Tom McLaughlin
69d9538b34
Update nixos/modules/services/continuous-integration/github-runners.nix
...
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
2022-10-13 18:53:25 -06:00
Tom McLaughlin
cf1b952988
Update nixos/modules/services/continuous-integration/github-runner.nix
...
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
2022-10-13 18:49:02 -06:00
Tom McLaughlin
0b67081ad8
Cherry-pick 499748b
2022-10-11 06:10:11 -06:00
Tom McLaughlin
9a7f38040b
Fix user type
2022-10-11 06:04:25 -06:00
Tom McLaughlin
b744fee880
Re-add DynamicUser = true
per review discussion
2022-10-11 06:04:25 -06:00
Tom McLaughlin
b3de807a6a
Update descriptions to use lib.mdDoc
2022-10-11 06:04:25 -06:00
Tom McLaughlin
327e05c382
Get rid of DynamicUser flag
2022-10-11 06:04:25 -06:00
Tom McLaughlin
f13759e21f
Fix a deprecated types.string -> types.str
2022-10-11 06:04:25 -06:00
Tom McLaughlin
998083f2ad
github-runner: configurable user, environment, service overrides + multiple runners
2022-10-11 06:04:21 -06:00
Guillaume Girol
6fe43abcfc
Merge branch 'master' into tracee-use-new-wrapper
2022-10-11 09:57:23 +00:00
Anderson Torres
77c986e784
Merge pull request #190105 from impl/free-p4
...
p4: 2021.2.2201121 -> 2022.1.2305383, build from source and remove unfree binaries
2022-10-11 00:11:22 -03:00
Alyssa Ross
d165f7a513
nixos/installer: fix eval with missing config arg
...
Fixes: 4cdda329f0
("nixos/modules/profiles/base.nix: omit zfs if unavailable")
2022-10-10 23:58:22 +00:00
Martin Weinelt
cf7f4393f3
Merge pull request #193494 from NixOS/staging-next
2022-10-11 01:12:59 +02:00
Sandro
e7625f9130
Merge pull request #195418 from Baitinq/description_in_gitolite_module
2022-10-11 00:51:48 +02:00
Adam Joseph
4cdda329f0
nixos/modules/profiles/base.nix: omit zfs if unavailable
...
The `boot.zfs.enabled` option is marked `readOnly`, so this is the only way to
successfully build a NixOS installer image for platforms that zfs does not build
for.
Co-authored-by: Alyssa Ross <hi@alyssa.is>
2022-10-10 22:41:57 +00:00
Baitinq
01faaeb4bd
nixos/gitolite: add 'description' module option
...
This option allows for the customization of the description of the
created gitolite user.
An example of this being useful is for the integration of gitolite with
cgit, which itself uses the gitolite user's description as the author of
the git repo displayed in its generated site.
2022-10-10 23:14:46 +02:00
Martin Weinelt
294201004f
Merge remote-tracking branch 'origin/master' into staging-next
2022-10-10 21:45:18 +02:00
Bernardo Meurer
6f004b7ed5
Merge pull request #195377 from ngkz/fork/ssh-askpass-wayland
2022-10-10 12:36:00 -03:00
Bernardo Meurer
499748bc04
Merge pull request #195003 from veehaitch/fix-github-runner-first-start
2022-10-10 12:35:24 -03:00
Kazutoshi Noguchi
67246fbffa
nixos/ssh: pass WAYLAND_DISPLAY to ssh-askpass
2022-10-11 00:15:49 +09:00
Bernardo Meurer
ed22079db4
Merge pull request #195141 from zhaofengli/vbox-headless-wrappers
2022-10-10 11:45:40 -03:00
github-actions[bot]
265121ef54
Merge master into staging-next
2022-10-10 12:01:42 +00:00
Cabia Rangris
c9e1ec215b
Merge pull request #195324 from zhaofengli/fwupd-config-merging
...
nixos/fwupd: Fix configuration file merging
2022-10-10 14:11:53 +04:00
Zhaofeng Li
bbbda58c4e
nixos/fwupd: Fix configuration file merging
2022-10-10 00:01:32 -06:00
github-actions[bot]
535838d0a5
Merge master into staging-next
2022-10-10 00:03:49 +00:00
Noah Fontes
2576bb2c18
p4: 2021.2.2201121 -> 2022.1.2305383, build from source
...
The actual p4 command is open-source software released under the
2-clause BSD license, so we can build it here (for pretty much every
architecture we support!) and include it in the cache.
This change removes the server-side commands from this package, but they
are now available as part of a separate p4d package instead. (The server
package remains unfree.)
As an added bonus, we can also include the libraries and headers for the
C/C++ API, which will allow us to package any software that uses
Perforce as a library in the future.
2022-10-09 15:47:57 -07:00
Martin Weinelt
a0b341d690
Merge pull request #195230 from illustris/sssd-ldap
2022-10-10 00:34:26 +02:00
illustris
51b9e2857f
nixos/sssd: fix race condition in test
2022-10-10 03:48:52 +05:30
github-actions[bot]
44f6a02f39
Merge master into staging-next
2022-10-09 18:01:35 +00:00
Greizgh
987d2f575a
nixos/seafile: avoid sleep in tests
...
Replace sleep statements with wait_until_succeeds
2022-10-09 13:31:13 -04:00
Sandro
f5802f496d
Merge pull request #187026 from azahi/endlessh-go
2022-10-09 16:50:02 +02:00
github-actions[bot]
8972888c55
Merge master into staging-next
2022-10-09 12:01:31 +00:00
Franz Pletz
8a86d9d4aa
Merge pull request #195190 from Ma27/coturn-replace-secret
...
nixos/coturn: refactor secret injection
2022-10-09 13:48:49 +02:00
Anderson Torres
ff92a56f77
Merge pull request #195057 from LeSuisse/sget-init
...
sget: init at unstable-2022-10-04
2022-10-09 08:40:44 -03:00
Maximilian Bosch
4ece171482
Merge pull request #194738 from mayflower/pi-tokenjanitor
...
nixos/privacyidea: add proper support for `privacyidea-token-janitor`
2022-10-09 09:50:20 +02:00
Maximilian Bosch
4fd75277dd
nixos/coturn: refactor secret injection
...
The original implementation had a few issues:
* The secret was briefly leaked since it is part of the cmdline for
`sed(1)` and on Linux `cmdline` is world-readable.
* If the secret would contain either a `,` or a `"` it would mess with
the `sed(1)` expression itself unless you apply messy escape hacks.
To circumvent all of that, I decided to use `replace-secret` which
allows you to replace a string inside a file (in this case
`#static-auth-secret#`) with the contents of a file, i.e.
`cfg.static-auth-secret-file` without any of these issues.
2022-10-09 09:31:48 +02:00
Sandro
21469bd965
Merge pull request #191198 from Moredread/nixpkgs-paperless
...
nixosTests.paperless: check if /metadata/ can be accessed
2022-10-09 08:49:28 +02:00
talyz
fae653deb4
nixos/gitlab: Configure ActionCable
...
ActionCable is used to provide realtime updates in a few places,
mainly the issue sidebar.
2022-10-09 08:12:19 +02:00
talyz
9b3ff51c77
nixos/gitlab: Set a more appropriate type for extraConfig
2022-10-09 08:12:19 +02:00
talyz
58158100f7
nixos/gitlab: Make sure docker-registry starts after cert generation
2022-10-09 08:12:19 +02:00
talyz
8e8253ddb4
nixos/gitlab: Create registry state path
2022-10-09 08:12:19 +02:00
talyz
3dedfb3fa0
nixos/gitlab: Connect to redis through a unix socket by default
...
This gives us slightly higher security as you have to be in the gitlab
group to connect, and possibly a (very small) performance benefit as
well.
2022-10-09 08:12:19 +02:00
talyz
843082eb3a
nixos/gitlab: Add findutils to runtime dependencies
...
Needed for the gitlab:cleanup:orphan_job_artifact_files rake task.
2022-10-09 08:12:19 +02:00
talyz
bee6e1dafa
nixos/gitlab: Deduplicate runtime dependency listing
2022-10-09 08:12:19 +02:00
talyz
0211edd1ff
nixos/gitlab: Add workhorse.config option
2022-10-09 08:12:19 +02:00
talyz
4df4d2a8ea
genJqSecretsReplacementSnippet: Allow dots in attribute names...
...
...and escape quotation marks and backslashes.
2022-10-09 08:12:19 +02:00
github-actions[bot]
130aa9ca68
Merge master into staging-next
2022-10-09 00:03:29 +00:00
Zhaofeng Li
6ed7e545ec
nixos/virtualbox-host: Fix hardening with headless vbox
...
Fixes #157157 .
2022-10-08 15:41:59 -06:00
github-actions[bot]
d2cd24fe6a
Merge master into staging-next
2022-10-08 18:01:07 +00:00
Thomas Gerbet
679cd3462f
sget: init at unstable-2022-10-04
...
This binary was provided by the `cosign` package until now but it is in
the process of being removed, see https://github.com/sigstore/cosign/pull/2019
Since it might be removed during the 22.11 cycle we drop it
preventively. This will make possible security backports easier if we
need them.
2022-10-08 19:58:11 +02:00