Commit Graph

19678 Commits

Author SHA1 Message Date
Aaron Andersen
1a828f66dc nixos/redis: replace extraConfig option with settings option 2021-01-04 20:08:38 -05:00
Sarah Brofeldt
ffe5ff6009 dockerTools: Test buildLayeredImage with symlinks
This exercises layer creation in face of store path symlinks, ensuring
they are not dereferenced, which can lead to broken layer tarballs
2021-01-04 21:44:47 +01:00
pacien
d94921db12 fish-foreign-env: move to fishPlugins.foreign-env
And relocate the installed fish functions to the `vendor_functions.d` so
that they're automatically loaded.
2021-01-04 18:53:59 +01:00
Andreas Rammhold
653f805f09 nixos/tests/dovecot: enable dovecot_pigeonhole plugin
This plugin is used commonly enough that we should ensure it still
builds (and dovecot works) after loading it.

This is not yet perfect as we aren't testing any of it's functionality
but at least we ensure that dovecot continues to do the regular job.
2021-01-04 18:17:26 +01:00
talyz
0f0d5c0c49
profiles/hardened: Add note about potential instability
Enabling the profile can lead to hard-to-debug issues, which should be
warned about in addition to the cost in features and performance.

See https://github.com/NixOS/nixpkgs/issues/108262 for an example.
2021-01-04 16:03:29 +01:00
Eelco Dolstra
dd23fc0ca2
Typo 2021-01-04 12:44:03 +01:00
Patryk Wychowaniec
30ccbe8eec
nixos/lxd: disable cgroup v2 when LXD is active 2021-01-04 11:25:30 +01:00
Julien Moutinho
0ccdd6f2b0 nixos/tor: improve type-checking and hardening
Fixes #77395.
Fixes #82790.
2021-01-04 01:02:26 +01:00
Maximilian Bosch
3b57908018
Merge pull request #108179 from WilliButz/update/prometheus-json-exporter/0.2.0
prometheus-json-exporter: unstable-2017-10-06 -> 0.2.0
2021-01-03 19:28:12 +01:00
Maximilian Bosch
6e43cc7fb0
nixos/prometheus-exporters: minor doc improvements
* Content of `programlisting` shouldn't be indented, otherwise it's
  weirdly indented in the output.
* Use `<xref linkend=.../>` in the release notes: then users can
  directly go to the option documentation when reading release notes.
* Don't use docbook tags in `mkRemovedOptionModule`: it's only used
  during evaluation where docbook isn't rendered.
2021-01-03 19:04:33 +01:00
Phillip Cloud
287939e2ed nixos/prometheus: update relabel_action list 2021-01-03 11:01:30 -05:00
Milan Pässler
12f3e2c42c nixos/tests/shadow: add switch user subtest 2021-01-03 15:54:48 +01:00
Milan Pässler
018072ea22 nixos/pam: use pam_faillock instead of pam_tally
Fixes #108313

\#107185 removed pam_tally, in favor of pam_faillock (see release notes).
2021-01-03 15:54:23 +01:00
github-actions[bot]
bc30d1eb34
Merge master into staging-next 2021-01-03 00:56:46 +00:00
ajs124
e78177e55e
Merge pull request #107597 from helsinki-systems/upd/xfsprogs
xfsprogs: 4.19 -> 5.10
2021-01-02 23:55:09 +01:00
Tim Steinbach
4c9414d31c hub: Add test 2021-01-02 15:43:01 -05:00
ajs124
a2267f6341 xfsprogs: 4.19 -> 5.10 2021-01-02 18:45:22 +01:00
Thiago Kenji Okada
a2391053b6 nixos/opentabletdriver: add package option 2021-01-02 14:09:31 -03:00
github-actions[bot]
ec161d2240
Merge master into staging-next 2021-01-02 12:24:09 +00:00
WilliButz
3f94c66ee1
nixos/prometheus-json-exporter: update modules & tests, add release notes 2021-01-02 13:10:27 +01:00
Thomas Tuegel
f69c648da4
Merge pull request #108128 from ttuegel/plasma-sync-qt-version
nixos/plasma5: synchronize Qt version with all-packages.nix
2021-01-02 05:47:02 -06:00
Florian Klink
71e24364c9
Merge pull request #108184 from lovesegfault/command-not-found-nix-shell
nixos/command-not-found: don't suggest nix-env
2021-01-02 12:04:43 +01:00
Florian Klink
88738dd72d
Merge pull request #106787 from flokli/console-optional-display-manager
nixos/console: fix Before= on the systemd-vconsole-setup unit
2021-01-02 11:04:14 +01:00
Bernardo Meurer
e4cd9a8f04
nixos/command-not-found: don't use fancy quotes 2021-01-01 20:04:28 -08:00
Bernardo Meurer
88632b7801
nixos/command-not-found: don't suggest nix-env 2021-01-01 16:29:05 -08:00
github-actions[bot]
c0a9361687
Merge master into staging-next 2021-01-01 18:39:09 +00:00
WilliButz
5e9d92c839
Merge pull request #108142 from Ma27/grafana-img-renderer
grafana-image-renderer: init at 2020-12-01
2021-01-01 19:19:51 +01:00
Maximilian Bosch
ca2a67549d
nixos/grafana-image-renderer: init 2021-01-01 19:19:11 +01:00
WilliButz
0587d518db
Merge pull request #107891 from lukegb/smokeping-prober
prometheus-smokeping-prober: init at 0.3.1 from git
2021-01-01 16:08:20 +01:00
WilliButz
15c7a0eb18
Merge pull request #108067 from 0x4A6F/master-prometheus-service
nixos/prometheus: fix remote_{read,write} options
2021-01-01 16:04:06 +01:00
WilliButz
2b04b8817e
Merge pull request #108096 from lukegb/bird-exporter
prometheus-bird-exporter: init at 1.3.5-git
2021-01-01 16:03:37 +01:00
WilliButz
a4960d450e
Merge pull request #107980 from lukegb/grafana-plugins
Add Nix packages for Grafana plugins and allow declarative installation
2021-01-01 16:00:17 +01:00
0x4A6F
06414886f1
nixos/prometheus: fix remote_{read,write} options
Fix and reorder options and use mkOpt for optional parameters,
according to official documentation.
2021-01-01 14:43:51 +00:00
Thomas Tuegel
e65962eafd
nixos/plasma5: synchronize Qt version with all-packages.nix 2021-01-01 08:26:33 -06:00
Luke Granger-Brown
699e402705 prometheus-bird-exporter: init at 1.3.5-git 2021-01-01 04:43:59 +00:00
github-actions[bot]
5dffe03f30
Merge master into staging-next 2020-12-31 18:42:41 +00:00
Samuel Dionne-Riel
4e75a31e98 linux: configure aarch64 contiguous memory allocator via kernel config
As per the in-line comment, this is where distros should configure it.
Not via kernel command line parameters.

As found by looking at the implementation, while exploring the cause of
a bug on the Raspberry Pi 4, it was found that `cma=` on the command
line parameters will overwrite the values a device tree will have
configured for a given platform.

With this, the more recent 5.4 vendor kernel boots just fine on the
Raspberry Pi 4 using our common configuration.
2020-12-31 18:20:49 +01:00
Samuel Dionne-Riel
f9d5de05d2 sd-image-raspberrypi4: Use u-boot for booting
This includes setting up everything for the mainline Raspberry Pi 4
image.

In fact, the only difference left in the Raspberry Pi 4-specific image
is the kernel from the vendor.
2020-12-31 18:20:49 +01:00
Frederik Rietdijk
e823016e66 Merge master into staging-next 2020-12-31 13:29:32 +01:00
lewo
7a6a0577f6
Merge pull request #107610 from puffnfresh/patch-3
oci-containers: fix containers attribute in docs
2020-12-31 09:39:25 +01:00
Jörg Thalheim
c2fca99f97
Revert "Merge branch 'master' into staging-next"
This reverts commit f19b7b03a0, reversing
changes made to 572a864d02.

Sorry. I pushed the wrong staging-next (the one that had my master
merged in). This was not intended.
2020-12-31 08:50:36 +01:00
Jörg Thalheim
f19b7b03a0
Merge branch 'master' into staging-next 2020-12-31 07:31:38 +01:00
Niklas Hambüchen
9206c0d115
Merge pull request #41966 from aneeshusa/allow-mutable-shells-for-declarative-users
nixos/users: Allow mutable shells for declarative users
2020-12-31 02:03:22 +01:00
Niklas Hambüchen
9424925867
Merge pull request #85244 from tomberek/tomberek/amazon-init
amazon-init: add xz to PATH
2020-12-31 01:50:19 +01:00
Niklas Hambüchen
5604a20762
Merge pull request #80769 from chkno/nixos-enter-tmp
nixos/nixos-enter: Create /tmp
2020-12-31 01:37:41 +01:00
Silvan Mosberger
ff97a25fc6
Merge pull request #104419 from otavio/topic/shellhub
shellhub-agent: Add service and package expressions
2020-12-31 00:07:42 +01:00
Otavio Salvador
06edbabe06 nixos/shellhub-agent: initial service expression
This provides the service to configure the ShellHub Agent.

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2020-12-30 19:24:13 -03:00
github-actions[bot]
e75c8744cb
Merge master into staging-next 2020-12-30 18:40:45 +00:00
Luke Granger-Brown
d0a9e1ec83 nixos/grafana: add support for declarative plugin installation 2020-12-30 17:59:52 +00:00
Kevin Cox
58f3c19b78
Merge pull request #107638 from thiagokokada/opentabletdriver-init
opentabletdriver: init at 0.4.2/add module
2020-12-30 09:18:26 -05:00
Thiago Kenji Okada
791ef2e848 nixos/hardware: add opentabletdriver module 2020-12-30 10:14:30 -03:00
Julien Moutinho
8866576300
nixos/tor: improve type-checking and hardening
Fixes #77395.
Fixes #82790.
2020-12-30 07:50:44 +01:00
Jörg Thalheim
1024571d35
nixos/nscd: start in early boot
Services that have dynamic users require nscd to resolve users
via pam_systemd. Those services might not even create
their own dynamic users itself i.e. iptables.
To make sure nscd is always started when this is happening we move
nscd to sysinit.target and make sure that it is always started before
starting/reloading/restarting any other service.
2020-12-30 07:50:34 +01:00
h0m1
330218e69a
stage-1: create temporary secrets directory in /tmp and not in cwd 2020-12-30 07:50:34 +01:00
Jörg Thalheim
4caaec36dd
amazon-ec2-utils: 0.5.1 -> 1.3 2020-12-30 07:50:33 +01:00
Jörg Thalheim
64a7e509d7
nixos/nix-daemon: fix unknown sandbox warnings 2020-12-30 07:50:32 +01:00
Jörg Thalheim
f84f71e1e0
nixos/nginx: add streamConfig option 2020-12-30 07:50:31 +01:00
Jörg Thalheim
f536901693
nixos/filesystems: don't allow mountpoints with trailing slash
They are semantically the same as the non-slash version and therefore
are potential source of duplicates.

Also fixes https://github.com/NixOS/nixpkgs/issues/78951
2020-12-30 07:50:31 +01:00
Jörg Thalheim
19bf53f143
nixos/filesystems: faster nonEmtpyStr check
regexes should be faster than nix functions
2020-12-30 07:50:30 +01:00
Jörg Thalheim
b8a19ca2bc
nixos-rebuild: add --impure flag
There are two use case for this flag:

1. NixOS developer usually use a nixpkgs checkout for development.
Copying nixpkgs everytime when rebuilding NixOS is way to slow, even
with NVME disks.

2. Folks migrating from impure configuration in a sufficient complex
infrastructure need this flag to gradually migrate to NixOS flakes.
2020-12-30 07:50:30 +01:00
Jörg Thalheim
e1e412215d
nixos-rebuild: document all nix flags 2020-12-30 07:50:30 +01:00
Jörg Thalheim
8420dc923e
homeassistant: support for python_script automation 2020-12-30 07:50:29 +01:00
Jörg Thalheim
9c6f9c4068
redis: fix redis service 2020-12-30 07:50:29 +01:00
Jörg Thalheim
8a6c765832
command-not-found: rewrite in Rust
- drops perl + libraries dependencies
2020-12-30 07:50:28 +01:00
Jörg Thalheim
55eaa55922
nixos/redis: set TimeoutStartSec/TimeoutStopSec 2020-12-30 07:50:28 +01:00
github-actions[bot]
056304189c
Merge master into staging-next 2020-12-30 06:22:20 +00:00
Anderson Torres
dff06f0c25
Merge pull request #102973 from pacien/matrix-appservice-discord-v1.0.0
matrix-appservice-discord: 0.5.2 -> 1.0.0
2020-12-30 01:09:24 -03:00
Anderson Torres
d7cf89800e
Merge pull request #105831 from pacien/nixos-msmtp-module
nixos/msmtp: add msmtp module
2020-12-30 01:08:32 -03:00
Anderson Torres
b17e9cbb8f
Merge pull request #105706 from pacien/ssmtp-config-generator
nixos/ssmtp: fix configuration generator to accomodate ssmtp
2020-12-30 01:07:47 -03:00
Ben Sima
dbf9750782 hoogle: set the host to bind on
Message-Id: <20201230032048.32626-1-ben@bsima.me>
2020-12-30 04:36:00 +01:00
github-actions[bot]
31fc475812
Merge master into staging-next 2020-12-30 00:53:01 +00:00
Matt Layher
071c02a4b2
nixos/corerad: use pkgs.formats.toml to generate TOML configuration
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-12-29 17:47:01 -05:00
Luke Granger-Brown
3297ac72f1 nixos/prometheus: add smokeping and corresponding NixOS test 2020-12-29 18:59:51 +00:00
github-actions[bot]
ff873c7c21
Merge master into staging-next 2020-12-29 18:40:52 +00:00
Lassulus
86102ebe5e
Merge pull request #107127 from qzle/nixos-container-extraVeth-fix
Fix: nixos-container does not always apply extraVeth ips
2020-12-29 19:19:46 +01:00
WilliButz
6739d17f34
Merge pull request #99180 from 0x4A6F/master-prometheus-service
nixos/prometheus: remote_{read,write} support
2020-12-29 16:08:29 +01:00
0x4A6F
c53a0c16e4
nixos/prometheus: remote_{read,write}
- add [remote_write](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_write) and [remote_read](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#remote_read) support

Co-authored-by: Yorick van Pelt <yorickvanpelt@gmail.com>
2020-12-29 14:48:57 +00:00
github-actions[bot]
c86ce50258
Merge master into staging-next 2020-12-29 00:51:31 +00:00
Florian Klink
316862f72b
Merge pull request #102106 from tadfisher/throttled-msr-warning
nixos/throttled: disable kernel msr warning
2020-12-29 01:28:09 +01:00
Peter Hoeg
7d07645cba nixos/sddm: use attrs instead of plain text
Instead of treating the sddm config a wall of text that doesn't allow us
to override anything, turn it into an attribute set.

We dump `extraConfig` and instead introduce `settings` that is merged
with the module defaults to provide the final configuration.

There is some additional noise in here due to nixpkgs-fmt.
2020-12-29 05:06:38 +08:00
github-actions[bot]
ac03278035
Merge master into staging-next 2020-12-28 18:34:55 +00:00
Ivan
b90c5cb703
XMonad: configured recompile (#107696)
* nixos/xmonad: xmonad config w/ghc+xmessage

When the "config" option isn't set, we use xmonad-with-packages to
provide xmonad with runtime access to an isolated ghc, ensuring it can
recompile and exec a user's local config (e.g. $HOME/.xmonad/xmonad.hs)
regardless of which ghc (if any) is on PATH.

When the "config" option is set, however, we compile a configured xmonad
executable upfront (during nixos-rebuild), and prior to this commit, it
was not provided with runtime access to an isolated ghc.

As a result, with the "config" option set, it was not possible
to recompile and exec a user's local config unless there was a
compatible version of ghc on PATH with the necessary packages (xmonad,
xmonad-contrib, etc.) in its package database. Adding such a ghc to
environment.systemPackages, e.g.

  (haskellPackages.ghcWithPackages (ps: with ps; [xmonad xmonad-contrib]))

is problematic because it adds both ghc and an unconfigured xmonad to
PATH, e.g.

  $ ls -l $(which xmonad ghc)
  lrwxrwxrwx ... /run/current-system/sw/bin/ghc -> /nix/store/...-ghc-8.10.2-with-packages/bin/ghc
  lrwxrwxrwx ... /run/current-system/sw/bin/xmonad -> /nix/store/...-ghc-8.10.2-with-packages/bin/xmonad

Having the unconfigured xmonad on PATH is particularly bad because
restarting xmonad will dump the user into the unconfigured version, and
if no local config exists (e.g. in $HOME/.xmonad/xmonad.hs), they'll be
left in this unconfigured state.

In this commmit, we give the configured xmonad runtime access to ghc
like xmonad-with-packages does for the unconfigured version. The aim
is to allow the user to switch between the nixos module's config and a
local config (e.g. $HOME/.xmonad/xmonad.hs) at will, so they can try out
config changes without performing a nixos-rebuild.

Since the xmonad on PATH is the configured executable, there's no
danger a user could unwittingly restart into the unconfigured version,
and because xmonad will refuse to recompile when no local config
exists, there's no danger a user could unwittingly recompile into an
unconfigured version.

Given that a local config exists, the recompile/restart behavior depends
on two factors:
- which entry point is used
  * 'XMonad.xmonad' (default)
  * 'XMonad.launch' (recommended in "config" option description)
- what operation is triggered (i.e. via mod+q)
  * `spawn "xmonad --recompile && xmonad --restart"` (default)
  * `restart "xmonad" True`
  * custom function

If the default 'XMonad.xmonad' entrypoint and default mod+q operation
are used, hitting mod+q will compile and exec the local config, which
will remain in use until next time the display manager is restarted.

If the entrypoint is changed to 'XMonad.launch' but mod+q left with its
default operation, hitting mod+q will have no visible effect. The logs
(as seen by running `journalctl --identifier xmonad --follow`) will show
an error,
  X Error of failed request:  BadAccess (attempt to access private resource denied)
which indicates that the shell was unable to start xmonad because
another window manager is already running (namely, the nixos-configured
xmonad).
https://wiki.haskell.org/Xmonad/Frequently_asked_questions#X_Error_of_failed_request:_BadAccess_.28attempt_to_access_private_resource_denied.29

Changing the mod+q operation to `restart "xmonad" True` (as recommended
in the "config" option's description) will allow a restart of the
nixos-configured xmonad to be triggeredy by hitting mod+q.

Finally, if the entrypoint is 'XMonad.launch', mod+q has been
bound to `restart "xmonad" True` and another key bound to a custom
recompile/restart function (e.g. `compileRestart` as shown in the
"config" option example), the user can switch between the nixos module's
config and their local config, with the custom key switching to the
local config and mod+q switching back.

* nixos/xmonad: refactor let binding

* nixos/xmonad: refactor (eliminate duplicate code)

* nixos/xmonad: install man pages

Prior to this commit, man pages were not installed if the "config"
option was set.

* nixos/xmonad: comment grammar fixups

* nixos/xmonad: writeStateToFile in example config

Calling writeStateToFile prior to recompiling and restarting allows
state (workspaces, etc.) to be preserved across the restart.

* nixos/xmonad: add ivanbrennan to maintainers

* nixos/xmonad: adjust compileRestart example

* nixos/xmonad: add missing import to example config
2020-12-28 17:27:36 +01:00
github-actions[bot]
d5506c4c59
Merge master into staging-next 2020-12-28 12:24:08 +00:00
Florian Klink
f71e439688 nixos/acme: fix typo in docs 2020-12-28 13:19:15 +01:00
Frederik Rietdijk
92cc19490e Merge staging into staging-next 2020-12-28 08:45:43 +01:00
Aaron Andersen
a08ed097c9
Merge pull request #107064 from aanderse/nixos/zabbixWeb
nixos/zabbixWeb: include DOUBLE_IEEE754 directive
2020-12-28 00:22:35 -05:00
Maximilian Bosch
e5e7c9b0f9
nixos/tests/loki: satisfy linter
Apparently, the linter used for python test-scripts just decided that
a reformat of the testscript is now necessary.
2020-12-28 00:37:13 +01:00
Pavol Rusnak
b0121fcb03 trezord: TREZOR -> Trezor 2020-12-27 19:48:09 +01:00
pacien
ea842627ce nixos/matrix-appservice-discord: update module for v1.0.0 2020-12-27 12:59:11 +01:00
Anderson Torres
086946df11
Merge pull request #91203 from davidak/zsa
nixos/zsa: init at unstable-2020-12-16
2020-12-26 23:53:48 -03:00
Jeff Slight
4bc2573a15
nixos/gitlab: move custom_hooks_dir into gitaly config (#107174) 2020-12-26 22:44:36 +01:00
Bernardo Meurer
c4c899d3ef
Merge pull request #107613 from davidak/bcachefs-sha256
bcachefs: add sha256 kernel module
2020-12-26 21:37:26 +00:00
github-actions[bot]
d4a33d75f2
Merge staging-next into staging 2020-12-26 18:28:57 +00:00
sohalt
dcbfdf1a71 nixos/mpd: remove credentialsFile in favor of credentials option 2020-12-26 17:53:01 +01:00
Janne Heß
56d7e7492c
nixos/tmp: Make /tmp on ramdisk usable again
@poettering decided we only need a limited number of inodes in our /tmp,
so why not limit that for every systemd user? That makes medium-sized nix
builds impossible so this commit restores the old behaviour which is the
kernel default of half the number of physical RAM pages which does not
seem too unreasonable to me.
2020-12-26 13:13:41 +01:00
davidak
0d0ff21f2f nixos/zsa: init at unstable-2020-12-16
add support for ZSA keyboards

Co-authored-by: Julien Debon <julien.debon@pm.me>
2020-12-26 09:56:34 +01:00
Brian McKenna
1c73baa8c8
oci-containers: fix containers attribute in docs 2020-12-26 16:06:30 +11:00
Daniel Nagy
f2ca4c8f1d
nixos/httpd: set lua paths
We conditionally set the lua paths for the Apache mod_lua module. This
allows executing Lua script handlers to require modules, that have been
packaged with the supplied Lua derivation of Apache.

For more information, see:

  https://httpd.apache.org/docs/2.4/mod/mod_lua.html#luapackagecpath
  https://httpd.apache.org/docs/2.4/mod/mod_lua.html#luapackagepath
2020-12-25 22:54:05 +01:00
davidak
d42e2cc24e bcachefs: add sha256 kernel module
needed to mount as root fs
2020-12-25 21:28:50 +01:00
github-actions[bot]
7659201d58
Merge staging-next into staging 2020-12-25 18:28:52 +00:00