Commit Graph

9622 Commits

Author SHA1 Message Date
Matej Urbas
4970fbedbc nixos/prometheus-exporters/py-air-control: invoke exporter command
Package `py-air-control exporter` v0.1.5 comes with a new CLI. This change uses the new CLI (which simplifies the exporter's systemd service setup).
2020-12-12 20:19:54 +00:00
Florian Klink
ce0fdd4dc0
Merge pull request #106697 from aanderse/mpd
nixos/mpd: conditionally provision required directories with StateDirectory
2020-12-12 20:48:54 +01:00
Jörg Thalheim
5f0d38f05b
Merge pull request #106715 from Mic92/tinc 2020-12-12 16:35:59 +00:00
Atemu
e4c49db668 nixos/dnscrypt-proxy2: base settings on example config
Dnscrypt-proxy needs some options to be set before it can do anything useful.

Currently, we only apply what the user configured which, by default, is nothing.

This leads to the dnscrypt-proxy2 service failing to start when you only set
`enable = true;` which is not a great user experience.

This patch makes the module take the example config from the upstream repo as a
base on top of which the user-specified settings are applied (it contains sane
defaults).

An option has been added to restore the old behaviour.
2020-12-12 09:15:11 +01:00
Jörg Thalheim
2cdec00dd2
nixos/tinc: add reload command 2020-12-12 07:37:16 +01:00
Aaron Andersen
77a8496907 nixos/mpd: conditionally provision required directories with StateDirectory 2020-12-11 19:35:43 -05:00
Alyssa Ross
a2460414cb
nixos/mailman: run non-minutely jobs
Fixes: b478e0043c
 ("nixos/mailman: refactor")
2020-12-11 17:23:50 +00:00
Peter Hoeg
aa995fb0b7 nixos/sshguard: do not do IPv6 setup/teardown unconditionally 2020-12-11 16:19:45 +08:00
Peter Simons
21b8fe302f
Merge pull request #106580 from rissson/nixos-postfix-fix-mastercf-type
nixos/postfix: fix masterCf type
2020-12-11 09:14:47 +01:00
Jörg Thalheim
d22d9227f1
Merge pull request #106601 from Mic92/frab
frab: remove package
2020-12-11 05:27:55 +00:00
Jörg Thalheim
6fa3728805
frab: remove package
broken since 2018
2020-12-10 22:24:11 +01:00
Maximilian Bosch
07aff199ad
Merge pull request #106080 from Ma27/nginx-config-doc
nixos/nginx: improve documentation for `config`
2020-12-10 21:54:01 +01:00
WilliButz
df8ee3669f
Merge pull request #106067 from urbas/prometheus-exporter-py-air-control
nixos/prometheus-exporters/py-air-control: init
2020-12-10 20:51:56 +01:00
Matej Urbas
4948743705 nixos/prometheus-exporters/py-air-control: init 2020-12-10 19:02:30 +00:00
Marc 'risson' Schmitt
27dacb8b4b
nixos/postfix: fix masterCf type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2020-12-10 18:49:05 +01:00
Maximilian Bosch
21be5b00da
Merge pull request #106473 from Ma27/improve-nextcloud-error
nixos/nextcloud: improve error message for invalid `dbpassFile`
2020-12-10 18:28:50 +01:00
Maximilian Bosch
81662d4798
nixos/nextcloud: improve error message for invalid dbpassFile
`file_exists` also returns `FALSE` if the file is in a directory that
can't be read by the user. This e.g. happens if permissions for
`nixops(1)`-deployment keys aren't configured correctly.

This patch improves the error message for invalid files to avoid
confusion[1].

[1] https://discourse.nixos.org/t/nixops-deploy-secrets-to-nextcloud/10414/4
2020-12-09 19:54:43 +01:00
Damien Diederen
98236860dc nixos/zookeeper: adapt to zookeeper 3.6.2
This patch:

  * Removes an invalid/useless classpath element;
  * Removes an unnecessary environment variable;
  * Creates the required '/version-2' data subdirectory;
  * Redirects audit logging to the "console" (systemd) by default.
2020-12-09 15:46:38 +01:00
Peng Mei Yu
3cd1a6706c unbound: Add AF_NETLINK to allowed address families.
Unbound throws the following error:

--8<---------------cut here---------------start------------->8---
error: failed to list interfaces: getifaddrs: Address family not supported by protocol
fatal error: could not open ports
--8<---------------cut here---------------end--------------->8---

The solution is pulled from upstream:
https://github.com/NLnetLabs/unbound/pull/351
2020-12-08 14:31:15 +08:00
Blaž Hrastnik
920c439915 thermald: Fix systemd service definition. 2020-12-08 08:26:36 +09:00
Maximilian Bosch
55ef9612a2
nixos/nginx: improve documentation for config
Unfortunately, I had a use-case where `services.nginx.config` was
necessary quite recently. While working on that config I had to look up
the module's code to understand which options can be used and which
don't.

To slightly improve the situation, I changed the documentation like
this:

* Added `types.str` as type since `config` is not mergeable on purpose.
  It must be a string as it's rendered verbatim into `nginx.conf` and if
  the type is `unspecified`, it can be confused with RFC42-like options.

* Mention which config options that don't generate config in
  `nginx.conf` are NOT mutually exclusive.
2020-12-06 17:26:13 +01:00
Francesco Zanini
93d74f6536 zigbee2mqtt: 1.16.1 -> 1.16.2 2020-12-05 17:42:07 +01:00
freezeboy
903b2aa9a6 nixos/n8n: init module and test 2020-12-05 11:02:40 +01:00
Gabriel Ebner
6e8007341e
Merge pull request #105362 from gebner/pipewire0137
pipewire: 0.3.16 -> 0.3.17
2020-12-03 17:15:05 +01:00
Blaž Hrastnik
05bd810d5f thermald: Always enable adaptive mode.
There was some issues with the fallback to passive mode on 2.3, but on
2.4 adaptive mode is always enabled upstream and thermald will fallback
to passive if necessary.

a6e68a65b5/data/thermald.service.in (L9)
2020-12-03 12:45:58 +09:00
Gabriel Ebner
906d68cf13 nixos/pipewire: enable volume control via alsa 2020-12-02 22:11:09 +01:00
Gabriel Ebner
b28f2f7386 nixos/pipewire: generate configuration file 2020-12-02 22:11:09 +01:00
Silvan Mosberger
2526f22723
Merge pull request #102076 from Taneb/hoogle-dynamic-user
Set DynamicUser=true for hoogle
2020-12-02 12:58:10 +01:00
Austin Seipp
652ac69373
Merge pull request #103393 from happysalada/add_vector
nixos/vector: add module
2020-12-02 03:30:11 -06:00
Andreas Rammhold
26cc536edf
Merge pull request #104203 from andir/saned-max-connections
nixos/sane: bump the MaxConnections to a reasonable amount
2020-12-01 19:45:13 +01:00
Jörg Thalheim
b1ed5ffeab
Merge pull request #93293 from tnias/nixos_rspamd_20200716 2020-12-01 13:10:43 +00:00
Christine Dodrill
3d55480bf8
nixos/tailscale: add package as an option
This simplifies testing changes to the tailscale service on a local
machine. You can use this as such:

```nix
let
  tailscale_patched = magic {};
in {
  services.tailscale = {
    enable = true;
    package = tailscale_patched;
  };
};
```

Signed-off-by: Christine Dodrill <me@christine.website>
2020-12-01 12:30:31 +01:00
Silvan Mosberger
a87ab948d2
Merge pull request #104836 from ncfavier/master
nixos/nat: support IPv6 NAT
2020-12-01 04:40:09 +01:00
Valérian Galliat
b93a5a1746
nixos/nat: support IPv6 NAT 2020-12-01 00:51:58 +01:00
Frederik Rietdijk
9a63b3d3d6
Merge pull request #104781 from NixOS/staging-next
Staging next
2020-11-30 18:27:29 +01:00
Nathan van Doorn
12c3e0a465 nixos/services/hoogle use DynamicUser instead of nobody
I've also removed PrivateTmp = true because this is implied by dynamic user.

I've left ProtectHome = true because I believe this is stronger than
ProtectHome = "read-only" which DynamicUser implies.
2020-11-30 13:36:19 +00:00
happysalada
627dfecadd nixos/vector: add module 2020-11-30 16:22:08 +09:00
Jörg Thalheim
3b6ef967f3
nixos/rspamd: fix postfix integration 2020-11-30 07:29:32 +01:00
Florian Klink
a623bc0ba4
Merge pull request #104689 from petabyteboy/feature/gitlab-13-6-1
gitlab: 13.6.0 -> 13.6.1
2020-11-29 22:37:42 +01:00
Maximilian Bosch
752b6a95db
nixos/mautrix-telegram: update defaults
These three defaults must exist in the config now, otherwise
`mautrix-telegram` will refuse to start.
2020-11-29 21:28:07 +01:00
Gabriel Ebner
0155830275 nixos/pipewire: allow overriding the pipewire derivation 2020-11-29 17:43:07 +01:00
Gabriel Ebner
ce28fd3d22 nixos/pipewire: add media-session.d files 2020-11-29 17:43:07 +01:00
Gabriel Ebner
53029a15cc nixos/pipewire: enable sound on alsa support
Otherwise sound.extraConfig has no effect.
2020-11-29 15:08:38 +01:00
Frederik Rietdijk
0d8491cb2b Merge master into staging-next 2020-11-29 13:51:10 +01:00
Jörg Thalheim
6f330ccedf
nixos/nginx: add streamConfig option 2020-11-29 10:55:01 +01:00
StigP
e2968a0442
Merge pull request #102061 from braunse/gogs-0-12-3
gogs: 0.11.91 -> 0.12.3
2020-11-29 10:01:47 +01:00
Ryan Mulligan
cb42d08df2
Merge pull request #62104 from Vizaxo/master
nixos/exwm: allow custom Emacs load script
2020-11-28 18:47:21 -08:00
Martin Weinelt
62ef710b54
Merge pull request #104268 from mvnetbiz/ha-allowpaths
home-assistant: add allowlist_external_dirs to systemd unit ReadWritePaths
2020-11-29 00:25:35 +01:00
Sander van der Burg
336628268f nixos/disnix: reorder startup to take MongoDB and InfluxDB into account, add option to add Disnix profile to the system PATH 2020-11-28 20:15:21 +01:00
Sander van der Burg
5e392940cf nixos/dysnomia: add InfluxDB configuration options, add option to use legacy modules, eliminate import from derivation hack 2020-11-28 20:15:21 +01:00
Frederik Rietdijk
9e062723b2 Merge master into staging-next 2020-11-28 08:53:47 +01:00
Sebastien Braun
5c87a6b8ea gogs: 0.11.91 -> 0.12.3 2020-11-28 06:50:52 +01:00
Sandro
a390213f85
Merge pull request #85133 from snicket2100/mosquitto-service-sandboxing
mosquitto: systemd service sandboxing
2020-11-27 18:53:36 +01:00
Frederik Rietdijk
b2a3891e12 Merge master into staging-next 2020-11-27 15:09:19 +01:00
Milan Pässler
81aff9f411 nixos/gitlab: use bindsTo instead of requires for gitaly 2020-11-26 14:12:14 +01:00
Jan Tojnar
e95cc8519b
Merge pull request #104553 from jansol/pipewire
pipewire: 0.3.15 -> 0.3.16
2020-11-26 10:59:17 +01:00
Stijn DW
3d3bcc5cc9 nixos/factorio: Don't open firewall ports by default 2020-11-24 23:14:57 +01:00
Stijn DW
d93434458b nixos/factorio: add openFirewall option 2020-11-24 23:14:57 +01:00
Graham Christensen
d9c3f13df3
Merge pull request #104776 from grahamc/utillinux
utillinux: rename to util-linux
2020-11-24 15:14:36 -05:00
Graham Christensen
bc49a0815a
utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
adisbladis
302df2a9a1
Merge pull request #81661 from adisbladis/ssh-pam-sudo-keys
pam_ssh_agent_auth: Honour services.openssh.authorizedKeysFiles
2020-11-24 16:06:47 +01:00
Artturin
4db239272c mullvad-vpn: add iproute2 2020-11-24 06:12:32 -08:00
Peter Simons
58f29d3ca8
Merge pull request #104721 from vkleen/postfix-smtp-fix
nixos.postfix: make postfix.enableSmtp work again
2020-11-24 08:58:35 +01:00
Jan Tojnar
6d99109b12
Merge branch 'staging-next' into staging 2020-11-24 05:44:44 +01:00
adisbladis
ba1fa0c604
pam_ssh_agent_auth: Honour services.openssh.authorizedKeysFiles
If a system administrator has explicitly configured key locations this
should be taken into account by `sudo`.
2020-11-24 02:47:07 +01:00
Viktor Kleen
6216c843ed
nixos/postfix: make postfix.enableSmtp work again
This fixes issue #104715.
2020-11-23 23:46:06 +00:00
rnhmjoj
8f177612b1
nixos/wireless: fix failure with no interfaces
This resolves issue #101963.

When the service is started and no interface is ready yet, wpa_supplicant
is being exec'd with no `-i` flags, thus failing. Once the interfaces
are ready, the udev rule would fire but wouldn't restart the unit because
it wasn't currently running (see systemctl(1) try-restart).

The solution is to exit (with a clear error message) but always restart
wpa_supplicant when the interfaces are modified.
2020-11-24 00:18:18 +01:00
Florian Klink
bbf3c9483b
Merge pull request #104520 from Izorkin/wsdd
wsdd: init at 0.6.2
2020-11-23 23:18:23 +01:00
Frederik Rietdijk
587538d087 Merge staging-next into staging 2020-11-23 18:10:33 +01:00
Izorkin
03760ab82e
nixos/samba-wsdd: init service samba-wsdd 2020-11-23 13:26:00 +03:00
Jan Solanti
aca97840da pipewire: 0.3.15 -> 0.3.16
This release replaces the libpulseaudio shim with a pipewire module that acts as a fake pulseaudio server along with a systemd service that loads that module on demand.
2020-11-23 10:40:35 +02:00
zowoq
dbbd289982 nixos/*: fix indentation 2020-11-23 08:42:51 +10:00
Florian Klink
c76891314d
Merge pull request #104094 from flokli/systemd-unified-cgroup-hierarchy
systemd: switch to unified cgroup hierarchy by default
2020-11-22 22:35:42 +01:00
Florian Klink
904f124247
Merge pull request #99116 from jslight90/gitlab-13.4.0
GitLab 13.0.14 -> 13.6.0
2020-11-22 12:00:03 +01:00
Kai Wohlfahrt
db5bb4e26b nixos/openldap: Fix sssd-ldap test
Use this as a test of the migration warnings/functionality.
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
fefc26f844 nixos/openldap: use mkRenamedOptionModule
This offers less helpful warnings, but makes the implementation
considerably more straightforward.
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
ce1acd97a7 nixos/openldap: fix path + base64 value types 2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
b2ebffe186 nixos/openldap: Fix indentation 2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
3f892c2174 nixos/openldap: Remove extraConfig options
Instead of deprecating, as per PR feedback
2020-11-21 16:13:03 +00:00
Kai Wohlfahrt
2050376cae nixos/openldap: Mention schemas in migration hint 2020-11-21 15:45:16 +00:00
Kai Wohlfahrt
5fafbee87a nixos/openldap: Add release-notes for OLC config 2020-11-21 15:45:15 +00:00
Kai Wohlfahrt
adda7e62d0 nixos/openldap: Add support for base64 values 2020-11-21 15:39:20 +00:00
Kai Wohlfahrt
d05061c5cd nixos/openldap: Pick some PR nits 2020-11-21 15:39:20 +00:00
Kai Wohlfahrt
9528faf182 nixos/openldap: Allow declarativeContents for multiple databases 2020-11-21 15:39:19 +00:00
Kai Wohlfahrt
057cb570be nixos/openldap: Add delcarativeConfig by suffix
Adding by index could be an issue if the user wanted the data to be
added to a DB other than the first.
2020-11-21 15:39:19 +00:00
Kai Wohlfahrt
1fde3c3561 nixos/openldap: switch to slapd.d configuration
The old slapd.conf is deprecated. Replace with slapd.d, and use this
opportunity to write some structured settings.

Incidentally, this fixes the fact that openldap is reported up before
any checks have completed, by using forking mode.
2020-11-21 15:39:19 +00:00
Milan Pässler
0f82bd767b nixos/gitlab: start gitaly after gitlab 2020-11-21 01:38:11 +01:00
Jeff Slight
f98a6322e6 nixos/gitlab: add changes for gitlab 13.4.x 2020-11-20 19:26:30 +01:00
Frederik Rietdijk
ea7b8978ef Merge master into staging-next 2020-11-19 20:08:15 +01:00
Florian Klink
5d45f269aa nixos/k3s: disable unifiedCgroupHierarchy
This gets automatically disabled by docker if the docker backend is
used, but the bundled containerd also doesn't seem to support cgroupsv2,
so disable it explicitly here, too.
2020-11-19 16:56:46 +01:00
Jörg Thalheim
2bf5899d6a
Merge pull request #104105 from spacefrogg/openafs-1.9 2020-11-19 14:42:17 +01:00
Matt Votava
746efadcce home-assistant: add allowlist_external_dirs to systemd unit ReadWritePaths 2020-11-19 04:29:03 -08:00
Jörg Thalheim
0f84e08fcd
nixos/telegraf: make example a bit more compact 2020-11-18 21:41:58 +01:00
Jörg Thalheim
69caedcc42
nixos/telegraf: null value for environmentFiles is invalid
it's also not needed given that empty list covers all use cases.
2020-11-18 21:41:55 +01:00
Andreas Rammhold
6f7d8e5528
nixos/sane: bump the MaxConnections to a reasonable amount
Whenever I try to scan from another computer it has to establish >2
connections in order to succeed. With the connections being limited to 1
I can not scan any document.

This is also what other distributions ([Debian], [ArchLinux], …) have
done in one way or another.

[Debian]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850649#5
[ArchLinux]: no limit: 99cba454bb/trunk/saned.socket (L4)
2020-11-18 20:25:44 +01:00
Frederik Rietdijk
da12fc6838 Merge staging-next into staging 2020-11-18 15:36:56 +01:00
Janne Heß
e5e9887e38
nixos/dbus: Add AppArmor support 2020-11-18 10:10:36 +01:00
Michael Raitza
1f323ec2b4 openafs: remove 1.6; point to openafs_1_8 2020-11-17 21:31:59 +01:00
Vladimír Čunát
bdcd2d82ee
Merge #103633: kresd service: switch .listenDoH
... to new implementation - and a couple other improvements.
2020-11-17 20:06:55 +01:00
Vladimír Čunát
e61ef63e4e
kresd service: switch .listenDoH to new implementation
Beware: extraFeatures are not needed *for this* anymore,
but their removal may still cause a regression in some configs
(example: prefill module).
2020-11-17 20:04:56 +01:00
Maximilian Bosch
9fc484c373
Merge pull request #103717 from WilliButz/codimd/add-package-option
nixos/codimd: add package option, refactor prettyJSON
2020-11-16 13:46:17 +01:00
Jörg Thalheim
7534d92648
nixos/telegraf: allow multiple env files 2020-11-14 16:33:50 +01:00
Jörg Thalheim
8edc4619ab
nixos/telegraf: switch to setting types
This allows to split up configuration into multiple modules
2020-11-14 16:33:46 +01:00
Jörg Thalheim
157d7354d6
nixos/telegraf: add environmentFile option 2020-11-14 16:33:42 +01:00
Jörg Thalheim
9750813b89
nixos/telegraf: add support for native ping 2020-11-14 16:33:39 +01:00
WilliButz
74d354a397
nixos/codimd: add package option, refactor prettyJSON
This adds a `package` option to allow for easier overriding of the used
CodiMD version and `runCommandLocal` with `nativeBuildInputs` is now
used to pretty print the configuration.
2020-11-13 16:14:41 +01:00
Gabriel Ebner
753656bbbc
Merge pull request #103225 from gebner/hsphfpd
pulseaudio: add hsphfpd support
2020-11-11 19:56:35 +01:00
Kevin Cox
5dee9b5699
Merge pull request #96679 from midchildan/add-mackerel
mackerel-agent: init at 0.69.3
2020-11-11 06:59:22 -05:00
Aaron Andersen
e419de361d
Merge pull request #102376 from felschr/feat/cfdyndns-password-file
nixos/cfdyndns: add apikeyFile option
2020-11-10 18:08:25 -05:00
Edmund Wu
4d0ad2783d nixos/*: hsphfpd support 2020-11-10 20:53:13 +01:00
ajs124
fd950b9fc7
Merge pull request #103196 from helsinki-systems/fix/plasma5-noaliases
nixos/plasma5: Fix when running without aliases
2020-11-10 16:59:34 +01:00
Felix Tenley
a33290b1a8
nixos/cfdyndns: add apikeyFile option
nixos/cfdyndns: remove apikey option
2020-11-10 14:00:16 +01:00
Jörg Thalheim
31a0b5dff6
nixos/promtail: fix access to journal 2020-11-10 10:49:27 +01:00
Jörg Thalheim
4c64fa224e
nixos/loki: mergeable configuration
type.attrs is not mergable
2020-11-10 10:49:25 +01:00
Jörg Thalheim
88d1da8e5d
nixos/promtail: use json type for configuration 2020-11-10 10:49:23 +01:00
Jörg Thalheim
689eb49d42
nixos/loki: add logcli to system path
Admins quite likely want to query loki for debugging purpose.
2020-11-10 10:49:21 +01:00
Frederik Rietdijk
379aaa1e0c Merge master into staging-next 2020-11-10 10:11:08 +01:00
WORLDofPEACE
fcef646736
Merge pull request #93431 from sorki/audio/pulseJack
nixos/jack,pulseaudio: fix pulse connection to jackd service
2020-11-09 19:40:12 -05:00
Jan Tojnar
3a5ba30c13 fwupd: 1.4.6 → 1.5.1
* https://github.com/fwupd/fwupd/releases/tag/1.5.0
* https://github.com/fwupd/fwupd/releases/tag/1.5.1

* The changelog mentions removed dependency on efivar but we still need the package because it also contains efiboot required dependency. https://github.com/fwupd/fwupd/pull/2485
* Blacklist options were renamed.
* Test firmware was moved to a separate repo. We need to install it or some tests will be skipped. https://github.com/fwupd/fwupd/pull/2330
* Initially, there was an option to configure dbx but in the end, it was removed in favour of bespoke dbxtool. https://github.com/fwupd/fwupd/pull/2061, https://github.com/fwupd/fwupd/pull/2318, https://github.com/fwupd/fwupd/pull/2329
* Fwupd now checks hashes of plug-ins and will complain loudly that it is tainted when “invalid” plug-in is loaded (during testing).
* Installed tests complain about not being able to access cdn, even though we are not setting CI_NETWORK env var. We need a patch to fix that.
2020-11-09 22:50:17 +01:00
Frederik Rietdijk
20f001c01e Merge master into staging-next 2020-11-09 14:33:52 +01:00
Janne Heß
59239feacb
nixos/plasma5: Fix when running without aliases 2020-11-09 11:09:06 +01:00
Niklas Hambüchen
91b20fb1aa roundcube service: Restart on config changes.
Until now, e.g. `extraConfig` changes did not reflect in
the system on `nixos-rebuild switch`.
2020-11-08 22:20:18 +01:00
Ninjatrappeur
5f5d38e88f
Merge pull request #101218 from andir/unbound-systemd 2020-11-08 16:55:29 +01:00
Gabriel Ebner
df88279649
Merge pull request #103004 from lovesegfault/octoprint-marlingcodedocumentation
octoprint: add marlingcodedocumentation
2020-11-08 11:42:08 +01:00
Niklas Hambüchen
169ab0b89f redis service: Listen on localhost by default. Fixes #100192.
All other database servers in NixOS also use this safe-by-default setting.
2020-11-08 01:15:33 +01:00
Julien Moutinho
c48faf07f4 transmission: fix #98904 2020-11-07 16:27:24 +01:00
midchildan
921a66edc4
nixos/mackerel-agent: init 2020-11-07 13:37:33 +09:00
Andika Demas Riyandi
038497d3b3
nar-serve: init at 0.3.0 (#95420)
* nar-serve: init at 0.3.0

* nixos/nar-serve: add new module

Co-authored-by: zimbatm <zimbatm@zimbatm.com>
2020-11-06 18:59:51 +01:00
Maximilian Bosch
68726901e1
Merge pull request #94673 from justinas/prom-sql-exporter
prometheus-sql-exporter: init at 0.3.0
2020-11-06 17:00:47 +01:00
Justinas Stankevicius
d447c2413c
nixos/prometheus-sql-exporter: new module 2020-11-06 16:35:38 +01:00
Frederik Rietdijk
99fb79ae84 Merge master into staging-next 2020-11-06 12:51:56 +01:00
Bernardo Meurer
7fede29d83
nixos/octoprint: remove references to deprecated/removed m33-fio plugin 2020-11-06 00:39:50 -08:00
Aaron Andersen
33d8766feb
Merge pull request #102202 from danderson/danderson/post-stop
nixos/tailscale: use upstream systemd service config.
2020-11-05 20:22:53 -05:00
Wout Mertens
91d70c1edb
Merge pull request #102273 from rnhmjoj/bluetooth
nixos/bluetooth: disable restart on unit changes
2020-11-05 14:21:13 +01:00
Jan Tojnar
a821be7531
Merge branch 'master' into staging-next 2020-11-05 09:42:47 +01:00
Daniel Schaefer
d4905b1370
Merge pull request #99003 from martinetd/stunnel-doc 2020-11-04 17:40:48 +08:00
Frederik Rietdijk
10c57af49c Merge staging-next into staging 2020-11-04 09:28:07 +01:00
Jörg Thalheim
f2ec450424
Merge pull request #101249 from Izorkin/dhcpd-ipv6
nixos/dhcpcd: if disabled IPv6 don't solicit or accept IPv6
2020-11-04 08:09:08 +01:00
David Anderson
503caab776 nixos/tailscale: use upstream systemd service config.
Signed-off-by: David Anderson <dave@natulte.net>
2020-11-03 19:37:48 -08:00
Fabián Heredia Montiel
acd3d3dd20 nixos/modules/services/network-filesystems/ipfs: refactor
Add `package` option to change the package used for the service.
2020-11-03 17:35:06 -06:00
Andreas Rammhold
5903ea5395
nixos/unbond: unbound should be required for nss-lookup.target
Other units depend on nss-lookup.target and expect the DNS resolution to
work once that target is reached. The previous version
`wants=nss-lookup.target` made this unit require the nss-lookup.target
to be reached before this was started.

Another change that we can probalby do is drop the before relationship
with the nss-lookup.target. That might just be implied with the current
version.
2020-11-03 19:21:39 +01:00
Andreas Rammhold
2aa64e5df5
nixos/unbound: add option to configure the local control socket path
This option allows users to specify a local UNIX control socket to
"remote control" the daemon. System users, that should be permitted to
access the daemon, must be in the `unbound` group in order to access the
socket. When a socket path is configured we are also creating the
required group.

Currently this only supports the UNIX socket mode while unbound actually
supports more advanced types. Users are still able to configure more
complex scenarios via the `extraConfig` attribute.

When this option is set to `null` (the default) it doesn't affect the
system configuration at all. The unbound defaults for control sockets
apply and no additional groups are created.
2020-11-03 19:21:25 +01:00
Andreas Rammhold
aadc07618a
nixos/unbound: drop ReadWritePaths from systemd unit configuration
Both of the configured paths should be implicit due to RuntimeDirectory
& StateDirectory.
2020-11-03 19:21:24 +01:00
Andreas Rammhold
72fbf05c17
nixos/unbound: note about the AmbientCapabilities 2020-11-03 19:21:24 +01:00
Andreas Rammhold
5e602f88d1
nixos/modules/services/networking/unbound: update systemd unit
Previously we just applied a very minimal set of restrictions and
trusted unbound to properly drop root privs and capabilities.

With this change I am (for the most part) just using the upstream
example unit file for unbound. The main difference is that we start
unbound was `unbound` user with the required capabilities instead of
letting unbound do the chroot & uid/gid changes.

The upstream unit configuration this is based on is a lot stricter with
all kinds of permissions then our previous variant. It also came with
the default of having the `Type` set to `notify`, therefore we are also
using the `unbound-with-systemd` package here. Unbound will start up,
read the configuration files and start listening on the configured ports
before systemd will declare the unit "running". This will likely help
with startup order and the occasional race condition during system
activation where the DNS service is started but not yet ready to answer
queries.

Aditionally to the much stricter runtime environmet I removed the
`/dev/urandom` mount lines we previously had in the code (that would
randomly fail during `stop`-phase).

The `preStart` script is now only required if we enabled the trust
anchor updates (which are still enabled by default).

Another beneefit of the refactoring is that we can now issue reloads via
either `pkill -HUP unbound` or `systemctl reload unbound` to reload the
running configuration without taking the daemon offline. A prerequisite
of this was that unbound configuration is available on a well known path
on the file system. I went for /etc/unbound/unbound.conf as that is the
default in the CLI tooling which in turn enables us to use
`unbound-control` without passing a custom configuration location.
2020-11-03 19:21:24 +01:00
Kevin Cox
f1153d8a0a
Merge pull request #102528 from wizeman/u/fix-chrony-perm2
nixos/chrony: fix owner of chrony drift file
2020-11-03 12:44:13 -05:00
Kim Lindberger
cf2d180a12
Merge pull request #99906 from talyz/keycloak
nixos/keycloak: Init
2020-11-03 18:31:19 +01:00
ajs124
2b03d12ace
Merge pull request #102551 from freezeboy/remove-freepops
freepops: remove
2020-11-03 17:51:51 +01:00
WilliButz
0916fea195
Merge pull request #102541 from helsinki-systems/init/promtail
nixos/promtail: Add a promtail module
2020-11-03 17:34:01 +01:00
Kevin Cox
8230e62f57
Merge pull request #100495 from DianaOlympos/riak-cs-delete
riak-cs: delete
2020-11-03 11:17:42 -05:00