Commit Graph

16308 Commits

Author SHA1 Message Date
Aaron Andersen
890327d751
Merge pull request #106698 from aanderse/nixos/clamav
nixos/clamav: add settings options to replace extraConfig options
2021-02-24 22:57:41 -05:00
Maximilian Bosch
797721423c
nixos/nextcloud: update nginx config
Please note that I didn't use the current nginx config from the
administration manual as this would've broken ACME challenges[1].

Also added a fix for Microsoft clients.

[1] https://github.com/nextcloud/documentation/pull/5825#issuecomment-783977761
2021-02-24 23:01:14 +01:00
Maximilian Bosch
b1f65920c3
nixos/nextcloud: add defaultPhoneRegion option for v21 2021-02-24 22:27:39 +01:00
Cole Helbling
1b37f66fc1 nixos/zrepl: init
zrepl is a ZFS backup and replication tool written in Go.
2021-02-24 11:56:02 -08:00
talyz
53d9ec83ff
nixos/gitlab: postgresql: Make PSQL a function, run as superUser
A function is more appropriate for this use. See
http://mywiki.wooledge.org/BashFAQ/050 for reference.

Also, we don't need to run the service as root: since we essentially
run all commands as `services.postgresql.superUser` anyway, the whole
service can just run as that user instead.
2021-02-24 18:32:31 +01:00
talyz
2b3800b9c7
nixos/gitlab: Change default SMTP port, enable postfix only if used
Change the default SMTP port to `25`, to better match the default
address `localhost`. This gets rid of some error outputs in the test,
where it fails to connect to localhost:465.

Also, don't enable postfix by default unless it's actually useful to
us.
2021-02-24 18:32:24 +01:00
talyz
f8ab43ef7b
nixos/gitlab: Switch from unicorn to puma
Puma is the new upstream default server since GitLab 13.
2021-02-24 18:31:30 +01:00
talyz
2ec397ff9f
nixos/gitlab: Clean up the config dir more thoroughly
This removes all the subdirectories in `config` on start.

From one version of GitLab to the next, the files in the `config`
directory changes. Since we're only overwriting the existing files
with ones from the repo, cruft sometimes gets left behind,
occationally causing issues.

Ideally, all configuration put in the `config` directory is declared
by NixOS options and we could just remove the whole directory on
start, but I'm not sure if that's the case. It would also require a
little bit of additional rework and testing. The subdirectories,
however, should seldom contain user configuration and the ones that
frequently does, `initializers`, is already removed on start.
2021-02-24 18:31:24 +01:00
Aaron Andersen
fbecdac147
Merge pull request #113487 from aanderse/nixos/galera
nixos/mysql: properly configure mariadb for galera recovery
2021-02-24 08:49:54 -05:00
adisbladis
779ed9ea77
Merge pull request #106983 from bachp/geth-service
nixos/geth: initial service
2021-02-23 20:54:06 +01:00
Bernardo Meurer
cdcaafc3fe
Merge pull request #114024 from LuigiPiucco/pressure-vessel
steam: fix proton versions with pressure-vessel
2021-02-23 19:20:12 +00:00
Pascal Bach
3ec9637a05 nixos/geth: initial service 2021-02-23 19:28:51 +01:00
freezeboy
fc2ae7d79e nixos/plikd: Add new service module 2021-02-23 15:35:16 +01:00
Florian Klink
f3af2df658
Merge pull request #111635 from xaverdh/hide-pid-broken
nixos/hidepid: remove module, it's broken
2021-02-23 00:20:29 +01:00
Florian Klink
47589ade46
Merge pull request #113804 from rnhmjoj/no-udev-settle-2
nixos/console: fix console setting reloading
2021-02-22 23:22:04 +01:00
Luigi Sartor Piucco
f9d9740e68 steam module: add proper steam.run as well 2021-02-22 14:35:45 -03:00
Luigi Sartor Piucco
e358a6f4fd steam: add drivers to bwrap 2021-02-22 14:35:44 -03:00
Maximilian Bosch
f7011c70f3
nextcloud21: init at 21.0.0, set as default version
ChangeLog: https://nextcloud.com/changelog/#latest21

* Packaged 21.0.0, test-deployed it to my personal instance and tested
  the most basic functionality (`davfs2`-mount, {card,cal}dav sync, file
  management).

* Bumped the default version for unstable/21.05 to `nextcloud21`. Since
  `nextcloud20` was added after the release of 20.09 (and thus the
  default on 20.09 is still `nextcloud19`), it's now needed to upgrade
  across two majors.

  This is not a problem though since it's possible to upgrade to v20 on
  20.09 already and if not, the module will guard the administrator
  through the upgrade with eval warnings as it's the case since 20.03.

* Dropped `nextcloud17` attribute and marked `nextcloud18` as EOL.
2021-02-22 13:04:42 +01:00
github-actions[bot]
d8f2a7bf5c
Merge master into staging-next 2021-02-22 00:37:52 +00:00
David Arnold
6a3855af2b
Merge branch 'master' into da/fixup-sd-card-move 2021-02-21 16:39:38 -05:00
Jörg Thalheim
a9bf245393
Merge pull request #113772 from Mic92/pipewire
nixos/pipewire: only enable media-session if pipewire is enabled
2021-02-21 21:21:51 +00:00
David Arnold
6bfaed9b2c
installer: fixup sd-card folder move from #110827 2021-02-21 16:12:54 -05:00
WORLDofPEACE
0c3514f782
Merge pull request #99011 from andersk/plymouth-label
nixos/plymouth: Add label plugin and a font to the initrd
2021-02-21 15:44:54 -05:00
Anders Kaseorg
9d21f1dfab nixos/plymouth: Add label plugin and a font to the initrd
This allows Plymouth to show the “NixOS 21.03” label under the logo at
startup like it already does at shutdown.

Fixes #59992.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2021-02-21 10:27:15 -08:00
github-actions[bot]
93b17c1b4d
Merge master into staging-next 2021-02-21 18:17:22 +00:00
Robert Hensing
92b1ef601c
Merge pull request #110827 from xoe-labs/da/sd-are-no-installation-devices
installer: split sd cards -> base for bespoke sd images
2021-02-21 18:34:47 +01:00
WORLDofPEACE
4287f5adfa
Merge pull request #100569 from andersk/gdm-plymouth
nixos/gdm: Conflict plymouth-quit, but more carefully
2021-02-21 11:03:18 -05:00
Guillaume Girol
aed173ff97
Merge pull request #113904 from ju1m/dnscrypt-proxy2
nixos/dnscrypt-proxy2: reallow @sync syscalls
2021-02-21 14:17:24 +00:00
Julien Moutinho
862481560c nixos/dnscrypt-proxy2: reallow @sync syscalls 2021-02-21 14:53:54 +01:00
Guillaume Girol
1d55adbce8
Merge pull request #113237 from jflanglois/fix-kmscon
nixos/services/kmscon: fix systemd configuration
2021-02-21 13:43:31 +00:00
Dominik Xaver Hörl
893d911b55 nixos/hidepid: drop the module as the hidepid mount option is broken
This has been in an unusable state since the switch to cgroups-v2.
See https://github.com/NixOS/nixpkgs/issues/73800 for details.
2021-02-21 13:51:37 +01:00
github-actions[bot]
cf22d5fee7
Merge master into staging-next 2021-02-21 12:19:43 +00:00
rnhmjoj
9be0529210
nixos/console: fix console setting reloading
It's a dull and boring day, it's cold outside and I'm stuck at home: let
me tell you the story of systemd-vconsole-setup.

In the beginnings of NixOS[1], systemd-vconsole-setup was a powerful
sysinit.target unit, installed and running at boot to set up fonts
keyboard layouts and even colors of the virtual consoles. If needed, the
service would also be restarted after a configuration change, consoles
were happy and everything was good, well, almost.

Since the service had no way to specify the dependency "ttys are ready",
modesetting could sometimes happen *after* systemd-vconsole-setup had
started, leaving the console in a broken state. So abbradar worked
around that by putting a systemd-udev-settle `After=`.

In the meanwhile, probably realizing their mistake, systemd added a
shiny udev rule to start the systemd-udev-settle at the right time[2].
However, the rule bypassed systemd by directly running the binary
`systemd-udev-settle`, and the service - though still installed - fell
into disuse.

Two years would pass before a good samaritan, seeing the poor jobless
systemd-udev-settle service, decided to give it the coup de grâs[3] by
unlisting it from the installed units.
This, combined with another bug, caused quite a commotion[4] in NixOS;
to see why remember the fact that `WantedBy=` in upstream units doesn't
work[5], so it had to be added manually in cc542110, but while systemd
removed it, the NixOS unit continued to install and restart the service,
making a lot of fuss when switching configuration.

After at least thee different tentative fixes, deedrah realised[6] what
the root cause was and fpletz put the final nail[7] in the coffin of
systemd-udev-settle. The service would never see the light of a boot
again, NixOS would not restart it all the time but thanks to udev
consoles would still get their pretty fonts and playful colors.

The En..

..no, wait! You should ask what came of systemd-udev-settle, first.
And why is the service even around if udev is doing all the work?

Udev-settle, like the deceitful snake that he is, laid hidden for years.
He looks innocuous doesn't it? A little hack. Only until it leaves his
den and a poor user[8] drops dead. Obviously, it serves no purpose, as
the service is not part of the boot process anymore, so let's remove it
for good!

About the service, it may not be useful at boot, but it can be started
to pick up changes in vconsole.conf and set the consoles accordingly.
But wait, this doesn't work anymore: the service is never started at
boot (remember f76d2aa6), so switch-to-configuration.pl will not restart
it. Fortunately it can be repaired: here I install a new unit which
does *nothing* on start, but restarts the real service when reloaded.
This perfectly reproduces the original behavior, hopefully without the
original bugs too.

The End?

[1]: cc54211069
[2]: f6ba8671d8 (diff-84849fddcef81458f69725dc18c6614aade5c4f41a032b6908ebcf1ee6740636)
[3]: 8125e8d38e
[4]: https://web.archive.org/web/20180603130107/https://github.com/NixOS/nixpkgs/issues/22470
[5]: https://github.com/NixOS/nixpkgs/issues/81138
[6]: https://web.archive.org/web/20180603130107/https://github.com/NixOS/nixpkgs/issues/22470#issuecomment-330930456
[7]: f76d2aa6e3
[8]: https://github.com/NixOS/nixpkgs/issues/107341
2021-02-21 10:27:34 +01:00
github-actions[bot]
dc31fd042c
Merge master into staging-next 2021-02-21 00:38:49 +00:00
nicoo
d7c15d0eec nixos/hyperv-guest: rngd was removed, no need to disable it 2021-02-21 01:34:56 +01:00
nicoo
c8dcbfc047 nixos/swap: Remove dependency on rngd (module removed) 2021-02-21 01:33:50 +01:00
nicoo
39383a8494 nixos/rngd: Remove module entirely, leave an explaination
Per @shlevy's request on #96092.
2021-02-21 01:32:50 +01:00
Florian Klink
d0be6dcd70
Merge pull request #110784 from talyz/gce-fetch-ssh-keys
google-compute-config: Reintroduce fetch-ssh-keys
2021-02-20 22:19:53 +01:00
Michele Guerini Rocco
19d715c573
Merge pull request #107382 from rnhmjoj/no-udev-settle
nixos/{networkd,dhcpcd}: remove udev-settle hack
2021-02-20 20:49:19 +01:00
Jörg Thalheim
f3918b4bc3
nixos/pipewire: only enable media-session if pipewire is enabled 2021-02-20 13:42:18 +01:00
github-actions[bot]
4c0670dace
Merge staging-next into staging 2021-02-20 06:17:59 +00:00
Sandro
38769f8a26
Merge pull request #113715 from vojta001/miniflux-docs
miniflux: fix link to docs
2021-02-20 06:09:00 +01:00
github-actions[bot]
abe7db36a4
Merge staging-next into staging 2021-02-20 00:36:40 +00:00
Aaron Andersen
cb2bce709f
Merge pull request #83479 from matt-snider/nixos/etesync-dav
nixos/etesync-dav: init module
2021-02-19 19:02:37 -05:00
David Arnold
68afbf9d63 installer: add deprecation warning about sd-card file move 2021-02-19 19:00:19 -05:00
David Arnold
481f68f1a5 installer: add back-compat files for sd-card image folder move 2021-02-19 19:00:19 -05:00
David Arnold
3c744bf68d installer: split sd-card into installer & base for bespoke image 2021-02-19 19:00:19 -05:00
David Arnold
3323b0ff0d
installer: move ./cd-dvd/sd-card* -> ./sd-card/ 2021-02-19 18:56:23 -05:00
Florian Klink
68496cb927
Merge pull request #113570 from xaverdh/remove-systemConfig
Remove system config kernel parameter
2021-02-19 20:43:07 +01:00
Vojtěch Káně
d51ec7e83d miniflux: fix link to docs 2021-02-19 20:14:14 +01:00
Jan Tojnar
8f50f1ce10
Merge branch 'staging-next' into staging
Resolved the following conflicts:

- kernel flags between 09176d28a0 and 2b28822d8d
- clojure-lsp between 3fa00685ce and e03c068af5
2021-02-19 17:15:31 +01:00
Guillaume Girol
56923181e9
Merge pull request #107402 from ctem/fix/luksroot-master
boot.initrd.luks: add reusePassphrases support for YubiKey 2FA
2021-02-19 15:42:45 +00:00
talyz
95f96de78e
gce/fetch-ssh-keys: Put script in separate file, use PrivateTmp...
...check the script with shfmt and shellcheck + some other minor
refactoring.
2021-02-19 15:17:12 +01:00
Sandro
4b694d5e3d
Merge pull request #113674 from SuperSandro2000/fix-collection16 2021-02-19 13:27:03 +01:00
rnhmjoj
8e59a682a5
nixos/udev: add option to install rules in initrd
Note: this moves the example rule used to rename network interfaces in
the new udev.initrdRules option, which is required since 115cdd1c.
2021-02-19 09:26:13 +01:00
zowoq
3dab057264 Merge staging-next into staging 2021-02-19 10:47:46 +10:00
Sandro Jäckel
c75d7d2f8c
nixos/grub: fix editor check 2021-02-18 22:25:57 +01:00
rnhmjoj
65325292da
nixos/stage-1: install networkd link files
Renaming an interface must be done in stage-1: otherwise udev will
report the interface as ready and network daemons (networkd, dhcpcd,
etc.) will bring it up. Once up the interface can't be changed and the
renaming will fail.

Note: link files are read directly by udev, so they can be used even
without networkd enabled.
2021-02-18 22:07:00 +01:00
rnhmjoj
15d6eacb15
nixos/{networkd,dhcpcd}: remove udev-settle hack
systemd-udev-settle is a terrible hack[1] and should never[2] ever[3]
used, seriously it's very bad. It was used as a stop-gap solution for
issue #39069, but thanks to PR #79532 it can be removed now.

[1]: https://github.com/systemd/systemd/issues/7293#issuecomment-592941764
[2]: https://github.com/NixOS/nixpkgs/issues/73095
[3]: https://github.com/NixOS/nixpkgs/issues/107341
2021-02-18 22:07:00 +01:00
Dominik Xaver Hörl
0e8d7f9b3d nixos/install-grub: normalize whitespace 2021-02-18 20:51:34 +01:00
Daniël de Kok
6e10cf2c1c
Merge pull request #108045 from mmilata/moinmoin-module-fix
nixos/moinmoin: fix module by switching to eventlet worker
2021-02-18 16:13:22 +01:00
Peter Hoeg
c382780e9b nixos/bluetooth: fix more stupidity on my part
Say this 10 times so I don't forget:

 - just because something has been tested and confirmed working, doesn't
   mean that a trivial change can go in without testing simply because
   it looks OK. test, test, test.
 - just because something has been tested and confirmed working, doesn't
   mean that a trivial change can go in without testing simply because
   it looks OK. test, test, test.
 - just because something has been tested and confirmed working, doesn't
   mean that a trivial change can go in without testing simply because
   it looks OK. test, test, test.
 - just because something has been tested and confirmed working, doesn't
   mean that a trivial change can go in without testing simply because
   it looks OK. test, test, test.
 - just because something has been tested and confirmed working, doesn't
   mean that a trivial change can go in without testing simply because
   it looks OK. test, test, test.
 - just because something has been tested and confirmed working, doesn't
   mean that a trivial change can go in without testing simply because
   it looks OK. test, test, test.
 - just because something has been tested and confirmed working, doesn't
   mean that a trivial change can go in without testing simply because
   it looks OK. test, test, test.
 - just because something has been tested and confirmed working, doesn't
   mean that a trivial change can go in without testing simply because
   it looks OK. test, test, test.
 - just because something has been tested and confirmed working, doesn't
   mean that a trivial change can go in without testing simply because
   it looks OK. test, test, test.
 - just because something has been tested and confirmed working, doesn't
   mean that a trivial change can go in without testing simply because
   it looks OK. test, test, test.

I'm sorry guys.
2021-02-18 14:54:19 +00:00
sohalt
725966b870 nixos/spacenavd: init 2021-02-18 15:08:20 +01:00
Dominik Xaver Hörl
61d746a7d3 nixos: don't set systemConfig for stage-2
Since c4f910f550, this is no longer
needed, because stage-2 is already generated with the path hard wired anyway.
2021-02-18 12:48:08 +01:00
Arian van Putten
5276ebb5ee nixos: Get rid of systemConfig kernel parameter
It was introduced in c10fe14 but removed in c4f910f.

It remained such that people with older generations in their boot
entries could still boot those. Given that the parameter hasn't had any
use in quite some years, it seems safe to remove now.

Fixes #60184
2021-02-18 12:48:08 +01:00
Sandro Jäckel
754a8db42d
nixos/printing: remove google cloud print 2021-02-18 02:21:38 +01:00
Aaron Andersen
4b9262786d nixos/mysql: properly configure mariadb for galera recovery 2021-02-17 15:50:20 -05:00
github-actions[bot]
9d6726a2e3
Merge staging-next into staging 2021-02-17 18:14:09 +00:00
Maximilian Bosch
910e103fcb
Merge pull request #113323 from witchof0x20/nextcloud_redirect_fix
nixos/nextcloud: DAV .well-known redirect fix
2021-02-17 17:23:35 +01:00
Francesco Gazzetta
d56f72178e nixos/mlmmj: use appropriate postfix options
instead of extra*

should make the module more interoperable with others
2021-02-17 16:00:59 +00:00
Francesco Gazzetta
7596e7a495 nixos/mlmmj: add more list headers
since we already add a couple of default headers, it makes sense to have
a sensible default and add the unsubscribe header and friends
2021-02-17 15:59:06 +00:00
Justin Humm
40f60919ab nixos/mastodon: fix group membership for nginx
4255954d97 set the StateDirectory to 0750,
but nginx wasn't in the Mastodon group. This commit also deletes a line,
that probably was intended to serve this purpose, but makes no sense.
Why should the Mastodon user be added as an extraGroup to the nginx
user?
2021-02-17 15:16:14 +01:00
github-actions[bot]
41b30ed9a6
Merge staging-next into staging 2021-02-17 12:20:08 +00:00
Matt Snider
58058515a3
nixos/etesync-dav: init module 2021-02-17 10:43:08 +01:00
ilian
29a6c9b9a3 nixos/hypervGuest: add Microsoft Synthetic Keyboard driver
Ensure that the HyperV keyboard driver is available in the early
stages of the boot process. This allows the user to enter a disk
encryption passphrase or repair a boot problem in an interactive
shell.
2021-02-17 08:01:34 +00:00
Jörg Thalheim
9783fa9554
Merge pull request #110615 from jansol/pipewire 2021-02-17 07:41:27 +00:00
github-actions[bot]
cd9df16806
Merge staging-next into staging 2021-02-17 06:14:55 +00:00
Peter Hoeg
bf11a28bd3 nixos/bluetooth: hotfix for stupidity 2021-02-17 05:58:08 +00:00
Peter Hoeg
1a4c039432 nixos/bluetooth: add support for disabling plugins 2021-02-17 02:40:59 +00:00
github-actions[bot]
3e0ef2752a
Merge staging-next into staging 2021-02-17 00:36:34 +00:00
WORLDofPEACE
8a2bd1342e
Merge pull request #113064 from worldofpeace/fix-108124
nixos/tools: make desktopConfiguation types.listOf types.lines
2021-02-16 15:16:53 -05:00
github-actions[bot]
c0f4dcb71d
Merge staging-next into staging 2021-02-16 18:17:00 +00:00
Jade
f83d4f86d5
Nextcloud redirect fix 2021-02-16 11:58:38 -05:00
Izorkin
96f0c2c191 mastodon, nixos/mastodon: use the same nodejs package in package and module 2021-02-16 17:57:31 +01:00
Julien Langlois
f3828c53c9
nixos/services/kmscon: fix systemd configuration
This fixes https://github.com/NixOS/nixpkgs/issues/112616
2021-02-15 16:58:54 -05:00
github-actions[bot]
e88fb2d10c
Merge staging-next into staging 2021-02-15 18:17:10 +00:00
Maximilian Bosch
274109a8d6
Merge pull request #113108 from Ma27/nextcloud-acme
nixos/nextcloud: fix regex to not return 404 on ACME challenges
2021-02-15 18:53:35 +01:00
Maximilian Bosch
31864de85d
Merge pull request #113187 from Ma27/nextcloud-dav
nixos/nextcloud: redirect /.well-known/*dav to https url
2021-02-15 18:53:19 +01:00
Leonard Pollak
a9a100adf6 nixos/ceph: fix ceph.client.extraOptions type 2021-02-15 14:56:26 +01:00
github-actions[bot]
a1d9d57051
Merge staging-next into staging 2021-02-15 12:20:16 +00:00
Lassulus
2489d95c1c
Merge pull request #110627 from 4z3/use-real-user-name-for-per-user-packages
nixos/users: use proper name for per-user packages
2021-02-15 12:45:24 +01:00
Izorkin
e3a7270e3d nixos/mastodon: fix mastodon-init-db script 2021-02-15 11:43:03 +01:00
Izorkin
4255954d97 nixos/mastodon: optimize permissions 2021-02-15 11:43:03 +01:00
Izorkin
424e7b0f5d nixos/mastodon: use unix socket to default 2021-02-15 11:43:03 +01:00
Izorkin
f1adea1a94 nixos/mastodon: add option trustedProxy 2021-02-15 11:43:03 +01:00
Maximilian Bosch
f89652a23e
nixos/nextcloud: redirect /.well-known/*dav to https url
Fixes #113155
2021-02-15 11:03:12 +01:00
github-actions[bot]
018f748b81
Merge staging-next into staging 2021-02-15 00:37:07 +00:00
Jan Solanti
3d69688289 pipewire: rename pwms to media-session 2021-02-14 23:54:23 +02:00
Jan Solanti
b9b9fff6d6 pipewire: use strictly upstream defaults 2021-02-14 23:54:17 +02:00
Aaron Andersen
796e3d6ff6
Merge pull request #111695 from jansol/xow
xow: fix service
2021-02-14 13:32:55 -05:00