Robin Gloster
b5449e65b5
Merge pull request #69344 from talyz/gitlab-create-database
...
nixos/gitlab: Fix databaseCreateLocally evaluation and operation
2019-10-09 00:28:21 +02:00
Nikolay Amiantov
2219129888
matrix-synapse service: blacklist local IPv6 addresses by default
2019-10-03 19:08:48 +03:00
talyz
c6efa9fd2d
nixos/gitlab: Clean up the initializers on start
...
The initializers directory is populated with files from the gitlab
distribution on start, but old files will be left in the state folder
even if they're removed from the distribution, which can lead to
startup failures. Fix this by always purging the directory on start
before populating it.
2019-10-03 14:38:54 +02:00
talyz
0f8133d633
nixos/gitlab: Fix state directory permissions
...
Since the preStart script is no longer running in privileged mode, we
reassign the files in the state directory and its config subdirectory
to the user we're running as. This is done by splitting the preStart
script into a privileged and an unprivileged part where the privileged
part does the reassignment.
Also, delete the database.yml symlink if it exists, since we want to
create a real file in its place.
Fixes #68696 .
2019-10-03 09:02:00 +02:00
Silvan Mosberger
e463c7cd75
nixos/nix-daemon: Prevent network warning when checking config
...
Since version 2.3 (https://github.com/NixOS/nix/pull/2949 which was
cherry-picked to master) Nix issues a warning when --no-net wasn't
passed and there is no network interface. This commit adds the --no-net
flag to the nix.conf check such that no warning is issued.
2019-09-28 17:00:47 +02:00
Peter Hoeg
8cc9d24fe1
Merge pull request #69387 from peterhoeg/f/optimise
...
nixos/nix-optimise: be smarter about when we run the store optimiser
2019-09-26 13:10:39 +08:00
Peter Hoeg
81cd220c67
nixos/pymks: log to journal
2019-09-25 06:33:34 +08:00
Peter Hoeg
4b34dd3120
Merge pull request #69300 from peterhoeg/f/ha2
...
nixos/home-assistant: set bluetooth perms
2019-09-25 04:49:31 +08:00
talyz
58a7502421
nixos/gitlab: Only create the database when databaseHost is unset
...
Make sure that we don't create a database if we're not going to
connect to it. Also, fix the assertion that usernames be equal to only
trig when peer authentication is used (databaseHost == "").
2019-09-24 15:04:20 +02:00
talyz
ec958d46ac
nixos/gitlab: Fix evaluation failure when postgresql is disabled
...
config.services.postgresql.package is only defined when the postgresql
service is activated, which means we fail to evaluate when
databaseCreateLocally == false. Fix this by using the default
postgresql package when the postgresql service is disabled.
2019-09-24 15:04:19 +02:00
talyz
dfc43f7d0a
nixos/gitlab: Document the restriction introduced on statePath
...
The state path now, since the transition from initialization in
preStart to using systemd-tmpfiles, has the following restriction: no
parent directory can be owned by any other user than root or the user
specified in services.gitlab.user. This is a potentially breaking
change and the cause of the error isn't immediately obvious, so
document it both in the release notes and statePath description.
2019-09-23 17:55:58 +02:00
Peter Hoeg
e537a0a11e
home-assistant: set capabilities for bluetooth
2019-09-23 21:54:16 +08:00
Florian Klink
6262e83f5f
nixos/gitlab: Add gnutar and gzip to gitlab-sidekiq's path ( #68908 )
...
nixos/gitlab: Add gnutar and gzip to gitlab-sidekiq's path
2019-09-23 06:40:52 +02:00
Jos van Bakel
86b83f37b8
nixos/gitea: fix dump
2019-09-21 09:28:53 +02:00
talyz
aceac9d531
nixos/gitlab: Add gnutar and gzip to gitlab-sidekiq's path
...
Tar and gzip are needed when importing GitLab project exports.
2019-09-17 09:27:16 +02:00
schneefux
bab6e6eb04
nixos/gitlab: Remove todo about mysql support
...
GitLab has ended MySQL support.
https://about.gitlab.com/2019/06/27/removing-mysql-support/
2019-09-14 11:26:22 +02:00
talyz
4b6ba5b27c
nixos/gitlab: Fix swap of secrets
...
Fix accidental swap of the otp and db secrets in the secrets.yml
file. Fixes #68613 .
2019-09-13 08:40:59 +02:00
Sander van der Burg
e987e3fef9
nixos/dysnomia: enable InfluxDB support
2019-09-09 23:28:10 +02:00
Florian Klink
2f3b9cd52c
Merge pull request #66274 from talyz/gitlab
...
nixos/gitlab: Add support for secure secrets and more
2019-09-07 12:52:44 -07:00
talyz
240649a510
nixos/gitlab: Extract arbitrary secrets from extraConfig
...
Adds the ability to make any parameter specified in extraConfig secret
by defining it an attrset containing the attr _secret, which in turn
is a path to a file containing the actual secret.
2019-09-06 16:57:23 +02:00
talyz
b351454cac
nixos/gitlab: Use postgresql module options to provision local db
...
Use the postgresql module to provision a local db (if
databaseCreateLocally is true) instead of doing this locally.
Switch to using the local unix socket for db connections by default;
this is needed since dbs created by the postgresql module only support
peer authentication.
Instead of running the rake tasks db:schema:load, db:migrate and
db:seed_fu, run gitlab:db:configure, which in turn runs these tasks
when needed.
Solves issue #53852 for gitlab.
2019-09-06 16:56:20 +02:00
talyz
cbdf94c0f3
nixos/gitlab: Add support for storing secrets in files
...
Add support for storing secrets in files outside the nix store, since
files in the nix store are world-readable and secrets therefore can't
be stored safely there.
The old string options are kept, since they can potentially be handy
for testing purposes, but their descriptions now state that they
shouldn't be used in production. The manual section is updated to use
the file options rather than the string options and the tests now test
both.
2019-09-06 16:54:22 +02:00
talyz
7648b4f8ba
nixos/gitlab: Fix missing ca_file for SMTP
...
Work around upstream issue #790 by explicitly referencing the
ca-certificates.crt file.
2019-09-06 10:17:31 +02:00
Jan Tojnar
cdf426488b
Merge branch 'master' into staging-next
...
Fixed trivial conflicts caused by removing rec.
2019-09-06 03:20:09 +02:00
Aaron Andersen
b54a120a82
nixos/zookeeper: recursively set permissions and ownership on dataDir
2019-09-03 11:57:57 -04:00
Vladimír Čunát
f21211ebfe
Merge branch 'master' into staging
2019-09-02 23:25:24 +02:00
Florian Klink
f74735c9d7
nixos: remove dependencies on local-fs.target
...
Since https://github.com/NixOS/nixpkgs/pull/61321 , local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
2019-09-01 19:06:38 +02:00
Silvan Mosberger
478e7184f8
nixos/modules: Remove all usages of types.string
...
And replace them with a more appropriate type
Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk
ad1d58c622
Merge staging-next into staging
2019-08-31 10:04:20 +02:00
volth
08f68313a4
treewide: remove redundant rec
2019-08-28 11:07:32 +00:00
Frederik Rietdijk
5061fe0c2c
Merge staging-next into staging
2019-08-28 08:26:42 +02:00
Eelco Dolstra
35c1c170d7
nix.conf: Set sandbox-fallback = false
...
For security, we don't want the sandbox to be disabled silently.
2019-08-27 21:17:20 +02:00
volth
35d68ef143
treewide: remove redundant quotes
2019-08-26 21:40:19 +00:00
Peter Hoeg
574ec28ef1
nixos/zoneminder: open telnet port for remote admin
2019-08-26 14:47:00 +08:00
Aaron Andersen
400c6aac71
nixos/phpfpm: deprecate extraConfig options in favor of settings options
2019-08-23 07:56:27 -04:00
Aaron Andersen
62b774a700
nixos/phpfpm: add socket option to replace the listen option
2019-08-23 07:56:21 -04:00
Aaron Andersen
249b4ad942
Merge pull request #66492 from aanderse/extra-subservice-cleanup
...
nixos/httpd: extraSubservices cleanup
2019-08-20 18:55:08 -04:00
Aaron Andersen
8227b2f29e
Merge pull request #66399 from mmahut/metabase
...
metabase: service module and test
2019-08-18 19:49:05 -04:00
WilliButz
4835f65e95
Merge pull request #66814 from mguentner/synapse_1_3_1
...
matrix-synapse: 1.2.1 -> 1.3.1
2019-08-18 19:30:14 +02:00
Marek Mahut
69089e990e
modules: adding metabase service
2019-08-18 13:44:26 +02:00
Maximilian Güntner
dac8fe9cee
nixos/matrix-synapse: use notify instead of simple
...
Starting with 1.3.0, matrix-synapse supports notifying
systemd. Relevant PR: matrix-org/synapse#5732
2019-08-18 09:41:33 +02:00
Aaron Andersen
efbdce2e96
nixos/mantisbt: drop unmaintained module
2019-08-15 21:01:23 -04:00
Ben Gamari
d7d873b8cb
nixos/gitlab: Delete stale hooks directories with -R
...
These can be directories.
2019-08-14 15:29:50 +02:00
Jeff Slight
2ee14c34ed
nixos/gitlab: properly clear out initializers
2019-08-12 12:50:02 -07:00
Silvan Mosberger
013d403f30
nixos/dwm-status: add module ( #51319 )
...
nixos/dwm-status: add module
2019-08-09 15:39:50 +02:00
William Casarin
8a24d2ba44
zoneminder: fix nginx config
...
For some reason it doesn't seem to load things in the cache directory
properly without this slash.
Looks like this regression may have been introduced in:
commit 19851ec1fc
nixos/zoneminder: Fix nginx config check
Cc: Daniel Schaefer <git@danielschaefer.me>
Cc: Peter Hoeg <peter@hoeg.com>
Signed-off-by: William Casarin <jb55@jb55.com>
2019-08-04 11:53:06 -07:00
bake
9e2a710117
nixos/gitolite: dataDir group-readable
2019-08-04 18:47:02 +09:00
Robin Gloster
19c737fd79
Merge pull request #65699 from jslight90/patch-5
...
nixos/gitlab: fix config initializer permissions
2019-08-01 23:08:39 +00:00
Colin L Rice
d7aa6df31f
nix-daemon: Fix builduser count to work when maxJobs is auto
2019-08-01 01:54:28 -04:00
Jeff Slight
7efcbead2c
nixos/gitlab: fix config initializer permissions
2019-07-31 14:55:08 -07:00
arcnmx
c604b38791
nixos/taskserver: crl file is optional
2019-07-27 15:49:46 -07:00
steve-chavez
dfd3a0269c
Shorten mkEnableOption description
2019-07-23 12:19:28 +09:00
steve-chavez
5ccfa0c816
nixos/modules: add greenclip user service
2019-07-23 12:19:28 +09:00
Johan Thomsen
bbd4a0c100
nixos/gitlab: gitlab-workhorse requires exiftool on path to process uploaded images
2019-07-22 16:41:16 +00:00
Aaron Andersen
44565adda5
Merge pull request #60436 from nbardiuk/master
...
nixos/tiddlywiki: init
2019-07-21 16:39:42 -04:00
Aaron Andersen
30920fbf69
Merge pull request #64741 from dasJ/gitea-smtp-pw
...
nixos/gitea: Support SMTP without pw in the store
2019-07-20 08:32:51 -04:00
Robin Gloster
0972409c95
Merge pull request #64550 from bgamari/gitlab-12.0
...
gitlab: 11.10.8 -> 12.0.3
2019-07-17 16:01:03 +00:00
Nazarii Bardiuk
976928daa2
nixos/tiddlywiki: init
...
Service that runs TiddlyWiki nodejs server
2019-07-16 23:12:16 +01:00
Robin Gloster
52fd300b8c
gitlab module: fix permissions
2019-07-16 03:51:17 +02:00
Robin Gloster
3469c206f2
gitlab-shell: better gitlab_shell_secret location
...
So this won't be cleaned up by removing config/*
2019-07-16 03:51:11 +02:00
Robin Gloster
783c2f6106
gitlab module: clean up permission handling
...
This is WIP to get rid of PermissionsStartOnly=true
2019-07-16 01:19:07 +02:00
Janne Heß
1e23007dcd
nixos/gitea: Support SMTP without pw in the store
2019-07-14 22:48:10 +02:00
Silvan Mosberger
5eac339829
nixos/redmine: add database.createLocally option ( #63932 )
...
nixos/redmine: add database.createLocally option
2019-07-14 16:22:37 +02:00
Frederik Rietdijk
74c24385cb
Merge master into staging-next
2019-07-09 15:46:00 +02:00
Elis Hirwing
3b354cc037
Merge pull request #64412 from davidtwco/lidarr/fix-home
...
nixos/lidarr: re-add home attribute
2019-07-07 21:35:06 +02:00
David Wood
e2247dceb3
nixos/lidarr: re-add home attribute
...
This was accidentally removed in a previous PR and broke things.
2019-07-07 12:31:28 +01:00
David Wood
7f32961ea2
nixos/jackett: add package option
...
This allows users of the module to override the package to a newer
version. Particularly useful as Jackett warns that old versions may not
work.
2019-07-07 12:23:01 +01:00
worldofpeace
ab34f8b39b
Merge pull request #63824 from JohnAZoidberg/zoneminder-alias
...
nixos/zoneminder: Fix package and service build
2019-07-06 21:19:23 -04:00
Vladimír Čunát
0746c4dbb4
Merge branch 'master' into staging-next
...
There are several thousand rebuilds from master already.
Hydra nixpkgs: ?compare=1528940
2019-07-06 13:44:40 +02:00
Elis Hirwing
823120765c
Merge pull request #64113 from davidtwco/lidarr/users-groups-firewalls
...
nixos/lidarr: add user/group/openFirewall opts.
2019-07-05 12:20:49 +02:00
Frederik Rietdijk
25a77b7210
Merge staging-next into staging
2019-07-03 08:59:42 +02:00
Peter Hoeg
897834f015
nixos/nix-optimise: be smarter about when we run the store optimiser
...
We might be inside a NixOS container on a non-NixOS host, so instead of not
running at all inside a container, check if the nix-daemon socket is writable as
it will tell us if the store is managed from here or outside.
Fixes #63578
2019-07-03 09:37:14 +08:00
David Wood
6ba90c2aae
nixos/lidarr: add user/group/openFirewall opts.
...
This commit adds new configuration options to the Lidarr module that
allows configuration of the user and group that Lidarr runs as; and to
open the firewall for the Lidarr port.
2019-07-01 16:17:18 +01:00
worldofpeace
3f4a353737
treewide: use dontUnpack
2019-07-01 04:23:51 -04:00
Aaron Andersen
26a5f32096
nixos/redmine: cosmetic cleanup
2019-06-30 07:24:23 -04:00
Aaron Andersen
e702468f6b
nixos/redmine: add database.createLocally option
2019-06-30 07:24:18 -04:00
Aaron Andersen
278d867a9b
Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless"
...
This reverts commit b5478fd1a2
, reversing
changes made to dbb00bfcbf
.
2019-06-28 21:47:43 -04:00
Elis Hirwing
b5478fd1a2
Merge pull request #63156 from Izorkin/phpfpm-rootless
...
phpfpm: do not run anything as root
2019-06-27 19:13:53 +02:00
Elis Hirwing
dbb00bfcbf
Merge pull request #63726 from davidtwco/lidarr/specify-package
...
nixos/lidarr: allow specifying package
2019-06-27 19:06:51 +02:00
Janne Heß
8c3dd6f5e7
nixos/gitea: Generate a JWT secret for git LFS
2019-06-27 03:29:02 +02:00
Aaron Andersen
616e52e21b
Merge pull request #63622 from aanderse/zoneminder
...
nixos/zoneminder: fix some issues with database.createLocally option
2019-06-26 20:36:26 -04:00
Daniel Schaefer
19851ec1fc
nixos/zoneminder: Fix nginx config check
...
NixOS wouldn't build because the nginx config checker fails.
Location without a trailing slash "could allow an attacker to read file
stored outside the target folder.", source:
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
Shouldn't change the behaviour according to
https://serverfault.com/questions/607615/using-trailing-slashes-in-nginx-configuration/607731#607731
2019-06-26 20:45:55 +02:00
Eelco Dolstra
8e620e1bc5
Merge pull request #63810 from NixOS/binaryCaches-default
...
nix.binaryCaches: always set https://cache.nixos.org
2019-06-26 18:51:17 +02:00
Domen Kožar
036728f3f4
nix.binaryCaches: always set https://cache.nixos.org
...
There are many support questions when people add a new binary cache
and they suddenly lose nixos substitutions.
Most of the users want to keep that, so we're doing a breaking change.
Previously to disable all binary caches one had to do:
nix.binaryCache = [];
Now the same is possible via:
nix.binaryCache = lib.mkForce;
2019-06-26 14:30:56 +02:00
Graham Christensen
38c28ef10c
Merge pull request #56265 from aanderse/permissions-start-only
...
replace deprecated usage of PermissionsStartOnly (part 2)
2019-06-25 18:04:22 -04:00
Aaron Andersen
74ff20fae7
nixos/zoneminder: fix some issues with database.createLocally option
2019-06-25 12:20:22 -04:00
David Wood
7e38a64709
nixos/lidarr: allow specifying package
...
This commit allows users of `services.lidarr` to specify the package
that is used with `services.lidarr.package`.
2019-06-24 09:53:38 +01:00
Aaron Andersen
93412bc35f
Merge pull request #63413 from etu/gitea-183-update
...
gitea: 1.8.2 -> 1.8.3
2019-06-19 05:46:48 -04:00
Elis Hirwing
3576ba7c19
nixos/gitea: Add missing tmpfiles rules
2019-06-19 07:45:51 +02:00
Jan Tojnar
a3f2131eb6
doc: Use prompt more often
2019-06-17 13:25:50 +02:00
Izorkin
5d3805487a
nixos/zoneminder: fix work with phpfpm-rootless mode
2019-06-16 12:33:51 +03:00
Frederik Rietdijk
395da1280e
Merge pull request #63100 from aanderse/phabricator-remove
...
drop unmaintained phabricator package, service, and httpd subservice
2019-06-15 13:08:48 +02:00
Aaron Andersen
e278ff48bc
nixos/phd: remove unmaintained service
2019-06-13 17:09:45 -04:00
Maximilian Bosch
401360e15b
Merge pull request #61923 from aanderse/gitea
...
nixos/gitea: make use of declarative features where applicable
2019-06-13 01:01:18 +02:00
Tobias Happ
003b42f332
nixos/dwm-status: add module
2019-06-12 00:15:10 +02:00
Aaron Andersen
7145cf224c
nixos/gitea: replace deprecated usage of PermissionsStartOnly
...
see #53852
2019-06-10 20:32:35 -04:00
Aaron Andersen
9d251d8b21
nixos/gitea: define a gitea group to avoid "nogroup" ownership
2019-06-10 20:32:35 -04:00
Aaron Andersen
615f8b8982
nixos/gitea: utilize mysql|postgresql.ensureDatabases & ensureUsers to provision databases
2019-06-10 20:32:28 -04:00
Peter Hoeg
527876038e
nixos/zoneminder: font files cannot be found
2019-06-06 14:15:01 +08:00
Gabriel Ebner
18f564b882
octoprint: 1.3.10 -> 1.3.11
2019-05-30 18:10:29 +02:00