JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
393,419 Commits 2 Branches 0 Tags 12 GiB
779853b52b
Commit Graph

21803 Commits

Author SHA1 Message Date
Maximilian Bosch
779853b52b
Merge pull request #182413 from NetaliDev/pam-mount-fix-refactor 
nixos/pam: refactor pam_mount unmounting fix
 2022-07-22 14:05:44 +02:00
Maximilian Bosch
1f6910b7dd
Merge pull request #182267 from mayflower/confluence-secrets 
nixos/confluence: store crowd SSO password securely
 2022-07-22 13:12:17 +02:00
Maximilian Bosch
85231bbd6e
Merge pull request #182261 from mayflower/mailman-rest-api-pass-file 
nixos/mailman: don't leak MAILMAN_REST_API_PASS into the store
 2022-07-22 13:11:37 +02:00
Florian Klink
7c119675a3
Merge pull request #179002 from klemensn/move-passwdEntry-type 
move passwdEntry type
 2022-07-22 14:16:57 +07:00
Netali
93132dc09c
nixos/pam: refactor pam_mount unmounting fix 2022-07-22 04:17:14 +02:00
Sandro
98b4daa994
Merge pull request #181881 from SuperSandro2000/searx 2022-07-21 22:39:48 +02:00
Sandro
f7f8721b1e
Merge pull request #162689 from astro/glusterfs 
nixos/glusterfs: exclude hook "S10selinux-label-brick.sh"
 2022-07-21 22:15:00 +02:00
Lassulus
bcd7e09db0
Merge pull request #182204 from helsinki-systems/upd/vdo 
(k)vdo: 8.1.1.360 -> 8.2.0.2
 2022-07-21 21:46:27 +02:00
Sofi
e2b34f0f11
nixos/minecraft-server: let server shutdown cleanly (#182149) 2022-07-21 15:05:43 -04:00
Timothy DeHerrera
e8c3d13d00
Merge pull request #181674 from nrdxp/nvidia-udev 
nvidia: improve robustness of udev rules
 2022-07-21 09:00:47 -07:00
Vincent Haupert
539b61ea37 nixos/github-runner: fix capset syscall filtering 
capset(2) is a single system call, not a set of multiple system calls.
 2022-07-21 16:08:15 +02:00
Maximilian Bosch
258060c37d
nixos/confluence: store crowd SSO password securely 
Basically the same as the JIRA change[1], but I figured that we can
actually implement that in a backwards compatible manner.

[1] https://github.com/NixOS/nixpkgs/pull/181715
 2022-07-20 23:11:53 +02:00
Maximilian Bosch
db9937b578
nixos/mailman: don't leak MAILMAN_REST_API_PASS into the store 2022-07-20 22:23:54 +02:00
Maximilian Bosch
501bbad4ce
Merge pull request #182104 from mayflower/mail-exporter-secrets 
nixos/prometheus-mail-exporter: support storing `passphrase` outside of the store, use umask when using envsubst
 2022-07-20 20:42:14 +02:00
Maximilian Bosch
92bd77e85e
nixos/prometheus-mail-exporter: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch
590e60d124
nixos/mxisd: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch
81add6600c
nixos/privacyidea-ldap-proxy: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
ajs124
c386f8658b (k)vdo: 8.1.1.360 -> 8.2.0.2 2022-07-20 15:00:53 +02:00
Maximilian Bosch
39c0694709
nixos/prometheus-mail-exporter: support storing passphrase outside of the store 2022-07-19 17:32:08 +02:00
github-actions[bot]
cfe78489c9
Merge master into staging-next 2022-07-19 12:01:43 +00:00
Sandro
bca69a4037
Merge pull request #181867 from newAM/github-runner 
nixos/github-runner: fix systemd defaults for common workflows
 2022-07-19 12:56:17 +02:00
Euan Kemp
f158ac45ef nixos/k3s: use default cgroup-driver again 
Setting `cgroup-driver=systemd` was originally necessary to match with
docker, else the kubelet would not start (#111835)

However, since then, docker support has been dropped from k3s (#177790).
As such, this option is much less necessary.

More importantly, it now seems to be actively causing issues. Due to an
upstream k3s bug, it's resulting in the kubelet and containerd having
different cgroup drivers, which seems to result in some difficult to
debug failure modes.

See
https://github.com/NixOS/nixpkgs/issues/181790#issuecomment-1188840862
for a description of this problem.

Removing this flag entirely seems reasonable to me, and it results in
k3s working again on my machine.
 2022-07-19 02:52:12 -07:00
Wei Tang
b0a0087d53
nixos/flannel: upgrade to etcdv3 (#180315) 2022-07-19 16:09:42 +10:00
github-actions[bot]
305e8cb7b8
Merge master into staging-next 2022-07-19 06:03:02 +00:00
Wout Mertens
3ee8d4c909
netdata module: fix ExecStartPost (#181976) 2022-07-19 06:19:18 +02:00
github-actions[bot]
d64d75f2f3
Merge master into staging-next 2022-07-19 00:02:21 +00:00
Artturi
6dc4ee65f7
Merge pull request #179163 from cmm/network-setup-bindTo 
nixos/network-interfaces-scripted: don't bindTo absent network-setup.service
 2022-07-19 01:33:14 +03:00
Joachim F
0640ef2ccc
Merge pull request #180231 from dfithian/heartbeat 
heartbeat service: specify package
 2022-07-18 20:56:08 +02:00
Dan Fithian
49a5377557 heartbeat service: specify package 
Other elastic services can specify the package. Now we can also do it for heartbeat.
 2022-07-18 14:39:22 -04:00
github-actions[bot]
83702a6ef7
Merge master into staging-next 2022-07-18 18:01:14 +00:00
oaksoaj
fc9e22fca1 yggdrasil: add group option back and remove systemd User= directive 
The group configuration parameter allow to share access to yggdrasil
control socket with the users in the system. In the version we propose,
it is null by default so that only root can access the control socket,
but let user create their own group if they need.

Remove User= durective in systemd unit. Should a user with the specified
name already exist in the system, it would be used silently instead of a
dynamic user which could be a security concern.
 2022-07-18 12:56:59 -05:00
oaksoaj
080774e28f yggdrasil: reenable DynamicUser 
Since version 0.4 Yggdrasil works again using systemd's DynamicUser option.
This patch reenables it to improve security.

We tested this with both persistent and non-persistent keys. Everything
seems to work fine.
 2022-07-18 12:56:59 -05:00
Maximilian Bosch
179688c7c8
Merge pull request #181377 from mayflower/mxisd-secrets 
nixos/mxisd: allow passing secrets
 2022-07-18 15:10:49 +02:00
Maximilian Bosch
8b72dae17b
Merge pull request #181528 from Ma27/privacyidea-ldap-proxy-secrets 
nixos/privacyidea: better secret-handling ldap-proxy & RFC42-style settings for ldap-proxy
 2022-07-18 14:19:47 +02:00
github-actions[bot]
71fe747e70
Merge master into staging-next 2022-07-18 12:01:55 +00:00
Maximilian Bosch
949c334ea9
nixos/privacyidea-ldap-proxy: use list for EnvironmentFile for mergeability 2022-07-18 13:58:08 +02:00
Maximilian Bosch
dab3ae9d8b
Merge pull request #181715 from mayflower/jira-secret-opts 
nixos/atlassian-jira: allow to store SSO password for crowd outside of the Nix store
 2022-07-18 13:53:42 +02:00
Jörg Thalheim
9a020f31aa
Merge pull request #175439 from Mic92/jellyfin 
nixos/jellyfin: better defaults for hardware acceleration
 2022-07-18 12:51:54 +01:00
Maximilian Bosch
c2c82fbe43
nixos/mxisd: use a list for env file for mergeability 2022-07-18 13:47:09 +02:00
Janne Heß
4e0f8f7f44
Merge pull request #181882 from SuperSandro2000/systemd-boot 
nixos/systemd-boot: remove default log message if nothing changes
 2022-07-18 10:02:43 +02:00
Vladimír Čunát
250922fd1e
Merge branch 'master' into staging-next 2022-07-18 08:29:53 +02:00
Alex Martens
c34749dd63 nixos/github-runner: fix systemd defaults for common workflows 2022-07-17 22:02:57 -07:00
Sandro
24aefd2c82
Merge pull request #177240 from Majiir/streamdeck-ui 2022-07-17 23:27:43 +02:00
Sandro Jäckel
4396fd615c
nixos/systemd-boot: remove default log message if nothing changes 2022-07-17 21:46:50 +02:00
Sandro Jäckel
3920bb41f2
nixos/searx: improve searxng compatibility 2022-07-17 21:45:30 +02:00
Sandro
0890c4aef1
Merge pull request #168879 from aidalgol/pass-secret-service-systemd-unit 2022-07-17 16:45:27 +02:00
Bjørn Forsman
0080a93cdf nixos/jenkins-job-builder: create secret file with umask 0077 
IOW, don't make it world readable.
 2022-07-17 15:24:48 +02:00
Majiir Paktu
3ba735cce2 nixos/streamdeck-ui: init 2022-07-16 22:10:33 -04:00
github-actions[bot]
8df1eb061a
Merge master into staging-next 2022-07-17 00:02:14 +00:00
Sandro
04a5c30245
Merge pull request #179582 from catap/prl-tools 2022-07-17 01:41:46 +02:00