Joachim Fasting
aa24c4e95b
nixos/apparmor: allow reloading profiles without losing confinement
...
Define ExecReload, otherwise reload implies stop followed by start, which
leaves existing processes in unconfined state [1].
[1]: https://gitlab.com/apparmor/apparmor/wikis/AppArmorInSystemd
2019-04-28 17:38:12 +02:00
Joachim Fasting
f824dad19a
nixos/apparmor: order before sysinit.target
...
Otherwise, profiles may be loaded way too late in the init process.
2019-04-28 17:38:07 +02:00
Graham Christensen
857069293d
Merge pull request #56565 from andrew-d/adunham/plex-fhs
...
plex: rewrite to use FHS userenv
2019-04-24 15:00:30 -04:00
Robin Gloster
b2c1ed6355
Merge pull request #53043 from exi/wg-quick
...
nixos/modules/networking/wg-quick Add wg-quick options support
2019-04-24 17:16:32 +00:00
Peter Hoeg
f81ddbf8e7
Merge pull request #60149 from peterhoeg/u/mosquitto_160
...
mosquitto: 1.5.8 -> 1.6 + nixos tests
2019-04-24 22:29:08 +08:00
Maximilian Bosch
28a95c4f7f
Merge pull request #60138 from grahamc/wireguard-generate-key
...
wireguard: add generatePrivateKeyFile option + test
2019-04-24 16:00:34 +02:00
Graham Christensen
06c83a14e1
Wrap 'wg' commands in <command>
2019-04-24 07:46:01 -04:00
Graham Christensen
f57fc6c881
wireguard: add generatePrivateKeyFile option + test
...
Ideally, private keys never leave the host they're generated on - like
SSH. Setting generatePrivateKeyFile to true causes the PK to be
generate automatically.
2019-04-24 07:46:01 -04:00
Peter Hoeg
c5af9fd4dd
nixos/mosquitto: add test
2019-04-24 17:02:20 +08:00
Andrew Dunham
9f7f367bf5
plex: rewrite to use FHS userenv
2019-04-23 20:19:33 -07:00
Silvan Mosberger
508fd8f133
Merge pull request #55413 from msteen/bitwarden_rs
...
bitwarden_rs: init at 1.8.0
2019-04-24 00:25:08 +02:00
Matthijs Steen
ef1a43030b
nixos/bitwarden_rs: init
2019-04-23 23:46:57 +02:00
Silvan Mosberger
ca37c23f91
Merge pull request #58096 from pacien/tedicross-init
...
tedicross: init at 0.8.7
2019-04-23 23:14:22 +02:00
pacien
d3423dd5c2
nixos/tedicross: add module
2019-04-23 22:52:23 +02:00
markuskowa
d0e70ac2d3
Merge pull request #60010 from JohnAZoidberg/https-urls
...
HTTPS urls
2019-04-22 23:37:07 +02:00
Daniel Schaefer
92cccb6f83
treewide: Use HTTPS for readthedocs URLs
2019-04-22 20:46:18 +02:00
Aaron Andersen
c3f69d1373
Merge pull request #59381 from aanderse/automysqlbackup
...
automysqlinit: init at 3.0_rc6
2019-04-22 08:30:23 -04:00
Joachim Fasting
b33da46a8e
nixos/hardened: split description of allowUserNamespaces into paras
2019-04-21 13:11:25 +02:00
mlvzk
113bb0a7e9
nixos/display-managers/startx: fix typos for startx option description
...
`~/.xinintrc` => `~/.xinitrc`
`autmatically` => `automatically`
2019-04-21 07:46:37 +00:00
Samuel Dionne-Riel
429e554714
nixos/virtualbox: Fixes configuration to evaluate
...
Fixes issue introduced by #57557
2019-04-20 23:04:13 -04:00
Matthew Bauer
2a8ca24215
Merge pull request #59435 from furrycatherder/fix-tarball
...
nixos: fix system-tarball
2019-04-20 20:58:42 -04:00
Léo Gaspard
451961ead2
Merge pull request #59880 from florianjacob/matrix-synapse-identity-servers
...
nixos/matrix-synapse: correct trusted_third_party_id_servers default
2019-04-21 02:41:21 +02:00
Aaron Andersen
4a11ce7f26
cleanup redundant text in modules utilizing mkEnableOption
...
Closes #59911
2019-04-20 14:44:02 +02:00
Reno Reckling
abf60791e2
nixos/modules/networking/wg-quick Add wg-quick options support
...
This is an implementation of wireguard support using wg-quick config
generation.
This seems preferrable to the existing wireguard support because
it handles many more routing and resolvconf edge cases than the
current wireguard support.
It also includes work-arounds to make key files work.
This has one quirk:
We need to set reverse path checking in the firewall to false because
it interferes with the way wg-quick sets up its routing.
2019-04-20 14:02:54 +02:00
Matthew Bauer
c1fd154fb6
Merge pull request #57557 from matthewbauer/ova-swap
...
nixos/virtualbox: add swap file
2019-04-19 10:17:36 -04:00
Matthew Bauer
dbc4543812
nixos/virtualbox: add swap file
...
Puts 2G swap in /var/swap of OVA. This serves as backup when you hit
the memory cap for the image.
Fixes #57171 and fixes #22696
2019-04-19 10:15:48 -04:00
Florian Jacob
34aa25b8dc
nixos/matrix-synapse: correct trusted_third_party_id_servers default
...
the servers are equivalent and synchronized, but Riot defaults to use vector.im
Source: https://github.com/matrix-org/synapse/blob/v0.99.3/docs/sample_config.yaml#L701
2019-04-19 11:54:06 +02:00
AmineChikhaoui
548932640b
ec2-amis.nix: add 19.03 amis
2019-04-18 23:07:14 -04:00
Aaron Andersen
3464b50c61
Merge pull request #59389 from aanderse/issue/53853-1
...
replace deprecated usage of PermissionsStartOnly (part 1)
2019-04-18 20:46:28 -04:00
markuskowa
dac0051e60
Merge pull request #59188 from gnidorah/maxx
...
maxx: 1.1.0 -> 2.0.1
2019-04-18 21:48:01 +02:00
Linus Heckemann
42c107c2aa
Merge pull request #49537 from mayflower/stage1-symlink-fix
...
nixos stage-1: fix init existence test
2019-04-18 17:59:08 +02:00
Pierre Bourdon
5d2bb3d715
nixos/stage-1: "find-libs" shell script is for the host
2019-04-18 15:02:51 +02:00
Bas van Dijk
cccc7a93d2
Merge pull request #59828 from basvandijk/prometheus-refactoring
...
nixos/prometheus: refactored & added more missing options
2019-04-18 13:43:53 +02:00
Bas van Dijk
cdd82681b3
nixos/prometheus: add more missing options
2019-04-18 12:53:13 +02:00
Bas van Dijk
285fd3c05a
nixos/prometheus: abstract over optional option creation
2019-04-18 11:55:43 +02:00
Domen Kožar
9bc23f31d2
Merge pull request #48337 from transumption/201810/nginx-etag
...
nginx: if root is in Nix store, use path's hash as ETag
2019-04-18 16:41:49 +07:00
aszlig
d533285224
nixos/tests/nginx: Add subtest for Nix ETag patch
...
This is to make sure that we get different ETag values whenever we
switch to a different store path but with the same file contents.
I've checked this against the old behaviour without the patch and it
fails as expected.
Signed-off-by: aszlig <aszlig@nix.build>
2019-04-18 09:41:13 +02:00
Robin Gloster
44afc81af1
Merge pull request #57693 from mayflower/kube-apiserver-proxy-client-certs
...
nixos/kubernetes: Add proxy client certs to apiserver
2019-04-17 16:38:51 +00:00
Robin Gloster
7dc6e77bc2
Merge pull request #56789 from mayflower/upstream-k8s-refactor
...
nixos/kubernetes: stabilize cluster deployment/startup across machines
2019-04-17 16:37:58 +00:00
Bas van Dijk
55ef5d4246
nixos/prometheus: set optional attributes to type types.nullOr
...
This makes sure that when a user hasn't set a Prometheus option it
won't show up in the prometheus.yml configuration file. This results
in smaller and easier to understand configuration files.
2019-04-17 14:49:09 +02:00
Bas van Dijk
57e5b75f9c
nixos/prometheus: filter out the _module attr in a central place
...
We previously filtered out the `_module` attribute in a NixOS
configuration by filtering it using the option's `apply` function.
This meant that every option that had a submodule type needed to have
this apply function. Adding this function is easy to forget thus this
mechanism is error prone.
We now recursively filter out the `_module` attributes at the place we
construct the Prometheus configuration file. Since we now do the filtering
centrally we don't have to do it per option making it less prone to errors.
2019-04-17 14:08:16 +02:00
Joachim F
d7da5e2af2
Merge pull request #53826 from delroth/randstruct-custom-seed
...
nixos: allow customizing the kernel RANDSTRUCT seed
2019-04-16 17:49:19 +00:00
Bas van Dijk
a913d0891c
nixos/prometheus: filter out empty srcape_configs attributes
...
This results in a smaller prometheus.yml config file.
It also allows us to use the same options for both prometheus-1 and
prometheus-2 since the new options for prometheus-2 default to null
and will be filtered out if they are not set.
2019-04-16 16:06:11 +02:00
Bas van Dijk
a23db5db08
nixos/prometheus: add new ec2_sd_config options for prometheus2
2019-04-16 16:04:33 +02:00
Andrew Childs
ad7e232f88
nixos/prometheus: add ec2_sd_configs
section to scrape_configs
2019-04-16 13:43:52 +02:00
Bas van Dijk
e7fadde7a7
nixos/doc: remove prometheus2 notes from the 19.09 release notes
...
prometheus2 has been backported to 19.03 so it won't be new for 19.09.
2019-04-16 09:47:45 +02:00
Bas van Dijk
d1940beb3a
nixos/prometheus/pushgateway: add module and test
2019-04-16 08:09:38 +02:00
Aaron Andersen
5f4df8e509
automysqlinit: init at 3.0_rc6
2019-04-15 21:51:55 -04:00
worldofpeace
27ac8cb2c4
Merge pull request #59185 from worldofpeace/glib-networking
...
nixos/glib-networking: init
2019-04-15 13:17:58 -04:00
worldofpeace
7802b18958
nixos/pantheon: use glib-networking module
2019-04-15 13:11:58 -04:00