JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
402,732 Commits 2 Branches 0 Tags 12 GiB
47c6a9bf34
Commit Graph

22201 Commits

Author SHA1 Message Date
github-actions[bot]
0f0010fda3
Merge master into staging-next 2022-08-02 06:02:34 +00:00
pennae
6b13dd0e9e
Merge pull request #183491 from pennae/automatic-md-conversions 
treewide: automatically md-convert option descriptions
 2022-08-02 02:15:30 +02:00
github-actions[bot]
ad090ff867
Merge master into staging-next 2022-08-02 00:02:24 +00:00
Sandro Jäckel
f7522d6b56
nixos/gitit: use programs from path 2022-08-02 00:55:48 +02:00
Winter
468c10d8e0
Merge pull request #183039 from jansol/master 2022-08-01 18:17:39 -04:00
Jan Solanti
34a04025cf xow: remove 
Upstream project has been deprecated in favour of the 'xone' kernel
mode driver.
 2022-08-02 00:50:32 +03:00
Bernardo Meurer
6f435e54b5
Merge pull request #165151 from vtuan10/klipper-firmware 
nixos/klipper: Add Klipper firmware options
 2022-08-01 14:07:26 -07:00
github-actions[bot]
e8ce2f4a26
Merge master into staging-next 2022-08-01 18:01:20 +00:00
squalus
257db1dd4a nixos: systemd-coredump: improve disabled state 
The systemd-coredump module required systemd to be built with
withCoredump=true, even if the module was disabled.

- allow systemd to be missing systemd-coredump if the module is disabled
- switch to mkDefault for the sysctl config to allow user overrides when
  the module is disabled
- add nixos tests for both the enabled and disabled cases
 2022-08-01 09:52:56 -07:00
Franz Pletz
999d90d2e7
Merge pull request #184553 from danc86/krb-no-pam 2022-08-01 16:30:07 +02:00
Silvan Mosberger
fe2c9ae814
Merge pull request #177012 from hercules-ci/nixos-modular-system 
`flake.lib.nixosSystem`: Allow `nixpkgs.system` to be set modularly; improve error message
 2022-08-01 15:05:16 +02:00
Dan Callaghan
43aab2f50b
nixos/pam: add an option to control Kerberos PAM modules 
Instead of enabling the PAM modules based on config.krb5.enable,
introduce a new option to control the PAM modules specifically.

Users may want to turn on config.krb5.enable, to get a working Kerberos
client config with tools like kinit, while letting pam_sss or something
else handle Kerberos password lookups.
 2022-08-01 21:28:05 +10:00
Bobby Rong
231631eb93
lightdm-gtk-greeter: rename from lightdm_gtk_greeter 
To match the current naming convention.
 2022-08-01 16:36:52 +08:00
github-actions[bot]
83256fd7ea
Merge master into staging-next 2022-08-01 00:02:41 +00:00
superherointj
5857574d45
Merge pull request #183307 from Djabx/autoUpgrabe-boot 
system.autoUpgrade: add boot option.
 2022-07-31 19:12:59 -03:00
Sandro
be194e390f
nixos/ncdns: replace shortened link 2022-07-31 17:13:03 +02:00
github-actions[bot]
bb10509584
Merge master into staging-next 2022-07-31 12:02:29 +00:00
Guillaume Girol
479522bd60
Merge pull request #178873 from greizgh/update-seafile 
Fix broken seafile
 2022-07-31 11:23:09 +00:00
github-actions[bot]
95abc5680d
Merge master into staging-next 2022-07-31 00:03:10 +00:00
Mario Rodas
a255355f46
Merge pull request #182520 from danc86/sssd-kcm 
nixos/sssd: add an option to enable KCM support
 2022-07-30 18:52:05 -05:00
Shawn8901
e5888c2436 noisetorch: Add noisetorch to systemPackages with programs.noisetorch.enable 2022-07-30 20:59:31 +02:00
github-actions[bot]
15686bdd94
Merge master into staging-next 2022-07-30 18:01:31 +00:00
Greizgh
dd8386c453
nixos/seafile: version 9.0x compatibility 2022-07-30 18:29:33 +02:00
Alyssa Ross
153bfc9966
treewide: use isx86 where appropriate 2022-07-30 16:21:10 +00:00
Alyssa Ross
5330c0a1af
treewide: use isAarch where appropriate 2022-07-30 16:18:27 +00:00
pennae
2e751c0772 treewide: automatically md-convert option descriptions 
the conversion procedure is simple:

 - find all things that look like options, ie calls to either `mkOption`
   or `lib.mkOption` that take an attrset. remember the attrset as the
   option
 - for all options, find a `description` attribute who's value is not a
   call to `mdDoc` or `lib.mdDoc`
 - textually convert the entire value of the attribute to MD with a few
   simple regexes (the set from mdize-module.sh)
 - if the change produced a change in the manual output, discard
 - if the change kept the manual unchanged, add some text to the
   description to make sure we've actually found an option. if the
   manual changes this time, keep the converted description

this procedure converts 80% of nixos options to markdown. around 2000
options remain to be inspected, but most of those fail the "does not
change the manual output check": currently the MD conversion process
does not faithfully convert docbook tags like <code> and <package>, so
any option using such tags will not be converted at all.
 2022-07-30 15:16:34 +02:00
Aaron Andersen
2aecc7fdc1
Merge pull request #183360 from Sohalt/nixos/headscale 
nixos/headscale: minor improvements
 2022-07-30 15:02:37 +02:00
github-actions[bot]
5ebd4b10df
Merge master into staging-next 2022-07-30 12:01:30 +00:00
Bobby Rong
1abe15cfa5
nixos/cinnamon: install xed-editor 
xed is not the editor you want in Nixpkgs but a x86 encoder decoder.
 2022-07-30 19:51:15 +08:00
Linus Heckemann
bb7f88ccc0
Merge pull request #178529 from oxalica/fix/systemd-initrd-vconsole 
nixos/console: add required store paths to initrd for systemd stage 1
 2022-07-30 10:15:14 +02:00
github-actions[bot]
93fa8bacfb
Merge master into staging-next 2022-07-30 06:01:19 +00:00
Andrew Marshall
51adf865a3 nixos/networkd: Fix example for dhcpServerStaticLeaseOptions option 
The example was not valid, and would raise an error.
 2022-07-30 00:55:56 -04:00
Andrew Marshall
a9fbd07f56 nixos/networkd: Fix example for ipv6Prefixes option 
The example was not valid, and would raise an error.
 2022-07-30 00:55:56 -04:00
Anderson Torres
a34e3f299c
Merge pull request #183209 from AndersonTorres/nscde 
fvwm3: init at 1.0.4
 2022-07-29 21:10:55 -03:00
github-actions[bot]
50de8aa60e
Merge master into staging-next 2022-07-29 18:01:27 +00:00
pennae
6662f40c24
Merge pull request #182756 from jian-lin/pr-add-kanata-module 
nixos/kanata: init
 2022-07-29 15:08:34 +02:00
github-actions[bot]
a37c393ba4
Merge staging-next into staging 2022-07-29 12:02:05 +00:00
Jörg Thalheim
dfda4ec196
Merge pull request #183269 from flokli/grafana-agent-merge-defaults 
nixos/grafana-agent: ensure defaults are merged
 2022-07-29 11:38:47 +01:00
Florian Klink
7df5b81fc3 nixos/grafana-agent: ensure defaults are merged 
Move the defaults to the `config` section of the module, and apply them
with mkDefault.

That way the defaults are merged with user-provided config, and are
merged without having to use lib.mkForce.
 2022-07-29 13:23:12 +07:00
Alexandre Badez
8457d9277a system.autoUpgrade: add boot option. 2022-07-29 08:21:07 +02:00
AndersonTorres
bef8e4df1d fvwm3: nixos module 2022-07-28 22:28:41 -03:00
AndersonTorres
2617a00699 fvwm: rename nixos module to fvwm2 2022-07-28 22:28:39 -03:00
github-actions[bot]
6a1cd17d72
Merge staging-next into staging 2022-07-28 18:01:55 +00:00
misuzu
9b1db3db0e nixos/gitlab-runner: undeprecate configFile option 2022-07-28 17:16:55 +02:00
misuzu
b4028126f1 nixos/gitlab-runner: add settings option 2022-07-28 17:16:55 +02:00
github-actions[bot]
437247fc43
Merge staging-next into staging 2022-07-28 12:02:23 +00:00
Sandro
b5b9c81496
Merge pull request #177573 from asbachb/bugfix/gitea/175967 2022-07-28 13:55:11 +02:00
Bernardo Meurer
2d070e3213
Merge pull request #182535 from lovesegfault/roon-hqplayerd-fixes 
nixos/{roon,hqplayerd}: small fixes
 2022-07-28 00:27:15 -07:00
github-actions[bot]
c5298a170d
Merge staging-next into staging 2022-07-27 18:02:13 +00:00
github-actions[bot]
f6895f13b0
Merge master into staging-next 2022-07-27 18:01:33 +00:00
Alan Strohm
81cd3e229c
nixos/restic: add 'backups.package' option to override the restic package (#183028) 2022-07-27 13:47:41 -04:00
pennae
a16b25432e
Merge pull request #182685 from pennae/invariant-option-conversions 
treewide: invariant option conversions to MD
 2022-07-27 15:39:47 +02:00
Bobby Rong
36d7b18e75
Merge pull request #162980 from NickCao/mautrix-telegram-nixos 
nixos/mautrix-telegram: add lottieconverter to path
 2022-07-27 20:39:08 +08:00
github-actions[bot]
54f2dacce1
Merge staging-next into staging 2022-07-27 00:03:09 +00:00
github-actions[bot]
f110f87498
Merge master into staging-next 2022-07-27 00:02:31 +00:00
Rick van Schijndel
9e9f6fc1c3
Merge pull request #152065 from chkno/stunnel-extraConfig 
nixos/stunnel: Make free-form
 2022-07-26 23:24:31 +02:00
github-actions[bot]
b21eff1a41
Merge staging-next into staging 2022-07-26 18:02:15 +00:00
github-actions[bot]
1071ab374f
Merge master into staging-next 2022-07-26 18:01:32 +00:00
Sandro
7206899cbf
nixos/i18n: add en_US.UTF-8 to default locales 
Closes #182798
 2022-07-26 14:50:02 +02:00
github-actions[bot]
52e7c12c41
Merge staging-next into staging 2022-07-26 06:02:58 +00:00
github-actions[bot]
8aaeccd647
Merge master into staging-next 2022-07-26 06:02:16 +00:00
Bernardo Meurer
1cfb6dab0f
Merge pull request #182789 from talyz/sshd-dont-delete-symlinks 
sshd: Don't remove symlinks to host key files
 2022-07-25 21:51:46 -07:00
Jared Baur
777e914c20 nixos/systemd.network: Add RequiredFamilyForOnline to linkConfig 
While writing a configuration, I found a usage for this field and
noticed it was missing when building the configuration.
 2022-07-26 04:11:33 +02:00
Stig
550aaf8c96
Merge pull request #182379 from stigtsp/fix/pam-u2f-cue 
nixos/security/pam: fix u2f options leakage
 2022-07-26 03:19:01 +02:00
github-actions[bot]
4defba0df7
Merge staging-next into staging 2022-07-26 00:03:07 +00:00
github-actions[bot]
19fd1d7e90
Merge master into staging-next 2022-07-26 00:02:26 +00:00
ajs124
66e9ea4827
Merge pull request #180008 from Luflosi/skip-fsck-for-bind-mount 2022-07-25 23:56:12 +02:00
Winter
c4665307de
Merge pull request #180148 from Luflosi/nginx-fix-listenAddresses-example 
nixos/nginx: fix broken listenAddresses example
 2022-07-25 17:47:00 -04:00
github-actions[bot]
2aa98a3fe0
Merge staging-next into staging 2022-07-25 18:02:05 +00:00
github-actions[bot]
db04e3c143
Merge master into staging-next 2022-07-25 18:01:19 +00:00
Roman Volosatovs
191f777c4a
nixos/amd.sev: init 
Signed-off-by: Roman Volosatovs <roman@profian.com>
Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
 2022-07-25 18:13:52 +02:00
Lin Jian
b6617bb594
nixos/kanata: init 2022-07-26 00:06:48 +08:00
Kevin Cox
6efae3d6a9
Merge pull request #118093 from stuebinm/nextcloud-secrets 
nixos/nextcloud: add extraOptions and secretFile options
 2022-07-25 11:29:11 -04:00
Otavio Salvador
7e8e00d656 nixos/restic: use postStop for backupCleanupCommand 
That way the `backupCleanupCommand` can also run when the backup service
failed for some reason.

Fixes: #182089.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
 2022-07-25 11:53:01 -03:00
github-actions[bot]
d31202e8c3
Merge staging-next into staging 2022-07-25 12:02:27 +00:00
github-actions[bot]
ded08eff9c
Merge master into staging-next 2022-07-25 12:01:46 +00:00
Maximilian Bosch
f923f5b9aa
Merge pull request #182456 from mayflower/crowd-secrets 
nixos/crowd: store openid password securely
 2022-07-25 12:02:57 +02:00
github-actions[bot]
a5a3f67b15
Merge staging-next into staging 2022-07-25 00:03:30 +00:00
github-actions[bot]
e706db2a81
Merge master into staging-next 2022-07-25 00:02:44 +00:00
Mario Rodas
f97827178e
Merge pull request #181021 from melvyn2/patch-1 
Add `bash` to netdata service path
 2022-07-24 16:12:07 -05:00
Vladimír Čunát
687d59d7e6
Merge branch 'master' into staging-next 2022-07-24 22:27:27 +02:00
Sandro
87c66cbb56
nixos/hydra: fix runuser in init 2022-07-24 18:05:10 +02:00
Sandro
8f89704410
Merge pull request #182648 from SuperSandro2000/hedgedoc-module 
nixos/hedgedoc: improve ldap settings
 2022-07-24 16:33:11 +02:00
github-actions[bot]
4a6e124c33
Merge staging-next into staging 2022-07-24 12:02:06 +00:00
github-actions[bot]
21a6aafb7d
Merge master into staging-next 2022-07-24 12:01:21 +00:00
pennae
ff56c775c8
Merge pull request #182098 from pennae/option-doc-md 
convert some varlists in option docs to MD
 2022-07-24 13:14:40 +02:00
pennae
5bf55a4ad5 nixos/virtualization: invariant option docs MD conversions 2022-07-24 13:01:47 +02:00
pennae
b115622f4b nixos/tasks: invariant option docs MD conversions 2022-07-24 13:01:47 +02:00
pennae
860a0449ce nixos/system: invariant option docs MD conversions 2022-07-24 13:01:47 +02:00
pennae
cbc44d68a7 nixos/security: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae
da37ca6760 nixos/programs: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae
4f91838584 nixos/misc: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae
4ba72f8615 nixos/installer: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae
77d56dfc22 nixos/i18n: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae
4dd84a34db nixos/hardware: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae
8a79dfd94a nixos/config: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
Felix Buehler
17e93b090e services.murmur: add openFirewall option 2022-07-24 10:32:37 +02:00
Vladimír Čunát
4ba8bc7d40
Merge branch 'master' into staging-next 2022-07-24 09:44:09 +02:00
Sandro Jäckel
98f180b0e3
nixos/hedgedoc: set good default for ldap.tlsca 2022-07-24 04:08:18 +02:00
Sandro Jäckel
1a7f6b4070
nixos/hedgedoc: do not require to set searchAttributes when ldap login is used 2022-07-24 04:08:18 +02:00
github-actions[bot]
b38a1818bc
Merge staging-next into staging 2022-07-23 12:02:12 +00:00
github-actions[bot]
6629a2339e
Merge master into staging-next 2022-07-23 12:01:31 +00:00
Bjørn Forsman
65399c4742 nixos/syncthing: don't leak the secret API key in process listings 2022-07-23 13:59:11 +02:00
Bjørn Forsman
16108ff74a nixos/jenkins-job-builder: set serviceConfig.Type = "oneshot" 
This change allows detecting configuration errors during
switch-to-configuration instead of them being reported asynchronously
*after* switch-to-configuration has exited.

(And update the NixOS test accordingly.)
 2022-07-23 13:30:53 +02:00
Nick Cao
f1a08f54f0
nixos/mautrix-telegram: add lottieconverter to path 2022-07-23 16:43:39 +08:00
Bernardo Meurer
836af9c15e nixos/hqplayerd: allow GPU acceleration 2022-07-22 21:21:46 -07:00
Bernardo Meurer
d66f766cac nixos/roon-server: fix openFirewall 2022-07-22 21:20:50 -07:00
Dan Callaghan
133ebbe46a
nixos/sssd: add an option to enable KCM support 2022-07-23 10:14:09 +10:00
Alois Wohlschlager
fe44207a71
nixos/power-management: run post-resume after suspend-then-hibernate 
The suspend-then-hibernate functionality is implemented by systemd in
the suspend-then-hibernate.target, separately from suspend.target and
hibernate.target. Thus post-resume would not run after resuming from
suspend-then-hibernate.

Fix this by explicitly making post-resume run after
suspend-then-hibernate.
 2022-07-22 18:33:37 +02:00
github-actions[bot]
b4832bac52
Merge staging-next into staging 2022-07-22 15:34:59 +00:00
Artturin
6789222b1c Merge branch 'master' into staging-next 2022-07-22 18:23:16 +03:00
Jörg Thalheim
8807057296 nixos/openldap: drop myself as maintainer 2022-07-22 16:54:13 +02:00
Sandro
8455ba6d64
Merge pull request #181258 from SuperSandro2000/onlyoffice 2022-07-22 16:28:13 +02:00
Martin Weinelt
b5e4c14806 Merge remote-tracking branch 'origin/master' into staging-next 2022-07-22 14:56:01 +02:00
pennae
e4d4b3cd64
Merge pull request #182441 from leungbk/lemmy-whitespace 
services/web-apps/lemmy.nix: Remove space that causes a type error
 2022-07-22 14:30:23 +02:00
Maximilian Bosch
200ce70e63
Merge pull request #180603 from m-bdf/substitute-nix-instantiate 
nixos-generate-config: substitute nix-instantiate
 2022-07-22 14:22:52 +02:00
Maximilian Bosch
779853b52b
Merge pull request #182413 from NetaliDev/pam-mount-fix-refactor 
nixos/pam: refactor pam_mount unmounting fix
 2022-07-22 14:05:44 +02:00
github-actions[bot]
dec2508b80
Merge staging-next into staging 2022-07-22 12:02:21 +00:00
github-actions[bot]
a3ba713cd4
Merge master into staging-next 2022-07-22 12:01:35 +00:00
Maximilian Bosch
ee2413c326
nixos/crowd: store openid password securely 2022-07-22 13:13:12 +02:00
Maximilian Bosch
1f6910b7dd
Merge pull request #182267 from mayflower/confluence-secrets 
nixos/confluence: store crowd SSO password securely
 2022-07-22 13:12:17 +02:00
Maximilian Bosch
85231bbd6e
Merge pull request #182261 from mayflower/mailman-rest-api-pass-file 
nixos/mailman: don't leak MAILMAN_REST_API_PASS into the store
 2022-07-22 13:11:37 +02:00
Ilan Joselevich
d0617a58e2
services/web-apps/lemmy.nix: Remove space that causes a type error 2022-07-22 01:19:28 -07:00
Florian Klink
ad29dc19c1
Merge pull request #182436 from K900/systemd-initrd-fixes 
nixos/systemd: make sure all the device nodes are created in stage1
 2022-07-22 15:06:59 +07:00
Florian Klink
7c119675a3
Merge pull request #179002 from klemensn/move-passwdEntry-type 
move passwdEntry type
 2022-07-22 14:16:57 +07:00
K900
c9183d3738 nixos/systemd: make sure all the device nodes are created in stage1 
The ConditionFileNotEmpty override patch wasn't correct for stage1, which
does have the modules in /lib. So, remove the patch and set
the right path with overrides in the final system.

Also, make sure systemd-tmpfiles-setup-dev is pulled in to create
all the necessary symlinks.
 2022-07-22 10:01:21 +03:00
Netali
93132dc09c
nixos/pam: refactor pam_mount unmounting fix 2022-07-22 04:17:14 +02:00
github-actions[bot]
df9f22a8b8
Merge staging-next into staging 2022-07-22 00:03:25 +00:00
github-actions[bot]
d44e369b44
Merge master into staging-next 2022-07-22 00:02:40 +00:00
Martin Weinelt
457d109dcd
Merge pull request #179597 from Mic92/openldap-path 
[staging] openldap: remove deprecated options, improve encapsulation
 2022-07-22 00:26:32 +02:00
Stig Palmquist
d07f3037e2
nixos/security/pam: fix u2f options leakage 
Fix bug where pam_u2f options would be partially included in other pam.d
files if the module was enable for specific services, resulting in
broken configuration.
 2022-07-21 23:14:09 +02:00
Sandro
98b4daa994
Merge pull request #181881 from SuperSandro2000/searx 2022-07-21 22:39:48 +02:00
Sandro
f7f8721b1e
Merge pull request #162689 from astro/glusterfs 
nixos/glusterfs: exclude hook "S10selinux-label-brick.sh"
 2022-07-21 22:15:00 +02:00
Lassulus
bcd7e09db0
Merge pull request #182204 from helsinki-systems/upd/vdo 
(k)vdo: 8.1.1.360 -> 8.2.0.2
 2022-07-21 21:46:27 +02:00
Sofi
e2b34f0f11
nixos/minecraft-server: let server shutdown cleanly (#182149) 2022-07-21 15:05:43 -04:00
github-actions[bot]
a92f7ed60a
Merge staging-next into staging 2022-07-21 18:02:00 +00:00
talyz
ddf8182d5b
sshd: Don't remove symlinks to host key files 
If a host key file is a symlink pointing to an as of yet non-existent
file, we don't want to remove it, but instead follow the symlink and
create the file at that location.

See https://github.com/nix-community/impermanence/issues/101 for more
information on the issue the original behavior creates.
 2022-07-21 19:15:04 +02:00
Timothy DeHerrera
e8c3d13d00
Merge pull request #181674 from nrdxp/nvidia-udev 
nvidia: improve robustness of udev rules
 2022-07-21 09:00:47 -07:00
Vincent Haupert
539b61ea37 nixos/github-runner: fix capset syscall filtering 
capset(2) is a single system call, not a set of multiple system calls.
 2022-07-21 16:08:15 +02:00
Robert Hensing
9aa588ecc3 nixos/documentation: Add unit test 2022-07-21 15:32:10 +02:00
Robert Hensing
ec3e1c6a3a nixos/documentation: Remove systemd/initrd dependency 
Working towards a unit-testable documentation module.
 2022-07-21 15:32:10 +02:00
Robert Hensing
08e6f45747 nixos: Declare module dependencies 
Working towards a unit-testable documentation module.
 2022-07-21 15:32:10 +02:00
Robert Hensing
5a98c63077 nixos: Move getty helpLine definition to getty module 
Working towards a unit-testable documentation module.
 2022-07-21 15:32:00 +02:00
Robert Hensing
9a0b26b216 nixos/documentation: Make extraModules configurable 2022-07-21 15:31:35 +02:00
Robert Hensing
e135c417bb nixos/documentation: Forward the specialArgs 
This is necessary when generating the complete documenation for
configurations that import modules from the module arguments.
 2022-07-21 15:31:35 +02:00
github-actions[bot]
f09c360345
Merge staging-next into staging 2022-07-21 00:03:40 +00:00
Maximilian Bosch
258060c37d
nixos/confluence: store crowd SSO password securely 
Basically the same as the JIRA change[1], but I figured that we can
actually implement that in a backwards compatible manner.

[1] https://github.com/NixOS/nixpkgs/pull/181715
 2022-07-20 23:11:53 +02:00
Maximilian Bosch
db9937b578
nixos/mailman: don't leak MAILMAN_REST_API_PASS into the store 2022-07-20 22:23:54 +02:00
Maximilian Bosch
501bbad4ce
Merge pull request #182104 from mayflower/mail-exporter-secrets 
nixos/prometheus-mail-exporter: support storing `passphrase` outside of the store, use umask when using envsubst
 2022-07-20 20:42:14 +02:00
Maximilian Bosch
92bd77e85e
nixos/prometheus-mail-exporter: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch
590e60d124
nixos/mxisd: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch
81add6600c
nixos/privacyidea-ldap-proxy: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
ajs124
c386f8658b (k)vdo: 8.1.1.360 -> 8.2.0.2 2022-07-20 15:00:53 +02:00
Maximilian Bosch
39c0694709
nixos/prometheus-mail-exporter: support storing passphrase outside of the store 2022-07-19 17:32:08 +02:00
pennae
7388711363 nixos/resolved: convert option docs to MD 2022-07-19 16:23:57 +02:00
pennae
3fdde45825 nixos/oci-containers: convert option docs to MD 
no changes to the manpages, no rendering changes to the html manual
 2022-07-19 16:23:57 +02:00
pennae
875acd1c2b nixos/qt5: convert option docs to MD 
changing a varlist to an md list changes the rendering slightly.
 2022-07-19 16:23:56 +02:00
github-actions[bot]
f0d5e4f5ad
Merge staging-next into staging 2022-07-19 12:02:34 +00:00
github-actions[bot]
cfe78489c9
Merge master into staging-next 2022-07-19 12:01:43 +00:00
Sandro
bca69a4037
Merge pull request #181867 from newAM/github-runner 
nixos/github-runner: fix systemd defaults for common workflows
 2022-07-19 12:56:17 +02:00
Euan Kemp
f158ac45ef nixos/k3s: use default cgroup-driver again 
Setting `cgroup-driver=systemd` was originally necessary to match with
docker, else the kubelet would not start (#111835)

However, since then, docker support has been dropped from k3s (#177790).
As such, this option is much less necessary.

More importantly, it now seems to be actively causing issues. Due to an
upstream k3s bug, it's resulting in the kubelet and containerd having
different cgroup drivers, which seems to result in some difficult to
debug failure modes.

See
https://github.com/NixOS/nixpkgs/issues/181790#issuecomment-1188840862
for a description of this problem.

Removing this flag entirely seems reasonable to me, and it results in
k3s working again on my machine.
 2022-07-19 02:52:12 -07:00
Wei Tang
b0a0087d53
nixos/flannel: upgrade to etcdv3 (#180315) 2022-07-19 16:09:42 +10:00
github-actions[bot]
1ae70f1c80
Merge staging-next into staging 2022-07-19 06:03:43 +00:00
github-actions[bot]
305e8cb7b8
Merge master into staging-next 2022-07-19 06:03:02 +00:00
Wout Mertens
3ee8d4c909
netdata module: fix ExecStartPost (#181976) 2022-07-19 06:19:18 +02:00
github-actions[bot]
5467a35e74
Merge staging-next into staging 2022-07-19 00:02:54 +00:00
github-actions[bot]
d64d75f2f3
Merge master into staging-next 2022-07-19 00:02:21 +00:00
Artturi
6dc4ee65f7
Merge pull request #179163 from cmm/network-setup-bindTo 
nixos/network-interfaces-scripted: don't bindTo absent network-setup.service
 2022-07-19 01:33:14 +03:00
Joachim F
0640ef2ccc
Merge pull request #180231 from dfithian/heartbeat 
heartbeat service: specify package
 2022-07-18 20:56:08 +02:00
Dan Fithian
49a5377557 heartbeat service: specify package 
Other elastic services can specify the package. Now we can also do it for heartbeat.
 2022-07-18 14:39:22 -04:00
github-actions[bot]
9339fffb65
Merge staging-next into staging 2022-07-18 18:01:57 +00:00
github-actions[bot]
83702a6ef7
Merge master into staging-next 2022-07-18 18:01:14 +00:00
oaksoaj
fc9e22fca1 yggdrasil: add group option back and remove systemd User= directive 
The group configuration parameter allow to share access to yggdrasil
control socket with the users in the system. In the version we propose,
it is null by default so that only root can access the control socket,
but let user create their own group if they need.

Remove User= durective in systemd unit. Should a user with the specified
name already exist in the system, it would be used silently instead of a
dynamic user which could be a security concern.
 2022-07-18 12:56:59 -05:00
oaksoaj
080774e28f yggdrasil: reenable DynamicUser 
Since version 0.4 Yggdrasil works again using systemd's DynamicUser option.
This patch reenables it to improve security.

We tested this with both persistent and non-persistent keys. Everything
seems to work fine.
 2022-07-18 12:56:59 -05:00
Maximilian Bosch
179688c7c8
Merge pull request #181377 from mayflower/mxisd-secrets 
nixos/mxisd: allow passing secrets
 2022-07-18 15:10:49 +02:00
Maximilian Bosch
8b72dae17b
Merge pull request #181528 from Ma27/privacyidea-ldap-proxy-secrets 
nixos/privacyidea: better secret-handling ldap-proxy & RFC42-style settings for ldap-proxy
 2022-07-18 14:19:47 +02:00
github-actions[bot]
a2fce4c651
Merge staging-next into staging 2022-07-18 12:02:35 +00:00
github-actions[bot]
71fe747e70
Merge master into staging-next 2022-07-18 12:01:55 +00:00
Maximilian Bosch
949c334ea9
nixos/privacyidea-ldap-proxy: use list for EnvironmentFile for mergeability 2022-07-18 13:58:08 +02:00
Maximilian Bosch
dab3ae9d8b
Merge pull request #181715 from mayflower/jira-secret-opts 
nixos/atlassian-jira: allow to store SSO password for crowd outside of the Nix store
 2022-07-18 13:53:42 +02:00
Jörg Thalheim
9a020f31aa
Merge pull request #175439 from Mic92/jellyfin 
nixos/jellyfin: better defaults for hardware acceleration
 2022-07-18 12:51:54 +01:00
Maximilian Bosch
c2c82fbe43
nixos/mxisd: use a list for env file for mergeability 2022-07-18 13:47:09 +02:00
Jörg Thalheim
2856eb2046 vault: fix assertions when raft backend is used 2022-07-18 13:12:26 +02:00
Janne Heß
4e0f8f7f44
Merge pull request #181882 from SuperSandro2000/systemd-boot 
nixos/systemd-boot: remove default log message if nothing changes
 2022-07-18 10:02:43 +02:00
Vladimír Čunát
250922fd1e
Merge branch 'master' into staging-next 2022-07-18 08:29:53 +02:00
Alex Martens
c34749dd63 nixos/github-runner: fix systemd defaults for common workflows 2022-07-17 22:02:57 -07:00
Sandro
24aefd2c82
Merge pull request #177240 from Majiir/streamdeck-ui 2022-07-17 23:27:43 +02:00
Sandro Jäckel
4396fd615c
nixos/systemd-boot: remove default log message if nothing changes 2022-07-17 21:46:50 +02:00
Sandro Jäckel
3920bb41f2
nixos/searx: improve searxng compatibility 2022-07-17 21:45:30 +02:00
Sandro
0890c4aef1
Merge pull request #168879 from aidalgol/pass-secret-service-systemd-unit 2022-07-17 16:45:27 +02:00
Bjørn Forsman
0080a93cdf nixos/jenkins-job-builder: create secret file with umask 0077 
IOW, don't make it world readable.
 2022-07-17 15:24:48 +02:00
Robert Hensing
438f6f17de nixos/qemu-vm: Warn when wasting space 2022-07-17 14:56:35 +02:00
Robert Hensing
afc60d017b nixos/qemu-vm: Use disposable EROFS for store when writableStore = false 
This avoids putting a large disk image in the store (and possibly
in a binary cache), while improving runtime performance.

Assuming you're running an SSD, and/or with plenty of cache (?)
it is feasible to preempt the virtualization overhead before
VM start, in single-digit seconds.

For some tests that perform many reads on the store, the improved
performance of EROFS is sufficient that not only the image creation
overhead is compensated for, but is actually faster.

Stats for nixosTests.gitlab:

Baseline without useNixStoreImage: >1000s

Baseline with useNixStoreImage without writableStore = false
ext4 image in store: 277 seconds
  + significant image build time and/or disk space

Disposable erofs image: 249 seconds _including_ image build time

Custom erofs overlay on 9p host store: 391 seconds; presumably
because the overlay still performs too many 9p accesses, or perhaps
some other overhead. This solution had no obvious performance
advantage, while requiring extra options to work, so it was
discarded.
 2022-07-17 14:56:35 +02:00
Majiir Paktu
3ba735cce2 nixos/streamdeck-ui: init 2022-07-16 22:10:33 -04:00
github-actions[bot]
97f117148f
Merge staging-next into staging 2022-07-17 00:02:54 +00:00
github-actions[bot]
8df1eb061a
Merge master into staging-next 2022-07-17 00:02:14 +00:00
Sandro
04a5c30245
Merge pull request #179582 from catap/prl-tools 2022-07-17 01:41:46 +02:00
Sandro
769329f5f8
Merge pull request #172058 from midchildan/improvement/1pw-gid 
nixos/_1password{,-gui}: use a static gid
 2022-07-17 01:21:42 +02:00
Sivizius
5e941caa0d
nixos/cri-o: removed defaultText of internal package-option 2022-07-17 08:04:15 +10:00
Sandro Jäckel
5e297d07aa
nixos/onlyoffice: init 2022-07-16 23:32:07 +02:00
Vladimír Čunát
0879ac5da6
Merge branch 'master' into staging-next 2022-07-16 20:07:05 +02:00
Maximilian Bosch
4adf26f018
nixos/privacyidea-ldap-proxy: always run envsubst 
Otherwise the file doesn't exist at the expected location.
 2022-07-16 14:00:46 +02:00
Kim Lindberger
d012de5b1d
Merge pull request #181401 from yayayayaka/gitlab-bump-git-to-2.35.4 
nixos/gitlab: Bump git to 2.35.4
 2022-07-16 13:37:16 +02:00
Maximilian Bosch
765cc35042
nixos/atlassian-jira: allow to store SSO password for crowd outside of the Nix store 
The option `services.jira.sso.applicationPassword` has been replaced by
`applicationPasswordFile` that needs to be readable by the `jira`-user
or group.

The new `crowd.properties` is created on startup in `~jira` and the
secret is injected into it using `replace-secret`.
 2022-07-16 13:01:29 +02:00
Bjørn Forsman
50eaf82b6f nixos/jenkins-job-builder: fix jenkins authentication 
The current authentication code is broken against newer jenkins:

  jenkins-job-builder-start[1257]: Asking Jenkins to reload config
  jenkins-start[789]: 2022-07-12 14:34:31.148+0000 [id=17]        WARNING hudson.security.csrf.CrumbFilter#doFilter: Found invalid crumb 31e96e52938b51f099a61df9505a4427cb9dca7e35192216755659032a4151df. If you are calling this URL with a script, please use the API Token instead. More information: https://www.jenkins.io/redirect/crumb-cannot-be-used-for-script
  jenkins-start[789]: 2022-07-12 14:34:31.160+0000 [id=17]        WARNING hudson.security.csrf.CrumbFilter#doFilter: No valid crumb was included in request for /reload by admin. Returning 403.
  jenkins-job-builder-start[1357]: curl: (22) The requested URL returned error: 403

Fix it by using `jenkins-cli` instead of messing with `curl`.

This rewrite also prevents leaking the password in process listings. (We
could probably do it without `replace-secret`, assuming `printf` is a
shell built-in, but this implementation should be safe even with shells
not having a built-in `printf`.)

Ref https://github.com/NixOS/nixpkgs/issues/156400.
 2022-07-16 12:30:41 +02:00
Arian van Putten
55bd770662
Merge pull request #167514 from shimunn/pam_u2f_module 
nixos/security/pam: added `origin` option to pamu2f
 2022-07-16 10:56:26 +02:00
Vladimír Čunát
7fbdf335d8
Merge #180368: nixos/i18n: normalise locale names 2022-07-16 09:01:42 +02:00
Timothy DeHerrera
371db36e56
nvidia: improve robustness of udev rules 
fixes #165719
 2022-07-15 19:37:13 -07:00
github-actions[bot]
fa3b53e492
Merge staging-next into staging 2022-07-16 00:03:07 +00:00
github-actions[bot]
fa96a4fa79
Merge master into staging-next 2022-07-16 00:02:26 +00:00
Sandro
2d0f98389f
Merge pull request #175738 from SuperSamus/plasma 2022-07-16 00:56:08 +02:00
Bernardo Meurer
ed0e38f28d
Merge pull request #181625 from lovesegfault/nix-2.10.3 
nix: 2.10.2 -> 2.10.3
 2022-07-15 15:28:41 -07:00
Aaron Andersen
9b01242132
Merge pull request #131261 from bb2020/dlna 
nixos/minidlna: convert to structural settings
 2022-07-15 21:28:19 +02:00
Bernardo Meurer
ea8a1ac198 nix-fallback-paths: 2.10.2 -> 2.10.3 2022-07-15 12:00:56 -07:00
shimun
327d99c0ca
nixos/security/pam: added origin option to pamu2f 2022-07-15 20:38:24 +02:00
github-actions[bot]
8eb75b850f
Merge staging-next into staging 2022-07-15 18:02:01 +00:00
github-actions[bot]
9f53d5cc15
Merge master into staging-next 2022-07-15 18:01:23 +00:00
Sandro
8e45a79ab1
Merge pull request #181579 from NixOS/netdata-module-startpost 
netdata: fix post start for module
 2022-07-15 16:20:55 +02:00
Sandro
475b23340b
Merge pull request #181410 from lilyinstarlight/fix/greetd-default-user 
nixos/greetd: fix minor typo for default user
 2022-07-15 16:12:09 +02:00
github-actions[bot]
9303bacb57
Merge staging-next into staging 2022-07-15 12:01:52 +00:00
github-actions[bot]
a4622e8226
Merge master into staging-next 2022-07-15 12:01:15 +00:00
Lucas Eduardo
e13404895a
nixos/label: add validation for system.nixos.label (#181479) 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2022-07-15 11:45:25 +02:00
Wout Mertens
7f55ee3a53
netdata: fix post start for module 2022-07-15 09:57:13 +02:00
zowoq
e2659eea36 nixos/kubernetes: use copyToRoot instead of deprecated contents 2022-07-15 10:23:06 +10:00
Maximilian Bosch
bccaac9535
nixos/privacyidea: better secret-handling ldap-proxy & RFC42-style settings for ldap-proxy 
Instead of hard-coding a single `configFile` for
`privacyidea-ldap-proxy.service` which is pretty unmergable with other
declarations it now uses a RFC42-like approach. Also to make sure that
secrets can be handled properly without ending up in the Nix store, it's
possible to inject secrets via envsubst

    {
      services.privacyidea.ldap-proxy = {
        enable = true;
        environmentFile = "/run/secrets/ldap-pw";
        settings = {
          privacyidea.instance = "privacyidea.example.org";
          service-account = {
            dn = "uid=readonly,ou=serviceaccounts,dc=example,dc=org";
            password = "$LDAP_PW";
          };
        };
      };
    }

and the following secret file (at `/run/secrets`):

    LDAP_PW=<super-secret ldap pw>

For backwards-compat the old `configFile`-option is kept, but it throws
a deprecation warning and is mutually exclusive with the
`settings`-attrset. Also, it doesn't support secrets injection with
`envsubst` & `environmentFile`.
 2022-07-14 23:51:17 +02:00
Martin Weinelt
b2d57db6c2
Merge pull request #180516 from Atemu/kernel-disable-ashmem 
linux: disable ASHMEM on >= 5.18
 2022-07-14 23:20:26 +02:00
github-actions[bot]
1a74c5d703
Merge master into staging-next 2022-07-14 18:01:27 +00:00
Nick Cao
c543c996a9
nix-fallback-paths.nix: Update to 2.10.2 2022-07-14 23:53:44 +08:00
Elis Hirwing
e4d73b8bdd
Merge pull request #181474 from etu/drop-some-maintainerships 
treewide: Drop myself as maintainer for some packages I don't use
 2022-07-14 15:08:07 +02:00
Elis Hirwing
729fb87ae3
treewide: Drop myself as maintainer for some packages I don't use 2022-07-14 14:39:58 +02:00
github-actions[bot]
e0608ddfd9
Merge master into haskell-updates 2022-07-14 00:15:36 +00:00
Lily Foster
6f5c1bcf7b nixos/greetd: fix minor typo for default user 
It has been like this since the module was added, but it hasn't caused
problems because greetd assumes a default user of "greeter"[1] when it
isn't found anyway

[1]: d700309623/item/greetd/src/config/mod.rs (L127)
 2022-07-13 18:11:16 -04:00
M. A
61e3490c1c nixos/gitlab: Bump git to 2.35.4 
Resolves CVE-2022-29187
 2022-07-13 21:03:46 +00:00
github-actions[bot]
00ec8bc8d3
Merge master into staging-next 2022-07-13 18:01:28 +00:00
Maximilian Bosch
d54d70f166
nixos/mxisd: allow passing secrets 
Suppose you want to provide a LDAP-based directory search to your
homeserver via a service-user with a bind-password. To make sure that
this doesn't end up in the Nix store, it's now possible to set a
substitute for the bindPassword like

    services.mxisd.extraConfig.ldap.connection = {
      # host, bindDn etc.
      bindPassword = "$LDAP_BIND_PW";
    };

and write the actual secret into an environment file that's readable for
`mxisd.service` containing

    LDAP_BIND_PW=<your secret bind pw>

and the following setting in the Nix expression:

    services.mxisd.environmentFile = "/runs/ecrets/mxisd";

(cherry picked from commit aa25ce7aa1a89618e4257fd46c7d20879f54c728)
 2022-07-13 19:19:17 +02:00
Domen Kožar
c46a3dc50a cachix-agent: allow restarts now that deployments are subprocesses 2022-07-13 11:40:54 -05:00
Sandro
a959a2cd26
Merge pull request #180992 from romildo/new.xdg.portal.lxqt 2022-07-13 14:15:09 +02:00
github-actions[bot]
9e8540af02
Merge master into staging-next 2022-07-13 12:01:13 +00:00
illustris
f60f165501 nixos/proxmox-image: use qemu 6.2 for building VMA 2022-07-13 10:44:41 +02:00
Vladimír Čunát
8169a7fce0
Merge branch 'master' into staging-next 2022-07-13 09:57:41 +02:00
José Romildo
7e30ebb2c2 nixos/lxqt: add a module for the lxqt portal 2022-07-12 17:17:39 -03:00
Luflosi
db4fdd6247
nixos/filesystems: skip fsck for bind mounts 
Without this change, configurations like
```nix
fileSystems."/path/to/bindMountedDirectory" = {
  device = "/path/to/originalDirectory";
  options = [ "bind" ];
};
```
will lead to a warning message in `dmesg`:
```
systemd-fstab-generator: Checking was requested for "/path/to/originalDirectory", but it is not a device.
```
This happens because the generated /etc/fstab entry contains a non-zero fsck pass number, which doesn't make sense for a bind mount.
 2022-07-12 16:51:25 +02:00
Sandro
78fff7ed35
Merge pull request #181197 from bjornfor/fix-ddclient-password-leak 2022-07-12 15:13:43 +02:00
github-actions[bot]
446763e8e1
Merge master into staging-next 2022-07-12 12:01:18 +00:00
Martin Weinelt
b7dc3d66c2
Merge pull request #181184 from kittywitch/ha-empty-config-fix 
nixos/home-assistant: make the reload triggers dependent upon cfg.config
 2022-07-12 11:39:39 +02:00
Bjørn Forsman
e0f2f7f9ea nixos/ddclient: don't leak password in process listings 
...by using `replace-secret` instead of `sed` when injecting the
password into the ddclient config file. (Verified with `execsnoop`.)

Ref https://github.com/NixOS/nixpkgs/issues/156400.
 2022-07-12 10:23:40 +02:00
Pascal Wittmann
6d1cabe9d9
Merge pull request #158346 from kurnevsky/i2pd-yggdrasil 
i2pd: add yggdrasil settings
 2022-07-12 10:19:18 +02:00
Alyssa Ross
c3fafea4ed nixos: remove unused "system tarball" modules 
This has all been commented in nixos/release.nix since at least 2015,
so it's not doing us any good to keep it around.
 2022-07-12 07:34:20 +00:00
github-actions[bot]
aef69f5f34
Merge master into staging-next 2022-07-12 06:01:09 +00:00
Aaron Andersen
bf57026e6a
Merge pull request #179511 from jian-lin/fix-force-caddy-reload-config 
nixos/caddy: force caddy to reload config in ExecReload
 2022-07-12 04:53:45 +02:00