Commit Graph

15251 Commits

Author SHA1 Message Date
WORLDofPEACE
c4d016a28b
Merge pull request #98676 from cole-h/shadow-owns-shadow
nixos/update-users-groups: /etc/shadow owned by root:shadow
2020-09-26 15:37:57 -04:00
Aaron Andersen
1032e90b52
Merge pull request #97390 from axelf4/picom-experimentalBackends-option
nixos/picom: add experimentalBackends option
2020-09-26 14:03:31 -04:00
Florian Klink
8d52cf501f nixos/datadog: Don't recommend dd_url for sites, add proper option
Turns out, `dd_url` should only be used in proxy scenarios, not to point
datadog to their EU endpoint - `site` should be used for that.

The `dd_url` setting doesn't affect APM, Logs or Live Process intake
which have their own "*_dd_url" settings.
2020-09-25 22:30:55 +02:00
Cole Helbling
937359fcf1
nixos/update-users-groups: /etc/shadow owned by root:shadow 2020-09-25 09:38:35 -07:00
Graham Christensen
d9a93852d4
nixos-rebuild: support --upgrade-all and document --upgrade (#83327) 2020-09-25 17:22:11 +02:00
Andreas Rammhold
bb33cdd44b
Merge pull request #98738 from mayflower/prometheus-retention
nixos/prometheus: add retentionTime
2020-09-25 17:11:27 +02:00
Linus Heckemann
edcb73f6b5 nixos/prometheus/postfix: enable systemd by default 2020-09-25 14:29:16 +02:00
Linus Heckemann
e80fa27968 nixos/prometheus/postfix: correct default showqPath 2020-09-25 14:28:32 +02:00
WilliButz
f412df1f6b nixos/prometheus-postfix-exporter: set default group
The postfix exporter needs to access postfix's `queue/public/` directory
to read the `showq` socket inside. Instead of making the public
directory world accessible, this sets the postfix exporter's group to
`postdrop` by default, when the postfix service is enabled.
2020-09-25 13:59:46 +02:00
Robin Gloster
5c0a2e8c60 nixos/prometheus: add retentionTime 2020-09-25 13:44:13 +02:00
Jan Tojnar
d471c5d1f3
Merge branch 'staging-next' into staging 2020-09-24 23:09:00 +02:00
Jan Tojnar
6d518ddf77
Merge pull request #98503 from jtojnar/doc-prompts 2020-09-24 22:48:38 +02:00
Joe Hermaszewski
99d2db8dce
nvidia-x11.vulkan_beta: init at 450.56.11 (#97882)
- This is fetched from a different URL, so allow passing that explicitly.

- There also isn't an nvidia-persistenced or nvidia-settings release for
  this version, so use 450.57 instead. Also implement passing
  persistenced and settings version explicitly.

Co-authored-by: Dmitry Kalinkin <dmitry.kalinkin@gmail.com>
2020-09-24 10:53:05 -04:00
zowoq
008de9ca3c nixos/{containers,cri-o,podman}: move copyFile to nixos/lib/utils 2020-09-24 10:01:47 +10:00
Sascha Grunert
eac4389021 nixos/cri-o: add networkDir option
The new option can be used to specify the network directory for CNI
plugin configurations.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-24 07:35:35 +10:00
Maximilian Bosch
8bcc2bae60
Merge pull request #98550 from WilliButz/codimd/environment-secrets
nixos/codimd: add option `environmentFile` for injecting secrets
2020-09-23 17:32:40 +02:00
Shea Levy
dc6ff60cc6
Merge branch 'system76-firmware-and-nixos' into master 2020-09-23 08:14:11 -04:00
Shea Levy
4b1850bad3
Add system76 NixOS module 2020-09-23 08:10:49 -04:00
WilliButz
403c215bdd
nixos/codimd: add option environmentFile for injecting secrets
Secrets are injected from the environment into the rendered
configuration before each startup using envsubst.
The test now makes use of this feature for the db password.
2020-09-23 11:59:44 +02:00
Florian Klink
1480c1a7b5
Merge pull request #98502 from cole-h/link-dev-fd
nixos/stage-1: set up /dev/fd
2020-09-23 09:57:43 +02:00
Jan Tojnar
e6ce041cae
nixos/doc: Improve code listings
By adding prompts and replaceables and removing unnecessary indentation.
2020-09-23 01:25:25 +02:00
Cole Helbling
4586810487
nixos/stage-1: set up /dev/fd
Otherwise, stage-2-init.sh will complain about not having access to
/dev/fd/62 as of systemd v246.

On IRC, flokli said:

    15:14 <flokli> cole-h: hmmm... I could imagine some of the setup inside /dev has been moved into other parts of systemd
    15:14 <flokli> And given we run systemd much later (outside initramfs only) it doesn't work properly here
    15:17 <flokli> We probably don't invoke udev correctly
2020-09-22 15:33:21 -07:00
Frederik Rietdijk
7bff759fac Merge staging-next into staging 2020-09-22 18:31:56 +02:00
Kirill Elagin
a4afd525cb prometheus: Unbreak IPv6 listenAddress
The format of the listenAddress option was recently changed to separate
the address and the port parts. There is now a legacy check that
tells users to update to the new format. This legacy check produces
a false positive on IPv6 addresses, since they contain colons.

Fix the regex to make it not match colons within IPv6 addresses.
2020-09-21 07:53:47 +02:00
zowoq
74c2ed9e35 nixos/tools/nixos-install: remove trailing whitespace 2020-09-21 09:35:27 +10:00
WORLDofPEACE
978e419abe Merge branch 'staging-next' into staging 2020-09-20 18:43:38 -04:00
WORLDofPEACE
34aaac6d7c Merge branch 'staging-next' into staging 2020-09-20 18:41:15 -04:00
WORLDofPEACE
684d691c6e
Merge pull request #97738 from cole-h/build-vm-for-flakes
nixos-rebuild: add flake support for build-vm
2020-09-20 15:10:16 -04:00
Gabriel Ebner
0c550170d1
Merge pull request #97469 from Emantor/bump/thermald 2020-09-20 16:55:30 +02:00
Nathaniel Glen
59cbf9746c nixos/pipewire: fix variable merging
While both strings and lists are valid, lists are the more accurate type
and only they can properly merge with each other.
2020-09-19 18:00:44 -04:00
Nathaniel Glen
888c1fbf96 nixos/pipewire: add missing dbus dependency
Without this it is possible for PipeWire to fail in binding the dbus socket.
2020-09-19 16:33:02 -04:00
Nathaniel Glen
c603619042 nixos/pipewire: use provided udev rules
As of PipeWire 0.3.8, the library is bundled with a slightly modified
version of PulseAudio's udev rules.
2020-09-19 16:33:02 -04:00
Nathaniel Glen
3377257d0b pipewire: split pulse and jack emulation out
This splits PulseAudio and JACK emulation into separate outputs. Doing
so provides a number of benefits.

First it fixes pw-pulse and pw-jack. Prior to this they pointed to bogus
locations because the environment variables were not evaluated.
Technically fixing this only requires setting libpulse-path and
libjack-path to any absolute path not necessarily separate outputs but
it comes as a nice result.

Secondly it allows overriding libpulseaudio with pipewire.pulse in many
packages. This is possible because the new outputs have a more standard
layout.
2020-09-19 16:33:01 -04:00
Nathaniel Glen
f01be2978b nixos/pipewire: use globs for the version 2020-09-19 16:33:01 -04:00
Nathaniel Glen
e879eb6db6 pipewire: add testing
This adds two tests. One is for whether the paths used by the module are
present, while the other is for testing functionality of PipeWire
itself. This is done with the recent addition of installed tests by
upstream.
2020-09-19 16:33:01 -04:00
Nathaniel Glen
ccefdd9dae nixos/pipewire: add jack/pulse emulation
This allows for transparent JACK and PulseAudio emulation. With this you
can essentially replace your entire audio framework with just PipeWire
for almost no configuration.
2020-09-19 16:33:00 -04:00
Nathaniel Glen
cd81d4043e nixos/pipewire: add ALSA routing
This code is based on the similar implementation for JACK.
2020-09-19 16:33:00 -04:00
Mario Rodas
8b8f54d38b
Merge pull request #98263 from asdf8dfafjk/patch-3
nixos/onedrive: Remove verbose flag
2020-09-19 13:46:17 -05:00
Ryan Mulligan
5ea751ca70
Merge pull request #98258 from ryantm/remove-heyefi
nixos/heyefi: remove module and package
2020-09-19 11:00:41 -07:00
markuskowa
913657c2d9
Merge pull request #98261 from ryantm/monit-maintainer
nixos/monit: add ryantm as maintainer
2020-09-19 09:46:14 +02:00
asdf8dfafjk
5e166f892d
nixos/onedrive: Remove verbose flag 2020-09-19 11:32:42 +05:30
Linus Heckemann
4c8dabed17
Merge pull request #97826 from lheckemann/spice-usb-redir
nixos/spice-usb-redirection: init
2020-09-19 07:52:23 +02:00
Ryan Mulligan
16b94bf231 nixos/monit: add ryantm as maintainer 2020-09-18 22:09:22 -07:00
Ryan Mulligan
61863c5155
Revert "nixos/monit: Allow splitting the config in multiple files" 2020-09-18 21:57:54 -07:00
Ryan Mulligan
ad1c7eb7b6 nixos/heyefi: remove module and package
heyefi is no longer maintained by me; the company that made the sd
cards is defunct and the cards depended on their servers to work.
2020-09-18 21:55:07 -07:00
Marek Mahut
52532b7c36
Merge pull request #91256 from prusnak/seeks
seeks: remove, upstream unmaintained
2020-09-18 16:32:33 +02:00
Cole Helbling
e26b348689
nixos-rebuild: add flake support for build-vm
This relies on users using `nixpkgs.lib.nixosSystem` to define their
system; otherwise, the `vm` and `vmWithBootLoader` attributes will not
exist.
2020-09-17 11:44:47 -07:00
Sebastian Zivota
4560d7ed70 nixos/calibre-server: Allow multiple libraries
Also add options for group and user.
2020-09-17 12:04:39 +02:00
Sascha Grunert
e363aef498 nixos/cri-o: remove deprecated manage_ns_lifecycle option
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-17 17:50:57 +10:00
Rouven Czerwinski
0aaa5addfb nixos/thermald: add adaptive mode
thermald >=2.3 supports the adaptive DPTF mode, in conjunction with
kernel 5.8.
2020-09-16 18:27:16 +02:00
Robert Hensing
2d2612a020 nixos/cassandra: Add cfg.extraEnvSh 2020-09-16 17:19:39 +02:00
Dominik Xaver Hörl
c3be76580f nixos/xserver: clean up the useXFS option
It had confusing semantics, being somewhere between a boolean option and
a FontPath specification. Introduce fontPath to replace it and mark the
old option as removed.
2020-09-15 14:13:34 +02:00
WORLDofPEACE
d23f814eb3
Merge pull request #98004 from romildo/upd.nm-applet
nixos/nm-applet: starts the applet with Appindicator support
2020-09-14 20:44:51 -04:00
José Romildo Malaquias
0c6e1ddf61 nixos/pantheon: disable nm-applet indicator 2020-09-14 21:27:00 -03:00
José Romildo Malaquias
0d7a2f67df nixos/nm-applet: starts the applet with Appindicator support
As of version 1.18.0 Appindicator support is available in the official
network-manager-applet package. To use nm-applet in an Appindicator
environment the applet should be started  with the following command:

$ nm-applet --indicator

Without this option it does appear in the Enlightenment panel systray,
for instance.
2020-09-14 21:11:15 -03:00
aszlig
7447bdc523
nixos/plasma5: Fix eval of colord-kde/wacomtablet
Regression introduced by 053b05d14d.

The commit in question essentially removed the "with pkgs;" from the
scope around the various packages added to environment.systemPackages.

Since services.colord.enable and services.xserver.wacom.enable are false
by default, the change above didn't directly result in an evaluation
error.

Tested evaluation before and after this change via:

  for cfg in hardware.bluetooth.enable \
             networking.networkmanager.enable \
             hardware.pulseaudio.enable \
             powerManagement.enable \
             services.colord.enable \
             services.samba.enable \
             services.xserver.wacom.enable; do
    nix-instantiate --eval nixos --arg configuration '{
      services.xserver.desktopManager.plasma5.enable = true;
      '"$cfg"' = true;
    }' -A config.environment.systemPackages > /dev/null
  done

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ttuegel
2020-09-15 01:19:15 +02:00
Henri Menke
9d60354fae nixos/shadowsocks: add test without plugin 2020-09-14 22:35:05 +02:00
Henri Menke
e587b5a8a8 nixos/shadowsocks: add extraConfig 2020-09-14 22:35:05 +02:00
Timo Kaufmann
8e13daea7b
Merge pull request #49413 from midchildan/add-epgstation
epgstation: init at 1.7.4
2020-09-14 10:28:33 +02:00
WORLDofPEACE
4085eee678
Merge pull request #97801 from rycee/user-session-dbus2
Make socket activated user dbus session mandatory
2020-09-14 00:37:09 -04:00
Robert Helgesson
f292a27f44
nixos/dbus: always use socket activates user session
This removes the `services.dbus.socketActivated` and
`services.xserver.startDbusSession` options. Instead the user D-Bus
session is always socket activated.
2020-09-13 11:17:16 +02:00
Sarah Brofeldt
701064bb10
Merge pull request #96446 from saschagrunert/k8s
kubernetes: 1.18.8 -> 1.19.1
2020-09-13 00:45:56 +02:00
Ryan Mulligan
cba76f9ee6
Merge pull request #97632 from ryantm/jitsi-meet-doc
nixos/jitsi-meet: add docs
2020-09-12 14:21:45 -07:00
Florian Klink
2865a8867f
nixos/datadog: allow specifying dd_url (#97775)
Useful when you want to point datadog to another endpoint, either
because you need a proxy to send out data, or because you use their EU
endpoint.
2020-09-12 21:02:20 +02:00
Robert Helgesson
fbc5093649
hooks: add moveSystemdUserUnitsHook
This hook moves systemd user service file from `lib/systemd/user` to
`share/systemd/user`. This is to allow systemd to find the user
services when installed into a user profile. The `lib/systemd/user`
path does not work since `lib` is not in `XDG_DATA_DIRS`.
2020-09-12 18:29:46 +02:00
Linus Heckemann
ad7b27b4c8 fixup: address @jtojnar's review comments 2020-09-12 17:00:44 +02:00
Linus Heckemann
e2fd022d63 nixos/spice-usb-redirection: init
Fixes #39618
2020-09-12 09:16:31 +02:00
Silvan Mosberger
e0759a4973
Merge pull request #97758 from yorickvP/patch-3
nixos/victoriametrics: escape newlines in ExecStart
2020-09-11 23:11:59 +02:00
WORLDofPEACE
b552ded466 nixos/gdm: fix option descriptions
If we use '' '' for strings with mkEnableOption they get a trailing space
before the period.
2020-09-11 14:14:41 -04:00
WORLDofPEACE
a39ad85726
nixos/tools/nixos-install: add jq to path 2020-09-11 13:03:03 -04:00
Damien Cassou
607f5a6755
Merge pull request #84246 from lostnet/couchdbpr
couchdb: add support for version 3.0.0
2020-09-11 17:47:47 +02:00
midchildan
36c16fa7e3
nixos/epgstation: add module 2020-09-12 00:34:47 +09:00
midchildan
090305169d
nixos/mirakurun: expose setting 'unixSocket'
and improve documentation along the way
2020-09-12 00:34:46 +09:00
Sebastian Zivota
b619f322d3 nixos/samba: install package when module is enabled 2020-09-11 15:28:01 +02:00
Will Young
0ef1be0aa1 couchdb: add support for version 3.1.0 2020-09-11 14:03:16 +02:00
Yorick
c1bef53ab5
nixos/victoriametrics: escape newlines in ExecStart
Fixes #96206
2020-09-11 12:44:33 +02:00
Thomas Tuegel
98754abe78
Merge pull request #97735 from orivej/plasma5-bluetooth
nixos/plasma5: fix build with hardware.bluetooth.enable after #97456
2020-09-11 05:35:57 -05:00
Florian Klink
56456fef75
Merge pull request #97689 from TethysSvensson/issue-97433
nixos/systemd-boot: Temporarily ignore errors
2020-09-11 10:53:07 +02:00
Doron Behar
35521e4ea7
Merge pull request #95599 from doronbehar/module/mpd/passwordFile
nixos/mpd: Allow to configure a credentialsFile
2020-09-11 09:11:13 +03:00
Orivej Desh
21b2900bd4 nixos/plasma5: fix build with hardware.bluetooth.enable = true after #97456 2020-09-11 05:29:57 +00:00
Vladimír Čunát
538e558f48
Revert "Merge #96844: nixos/nfsd: run rpc-statd as a normal user"
This reverts commit 42eebd7ade, reversing
changes made to b169bfc9e2.

This breaks nfs3.simple test and even current PR #97656 wouldn't fix it.
Therefore let's revert for now to unblock the channels.
2020-09-10 21:31:35 +02:00
Florian Klink
303078d9ca
Merge pull request #97303 from martinetd/systemd-confinement-list
systemd-confinement: handle ExecStarts etc being lists
2020-09-10 21:17:17 +02:00
Tethys Svensson
b32701bc54 nixos/systemd-boot: Temporarily ignore errors
This is a temporary fix for #97433. A more proper fix has been
implemented upstream in systemd/systemd#17001, however until it gets
backported, we are stuck with ignoring the error.

After the backport lands, this commit should be reverted.
2020-09-10 20:56:04 +02:00
Florian Klink
484632983f
Merge pull request #97631 from Izorkin/nginx-sandboxing
nixos/nginx: remove option enableSandbox
2020-09-10 20:33:25 +02:00
Doron Behar
b4756fe0c4 nixos/mpd: Mention in /etc/mpd.conf it was autogenerated 2020-09-10 18:00:29 +03:00
Maximilian Bosch
8d8871c565
nixos/nextcloud: fix nginx-config for Nextcloud 19 and older
It seems as I misconfigured `nginx` for certain cases such as the
`ldap`-plugin[1] in 42f6244899. This patch
fixes the `nginx`-config to match the upstream recommendations[2].

Also added a comment to the module to remind myself to ensure that
`nginx` will work with both v19 and v20 as soon as the latter is
released and can be packaged in `nixpkgs`.

Co-authored-by: nivadis <nivadis@users.noreply.github.com>

[1] https://github.com/nextcloud/server/issues/16194#issuecomment-688839888
[2] https://docs.nextcloud.com/server/19/admin_manual/installation/nginx.html
2020-09-10 16:50:36 +02:00
Kevin Cox
91032af924
Merge pull request #97592 from NixOS/kevincox-chrony-state
chrony: Create state directory with correct owner.
2020-09-10 09:49:55 -04:00
Sascha Grunert
35f7a3347c
kubernetes: fix certificate generation
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-10 13:07:32 +02:00
Gabriel Ebner
0256763808
Merge pull request #97596 from gebner/fix-qt5ct
nixos/qt5ct: do not require qtstyleplugins
2020-09-10 08:51:21 +02:00
Izorkin
535896671b
nixos/nginx: remove option enableSandbox 2020-09-10 08:19:20 +03:00
Ryan Mulligan
531c08a1d9 nixos/jitsi-meet: add docs 2020-09-09 22:18:20 -07:00
Jörg Thalheim
940195c0e7
Merge pull request #96991 from Mic92/sshd 2020-09-10 06:13:07 +02:00
WORLDofPEACE
f7a6a1a183
Merge pull request #96092 from nbraud/security/rngd
nixos/modules/security/rngd: Disable by default
2020-09-09 21:53:41 -04:00
nicoo
e64d3f60fb nixos/modules/security/rngd: Disable by default
`rngd` seems to be the root cause for slow boot issues, and its functionality is
redundant since kernel v3.17 (2014), which introduced a `krngd` task (in kernel
space) that takes care of pulling in data from hardware RNGs:

> commit be4000bc4644d027c519b6361f5ae3bbfc52c347
> Author: Torsten Duwe <duwe@lst.de>
> Date:   Sat Jun 14 23:46:03 2014 -0400
>
>     hwrng: create filler thread
>
>     This can be viewed as the in-kernel equivalent of hwrngd;
>     like FUSE it is a good thing to have a mechanism in user land,
>     but for some reasons (simplicity, secrecy, integrity, speed)
>     it may be better to have it in kernel space.
>
>     This patch creates a thread once a hwrng registers, and uses
>     the previously established add_hwgenerator_randomness() to feed
>     its data to the input pool as long as needed. A derating factor
>     is used to bias the entropy estimation and to disable this
>     mechanism entirely when set to zero.

Closes: #96067
2020-09-09 21:51:25 -04:00
ajs124
c97fcc3fe0
Merge pull request #97438 from pbogdan/openvpn-path
nixos/openvpn: path now requires conversion to a string
2020-09-09 23:59:01 +02:00
Gabriel Ebner
4bf695e988 nixos/qt5ct: do not require qtstyleplugins
These do not build with qt 5.15.
2020-09-09 22:30:32 +02:00
Kevin Cox
57b9d5c144
chrony: Create state directory with correct owner.
Fixes https://github.com/NixOS/nixpkgs/issues/97546
2020-09-09 15:48:48 -04:00
Richard Marko
6c9df40a4b nixos/device-tree: improve overlays support
Now allows applying external overlays either in form of
.dts file, literal dts context added to store or precompiled .dtbo.

If overlays are defined, kernel device-trees are compiled with '-@'
so the .dtb files contain symbols which we can reference in our
overlays.

Since `fdtoverlay` doesn't respect `/ compatible` by itself
we query compatible strings of both `dtb` and `dtbo(verlay)`
and apply only if latter is substring of the former.

Also adds support for filtering .dtb files (as there are now nearly 1k
dtbs).

Co-authored-by: georgewhewell <georgerw@gmail.com>
Co-authored-by: Kai Wohlfahrt <kai.wohlfahrt@gmail.com>
2020-09-09 16:34:58 +02:00
Thomas Tuegel
959c0bf468
Merge pull request #97456 from ttuegel/master--plasma5-no-qt-5.15
Remove Qt 5.15 from the Plasma 5 closure
2020-09-09 05:14:21 -05:00
Axel Forsman
b6139e58e3 nixos/picom: add experimentalBackends option
This option is only available as a command-line flag and not from the
config file, that is `services.picom.settings`. Therefore it is more
important that it gets its own option.

One reason one might need this set is that blur methods other than
kernel do not work with the old backends, see yshui/picom#464.

For reference, the home-manager picom module exposes this option too.
2020-09-09 11:30:48 +02:00
WORLDofPEACE
e044909aba
Merge pull request #93764 from evenbrenden/xdg-session-id-user-units
nixos/displayManager: add XDG_SESSION_ID to systemd user environment
2020-09-08 21:29:24 -04:00
Peter Hoeg
42eebd7ade
Merge pull request #96844 from peterhoeg/m/nfs
nixos/nfsd: run rpc-statd as a normal user
2020-09-09 09:10:46 +08:00
Matthew Bauer
58823ac103
Merge pull request #97462 from kampka/raspberrypi-builder
Revert "nixos/raspberrypi-builder: fix cross using buildPackages"
2020-09-08 19:25:23 -05:00
WORLDofPEACE
2ab42dcc9e
Merge pull request #97171 from davidak/defaultPackages
nixos/config: add defaultPackages option
2020-09-08 19:40:45 -04:00
Lassulus
dd966067ae
Merge pull request #97381 from xaverdh/xmonad-configurable
nixos/xmonad: give users some build and runtime control
2020-09-08 20:57:17 +02:00
Maximilian Bosch
40f7a4ecec
Merge pull request #97371 from WilliButz/bitwarden_rs/environment-file
nixos/bitwarden_rs: add environmentFile option
2020-09-08 20:25:28 +02:00
Christian Kampka
2c6753f9d0
Revert "nixos/raspberrypi-builder: fix cross using buildPackages"
The commit enforces buildPackages in the builder but neglects
the fact that the builder is intended to run on the target system.
Because of that, the builder will fail when remotely building a
configuration eg. with nixops or nix-copy-closure.

This reverts commit a6ac6d00f9.
2020-09-08 20:14:13 +02:00
Maciej Krüger
8c4dd13e3f
nixos/cinnamon: add warpinator & blueberry pkgs 2020-09-08 17:09:12 +02:00
Peter Hoeg
5882e3072a
Merge pull request #97325 from peterhoeg/m/mailhog
nixos/mailhog: run with DynamicUser
2020-09-08 22:55:47 +08:00
Thomas Tuegel
053b05d14d
Remove Qt 5.15 from Plasma closure 2020-09-08 08:47:34 -05:00
Piotr Bogdan
cb141359bf nixos/openvpn: path now requires conversion to a string
Following changes in https://github.com/NixOS/nixpkgs/pull/91092 the `path` attribute is now a list
instead of being a string. This resulted resulted in the following evaluation error:

"cannot coerce a list to a string, at [...]/nixos/modules/services/networking/openvpn.nix:16:18"

so we now need to convert it to the right type ourselves.

Closes https://github.com/NixOS/nixpkgs/issues/97360.
2020-09-08 11:09:04 +01:00
Oleksii Filonenko
45d7f59da8
Merge pull request #97217 from sephii/nixos-caddy-v2-migration 2020-09-08 11:17:55 +03:00
Linus Heckemann
ef4e81d756
Merge pull request #96830 from mayflower/unifi-poller
unifi-poller: add service and prometheus-exporter
2020-09-08 09:53:07 +02:00
Sylvain Fankhauser
b8bfe941fa
caddy: address remaining MR comments for v2 2020-09-08 09:29:04 +02:00
Thomas Tuegel
0b3cc29f09
Merge pull request #97242 from ttuegel/qt-5.15
Qt 5.15.0
2020-09-07 20:18:57 -05:00
Maciej Krüger
04ea3a0ff6
nixos/cinnamon: init
Co-Authored-By: WORLDofPEACE <worldofpeace@protonmail.ch>
2020-09-08 01:44:09 +02:00
Dominik Xaver Hörl
10ecd1f45b nixos/xmonad: allow passing compile time options to ghc invocation 2020-09-07 20:16:25 +02:00
Dominik Xaver Hörl
15d87cb81c nixos/xmonad: allow passing command line arguments 2020-09-07 19:25:45 +02:00
WilliButz
76362dd7eb
nixos/bitwarden_rs: add environmentFile option
Add the option `environmentFile` to allow passing secrets to the service
without adding them to the Nix store, while keeping the current
configuration via the existing environment file intact.
2020-09-07 17:39:53 +02:00
Evan Stoll
a31736120c nixos/lorri: add package option 2020-09-07 15:46:15 +02:00
Vladimír Čunát
c1c85b9bad
Merge #97146: 'staging-next' branch
This is the last planned iteration before forking 20.09.
2020-09-07 15:43:36 +02:00
Thomas Tuegel
20bfb27eaf nixos/plasma5: Use Qt 5.14 2020-09-07 08:06:33 -05:00
Peter Hoeg
d6264419f5 nixos/nfsd: run rpc-statd as a normal user 2020-09-07 18:04:03 +08:00
Peter Hoeg
9123308be5 nixos/mailhog: run with DynamicUser 2020-09-07 17:56:53 +08:00
WilliButz
5d51096839
nixos/prometheus-exporters: fix default firewall filter
Instead of always using the default port of one exporter for its default
firewall filter, the port from the current service configuration is used.
2020-09-07 10:28:36 +02:00
Oleksii Filonenko
6322325a53
caddy: 1.0.5 -> 2.0.0
Rename legacy v1 to `caddy1`
2020-09-07 09:39:16 +02:00
worldofpeace
dd2727773a Revert "nixos/qemu-vm: support nix run"
This reverts commit 02590c9620.

02590c9620 (commitcomment-42078853)
2020-09-06 19:45:10 -04:00
Maximilian Bosch
cac5339531
nixos/doc/borgbackup: correct install instructions for vorta
No need to fiddle around with `flatpack` to get `vorta`, a graphical
desktop-client for `borgbackup` running as it's available in `nixpkgs`.
2020-09-06 22:44:37 +02:00
Silvan Mosberger
f822080b05
Merge pull request #68887 from teto/ssh_banner
services.openssh: add banner item
2020-09-06 22:15:25 +02:00
Matthieu Coudron
1835fc455b services.openssh: add banner
Add the possibility to setup a banner.

Co-authored-by: Silvan Mosberger <github@infinisil.com>
2020-09-06 21:32:20 +02:00
worldofpeace
02590c9620 nixos/qemu-vm: support nix run 2020-09-06 14:57:51 -04:00
Jörg Thalheim
a5872edf2f
nixos/installer: enable sshd by default
Right now the UX for installing NixOS on a headless system is very bad.
To enable sshd without physical steps users have to have either physical
access or need to be very knowledge-able to figure out how to modify the
installation image by hand to put an `sshd.service` symlink in the
right directory in /nix/store. This is in particular a problem on ARM
SBCs (single board computer) but also other hardware where network is
the only meaningful way to access the hardware.

This commit enables sshd by default. This does not give anyone access to
the NixOS installer since by default. There is no user with a non-empty
password or key. It makes it easy however to add ssh keys to the
installation image (usb stick, sd-card on arm boards) by simply mounting
it and adding a keys to `/root/.ssh/authorized_keys`.
Importantly this should not require nix/nixos on the machine that
prepare the installation device and even feasiable on non-linux systems
by using ext4 third party drivers.

Potential new threats: Since this enables sshd by default a
potential bug in openssh could lead to remote code execution. Openssh
has a very good track-record over the last 20 years, which makes it
far more likely that Linux itself would have a remote code execution
vulnerability. It is trusted by millions of servers on many operating
systems to be exposed to the internet by default.

Co-authored-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
2020-09-06 20:26:08 +02:00
davidak
74b3d66baf nixos/config: add defaultPackages option
readd perl (used in shell scripts), rsync (needed for NixOps) and strace (common debugging tool)

they where previously removed in https://github.com/NixOS/nixpkgs/pull/91213

Co-authored-by: Timo Kaufmann <timokau@zoho.com>
Co-authored-by: 8573 <8573@users.noreply.github.com>
2020-09-06 18:58:20 +02:00
Dominique Martinet
fd196452f0 systemd-confinement: handle ExecStarts etc being lists
systemd-confinement's automatic package extraction does not work correctly
if ExecStarts ExecReload etc are lists.

Add an extra flatten to make things smooth.

Fixes #96840.
2020-09-06 18:55:10 +02:00
Florian Klink
d7046947e5
Merge pull request #91121 from m1cr0man/master
Restructure acme module
2020-09-06 18:26:22 +02:00
Frederik Rietdijk
d362c0e54e Merge master into staging-next 2020-09-06 18:14:23 +02:00
elseym
aaf0002f68
prometheus-unifi-poller-exporter: init module 2020-09-06 17:48:19 +02:00
elseym
b381aacbba
nixos/unifi-poller: init unifi-poller service 2020-09-06 17:47:52 +02:00
Peter Hoeg
6e22c6ea6a
Merge pull request #96769 from peterhoeg/m/phpfpm
nixos/phpfpm: always restart service on failure
2020-09-06 21:41:38 +08:00
Florian Klink
569fdb2c35
Merge pull request #93424 from helsinki-systems/feat/gitlab-mailroom
nixos/gitlab: Support incoming mail
2020-09-06 15:34:02 +02:00
Julien Moutinho
fb6d63f3fd apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
Peter Hoeg
5483b1e216
Merge pull request #97123 from peterhoeg/m/fscache
nixos/cachefilesd: don't set up manually
2020-09-06 10:23:32 +08:00
Jan Tojnar
f0cb5c6a15
Revert "nixos/fontconfig: fix 50-user.conf handling"
This reverts commit 8425726f86.

This should have been reverted in https://github.com/NixOS/nixpkgs/pull/95358
but I forgot about it.
2020-09-06 02:56:31 +02:00
Lucas Savva
34b5c5c1a4
nixos/acme: More features and fixes
- Allow for key reuse when domains are the only thing that
  were changed.
- Fixed systemd service failure when preliminarySelfsigned
  was set to false
2020-09-06 01:28:19 +01:00
Evan Stoll
854a229ae5
nixos/terraria: allow dataDir to be configured (#89033)
* nixos/terraria: allow dataDir to be configured

add dataDir option to terraria module

* Update nixos/modules/services/games/terraria.nix

Co-authored-by: WORLDofPEACE <worldofpeace@protonmail.ch>

Co-authored-by: WORLDofPEACE <worldofpeace@protonmail.ch>
2020-09-05 16:37:52 -04:00
Lassulus
964606d40f
Merge pull request #96659 from doronbehar/module/syncthing
nixos/syncthing: add ignoreDelete folder option
2020-09-05 22:05:04 +02:00
WORLDofPEACE
d0972c9637
Merge pull request #95194 from ju1m/nixos-install
nixos-install: add support for flakes
2020-09-05 15:31:14 -04:00
Even Brenden
660882d883 nixos/displayManager: add XDG_SESSION_ID to systemd user environment
xss-lock needs XDG_SESSION_ID to respond to loginctl lock-session(s)
(and possibly other session operations such as idle hint management).
This change adds XDG_SESSION_ID to the list of imported environment
variables when starting systemctl.

Inspired by home-manager, add importVariables configuration.

Set session to XDG_SESSION_ID when running xss-lock as a service.

Co-authored-by: misuzu <bakalolka@gmail.com>
2020-09-05 20:36:18 +02:00
Florian Klink
98d6b55fdc nixos/testing: remove remaining coverage-data logic
This isn't used anymore as per
https://github.com/NixOS/nixpkgs/pull/72354#discussion_r451031449.
2020-09-05 16:07:59 +02:00
Oleksii Filonenko
d71cadacd9
nixos/caddy: use v2 by default 2020-09-05 14:09:17 +02:00
Oleksii Filonenko
8cc592abfa
nixos/caddy: add support for v2 2020-09-05 14:09:16 +02:00
lewo
d65002aff5
Merge pull request #93314 from tnias/nixos_opendkim_20200717
nixos/opendkim: systemd sandbox
2020-09-05 08:46:19 +02:00
Lucas Savva
f57824c915
nixos/acme: Update docs, use assert more effectively 2020-09-05 01:06:29 +01:00
Julien Moutinho
539ae5c932 Revert "apparmor: add apparmor_parser config file"
This reverts commit 2259fbdf4b.
2020-09-05 01:46:12 +02:00
Jan Tojnar
4f0f26771e
Merge pull request #95358 from jtojnar/global-fontconfig 2020-09-05 00:19:38 +02:00
Lucas Savva
67a5d660cb
nixos/acme: Run postRun script as root 2020-09-04 19:34:10 +01:00
Frederik Rietdijk
af81d39b87 Merge staging-next into staging 2020-09-04 20:03:30 +02:00
Florian Klink
176d5e090a
Merge pull request #97008 from andersk/cryptception-1
cryptsetup, lvm2, systemd: Break cyclic dependency at a different point
2020-09-04 19:12:53 +02:00
Jan Tojnar
7ecabdc22b
Merge pull request #96992 from jtojnar/fc-dtd-urn
treewide: use URN for fontconfig DTD
2020-09-04 17:12:29 +02:00
Peter Hoeg
6ef2152b5d nixos/cachefilesd: don't set up manually
Use our available infrastructure instead of manually handling setup.
2020-09-04 16:11:55 +08:00
Julien Moutinho
b03c506178 nixos-install: add support for flakes 2020-09-04 06:56:09 +02:00
Julien Moutinho
c6a3a0f4f5 nixos-rebuild: do not depend on nix.conf to activate flakes 2020-09-04 06:56:09 +02:00
Lucas Savva
1b6cfd9796
nixos/acme: Fix race condition, dont be smart with keys
Attempting to reuse keys on a basis different to the cert (AKA,
storing the key in a directory with a hashed name different to
the cert it is associated with) was ineffective since when
"lego run" is used it will ALWAYS generate a new key. This causes
issues when you revert changes since your "reused" key will not
be the one associated with the old cert. As such, I tore out the
whole keyDir implementation.

As for the race condition, checking the mtime of the cert file
was not sufficient to detect changes. In testing, selfsigned
and full certs could be generated/installed within 1 second of
each other. cmp is now used instead.

Also, I removed the nginx/httpd reload waiters in favour of
simple retry logic for the curl-based tests
2020-09-04 01:09:43 +01:00
Anders Kaseorg
f4b2c9dfe7 cryptsetup, lvm2, systemd: Break cyclic dependency at a different point
The cyclic dependency of systemd → cryptsetup → lvm2 → udev=systemd
needs to be broken somewhere.  The previous strategy of building
cryptsetup with an lvm2 built without udev (#66856) caused the
installer.luksroot test to fail.  Instead, build lvm2 with a udev built
without cryptsetup.

Fixes #96479.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-09-03 12:35:56 -07:00
Janne Heß
8cf4ec8b97
nixos/systemd: Don't use apply for $PATH
When not using apply, other modules can use $PATH as a list instead of
getting a colon-separated list to each /bin directory.
2020-09-03 20:27:55 +02:00
Philipp Bartsch
47928442a8 nixos/opendkim: add keyPath to ReadWritePaths 2020-09-03 17:54:16 +02:00
Philipp Bartsch
118f341723 nixos/opendkim: add systemd service sandbox 2020-09-03 17:54:15 +02:00
Daniël de Kok
7b73713a98 programs.zsh: remove unnecessary with 2020-09-03 08:42:24 +02:00
Jörg Thalheim
02a2649220
Merge pull request #89748 from heinic/krb5-lists 2020-09-03 07:31:22 +01:00
Jan Tojnar
6dd3b54ccc
treewide: use URN for fontconfig DTD
To match upstream change:

9c46ef4aac
2020-09-03 06:39:00 +02:00
WORLDofPEACE
8739e4235e
Merge pull request #96925 from jtojnar/gpaste-session-path
nixos/gpaste: return sessionPath
2020-09-02 15:43:53 -04:00
Lucas Savva
61dbf4bf89
nixos/acme: Add proper nginx/httpd config reload checks
Testing of certs failed randomly when the web server was still
returning old certs even after the reload was "complete". This was
because the reload commands send process signals and do not wait
for the worker processes to restart. This commit adds log watchers
which wait for the worker processes to be restarted.
2020-09-02 19:25:30 +01:00
Lucas Savva
982c5a1f0e
nixos/acme: Restructure module
- Use an acme user and group, allow group override only
- Use hashes to determine when certs actually need to regenerate
- Avoid running lego more than necessary
- Harden permissions
- Support "systemctl clean" for cert regeneration
- Support reuse of keys between some configuration changes
- Permissions fix services solves for previously root owned certs
- Add a note about multiple account creation and emails
- Migrate extraDomains to a list
- Deprecate user option
- Use minica for self-signed certs
- Rewrite all tests

I thought of a few more cases where things may go wrong,
and added tests to cover them. In particular, the web server
reload services were depending on the target - which stays alive,
meaning that the renewal timer wouldn't be triggering a reload
and old certs would stay on the web servers.

I encountered some problems ensuring that the reload took place
without accidently triggering it as part of the test. The sync
commands I added ended up being essential and I'm not sure why,
it seems like either node.succeed ends too early or there's an
oddity of the vm's filesystem I'm not aware of.

- Fix duplicate systemd rules on reload services

Since useACMEHost is not unique to every vhost, if one cert
was reused many times it would create duplicate entries in
${server}-config-reload.service for wants, before and
ConditionPathExists
2020-09-02 19:22:43 +01:00
Félix Baylac-Jacqué
09c383c17a
Merge pull request #94917 from ju1m/biboumi
nixos/biboumi: init
2020-09-02 17:43:27 +02:00
WORLDofPEACE
31008a8f15
Merge pull request #96937 from jtojnar/drop-strigi
strigi: drop
2020-09-02 08:53:24 -04:00
WORLDofPEACE
18348c7829
Merge pull request #96042 from rnhmjoj/loaOf
treewide: completely remove types.loaOf
2020-09-02 08:45:37 -04:00
Sascha Grunert
27b0c4b151 nixos/containers: add oci-seccomp-bpf-hook
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-02 21:53:37 +10:00
Julien Moutinho
f333296776 nixos/biboumi: init 2020-09-02 08:31:53 +02:00
WORLDofPEACE
765d0371a8
Merge pull request #96879 from romildo/rm.deepin.doc
deepin: register removal in release notes, aliases and module list
2020-09-02 02:25:43 -04:00
Orivej Desh
1a68e21d47
nixos/systemd: support adding and overriding tmpfiles.d via environment.etc (#96766)
This allows the user to configure systemd tmpfiles.d via
`environment.etc."tmpfiles.d/X.conf".text = "..."`, which after #93073
causes permission denied (with new X.conf):

```
ln: failed to create symbolic link '/nix/store/...-etc/etc/tmpfiles.d/X.conf': Permission denied
builder for '/nix/store/...-etc.drv' failed with exit code 1
```

or collision between environment.etc and systemd-default-tmpfiles
packages (with existing X.conf, such as tmp.conf):

```
duplicate entry tmpfiles.d/tmp.conf -> /nix/store/...-etc-tmp.conf
mismatched duplicate entry /nix/store/...-systemd-246/example/tmpfiles.d/tmp.conf <-> /nix/store/...-etc-tmp.conf
builder for '/nix/store/...-etc.drv' failed with exit code 1
```

Fixes #96755
2020-09-02 02:54:11 +00:00
John Ericson
1965a241fc
Merge pull request #61019 from volth/gcc.arch-amd
platform.gcc.arch: support for AMD CPUs
2020-09-01 22:31:16 -04:00
Jan Tojnar
77293baff0
strigi: drop
It has not been used by KDE for many years and depends on umaintained libraries we want to drop (Qt4 and Gamin).
2020-09-02 02:05:40 +02:00
rnhmjoj
bc62423a87
nixos/doc: convert loaOf options refs to attrsOf 2020-09-02 00:42:51 +02:00
rnhmjoj
20d491a317
treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00
José Romildo Malaquias
b5c9c03fac nixos/deepin: register as a removed module 2020-09-01 19:42:08 -03:00
Jan Tojnar
3b68a757ff
nixos/gpaste: return sessionPath
GPaste ships keybindings for gnome-control-center. Those depend on GSettings schemas
but there is currently no mechanism for loading schemas other than using global ones
from $XDG_DATA_DIRS. Eventually, I want to add such mechanism but until then,
let's return the impure sessionPath option that was removed in
f63d94eba3
2020-09-01 22:21:09 +02:00
Aaron Andersen
c51e7b7874 nixos/beanstalkd: add openFirewall option 2020-09-01 10:07:28 -04:00
Janne Heß
d85f50b71f
nixos/gitlab: Support pages
Fixes #84525
2020-09-01 12:08:36 +02:00
Sascha Grunert
46a0aa4176 nixos/cri-o: unset hooks dir to avoid dir creation on startup
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-01 18:04:54 +10:00
Lassulus
a081e99e41
Merge pull request #83780 from hax404/robustirc-bridge
robustirc-bridge: init at 1.8
2020-08-31 18:14:45 +02:00
Frederik Rietdijk
303e0bca3b
Merge pull request #96610 from romildo/rm.deepin
deepin: remove from nixpkgs
2020-08-31 17:58:11 +02:00
Peter Hoeg
07408cac94 nixos/phpfpm: always restart service on failure 2020-08-31 21:19:54 +08:00
Silvan Mosberger
6716867eb3
Merge pull request #96686 from nixy/add/tor-package-option
tor: Add option to tor service for package
2020-08-30 23:02:37 +02:00
Andrew R. M
168a9c8d38 Add option to tor service for package 2020-08-30 14:35:36 -04:00
José Romildo Malaquias
b768afb2e9 deepin: remove from nixpkgs
The Deepin Desktop Environment (DDE) is not yet fully packaged in
nixpkgs and it has shown a very difficult task to complete, as
discussed in https://github.com/NixOS/nixpkgs/issues/94870. The
conclusion is that it is better to completely remove it.
2020-08-30 15:27:42 -03:00
Georg Haas
9376dd8516
nixos/modules/robustirc-bridge: init 2020-08-30 18:34:22 +02:00
Doron Behar
8cd4d59a32 nixos/samba: remove upstream deprecated syncPasswordsByPam option 2020-08-30 14:29:13 +03:00
Doron Behar
5789ffc509 nixos/syncthing: add ignoreDelete folder option 2020-08-30 10:55:03 +03:00
Matthew Bauer
fc726e3494 Revert "nixos/nix-daemon.nix: assert distributedBuilds and buildMachines!=[]"
This reverts commit 67b6e56391.
This reverts commit 250885d0ca.

Causes issues for some configs, see 67b6e56391
2020-08-29 22:39:24 -05:00
edef
fcdfa881c8
Merge pull request #96589 from deviant/nre-improvements
`nixos-rebuild edit` improvements
2020-08-29 17:26:09 +00:00
Jan Tojnar
b49a769970
fontconfig: get rid of rest of versioned configs
The incompatibility does not seem to exist any more: programs linked against fc 2.12
on fc 2.14 system seem to at least display text, even while printing tons of errors
(as long as you generate fc cache manually), and same thing the other way around.
Hopefully it will not be an issue in the future.
2020-08-29 19:16:22 +02:00
Lassulus
a55bb108fc
Merge pull request #85328 from langston-barrett/lb/restart-dispatcher
nixos/networkmanager: restart dispatcher when nameservers change
2020-08-29 16:24:28 +02:00
Aaron Andersen
af25b37814
Merge pull request #96316 from aanderse/redmine
nixos/redmine: replace extraConfig option with settings option
2020-08-29 09:13:13 -04:00
Aaron Andersen
bcdcd5d9fc
Merge pull request #95880 from aanderse/postgresql-settings
nixos/postgresql: replace extraConfig option with settings option
2020-08-29 09:12:54 -04:00
Frederik Rietdijk
7b56d26ae3 Merge master into staging-next 2020-08-29 13:30:25 +02:00
Robert Hensing
4841b30784
Merge pull request #94804 from hercules-ci/init-nixos-hercules-ci-agent
nixos/hercules-ci-agent: init
2020-08-29 10:20:14 +02:00
V
e08bcdbec3 nixos-rebuild: don't quote $EDITOR
$EDITOR is allowed to contain flags, so it is important to allow the
shell to split this normally. For example, Sublime Text needs to be
passed --wait, since otherwise it will daemonise.
2020-08-29 09:54:14 +02:00
V
be193a2057 nixos-rebuild: make 'edit' work with directories
$NIXOS_CONFIG can be set to a directory, in which case the file used
is $NIXOS_CONFIG/default.nix. This updates 'nixos-rebuild edit' to
handle that case correctly.
2020-08-29 09:54:02 +02:00
Symphorien Gibol
7200fde2d5 nixos/dovecot: configure mailboxes for all processes
Notably fts plugins need them for fts_autoindex_exclude = \SomeFlag
2020-08-28 22:24:04 +02:00
Daniël de Kok
db77fb705e
Merge pull request #96497 from NickHackman/emacs-documentation-typo-fix
Fix typo in services/editors/emacs documentation
2020-08-28 10:43:50 +02:00
Joachim F
18c52dadfe
Merge pull request #96034 from saschagrunert/apparmor
apparmor: add apparmor_parser config file
2020-08-28 08:08:25 +00:00
Frederik Rietdijk
efb45f7638 Merge master into staging-next 2020-08-28 09:54:31 +02:00
Nick Hackman
626bd1f111 Fix typo in services/editors/emacs documentation
In section `sec-modify-via-packageOverrides`: is -> if
2020-08-27 16:58:52 -04:00
Lassulus
7c509270d6
Merge pull request #96460 from sorki/sdImage_post_build
nixos/sdImage: add postBuildCommands
2020-08-27 21:02:20 +02:00
Richard Marko
170e1afd84 nixos/sdImage: add postBuildCommands
This allows to perform `dd if= of=$img` after the image is built
which is handy to add e.g. uBoot SPL to the built image.

Instructions for some ARM boards sometimes contain this step
that needs to be performed manually, with this patch it can be
part of the nix file used to built the image.
2020-08-27 20:18:18 +02:00
Matthew Bauer
3814422afa
Merge pull request #96218 from matthewbauer/cage-supply-pam-environment
nixos/cage: supply pamEnvironment
2020-08-27 10:15:29 -05:00
Matthew Bauer
fe8d0c2e0b nixos/cage: supply pamEnvironment
Without this, you don’t get any of the sessionVariables in the cage
application. Things like XDG_DATA_DIRS, XCURSOR_PATH, etc. are
missing.
2020-08-27 10:11:45 -05:00
Lassulus
c265ca02ca
Merge pull request #85963 from seqizz/g_physlock_message
physlock: add optional lock message
2020-08-27 10:18:34 +02:00
Matthew Bauer
25ac498482
Merge pull request #96404 from matthewbauer/gcc-cross
Fix cycle detected in Darwin->Linux cross GCC
2020-08-26 16:17:14 -05:00
Aaron Andersen
2a44265608 nixos/postgresql: replace extraConfig option with settings option 2020-08-26 17:06:48 -04:00
Lassulus
e453860b8f
Merge pull request #86236 from ThibautMarty/fix-nullOr-types
treewide: fix modules options types where the default is null
2020-08-26 18:21:29 +02:00
Lassulus
12baef56e4
Merge pull request #96127 from hmenke/shadowsocks
shadowsocks service: support plugins
2020-08-26 16:49:55 +02:00
Joachim F
1ad014b3d0
Merge pull request #96080 from Izorkin/unprivileged-userns-clone
nixos/security/misc: add option unprivilegedUsernsClone
2020-08-26 14:20:51 +00:00
Robert Hensing
4d43de37b2 nixos/nixpkgs.nix: Correct crossSystem default literal
The default is null and the documentation should reflect that.
2020-08-26 13:35:35 +02:00
Aaron Andersen
a7c69047df nixos/redmine: remove database.password option 2020-08-26 07:08:07 -04:00
Aaron Andersen
6cf743e52d nixos/redmine: allow user to override contents of additional_environment.rb 2020-08-26 07:08:07 -04:00
Aaron Andersen
dee97b8b44 nixos/redmine: replace extraConfig option with settings option 2020-08-26 07:08:07 -04:00
Frederik Rietdijk
081bd762e5 Merge staging-next into staging 2020-08-26 08:43:29 +02:00
Frederik Rietdijk
f6286dea88 extra-utils: build a full lvm2 without udev support, fixes #96197
dmsetup was missing symbols.
https://github.com/NixOS/nixpkgs/pull/96290#issuecomment-680252830
2020-08-26 08:39:01 +02:00
Henri Menke
d35cb15153
nixos/shadowsocks: support plugins 2020-08-26 14:01:41 +12:00
Lassulus
e357d0ec8c
Merge pull request #95678 from helsinki-systems/upd/sogo
sogo: 4.3.2 -> 5.0.0
2020-08-26 00:04:36 +02:00
Herwig Hochleitner
49dba2c4ad
Merge pull request #96263 from bendlas/warn-wpa-supplicant-config
nixos: wpa_supplicant: warn on unused config
2020-08-25 23:34:18 +02:00
Anderson Torres
fffabfaefd
Merge pull request #96179 from bbigras/sssd
nixos/sssd: fix the module
2020-08-25 16:59:11 -03:00
Anderson Torres
213c004335
Merge pull request #79239 from andersk/mlocate-warning
locate: Clarify mlocate warning message
2020-08-25 16:58:02 -03:00
Jonathan Ringer
7e07d142e7 nixos/octoprint: improve example 2020-08-25 09:13:13 -07:00
Nico Heitmann
0bee87c400 nixos/krb5: add list to example configuration
Updated the relevant nixos test to match the example configuration.
2020-08-25 17:18:56 +02:00
Augustin Borsu
19a7012769 jupyterhub: fix authenticator configuration
authentication_class  is invalid, it should be authenticator_class cfr [project doc|https://tljh.jupyter.org/en/latest/topic/authenticator-configuration.html]
2020-08-25 13:50:18 +02:00
Izorkin
e21e5a9483 nixos/security/misc: add option unprivilegedUsernsClone 2020-08-25 14:18:24 +03:00
Herwig Hochleitner
8e3da733b1 nixos: wpa_supplicant: warn on unused config 2020-08-25 12:29:58 +02:00
Linus Heckemann
27f0ca6670 stage-1 find-libs: initialise left to empty array
declare -a is not sufficient to make the array variable actually
exist, which resulted in the script failing when the target object did
not have any DT_NEEDED entries. This in turn resulted in some
initramfs libraries not having their rpaths patched to point to
extra-utils, which in turn broke the extra-utils tests.
2020-08-25 12:10:30 +02:00
Sebastien Bariteau
db2de55cbe
nixos/espanso: init module (#93483)
nixos/espanso: init module
2020-08-24 20:37:33 -04:00
Eelco Dolstra
63b8d53640
Merge pull request #96103 from deviant/remove-rfkill
rfkill: remove
2020-08-24 18:14:14 +02:00
Bruno Bigras
5d36e00b7d nixos/sssd: fix the module
'system.nssModules' was not set correctly

fix #91242
2020-08-24 10:10:47 -04:00
Florian Klink
40d2968ebf
Merge pull request #94354 from flokli/systemd-246
systemd: 245.6 -> 246
2020-08-24 12:42:24 +02:00
Frederik Rietdijk
0a874ff2a6 Merge master into staging-next 2020-08-24 11:50:58 +02:00
V
b63b5eda68 rfkill: remove
rfkill was subsumed by util-linux in 2017 [1], and the upstream has not
been updated in over 5 years [2]. This package shadows the rfkill from
util-linux, so it can be completely removed with no breaking changes,
because util-linux is in the base package set in nixos/system-path.

[1] d17fb726b5
[2] https://git.sipsolutions.net/rfkill.git/log/
2020-08-24 02:49:27 +02:00
Robert Hensing
346a1b0ec6 nixos/hercules-ci-agent: init 2020-08-23 20:13:15 +02:00
Antoine Eiche
8595a0d6b9 Remove docker-preloader module and test 2020-08-23 10:49:13 +02:00
Lassulus
bfd706923e
Merge pull request #87700 from serokell/mkaito/upstream/prometheus-port
prometheus: Split options listenAddress and port
2020-08-23 09:29:01 +02:00
Lassulus
4165f9869e
Merge pull request #91586 from manveru/amazon-ssm-agent-2.3.1319.0
ssm-agent: 2.0.633.0 -> 2.3.1319.0
2020-08-23 08:48:16 +02:00
Jan Tojnar
91104b5417
Merge branch 'master' into staging-next 2020-08-23 02:00:50 +02:00
Sascha Grunert
ddfa221670 cri-o: add loobpack CNI config to module
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-23 09:32:40 +10:00
Sascha Grunert
2259fbdf4b
apparmor: add apparmor_parser config file
If the config does not exist, then apparmor_parser will throw a warning.
To avoid that and make the parser configurable, we now add a new option
to it.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-22 22:59:26 +02:00
Justin Humm
6a7b11055c
Merge pull request #93532 from erictapen/gollum-h1-title
nixos/gollum: introduce --h1-title option
2020-08-22 22:45:43 +02:00
Lassulus
2fb9ee9caa
Merge pull request #87553 from JoeDupuis/enhancing-monit-module
nixos/monit: Allow splitting the config in multiple files
2020-08-22 19:21:55 +02:00
Silvan Mosberger
af1ac757ff
Merge pull request #95986 from turboMaCk/imwheel-service
nixos/services.imwheel: sleep 3s before restarting
2020-08-22 16:51:48 +02:00
Silvan Mosberger
f8e6745ad3
Merge pull request #82817 from pacien/smartd-fix-hostname-notifications
smartmontools: fix missing hostname in notifications
2020-08-22 16:09:14 +02:00
Lassulus
6a2c73031a
Merge pull request #89353 from wizeman/u/fix-zfs-ebusy
stage-1: retry mounting ZFS root a few times
2020-08-22 15:42:32 +02:00
Marek Fajkus
dcaa2d2c74
nixos/services.imwheel: sleep 3s before restarting 2020-08-22 14:52:18 +02:00
Lassulus
8a141825a3
Merge pull request #89779 from jktr/acme-extra-flags
nixos/acme: extra lego flags
2020-08-22 14:29:39 +02:00
Lassulus
d8e671676d
Merge pull request #89785 from buckley310/logstash
logstash: fix support for multiple plugin paths
2020-08-22 14:07:20 +02:00
Atemu
eb4e67505f undervolt: expose power limits as Nixopts
We no longer escape the flags because the power limit flags want two arguments
If we escaped them, we'd only get one argument with an escaped space in it.

Undervolt's flags don't have anything in them that would need to be escaped, so
that shouldn't break anything
2020-08-22 12:27:13 +02:00
Lassulus
82b424453b
Merge pull request #86632 from Atemu/undervolt-timer-optional
Undervolt: Make timer optional
2020-08-22 11:48:30 +02:00
Atemu
ed83bac1d9 undervolt: make timer opt-in
It should no longer be needed but is worth keeping around in case it is
2020-08-22 10:42:20 +02:00
Atemu
e6f0a1e7eb undervolt: apply undervolt on boot and resume
The undervolt did not persist reboots or sleep/hibernation. With this
change you should no longer have to apply the undervolt on a timer
2020-08-22 10:42:19 +02:00
Silvan Mosberger
1b8a94db67
nixos/logrotate: Fix option reference
Fixes the manual build
2020-08-22 01:38:38 +02:00
Aaron Andersen
4df837063f
Merge pull request #95809 from aanderse/logrotate
nixos/logrotate: switch `paths` option type from listOf to attrsOf
2020-08-21 17:31:52 -04:00
Aaron Andersen
91db1c8aec
Merge pull request #87712 from aanderse/zabbix
zabbix: 4.4.8 -> 5.0.2
2020-08-21 17:11:55 -04:00
Aaron Andersen
06d17caf92 nixos/httpd: configure log rotation 2020-08-21 17:04:07 -04:00
Aaron Andersen
00f08005af nixos/logrotate: switch paths option type from listOf to attrsOf 2020-08-21 17:04:04 -04:00
Silvan Mosberger
bf777413f9
Merge pull request #95722 from Infinisil/dovecot-mailboxes-improved
nixos/dovecot: Improve mailboxes type
2020-08-21 22:40:50 +02:00
Jörg Thalheim
6f4141507b
meguca: remove (#95920) 2020-08-21 13:00:40 -07:00
Jörg Thalheim
b6e2e4c777
Merge pull request #93425 from helsinki-systems/feat/gitlab-shell-config 2020-08-21 19:20:42 +01:00
Janne Heß
ae1dada42f
nixos/gitlab: Support incoming mail
When incoming mails are enabled, an extra service is needed.
Closes #36125.
2020-08-21 18:56:20 +02:00
Lassulus
6f87509957
Merge pull request #91296 from cawilliamson/master
nixos/onlykey: fix typo
2020-08-21 18:27:46 +02:00
Lassulus
ebf11e405d
Merge pull request #95122 from rudolph9/nixos/xmonad
nixos/xmonad: Fix behavior of config opt
2020-08-21 08:51:42 +02:00
Sascha Grunert
71dd85bffa cri-o: add pinns path and witch to crio.conf.d config style
This adds the pinns path to the configuration let CRI-O start properly.
We also change the configuration to the new drop-in syntax.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-21 12:09:20 +10:00
adisbladis
7d6e7b3cd3
Merge pull request #95878 from adisbladis/emacs-26
emacs: Fix emacs26 attribute(s)
2020-08-21 01:26:44 +02:00
Aaron Andersen
b87b6abd17
Merge pull request #95294 from aanderse/postgresql-rootless
nixos/postgresql: run ExecStartPost as an unprivileged user
2020-08-20 19:16:23 -04:00
adisbladis
d1fdc67c53
nixos/editors: Remove any explicit mention of Emacs 25 2020-08-21 00:34:15 +02:00
Jan Tojnar
2adf17f8c2
Merge pull request #95869 from jtojnar/fc-local-regression
nixos/fontconfig: fix local.conf regression
2020-08-20 23:43:47 +02:00
Jan Tojnar
fe1b9ebaf1
nixos/fontconfig: fix local.conf regression
Another part of edf2541f02 was missed while
rebasing https://github.com/NixOS/nixpkgs/pull/93562, resulting in incorrect path
as described by https://github.com/NixOS/nixpkgs/issues/86601#issuecomment-675462227
2020-08-20 20:09:28 +02:00
davidak
5a3738d22b
nixos/systemPackages: clean up (#91213)
* nixos/systemPackages: clean up

* Update nixos/doc/manual/release-notes/rl-2009.xml

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>

* Update nixos/doc/manual/release-notes/rl-2009.xml

Co-authored-by: 8573 <8573@users.noreply.github.com>

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
Co-authored-by: 8573 <8573@users.noreply.github.com>
2020-08-20 13:45:54 +00:00
Aaron Andersen
fd250d57bb
Merge pull request #79123 from aanderse/apachectl
nixos/httpd: remove impurity from /etc
2020-08-19 20:56:51 -04:00
Anderson Torres
e7139f46cd
Merge pull request #93654 from Church-/jellyfin_10.6.0
jellyfin 10.5.5 -> 10.6.0
2020-08-19 10:21:16 -03:00
Frederik Rietdijk
4cf394ea3f Merge master into staging-next 2020-08-18 17:55:04 +02:00
Aaron Andersen
f6a3403055 nixos/zabbix: use proper character set and collation for mysql database 2020-08-18 10:30:27 -04:00
Silvan Mosberger
cfd599e117
Merge pull request #95743 from Ma27/qemu-test-out
nixos/test-instrumentation: properly import `options` for `qemu`-check
2020-08-18 14:29:50 +02:00
Silvan Mosberger
fc121e2813
nixos/dovecot: Improve mailboxes type
The previous use of types.either disallowed assigning a list at one
point and an attrset an another.
2020-08-18 14:25:51 +02:00
Jörg Thalheim
4b9a2e13a8
cloud-utils: split of smaller .guest output 2020-08-18 11:37:41 +01:00
Maximilian Bosch
2fbddb0ccb
nixos/test-instrumentation: properly import options for qemu-check
If `qemu-vm.nix` is imported, the option `virtualisation.qemu.consoles`
should be set to make sure that the machine's output isn't rendered on
the graphical window of QEMU.

This is needed when interactively running a NixOS test or in conjunction
with `nixos-build-vms(8)`.

The patch 2578557530 tries to only do this
if the option actually exists, however this condition used to be always
false since `options` wasn't imported in the module and pointed to
`lib.options` due to the `with lib;`-clause.
2020-08-18 12:26:49 +02:00
Frederik Rietdijk
fe7bab33d7
Merge pull request #95553 from zowoq/rename-maintainers
maintainers: prefix number with underscore
2020-08-18 11:30:24 +02:00
Silvan Mosberger
7db9fd1dbc
Merge pull request #81467 from dawidsowa/rss-bridge
rss-bridge: init at 2020-02-26
2020-08-18 05:00:41 +02:00
zowoq
0052523a18 maintainers: 1000101 -> _1000101 2020-08-18 07:59:48 +10:00
zowoq
7d9c49f8e6 maintainers: 0x4A6F -> _0x4A6F 2020-08-18 07:59:44 +10:00
Silvan Mosberger
c6aa9e4af6
Merge pull request #95681 from flokli/fontconfig-penultimate-remove
nixos/fonts: remove fontconfig-penultimate
2020-08-17 23:47:52 +02:00
Florian Klink
8425726f86 nixos/fontconfig: fix 50-user.conf handling
Apparently, edf2541f02 was missed while
rebasing https://github.com/NixOS/nixpkgs/pull/93562.

Provide 50-user.conf in fontconfig if includeUserConf is true (the
default), and don't try removing the non-existent one if it's disabled

Fixes https://github.com/NixOS/nixpkgs/issues/95685
Fixes https://github.com/NixOS/nixpkgs/issues/95712
2020-08-17 23:12:57 +02:00
Jörg Thalheim
8b18e07c40
Merge pull request #95522 from doronbehar/fix/transmission
nixos/transmission: handle watch-dir
2020-08-17 19:54:48 +01:00
Jörg Thalheim
914d37cbc9
Merge pull request #95686 from ju1m/transmission-fix
transmission: fix BindReadOnlyPaths=
2020-08-17 19:52:27 +01:00
Frederik Rietdijk
0ac85bc455 Merge master into staging-next 2020-08-17 14:54:39 +02:00
Julien Moutinho
f6c3d4f723 transmission: fix BindReadOnlyPaths= 2020-08-17 14:09:12 +02:00
Martin Weinelt
a153452e54
Merge pull request #95508 from Ma27/nextcloud-nginx
nixos/nextcloud: update nginx config
2020-08-17 13:46:47 +02:00
Florian Klink
1d51b526e4 nixos/fonts/fontconfig-penultimate: remove module 2020-08-17 13:25:46 +02:00
ajs124
696357c376 sogo: remove SOGoZipPath
sogo links against libzip now
2020-08-17 12:15:16 +02:00
pacien
ea37c9caa1 smartmontools: use standard subject in notification emails
This makes the notification script use the subject generated by smartmontools
itself both for consistency with other distros and to include the hostname.
2020-08-16 20:48:42 +02:00
pacien
f1922cdbdc smartmontools: fix missing hostname in notifications
This properly registers some missing dependencies of smartd_warning.sh.
2020-08-16 20:48:03 +02:00
Florian Klink
bda86eee87
Merge pull request #95222 from eadwu/kresd/runtime-fixes
kresd: runtime fixes
2020-08-16 18:44:27 +02:00
Florian Klink
16fc531784
Merge pull request #95505 from flokli/remove-mathics
mathics: remove package, module and test
2020-08-16 18:42:10 +02:00
Vladimír Čunát
0a3386369c
qemu: fix build with environment.noXlibs = true
In some tests, e.g. -f nixos/release.nix tests.simple.x86_64-linux
we use noXlibs and qemu.ga.  Now that output is tiny but to get it
a full qemu build is done, and some dependencies like gtk3 won't build
with noXlibs due to their dependencies being too stripped down.

Therefore let's reduce qemu features in noXlibs case.
The `sdlSupport = false;` part probably wasn't needed,
but I added it for consistency.
2020-08-16 18:25:31 +02:00
Edmund Wu
68366adf3c
nixos/kresd: ensure /run/knot-resolver exists 2020-08-16 12:20:10 -04:00
Edmund Wu
6c67af2fac
nixos/kresd: ensure /var/lib/knot-resolver exists 2020-08-16 12:20:03 -04:00
Edmund Wu
1a6240bde4
nixos/kresd: fix CacheDirectory permissions as per tmpfiles 2020-08-16 12:18:32 -04:00
Edmund Wu
ed89d043dc
nixos/kresd: remove derivation from systemd.tmpfiles
Using per-unit directives as per https://github.com/NixOS/nixpkgs/pull/95222#issuecomment-674512571
2020-08-16 12:17:14 -04:00
Maximilian Bosch
e8bdadb864
Merge pull request #95109 from Ma27/nextcloud-reverse-proxy
nixos/nextcloud: add documentation for alternative reverse-proxies
2020-08-16 18:09:45 +02:00
Noah Hendrickson
ce9f0c42f9 nixos/jellyfin: added a package option to the options section, defaults to using the default jellyfin package if nixos version is 20.09 or greater, otherwise will default to using the new jellyfin_10_5 derivation for older systems. 2020-08-16 11:41:41 -04:00
Florian Klink
36a162edc3
Merge pull request #95342 from flokli/systemd-initctl
nixos/systemd: don't try to install systemd-initctl.{service,socket}
2020-08-16 17:17:18 +02:00
Doron Behar
ccee8dc09f nixos/mpd: Allow to configure a credentialsFile
Allow to specify a password file to be located outside the store, and be
read in `ExecStartPre`.
2020-08-16 18:03:47 +03:00
Ben Wolsieffer
23b4356a5f nixos/nixos-*: use runtimeShell
Fix shebangs and other shell uses in the NixOS tools, allowing them to work
correctly on cross-compiled systems.
2020-08-16 13:08:33 +00:00
Florian Klink
b2f3bbd3fb
Merge pull request #95507 from flokli/remove-mesos
mesos: remove package, module and test (and chronos/marathon which depends on it)
2020-08-16 14:46:24 +02:00
Jörg Thalheim
aeffd67cec
Merge pull request #95493 from Izorkin/nginx-unit 2020-08-16 13:20:31 +01:00
Robert Hensing
cf568e31f8
Merge pull request #95584 from hercules-ci/fix-nixos-test-instrumentation
nixos/test-instrumentation.nix: Fix evaluation error
2020-08-16 13:59:50 +02:00
Robert Hensing
2578557530 nixos/test-instrumentation.nix: Fix evaluation error
Discovered via https://github.com/NixOS/nixpkgs/pull/82743 which
improved option checking, causing an evaluation error that was
hard to understand without running the evaluation manually.
2020-08-16 13:50:53 +02:00
Ben Wolsieffer
8f1de2e7c0 environment.noXlibs: disable X11 support in cairo 2020-08-16 10:33:44 +00:00
Florian Klink
b3909d1cb1
Merge pull request #95565 from vcunat/p/symlinkJoin
nixos/systemd.tmpfiles.packages: fix an edge case
2020-08-16 12:27:19 +02:00
Florian Klink
609eb86db7
Merge pull request #95444 from doronbehar/fix/mount+s
nixos/wrappers: make mount have the +s bit.
2020-08-16 12:23:12 +02:00
paumr
d420369354 nixos/emacs: formatted with nixpkgs-fmt 2020-08-16 10:22:56 +00:00
Doron Behar
22abe3202f nixos/transmission: handle watch-dir as incomplete-dir
`watch-dir` was neglected after #92106 - this change makes using this
setting work.
2020-08-16 12:43:02 +03:00
Vladimír Čunát
3937923f81
nixos/systemd.tmpfiles.packages: fix an edge case
symlinkJoin can break (silently) when the passed paths contain symlinks
to directories.  This should work now.

Down-side: when lib/tmpfiles.d doesn't exist for some passed package,
the error message is a little less explicit, because we never get
to the postBuild phase (and symlinkJoin doesn't provide a better way):
/nix/store/HASH-NAME/lib/tmpfiles.d: No such file or directory

Also, it seemed pointless to create symlinks for whole package trees
and using only a part of the result (usually very small part).
2020-08-16 10:23:53 +02:00
Aaron Andersen
8e045b42fd nixos/postgresql: move ExecStartPost into postStart 2020-08-15 16:59:53 -04:00
Aaron Andersen
ec82ae3c39 nixos/postgresql: run ExecStartPost as an unprivileged user 2020-08-15 16:59:49 -04:00
Doron Behar
a854b77b08 nixos/wrappers: make (u)mount have the +s bit.
See
https://discourse.nixos.org/t/how-to-make-a-derivations-executables-have-the-s-permission/8555
and:
https://www.linuxquestions.org/questions/slackware-14/must-be-superuser-to-use-mount-fstab-is-correct-however-144932/
2020-08-15 21:57:16 +03:00
Florian Klink
01684d6e9b nixos/mathics: remove module 2020-08-15 20:16:13 +02:00
Florian Klink
b7be00ad5e
Merge pull request #93358 from helsinki-systems/fix/gitlab-customrb
nixos/gitlab: Fix extra-gitlab.rb
2020-08-15 20:13:28 +02:00
Maximilian Bosch
42f6244899
nixos/nextcloud: update nginx config
This patch ensures that latest Nextcloud works flawlessly again on our
`nginx`. The new config is mostly based on upstream recommendations
(again)[1]:

* Trying to access internals now results in a 404.
* All `.php`-routes get properly resolved now.
* Removed 404/403 handling from `nginx` as the app itself takes care of
  this. Also, this breaks the `/ocs`-API.
* `.woff2?`-files expire later than other assets like images.

Closes #95293

[1] https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
2020-08-15 17:12:11 +02:00
Florian Klink
645ea787c9 nixos/marathon: remove module
The corresponding package failed to build for >9 months.
2020-08-15 16:59:58 +02:00
Florian Klink
a90b929020 nixos/chronos: remove module
The chronos package has been broken for > 9 months due to the breakage
of the mesos package.
2020-08-15 16:59:38 +02:00
Florian Klink
34d91a8cba nixos/mesos*: remove
The mesos package has been broken for >9 months.
2020-08-15 16:59:37 +02:00
Izorkin
26898b8518 nixos/unit: update sandboxing options 2020-08-15 11:21:09 +03:00
Jörg Thalheim
7acb961c67
Merge pull request #93395 from hmenke/zfs
ZFS: Request credentials only for selected pools
2020-08-15 09:19:49 +01:00
Frederik Rietdijk
cfe6081cee Merge staging-next into staging 2020-08-15 09:12:42 +02:00
Martin Weinelt
f1efdd2c0b
Merge pull request #89444 from mweinelt/pinnwand-module
nixos/pinnwand: init; steck: init at 0.5.0; nixos/tests/pinnwand: init
2020-08-14 22:09:33 +02:00
Aaron Andersen
f1f4cc6e1b
Merge pull request #95231 from aanderse/mysql-cleanup
nixos/mysql: run postStart as an unprivileged user
2020-08-13 21:38:44 -04:00
Aaron Andersen
f08049e712 nixos/mysql: move ExecStartPost into postStart 2020-08-13 17:03:22 -04:00
Jan Tojnar
afe22f645a
Merge branch 'staging-next' into staging 2020-08-13 21:59:15 +02:00
Florian Klink
f3ba51f148
Merge pull request #95353 from flokli/systemd-output-journal
nixos: remove StandardOutput=syslog, StandardError=syslog lines
2020-08-13 21:45:12 +02:00
Jan Tojnar
0a4a62459a
nixos/fontconfig: Reintroduce unversioned fonts.conf
Turns out lot of software (including Chromium) use bundled fontconfig
so we either need to wrap every one of those, or re-introduce the global unversioned config.
The latter is easier but weakens hermetic configs. But perhaps those are not really worth the effort.
2020-08-13 20:56:43 +02:00
Florian Klink
7361f6f252 nixos/boot: handle systemd-udevd being a symlink to udevadm 2020-08-13 20:51:39 +02:00
Florian Klink
4f7636dafc nixos/systemd: don't try to install systemd-initctl.{service,socket}
These are now only installed by systemd if HAVE_SYSV_COMPAT is true,
which only is the case if you set sysvinit-path and sysvrcnd-path (which
we explicitly unset in the systemd derivation for quite some time)
2020-08-13 20:51:39 +02:00
Florian Klink
2f9d719061 nixos/systemd: remove mymachines nss module from passwd: and group: lines
From the systemd release notes:

nss-mymachines lost support for resolution of users and groups, and now
only does resolution of hostnames. This functionality is now provided by
nss-systemd. Thus, the 'mymachines' entry should be removed from the
'passwd:' and 'group:' lines in /etc/nsswitch.conf (and 'systemd' added
if it is not already there).
2020-08-13 20:51:39 +02:00
dawidsowa
9aaf34bdb8 nixos/rss-bridge: init 2020-08-13 19:51:30 +02:00