Commit Graph

13634 Commits

Author SHA1 Message Date
Markus Kowalewski
2c7f8d56dc
nixos/rxe: use iproute instead of rdma-core
The rdma-core packages dropped rxe_cfg in favour
of iproute's rdma utility (see https://github.com/linux-rdma/rdma-core/pull/678/files)
2020-03-12 22:32:44 +01:00
adisbladis
f3adcbd150
Merge pull request from adisbladis/ntpd-extraconfig
services.ntpd: Add extraConfig parameter
2020-03-12 16:37:25 +00:00
Silvan Mosberger
8f2109cda4
Merge pull request from Infinisil/hostFiles
Introduce `networking.hostFiles` option
2020-03-12 15:56:30 +01:00
adisbladis
63c35a9c28
services.ntpd: Add extraConfig parameter 2020-03-12 14:44:59 +00:00
Léo Gaspard
06bdfc5e32
Merge pull request from matt-snider/master
ankisyncd, nixos/ankisyncd: init at 2.1.0
2020-03-12 11:47:42 +01:00
lewo
cbb21b2a8a
Merge pull request from buckley310/updateDelay
NixOS/auto-upgrade: Add optional randomized delay
2020-03-12 09:06:32 +01:00
Graham Christensen
10f625b3d2
Merge pull request from mmilata/firejail-example
nixos/firejail: add example for wrappedBinaries
2020-03-11 20:28:35 -04:00
Jörg Thalheim
154f9e1bd9
Merge pull request from nyanloutre/vsftpd_pam_fix
nixos/vsftpd: fix missing default pam_service_name
2020-03-11 22:29:43 +00:00
Jörg Thalheim
9aa23e31b3
Merge pull request from talyz/haproxy-fixes
nixos/haproxy: Revive the haproxy user and group
2020-03-11 22:23:13 +00:00
Maximilian Bosch
b7cdb64ac2
treewide: remove myself from a few packages I don't use anymore 2020-03-11 22:29:30 +01:00
nyanloutre
7ab00c48d8
nixos/vsftpd: fix missing default pam_service_name
9458ec4 removed the ftp pam service which was used by default by vsftpd
2020-03-11 21:15:47 +01:00
Maximilian Bosch
f073b74c13
nixos/captive-browser: set chromium's data-dir to a XDG-compliant location
To quote the XDG specification:

     There is a single base directory relative to which user-specific
     data files should be written. This directory is defined by the\
     environment variable $XDG_DATA_HOME.

Rather than adding another directory to $HOME, I think that it's better
to follow this standard to avoid a cluttered home-dir.
2020-03-11 20:17:46 +01:00
talyz
bb7ad853fb nixos/haproxy: Revive the haproxy user and group
Running haproxy with "DynamicUser = true" doesn't really work, since
it prohibits specifying a TLS certificate bundle with limited
permissions. This revives the haproxy user and group, but makes them
dynamically allocated by NixOS, rather than statically allocated. It
also adds options to specify which user and group haproxy runs as.
2020-03-11 19:52:37 +01:00
Silvan Mosberger
fc2b132c94
Merge pull request from mmilata/rename-fix-module-path
nixos: fix module paths in rename.nix
2020-03-11 19:35:40 +01:00
Martin Milata
d08ede042b nixos: fix module paths in rename.nix 2020-03-11 15:59:22 +01:00
Florian Klink
3d1079a20d nixos/zerotierone: switch from manually generating the .link file to use the module
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.

With our module fixed, there's no need to manually manage the text file
anymore.
2020-03-11 10:21:37 +01:00
Florian Klink
36ef112a47 nixos/networkd: respect systemd.network.links also with disabled systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.
2020-03-11 10:21:37 +01:00
Edward Tjörnhammar
b155a62dad nixos/lightdm-tiny-greeter: init module 2020-03-11 08:12:35 +00:00
Jan Tojnar
6bba9428d9
Merge pull request from jtojnar/malcontent-0.6
malcontent: 0.4.0 → 0.6.0
2020-03-11 04:08:59 +01:00
Jan Tojnar
31dd8332bc
nixos/malcontent: init 2020-03-10 23:30:20 +01:00
Jesper Geertsen Jonsson
b42babd160 nixos/netdata: add module package option 2020-03-10 23:06:01 +01:00
Matt Snider
acba458b7e nixos/ankisyncd: init at 2.1.0 2020-03-10 22:45:33 +01:00
Aaron Andersen
641b94bdd0 nixos/mysql: add settings and configFile options 2020-03-10 15:15:11 -04:00
Linus Heckemann
dfc70d37f4
Merge pull request from mayflower/radius-http2
FreeRADIUS improvements
2020-03-10 16:01:46 +01:00
Linus Heckemann
065716ab95 nixos/freeradius: depend on network.target, not online 2020-03-10 15:54:29 +01:00
Linus Heckemann
0587329191 freeradius: make debug logging optional 2020-03-10 15:54:02 +01:00
adisbladis
6fcce60fd5
Merge pull request from adisbladis/switch-to-configuration-manual
switch-to-configuration: Add new option X-OnlyManualStart
2020-03-10 11:17:33 +00:00
Martin Milata
1affd47cc1 nixos/supybot: python3 switch, add plugin options
Python2 seems to be no longer supported by limnoria upstream.
2020-03-09 23:32:54 +01:00
Martin Milata
57f5fb62d4 nixos/supybot: enable systemd sandboxing options 2020-03-09 23:32:54 +01:00
Martin Milata
b150e08169 nixos/supybot: stateDir in /var/lib, use tmpfiles
Moving the stateDir is needed in order to use ProtectSystem=strict
systemd option.
2020-03-09 23:29:04 +01:00
adisbladis
db6c94304f
switch-to-configuration: Add new option X-OnlyManualStart
This is to facilitate units that should _only_ be manually started and
not activated when a configuration is switched to.

More specifically this is to be used by the new Nixops deploy-*
targets created in https://github.com/NixOS/nixops/pull/1245 that are
triggered by Nixops before/after switch-to-configuration is called.
2020-03-09 11:28:07 +00:00
zimbatm
cc90ececa7
environment.etc: fix typo 2020-03-09 12:01:41 +01:00
Florian Klink
dceec409cc nixos/cage: move ConditionPathExists to service config
It doesn't belong into [Service]:
> Unknown key name 'ConditionPathExists' in section 'Service', ignoring.
2020-03-09 00:47:49 +01:00
Dmitry Kalinkin
93745d243b
Merge pull request from danielfullmer/zoneminder-1.34.2
zoneminder: 1.32.3 -> 1.34.3
2020-03-07 13:25:17 -05:00
Daniel Fullmer
cb5da4eacb nixos/zoneminder: update on startup if needed 2020-03-07 12:59:39 -05:00
Silvan Mosberger
4f69262c19
Merge pull request from mweinelt/pr/acme-chmod
nixos/acme: apply chmod and ownership unconditionally
2020-03-07 03:24:46 +01:00
Silvan Mosberger
64ee425a01
nixos/cjdns: Fix connectTo example rendering 2020-03-07 02:01:41 +01:00
Silvan Mosberger
1906320e68
nixos/cjdns: Don't use IFD for extra hosts 2020-03-07 02:01:19 +01:00
Silvan Mosberger
ec6e4db6e4
nixos/networking: Add hostFiles option
When blocklists are built with a derivation, using extraHosts would
require IFD, since the result of the derivation needs to be converted to
a string again.

By introducing this option no IFD is needed for such use-cases, since
the fetched files can be assigned directly.
2020-03-07 01:53:31 +01:00
Lancelot SIX
74c0ce5376
Merge pull request from atlaua/lr/wg-typo
nixos/wireguard: Fix typo in error message
2020-03-06 22:43:32 +01:00
Luis Ressel
b19c485b22
nixos/wireguard: Fix typo in error message
generatePrivateKey -> generatePrivateKeyFile
2020-03-06 16:19:23 +01:00
Jörg Thalheim
391b7b31d8
Merge pull request from emilazy/nginx-use-mozilla-tls-config
nixos/nginx: use Mozilla Intermediate TLS configuration
2020-03-06 14:30:28 +00:00
Jörg Thalheim
87ae01e70b
Merge pull request from alexbakker/fix-55221
uwsgi: use pyhome instead of pythonpath for uwsgi vassals
2020-03-06 13:16:26 +00:00
Emily
4ed98d69ed nixos/nginx: use Mozilla Intermediate TLS configuration
The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate
is reliably kept up-to-date in terms of security and compatible with a
wide range of clients. They've probably had more care and thought put
into them than our defaults, and will be easier to keep updated in
the future.

The only removed (rather than changed) configuration option here is
ssl_ecdh_curve, per https://github.com/mozilla/server-side-tls/issues/189.

Resolves .
2020-03-06 13:08:56 +00:00
Silvan Mosberger
dc70633913
Merge pull request from ju1m/shorewall_fix_RestartTriggers
shorewall: fix RestartTriggers
2020-03-06 11:58:35 +01:00
Martin Milata
421a18f42b nixos/prometheus-mikrotik-exporter: init 2020-03-06 10:39:05 +01:00
Matthew Bauer
1265615594 gtk-icon-cache: get native gtk3 for icon cache 2020-03-06 00:45:48 -05:00
Martin Milata
e7ed7901a8 nixos/prometheus-mail-exporter: misc fixes
- Fix misspelled option. mkRenamedOptionModule is not used because the
   option hasn't really worked before.
 - Add missing cfg.telemetryPath arg to ExecStart.
 - Fix mkdir invocation in test.
2020-03-06 01:44:05 +01:00
Martin Milata
3b5cf35e8b nixos/prometheus-mail-exporter: fix assertion
The assertion was printed when user explicitly defined only the
configFile option.
2020-03-06 01:44:05 +01:00
Martin Milata
2a080ac434 nixos/prometheus-snmp-exporter: fix assertion
The assertion was printed when user explicitly defined only the
configurationPath option.
2020-03-06 01:43:20 +01:00
Martin Milata
87f87fb3e9 nixos/prometheus-snmp-exporter: update log options
The allowed values have changed in bd3319d28c.

0.15:
      --log.level="info"        Only log messages with the given severity or above. Valid levels: [debug, info, warn, error, fatal]
      --log.format="logger:stderr"
                                Set the log target and format. Example: "logger:syslog?appname=bob&local=7" or "logger:stdout?json=true"

0.17:
      --log.level=info          Only log messages with the given severity or above. One of: [debug, info, warn, error]
      --log.format=logfmt       Output format of log messages. One of: [logfmt, json]
2020-03-06 01:43:20 +01:00
Martin Milata
0ac24ccf2a nixos/prometheus-*-exporter: escape shell args 2020-03-06 01:43:20 +01:00
Andrew Childs
ce416779bb nixos/activation: use eval-config's system argument for nesting
This avoids a possible surprise if the user is using `nixpkgs.system`
and `nesting.children`. `nesting.children` is expected to ignore all
parent configuration so we shouldn't propagate the user-facing option
`nixpkgs.system`. To avoid doing so, we introduce a new internal
option for holding the value passed to eval-config.nix, and use that
when recursing for nesting.
2020-03-05 20:28:31 +09:00
David Guibert
bbc2cd89ef users.groups.disnix instead of a list
related to .
2020-03-05 09:08:40 +01:00
Julien Moutinho
47f27938e7 shorewall: fix RestartTriggers 2020-03-05 00:01:44 +01:00
Alexander Bakker
7bbf7fa693 uwsgi: use pyhome instead of pythonpath for uwsgi vassals 2020-03-04 20:20:32 +01:00
Silvan Mosberger
b38344b54c
Merge pull request from yegortimoshenko/acme-fullchain-force-symlink
nixos/acme: force symlink from fullchain.pem to cert.pem
2020-03-04 19:33:39 +01:00
Michele Guerini Rocco
481a4e938e
Merge pull request from thatsmydoing/multiport-nat
nixos/nat: fix multiple destination ports with loopback
2020-03-04 19:12:25 +01:00
Jörg Thalheim
bbbf224c7d
Merge pull request from Mic92/zfs
nixos/zfs: continue trimming also if one pool fails
2020-03-04 11:44:57 +00:00
Maximilian Bosch
7f9131f260
Merge pull request from NinjaTrappeur/nin-networkd-policy-rules
nixos/networkd: add RoutingPolicyRules-related options
2020-03-04 12:29:29 +01:00
Yegor Timoshenko
c32da2ed9c nixos/acme: force symlink from fullchain.pem to cert.pem
Co-authored-by: emily <vcs@emily.moe>
2020-03-04 12:52:12 +03:00
Thomas Dy
97a61c8903 nixos/nat: fix multiple destination ports with loopback 2020-03-04 18:11:31 +09:00
Sean Buckley
9d3aa711fe NixOS/auto-upgrade: refine option description 2020-03-03 22:14:31 -05:00
Florian Klink
407be0a577
Merge pull request from flokli/add-cage
nixos/cage: init
2020-03-03 12:04:33 -08:00
Robert Hensing
6734e58da3
Merge pull request from hercules-ci/fix-service-runner-quotes
nixos/service-runner.nix: Allow quotes in commands + test
2020-03-03 14:31:00 +01:00
Jörg Thalheim
8f543ed80d
nixos/zfs: continue trimming also if one pool fails
fixes https://github.com/NixOS/nixpkgs/issues/81602
2020-03-03 11:22:07 +00:00
Yegor Timoshenko
c16f2218da
Merge pull request from emilazy/acme-must-staple
nixos/acme: Must-Staple and extra flags
2020-03-03 03:57:40 +03:00
Yegor Timoshenko
31aefc74c5
Merge pull request from emilazy/adjust-acme
nixos/acme: adjust renewal timer options
2020-03-03 03:49:33 +03:00
Matthew Bauer
e0e4d591cc nixos/cage: init
Add a cage module to nixos. This can be used to make kiosk-style
systems that boot directly to a single application. The user (demo by
default) is automatically logged in by this service and the
program (xterm by default) is automatically started.

This is useful for some embedded, single-user systems where we want
automatic booting. To keep the system secure, the user should have
limited privileges.

Based on the service provided in the Cage wiki here:

https://github.com/Hjdskes/cage/wiki/Starting-Cage-on-boot-with-systemd

Co-Authored-By: Florian Klink <flokli@flokli.de>
2020-03-02 13:43:20 -08:00
WilliButz
eaef96093a
prometheus-nginx-exporter: 0.5.0 -> 0.6.0 ()
* prometheus-nginx-exporter: 0.5.0 -> 0.6.0

* nixos/prometheus-nginx-exporter: update for 0.6.0

Added new option constLabels and updated virtualHost name in the
exporter's test.
2020-03-02 14:48:40 -05:00
Maximilian Bosch
70325e63d8
Merge pull request from NixOS/fix-predictable-ifnames-in-initrd
nixos/stage-1: fix predictable interface names in initrd
2020-03-02 17:14:06 +01:00
Andreas Rammhold
ca5048cba4
Merge pull request from mrkkrp/mk/add-nix-store-gcs-proxy-service
Add nix-store-gcs-proxy service
2020-03-02 16:04:16 +01:00
Mark Karpov
96b472e95d
module/nix-store-gcs-proxy: init 2020-03-02 16:01:14 +01:00
Félix Baylac-Jacqué
9897d83f58 nixos/networkd: test routingPolicyRules with a nixos vm test 2020-03-02 15:37:40 +01:00
Jörg Thalheim
2c5ffb5c7a
Merge pull request from Mic92/home-assistant
nixos/home-assistant: 0.104.3 -> 0.106.0
2020-03-02 10:55:35 +00:00
Benjamin Staffin
3a2790c342 services.mailman: RemainAfterExit so settings take effect properly
Prior to this fix, changes to certain settings would not be applied
automatically and users would have to know to manually restart the
affected service.  A prime example of this is
`services.mailman.hyperkitty.baseUrl`, or various things that affect
`mailman3/settings.py`
2020-03-02 02:25:20 +00:00
obadz
c31958449f
Merge pull request from danielfullmer/zerotier-mac-fix
nixos/zerotierone: prevent systemd from changing MAC address
2020-03-01 18:49:00 -07:00
Félix Baylac-Jacqué
611d765b76 nixos/networkd: Add the RoutingPolicyRule-related options 2020-03-01 14:52:36 -08:00
José Romildo Malaquias
74f5358f13
Merge pull request from eadwu/nvidia/prime-render-offload
nvidia: prime render offload
2020-03-01 14:28:57 -03:00
worldofpeace
0bbada3a07
Merge pull request from worldofpeace/pantheon-doc
nixos/pantheon: add docs
2020-03-01 16:56:55 +00:00
worldofpeace
21c971a732
Merge pull request from tilpner/gitdaemon-usercreation
nixos/git-daemon: only create git user if it will be used
2020-03-01 13:40:57 +00:00
Yegor Timoshenko
98cbc40570
Merge pull request from mweinelt/pr/acme-autostart
nixos/acme: renew after rebuild and on boot
2020-03-01 15:46:31 +03:00
Jörg Thalheim
1b92a08a71
Merge pull request from Mic92/sslh
nixos/sslh: don't run as nogroup
2020-03-01 12:18:09 +00:00
worldofpeace
e906014d4b
Merge pull request from worldofpeace/rngd-cleanup-shutdown
nixos/rngd: fix clean shutdown
2020-03-01 11:44:22 +00:00
Martin Weinelt
3575555fa8
nixos/acme: apply chmod and ownership unconditionally
Also separate directory and file permissions so the certificate files
don't end up with the executable bit.

Fixes 
2020-02-29 20:17:14 +01:00
Martin Milata
96e36bf1ba nixos/firejail: add example for wrappedBinaries 2020-02-29 19:06:28 +01:00
Emily
ffb7b984b2 nixos/acme: add extraLegoRenewFlags option 2020-02-29 16:44:04 +00:00
Emily
b522aeda5a nixos/acme: add ocspMustStaple option 2020-02-29 16:44:04 +00:00
Emily
7b14bbd734 nixos/acme: adjust renewal timer options
The current weekly setting causes every NixOS server to try to renew
its certificate at midnight on the dot on Monday. This contributes to
the general problem of periodic load spikes for Let's Encrypt; NixOS
is probably not a major contributor to that problem, but we can lead by
example by picking good defaults here.

The values here were chosen after consulting with @yuriks, an SRE at
Let's Encrypt:

* Randomize the time certificates are renewed within a 24 hour period.

* Check for renewal every 24 hours, to ensure the certificate is always
  renewed before an expiry notice is sent out.

* Increase the AccuracySec (thus lowering the accuracy(!)), so that
  systemd can coalesce the renewal with other timers being run.

  (You might be worried that this would defeat the purpose of the time
  skewing, but systemd is documented as avoiding this by picking a
  random time.)
2020-02-29 14:03:36 +00:00
Martin Weinelt
5ff9441471
nixos/acme: renew after rebuild and on boot
Fixes 
2020-02-29 14:40:34 +01:00
worldofpeace
3be04570e0 nixos/pantheon: add docs 2020-02-28 19:43:18 -05:00
Florian
519d4f8e33 airsonic: enable nginx.recommendedProxySettings with virtualHost
This fixes music playback when using the `services.airsonic.virtualHost`
option.
2020-02-28 19:38:58 +01:00
Sean Buckley
14a1aa4a3d
NixOS/auto-upgrade: fix wording
Co-Authored-By: Pascal Hertleif <killercup@gmail.com>
2020-02-28 12:03:41 -05:00
Jörg Thalheim
8b7f4fa8a6
nixos/buildkite-agents: don't run as nogroup 2020-02-28 15:34:37 +00:00
Jörg Thalheim
9218a58964
nixos/sslh: don't run as nogroup
See 
2020-02-28 15:32:36 +00:00
Jörg Thalheim
ee2ea82a68
nixos/home-assistant: make config deep mergeable
This make it possible to split the home-assistant configuration
across multiple files and nix will merge the option in an intuitive
way.
2020-02-28 15:32:03 +00:00
WilliButz
68410b08be
nixos/codimd: update useCDN default to false 2020-02-28 14:36:46 +01:00
Robert Hensing
43521ac965 nixos/service-runner.nix: Allow quotes in commands + test 2020-02-28 14:26:29 +01:00
Sean Buckley
b6cad64ef6 NixOS/auto-upgrade: Add optional randomized delay 2020-02-27 16:40:10 -05:00
worldofpeace
76f4f6b95d
Merge pull request from lovesegfault/tlp-1.3.1
tlp: 1.2.2 -> 1.3.1
2020-02-27 19:43:14 +00:00
Bernardo Meurer
ee7becd918
nixos/tlp: revamp 2020-02-27 09:58:51 -08:00
Thomas Tuegel
d3e3cc1225
nixos/plasma5: Fix activation script when XDG_CONFIG_HOME is unset
Fixes 
2020-02-27 09:48:58 -06:00
Andrew Childs
b83164a049 nixos/activation: propagate system to nested configurations
The current behavior lets `system` default to
`builtins.currentSystem`. The system value specified to
`eval-config.nix` has very low precedence, so this should compose
properly.

Fixes 
2020-02-27 23:57:44 +09:00
Daniel Schaefer
39ed5ff74c
Merge pull request from mmilata/hunspell-pathstolink
nixos: add /share/hunspell to environment.pathsToLink
2020-02-27 09:23:08 +01:00
Aaron Andersen
4d67db3101
Merge pull request from BBBSnowball/pull-load-imagick-once
nixos/nextcloud: avoid loading imagick extension more than once
2020-02-26 17:17:55 -05:00
Franz Pletz
2dff70f0f3
Merge pull request from bachp/nextcloud-x-frame-warning
nixos/nextcloud: prevent warning about missing X-Frame-Option
2020-02-26 17:37:38 +00:00
Vladimír Čunát
5f881209f9
nixos/kresd: never force extraFeatures = false
Fixes .  Regressed in PR  (26858063).
2020-02-26 15:10:53 +01:00
tilpner
6df119a6ec
nixos/git-daemon: only create git user if it will be used 2020-02-26 15:04:36 +01:00
Silvan Mosberger
5f37069888
Merge pull request from emilazy/acme-fullchain
nixos/acme: move the crt to fullchain.pem
2020-02-26 00:48:53 +01:00
Martin Milata
9b0a9577f7 nixos/parsoid: enable systemd sandboxing 2020-02-25 01:32:31 +01:00
Martin Milata
3b27f4d945 nixos/parsoid: fix package name
Original package was removed in 2b8cde0ce2.
2020-02-25 01:32:30 +01:00
Pascal Bach
119a7aae50 nixos/nextcloud: prevent warning about missing X-Frame-Option 2020-02-24 22:07:24 +01:00
Jörg Thalheim
ee08bd8dec
Merge pull request from Mic92/netdata
netdata: 1.19.0 -> 1.20.0
2020-02-24 17:24:19 +00:00
Jörg Thalheim
8cfd003295
stubby: configure cache directory
This is needed for local dnssec validation
2020-02-24 10:51:43 +00:00
Eelco Dolstra
21a3b141c3
nix-fallback-paths.nix: Fix x86_64-linux path
https://github.com/NixOS/nix/issues/3370
2020-02-24 10:16:26 +01:00
Silvan Mosberger
6d92e54174 nixos/transmission: Allow others to read the directory
Directory mode 755 is standard for running services. Without this,
downloadDirPermissions doesn't have any use since other users can't even
look inside the main transmission directory
2020-02-24 08:03:21 +01:00
worldofpeace
fa76150235 nixos/rngd: fix clean shutdown
It seems disabling DefaultDependencies
removes these implicit dependencies [0] that
we needed for shutdown to happen cleanly.

Fixes 

[0]: https://www.freedesktop.org/software/systemd/man/systemd.service.html#Default%20Dependencies
2020-02-23 18:53:52 -05:00
tobim
44a4a3839c
nixos/gdm: Fix pulseaudio tmpfiles structure ()
* nixos/gdm: Fix pulseaudio tmpfiles structure

Fix the following startup failure of the sound service in the gdm
session that was introduced by :
```
Feb 16 11:44:15 qp pulseaudio[1432]: W: [pulseaudio] core-util.c: Failed to open configuration file '/run/gdm/.config/pulse//daemon.conf': Not a directory
Feb 16 11:44:15 qp pulseaudio[1432]: W: [pulseaudio] daemon-conf.c: Failed to open configuration file: Not a directory
Feb 16 11:44:15 qp systemd[1380]: pulseaudio.service: Main process exited, code=exited, status=1/FAILURE
Feb 16 11:44:15 qp systemd[1380]: pulseaudio.service: Failed with result 'exit-code'.
Feb 16 11:44:15 qp systemd[1380]: Failed to start Sound Service.
```

Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-02-23 07:50:19 -05:00
worldofpeace
65bdc05ae8
Merge pull request from worldofpeace/update-gnome3-iso-expression
installation-cd-graphical-gnome: updates
2020-02-23 07:39:48 -05:00
worldofpeace
ad4565caa1 installation-cd-graphical-gnome: updates
Note we're not using wayland default in the graphical media because it
could cause headaches for Nvidia users. But the session is still available
if someone logs out.
2020-02-23 07:17:37 -05:00
Emily
8ecbd97f82 nixos/acme: move the crt to fullchain.pem
lego already bundles the chain with the certificate,[1] so the current
code, designed for simp_le, was resulting in duplicate certificate
chains, manifesting as "Chain issues: Incorrect order, Extra certs" on
the Qualys SSL Server Test.

cert.pem stays around as a symlink for backwards compatibility.

[1] 5cdc0002e9/acme/api/certificate.go (L40-L44)
2020-02-23 04:10:34 +00:00
worldofpeace
2442f99d40
Revert "Theming options for Gtk and Qt" 2020-02-22 20:42:27 -05:00
Benjamin Koch
db32158bbd nixos/nextcloud: avoid loading imagick extension more than once
This avoids the following error message:
  Module 'imagick' already loaded at Unknown#0
2020-02-23 00:40:49 +00:00
markuskowa
74dcd1c637
Merge pull request from ikervagyok/slurm
Slurm: improve RDMA capability
2020-02-22 17:33:47 +01:00
Yegor Timoshenko
ab88bb26d1
Merge pull request from mmahut/vboximg
nixos/virtualbox-image: add params
2020-02-22 17:35:05 +03:00
Michele Guerini Rocco
02bbaaddc8
Merge pull request from ikervagyok/wg
nixos/wireguard: fix wireguard service as well after it got upstreamed
2020-02-22 10:20:13 +01:00
Lengyel Balazs
50fb52d4e1 fix wireguard service as well after it got upstreamed. 2020-02-22 00:32:15 +01:00
Michele Guerini Rocco
802a528d38
Merge pull request from gnidorah/theming
Theming options for Gtk and Qt
2020-02-21 18:52:52 +01:00
gnidorah
956c60eda8 nixos/qt: support theming qt4 2020-02-21 18:57:56 +03:00
gnidorah
1bd7ea84ad nixos/qt5: rename to qt 2020-02-21 18:57:56 +03:00
gnidorah
379c3f685c nixos/qt5: extend qt5 theming support 2020-02-21 18:57:56 +03:00
gnidorah
23107a32c4 nixos/qt5: refactor to support more platform themes 2020-02-21 18:57:56 +03:00
gnidorah
193e2ed86e nixos/gtk: init 2020-02-21 18:57:56 +03:00
Marek Mahut
be255392dd nixos/virtualbox-image: add params 2020-02-21 16:53:32 +01:00
Silvan Mosberger
368d84aafa
Merge pull request from serokell/yorickvp/fix-bk-agent-hooks
nixos/buildkite-agents: fix hooksDir assertion
2020-02-21 12:00:05 +01:00
Lengyel Balázs
dc71384f67 SLURM/NixOS: increase ulimit for IB/RDMA 2020-02-21 11:32:16 +01:00
Jörg Thalheim
1ddb140d95
Merge pull request from netixx/openvswitch-improved-systemd
openvswitch: better integration with systemd
2020-02-21 08:24:49 +00:00
Jan Tojnar
c1b45ef401
Merge pull request from cole-h/fish
nixos/fish: fix completions patch
2020-02-20 07:43:25 +01:00
Edward Tjörnhammar
9bab9e2ec6
nixos/i2pd: address
As a comment to 1d61efb7f1
Note that collect returns a list from a set
2020-02-19 13:15:28 +01:00
Yorick van Pelt
1b351f81f4
nixos/buildkite-agents: fix hooksDir assertion 2020-02-19 12:22:35 +01:00
Michele Guerini Rocco
d4c0e72071
Merge pull request from ben0x539/encrypted-devices-loa-warning
silence warning from  in encrypted-devices.nix
2020-02-19 12:15:19 +01:00
Benjamin Herr
0f5acc5ebe silence warning from in encrypted-devices.nix 2020-02-18 20:58:40 -08:00
Eelco Dolstra
3c47f78e82
nix: 2.3.2 -> 2.3.3 2020-02-19 01:54:25 +01:00
worldofpeace
af73425b82 nixos/mate: debugging via environment variable 2020-02-18 16:34:26 -05:00
worldofpeace
b9db3f8ca0 nixos/mate: use upstream session 2020-02-18 16:30:09 -05:00
Thomas Tuegel
b3a47c62fb
Merge pull request from Mic92/zshenv
Revert "zsh: don't clobber the environment of non-login shells"
2020-02-18 11:48:39 -06:00
David Wood
60a3d9dd6b nixos/jirefeau: add services.jirafeau module
Signed-off-by: David Wood <david.wood@codeplay.com>
2020-02-18 09:37:44 -08:00
Cole Helbling
f518e280b1
nixos/fish: fix completions patch
Upstream decided to split the lines we were patching out, so the patch
would fail.
2020-02-18 08:58:11 -08:00
Jörg Thalheim
55819e6c86
Revert "zsh: don't clobber the environment of non-login shells"
This reverts commit 6a756af3e7.

Currently zshenv by default only set fpath and HELPDIR without exporting them.
A parent shell would also not set those variables usually as they are shell local.

It also sources a file called set-environment but this is protected by an
environment variable called __NIXOS_SET_ENVIRONMENT_DONE. Hence any modification
done by the parent shell should persist as long as __NIXOS_SET_ENVIRONMENT_DONE
is not unset.

This behavior deviates from what we do in bashrc and breaks common setups such
as tmux/mosh or screen.

Fixes 
2020-02-18 15:52:21 +00:00
José Romildo Malaquias
0bcd9a5262
Merge pull request from romildo/upd.mate
mate: update to version 1.24.0
2020-02-18 11:15:10 -03:00
Jörg Thalheim
7448211021
Merge pull request from Mic92/redis
nixos/redis: add requirePassFile option
2020-02-17 21:28:04 +00:00
Martin Milata
d85c885dc4 nixos: add /share/hunspell to environment.pathsToLink
So that applications can find hunspell dictionaries installed through
environment.systemPackages.
2020-02-17 03:35:06 +01:00
Silvan Mosberger
06d18a5737
Merge pull request from CRTified/fix/issue-76620
docker-containers: Move ExecStartPre/ExecStopPost to preStart/postStop
2020-02-16 21:24:05 +01:00
Julien Moutinho
f9be656873
shorewall: fix warnings due to types.loaOf being deprecated () 2020-02-16 12:53:49 +02:00
CRTified
c83cc9c364 nixos/docker-containers: Move ExecStartPre/ExecStopPost to preStart/postStop
This commit fixes . It moves ExecStartPre and ExecStopPost to
preStart and postStop, as these options are composable. It thus allows
adding additional initialisation scripts or cleanup scripts to the systemd
unit of the docker container.
2020-02-15 23:16:43 +01:00
gtgteq
c359c6959a
nixos/postgresql: Change local auth method from ident to peer () 2020-02-15 23:55:35 +02:00
Benjamin Staffin
4c5ea02dc5
grub: Update extraConfig example text ()
This expands the example to something one might actually want to use
to set up a serial console.
2020-02-15 16:45:47 -05:00
Eelco Dolstra
f0f040c3f7 nixos/modules/misc/version.nix: Don't parse .git
This leads to inconsistent results between local builds and
Hydra. Also Nix is not a general purpose language, we shouldn't be
parsing .git from inside Nix code.
2020-02-15 20:16:14 +01:00
Eelco Dolstra
a5f883e535 nixos/modules/installer/cd-dvd/channel.nix: Handle null config.system.nixos.revision 2020-02-15 20:16:14 +01:00
Maximilian Bosch
c391343fcd
nixos/nixos-build-vms: switch to python test-driver
In 0945178b3c we decided that Perl-based
VM tests should be deprecated and will be removed between 20.03 and
20.09. So let's switch `nixos-build-vms(8)` to python as well (which is
entirely interactive, so other scripts won't break).

In my experience, the test-driver isn't used most of the time, so this
patch is mainly supposed to get rid of the (probably misleading)
deprecation warning when running `nixos-build-vms`. Apart from that, the
interface for python's test-driver is way nicer.
2020-02-15 19:35:17 +01:00
Maximilian Bosch
6c63107872
nixos/manual: fix build 2020-02-15 19:18:06 +01:00
Jörg Thalheim
466c1df3e2
Merge pull request from Mic92/knot
nixos/knot: add keyFiles option
2020-02-15 11:15:03 +00:00
rnhmjoj
dea79b56f7
nixos/boot: add option to disable initrd 2020-02-15 12:13:33 +01:00
Atemu
08ac06edba
docker-containers: Add autoStart option ()
This option allows the user to control whether or not the docker container is
automatically started on boot. The previous default behavior (true) is preserved
2020-02-15 00:57:31 +02:00
José Romildo Malaquias
ba42fef9a7 nixos/mate: add yelp to systemPackages
Without this the Contents item in the Help menu of applications fails
to launch.
2020-02-14 18:31:52 -03:00
Danylo Hlynskyi
5443eee47c
nixos/postgresql: support 0750 for data directory ()
* nixos/postgresql: support 0750 for data directory

This is rework of part of https://github.com/NixOS/nixpkgs/pull/46670.
My usecase was to be able to inspect PG datadir as wheel user.

PG11 now allows starting server with 0750 mask for data dir.
`groupAccess = true` now does this automatically. The only thing you have to do
is to set group ownership.

For PG10 and below, I've described a hack how this can be done. Before this PR
hack was impossible. The hack isn't ideal, because there is short
period of time when dir mode is 0700, so I didn't want to make it official.

Test/example is present too.

* postgresql: allow changing initidb arguments via module system

Closes https://github.com/NixOS/nixpkgs/issues/18829

+ some cleanups

* addressed review comments and some fixes

* whoops

* change groupAccess to tristate, to not force `chmod` on dataDir.

Making mask either 0700 or 0750 is too restrictive..

* WIP

* let's not support group mode for versions pre-11.

The only fix is to change mode to 0700 before start, because otherwise postgresql
doesn't start, and error is non-obvious.
2020-02-14 20:51:20 +02:00
danbst
84535e0a47 let's not support group mode for versions pre-11.
The only fix is to change mode to 0700 before start, because otherwise postgresql
doesn't start, and error is non-obvious.
2020-02-14 19:16:34 +02:00
danbst
2c77c53487 Merge branch 'master' into postgresql_group 2020-02-14 19:00:52 +02:00
snicket2100
50a597cd7a
installation-cd-graphical-base.nix: adding git () 2020-02-14 18:52:18 +02:00
Symphorien Gibol
5359d90b15 nixos/btrfs: make autoScrub not prevent shutdown or suspend
Fixes:  
2020-02-14 12:00:00 +00:00
Michele Guerini Rocco
3d3392a492
Merge pull request from crabtw/master
nixos/pppd: fix build error
2020-02-14 10:50:47 +01:00
Michele Guerini Rocco
66b5b29977
Merge pull request from rnhmjoj/alsa
nixos/alsa: replace list by attrset in environment.etc
2020-02-14 09:40:41 +01:00
Jyun-Yan You
0f8d1ac47d nixos/pppd: fix build error 2020-02-14 12:51:50 +08:00
rnhmjoj
f01bcccd25
nixos/unclutter: fix remaining typo 2020-02-14 01:28:03 +01:00
rnhmjoj
2ad680ac73
nixos/alsa: replace list by attrset in environment.etc 2020-02-14 01:17:18 +01:00
Florian Klink
7564f4faf3
Merge pull request from serokell/mkaito/caddy-restart
nixos/caddy: resync with upstream unit file
2020-02-13 23:26:11 +01:00
Florian Klink
aaa1c7b28f
Merge pull request from primeos/brightnessctl-systemd-support
brightnessctl: Add systemd support
2020-02-13 23:14:20 +01:00
Symphorien Gibol
44fd320c0f nixos/iodine: protect passwordFiles with toString
It should prevent copying the files to a store path
2020-02-13 21:30:14 +01:00
Jörg Thalheim
9cfe5a7a54
nixos/redis: add requirePassFile option
Avoids having the password in the nix store.
2020-02-13 17:06:35 +00:00
Graham Christensen
ddd09101c5
Merge pull request from grahamc/nixos-enter-fd2
nixos-enter: redirect to fd2 instead of a file named /dev/stderr
2020-02-13 11:39:35 -05:00
Jörg Thalheim
b300ccd7f3
Merge pull request from dtzWill/update/iwd-1.5
ell,iwd: 0.28, 1.5, minor touchups, drop tmpfiles snippet
2020-02-13 10:53:51 +00:00
Michele Guerini Rocco
21b31c4e51
Merge pull request from rnhmjoj/urxvt-fix
rxvt-unicode: fix typo in aliases.nix
2020-02-13 11:04:56 +01:00
Marek Mahut
4011c2a2aa
Merge pull request from fare-patches/vesa
Deprecate the boot.vesa option
2020-02-13 09:47:54 +01:00
rnhmjoj
ceb35dac58
nixos/sway: use new package name for rxvt-unicode 2020-02-13 09:36:35 +01:00
rnhmjoj
9290e6e7ba
nixos/urxvtd: use new package name for rxvt-unicode 2020-02-13 09:33:58 +01:00
Ryan Mulligan
5a358eade8
Merge pull request from jslight90/mattermost-5.15
mattermost: 5.9.0 -> 5.15.0
2020-02-12 20:56:00 -08:00
Graham Christensen
2d42fc240c
nixos-enter: redirect to fd2 instead of a file named /dev/stderr
In some cases, /dev/stderr may not point to a sensible location. For
example, running nixos-enter inside a systemd unit where the unit's
StandardOutput and StandardError are set to be sockets. In these
cases, this line would fail.

Piping to fd2 directly works just as well, even under strange and
twisted executions.

Co-authored-by: Michael Bishop <michael.bishop@iohk.io>
2020-02-12 21:18:27 -05:00
Will Dietz
ac8a92543b
iwd: drop tmpfiles snippet, services use StateDirectory already
Originally added in [1], and iwd added StateDirectory to its services
in [2] -- 4 days later.

("StateDirectory wasn't used when tmpfile snippet was added to NixOS")
(nevermind git -> release delay)

[1] 6e54e9253a
[2] upstream iwd git rev: 71ae0bee9c6320dae0083ed8c1700bc8fff1defb
2020-02-12 19:29:28 -06:00
worldofpeace
2d3163260b
Merge pull request from ilya-fedin/fix-xdg-current-desktop
Add DesktopNames parameter to generated desktop session files
2020-02-12 13:34:48 -05:00
Florian Klink
b2c2eaea6d
Merge pull request from flokli/fix-run-keys
nixos/filesystems: don't chown /run/keys recursively
2020-02-12 17:52:23 +01:00
Jörg Thalheim
e2ef8b439f
knot: add keyFiles option
This useful to include tsig keys using nixops without adding those
world-readable to the nix store.
2020-02-12 16:36:42 +00:00
Jörg Thalheim
88029bce39
knot: drop dynamic user
This makes it hard to include secret files.
Also using tools like keymgr becomes harder.
2020-02-12 16:34:10 +00:00
Ilya Fedin
f7768c939a nixos/display-managers: Add DesktopNames parameter to generated desktop session files
Some display managers (e.g. SDDM) set the XDG_CURRENT_DESKTOP variable accroding to this parameter.
If this variable is not defined, there will be some problems (e.g. MATE doesn't have icons on the desktop).

Fixes https://github.com/NixOS/nixpkgs/issues/71427
2020-02-12 07:00:39 +04:00
Michele Guerini Rocco
48704fbd4f
Merge pull request from tokudan/encrypted-swap-entropy-fix
rngd: Start early during boot and encrypted swap entropy fix
2020-02-12 01:28:03 +01:00
Florian Klink
4c8bdd1c4f nixos/filesystems: don't chown /run/keys recursively
3c74e48d9c was a bit too much, it updated
permissions of all files recursively, causing files to be readable by
the group.

This isn't a problem immediately after bootup, but on a new activation,
as tmpfiles.d get restarted then, updating the permission bits of
now-existing files.

This updates the `Z` to be a `z` (the non-recursive variant), and adds a
`d` to ensure a directory is created (which should be covered by the
initrd shell script anyway)
2020-02-11 21:52:27 +01:00
Jörg Thalheim
92bede3102
nixos/zfs: populate PATH with needed programs for zed 2020-02-11 14:01:22 +00:00
Michael Weiss
5282bc9a74
nixos/brightnessctl: Remove the module
Due to the support of the systemd-logind API the udev rules aren't
required anymore which renders this module useless [0].
Note: brightnessctl should now require a working D-Bus setup and a valid
local logind session for this to work.

[0]: https://github.com/NixOS/nixpkgs/pull/79663
2020-02-10 23:18:20 +01:00
worldofpeace
09f7e376c2
Merge pull request from jtojnar/flatpak-1.6
flatpak: 1.4.2 → 1.6.1
2020-02-10 12:57:19 -05:00
Jan Tojnar
f1aa8416d7 xdg-desktop-portal: 1.4.2 → 1.6.0
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.6.0
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.4
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.3
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.2
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.1
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.0
2020-02-10 12:55:25 -05:00
Michele Guerini Rocco
019b637fb1
Merge pull request from mmilata/fix-mangled-usernames
nixos: fix bunch of mangled usernames
2020-02-10 18:21:31 +01:00
Thomas Tuegel
fb098ea543
Merge pull request from ttuegel/bug--plasma-5.17-ports
nixos/plasma5: Port initial configurations from Plasma 5.16
2020-02-10 11:08:23 -06:00
Martin Milata
d99808c720 nixos/supybot: fix username
Broken in 1d61efb7f1.
2020-02-10 17:56:51 +01:00
Martin Milata
5d3d3eac8b nixos/statsd: fix username
Broken in 1d61efb7f1.
2020-02-10 17:56:35 +01:00
Martin Milata
17c72ef75f nixos/heapster: fix username
Broken in 1d61efb7f1.
2020-02-10 17:55:46 +01:00
Eelco Dolstra
0e6ceb8758
Merge pull request from edolstra/master
Flake support
2020-02-10 16:44:54 +01:00
Eelco Dolstra
fb05afd78d Doh 2020-02-10 16:32:59 +01:00
Eelco Dolstra
8f86624ac9 nixos-rebuild: Remove TODOs 2020-02-10 15:45:27 +01:00
Eelco Dolstra
c05cc615f2 nixos.revision: Use null instead of "master"
"master" is not a valid SHA-1 commit hash, and it's not even
necessarily the branch used. 'nixos-version --revision' now returns an
error if the commit hash is not known.
2020-02-10 15:45:15 +01:00
Eelco Dolstra
b98ea45608 nixos-version --json: Use builtins.toJSON 2020-02-10 15:45:10 +01:00
Eelco Dolstra
f9392f04ae nixos-rebuild: Remove --keep-going flag 2020-02-10 15:45:06 +01:00
Eelco Dolstra
4089dbf090 nixos-rebuild: Make 'edit' work with with flakes 2020-02-10 15:45:03 +01:00
Yorick van Pelt
e242eccb0b
nixos/buildkite-agents: update release notes 2020-02-10 13:36:30 +01:00
Yorick van Pelt
f003810989
nixos/buildkite-agents: support multiple buildkite agents 2020-02-10 13:35:14 +01:00
Florian Klink
4e0fea3fe2 Merge pull request from m1cr0man/master
Replace simp-le with lego and support DNS-01 challenge
2020-02-10 11:47:30 +01:00
Kevin Rauscher
05b4fe20a7 mopidy: update to python3
mopidy: 2.3.1 -> 3.0.1
mopidy-iris: 3.43.0 -> 3.44.0
mopidy-spotify: 3.1.0 -> 4.0.1
pykka: 1.2.0 -> 2.0.1
2020-02-10 09:53:13 +01:00
Silvan Mosberger
cb1f1b4260
nixos/sudo: Fix extraRules example rendering 2020-02-10 01:37:07 +01:00
Silvan Mosberger
637bb9fa98
Merge pull request from lopsided98/sanoid-init
sanoid: add package, NixOS module and test
2020-02-10 01:28:41 +01:00
Silvan Mosberger
6169eef798
Merge pull request from wamserma/minidlna-interval
minidlna: provide configuration option for announce interval
2020-02-10 01:25:47 +01:00
Silvan Mosberger
b9d7f1fe24 Merge pull request from mmilata/sympa
sympa: init at 6.2.52 + NixOS module
2020-02-10 01:23:45 +01:00
Ben Wolsieffer
7684537e33
nixos/sanoid, nixos/syncoid: init module and test 2020-02-10 01:12:39 +01:00
Maximilian Bosch
c2f2366f5c Merge pull request from Ma27/grocy
grocy: init at 2.6.0
2020-02-09 23:11:46 +01:00
worldofpeace
d12524fd51 Merge pull request from wedens/memtest-efi-grub
nixos/grub: make memtest work with EFI
2020-02-09 16:09:58 -05:00
Maximilian Bosch
13f7b75553
nixos/grocy: init module
Co-authored-by: elseym <elseym@me.com>
2020-02-09 21:55:27 +01:00
jrp2014
788d8769f7 nixos/virtualisation.hypervGuest: use elevator=noop
Microsoft recommends the NOOP I/O scheduler for disk performance in HYPER-V:

https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/best-practices-for-running-linux-on-hyper-v

> NOOP is a first-in first-out queue that passes the schedule decision
> to be made by the hypervisor. It is recommended to use NOOP as the
> scheduler when running Linux virtual machine on Hyper-V.
2020-02-09 19:50:13 +01:00
Lucas Savva
75fa8027eb
nixos/acme: Update release note, remove redundant requires
Merge remote-tracking branch 'remotes/upstream/master'
2020-02-09 16:31:07 +00:00
Michael Raskin
f320a0231c
Merge pull request from oxij/nixos/zsh-doc
nixos: zsh: add more helpful documentation into generated files
2020-02-09 11:58:30 +00:00
Lucas Savva
636eb23157
nixos/acme: Fix b.example.com test 2020-02-09 11:34:17 +00:00
worldofpeace
8396961c9c
Merge pull request from jtojnar/default-wm-fix
nixos/services.xserver: Fix legacy options for default wm without dm
2020-02-08 21:28:14 -05:00
Lucas Savva
ac983cff48
nixos/acme: add dns-01 test, fix cert locating bug 2020-02-09 02:09:34 +00:00
Thomas Tuegel
d5757a8880
nixos/plasma5: Port initial configurations from Plasma 5.16 2020-02-08 09:25:14 -06:00
Franz Pletz
64ece8cc9c
Merge pull request from flokli/run-keys-group
nixos/filesystems: ensure keys gid on /run/keys mountpoint
2020-02-08 14:52:20 +00:00
Franz Pletz
589789997f
nixos/initrd-network: always run postCommands
As outlined in , postCommands should always be run if networking
in initrd is enabled. regardless if the configuration actually
succeeded.
2020-02-08 14:57:49 +01:00
Franz Pletz
d25c1a8fdc
nixos/initrd-network: use ipconfig from klibc
This apparently has features that the version from Arch's
mkinitcpio-nfs-utils does not have. Fixes .
2020-02-08 14:57:49 +01:00
Franz Pletz
ea7d02406b
nixos/initrd-network: flush interfaces before stage 2
Depending on the network management backend being used, if the interface
configuration in stage 1 is not cleared, there might still be some old
addresses or routes from stage 1 present in stage 2 after network
configuration has finished.
2020-02-08 14:04:02 +01:00
Franz Pletz
44e289f93b
nixos/stage-1: fix predictable interfaces names
This makes predictable interfaces names available as soon as possible
with udev by adding the default network link units to initrd which are read
by udev. Also adds some udev rules that are needed but which would normally
loaded from the udev store path which is not included in the initrd.
2020-02-08 14:04:02 +01:00
Daniel Frank
d14ba1e1ad
security.rngd: start rngd during early boot to reduce entropy starvation due to encrypted swap and remove PrivateTmp to avoid a circular dependency 2020-02-08 12:29:13 +01:00
Daniel Frank
1ac86e14c7
swap: depend on rngd if enabled and randomEncryption is configured to
avoid entropy starvation during boot
2020-02-08 12:26:09 +01:00
Spencer Janssen
3b70d0f6d1 nixos/pulseaudio: Enable udev rules 2020-02-07 15:54:35 -06:00
Martin Milata
097ab90850 nixos/sympa: init module 2020-02-07 22:54:27 +01:00
Markus S. Wamser
696979e0bc modules/wireguard: fix typo in documentation 2020-02-07 20:54:35 +01:00
worldofpeace
5e307dc68d Revert "nixos/xfce: use sessionPackages"
This reverts commit 966e56cdfb.

See https://github.com/NixOS/nixpkgs/pull/78421#issuecomment-582891431.
2020-02-07 10:16:26 -05:00
Jörg Thalheim
341241b1c8
Merge pull request from Mic92/restic-fixes
Restic fixes: pruning, process substitution (take 2)
2020-02-07 14:14:16 +00:00
Matt McHenry
5ad71cfe84
fix pruneCmd to use optionals so multi-element list is preserved 2020-02-07 10:25:33 +00:00
Jan Tojnar
07281f23b6
Merge pull request from jtojnar/hughsie-pkgs
fwupd: split daemon again
2020-02-07 00:35:27 +01:00
risson
301bca0734
nixos/tmux: rename extraTmuxConf to extraConfig () 2020-02-06 15:29:36 -08:00
Jan Tojnar
e5f7dacc93
nixos/fwupd: disable test plugins implicitly
invalid test was introduced in 297d1598ef
and it is disabled in the shipped daemon.conf.

I forgot to reflect that in the module, which caused the daemon to print the following on start-up:

    FuEngine             invalid has incorrect built version invalid

and the command to warn:

    WARNING: The daemon has loaded 3rd party code and is no longer supported by the upstream developers!

To reduce the change of this happening in the future, I moved the list of default disabled plug-ins to the package expression.

I also set the value of the NixOS module option in the config section of the module instead of the default value used previously,
which will allow users to not care about these plug-ins.
2020-02-06 22:32:13 +01:00
Silvan Mosberger
5acd168425
Merge pull request from oxij/nixos/suppress-systemd-units
nixos/systemd: add an option to suppress system units
2020-02-06 18:11:01 +01:00
Thomas Tuegel
1a903be2de
Merge pull request from ttuegel/update--plasma-5.17.5
Plasma 5.17.5
2020-02-06 09:59:51 -06:00
Aaron Andersen
f87440fd0f
Merge pull request from aanderse/http2
nixos/httpd: add http2 option
2020-02-06 06:43:13 -05:00
Jan Tojnar
bd9c5b933c
nixos/services.xserver: Fix legacy options for default wm without dm
We switched to unified default session option services.xserver.displayManager.defaultSession
and included fallback path for the legacy options. Unfortunately when only
services.xserver.windowManager.default is set and not services.xserver.desktopManager.default,
it got incorrectly converted to the new option.

This should fix that.

Closes: https://github.com/NixOS/nixpkgs/issues/76684
2020-02-06 02:34:56 +01:00
Eelco Dolstra
c08930874a nixos-rebuild: Propagate various flake lock file flags
And also --refresh and --no-net.
2020-02-05 23:15:18 +01:00
Eelco Dolstra
2a0cf385d2 nixos-rebuild: Avoid subshell reading hostname
Co-Authored-By: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-02-05 23:15:18 +01:00
Eelco Dolstra
2452042c47 nixos-rebuild: Support -L flag 2020-02-05 23:15:18 +01:00
Eelco Dolstra
98e322b929 nixos-rebuild: uri -> url 2020-02-05 23:15:18 +01:00
Eelco Dolstra
fb051f0dec nixos-{rebuild,container}: Use flakeref#attrpath syntax
This makes them consistent with the 'nix' command line.
2020-02-05 23:15:18 +01:00
Eelco Dolstra
cfd468adbb nixos-rebuild: Use /etc/nixos/flake.nix if it exists 2020-02-05 23:15:18 +01:00
Eelco Dolstra
7e9b745174 nixos-version: Add --json flag and show system.configurationRevision 2020-02-05 23:15:18 +01:00
Eelco Dolstra
855fcc324a Add option system.configurationRevision to record revision of top-level flake 2020-02-05 23:15:18 +01:00
Eelco Dolstra
22cc7ab78c nixos-rebuild: Add --flake option 2020-02-05 23:15:18 +01:00
Benjamin Staffin
d04bdce3d1
docker-containers: Don't unconditionally prune images ()
NixOS has `virtualisation.docker.autoPrune.enable` for this
functionality; we should not do it every time a container starts up.

(also, some trivial documentation fixes)
2020-02-05 16:30:31 -05:00
Danylo Hlynskyi
437e1f69be
bash-my-aws: init at 20200111 ()
* bash-my-aws: init at 20191231

Create bma-init

* Update
2020-02-05 22:37:52 +02:00
symphorien
d2d5d89c2c
nixos/iodine: improve wording of some descriptions
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:47:43 +00:00
symphorien
dfa67635d6
nixos/iodine: fix typo in description
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:42:27 +00:00
symphorien
1addf1fd94
nixos/iodine: improve description of some options
Co-Authored-By: Martin Weinelt <mweinelt@users.noreply.github.com>
2020-02-05 19:42:07 +00:00
Frederik Rietdijk
419bc0a4cd Revert "Revert "Merge master into staging-next""
In 87a19e9048 I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a5 I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c7979. This was however wrong, as it "removed" master.

This reverts commit 0be87c7979.
2020-02-05 19:41:25 +01:00
Frederik Rietdijk
0be87c7979 Revert "Merge master into staging-next"
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048.

This reverts commit ac241fb7a5, reversing
changes made to 76a439239e.
2020-02-05 19:18:35 +01:00
Vladimír Čunát
baeed035ea
Merge : knot-resolver: 4.3.0 -> 5.0.1
The service needed lots of changes. A few smaller changes
are added into the PR, e.g. replacement for PR .
See the commit messages for details.
2020-02-05 16:57:02 +01:00
Silvan Mosberger
3ab846e34a
Merge pull request from sorki/overlayfs
use overlayfs by default for netboot and iso
2020-02-05 13:46:04 +01:00
Richard Marko
0c20feb231 use overlayfs by default for netboot and iso 2020-02-05 10:35:59 +01:00
Maximilian Bosch
87d4951a82
Merge pull request from buckley310/dircolors
nixos/bash: configure $LS_COLORS for interactive shells
2020-02-05 09:08:41 +01:00
wedens
7b5550a3fc nixos/grub: make memtest work with EFI
Memtest86+ doesn't support EFI, so unfree Memtest86 is used when EFI
support is enabled (systemd-boot currently also uses Memtest86 when
memtest is enabled).
2020-02-05 11:12:55 +07:00
Florian Klink
3c74e48d9c nixos/filesystems: ensure keys gid on /run/keys mountpoint
boot.specialFileSystems is used to describe mount points to be set up in
stage 1 and 2.

We use it to create /run/keys already there, so sshd-in-initrd scenarios
can consume keys sent over through nixops send-keys.

However, it seems the kernel only supports the gid=… option for tmpfs,
not ramfs, causing /run/keys to be owned by the root group, not keys
group.

This was/is worked around in nixops by running a chown root:keys
/run/keys whenever pushing keys [1], and as machines had to have pushed keys
to be usable, this was pretty much always the case.

This is causing regressions in setups not provisioned via nixops, that
still use /run/keys for secrets (through cloud provider startup scripts
for example), as suddenly being an owner of the "keys" group isn't
enough to access the folder.

This PR removes the defunct gid=… option in the mount script called in
stage 1 and 2, and introduces a tmpfiles rule which takes care of fixing
up permissions as part of sysinit.target (very early in systemd bootup,
so before regular services are started).

In case of nixops deployments, this doesn't change anything.
nixops-based deployments receiving secrets from nixops send-keys in
initrd will simply have the permissions already set once tmpfiles is
started.

Fixes 

[1]: 884d6c3994/nixops/backends/__init__.py (L267-L269)
2020-02-05 01:53:26 +01:00
Silvan Mosberger
c4e912ac79
Merge pull request from Infinisil/remove-hostresolvconf
nixos/resolvconf: Remove useHostResolvConf option
2020-02-05 00:53:53 +01:00
Silvan Mosberger
97ff64e351
nixos/resolvconf: Remove useHostResolvConf option
Never had any effect
2020-02-05 00:28:32 +01:00
Silvan Mosberger
b4cc413928
Merge pull request from Frostman/fix-grub-extrafiles-mirroredboots
Fix boot.loader.grub.extraFiles when used with mirroredBoots
2020-02-05 00:22:35 +01:00
Florian Klink
eb09e82120
Merge pull request from misuzu/systemd-sleep-config
nixos/systemd: add `systemd.sleep.extraConfig` config option
2020-02-04 23:02:53 +01:00
Symphorien Gibol
00a91d919d nixos/iodine: hardening 2020-02-04 20:54:29 +01:00
Symphorien Gibol
7437bff7d1 nixos/iodine: nixpkgs-fmt 2020-02-04 20:54:29 +01:00
Jörg Thalheim
6cfc7e9bd2
Merge pull request from snicket2100/irqbalance-systemd
irqbalance: systemd service config aligned with upstream
2020-02-04 14:21:04 +00:00
Jörg Thalheim
c24a2d3e32
nixos/irqbalance: re-add multi-user.target
otherwise the service is never started by us.
2020-02-04 14:20:12 +00:00
Sergey Lukjanov
7144b9ac54 Fix boot.loader.grub.extraFiles when used with mirroredBoots
Substitute @bootPath@ in boot.loader.grub.extraPrepareConfig script
same way as it's done for boot.loader.grub.extraEntries option.
2020-02-03 15:37:00 -08:00
Lucas Savva
2181313c54
nixos/acme: simplify email resolve logic 2020-02-03 21:37:22 +00:00
Florian Klink
d4a951f31d
Merge pull request from aanderse/nslcd
nixos/ldap: remove redundant configuration options
2020-02-03 19:42:47 +01:00
Evan Stoll
e341719193 openrazer: 2.6.0 -> 2.7.0
openrazer: remove superfluous period from hardware.openrazer.enable
2020-02-03 10:00:35 -08:00
misuzu
f93a9074e4 nixos/systemd: add systemd.sleep.extraConfig config option 2020-02-03 18:33:15 +02:00
worldofpeace
74e4cb7ea4
Merge pull request from Atemu/dnscrypt-proxy2-service
nixos/dnscrypt-proxy2: init
2020-02-02 23:02:06 -05:00
Maximilian Bosch
5c2a7d0f07
Merge pull request from mayflower/pkg/prometheus-xmpp-alerts
prometheus-xmpp-alerts: init at 0.4.2
2020-02-02 18:46:53 +01:00
Maximilian Bosch
c2d2c2d0ca
Merge pull request from Ma27/restart-dhcp-on-exit-hook-change
nixos/dhcpcd: restart dhcpcd if exit hook changed
2020-02-02 18:33:34 +01:00
snicket2100
04bfeeac79 irqbalance: using systemd service definition from the package itself 2020-02-02 18:09:45 +01:00
Yegor Timoshenko
92d689d66b nixos/dnscrypt-proxy2: init
This removes the original dnscrypt-proxy module as well.

Co-authored-by: Atemu <atemu.main@gmail.com>
Co-authored-by: Silvan Mosberger <contact@infinisil.com>
Co-authored-by: ryneeverett <ryneeverett@gmail.com>
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-02-02 11:11:27 -05:00
Eelco Dolstra
26aba55951
Revert "add config.environment.ld-linux"
This reverts commit af665d822a, see
https://github.com/NixOS/nixpkgs/pull/78798#issuecomment-580059834 for
the reasons in a similar PR.
2020-02-02 15:29:49 +01:00
Eelco Dolstra
5495cb91eb
Revert "rmdir: avoid failing when directory did not exist"
This reverts commit 45db499d2d.
2020-02-02 15:29:40 +01:00
Maximilian Bosch
0f10495eb9
Merge pull request from Ma27/networkd-units-internal
nixos/networkd: mark `units` option as internal
2020-02-02 07:59:57 +01:00
Aaron Andersen
5b5856f6fb nixos/httpd: add http2 option 2020-02-01 19:08:02 -05:00
Jörg Thalheim
c9d6dee9e4
nixos/locate: don't create /var/cache
This is already handled by the default systemd tmpfiles.

fixes 
2020-02-01 17:14:52 +00:00
Franz Pletz
add880c5e8
prometheus-xmpp-alerts: init at 0.4.2 2020-02-01 15:04:01 +01:00
Thomas Tuegel
33dfefad14
nixos/plasma5: install plasma-browser-integration 2020-02-01 06:59:13 -06:00
Linus Heckemann
3af5a40fe2
Merge pull request from rnhmjoj/ipv6-privacy
nixos/networking-interfaces: change preferTempAddress to allow disabling temp addresses
2020-02-01 12:04:58 +01:00
rnhmjoj
2485e6399e
nixos/networking-interfaces: change preferTempAddress to allow disabling temp addresses 2020-02-01 11:38:40 +01:00
Eelco Dolstra
eaf1fbaef4
nixos-rebuild: --use-remote-sudo does not take an argument
Also remove outdated comment about trailing space.
2020-02-01 10:09:33 +01:00