Commit Graph

1257 Commits

Author SHA1 Message Date
Matthew Bauer
250885d0ca nixos/nix-daemon.nix: assert distributedBuilds and buildMachines!=[]
Without distributedBuilds, you can’t use buildMachines flag.

Fixes #56593
2020-07-30 19:55:12 -05:00
Milan Pässler
2d819e968e nixos/mautrix-telegram: fix base-config path 2020-07-29 16:34:30 +02:00
Florian Klink
80c2d2e2af
Merge pull request #93423 from helsinki-systems/feat/gitlab-redis-url
nixos/gitlab: Make redis URL configurable
2020-07-22 19:05:28 +02:00
Lassulus
72f66e7e42
Merge pull request #72320 from sweber83/sw-zigbee2mqtt
zigbee2mqtt package & module
2020-07-21 05:23:43 +02:00
Simon Weber
1af8759693 nixos/zigbee2mqtt: init 2020-07-20 21:48:14 +02:00
Justin Humm
d6f6424ac8
nixos/gollum: introduce --h1-title option 2020-07-20 16:15:18 +02:00
Janne Heß
f459122ea3
nixos/gitlab: Support extra config for shell 2020-07-18 16:46:33 +02:00
Janne Heß
e9bf4ca80f
nixos/gitlab: Make redis URL configurable
We run Redis via Unix socket
2020-07-18 16:28:59 +02:00
Janne Heß
026b4eb3ae
nixos/gitlab: Drop sidekiq PID file
> WARNING: PID file creation will be removed in Sidekiq 6.0, see #4045.
Please use a proper process supervisor to start and manage your
services

Since NixOS uses a proper process supervisor AND does not use the PID
file anywhere, we can just drop it to be upwards compatible and fix that
warning.
2020-07-18 16:00:04 +02:00
Janne Heß
25bad1f9b8
nixos/gitlab: Fix extra-gitlab.rb
Line 794 removes the entire directory, rendering the tmpfiles rule
useless.

cc @bgamari @talyz
2020-07-17 19:34:49 +02:00
claudiiii
2d468be964 nixos/matrix-synapse: update documentation 2020-07-17 16:28:12 +02:00
Aaron Andersen
5e32ec39ca nixos/gitolite: provision data directory only before service begins 2020-07-12 09:19:00 -04:00
Vincent Breitmoser
5395397fd6 nixos/nix-daemon: work on buildMachines submodule 2020-07-05 16:51:55 +02:00
John Ericson
1ed248eac2 nixos/nix-daemon: Organize buildMachine options with a submodule 2020-07-05 16:51:55 +02:00
Michael Fellinger
d1c4bf967b
ssm-agent: 2.0.633.0 -> 2.3.1319.0 2020-06-26 12:43:27 +02:00
Jörg Thalheim
26e9a3498b
nixos/home-assistant: make service reloadable
This allows quick reloads using the following trick:

$(nix-build --show-trace --no-out-link \
  -E '(with import <nixpkgs/nixos> {};
       pkgs.writeScript "update-hass-config"
       config.systemd.services.home-assistant.preStart)')
systemctl reload home-assistant
2020-06-20 10:31:27 +01:00
Maximilian Bosch
650617253e
maintainers/teams: add matrix team 2020-06-17 21:55:29 +02:00
zimbatm
9494fdeeb3
Merge pull request #70327 from abbradar/synapse-plugins
Refactor Synapse plugins, add matrix-synapse-pam
2020-06-09 23:54:54 +02:00
Janne Heß
644f9e74e7
nixos/freeswitch: Unit improvements and add fs_cli
This switches the unit to Restart=on-failure and switches the CPU policy
to fifo (the daemon tries to do that itself, but is denied permission).

Also add the package to $PATH to be able to use fs_cli easily.
2020-06-05 20:16:43 +02:00
Eelco Dolstra
b00463d406
Merge pull request #89479 from edolstra/nix-2.4-completion
Don't enable nix-bash-completions when using Nix 2.4
2020-06-05 13:29:10 +02:00
Robin Gloster
79454f15ac
gitlab: 12.10.8 -> 13.0.3
https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
https://about.gitlab.com/releases/2020/05/29/gitlab-13-0-3-released/

The gitaly gitlab-shell config has moved into gitaly.toml. See
https://gitlab.com/gitlab-org/gitaly/-/issues/2182 for more info.
2020-06-04 14:32:39 +02:00
Eelco Dolstra
bbfc47326b Don't enable nix-bash-completions when using Nix 2.4
2.4 has its own completion script which collides with
nix-bash-completions.
2020-06-04 14:18:18 +02:00
Martin Weinelt
da6b277f96
nixos/home-assistant: allow arbitrary yaml functions 2020-06-02 15:51:35 +02:00
Notkea
ab327b27a1
nixos/mautrix-telegram: add module (#63589) 2020-06-01 08:45:04 +00:00
Notkea
523743157a
matrix-appservice-discord: init at 0.5.2 (#62744)
* matrix-appservice-discord: init at 0.5.2

* nixos/matrix-appservice-discord: add module
2020-06-01 08:43:38 +00:00
Nikolay Amiantov
cd92184f3d
matrix-synapse service: add plugins option 2020-06-01 10:30:22 +02:00
Robin Gloster
b64205d164
Merge pull request #85293 from petabyteboy/feature/gitlab-12-9-x
gitlab: 12.8.10 -> 12.10.6
2020-05-31 06:10:29 +02:00
rnhmjoj
aee614c996
treewide: replace bazaar with breezy 2020-05-25 09:22:54 +02:00
David Terry
8724c96e71 nixos/bazarr: init 2020-05-22 11:23:31 +02:00
Florian Klink
73392b748f nixos/freeswitch: always run systemctl of the currently running systemd 2020-05-21 10:29:52 +02:00
Florian Klink
8aaca0addc nixos/docker-registry: always run systemctl of the currently running systemd 2020-05-21 10:29:37 +02:00
Milan Pässler
47c8e52a22 nixos/gitlab: use new structure.sql
According to https://gitlab.com/gitlab-org/gitlab/-/issues/211487
2020-05-19 01:28:06 +02:00
Daniel Fullmer
e958afa0a9 nixos/zoneminder: fix evaluation with php refactor 2020-05-17 13:42:42 -04:00
Ed Cragg
c768364652 domoticz: add module 2020-05-17 14:20:09 +01:00
Florian Klink
90bc3ec9b9 nixos/sssd remove redundant condition
This is all inside a global cfg.enable conditional, so we don't need to
check here again.
2020-05-11 16:14:51 +02:00
Florian Klink
0f6f544aaf nixos/sssd: drop assertion
This is now already triggered by the nsswitch module, as we set
system.nssModules.
2020-05-11 16:14:51 +02:00
Florian Klink
ecf327d697 nixos/sssd: add to system.nssDatabases.group too
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the sss module in
edddc7c82a, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Eelco Dolstra
9bf75a27f4
Revert "nix-daemon.nix: Use 'nix ping-store' to initialize directories"
This reverts commits 9d0de0dc57,
27d2857a99. 'nix ping-store' is an
experimental command so it doesn't work in Nix 2.4 unless you set
'experimental-features = nix-command' in nix.conf.
2020-05-07 12:39:22 +02:00
Frederik Rietdijk
9875bbae75 Merge master into staging-next 2020-05-05 19:51:09 +02:00
Aaron Andersen
39a0020c8f
Merge pull request #85904 from aanderse/gitea
nixos/gitea: add settings option
2020-05-04 23:01:12 -04:00
Pavol Rusnak
7b0167204d treewide: use https for nixos.org and hydra.nixos.org
tarballs.nixos.org is omitted from the change because urls from there
are always hashed and checked
2020-05-03 22:14:21 -07:00
Gabriel Ebner
a4f60b72e9 Merge branch 'master' into octoprint 2020-05-03 11:37:52 +02:00
Jan Tojnar
2874eebfd2
Merge branch 'staging-next' into staging 2020-04-29 08:35:47 +02:00
Pavel Goran
c678d68cdb nixos/pykms: add SyslogIdentifier 2020-04-29 03:53:47 +00:00
Florian Klink
c01ac3ed12
Merge pull request #85998 from helsinki-systems/make-nsswitch-more-flexible
nixos/nsswitch: Make databases more configurable
2020-04-29 01:28:33 +02:00
Thibaut Marty
4a0beed5c0 treewide: fix modules options types where the default is null
They can be caught with `nixos-option -r` on an empty ({...}:{}) NixOS
configuration.
2020-04-28 19:13:59 +02:00
Janne Heß
edddc7c82a
nixos/sss: Move nsswitch config into the module 2020-04-28 17:02:46 +02:00
zowoq
c59c4e3589 nixos/*: use $out instead of $bin with buildGoPackage 2020-04-28 20:30:29 +10:00
talyz
c0a838df38
nixos/gitlab: Fix services.gitlab.enableStartTLSAuto
'toString false' results in an empty string, which, in this context,
is a syntax error. Use boolToString instead.

Fixes #86160
2020-04-28 09:05:26 +02:00
Dominik Xaver Hörl
c10d82358f treewide: add types to boolean / enable options or make use of mkEnableOption 2020-04-27 09:32:01 +02:00
Aaron Andersen
218049c5c2 nixos/gitea: add settings option 2020-04-23 21:06:26 -04:00
Dominik Xaver Hörl
0412bde942 treewide: add bool type to enable options, or make use of mkEnableOption
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
2020-04-21 08:55:36 +02:00
Michael Weiss
0e4417f118
Revert "nixos: Introduce nix.buildLocation option"
This reverts commit 5291925fd2.
Reason: This started to cause severe regressions, see:
- https://github.com/NixOS/nixpkgs/issues/85552
- https://github.com/NixOS/nixpkgs/pull/83166#pullrequestreview-395960588
Fixes #85552.
2020-04-19 15:16:08 +02:00
Jörg Thalheim
35eb7793a3
Merge pull request #83166 from avnik/nix-build-location 2020-04-18 18:37:15 +01:00
Alexander V. Nikolaev
5291925fd2 nixos: Introduce nix.buildLocation option
Allow to specify where package build will happens.
It helps big packages (like browsers) not to overflow tmpfs.
2020-04-18 20:31:04 +03:00
Pavol Rusnak
fadcfc3ea4
treewide: per RFC45, remove more unquoted URLs 2020-04-18 14:04:37 +02:00
Maximilian Bosch
74d6e86ec2
nixos/doc: fix database-setup example for matrix-synapse
Closes #85327
2020-04-16 11:38:15 +02:00
Michele Guerini Rocco
da232ea497
Merge pull request #78129 from flyfloh/airsonic-vhost
airsonic: fix virtualHost option
2020-04-15 09:18:28 +02:00
Sander van der Burg
0ffb720e8c nixos/dysnomia: fix documentRoot property 2020-04-14 14:31:13 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Jörg Thalheim
e6a15db534
nixos: default nix.maxJobs to auto
Instead of making the configuration less portable by hard coding the number of
jobs equal to the cores we can also let nix set the same number at runtime.
2020-04-07 08:45:56 +01:00
Martin Milata
2acddcb28f nixos/matrix-synapse: remove web_client option
Removed in matrix-synapse-0.34.
2020-04-04 14:05:08 +02:00
Eelco Dolstra
74e7ef35fe nix-daemon.nix: Add option nix.registry
This allows you to specify the system-wide flake registry. One use is
to pin 'nixpkgs' to the Nixpkgs version used to build the system:

  nix.registry.nixpkgs.flake = nixpkgs;

where 'nixpkgs' is a flake input. This ensures that commands like

  $ nix run nixpkgs#hello

pull in a minimum of additional store paths.

You can also use this to redirect flakes, e.g.

  nix.registry.nixpkgs.to = {
    type = "github";
    owner = "my-org";
    repo = "my-nixpkgs";
  };
2020-04-02 19:38:00 +02:00
Eelco Dolstra
bd379be538
Remove unused 'rogue' service 2020-03-24 15:25:20 +01:00
Eelco Dolstra
aebf9a4709
services/misc/nixos-manual.nix: Remove
Running the manual on a TTY is useless in the graphical ISOs and not
particularly useful in non-graphical ISOs (since you can also run
'nixos-help').

Fixes #83157.
2020-03-24 15:25:20 +01:00
Maximilian Bosch
849e16888f
nixos/doc/matrix-synapse: refactor
* Linkify all service options used in the code-examples.
* Demonstrated the use of `riot-web.override {}`.
* Moved the example how to configure a postgresql-database for
  `matrix-synapse` to this document from the 20.03 release-notes.
2020-03-16 10:39:42 +01:00
Maximilian Bosch
8be61f7a36
matrix-synapse: 1.9.1 -> 1.11.1
https://github.com/matrix-org/synapse/releases/tag/v1.10.0
https://github.com/matrix-org/synapse/releases/tag/v1.10.1
https://github.com/matrix-org/synapse/releases/tag/v1.11.0
https://github.com/matrix-org/synapse/releases/tag/v1.11.1
2020-03-15 17:09:51 +01:00
Frederik Rietdijk
7066dc85ba octoprint-plugins: use same python as octoprint, use overlays
- ensure the plugins use the same python as octoprint
- overlay of overriding plugins
- drop octoprint-plugins attribute
2020-03-15 13:48:22 +01:00
Florian Klink
74f451b851
Merge pull request #82413 from aanderse/authorized-keys-command
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-14 23:58:47 +01:00
zimbatm
001be890f7 folding@home: 6.02 -> 7.5.1
The v7 series is very different.

This commit introduces the 3 packages: fahclient, fahcontrol and
fahviewer. It also rebuilds the NixOS module to map better with the new
client.
2020-03-14 13:01:26 -07:00
Aaron Andersen
dbe59eca84 nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options 2020-03-12 21:00:12 -04:00
Léo Gaspard
06bdfc5e32
Merge pull request #82185 from matt-snider/master
ankisyncd, nixos/ankisyncd: init at 2.1.0
2020-03-12 11:47:42 +01:00
Maximilian Bosch
b7cdb64ac2
treewide: remove myself from a few packages I don't use anymore 2020-03-11 22:29:30 +01:00
Matt Snider
acba458b7e nixos/ankisyncd: init at 2.1.0 2020-03-10 22:45:33 +01:00
Dmitry Kalinkin
93745d243b
Merge pull request #79488 from danielfullmer/zoneminder-1.34.2
zoneminder: 1.32.3 -> 1.34.3
2020-03-07 13:25:17 -05:00
Daniel Fullmer
cb5da4eacb nixos/zoneminder: update on startup if needed 2020-03-07 12:59:39 -05:00
David Guibert
bbc2cd89ef users.groups.disnix instead of a list
related to #63103.
2020-03-05 09:08:40 +01:00
Florian
519d4f8e33 airsonic: enable nginx.recommendedProxySettings with virtualHost
This fixes music playback when using the `services.airsonic.virtualHost`
option.
2020-02-28 19:38:58 +01:00
Jörg Thalheim
ee2ea82a68
nixos/home-assistant: make config deep mergeable
This make it possible to split the home-assistant configuration
across multiple files and nix will merge the option in an intuitive
way.
2020-02-28 15:32:03 +00:00
Martin Milata
9b0a9577f7 nixos/parsoid: enable systemd sandboxing 2020-02-25 01:32:31 +01:00
Martin Milata
3b27f4d945 nixos/parsoid: fix package name
Original package was removed in 2b8cde0ce2.
2020-02-25 01:32:30 +01:00
Silvan Mosberger
2118cddc82
nixos/freeswitch: init (#76821)
nixos/freeswitch: init
2020-01-30 16:45:47 +01:00
misuzu
0a43e431ca nixos/freeswitch: init 2020-01-30 17:16:49 +02:00
Cole Mickens
90d297c4cd nixos: home-assistant: can dial out 2020-01-19 00:03:44 -08:00
markuskowa
9bedc18507
Merge pull request #77553 from c0deaddict/fix/gitea-typo
nixos/gitea: fix typo
2020-01-13 09:29:08 +01:00
Erik Arvstedt
9ed03f2103 nixos/paperless: fix tmpfiles rules
Previously, the service expected the paperless user to have a group with
the user's name. This is not necessarily the case for custom users.
2020-01-13 02:01:23 +00:00
Erik Arvstedt
5ad5d2321f nixos/paperless: don't use deprecated types.loaOf
This removes a warning.
2020-01-13 02:01:23 +00:00
Jos van Bakel
a171244455
nixos/gitea: fix typo 2020-01-12 12:51:01 +01:00
Jörg Thalheim
283e3e7218
nixos/home-assistant: support for secrets 2020-01-09 10:39:50 +00:00
Pascal Bach
76506ae42f nixos/matrix-synapse: fix empty user name 2020-01-08 23:18:26 +01:00
rnhmjoj
1d61efb7f1 treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
Bernardo Meurer
d80570f3f5
rogue: boot.extraTTYs -> console.extraTTYs 2020-01-02 16:59:43 -08:00
Bernardo Meurer
992245f844
nixos-manual: boot.extraTTYs -> console.extraTTYs 2020-01-02 16:53:15 -08:00
zimbatm
ab64518d0f
nixos/redmine: update example to more recent Ruby 2020-01-01 00:27:14 +00:00
Fernando J Pando
90ee16dbfc nixos/ethminer: always restart 2019-12-25 10:33:50 -05:00
Lassulus
f061413686
Merge pull request #74722 from gnidorah/mame
mame: 0.215 -> 0.216
2019-12-17 07:57:54 +01:00
Christian Kampka
b2d67c08d0
matrix-synapse: Use postgres service to create database and user 2019-12-13 21:22:27 +01:00
gnidorah
cc54e5a685 nixos/mame: init 2019-12-10 19:53:43 +03:00
Silvan Mosberger
4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
2019-12-10 02:51:19 +01:00
Aaron Andersen
9abf0a1664
Merge pull request #75182 from clefru/typofix
apache-kafka.nix: Add missing quote inside tmpfiles rule
2019-12-07 22:50:50 -05:00
Clemens Fruhwirth
39cd4574aa apache-kafka.nix: Add missing quote inside tmpfiles rule 2019-12-07 23:59:10 +01:00
Sarah Brofeldt
218fe53e24 nixos/gitea: Add srhb as maintainer 2019-12-02 21:45:06 +01:00
Sarah Brofeldt
1573102a89 nixos/gitea: Fix startup 2019-12-02 21:45:06 +01:00
Janne Heß
e42036ee0e nixos/gitea: Sandbox the systemd service 2019-12-01 10:18:48 +01:00
Aaron Andersen
7b9c17c475 nixos/beanstalkd: keep jobs in persistent storage (#73884) 2019-11-22 09:27:32 +00:00
Peter Hoeg
d2f083160f
Merge pull request #65971 from jb55/zoneminder-fix
zoneminder: fix nginx config
2019-11-08 17:05:27 +08:00
Aaron Andersen
c22e76e450
Merge pull request #71605 from aanderse/redmine-cleanup
redmine: drop 3.4.x package, 4.0.4 -> 4.0.5
2019-11-06 18:02:48 -05:00
Maximilian Bosch
abe853b84c
Merge pull request #70336 from abbradar/synapse-ipv6
matrix-synapse service: blacklist local IPv6 addresses by default
2019-11-06 13:14:04 +01:00
Silvan Mosberger
dd0a47e7ae
treewide: Switch to system users (#71055)
treewide: Switch to system users
2019-11-01 13:26:43 +01:00
talyz
d5db11ccbd nixos/gitlab: Remove the old lib symlink in the state directory
Also, remove the old and unused PermissionsStartOnly definition in the
gitlab-workhorse systemd service.
2019-10-28 14:56:37 +01:00
talyz
041cbd860d nixos/gitlab: Abort on error and use of unset variables
Default behavior is to continue executing the script even when one or
multiple steps fail. We want to abort early if any part of the
initialization fails to not run with a partially initialized state.

Default behavior also allows dereferencing non-existent variables,
potentially resulting in hard-to-find bugs.
2019-10-28 14:56:37 +01:00
Aaron Andersen
50e5139893 redmine: drop 3.4.x package 2019-10-26 10:40:16 -04:00
Eelco Dolstra
52e739cc58 nix-daemon.nix: Fix checkConfig 2019-10-23 21:30:28 +02:00
Aaron Andersen
43a3d8dc29
Merge pull request #71461 from etu/lidarr-specify-datadir-option
nixos/lidarr: Add dataDir option
2019-10-22 05:07:49 -04:00
Florian Klink
1125fb02cc
Merge pull request #71428 from talyz/gitlab-already-initialized-constant
gitlab: Get rid of most 'already initialized constant'-warnings
2019-10-21 20:52:54 +02:00
edef
0599c89d58
Merge pull request #71338 from edef1c/nix-daemon-opt-aliases
nixos/nix-daemon: don't refer to deprecated option aliases
2019-10-21 09:59:13 +00:00
Elis Hirwing
9319dd17d8
nixos/lidarr: Add dataDir option
This will bring this module to a state to be consistent with how the
other forks (sonarr & radarr) works.
2019-10-20 21:20:53 +02:00
talyz
ed4a09c6f3 gitlab: Get rid of most 'already initialized constant'-warnings
On start, unicorn, sidekiq and other parts running ruby code emits
quite a few warnings similar to

/var/gitlab/state/config/application.rb:202: warning: already initialized constant Gitlab::Application::LOOSE_EE_APP_ASSETS
/nix/store/ysb0lgbzxp7a9y4yl8d4f9wrrzy9kafc-gitlab-ee-12.3.5/share/gitlab/config/application.rb:202: warning: previous definition of LOOSE_EE_APP_ASSETS was here
/var/gitlab/state/lib/gitlab.rb:38: warning: already initialized constant Gitlab::COM_URL
/nix/store/ysb0lgbzxp7a9y4yl8d4f9wrrzy9kafc-gitlab-ee-12.3.5/share/gitlab/lib/gitlab.rb:38: warning: previous definition of COM_URL was here

This seems to be caused by the same ruby files being evaluated
multiple times due to the paths being different - sometimes they're
loaded using the direct path and sometimes through a symlink, due to
our split between config and package data. To fix this, we make sure
that the offending files in the state directory always reference the
store path, regardless of that being the real file or a symlink.
2019-10-19 19:30:28 +02:00
edef
a68219b79b nixos/nix-daemon: don't refer to deprecated option aliases
The `gc-` prefixed versions of these options have been
deprecated since Nix 2.0.
2019-10-18 12:27:43 +00:00
talyz
201cca9a04 Revert "nixos/gitlab: properly clear out initializers"
This reverts commit 2ee14c34ed.

This caused the initializers directory to be cleaned out while gitlab
was running in some instances. We clean out the directory on the
preStart stage already, so ensuring existance and permissions should
suffice.
2019-10-18 08:00:56 +02:00
Maximilian Bosch
7774945b70
Merge pull request #70469 from Vskilet/matrix-synapse-update
matrix-synapse: 1.3.1 -> 1.4.0
2019-10-15 01:31:21 +02:00
Victor SENE
372422390f
matrix-synapse: 1.3.1 -> 1.4.0
Bumps `matrix-synapse` to version 1.4.0[1]. With this version the
following changes in the matrix-synapse module were needed:

* Removed `trusted_third_party_id_servers`: option is marked as deprecated
  and ignored by matrix-synapse[2].
* Added `account_threepid_delegates` options as replacement for 3rdparty
  server features[3].
* Added `redaction_retention_period` option to configure how long
  redacted options should be kept in the database.
* Added `ma27` as maintainer for `matrix-synapse`.

Co-Authored-By: Notkea <pacien@users.noreply.github.com>
Co-authored-by: Maximilian Bosch <maximilian@mbosch.me>

[1] https://matrix.org/blog/2019/10/03/synapse-1-4-0-released
[2] https://github.com/matrix-org/synapse/pull/5875
[3] https://github.com/matrix-org/synapse/pull/5876
2019-10-15 01:11:18 +02:00
Janne Heß
d6c08776ba treewide: Switch to system users 2019-10-12 22:25:28 +02:00
Florian Klink
1aad3acf15
nixos/gitlab: Don't print sensitive data to log on startup (#70861)
nixos/gitlab: Don't print sensitive data to log on startup
2019-10-11 18:10:16 +02:00
Eelco Dolstra
9d0de0dc57
nix-daemon.nix: Shut up warning 2019-10-10 16:24:33 +02:00
Eelco Dolstra
27d2857a99
nix-daemon.nix: Use 'nix ping-store' to initialize directories 2019-10-10 16:24:33 +02:00
Eelco Dolstra
4b950c42cd
nix-daemon.nix: Drop Nix 1.x compatibility
Probably didn't work anyway anymore.
2019-10-10 16:24:33 +02:00
Eelco Dolstra
4e0d6a5ff8
Don't create /nix/var/nix/{gcroots,per-user}/per-user with 1777 permission
In fact, don't create them at all because Nix does that automatically.

Also remove modules/programs/shell.nix because everything it did is
now done automatically by Nix.
2019-10-10 16:24:33 +02:00
talyz
dc29a45fc9 nixos/gitlab: Don't print sensitive data to log on startup
gitlab:db:configure prints the root user's password to stdout on
successful setup, which means it will be logged to the
journal. Silence this informational output. Errors are printed to
stderr and will thus still be let through.
2019-10-09 16:59:18 +02:00
Robin Gloster
b5449e65b5
Merge pull request #69344 from talyz/gitlab-create-database
nixos/gitlab: Fix databaseCreateLocally evaluation and operation
2019-10-09 00:28:21 +02:00
Nikolay Amiantov
2219129888 matrix-synapse service: blacklist local IPv6 addresses by default 2019-10-03 19:08:48 +03:00
talyz
c6efa9fd2d nixos/gitlab: Clean up the initializers on start
The initializers directory is populated with files from the gitlab
distribution on start, but old files will be left in the state folder
even if they're removed from the distribution, which can lead to
startup failures. Fix this by always purging the directory on start
before populating it.
2019-10-03 14:38:54 +02:00
talyz
0f8133d633 nixos/gitlab: Fix state directory permissions
Since the preStart script is no longer running in privileged mode, we
reassign the files in the state directory and its config subdirectory
to the user we're running as. This is done by splitting the preStart
script into a privileged and an unprivileged part where the privileged
part does the reassignment.

Also, delete the database.yml symlink if it exists, since we want to
create a real file in its place.

Fixes #68696.
2019-10-03 09:02:00 +02:00
Silvan Mosberger
e463c7cd75
nixos/nix-daemon: Prevent network warning when checking config
Since version 2.3 (https://github.com/NixOS/nix/pull/2949 which was
cherry-picked to master) Nix issues a warning when --no-net wasn't
passed and there is no network interface. This commit adds the --no-net
flag to the nix.conf check such that no warning is issued.
2019-09-28 17:00:47 +02:00
Peter Hoeg
8cc9d24fe1
Merge pull request #69387 from peterhoeg/f/optimise
nixos/nix-optimise: be smarter about when we run the store optimiser
2019-09-26 13:10:39 +08:00
Peter Hoeg
81cd220c67 nixos/pymks: log to journal 2019-09-25 06:33:34 +08:00
Peter Hoeg
4b34dd3120
Merge pull request #69300 from peterhoeg/f/ha2
nixos/home-assistant: set bluetooth perms
2019-09-25 04:49:31 +08:00
talyz
58a7502421 nixos/gitlab: Only create the database when databaseHost is unset
Make sure that we don't create a database if we're not going to
connect to it. Also, fix the assertion that usernames be equal to only
trig when peer authentication is used (databaseHost == "").
2019-09-24 15:04:20 +02:00
talyz
ec958d46ac nixos/gitlab: Fix evaluation failure when postgresql is disabled
config.services.postgresql.package is only defined when the postgresql
service is activated, which means we fail to evaluate when
databaseCreateLocally == false. Fix this by using the default
postgresql package when the postgresql service is disabled.
2019-09-24 15:04:19 +02:00
talyz
dfc43f7d0a nixos/gitlab: Document the restriction introduced on statePath
The state path now, since the transition from initialization in
preStart to using systemd-tmpfiles, has the following restriction: no
parent directory can be owned by any other user than root or the user
specified in services.gitlab.user. This is a potentially breaking
change and the cause of the error isn't immediately obvious, so
document it both in the release notes and statePath description.
2019-09-23 17:55:58 +02:00
Peter Hoeg
e537a0a11e home-assistant: set capabilities for bluetooth 2019-09-23 21:54:16 +08:00
Florian Klink
6262e83f5f
nixos/gitlab: Add gnutar and gzip to gitlab-sidekiq's path (#68908)
nixos/gitlab: Add gnutar and gzip to gitlab-sidekiq's path
2019-09-23 06:40:52 +02:00
Jos van Bakel
86b83f37b8
nixos/gitea: fix dump 2019-09-21 09:28:53 +02:00
talyz
aceac9d531 nixos/gitlab: Add gnutar and gzip to gitlab-sidekiq's path
Tar and gzip are needed when importing GitLab project exports.
2019-09-17 09:27:16 +02:00
schneefux
bab6e6eb04
nixos/gitlab: Remove todo about mysql support
GitLab has ended MySQL support.
https://about.gitlab.com/2019/06/27/removing-mysql-support/
2019-09-14 11:26:22 +02:00
talyz
4b6ba5b27c nixos/gitlab: Fix swap of secrets
Fix accidental swap of the otp and db secrets in the secrets.yml
file. Fixes #68613.
2019-09-13 08:40:59 +02:00
Sander van der Burg
e987e3fef9 nixos/dysnomia: enable InfluxDB support 2019-09-09 23:28:10 +02:00
Florian Klink
2f3b9cd52c
Merge pull request #66274 from talyz/gitlab
nixos/gitlab: Add support for secure secrets and more
2019-09-07 12:52:44 -07:00
talyz
240649a510 nixos/gitlab: Extract arbitrary secrets from extraConfig
Adds the ability to make any parameter specified in extraConfig secret
by defining it an attrset containing the attr _secret, which in turn
is a path to a file containing the actual secret.
2019-09-06 16:57:23 +02:00
talyz
b351454cac nixos/gitlab: Use postgresql module options to provision local db
Use the postgresql module to provision a local db (if
databaseCreateLocally is true) instead of doing this locally.

Switch to using the local unix socket for db connections by default;
this is needed since dbs created by the postgresql module only support
peer authentication.

Instead of running the rake tasks db:schema:load, db:migrate and
db:seed_fu, run gitlab:db:configure, which in turn runs these tasks
when needed.

Solves issue #53852 for gitlab.
2019-09-06 16:56:20 +02:00
talyz
cbdf94c0f3 nixos/gitlab: Add support for storing secrets in files
Add support for storing secrets in files outside the nix store, since
files in the nix store are world-readable and secrets therefore can't
be stored safely there.

The old string options are kept, since they can potentially be handy
for testing purposes, but their descriptions now state that they
shouldn't be used in production. The manual section is updated to use
the file options rather than the string options and the tests now test
both.
2019-09-06 16:54:22 +02:00
talyz
7648b4f8ba nixos/gitlab: Fix missing ca_file for SMTP
Work around upstream issue #790 by explicitly referencing the
ca-certificates.crt file.
2019-09-06 10:17:31 +02:00
Jan Tojnar
cdf426488b
Merge branch 'master' into staging-next
Fixed trivial conflicts caused by removing rec.
2019-09-06 03:20:09 +02:00
Aaron Andersen
b54a120a82 nixos/zookeeper: recursively set permissions and ownership on dataDir 2019-09-03 11:57:57 -04:00
Vladimír Čunát
f21211ebfe
Merge branch 'master' into staging 2019-09-02 23:25:24 +02:00
Florian Klink
f74735c9d7 nixos: remove dependencies on local-fs.target
Since https://github.com/NixOS/nixpkgs/pull/61321, local-fs.target is
part of sysinit.target again, meaning units without
DefaultDependencies=no will automatically depend on it, and the manual
set dependencies can be dropped.
2019-09-01 19:06:38 +02:00
Silvan Mosberger
478e7184f8
nixos/modules: Remove all usages of types.string
And replace them with a more appropriate type

Also fix up some minor module problems along the way
2019-08-31 18:19:00 +02:00
Frederik Rietdijk
ad1d58c622 Merge staging-next into staging 2019-08-31 10:04:20 +02:00
volth
08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
Frederik Rietdijk
5061fe0c2c Merge staging-next into staging 2019-08-28 08:26:42 +02:00
Eelco Dolstra
35c1c170d7 nix.conf: Set sandbox-fallback = false
For security, we don't want the sandbox to be disabled silently.
2019-08-27 21:17:20 +02:00
volth
35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Peter Hoeg
574ec28ef1 nixos/zoneminder: open telnet port for remote admin 2019-08-26 14:47:00 +08:00
Aaron Andersen
400c6aac71 nixos/phpfpm: deprecate extraConfig options in favor of settings options 2019-08-23 07:56:27 -04:00
Aaron Andersen
62b774a700 nixos/phpfpm: add socket option to replace the listen option 2019-08-23 07:56:21 -04:00
Aaron Andersen
249b4ad942
Merge pull request #66492 from aanderse/extra-subservice-cleanup
nixos/httpd: extraSubservices cleanup
2019-08-20 18:55:08 -04:00
Aaron Andersen
8227b2f29e
Merge pull request #66399 from mmahut/metabase
metabase: service module and test
2019-08-18 19:49:05 -04:00
WilliButz
4835f65e95
Merge pull request #66814 from mguentner/synapse_1_3_1
matrix-synapse: 1.2.1 -> 1.3.1
2019-08-18 19:30:14 +02:00
Marek Mahut
69089e990e modules: adding metabase service 2019-08-18 13:44:26 +02:00
Maximilian Güntner
dac8fe9cee
nixos/matrix-synapse: use notify instead of simple
Starting with 1.3.0, matrix-synapse supports notifying
systemd. Relevant PR: matrix-org/synapse#5732
2019-08-18 09:41:33 +02:00
Aaron Andersen
efbdce2e96 nixos/mantisbt: drop unmaintained module 2019-08-15 21:01:23 -04:00
Ben Gamari
d7d873b8cb nixos/gitlab: Delete stale hooks directories with -R
These can be directories.
2019-08-14 15:29:50 +02:00
Jeff Slight
2ee14c34ed
nixos/gitlab: properly clear out initializers 2019-08-12 12:50:02 -07:00
Silvan Mosberger
013d403f30
nixos/dwm-status: add module (#51319)
nixos/dwm-status: add module
2019-08-09 15:39:50 +02:00
William Casarin
8a24d2ba44 zoneminder: fix nginx config
For some reason it doesn't seem to load things in the cache directory
properly without this slash.

Looks like this regression may have been introduced in:

  commit 19851ec1fc
  nixos/zoneminder: Fix nginx config check

Cc: Daniel Schaefer <git@danielschaefer.me>
Cc: Peter Hoeg <peter@hoeg.com>

Signed-off-by: William Casarin <jb55@jb55.com>
2019-08-04 11:53:06 -07:00
bake
9e2a710117 nixos/gitolite: dataDir group-readable 2019-08-04 18:47:02 +09:00
Robin Gloster
19c737fd79
Merge pull request #65699 from jslight90/patch-5
nixos/gitlab: fix config initializer permissions
2019-08-01 23:08:39 +00:00
Colin L Rice
d7aa6df31f nix-daemon: Fix builduser count to work when maxJobs is auto 2019-08-01 01:54:28 -04:00
Jeff Slight
7efcbead2c
nixos/gitlab: fix config initializer permissions 2019-07-31 14:55:08 -07:00
arcnmx
c604b38791 nixos/taskserver: crl file is optional 2019-07-27 15:49:46 -07:00
steve-chavez
dfd3a0269c Shorten mkEnableOption description 2019-07-23 12:19:28 +09:00
steve-chavez
5ccfa0c816 nixos/modules: add greenclip user service 2019-07-23 12:19:28 +09:00
Johan Thomsen
bbd4a0c100 nixos/gitlab: gitlab-workhorse requires exiftool on path to process uploaded images 2019-07-22 16:41:16 +00:00
Aaron Andersen
44565adda5
Merge pull request #60436 from nbardiuk/master
nixos/tiddlywiki: init
2019-07-21 16:39:42 -04:00
Aaron Andersen
30920fbf69
Merge pull request #64741 from dasJ/gitea-smtp-pw
nixos/gitea: Support SMTP without pw in the store
2019-07-20 08:32:51 -04:00
Robin Gloster
0972409c95
Merge pull request #64550 from bgamari/gitlab-12.0
gitlab: 11.10.8 -> 12.0.3
2019-07-17 16:01:03 +00:00
Nazarii Bardiuk
976928daa2
nixos/tiddlywiki: init
Service that runs TiddlyWiki nodejs server
2019-07-16 23:12:16 +01:00
Robin Gloster
52fd300b8c
gitlab module: fix permissions 2019-07-16 03:51:17 +02:00
Robin Gloster
3469c206f2
gitlab-shell: better gitlab_shell_secret location
So this won't be cleaned up by removing config/*
2019-07-16 03:51:11 +02:00
Robin Gloster
783c2f6106
gitlab module: clean up permission handling
This is WIP to get rid of PermissionsStartOnly=true
2019-07-16 01:19:07 +02:00
Janne Heß
1e23007dcd nixos/gitea: Support SMTP without pw in the store 2019-07-14 22:48:10 +02:00
Silvan Mosberger
5eac339829
nixos/redmine: add database.createLocally option (#63932)
nixos/redmine: add database.createLocally option
2019-07-14 16:22:37 +02:00
Frederik Rietdijk
74c24385cb Merge master into staging-next 2019-07-09 15:46:00 +02:00
Elis Hirwing
3b354cc037
Merge pull request #64412 from davidtwco/lidarr/fix-home
nixos/lidarr: re-add home attribute
2019-07-07 21:35:06 +02:00
David Wood
e2247dceb3
nixos/lidarr: re-add home attribute
This was accidentally removed in a previous PR and broke things.
2019-07-07 12:31:28 +01:00
David Wood
7f32961ea2
nixos/jackett: add package option
This allows users of the module to override the package to a newer
version. Particularly useful as Jackett warns that old versions may not
work.
2019-07-07 12:23:01 +01:00
worldofpeace
ab34f8b39b
Merge pull request #63824 from JohnAZoidberg/zoneminder-alias
nixos/zoneminder: Fix package and service build
2019-07-06 21:19:23 -04:00
Vladimír Čunát
0746c4dbb4
Merge branch 'master' into staging-next
There are several thousand rebuilds from master already.
Hydra nixpkgs: ?compare=1528940
2019-07-06 13:44:40 +02:00
Elis Hirwing
823120765c
Merge pull request #64113 from davidtwco/lidarr/users-groups-firewalls
nixos/lidarr: add user/group/openFirewall opts.
2019-07-05 12:20:49 +02:00
Frederik Rietdijk
25a77b7210 Merge staging-next into staging 2019-07-03 08:59:42 +02:00