Commit Graph

22886 Commits

Author SHA1 Message Date
Timothy DeHerrera
90016afdb1
Merge pull request #133557 from SuperSandro2000/SuperSandro2000-patch-1
nixos/ssh: cleanup X11Forwarding setting
2021-08-11 17:18:48 -06:00
Sandro
cbf6bbac91
nixos/ssh: cleanup X11Forwarding setting 2021-08-12 01:00:50 +02:00
Martin Weinelt
41eb076ed8
Merge pull request #127595 from rnhmjoj/wpa-auto
nixos/wireless: use udev to wait for interfaces
2021-08-12 00:49:33 +02:00
rnhmjoj
99e8af51b2
nixos/wireless: use udev to wait for interfaces
I may have finally found a clean solution to the issues[1][2][3] with
the automatic discovery of wireless network interfaces.

[1]: https://github.com/NixOS/nixpkgs/issues/101963
[2]: https://github.com/NixOS/nixpkgs/issues/23196
[3]: https://github.com/NixOS/nixpkgs/pull/125917#issuecomment-856000426

Currently the start script fails right away if no interface is available
by the time it's running, possibly leaving the system without network.
This happens when running a little early in the boot. A solution is to
instead wait for at least one interface to appear before scanning the
/sys/class/net/ directory. This is done here by listening for the right
udev events (from the net/wlan subsystem) using the `udevadm monitor`
command and grep to match its output.

This methods guarantees the availability of at least one interface to
wpa_supplicant, but won't add additional interfaces once it has started.
However, if the current interface is lost, say unplugged, the service is
automatically stopped and will be restarted as soon as a one (not
necessarily the same) is detected. It would be possible make this fully
dynamic by running another service that continously listen for udev
events and manages the main wpa_supplicant daemon, but this is probably
overkill.

I tested the following cases:

  - one interface, starting at boot, w/o predictable naming scheme
  - two interfaces, starting at boot (intel wireless and a usb adapter),
    w/o predictable naming scheme
  - one interface after the system booted, w/o predictable naming scheme
  - two interfaces after the system booted, w/o predictable naming scheme
  - unplugging and plugging back the current interface
2021-08-12 00:31:06 +02:00
Sandro
2e4b2ad74b
Merge pull request #126750 from d-xo/erigon-2021-06-03 2021-08-11 13:30:51 +02:00
Sandro
3e80403848
Merge pull request #133436 from nagy/port-types
treewide: Port type adaptations
2021-08-11 10:54:27 +02:00
Emery Hemingway
0ac49d7c7b nixos: rewrite uhub module
* Support for hosting multiple hubs
* Using "settings" style configuration
* Remove "uhub" user, use DynamicUser
* Configuration reloading
2021-08-11 09:51:23 +02:00
DavHau
df0f76b39f cryptpad: add test for nixos module 2021-08-11 11:04:39 +09:00
Daniel Nagy
79a86e7ef5
treewide: Port type adaptations 2021-08-11 00:45:08 +02:00
Pascal Bach
1c54ce56ab nixos/minio: add release notes 2021-08-10 22:37:30 +02:00
Pascal Bach
3417f18f96 nixos/minio: allow configuring console port 2021-08-10 22:37:30 +02:00
Sandro
6df7b8f398
Merge pull request #133389 from SuperSandro2000/cleanup 2021-08-10 17:16:34 +02:00
Sandro Jäckel
4477421b05
changelog: re-add by accident deleted sections 2021-08-10 16:26:18 +02:00
Vladimír Čunát
c0097aa84a
nixos/tests: unbreak the tested job
I expect it suffices that the channel only blocks on one firefox ESR
test - the one for the default ESR.  I didn't want to have the
information about the default in two places, so either of the tests will
be evaluated twice (but to the same *.drv I hope).
2021-08-10 16:15:57 +02:00
Benjamin Asbach
86296623c6 isso: added NixOS module to configure isso in NixOS 2021-08-09 17:42:54 -06:00
Benjamin Asbach
c1a7bbc38f isso: added a test to verify that the server is able to start and a generated javascript file is available 2021-08-09 17:41:35 -06:00
Martin Weinelt
afb0e73ebc firefox-esr-91: init at 91.0esr 2021-08-10 07:43:50 +09:00
Artturin
47f6591706 nixos/gdm: disable the gdm services as it is redundant
and causes issues
2021-08-10 01:43:38 +03:00
Pascal Bach
37d93c80c1
Merge pull request #133174 from symphorien/nagios-alias
nixos/tests/nagios.nix: fix eval
2021-08-09 23:22:55 +02:00
Félix Baylac-Jacqué
7b554c9477 nixosTests.pleroma: increase server memory size
The server VM machine is sometimes OOMing, making the test flaky.
Increasing the memory size to 512MB fixes the issue.
2021-08-09 21:30:42 +02:00
Félix Baylac-Jacqué
885ab9286e nixosTests.pleroma: increase certificate validity duration
Analogous to 6325d15e90.

The test certificate expiration date was set to the default 30 days.
This certificate is generated through its own derivation. As with
every derivation, it gets cached by cache.nixos.org once we build it.

In practice, we rebuild this derivation only if one of its input
changes. The only inputs here being openssl and stdenv.

While it's not an issue on the unstable branches, it can be
problematic on a stable release: the test will fail after 30 days.

Extending the certificate lifespan from 1 month to 100 years to prevent
it from getting expired while being cached.
2021-08-09 21:30:42 +02:00
Ryan Mulligan
33cdc784e8
Merge pull request #131545 from NickCao/influxdb2
nixos/influxdb2: init
2021-08-09 10:34:53 -07:00
Doron Behar
3d72b0b6b0
Merge pull request #114241 from sorki/tests/cntr 2021-08-09 05:40:37 +00:00
Martin Weinelt
b00dd3ac1f
nixos/tests/prometheus-exporters/kea: drop enable option
There is no generic services.kea.enable option. Instead kea consists of
four daemons (dhcp4, dhcp6, ddns, ctrlagent) that can be enabled
individually. In this test we're just looking at dhcp6.
2021-08-09 01:49:54 +02:00
David Terry
a74eaeba5a
erigon: 2021.05.02 -> 2021.08.01 2021-08-08 21:22:21 +02:00
Sandro
c9e66e9d45
Merge pull request #111442 from helsinki-systems/wakeonlan
nixos/wakeonlan: add types
2021-08-08 20:51:27 +02:00
David Terry
c1186b572f
maintainers: xwvvvvwx -> d-xo 2021-08-08 19:11:45 +02:00
Silvan Mosberger
ea00f991c0 nixos/users: Populate group members option
This change makes it so that accessing config.users.groups.*.members isn't
empty by default, but instead contains all the users whose `extraGroups`
includes that group, allowing fancy things like

  { config, ... }: {
    users.groups.libvirt.members = config.users.groups.wheel.members;
  }

to add all users in the wheel group to the libvirt group
2021-08-08 18:40:06 +02:00
Guillaume Girol
f626a23cd3
Merge pull request #130522 from Mic92/polkit
nixos/polkit: put polkituser into polkituser group
2021-08-08 15:09:15 +00:00
Guillaume Girol
71154a8a8a
Merge pull request #130519 from Mic92/journald
nixos/journald: don't set nogroup
2021-08-08 15:02:31 +00:00
Martin Weinelt
23e60ba325
Merge pull request #127606 from vincentbernat/fix/nginx-override-ssl-certs
nginx: allow overriding SSL trusted certificates when using ACME
2021-08-08 16:43:27 +02:00
Guillaume Girol
27cf2a42f2
Merge pull request #132872 from wentasah/nullmailer-failed-queue
nixos/nullmailer: Create "failed" directory
2021-08-08 14:40:29 +00:00
Nick Cao
5c2478ba3c
nixos/influxdb2: init 2021-08-08 22:39:57 +08:00
Guillaume Girol
25b4e3c741
Merge pull request #133098 from erdnaxe/nitter-hardening
nixos/nitter: systemd unit hardening
2021-08-08 14:33:23 +00:00
Artturi
c10ded1bb2
Merge pull request #131966 from ArctarusLimited/fix/containerd-restart
nixos/virtualisation/containerd: do not wipe runtime directory on restart or stop
2021-08-08 17:21:30 +03:00
Vincent Bernat
85209382c1 nginx: allow overriding SSL trusted certificates when using ACME
Some ACME providers (like Buypass) are using a different certificate
to sign OCSP responses than for server certificates. Therefore,
sslTrustedCertificate should be provided by the user and we need to
allow that.
2021-08-08 16:07:11 +02:00
Martin Weinelt
f49b03c40b
Merge pull request #123258 from mweinelt/acme-hardening 2021-08-08 15:50:24 +02:00
Martin Weinelt
a5c6a0006a
Merge pull request #130521 from Mic92/tinc
nixos/tinc: don't run as nogroup
2021-08-08 15:39:42 +02:00
Alexandre Iooss
2e8e8f2c92
nixos/nitter: test with CAP_NET_BIND_SERVICE 2021-08-08 15:29:33 +02:00
Alexandre Iooss
9898f7e072
nixos/nitter: systemd unit hardening 2021-08-08 15:28:27 +02:00
Sandro
b739a14b37
Merge pull request #121906 from ymarkus/nixos-mullvad
nixos/mullvad-vpn: fix firewall issues & remove xfix as maintainer
2021-08-08 15:03:26 +02:00
Martin Weinelt
611bc7c23b
Merge pull request #111692 from lopsided98/chrony-initstepslew-types
nixos/chrony: split the initstepslew attrset into options
2021-08-08 15:03:06 +02:00
Guillaume Girol
582a9c13b5 nixos/tests/nagios.nix: fix eval 2021-08-08 12:00:00 +00:00
erdnaxe
7a0c6cdd39
nixos/miniflux: systemd unit hardening (#133123) 2021-08-08 13:58:30 +02:00
lewo
7aa78642c5
Merge pull request #125979 from blaggacao/nixos-test-ref/03-normalse-the-python-entrypoint
nixos/test-driver: normalize the python entrypoint
2021-08-08 10:24:47 +02:00
Sandro
7f9530c7c2
Merge pull request #133083 from polykernel/yambar-patch-1 2021-08-08 06:51:26 +02:00
polykernel
bc520477f4 yambar: document breaking changes
* Previously, both the xorg and wayland backend were built into the yambar
  package. The refactor breaks up each backends to its separate, with xorg
  being the default. Thus yambar users on wayland should switch to the
  yambar-wayland package.
2021-08-08 00:05:40 -04:00
Zane van Iperen
99d8d553da nixos/gitea: init/migrate db in startup script 2021-08-08 12:48:15 +09:00
Rouven Czerwinski
06667df72b
nixos/etc: use runCommandLocal (#133037)
Instead of setting preferLocalBuild & allowSubstitutes explicitly, use
runCommandLocal which sets the same options.
2021-08-07 14:56:21 -04:00
Martin Weinelt
4704dc2f1b
Merge pull request #130625 from rski/openrazer 2021-08-07 15:32:04 +02:00
Pascal Bach
463be7303e
Merge pull request #118855 from bachp/unifi-harden
nixos/unifi: harden service
2021-08-07 14:48:25 +02:00
Domen Kožar
2904cd7521
Merge pull request #132883 from Kranzes/bump-pipewire
pipewire: 0.3.32 -> 0.3.33
2021-08-07 12:47:25 +02:00
Sandro
53947a60c1
Merge pull request #132735 from ivan/victoriametrics-panic
nixos/victoriametrics: set LimitNOFILE=1048576 to fix panic and restart loop
2021-08-07 12:34:31 +02:00
Sandro
3384abd78a
Merge pull request #127711 from eadwu/nvidia_x11/127693 2021-08-07 12:24:35 +02:00
Romanos Skiadas
465c9269dd nixos/openrazer: Add a users option 2021-08-07 12:10:43 +03:00
Romanos Skiadas
42c6771744 nixos/openrazer: Change plugdev group to openrazer
For security reasons, and generally, it is best to create a more fine
grained group than plugdev. This way users that wish to tweak razer
devices don't have access to the entire plugdev group's permissions.

This is of course a breaking change.
2021-08-07 12:09:44 +03:00
Ninjatrappeur
d00f146ca5
Merge pull request #132932 from NinjaTrappeur/nin-fix-prosody-test
nixos/nixosTests.prosody: extend self-signed cert expiration date
2021-08-07 10:29:11 +02:00
Edmund Wu
573aae39e2
nixos/modules: assertion for required PM files 2021-08-07 01:41:58 -04:00
Artturi
8072e71d8e
Merge pull request #132853 from peterhoeg/f/devmon
Revert "nixos/devmon: add systemd service"
2021-08-07 02:34:09 +03:00
Artturi
7d45138e68
Merge pull request #127402 from sigprof/nixos-ssh-askpass-args
nixos/ssh: fix passing arguments to ssh-askpass
2021-08-07 02:30:28 +03:00
Félix Baylac-Jacqué
6325d15e90
nixosTests.prosody: extend- self-signed cert expiration date
The test certificate expiration date was set to the default 30 days.
This certificate is generated through its own derivation. As with
every derivation, it gets cached by cache.nixos.org once we build it.

In practice, we rebuild this derivation only if one of its input
changes. The only inputs here being openssl and stdenv.

While it's not an issue on the unstable branches, it can be
problematic on a stable release: the test will fail after 30 days.

Extending the certificate lifespan from 1 month to 100 years to prevent
it from getting expired while being cached.

See
https://github.com/NixOS/nixpkgs/pull/132898#issuecomment-894495057
for more context.
2021-08-06 23:46:17 +02:00
Timothy DeHerrera
cc455c004a
Merge pull request #132895 from poscat0x04/chrony-dns
nixos/chrony: wait for DNS services to start up before starting
2021-08-06 13:02:08 -06:00
Maximilian Bosch
67a5d63b33
Merge pull request #131867 from maxeaubrey/traefik_2.4.12
traefik: 2.4.8 -> 2.4.13
2021-08-06 18:55:07 +02:00
Ilan Joselevich
a876500f5d pipewire: updated JSON configs 2021-08-06 16:50:56 +03:00
Poscat
6e3cecf1f7
nixos/chrony: wait for dns services to start up before starting 2021-08-06 21:03:55 +08:00
Michal Sojka
a2943e74e3 nixos/nullmailer: Create "failed" directory
Nullmailer expects that this directory exists (see
073f4e9c5d/doc/nullmailer-send.8 (L185)).
When it doesn't and an email cannot be sent due to a permanent failure
or has been in the queue longer than queuelifetime (7 days), message
"Can't rename file: No such file or directory" starts appearing in the
log and nullmailer never sends "Could not send message" notification.
This means that the user may never learn that his email was not
delivered.
2021-08-06 10:48:19 +02:00
Peter Hoeg
8b167a0c11 Revert "nixos/devmon: add systemd service"
This reverts commit 1db44c4ff1.
2021-08-06 13:43:24 +08:00
Jörg Thalheim
de5a599492
Merge pull request #130429 from Ninlives/yubico_chlrep
nixos/pam: allow users to set the path to store yubikey challenge file
2021-08-06 05:23:10 +01:00
David Arnold
926fb93968
nixos/tests/test-driver: normalise test driver entrypoint(s)
Previously the driver was configured exclusively through convoluted
environment variables.

Now the driver's defaults are configured through env variables.

Some additional concerns are in the github comments of this PR.
2021-08-05 19:07:11 -05:00
David Arnold
2937038bf3
lib/modules: add mkImageMediaOverride docs 2021-08-05 18:53:59 -05:00
Jörg Thalheim
8c5c0d6748 nixos: fix zinputrc on flake-enabled systems 2021-08-05 22:19:37 +02:00
Michael Weiss
c4c087da21
nixos/tests/signal-desktop: Improve the DB test
The command "file ~/.config/Signal/sql/db.sqlite | grep 'db.sqlite: data'"
can randomly fail because "file" sometimes recognizes the "random"
(encrypted) data as something. This occasionally causes test failures,
e.g. [0] were it was recognized as "PGP Secret Sub-key -" or in another
instance as an ext4 filesystem [1].

[0]: https://github.com/NixOS/nixpkgs/pull/132644#issuecomment-892601504
[1]: https://social.primeos.dev/notice/A7H8VWV0KtQHUZZIsC
2021-08-05 18:26:59 +02:00
Robert Hensing
c5373ce006
Merge pull request #132593 from rycee/postgresql-backup-compression
nixos postgresql-backup: add `compression` option
2021-08-05 13:20:40 +02:00
Benjamin Smith
45c4b6b9e4
Apache Kafka: add 2.7.1 and 2.8.0 (#128043) 2021-08-05 13:01:59 +02:00
Yaroslav Bolyukin
b7e79637ba plasma5: install plasma-systemmonitor by default
As ksysguard was replaced, and it was installed by default

Signed-off-by: Yaroslav Bolyukin <iam@lach.pw>
2021-08-05 17:01:19 +09:00
Yaroslav Bolyukin
b0f1caf522 ksystemstats: init at 5.22.0
Signed-off-by: Yaroslav Bolyukin <iam@lach.pw>
2021-08-05 17:01:19 +09:00
Yaroslav Bolyukin
85dcd8d3ed ksysguard: replace with throw alias
It was deprecated in favour of system-monitor

Signed-off-by: Yaroslav Bolyukin <iam@lach.pw>
2021-08-05 17:01:19 +09:00
Sandro
99fe362cf1
Merge pull request #131576 from j0hax/mlvwm
nixos/mlvwm: init at 0.9.3
2021-08-05 09:46:02 +02:00
Ivan Kozik
fb6fbcb85c nixos/victoriametrics: set LimitNOFILE=1048576 to fix panic and restart loop
This fixes:

```
systemd[1]: Started VictoriaMetrics time series database.
victoria-metrics[379550]: 2021-08-04T19:33:39.833Z        panic        VictoriaMetrics/lib/storage/partition.go:954        FATAL: unrecoverable error when merging small parts in the partition "/var/lib/victoriametrics/data/small/2021_08": cannot open source part for merging: cannot open metaindex file in stream mode: cannot open file "/var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin": open /var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin: too many open files
victoria-metrics[379550]: panic: FATAL: unrecoverable error when merging small parts in the partition "/var/lib/victoriametrics/data/small/2021_08": cannot open source part for merging: cannot open metaindex file in stream mode: cannot open file "/var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin": open /var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin: too many open files
victoria-metrics[379550]: goroutine 629 [running]:
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logMessage(0xbb3ea1, 0x5, 0xc001113800, 0x1e7, 0x4)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:270 +0xc69
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logLevelSkipframes(0x1, 0xbb3ea1, 0x5, 0xbe3f8b, 0x4b, 0xc000bb3f88, 0x2, 0x2)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:138 +0xd1
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logLevel(...)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:130
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.Panicf(...)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:126
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.(*partition).smallPartsMerger(0xc0014d7980)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/partition.go:954 +0x145
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.(*partition).startMergeWorkers.func1(0xc0014d7980)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/partition.go:933 +0x2b
victoria-metrics[379550]: created by github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.(*partition).startMergeWorkers
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/partition.go:932 +0x6c
systemd[1]: victoriametrics.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
systemd[1]: victoriametrics.service: Failed with result 'exit-code'.
systemd[1]: victoriametrics.service: Consumed 587ms CPU time, received 6.5K IP traffic, sent 1.7K IP traffic.
systemd[1]: victoriametrics.service: Scheduled restart job, restart counter is at 2064.
systemd[1]: Stopped VictoriaMetrics time series database.
systemd[1]: victoriametrics.service: Consumed 587ms CPU time, received 6.5K IP traffic, sent 1.7K IP traffic.
systemd[1]: Starting VictoriaMetrics time series database...
```
2021-08-05 05:35:53 +00:00
Bernardo Meurer
64a2790e99
Merge pull request #130617 from zhaofengli/moonraker
moonraker: init at unstable-2021-07-18, nixos/moonraker: init
2021-08-05 02:59:59 +00:00
Zhaofeng Li
5fbdf2ef1f nixos/moonraker: init 2021-08-04 19:48:58 -07:00
Robert Helgesson
bcc7a902d5
nixos postgresql-backup: add compression option
This option allows basic configuration of the compression technique
used in the backup script. Specifically it adds `none` and `zstd` as
new alternatives, keeping `gzip` as the default.
2021-08-05 00:42:16 +02:00
Maxine Aubrey
34add8ca59
nixos/traefik: wait for first success
possible fix for #115418
2021-08-04 23:55:56 +02:00
Guillaume Girol
2eb2a255b9
Merge pull request #131255 from erdnaxe/nitter
nitter: init at unstable-2021-07-18
2021-08-04 20:25:22 +00:00
Jonathan Ringer
f1de8c02e2 nixos/rl-notes: Add mention of zfs.latestCompatibleLinuxPackges 2021-08-04 12:56:59 -07:00
davidak
872111e9d2
Merge pull request #131305 from davidak/nixos-icons-fix
nixos-icons: fix icons not installed when documentation disabled
2021-08-04 21:35:45 +02:00
Bernardo Meurer
1df5e3cdf3
nixos/hqplayerd: use upstream unit as much as possible 2021-08-04 12:15:33 -07:00
Bernardo Meurer
e242633669
nixos/hqplayerd: remove configurable user/group
The service is adamant that it must run under the right user, so let's
just enforce it.
2021-08-04 12:15:31 -07:00
Bernardo Meurer
3ccb633f85
nixos/hqplayerd: use package-provided config file instead of blank 2021-08-04 12:15:14 -07:00
Zhaofeng Li
fd435bdab7 nixos/klipper: Add default value for apiSocket 2021-08-04 12:09:15 -07:00
Bernardo Meurer
6b3d1790de
Merge pull request #132624 from lovesegfault/hqplayerd-fixes
nixos/hqplayerd: set HOME to path in state directory
2021-08-04 17:08:12 +00:00
Janne Heß
307b1253a7 nixos/neovim: Fix neovim runtime path generation 2021-08-04 09:44:04 +02:00
Bernardo Meurer
f949ce7449
nixos/hqplayerd: set HOME to path in state directory
The service likes to write files uploaded by the user to the service
user's $HOME. In our case the hqplayerd user has no home directory,
since it's a system user, and regardless we'd like to keep the service's
state contained.

With this change the unit forces HOME to point to
/var/lib/hqplayer/home, which works around the issue.
2021-08-03 23:29:31 -07:00
David Arnold
9e42d02047
lib/modules: add mkImageMediaOverride
so the underlaying use case of the preceding commit is so
generic, that we gain a lot in reasoning to give it an
appropriate name.

As the comment states:
image media needs to override host config short of mkForce
2021-08-03 18:28:14 -05:00
Bernardo Meurer
39bce8345f
Merge pull request #126798 from lovesegfault/nixos-hqplayerd
nixos/hqplayerd: init
2021-08-03 23:23:45 +00:00
Bernardo Meurer
05cba47810
nixos/hqplayerd: init 2021-08-03 15:54:23 -07:00
David Arnold
2af2d3146d
nixos/boot-media: soft-force entire fs layout
https://github.com/NixOS/nixpkgs/pull/131760 was made to avo
a speicific configuration conflict that errored out for multiple definitions of "/" when the installer where overlayed
on any existing host configuration.

---

Problem 1: It turns out that in also other mountpoints can coflict.

Solution 1: use `mkOverride 60` for all mountpoints (even for the ones unlikely causing confilct for consistency sake)

---

Problem 2: It turns out that on an installation media for a fresh machine (before formatting), we usually don't have any devices yet formatted. However defining for example `fileSystems.<nme>.device = "/dev/disk/by-label/...", in newer versions of nixos, seems to make the system startup fail. Similarily waiting for a non-existent swap device does not make the startup fail, but has a 1:30 min timeout.

Solution 2: For an installation medium, soft-override ("unless users know what they are doing") the entire `fileSystems` and `swapDevices` definitions.
2021-08-03 15:05:52 -05:00
Bernardo Meurer
974e1b51d6
Merge pull request #132519 from lovesegfault/networkaudiod
networkaudiod: init
2021-08-03 19:47:27 +00:00
adisbladis
6b5ca7a2c7
release-notes: Add notice regarding dropped Emacs aliases 2021-08-03 12:52:17 -05:00
Iceman
090f33f788 nixos/geth: Change default to snap sync
Starting in v1.10.4, go-ethereum changed the default sync mode to snap
sync. This adds "snap" as one of valid types of syncmode and updates
`services.geth.syncmode` to use it by default instead of the previous
fast sync.
2021-08-03 09:13:02 -04:00
Jörg Thalheim
f0672fa7fb
Merge pull request #129413 from ngkz/binfmt-order-fix
nixos/binfmt: run binfmt activation script after mounting /run
2021-08-03 12:20:17 +01:00
Sandro
e3ac38c730
Merge pull request #121829 from davidak/pantheon-team 2021-08-03 10:20:20 +00:00
Bernardo Meurer
a8998d11c9
nixos/networkaudiod: init 2021-08-03 01:44:41 -07:00
Bernardo Meurer
b3ca5f904a
Merge pull request #132507 from lovesegfault/roon-bridge-aarch64
roon-bridge: support aarch64-linux
2021-08-03 08:13:48 +00:00
Bernardo Meurer
cfdc62259d
nixos/roon-bridge: register module in module-list 2021-08-03 00:22:32 -07:00
davidak
bd27e2e831
Merge pull request #123045 from kira-bruneau/replay-sorcery
replay-sorcery: init at 0.5.0
2021-08-03 07:44:35 +02:00
Florian Klink
50e3b159e3
Merge pull request #131952 from yu-re-ka/feature/gitlab-14-1-1
gitlab: 14.1.0 -> 14.1.1
2021-08-03 00:13:52 +02:00
Robert Hensing
48ea8eb813
Merge pull request #132416 from turion/dev_rabbitmq-server_1.8_1.9
rabbitmq-server: 3.8.9 -> 3.9.1
2021-08-02 22:08:30 +02:00
Pascal Bach
ee50c21488
Merge pull request #111768 from misuzu/gitlab-runner-warnings
nixos/gitlab-runner: warn about possible secrets leak
2021-08-02 21:41:50 +02:00
Linus Heckemann
43f5945e9f
Merge pull request #132338 from Ma27/fix-captive-browser-startup
nixos/captive-browser: fix startup
2021-08-02 20:16:45 +02:00
davidak
8f02a4486d pantheon: add maintainers team 2021-08-02 19:09:29 +02:00
Robert Hensing
ce1485112d
Merge pull request #131390 from dminuoso/redis-fix-string-interpolation
nixos/redis: Use toString for interpolating slaveOf.port
2021-08-02 18:09:22 +02:00
Yureka
6b021012c5 nixos/tests/gitlab: disable gitlab-pages tests 2021-08-02 18:04:54 +02:00
Domen Kožar
05240cfbaa
Merge pull request #132431 from domenkozar/rtw89-firmware
enableRedistributableFirmware: add rtw89-firmware
2021-08-02 17:53:12 +02:00
Domen Kožar
749620cd4f
enableRedistributableFirmware: add rtw89-firmware 2021-08-02 17:23:54 +02:00
Robin Gloster
15ffca434e
Merge branch 'master' into meshcentral 2021-08-02 17:08:40 +02:00
Victor Nawothnig
6b317b7404 nixos/redis: Use toString for interpolating slaveOf.port 2021-08-02 16:41:37 +02:00
Manuel Bärenz
b0f33d7c2e rabbitmq-server: 3.8.9 -> 3.9.1 2021-08-02 16:19:30 +02:00
Florian Klink
b8662b8dba
Merge pull request #131948 from flokli/systemd-coredump-user
nixos/systemd: provision a systemd-coredump user
2021-08-02 16:14:49 +02:00
Ben Siraphob
c8a731593b
Merge pull request #113185 from fabaff/libreddit
libreddit: init at 0.10.1
2021-08-02 17:05:00 +07:00
Ben Siraphob
4ef4a1e62a
Merge pull request #131967 from vcunat/p/etc_os-release
nixos/version: make versions in /etc/os-release less verbose
2021-08-02 15:39:31 +07:00
Luke Granger-Brown
5a7d7dc19f nixos/display-managers: update set-session for new "SessionType" property
GDM 40.1 switched from storing X11 sessions in the "XSession" property
on AccountService to "Session" with a "x11" "SessionType".

For compatibility reasons, we should set both, since AccountService
doesn't seem to provide the compatibility for us.
2021-08-01 22:22:35 +00:00
Robert Hensing
151c2f5a20
Merge pull request #131814 from blaggacao/fix-nix-daemon-registry-type-unspecified-error
nixos/nix-daemon: fix registry flake type
2021-08-01 22:43:34 +02:00
Aaron Andersen
4fad3a2b69
Merge pull request #131020 from Artturin/uptimed-fix
uptimed nixos/uptimed: switch to /var/lib/ and fix perms
2021-08-01 15:58:36 -04:00
Aaron Andersen
7841f5f4eb
Merge pull request #129861 from vs49688/giteafix
modules/gitea: use gitea to refresh hooks and keys
2021-08-01 15:57:11 -04:00
David Arnold
ecae25c3ef
nixos/nix-daemon: fix registry flake type
Before this commit, the `flake` option was typed with `types.unspecified`.

This type get's merged via [`mergeDefaultOption`](ebb592a04c/lib/options.nix (L119-L128)), which has a line
```nix
else if all isFunction list then x: mergeDefaultOption loc (map (f: f x) list)
```

`lib.isFunction` detects an attrs in the shape of `{__functor = ...}` as
a function and hence this line substitutes such attrs with a function
(f: f x).

If now, a flake input has a `__functor` as it's output, this will
coerce the once attrs to a function. This breaks a lot of things later
in the stack, for example a later `lib.filterAttrs seive <LAMBDA>` will
fail for obious reasons.

According to @infinisil, `types.unspecified` is due to deprecation. In
the meantime this PR provides a specific fix for the specific problem
discovered.
2021-08-01 14:56:13 -05:00
Luke Granger-Brown
b5fab53628 nixos/virtualbox-image: cast baseImageFreeSpace into str
This fixes an evaluation error that's blocking the nixos-unstable
channel (#132328).
2021-08-01 18:59:08 +00:00
Ankit Pandey
910f233fb7 captive-browser: fix empty string in interface args
Fixes nmcli being passed an empty string before the interface name,
which would stop captive-browser from starting up.
2021-08-01 13:46:57 -05:00
Benjamin Asbach
f22a7ae1a8
soapui: 5.5.0 -> 5.6.0 (#131307)
Co-authored-by: Benjamin Asbach <asbachb@users.noreply.github.com>
2021-08-01 20:11:12 +02:00
Maximilian Bosch
8c35a69a6e
nixos/captive-browser: fix startup
It seems as since Chromium 92, `chromium` crashes on startup if
`XDG_CONFIG_HOME` points to a read-only (store-)path.
2021-08-01 19:04:49 +02:00
Naïm Favier
12bbb0fd7b
nixos/syncthing: fix curl not retrying on network errors 2021-08-01 15:03:41 +02:00
Profpatsch
6376458424 sane: Add support for the unfree Fujitsu ScanSnap drivers
This adds the scanner files already linked from the
`etc/sane.d/epjitsu.conf` file, which are extracted from the Windows
drivers and mirrored on GitHub.

Being a Japanese hardware vendor, Fujitsu’s software release &
licensing methods are horrifying, but their scanners are some of the
best, so we should definitly have discoverable support for them, which
this patch hopefully adds.

Inspiration was taken from the following sources:
https://www.josharcher.uk/code/install-scansnap-s1300-drivers-linux/
https://ubuntuforums.org/archive/index.php/t-1461915.html
https://github.com/stevleibelt/scansnap-firmware
2021-08-01 13:45:46 +02:00
Jörg Thalheim
9254bf3607
Merge pull request #131312 from Lassulus/vbox-size
vbox-image: add new option to set free space in image
2021-08-01 10:07:35 +01:00
Ben Siraphob
44db812a14
Merge pull request #132257 from Zopieux/simple-mpv-webui
mpvScripts.simple-mpv-webui: 1.0.0 -> 2.1.0
2021-08-01 12:10:12 +07:00
Aaron Andersen
404cd360c2
Merge pull request #129468 from jwygoda/litestream-service
nixos/litestream: init
2021-07-31 22:58:48 -04:00
Aaron Andersen
099015b2ed
Merge pull request #116578 from MatthewCroughan/node-red-service
nixos/node-red: add module
2021-07-31 22:57:26 -04:00
Alexandre Macabies
c9e991bd64 mpvScripts.simple-mpv-webui: 1.0.0 -> 2.1.0
This also adds a test. The current packaged version (1.0.0) is broken,
it cannot find relevant files.
2021-08-01 00:47:55 +02:00
Guillaume Girol
0a505c3682
Merge pull request #128141 from milogert/tt-rss-2021-06-21
tt-rss: 2021-01-29 -> 2021-06-23 and modules/tt-rss: updated config.php creation
2021-07-31 15:36:23 +00:00
Guillaume Girol
256af6b742
nixos/tt-rss: fix eval 2021-07-31 15:19:00 +00:00
Jörg Thalheim
4dba1b99ec
Merge pull request #131102 from helsinki-systems/feat/rework-etc-2
nixos/etc: Replace make-etc.sh with nix and bash
2021-07-31 03:57:59 +01:00
Martin Weinelt
b3b187315b
Merge pull request #131885 from mweinelt/kea 2021-07-31 02:21:19 +02:00
Artturin
bd8eeec9c0 {uptimed,nixos/uptimed}: switch to /var/lib/ and fix perms 2021-07-31 01:05:44 +03:00
Janne Heß
eb7120dc79
nixos/etc: Replace make-etc.sh with nix and bash
The main goal of this commit is to replace the rather fragile passing of
multiple arrays which could break in cases like #130935.
While I could have just added proper shell escaping to the variables
being passed, I opted for the more painful approach of replacing the
fragile and somewhat strange construct with the 5 bash lists. While
there are currently no more problems present with the current approach
(at least none that I know of), the new approach seems more solid and
might get around problems that could arise in the future stemming from
either the multiple-lists situation or from the absence of proper shell
quoting all over the script.
2021-07-30 21:33:13 +02:00
Jarosław Wygoda
1dcfd1e329 nixos/litestream: init 2021-07-30 17:41:54 +02:00
Alexandre Iooss
534dbcb28f
nixos/nitter: init module and test 2021-07-30 15:19:49 +02:00
Martin Weinelt
3d43cf8f21
nixos/kea: fix config reload
Because the config file gets symlinked to /etc/kea to make reloads work
we need to add restart triggers for the actual symlink targets.
2021-07-30 03:25:11 +02:00
Martin Weinelt
d902365913
nixos/bird: fix bird/bird6 description 2021-07-30 03:13:50 +02:00
Peter Ferenczy
3936313b1f nixos/firewall: document log location
Motivated by not finding the firewall log messages for an annoyingly long time.
2021-07-29 18:43:50 +02:00
Pavol Rusnak
d2e468a571
nixos/version: make versions in /etc/os-release less verbose
Fixes #127654; also see details in there.
2021-07-29 17:26:31 +02:00
Alex Zero
bd14d73794
nixos/modules/virtualisation/containerd: do not wipe runtime directory on restart or stop 2021-07-29 16:17:40 +01:00
Maciej Krüger
a4ca45acd7
nginx: add listenAddresses
This allows the user to manually specify the addresses nginx shoud 
listen on, while still having the convinience to use the *SSL options 
and have the ports automatically applied
2021-07-29 16:33:10 +02:00
Lassulus
729042fae8
Merge pull request #131794 from ncfavier/syncthing-collapse-declarative
nixos/syncthing: move declarative options to the top level
2021-07-29 15:42:33 +02:00
Naïm Favier
f114215b14
nixos/syncthing: clean up option descriptions 2021-07-29 15:20:30 +02:00
Florian Klink
7293489288 nixos/systemd: provision a systemd-coredump user
systemd-coredump tries to drop privileges to a systemd-coredump user if
present (and falls back to the root user if it's not available).

Create that user, and recycle uid 151 for it. We don't really care about
the gid.

Fixes https://github.com/NixOS/nixpkgs/issues/120803.
2021-07-29 15:00:24 +02:00
Niklas Hambüchen
82272021e2
Merge pull request #128886 from scvalex/coredns-configurable-corefile
kubernetes.addons.dns: make corefile configurable
2021-07-29 14:31:19 +02:00
Linus Heckemann
a476da0690 release notes: add meshcentral 2021-07-29 11:42:43 +02:00
Linus Heckemann
a175be0e7e nixos/meshcentral: init module 2021-07-29 11:42:42 +02:00
Frederik Rietdijk
3888701716
Merge pull request #131345 from NixOS/staging-next
Staging next
2021-07-29 10:45:20 +02:00
Jacek Galowicz
fae7252ec5
Merge pull request #131754 from blaggacao/fix-testing-invalid-node-names
nixos/testing: fix invalid node names detection
2021-07-29 09:47:19 +02:00
Milo Gertjejansen
f3b660014d
Merge branch 'master' into tt-rss-2021-06-21 2021-07-28 21:06:44 -04:00
Milo Gertjejansen
7aa2bf302a Added more detail to changelog, updated permissions in directory, and changed restartTriggers 2021-07-28 20:53:38 -04:00
github-actions[bot]
4fc7a31edb
Merge master into staging-next 2021-07-29 00:01:33 +00:00
Johannes Arnold
39f65ee33d nixos/mlvwm: init at 0.9.3 2021-07-29 01:19:05 +02:00
Sandro
fb525f4486
Merge pull request #129749 from GovanifY/discord-service
nixos/mx-puppet-discord: add module
2021-07-28 21:59:30 +00:00
Gauvain 'GovanifY' Roussel-Tarbouriech
040129fa31
nixos/mx-puppet-discord: add module 2021-07-28 23:30:24 +02:00
Eelco Dolstra
512ee6db39
nix-fallback-paths.nix: Update to 2.3.15 2021-07-28 22:45:33 +02:00
David Arnold
dc060ff8b2
nixos/testing: fix invalid node names detection
the use of python further restricts possible RFC1035 host labels since
dash is not allowed for use in python identifiers.

The previous implementation of this check was flawed, since it did not
check the `hostName` value that is actually used to construe the
identifier, but the node name, which can be anything, e.g. just `machine`.

The previous implementation, by further restricting RFC1035 labels, only
for the sake of testing seems to be an unacceptable restriction and should
be addressed separately.
2021-07-28 15:37:57 -05:00
Robert Hensing
60e0f94d3a
Merge pull request #131760 from blaggacao/fix-installer-root-fs-type-override
nixos/installer: force root fs type
2021-07-28 22:24:04 +02:00
David Arnold
c219fdffad
nixos/installer: force root fs type
installer media can be used on top of existing host configs. In such
scenarions, root fs types will already be defined.

Before this change, this will inevitably lead to the following error:
```console
error: The option `fileSystems./.fsType' has conflicting definition values:
       - In `/nix/store/2nl5cl4mf6vnldpbxhrbzfh0n8rsv9fm-source/DevOS/os/hardware/common.nix': "ext4"
       - In `/nix/store/jbch90yqx6gg1h3fq30jjj2b6h6jfjgs-source/nixos/modules/installer/cd-dvd/iso-image.nix': "tmpfs"
```

With this patch, the installers will override those values according to
their own local requirement.

Use `mkOverride 60` so that conscientious overriding specially targeted
at the installer, e.g. with `mkForce` is still straight forward.
2021-07-28 15:05:25 -05:00
Alexandru Scvortov
ed62c1c663 kubernetes: make corefile configurable 2021-07-28 20:15:57 +01:00
github-actions[bot]
6fcda9f1ec
Merge master into staging-next 2021-07-28 18:01:16 +00:00
Franz Pletz
8f40f574f8
Merge pull request #131578 from mweinelt/influxdb-exporter
prometheus-influxdb-exporter: init at 0.8.0
2021-07-28 19:47:06 +02:00
SrTobi
eff8d3bdb1 nixos/grub: implements GRUB_SAVEDEFAULT feature
Grub will remember the configuration that was booted and
select it as default menu entry the next time (#108206).
2021-07-28 18:57:08 +02:00
matthewcroughan
b9c9d52aec nixos/node-red: add test 2021-07-28 17:32:45 +01:00
matthewcroughan
badbbb7e05 nixos/node-red: add module
Adds a basic nixos module/service for node-red based on nodePackages.node-red

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
Co-authored by: Adrian Parvin Ouano <adrianparvino@gmail.com>
Co-authored-by: Norbert Melzer <nmelzer@nobbz.dev>
2021-07-28 17:30:57 +01:00
github-actions[bot]
a1d3be1d42
Merge master into staging-next 2021-07-28 12:01:16 +00:00
Sandro
ebb592a04c
Merge pull request #131694 from scvalex/enable-kubernetes-passthru-tests
kubernetes: enable passthru tests
2021-07-28 11:14:35 +00:00
Alexandru Scvortov
b9acd426df kubernetes: add passthru tests
Also defensively quote a path and reformat a comment to trigger the
right review.
2021-07-28 11:27:22 +01:00
Naïm Favier
e9b01c5c8e
nixos/syncthing: move declarative options to the top level 2021-07-28 11:30:30 +02:00
Lassulus
a66d9f9b00
Merge pull request #131737 from ncfavier/syncthing-extraOptions
nixos/syncthing: add declarative.extraOptions
2021-07-28 11:12:29 +02:00
Naïm Favier
6416b3a941
nixos/syncthing: add declarative.extraOptions
Allows setting arbitrary config options through the REST API.

Also switches to the [new](https://docs.syncthing.net/rest/config.html)
config endpoints.
2021-07-28 10:56:06 +02:00
github-actions[bot]
86197a8023
Merge master into staging-next 2021-07-28 06:01:04 +00:00
Victor Freire
9ee8bd1889 vscode-extensions: uniform extension namingconvention 2021-07-28 12:01:53 +09:00
github-actions[bot]
db6a26db02
Merge master into staging-next 2021-07-27 18:01:01 +00:00
Guillaume Girol
407ef1dc6f
Merge pull request #121530 from symphorien/wifireg
nixos: add option to load wireless regulatory database as firmware
2021-07-27 16:43:57 +00:00
Niklas Hambüchen
fe5f3f65e2 manuals: Describe how to link NixOS tests from packages 2021-07-27 17:39:33 +02:00
ajs124
ce080720fb
Merge pull request #131587 from hyperfekt/systemd-pstore
nixos/filesystems: succeed mount-pstore.service without backend
2021-07-27 14:27:15 +02:00
github-actions[bot]
2692c2e427
Merge master into staging-next 2021-07-27 12:01:20 +00:00
Ben Siraphob
b63a54f81c
Merge pull request #110742 from siraben/deprecate-fold 2021-07-27 15:13:31 +07:00
hyperfekt
b3200bc922 nixos/filesystems: succeed mount-pstore.service without backend 2021-07-26 21:02:58 +00:00
Martin Weinelt
f77710c6ba nixos/tests/prometheus-exporters/influxdb: init 2021-07-26 16:00:01 +02:00
Martin Weinelt
46ea00da23 nixos/prometheus-influxdb-exporter: init 2021-07-26 16:00:01 +02:00
Frederik Rietdijk
18347a1caf Merge master into staging-next 2021-07-26 12:40:04 +02:00
Elis Hirwing
699ea65439
Merge pull request #131118 from etu/sanoid-syncoid-improvements
nixos/{syncoid,sanoid}: Improve ZFS permission delegation
2021-07-26 11:40:51 +02:00
Elis Hirwing
764e4acee1
nixos/tests/sanoid: Improve tests by checking that no permissions are left behind 2021-07-26 11:05:52 +02:00
Elis Hirwing
bd263441e2
nixos/rl-notes/21.11: Add note about remaining syncoid permissions 2021-07-26 11:05:48 +02:00
Elis Hirwing
a9d29a1d0d
nixos/syncoid: Drop ~[at]sync from the systemcallfilter to avoid coredumps 2021-07-26 11:05:45 +02:00
Elis Hirwing
ea9d5876a0
nixos/sanoid: Reformat file with nixpkgs-fmt 2021-07-26 11:05:37 +02:00
Elis Hirwing
fa58d89b24
nixos/syncoid: Reformat file with nixpkgs-fmt 2021-07-26 11:04:28 +02:00
Elis Hirwing
b9f98165ab
nixos/sanoid: Use a function to build allow/unallow commands 2021-07-26 11:03:35 +02:00