Commit Graph

29338 Commits

Author SHA1 Message Date
Tom McLaughlin
69d9538b34
Update nixos/modules/services/continuous-integration/github-runners.nix
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
2022-10-13 18:53:25 -06:00
Tom McLaughlin
cf1b952988
Update nixos/modules/services/continuous-integration/github-runner.nix
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
2022-10-13 18:49:02 -06:00
Tom McLaughlin
0b67081ad8 Cherry-pick 499748b 2022-10-11 06:10:11 -06:00
Tom McLaughlin
9a7f38040b Fix user type 2022-10-11 06:04:25 -06:00
Tom McLaughlin
b744fee880 Re-add DynamicUser = true per review discussion 2022-10-11 06:04:25 -06:00
Tom McLaughlin
b3de807a6a Update descriptions to use lib.mdDoc 2022-10-11 06:04:25 -06:00
Tom McLaughlin
327e05c382 Get rid of DynamicUser flag 2022-10-11 06:04:25 -06:00
Tom McLaughlin
f13759e21f Fix a deprecated types.string -> types.str 2022-10-11 06:04:25 -06:00
Tom McLaughlin
998083f2ad github-runner: configurable user, environment, service overrides + multiple runners 2022-10-11 06:04:21 -06:00
Guillaume Girol
6fe43abcfc
Merge branch 'master' into tracee-use-new-wrapper 2022-10-11 09:57:23 +00:00
Anderson Torres
77c986e784
Merge pull request #190105 from impl/free-p4
p4: 2021.2.2201121 -> 2022.1.2305383, build from source and remove unfree binaries
2022-10-11 00:11:22 -03:00
Alyssa Ross
d165f7a513
nixos/installer: fix eval with missing config arg
Fixes: 4cdda329f0 ("nixos/modules/profiles/base.nix: omit zfs if unavailable")
2022-10-10 23:58:22 +00:00
Martin Weinelt
cf7f4393f3
Merge pull request #193494 from NixOS/staging-next 2022-10-11 01:12:59 +02:00
Sandro
e7625f9130
Merge pull request #195418 from Baitinq/description_in_gitolite_module 2022-10-11 00:51:48 +02:00
Adam Joseph
4cdda329f0 nixos/modules/profiles/base.nix: omit zfs if unavailable
The `boot.zfs.enabled` option is marked `readOnly`, so this is the only way to
successfully build a NixOS installer image for platforms that zfs does not build
for.

Co-authored-by: Alyssa Ross <hi@alyssa.is>
2022-10-10 22:41:57 +00:00
Baitinq
01faaeb4bd
nixos/gitolite: add 'description' module option
This option allows for the customization of the description of the
created gitolite user.

An example of this being useful is for the integration of gitolite with
cgit, which itself uses the gitolite user's description as the author of
the git repo displayed in its generated site.
2022-10-10 23:14:46 +02:00
Martin Weinelt
294201004f Merge remote-tracking branch 'origin/master' into staging-next 2022-10-10 21:45:18 +02:00
Bernardo Meurer
6f004b7ed5
Merge pull request #195377 from ngkz/fork/ssh-askpass-wayland 2022-10-10 12:36:00 -03:00
Bernardo Meurer
499748bc04
Merge pull request #195003 from veehaitch/fix-github-runner-first-start 2022-10-10 12:35:24 -03:00
Kazutoshi Noguchi
67246fbffa nixos/ssh: pass WAYLAND_DISPLAY to ssh-askpass 2022-10-11 00:15:49 +09:00
Bernardo Meurer
ed22079db4
Merge pull request #195141 from zhaofengli/vbox-headless-wrappers 2022-10-10 11:45:40 -03:00
github-actions[bot]
265121ef54
Merge master into staging-next 2022-10-10 12:01:42 +00:00
Cabia Rangris
c9e1ec215b
Merge pull request #195324 from zhaofengli/fwupd-config-merging
nixos/fwupd: Fix configuration file merging
2022-10-10 14:11:53 +04:00
Zhaofeng Li
bbbda58c4e nixos/fwupd: Fix configuration file merging 2022-10-10 00:01:32 -06:00
github-actions[bot]
535838d0a5
Merge master into staging-next 2022-10-10 00:03:49 +00:00
Noah Fontes
2576bb2c18
p4: 2021.2.2201121 -> 2022.1.2305383, build from source
The actual p4 command is open-source software released under the
2-clause BSD license, so we can build it here (for pretty much every
architecture we support!) and include it in the cache.

This change removes the server-side commands from this package, but they
are now available as part of a separate p4d package instead. (The server
package remains unfree.)

As an added bonus, we can also include the libraries and headers for the
C/C++ API, which will allow us to package any software that uses
Perforce as a library in the future.
2022-10-09 15:47:57 -07:00
Martin Weinelt
a0b341d690
Merge pull request #195230 from illustris/sssd-ldap 2022-10-10 00:34:26 +02:00
illustris
51b9e2857f
nixos/sssd: fix race condition in test 2022-10-10 03:48:52 +05:30
github-actions[bot]
44f6a02f39
Merge master into staging-next 2022-10-09 18:01:35 +00:00
Greizgh
987d2f575a nixos/seafile: avoid sleep in tests
Replace sleep statements with wait_until_succeeds
2022-10-09 13:31:13 -04:00
Sandro
f5802f496d
Merge pull request #187026 from azahi/endlessh-go 2022-10-09 16:50:02 +02:00
github-actions[bot]
8972888c55
Merge master into staging-next 2022-10-09 12:01:31 +00:00
Franz Pletz
8a86d9d4aa
Merge pull request #195190 from Ma27/coturn-replace-secret
nixos/coturn: refactor secret injection
2022-10-09 13:48:49 +02:00
Anderson Torres
ff92a56f77
Merge pull request #195057 from LeSuisse/sget-init
sget: init at unstable-2022-10-04
2022-10-09 08:40:44 -03:00
Maximilian Bosch
4ece171482
Merge pull request #194738 from mayflower/pi-tokenjanitor
nixos/privacyidea: add proper support for `privacyidea-token-janitor`
2022-10-09 09:50:20 +02:00
Maximilian Bosch
4fd75277dd
nixos/coturn: refactor secret injection
The original implementation had a few issues:

* The secret was briefly leaked since it is part of the cmdline for
  `sed(1)` and on Linux `cmdline` is world-readable.
* If the secret would contain either a `,` or a `"` it would mess with
  the `sed(1)` expression itself unless you apply messy escape hacks.

To circumvent all of that, I decided to use `replace-secret` which
allows you to replace a string inside a file (in this case
`#static-auth-secret#`) with the contents of a file, i.e.
`cfg.static-auth-secret-file` without any of these issues.
2022-10-09 09:31:48 +02:00
Sandro
21469bd965
Merge pull request #191198 from Moredread/nixpkgs-paperless
nixosTests.paperless: check if /metadata/ can be accessed
2022-10-09 08:49:28 +02:00
talyz
fae653deb4 nixos/gitlab: Configure ActionCable
ActionCable is used to provide realtime updates in a few places,
mainly the issue sidebar.
2022-10-09 08:12:19 +02:00
talyz
9b3ff51c77 nixos/gitlab: Set a more appropriate type for extraConfig 2022-10-09 08:12:19 +02:00
talyz
58158100f7 nixos/gitlab: Make sure docker-registry starts after cert generation 2022-10-09 08:12:19 +02:00
talyz
8e8253ddb4 nixos/gitlab: Create registry state path 2022-10-09 08:12:19 +02:00
talyz
3dedfb3fa0 nixos/gitlab: Connect to redis through a unix socket by default
This gives us slightly higher security as you have to be in the gitlab
group to connect, and possibly a (very small) performance benefit as
well.
2022-10-09 08:12:19 +02:00
talyz
843082eb3a nixos/gitlab: Add findutils to runtime dependencies
Needed for the gitlab:cleanup:orphan_job_artifact_files rake task.
2022-10-09 08:12:19 +02:00
talyz
bee6e1dafa nixos/gitlab: Deduplicate runtime dependency listing 2022-10-09 08:12:19 +02:00
talyz
0211edd1ff nixos/gitlab: Add workhorse.config option 2022-10-09 08:12:19 +02:00
talyz
4df4d2a8ea genJqSecretsReplacementSnippet: Allow dots in attribute names...
...and escape quotation marks and backslashes.
2022-10-09 08:12:19 +02:00
github-actions[bot]
130aa9ca68
Merge master into staging-next 2022-10-09 00:03:29 +00:00
Zhaofeng Li
6ed7e545ec nixos/virtualbox-host: Fix hardening with headless vbox
Fixes #157157.
2022-10-08 15:41:59 -06:00
github-actions[bot]
d2cd24fe6a
Merge master into staging-next 2022-10-08 18:01:07 +00:00
Thomas Gerbet
679cd3462f sget: init at unstable-2022-10-04
This binary was provided by the `cosign` package until now but it is in
the process of being removed, see https://github.com/sigstore/cosign/pull/2019

Since it might be removed during the 22.11 cycle we drop it
preventively. This will make possible security backports easier if we
need them.
2022-10-08 19:58:11 +02:00