Commit Graph

1028 Commits

Author SHA1 Message Date
Robin Gloster
b5449e65b5
Merge pull request #69344 from talyz/gitlab-create-database
nixos/gitlab: Fix databaseCreateLocally evaluation and operation
2019-10-09 00:28:21 +02:00
Nikolay Amiantov
2219129888 matrix-synapse service: blacklist local IPv6 addresses by default 2019-10-03 19:08:48 +03:00
talyz
c6efa9fd2d nixos/gitlab: Clean up the initializers on start
The initializers directory is populated with files from the gitlab
distribution on start, but old files will be left in the state folder
even if they're removed from the distribution, which can lead to
startup failures. Fix this by always purging the directory on start
before populating it.
2019-10-03 14:38:54 +02:00
talyz
0f8133d633 nixos/gitlab: Fix state directory permissions
Since the preStart script is no longer running in privileged mode, we
reassign the files in the state directory and its config subdirectory
to the user we're running as. This is done by splitting the preStart
script into a privileged and an unprivileged part where the privileged
part does the reassignment.

Also, delete the database.yml symlink if it exists, since we want to
create a real file in its place.

Fixes #68696.
2019-10-03 09:02:00 +02:00
Silvan Mosberger
e463c7cd75
nixos/nix-daemon: Prevent network warning when checking config
Since version 2.3 (https://github.com/NixOS/nix/pull/2949 which was
cherry-picked to master) Nix issues a warning when --no-net wasn't
passed and there is no network interface. This commit adds the --no-net
flag to the nix.conf check such that no warning is issued.
2019-09-28 17:00:47 +02:00
Peter Hoeg
8cc9d24fe1
Merge pull request #69387 from peterhoeg/f/optimise
nixos/nix-optimise: be smarter about when we run the store optimiser
2019-09-26 13:10:39 +08:00
Peter Hoeg
81cd220c67 nixos/pymks: log to journal 2019-09-25 06:33:34 +08:00
Peter Hoeg
4b34dd3120
Merge pull request #69300 from peterhoeg/f/ha2
nixos/home-assistant: set bluetooth perms
2019-09-25 04:49:31 +08:00
talyz
58a7502421 nixos/gitlab: Only create the database when databaseHost is unset
Make sure that we don't create a database if we're not going to
connect to it. Also, fix the assertion that usernames be equal to only
trig when peer authentication is used (databaseHost == "").
2019-09-24 15:04:20 +02:00
talyz
ec958d46ac nixos/gitlab: Fix evaluation failure when postgresql is disabled
config.services.postgresql.package is only defined when the postgresql
service is activated, which means we fail to evaluate when
databaseCreateLocally == false. Fix this by using the default
postgresql package when the postgresql service is disabled.
2019-09-24 15:04:19 +02:00
talyz
dfc43f7d0a nixos/gitlab: Document the restriction introduced on statePath
The state path now, since the transition from initialization in
preStart to using systemd-tmpfiles, has the following restriction: no
parent directory can be owned by any other user than root or the user
specified in services.gitlab.user. This is a potentially breaking
change and the cause of the error isn't immediately obvious, so
document it both in the release notes and statePath description.
2019-09-23 17:55:58 +02:00
Peter Hoeg
e537a0a11e home-assistant: set capabilities for bluetooth 2019-09-23 21:54:16 +08:00
Florian Klink
6262e83f5f
nixos/gitlab: Add gnutar and gzip to gitlab-sidekiq's path (#68908)
nixos/gitlab: Add gnutar and gzip to gitlab-sidekiq's path
2019-09-23 06:40:52 +02:00
Jos van Bakel
86b83f37b8
nixos/gitea: fix dump 2019-09-21 09:28:53 +02:00
talyz
aceac9d531 nixos/gitlab: Add gnutar and gzip to gitlab-sidekiq's path
Tar and gzip are needed when importing GitLab project exports.
2019-09-17 09:27:16 +02:00
schneefux
bab6e6eb04
nixos/gitlab: Remove todo about mysql support
GitLab has ended MySQL support.
https://about.gitlab.com/2019/06/27/removing-mysql-support/
2019-09-14 11:26:22 +02:00
talyz
4b6ba5b27c nixos/gitlab: Fix swap of secrets
Fix accidental swap of the otp and db secrets in the secrets.yml
file. Fixes #68613.
2019-09-13 08:40:59 +02:00
Sander van der Burg
e987e3fef9 nixos/dysnomia: enable InfluxDB support 2019-09-09 23:28:10 +02:00
Florian Klink
2f3b9cd52c
Merge pull request #66274 from talyz/gitlab
nixos/gitlab: Add support for secure secrets and more
2019-09-07 12:52:44 -07:00
talyz
240649a510 nixos/gitlab: Extract arbitrary secrets from extraConfig
Adds the ability to make any parameter specified in extraConfig secret
by defining it an attrset containing the attr _secret, which in turn
is a path to a file containing the actual secret.
2019-09-06 16:57:23 +02:00
talyz
b351454cac nixos/gitlab: Use postgresql module options to provision local db
Use the postgresql module to provision a local db (if
databaseCreateLocally is true) instead of doing this locally.

Switch to using the local unix socket for db connections by default;
this is needed since dbs created by the postgresql module only support
peer authentication.

Instead of running the rake tasks db:schema:load, db:migrate and
db:seed_fu, run gitlab:db:configure, which in turn runs these tasks
when needed.

Solves issue #53852 for gitlab.
2019-09-06 16:56:20 +02:00
talyz
cbdf94c0f3 nixos/gitlab: Add support for storing secrets in files
Add support for storing secrets in files outside the nix store, since
files in the nix store are world-readable and secrets therefore can't
be stored safely there.

The old string options are kept, since they can potentially be handy
for testing purposes, but their descriptions now state that they
shouldn't be used in production. The manual section is updated to use
the file options rather than the string options and the tests now test
both.
2019-09-06 16:54:22 +02:00
talyz
7648b4f8ba nixos/gitlab: Fix missing ca_file for SMTP
Work around upstream issue #790 by explicitly referencing the
ca-certificates.crt file.
2019-09-06 10:17:31 +02:00
Jan Tojnar
cdf426488b
Merge branch 'master' into staging-next
Fixed trivial conflicts caused by removing rec.
2019-09-06 03:20:09 +02:00
Aaron Andersen
b54a120a82 nixos/zookeeper: recursively set permissions and ownership on dataDir 2019-09-03 11:57:57 -04:00
Vladimír Čunát
f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Florian Klink
f74735c9d7 nixos: remove dependencies on local-fs.target
Since https://github.com/NixOS/nixpkgs/pull/61321, local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
2019-09-01 19:06:38 +02:00
Silvan Mosberger
478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk
ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
Frederik Rietdijk
5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
Eelco Dolstra
35c1c170d7 nix.conf: Set sandbox-fallback = false
For security, we don't want the sandbox to be disabled silently.
2019-08-27 21:17:20 +02:00
volth
35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Peter Hoeg
574ec28ef1 nixos/zoneminder: open telnet port for remote admin 2019-08-26 14:47:00 +08:00
Aaron Andersen
400c6aac71 nixos/phpfpm: deprecate extraConfig options in favor of settings options 2019-08-23 07:56:27 -04:00
Aaron Andersen
62b774a700 nixos/phpfpm: add socket option to replace the listen option 2019-08-23 07:56:21 -04:00
Aaron Andersen
249b4ad942
Merge pull request #66492 from aanderse/extra-subservice-cleanup
nixos/httpd: extraSubservices cleanup
2019-08-20 18:55:08 -04:00
Aaron Andersen
8227b2f29e
Merge pull request #66399 from mmahut/metabase
metabase: service module and test
2019-08-18 19:49:05 -04:00
WilliButz
4835f65e95
Merge pull request #66814 from mguentner/synapse_1_3_1
matrix-synapse: 1.2.1 -> 1.3.1
2019-08-18 19:30:14 +02:00
Marek Mahut
69089e990e modules: adding metabase service 2019-08-18 13:44:26 +02:00
Maximilian Güntner
dac8fe9cee
nixos/matrix-synapse: use notify instead of simple
Starting with 1.3.0, matrix-synapse supports notifying
systemd. Relevant PR: matrix-org/synapse#5732
2019-08-18 09:41:33 +02:00
Aaron Andersen
efbdce2e96 nixos/mantisbt: drop unmaintained module 2019-08-15 21:01:23 -04:00
Ben Gamari
d7d873b8cb nixos/gitlab: Delete stale hooks directories with -R
These can be directories.
2019-08-14 15:29:50 +02:00
Jeff Slight
2ee14c34ed
nixos/gitlab: properly clear out initializers 2019-08-12 12:50:02 -07:00
Silvan Mosberger
013d403f30
nixos/dwm-status: add module (#51319)
nixos/dwm-status: add module
2019-08-09 15:39:50 +02:00
William Casarin
8a24d2ba44 zoneminder: fix nginx config
For some reason it doesn't seem to load things in the cache directory
properly without this slash.

Looks like this regression may have been introduced in:

  commit 19851ec1fc
  nixos/zoneminder: Fix nginx config check

Cc: Daniel Schaefer <git@danielschaefer.me>
Cc: Peter Hoeg <peter@hoeg.com>

Signed-off-by: William Casarin <jb55@jb55.com>
2019-08-04 11:53:06 -07:00
bake
9e2a710117 nixos/gitolite: dataDir group-readable 2019-08-04 18:47:02 +09:00
Robin Gloster
19c737fd79
Merge pull request #65699 from jslight90/patch-5
nixos/gitlab: fix config initializer permissions
2019-08-01 23:08:39 +00:00
Colin L Rice
d7aa6df31f nix-daemon: Fix builduser count to work when maxJobs is auto 2019-08-01 01:54:28 -04:00
Jeff Slight
7efcbead2c
nixos/gitlab: fix config initializer permissions 2019-07-31 14:55:08 -07:00
arcnmx
c604b38791 nixos/taskserver: crl file is optional 2019-07-27 15:49:46 -07:00
steve-chavez
dfd3a0269c Shorten mkEnableOption description 2019-07-23 12:19:28 +09:00
steve-chavez
5ccfa0c816 nixos/modules: add greenclip user service 2019-07-23 12:19:28 +09:00
Johan Thomsen
bbd4a0c100 nixos/gitlab: gitlab-workhorse requires exiftool on path to process uploaded images 2019-07-22 16:41:16 +00:00
Aaron Andersen
44565adda5
Merge pull request #60436 from nbardiuk/master
nixos/tiddlywiki: init
2019-07-21 16:39:42 -04:00
Aaron Andersen
30920fbf69
Merge pull request #64741 from dasJ/gitea-smtp-pw
nixos/gitea: Support SMTP without pw in the store
2019-07-20 08:32:51 -04:00
Robin Gloster
0972409c95
Merge pull request #64550 from bgamari/gitlab-12.0
gitlab: 11.10.8 -> 12.0.3
2019-07-17 16:01:03 +00:00
Nazarii Bardiuk
976928daa2
nixos/tiddlywiki: init
Service that runs TiddlyWiki nodejs server
2019-07-16 23:12:16 +01:00
Robin Gloster
52fd300b8c
gitlab module: fix permissions 2019-07-16 03:51:17 +02:00
Robin Gloster
3469c206f2
gitlab-shell: better gitlab_shell_secret location
So this won't be cleaned up by removing config/*
2019-07-16 03:51:11 +02:00
Robin Gloster
783c2f6106
gitlab module: clean up permission handling
This is WIP to get rid of PermissionsStartOnly=true
2019-07-16 01:19:07 +02:00
Janne Heß
1e23007dcd nixos/gitea: Support SMTP without pw in the store 2019-07-14 22:48:10 +02:00
Silvan Mosberger
5eac339829
nixos/redmine: add database.createLocally option (#63932)
nixos/redmine: add database.createLocally option
2019-07-14 16:22:37 +02:00
Frederik Rietdijk
74c24385cb Merge master into staging-next 2019-07-09 15:46:00 +02:00
Elis Hirwing
3b354cc037
Merge pull request #64412 from davidtwco/lidarr/fix-home
nixos/lidarr: re-add home attribute
2019-07-07 21:35:06 +02:00
David Wood
e2247dceb3
nixos/lidarr: re-add home attribute
This was accidentally removed in a previous PR and broke things.
2019-07-07 12:31:28 +01:00
David Wood
7f32961ea2
nixos/jackett: add package option
This allows users of the module to override the package to a newer
version. Particularly useful as Jackett warns that old versions may not
work.
2019-07-07 12:23:01 +01:00
worldofpeace
ab34f8b39b
Merge pull request #63824 from JohnAZoidberg/zoneminder-alias
nixos/zoneminder: Fix package and service build
2019-07-06 21:19:23 -04:00
Vladimír Čunát
0746c4dbb4
Merge branch 'master' into staging-next
There are several thousand rebuilds from master already.
Hydra nixpkgs: ?compare=1528940
2019-07-06 13:44:40 +02:00
Elis Hirwing
823120765c
Merge pull request #64113 from davidtwco/lidarr/users-groups-firewalls
nixos/lidarr: add user/group/openFirewall opts.
2019-07-05 12:20:49 +02:00
Frederik Rietdijk
25a77b7210 Merge staging-next into staging 2019-07-03 08:59:42 +02:00
Peter Hoeg
897834f015 nixos/nix-optimise: be smarter about when we run the store optimiser
We might be inside a NixOS container on a non-NixOS host, so instead of not
running at all inside a container, check if the nix-daemon socket is writable as
it will tell us if the store is managed from here or outside.

Fixes #63578
2019-07-03 09:37:14 +08:00
David Wood
6ba90c2aae
nixos/lidarr: add user/group/openFirewall opts.
This commit adds new configuration options to the Lidarr module that
allows configuration of the user and group that Lidarr runs as; and to
open the firewall for the Lidarr port.
2019-07-01 16:17:18 +01:00
worldofpeace
3f4a353737 treewide: use dontUnpack 2019-07-01 04:23:51 -04:00
Aaron Andersen
26a5f32096 nixos/redmine: cosmetic cleanup 2019-06-30 07:24:23 -04:00
Aaron Andersen
e702468f6b nixos/redmine: add database.createLocally option 2019-06-30 07:24:18 -04:00
Aaron Andersen
278d867a9b Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless"
This reverts commit b5478fd1a2, reversing
changes made to dbb00bfcbf.
2019-06-28 21:47:43 -04:00
Elis Hirwing
b5478fd1a2
Merge pull request #63156 from Izorkin/phpfpm-rootless
phpfpm: do not run anything as root
2019-06-27 19:13:53 +02:00
Elis Hirwing
dbb00bfcbf
Merge pull request #63726 from davidtwco/lidarr/specify-package
nixos/lidarr: allow specifying package
2019-06-27 19:06:51 +02:00
Janne Heß
8c3dd6f5e7 nixos/gitea: Generate a JWT secret for git LFS 2019-06-27 03:29:02 +02:00
Aaron Andersen
616e52e21b
Merge pull request #63622 from aanderse/zoneminder
nixos/zoneminder: fix some issues with database.createLocally option
2019-06-26 20:36:26 -04:00
Daniel Schaefer
19851ec1fc nixos/zoneminder: Fix nginx config check
NixOS wouldn't build because the nginx config checker fails.

Location without a trailing slash "could allow an attacker to read file
stored outside the target folder.", source:
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md

Shouldn't change the behaviour according to
https://serverfault.com/questions/607615/using-trailing-slashes-in-nginx-configuration/607731#607731
2019-06-26 20:45:55 +02:00
Eelco Dolstra
8e620e1bc5
Merge pull request #63810 from NixOS/binaryCaches-default
nix.binaryCaches: always set https://cache.nixos.org
2019-06-26 18:51:17 +02:00
Domen Kožar
036728f3f4
nix.binaryCaches: always set https://cache.nixos.org
There are many support questions when people add a new binary cache
and they suddenly lose nixos substitutions.

Most of the users want to keep that, so we're doing a breaking change.

Previously to disable all binary caches one had to do:

  nix.binaryCache = [];

Now the same is possible via:

  nix.binaryCache = lib.mkForce;
2019-06-26 14:30:56 +02:00
Graham Christensen
38c28ef10c
Merge pull request #56265 from aanderse/permissions-start-only
replace deprecated usage of PermissionsStartOnly (part 2)
2019-06-25 18:04:22 -04:00
Aaron Andersen
74ff20fae7 nixos/zoneminder: fix some issues with database.createLocally option 2019-06-25 12:20:22 -04:00
David Wood
7e38a64709
nixos/lidarr: allow specifying package
This commit allows users of `services.lidarr` to specify the package
that is used with `services.lidarr.package`.
2019-06-24 09:53:38 +01:00
Aaron Andersen
93412bc35f
Merge pull request #63413 from etu/gitea-183-update
gitea: 1.8.2 -> 1.8.3
2019-06-19 05:46:48 -04:00
Elis Hirwing
3576ba7c19
nixos/gitea: Add missing tmpfiles rules 2019-06-19 07:45:51 +02:00
Jan Tojnar
a3f2131eb6 doc: Use prompt more often 2019-06-17 13:25:50 +02:00
Izorkin
5d3805487a nixos/zoneminder: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Frederik Rietdijk
395da1280e
Merge pull request #63100 from aanderse/phabricator-remove
drop unmaintained phabricator package, service, and httpd subservice
2019-06-15 13:08:48 +02:00
Aaron Andersen
e278ff48bc nixos/phd: remove unmaintained service 2019-06-13 17:09:45 -04:00
Maximilian Bosch
401360e15b
Merge pull request #61923 from aanderse/gitea
nixos/gitea: make use of declarative features where applicable
2019-06-13 01:01:18 +02:00
Tobias Happ
003b42f332 nixos/dwm-status: add module 2019-06-12 00:15:10 +02:00
Aaron Andersen
7145cf224c nixos/gitea: replace deprecated usage of PermissionsStartOnly
see #53852
2019-06-10 20:32:35 -04:00
Aaron Andersen
9d251d8b21 nixos/gitea: define a gitea group to avoid "nogroup" ownership 2019-06-10 20:32:35 -04:00
Aaron Andersen
615f8b8982 nixos/gitea: utilize mysql|postgresql.ensureDatabases & ensureUsers to provision databases 2019-06-10 20:32:28 -04:00
Peter Hoeg
527876038e nixos/zoneminder: font files cannot be found 2019-06-06 14:15:01 +08:00
Gabriel Ebner
18f564b882 octoprint: 1.3.10 -> 1.3.11 2019-05-30 18:10:29 +02:00