Commit Graph

30184 Commits

Author SHA1 Message Date
CRTified
4a8f6ceb66 nixos/mautrix-telegram: add documentation for setting arbitrary secrets
The change that allows setting the secrets by an environment file had
the undocumented side effect of allowing to set any key by the environment
file (Related PR: https://github.com/tulir/mautrix-telegram/pull/332).

This is required to e.g. set `bridge.login_shared_secret`, which was not
documented before.

GitHub: closes #103347
2022-11-21 08:46:52 -05:00
Henri Menke
384293bbbb
nixos/alps: fixes for service hardening 2022-11-21 13:21:44 +01:00
Izorkin
17933082cc nixos/mastodon: fix emoji import 2022-11-21 11:43:28 +01:00
Janne Heß
c107fb66da
Merge pull request #202132 from ElvishJerricco/systemd-stage-1-tests-hibernate
nixos: ext fixes with systemd-initrd
2022-11-21 10:38:19 +01:00
Yannik Rödel
4de63c6750 outline: 0.66.3 -> 0.67.0 2022-11-21 09:33:08 +01:00
Nick Cao
46328f5596
nixosTests.systemd-initrd-luks-password: test mounting device unlocked in initrd after switching root 2022-11-21 14:49:20 +08:00
Nick Cao
51e4bd298f
nixos/udev: enable initrd-udevadm-cleanup-db.service in systemd stage 1 2022-11-21 14:33:27 +08:00
Will Fancher
71c74bf173 nixos: Add ext to fsPackages in stage 2 with systemd-initrd enabled 2022-11-20 22:30:01 -05:00
Sandro
8b5dd47fe0
Merge pull request #201647 from jtojnar/nixos-dbus-cleanup 2022-11-21 03:01:58 +01:00
Will Fancher
23b3add0e3 nixos: Fix hibernate test with systemd stage 1 2022-11-20 21:01:51 -05:00
Samuel Dionne-Riel
db50c66faf
Merge pull request #201750 from samueldr/feature/plasma-mobile-settings
nixos/plasma5: Sync Plasma Mobile kwinrc defaults with upstream
2022-11-20 17:16:16 -05:00
Maximilian Bosch
853d0a3f2b
Merge pull request #199150 from Ma27/grafana-fixup
nixos/grafana: documentation/warning improvements after #191768
2022-11-20 20:53:25 +01:00
Jörg Thalheim
83b468db28
Merge pull request #196148 from Mic92/tailscale
tailscale: improve formatting on warning message
2022-11-20 20:12:46 +01:00
Maximilian Bosch
4a73fad515
nixos/doc: also note that external YAML files for grafana will end up in the store 2022-11-20 20:03:38 +01:00
Maximilian Bosch
98cadbcf70
nixos/grafana: review fixes 2022-11-20 19:54:44 +01:00
Maximilian Bosch
2580440389
Merge pull request #198470 from RaitoBezarius/nc25-openssl
nextcloud25: use openssl 1.1 as a PHP extension to fix RC4 encryption
2022-11-20 18:32:41 +01:00
Maximilian Bosch
6ee5ae3e48
nixos/grafana: make warning more clear 2022-11-20 18:21:41 +01:00
Maximilian Bosch
9d7e9c5965
nixos/grafana: allow using both directories or single YAML files for non-Nix provisioning 2022-11-20 18:21:41 +01:00
Maximilian Bosch
2f1dfb0db3
nixos/grafana: fix w/o datasources or dashboard provisioning 2022-11-20 18:21:41 +01:00
Maximilian Bosch
4ec456b725
nixos/grafana: fix secret-related warnings
Closes #198646

* The options `password`/`basicAuthPassword` were removed for
  datasources in Grafana 9. The only option to declare them now is to use
  `secureJsonData`.
* Fix description for contactPoints provisioning: when using file/env
  providers, nothing will be leaked into the store.
* Fix regex in file-provider usage check: it's also possible to either
  use `$__env{FOO}` or `$FOO` to fetch secrets from the environment.
* Fix warning for datasources: `password`/`basicAuthPassword` was
  removed, also check for each setting in `secureJsonData` if
  env/file-provider was used (then no warning is needed!).
2022-11-20 18:21:40 +01:00
Maximilian Bosch
b300ec349c
nixos/doc: wording fix 2022-11-20 18:21:40 +01:00
Maximilian Bosch
febc8a4307
nixos/tests/grafana: demonstrate how to use the file provider
Yes, it's still a store path, but it's only for demonstration purposes.
Also we now have fewer warnings in the provision test.
2022-11-20 18:21:40 +01:00
Maximilian Bosch
03b34e85d4
nixos/grafana: we only support single YAML files for provisioning 2022-11-20 18:21:39 +01:00
Maximilian Bosch
45e1ce7e3a
nixos/grafana: get rid of unnecessary flatten for warnings 2022-11-20 18:21:39 +01:00
Maximilian Bosch
afd6199cff
nixos/grafana: re-add legacy notifiers test, mention notifiers in release notes 2022-11-20 18:21:39 +01:00
Maximilian Bosch
25b5824696
nixos/grafana: mark services.grafana.extraOptions as removed 2022-11-20 18:21:38 +01:00
Maximilian Bosch
252785fd9c
nixos/doc: improve release-notes for services.grafana 2022-11-20 18:21:38 +01:00
Maximilian Bosch
957e368f3d
nixos/grafana: provision.{datasources,dashboards} can't be a list anymore
The hack with `either` had the side-effect that the sub-options of the
submodule didn't appear in the manual. I decided to remove this because
the "migration" isn't that hard, you just need to fix some module
declarations.

However, `mkRenamedOptionModule` wouldn't work here because it'd create
a "virtual" option for the deprecated path (i.e.
`services.grafana.provision.{datasources,dashboards}`), but that's the
already a new option, i.e. the submodule for the new stuff.

To make sure that you still get errors, I implemented a small hack using
`coercedTo` which throws an error if a list is specified (as it would be
done on 22.05) which explains what to do instead to make the migration
easier.

Also, I linkified the options in the manual now to make it easier to
navigate between those.
2022-11-20 18:21:35 +01:00
ajs124
626e8b67fa nixos/tests/acme/server: regenerate certs
expired today
2022-11-20 16:37:42 +01:00
Elis Hirwing
14cc62d7e6
Merge pull request #201000 from drupol/php/8.2.0
php82: init at 8.2.0rc6
2022-11-20 16:01:00 +01:00
David Wilemski
c9543015d0
nixos/firewall: remove stray quote from package option
This quote is not needed and shows up rendered in the manpage documenting this option.
2022-11-19 22:04:52 -06:00
Martin Weinelt
1bb3114d92
Merge pull request #201984 from hax404/deluge_test 2022-11-20 02:17:26 +01:00
Jan Tojnar
1c37b65fb9
Merge pull request #181967 from noneucat/fix/at-spi2-core
gnome/at-spi2-core: also set GTK_A11Y when at-spi2-core is disabled
2022-11-20 02:17:08 +01:00
Martin Weinelt
0db9431e26
Merge pull request #201991 from vlinkz/calamaresqtwebkit 2022-11-20 01:59:28 +01:00
Andy Chun @noneucat
2fedbbab9c nixos/gnome/at-spi2-core: force GTK_A11Y=none when disabled
GTK 4 applications use accessibility bus directly
and will try to connect to it every time a widget is created:
https://gitlab.gnome.org/GNOME/gtk/-/issues/4831

This will make GTK 4 apps (e.g. newly ported Nautilus) grind
to a halt on systems that do not have AT-SPI service installed.

Let’s explicitly disable accessibility support with an environment
variable when the AT-SPI service is not enabled to avoid that.
Just like we do for ATK-based applications with `NO_AT_BRIDGE`.

Fixes: https://github.com/NixOS/nixpkgs/issues/197188
2022-11-20 01:50:38 +01:00
Victor Fuentes
4fe9988b89
installation-cd: Remove libsForQt5.full 2022-11-19 19:12:37 -05:00
happysalada
82ee824968 surrealdb: module init 2022-11-19 18:58:04 -05:00
Georg Haas
f20402f8e3
nixos/tests/deluge: fix test
deluge-console always exits with code 1. This is known in https://dev.deluge-torrent.org/ticket/3291
2022-11-20 00:35:59 +01:00
Icy-Thought
2beff9375c
nixos/picom: add egl backend to options 2022-11-19 19:29:22 +01:00
Martin Weinelt
c021df5792
Merge pull request #197254 from Atemu/fstab-escape-options 2022-11-19 18:08:40 +01:00
happysalada
4a3aa6ff98 tremor-rs: module init 2022-11-19 11:41:21 -05:00
Martin Weinelt
2714a22521
Merge pull request #198820 from talyz/keycloak-admin-password 2022-11-19 15:03:03 +01:00
Martin Weinelt
6c1b52297d
Merge pull request #195497 from mweinelt/crypt-hash-deprecations 2022-11-19 14:28:44 +01:00
Martin Weinelt
218e2f5e14
Merge pull request #193740 from illustris/hbase
hbase: remove 1.7, 2.4.11 -> 2.4.15, init 2.5.1, 3.0.0-alpha-2 -> alpha-3
2022-11-19 14:28:11 +01:00
Martin Weinelt
78155df21d
nixos/users-groups: Warn about deprecated hashes at activation
To allow for a reasonably fast deprecation of weak password hashing
schemes we provide an activation script that checks existing hashes in
/etc/shadow and issues a warning for user accounts that still rely on
deprecated hashes.

Co-Authored-By: oxalica <oxalicc@pm.me>
2022-11-19 14:07:59 +01:00
Martin Weinelt
f391e6dbcc
nixos/user: Don't recommend mkpasswd methods
Instead rely on the default, which at this time is yescrypt.
2022-11-19 14:07:59 +01:00
Martin Weinelt
55ab131ee2
nixos/manual: Don't recommend mkpasswd methods
Instead rely on the default, which at this time is yescrypt.
2022-11-19 14:07:59 +01:00
Zhaofeng Li
3d185562b5 nixos/tests/phosh: init 2022-11-19 06:55:25 +01:00
Zhaofeng Li
8b2d34fa5e test-driver: Allow configuring delay for send_{key,chars} 2022-11-19 06:55:25 +01:00
Sergei Trofimovich
00d016a2f5
Merge pull request #186764 from fricklerhandwerk/remove-syntax-overview
remove Nix language syntax summary
2022-11-18 22:41:54 +00:00
Anderson Torres
fc8a4f7291
Merge pull request #201521 from hmenke/alps
nixos/alps: add hardening, extensible options, test
2022-11-18 14:46:03 -03:00
Maciej Krüger
980e2c2ed2
Merge pull request #196773 from bobvanderlinden/pr-steam-package 2022-11-18 13:08:39 +01:00
Vladimír Čunát
8ab030e8de
Merge #201359: firefox, thunderbird, librewolf: Enable wayland support by default 2022-11-18 10:49:22 +01:00
Samuel Dionne-Riel
4ec2521ebb nixos/plasma5: Sync kwinrc defaults with upstream
This was missed when updating Plasma Mobile last time.
2022-11-18 04:35:35 -05:00
Manuel Bärenz
af447367ec nixos/mastodon: Add turion as maintainer 2022-11-17 20:05:50 +01:00
Kerstin Humm
d35c9e04e6 mastodon: 3.5.3 -> 4.0.2 2022-11-17 20:05:50 +01:00
Kerstin Humm
7718720149 nixos/mastodon: increase RAM for NixOS test vm 2022-11-17 20:05:50 +01:00
Jan Tojnar
5acdf85467 nixos/dbus: Avoid redundant output specification
- Do not use `daemon`, it has been synonymous to `out` since 783c40eb68
- Do not use explicit `out` output, it has been default since a17216af4c (originally introduced in 2132c86c45)
2022-11-17 19:49:34 +01:00
figsoda
d1dd00b618 nixos/vaultwarden: use lib.concatMapAttrs 2022-11-17 12:54:28 -05:00
Christian Kögler
de60d387a0
Merge pull request #200180 from Korny666/fix_install_chapter
nixos/doc: correct install summary
2022-11-17 17:42:12 +01:00
Henri Menke
9820effbba
nixos/alps: test login and cookie 2022-11-17 17:12:57 +01:00
Henri Menke
aeb5a692c3
nixos/alps: add hardening, extensible options, test 2022-11-17 17:12:54 +01:00
Patrick Jackson
b0c6f4ae05 nixos/mullvad-vpn: add mullvad-exclude wrapper & systemPackage 2022-11-17 07:31:40 -08:00
Jan Tojnar
43f34da079 nixos/dbus: Clean up
- Format the expression with nixpkgs-fmt.
- Remove `with` statement for clarity.
- Remove useless comments.
- Regroup systemd options.
2022-11-17 16:26:14 +01:00
Jan Tojnar
65ddb0ef06 nixos/dbus: Remove socketActivated option removal warning
It has been removed since 21.05:

f292a27f44
2022-11-17 16:14:33 +01:00
Bernardo Meurer
9959fe259d
Merge pull request #195135 from maxbrunet/feat/automatic-timezoned/init 2022-11-17 08:28:40 -05:00
Martin Weinelt
c156bdf40d
firefox, thunderbird, librewolf: Enable wayland support by default
Enabling Wayland support by default prevents use of XWayland on Wayland
systems, while correctly falling back to X11 when Wayland is
unavailable in the current session.

With the current packaging many people unnecessarily rely on the
`firefox` attribute, which is suggested by nixos-generate-config, which
in turn makes their Firefox use XWayland, when it shouldn't, which
causes bugs with GNOME on Wayland:

https://discourse.nixos.org/t/firefox-all-black-when-first-launched-after-login/21143

Using the Wayland-enabled Firefox was tested on pure X11 systems by
contributors on the #nix-mozilla:nixos.org room and we are confident
this change will not cause severe regressions.

Even better, people can now toggle `MOZ_ENABLE_WAYLAND=<0|1>` in their
environment to override this decision, should they feel the need to do
so.
2022-11-17 11:50:12 +01:00
Artturi
24cc9c3c73
Merge pull request #201183 from Artturin/utempter
tmux: build with utempter
2022-11-17 12:10:41 +02:00
adisbladis
841bcc7a24
Merge pull request #185129 from Munksgaard/fix-nixos-container
nixos-containers: Make sure same version of nixos-container is used
2022-11-17 22:13:44 +13:00
Maxime Brunet
29b5192b08
automatic-timezoned: init at 1.0.41 2022-11-16 15:26:21 -08:00
Florian Klink
67e0d7a1bf
Merge pull request #199352 from symphorien/deadlock-post-resume
nixos/power-management: fix deadlock with post-resume.{target,service}
2022-11-16 21:25:40 +00:00
Thiago Kenji Okada
eb8b2d7142 nixos/docs: document picom module changes 2022-11-16 20:14:34 +00:00
Thiago Kenji Okada
6785dae748 nixos/picom: remove experimentalBackends option
Removed by upstream in the recent v10 release.
2022-11-16 20:13:42 +00:00
Pol Dellaiera
1812d1540e
php82: init at 8.2.0rc6 2022-11-16 18:57:26 +01:00
Will Fancher
688fa4133d
Merge pull request #201396 from ElvishJerricco/systemd-util-linux-path-stage-1-fix
nixos: Fix systemd stage 1 after #201266
2022-11-16 11:48:39 -05:00
sternenseemann
a110f08f12 ocamlPackages.extlib: rename from ocaml_extlib
This matches the name used in dune and on OPAM.
2022-11-16 14:30:37 +01:00
Jörg Thalheim
c48d83b7bf
Merge pull request #197536 from eigengrau/zsh-init-no-unset
nixos/zsh: don’t be noisy when scripts are run with -u
2022-11-16 09:46:39 +01:00
Brian Cooper
8b013b65a6
nixos/misc: fix grammar typo 2022-11-16 06:54:04 +00:00
Vincent Haupert
2f71de984e release-notes: mention new services.github-runners & breaking changes 2022-11-15 23:53:04 -05:00
Carl Richard Theodor Schneider
647ed242dc nixos/adguardhome: allow for empty/unmanaged configs
This commit fixes broken non-declarative configs by
making the assertions more relaxed.
It also allows to remove the forced configuration merge by making
`settings` `null`able (now the default).

Both cases (trivial non-declarative config and `null`able config) are
verified with additional tests.

Fixes #198665
2022-11-15 23:43:15 -05:00
Sandro
655ab77b16
Merge pull request #198724 from Izorkin/update-peertube 2022-11-16 02:51:47 +01:00
Sandro
8ef6a0aca6
Merge pull request #188467 from kekrby/fix-gtk-icon-cache 2022-11-16 02:03:15 +01:00
Will Fancher
b28ecff1e6 nixos: Add util-linux to systemd PATH to fix fsck with systemd 251.6
This is an alternative to the reverted
d9b1bde390, which broke systemd stage 1
2022-11-15 17:54:32 -05:00
Will Fancher
acecd1ec7b Revert "nixos: Fix fsck with systemd 251.6 and later"
This reverts commit d9b1bde390.
2022-11-15 17:45:38 -05:00
Sandro
a51b4f21fb
Merge pull request #198217 from eigengrau/shell-alias-double-dash 2022-11-15 23:41:05 +01:00
Nicolas Benes
f6b07f0e2f fetchgit: make sparseCheckout a list of strings
The `sparseCheckout` argument allows the user to specify directories or
patterns of files, which Git uses to filter files it should check-out.

Git expects a multi-line string on stdin ("newline-delimited list", see
`git-sparse-checkout(1)`), but within nixpkgs it is more consistent to
use a list of strings instead. The list elements are joined to a
multi-line string only before passing it to the builder script.

A deprecation warning is emitted if a (multi-line) string is passed to
`sparseCheckout`, but for the time being it is still accepted.
2022-11-15 19:45:33 +01:00
Pierre Bourdon
4ac2dbfec5
Merge pull request #201329 from jqqqqqqqqqq/master
nixos/nginx: fix default listen port options
2022-11-15 17:57:51 +01:00
Curtis Jiang
f7bed8cd44 nixos/nginx: fix default listen port options 2022-11-15 15:11:52 +00:00
Florian Klink
8db9c4ed3f
Merge pull request #201266 from aszlig/fix-fsck
nixos: Fix fsck with systemd 251.6 and later
2022-11-15 08:17:53 +00:00
Franz Pletz
f0609d6c05
Merge pull request #198529 from jqqqqqqqqqq/master 2022-11-15 04:58:47 +01:00
Curtis Jiang
81cd6b06f9 nixos/nginx: add default listen port options 2022-11-15 02:00:03 +00:00
aszlig
d9b1bde390
nixos: Fix fsck with systemd 251.6 and later
Version 251.6 of systemd introduced a small change[1] that now checks
whether the fsck command is available in *addition* to the filesystem
specific fsck.$fsname executable.

When bumping systemd to version 251.7 on our side[2], we introduced that
change. This subsequently caused our "fsck" test to fail and it looks
like this was an oversight during the pull request[3] introducing the
bump.

Since the fsck wrapper binary is in util-linux, I decided to address
this by adding util-linux to fsPackages because util-linux is already
part of the closure of any NixOS system so the impact should be pretty
low.

[1]: 73db7d9932
[2]: 844a08cc06
[3]: https://github.com/NixOS/nixpkgs/pull/199618

Signed-off-by: aszlig <aszlig@nix.build>
2022-11-15 02:15:54 +01:00
Robert Hensing
a82e6b5dae
Merge pull request #201187 from pennae/mddoc-in-manual
nixos/manual: re-add mention of mdDoc marker
2022-11-14 19:00:33 +01:00
Robert Hensing
833f9d5e1f
Merge pull request #200646 from hercules-ci/options-markdown-and-errors
`nixosOptionsDoc`: add `markdownByDefault`, error handling
2022-11-14 18:58:54 +01:00
pennae
07e5701aca nixos/manual: re-add mention of mdDoc marker 2022-11-14 16:05:44 +01:00
Artturin
2af809015a nixos/tmux: add withUtempter option 2022-11-14 15:26:19 +02:00
Markus Partheymueller
5bc1b01a40
boot.loader.systemd-boot: add extraInstallCommands option (#200715) 2022-11-14 14:20:58 +01:00
Bryan Richter
e3fc19b301
nixos/nginx: docs: Update formatting
* Capitalize ACME
* Use bold instead of ALL CAPS
* Tweak sentence structure
2022-11-14 12:24:17 +02:00
Bryan Richter
fd9eed5bf3
nixos/nginx: Extend acmeFallbackHost documentation
This extra example would have saved me a lot of uncertainty and doubt.
2022-11-14 11:54:33 +02:00
Franz Pletz
69f8e94c46
Merge pull request #199587 from lorenz/fscrypt
nixos/pam: support fscrypt login protectors
2022-11-14 09:42:35 +01:00