maximilian Bosch
e74d6735f0
Merge pull request #103170 from nh2/roundcube-restart-on-config-changes
...
roundcube service: Restart on config changes
2020-11-09 12:47:22 +01:00
Samuel Gräfenstein
88bf1b3e92
nixos/boot: add final newline to pbkdf2-sha512.c
2020-11-09 11:39:28 +00:00
Janne Heß
59239feacb
nixos/plasma5: Fix when running without aliases
2020-11-09 11:09:06 +01:00
pacien
f7c50a8aa0
nixos/ssmtp: add assertion for useSTARTTLS dependency on useTLS
...
services.ssmtp.useSTARTTLS has no effect when services.ssmtp.useTLS is disabled.
2020-11-09 04:35:12 +01:00
Marek Mahut
e02f6bfa26
Merge pull request #100418 from pltanton/master
...
fido2luks: 0.2.3 -> 0.2.15
2020-11-09 00:22:09 +01:00
Niklas Hambüchen
91b20fb1aa
roundcube service: Restart on config changes.
...
Until now, e.g. `extraConfig` changes did not reflect in
the system on `nixos-rebuild switch`.
2020-11-08 22:20:18 +01:00
Daniël de Kok
d43f378b4a
Merge pull request #103101 from matthiasbeyer/update-mutt
...
mutt: 1.14.7 -> 2.0.0
2020-11-08 18:26:51 +01:00
Niklas Hambüchen
1c460c0a5c
Merge pull request #103147 from nh2/nginx-sandbox-protecthome-release-notes
...
manual: nginx: Mention ProtectHome in release notes. See #85567
2020-11-08 18:01:03 +01:00
Niklas Hambüchen
2e7b320931
manual: nginx: Remove reference to stateDir
from release notes. Fixes #102211 .
...
Fixed wording taken from:
https://github.com/NixOS/nixpkgs/issues/102211#issuecomment-719976230
2020-11-08 17:55:11 +01:00
Daniël de Kok
c65164ec75
nixos/release-notes: Mutt 2.x has some backward incompatible changes
2020-11-08 17:26:54 +01:00
Niklas Hambüchen
2f845dccbf
manual: nginx: Mention ProtectHome in release notes. See #85567 .
...
See https://github.com/NixOS/nixpkgs/pull/85567#pullrequestreview-525820684
2020-11-08 17:03:07 +01:00
Ninjatrappeur
5f5d38e88f
Merge pull request #101218 from andir/unbound-systemd
2020-11-08 16:55:29 +01:00
Gabriel Ebner
df88279649
Merge pull request #103004 from lovesegfault/octoprint-marlingcodedocumentation
...
octoprint: add marlingcodedocumentation
2020-11-08 11:42:08 +01:00
Niklas Hambüchen
169ab0b89f
redis service: Listen on localhost by default. Fixes #100192 .
...
All other database servers in NixOS also use this safe-by-default setting.
2020-11-08 01:15:33 +01:00
Julien Moutinho
c48faf07f4
transmission: fix #98904
2020-11-07 16:27:24 +01:00
midchildan
921a66edc4
nixos/mackerel-agent: init
2020-11-07 13:37:33 +09:00
Andika Demas Riyandi
038497d3b3
nar-serve: init at 0.3.0 ( #95420 )
...
* nar-serve: init at 0.3.0
* nixos/nar-serve: add new module
Co-authored-by: zimbatm <zimbatm@zimbatm.com>
2020-11-06 18:59:51 +01:00
Jonathan Ringer
0a6a075813
Merge pull request #102979 from AmineChikhaoui/ec2-amis-gpt
...
ec2-amis: update AMIs to use gpt partition table
2020-11-06 09:14:48 -08:00
Maximilian Bosch
68726901e1
Merge pull request #94673 from justinas/prom-sql-exporter
...
prometheus-sql-exporter: init at 0.3.0
2020-11-06 17:00:47 +01:00
Maximilian Bosch
428fc4e297
nixos/prometheus-exporters: fix sql
test
2020-11-06 16:43:07 +01:00
Justinas Stankevicius
d447c2413c
nixos/prometheus-sql-exporter: new module
2020-11-06 16:35:38 +01:00
Tim Steinbach
caf8d001a9
Merge pull request #102977 from NeQuissimus/hardened_test
...
linux-hardened: Do not block channel
2020-11-06 08:50:18 -05:00
Frederik Rietdijk
99fb79ae84
Merge master into staging-next
2020-11-06 12:51:56 +01:00
Michele Guerini Rocco
25d15ebffb
Merge pull request #98661 from doronbehar/doc/nixos/systemd-nixos-specific
...
doc/nixos: Explain better NixOS specific Systemd stuff
2020-11-06 11:52:58 +01:00
Doron Behar
8716b71ea6
doc/nixos: Explain better NixOS specific Systemd stuff
...
Divide the "Service Management" chapter into two sections. The 1st (the
original) explaining General, not NixOS specific ways to interact with
Systemd. The 2nd section, explaining NixOS specific things worth
knowing.
Explain in the 2nd section a bit NixOS modules and services of Nixpkgs,
and mention `systemd.user.services` option. Give an example
demonstrating how to enable imperatively an upstream provided unit file
for a user. Explain why `systemctl --user enable` doesn't work for the
long term on NixOS.
2020-11-06 11:35:59 +02:00
Bernardo Meurer
7fede29d83
nixos/octoprint: remove references to deprecated/removed m33-fio plugin
2020-11-06 00:39:50 -08:00
Tim Steinbach
0f0af1dbd4
linux-hardened: Do not block channel
2020-11-05 22:11:17 -05:00
AmineChikhaoui
43907de6a7
ec2-amis: update AMIs to use gpt partition table
...
Use changes made as part of #102182 .
2020-11-05 20:58:08 -05:00
Aaron Andersen
33d8766feb
Merge pull request #102202 from danderson/danderson/post-stop
...
nixos/tailscale: use upstream systemd service config.
2020-11-05 20:22:53 -05:00
Timo Kaufmann
1fd1c2ad88
Merge pull request #96639 from xfix/support-microsoft-usb-keyboards
...
nixos/availableKernelModules: add microsoft hid
2020-11-05 20:33:49 +01:00
Tim Steinbach
55dbb2f30c
Merge pull request #102928 from NeQuissimus/scala_test
...
scala: Add tests, update script
2020-11-05 10:26:08 -05:00
Peter Hoeg
13ed0cce2f
nixos/systemd-resolved: fix incorrect user
2020-11-05 22:41:39 +08:00
Christoph Ruegge
bcc808c68f
Create /dev/std{in,out,err} symlinks in stage-1
...
This used to be done by udev, but that was removed in
systemd/systemd@6b2229c . The links are created by systemd at the end of
stage-2, but activation scripts might need them earlier.
2020-11-05 15:32:19 +01:00
Tim Steinbach
6834d33b00
scala: Refactor, add tests
...
Abstract over Scala derivation, add tests for individual versions
2020-11-05 08:32:28 -05:00
Wout Mertens
91d70c1edb
Merge pull request #102273 from rnhmjoj/bluetooth
...
nixos/bluetooth: disable restart on unit changes
2020-11-05 14:21:13 +01:00
Tim Steinbach
3a6feb7ec7
Merge pull request #102850 from NeQuissimus/oh-my-zsh_update
...
oh-my-zsh: Update script, test
2020-11-05 07:28:24 -05:00
Andreas Rammhold
9a01e97824
nixos-help: bundle the desktop item with the script
...
This is to ensure that whenever we install the desktop item we also have
the script installed. Prior to b02719a
we always had the reference to
the script in the desktop item. Since desktop items are being copied to
home directories and thus "bit rod" over time that absolute path was
removed.
2020-11-05 11:56:31 +01:00
Andreas Rammhold
3560f0d913
nixos-help: use writeShellScriptBin and drop custom shebang line
2020-11-05 11:47:14 +01:00
Klemens Nanni
b02719a29c
nixos-help: Do $PATH lookup in nixos-manual.desktop instead of hardcoding derivation
...
See db236e588d
"steam: Do $PATH lookup in steam.desktop [...]".
tl;dr: Otherwise widget/panel/desktop icons in DEs like KDE break.
2020-11-05 11:45:56 +01:00
Jan Tojnar
a821be7531
Merge branch 'master' into staging-next
2020-11-05 09:42:47 +01:00
Tim Steinbach
9813539969
oh-my-zsh: Add test
2020-11-04 20:37:50 -05:00
Tim Steinbach
18d375cae7
Merge pull request #102817 from NeQuissimus/ammonite_update
...
ammonite: Add test reference, update script
2020-11-04 18:10:07 -05:00
Tim Steinbach
7e062659e9
ammonite: Add test reference, update script
2020-11-04 12:57:58 -05:00
Tim Steinbach
ac9ba67ec5
Merge pull request #102642 from NeQuissimus/sbt_1_4_2
...
SBT: Add test, update script, 1.4.0 -> 1.4.2
2020-11-04 12:49:34 -05:00
Tim Steinbach
23be792bad
sbt: Add test
2020-11-04 11:30:36 -05:00
Marek Mahut
6336ac33c9
Merge pull request #102652 from freezeboy/remove-btc1
...
btc1: remove
2020-11-04 16:11:50 +01:00
freezeboy
dc0f5ed6d2
btc1: remove
2020-11-04 12:26:42 +01:00
Daniel Schaefer
d4905b1370
Merge pull request #99003 from martinetd/stunnel-doc
2020-11-04 17:40:48 +08:00
Victor Nawothnig
27e9328895
Support virtio_scsi devices on nixos-generate-config
2020-11-04 10:00:28 +01:00
Frederik Rietdijk
10c57af49c
Merge staging-next into staging
2020-11-04 09:28:07 +01:00
Jörg Thalheim
f2ec450424
Merge pull request #101249 from Izorkin/dhcpd-ipv6
...
nixos/dhcpcd: if disabled IPv6 don't solicit or accept IPv6
2020-11-04 08:09:08 +01:00
David Anderson
503caab776
nixos/tailscale: use upstream systemd service config.
...
Signed-off-by: David Anderson <dave@natulte.net>
2020-11-03 19:37:48 -08:00
Fabián Heredia Montiel
acd3d3dd20
nixos/modules/services/network-filesystems/ipfs: refactor
...
Add `package` option to change the package used for the service.
2020-11-03 17:35:06 -06:00
Maximilian Bosch
d6b804db2f
Merge pull request #102530 from Ma27/fix-initrd-network-ssh-test
...
nixos/initrd-network-ssh: fix test
2020-11-04 00:01:10 +01:00
Andreas Rammhold
5903ea5395
nixos/unbond: unbound should be required for nss-lookup.target
...
Other units depend on nss-lookup.target and expect the DNS resolution to
work once that target is reached. The previous version
`wants=nss-lookup.target` made this unit require the nss-lookup.target
to be reached before this was started.
Another change that we can probalby do is drop the before relationship
with the nss-lookup.target. That might just be implied with the current
version.
2020-11-03 19:21:39 +01:00
Andreas Rammhold
5c16c31e06
nixos/unbound: add release notes for the changes that were introduced
...
As part of this patch series a few changes have been made to the unbound
serivce the deserve proper documentation.
2020-11-03 19:21:25 +01:00
Andreas Rammhold
2aa64e5df5
nixos/unbound: add option to configure the local control socket path
...
This option allows users to specify a local UNIX control socket to
"remote control" the daemon. System users, that should be permitted to
access the daemon, must be in the `unbound` group in order to access the
socket. When a socket path is configured we are also creating the
required group.
Currently this only supports the UNIX socket mode while unbound actually
supports more advanced types. Users are still able to configure more
complex scenarios via the `extraConfig` attribute.
When this option is set to `null` (the default) it doesn't affect the
system configuration at all. The unbound defaults for control sockets
apply and no additional groups are created.
2020-11-03 19:21:25 +01:00
Andreas Rammhold
b67cc6298e
nixos/tests/unbound: add test to verify control sockets work
2020-11-03 19:21:24 +01:00
Andreas Rammhold
a040a8a2e3
nixos/tests/unbound: init
2020-11-03 19:21:24 +01:00
Andreas Rammhold
aadc07618a
nixos/unbound: drop ReadWritePaths from systemd unit configuration
...
Both of the configured paths should be implicit due to RuntimeDirectory
& StateDirectory.
2020-11-03 19:21:24 +01:00
Andreas Rammhold
72fbf05c17
nixos/unbound: note about the AmbientCapabilities
2020-11-03 19:21:24 +01:00
Andreas Rammhold
5e602f88d1
nixos/modules/services/networking/unbound: update systemd unit
...
Previously we just applied a very minimal set of restrictions and
trusted unbound to properly drop root privs and capabilities.
With this change I am (for the most part) just using the upstream
example unit file for unbound. The main difference is that we start
unbound was `unbound` user with the required capabilities instead of
letting unbound do the chroot & uid/gid changes.
The upstream unit configuration this is based on is a lot stricter with
all kinds of permissions then our previous variant. It also came with
the default of having the `Type` set to `notify`, therefore we are also
using the `unbound-with-systemd` package here. Unbound will start up,
read the configuration files and start listening on the configured ports
before systemd will declare the unit "running". This will likely help
with startup order and the occasional race condition during system
activation where the DNS service is started but not yet ready to answer
queries.
Aditionally to the much stricter runtime environmet I removed the
`/dev/urandom` mount lines we previously had in the code (that would
randomly fail during `stop`-phase).
The `preStart` script is now only required if we enabled the trust
anchor updates (which are still enabled by default).
Another beneefit of the refactoring is that we can now issue reloads via
either `pkill -HUP unbound` or `systemctl reload unbound` to reload the
running configuration without taking the daemon offline. A prerequisite
of this was that unbound configuration is available on a well known path
on the file system. I went for /etc/unbound/unbound.conf as that is the
default in the CLI tooling which in turn enables us to use
`unbound-control` without passing a custom configuration location.
2020-11-03 19:21:24 +01:00
Kevin Cox
f1153d8a0a
Merge pull request #102528 from wizeman/u/fix-chrony-perm2
...
nixos/chrony: fix owner of chrony drift file
2020-11-03 12:44:13 -05:00
Kim Lindberger
cf2d180a12
Merge pull request #99906 from talyz/keycloak
...
nixos/keycloak: Init
2020-11-03 18:31:19 +01:00
ajs124
2b03d12ace
Merge pull request #102551 from freezeboy/remove-freepops
...
freepops: remove
2020-11-03 17:51:51 +01:00
WilliButz
0916fea195
Merge pull request #102541 from helsinki-systems/init/promtail
...
nixos/promtail: Add a promtail module
2020-11-03 17:34:01 +01:00
Kevin Cox
8230e62f57
Merge pull request #100495 from DianaOlympos/riak-cs-delete
...
riak-cs: delete
2020-11-03 11:17:42 -05:00
Janne Heß
54217cac69
nixos/promtail: Add a promtail module
2020-11-03 14:36:56 +01:00
Timo Kaufmann
6c13df3fc0
Merge pull request #99632 from midchildan/update/epgstation
...
epgstation: 1.7.4 -> 1.7.5
2020-11-03 14:03:31 +01:00
Frederik Rietdijk
470f05cb5d
Merge staging-next into staging
2020-11-03 12:06:41 +01:00
freezeboy
ee0e1e0bcb
nixos(freepops): remove module
2020-11-03 10:45:29 +01:00
Silvan Mosberger
8a7ea52173
Merge pull request #99019 from sumnerevans/master
...
Add ability to configure executable for redshift service
2020-11-03 01:00:40 +01:00
Silvan Mosberger
aeaf78adb8
Merge pull request #102204 from danderson/danderson/transmission-dir
...
nixos/transmission: point at the settings dir in cfg.home.
2020-11-03 00:45:04 +01:00