alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
305950 commits 217 branches 121 tags 4.5 GiB
Commit graph

1393 commits

Author SHA1 Message Date
Jan Tojnar c1f851b2ee
Merge branch 'staging-next' into staging 2021-04-25 08:22:13 +02:00
Martin Weinelt e8988f7a30 nixos/babeld: run as DynamicUser 
The last bits to prevent babeld from running unprivileged was its
kernel_setup_interface routine, that wants to set per interface
rp_filter. This behaviour has been disabled in a patch that has been
submitted upstream at https://github.com/jech/babeld/pull/68 and reuses
the skip-kernel-setup config option.

→ Overall exposure level for babeld.service: 1.7 OK 🙂
 2021-04-25 00:54:52 +02:00
Michael Raskin d04f1c4314
Merge pull request #101071 from ju1m/apparmor 
apparmor: try again to fix and improve
 2021-04-24 11:24:26 +00:00
davidak fabdd46503 kbdKeymaps: remove 
dvp and neo are now included in kbd

includes documentation in release notes and alias
 2021-04-23 16:41:06 +02:00
Julien Moutinho b42a0e205d nixos/apparmor: disable killUnconfinedConfinables by default 2021-04-23 07:20:20 +02:00
Julien Moutinho 03b2156d26 nixos/apparmor: move release note to 21.05 2021-04-23 07:19:32 +02:00
Julien Moutinho 05d334cfe2 Revert "Revert "apparmor: fix and improve the service"" 
This reverts commit 420f89ceb2.
 2021-04-23 07:17:55 +02:00
Izorkin 65ce0419ad
nginx: add release notes 2021-04-21 11:18:14 +03:00
Daniël de Kok f75286e063 cudatoolkit-{9,9_0,9_1,9_2}: remove 
Remove old CUDA toolkits (and corresponding CuDNN versions).

- Not supported by upstream anymore.
- We do not use them in nixpkgs.
- We do not test or actively maintain them.
- Anything but ancient GPUs is supported by newer toolkits.

Fixes #107131.
 2021-04-18 11:55:10 +02:00
Jörg Thalheim 0854659567
Merge pull request #119389 from marsam/drop-postgresql_9_5 
postgresql_9_5: drop
 2021-04-16 19:29:21 +01:00
Guillaume Girol f1a2ab6818
Merge pull request #115332 from symphorien/usertype 
nixos/users: require one of users.users.name.{isSystemUser,isNormalUser}
 2021-04-14 19:38:26 +00:00
Symphorien Gibol 7a87973b4c nixos/users: require one of users.users.name.{isSystemUser,isNormalUser} 
As the only consequence of isSystemUser is that if the uid is null then
it's allocated below 500, if a user has uid = something below 500 then
we don't require isSystemUser to be set.

Motivation: https://github.com/NixOS/nixpkgs/issues/112647
 2021-04-14 20:40:00 +02:00
Florian Klink 5429cc1af4 rl-2105: Document /etc/systemd-mutable/system is gone from the defaults, point to boot.extraSystemdUnitPaths 2021-04-14 12:52:58 +02:00
taku0 4c87cb87a2
Merge pull request #67684 from indiscipline/minio 
nixos/minio: allow multiple data directories for erasure coding
 2021-04-13 18:29:28 +09:00
Sandro 1781eeade9
Merge pull request #118773 from peterhoeg/doc/packagekit 
document packagekit changes
 2021-04-12 17:19:47 +02:00
Indiscipline 9ffc4ad790 nixos/minio: allow multiple data directories for erasure coding 2021-04-10 14:44:45 +03:00
Kim Lindberger 5a1bd5ff66
Merge pull request #116074 from talyz/discourse 
discourse: Add package and NixOS module
 2021-04-08 14:19:49 +02:00
Peter Hoeg b7f5bc61f3 document packagekit 2021-04-08 09:23:54 +08:00
talyz bc26a46943
rl-2105: Add Discourse module note 2021-04-05 13:56:02 +02:00
Guillaume Girol fe0e0afbc0
Merge pull request #92929 from symphorien/postgresql-check-config-file 
nixos/postgresql: check config file syntax at build time
 2021-04-02 16:27:03 +00:00
ajs124 2f42097c88
Merge pull request #118090 from helsinki-systems/upd/xfsprogs 
xfsprogs: 5.10.0 -> 5.11.0
 2021-04-01 13:51:01 +02:00
Mario Rodas 72ab382fb6 postgresql_9_5: drop 
PostgreSQL 9.5 has reached EOL on February 11, 2021.
See https://www.postgresql.org/support/versioning/
 2021-04-01 04:20:00 +00:00
Martin Weinelt 285301cd1f linuxPackages: 5.4 -> 5.10 
The 5.10 series is the next longterm version of the linux kernel and
I've been using it on multiple x86_64 machines ever since it came out.

I think it is time to switch over the default now, so we get some
additional testing in time for NixOS 21.05.
 2021-03-31 11:29:33 -04:00
Frederik Rietdijk 9b9e9cff00
Merge pull request #117015 from NixOS/staging-next 
Staging next
 2021-03-31 12:42:19 +02:00
davidak fe3eb35133
Merge pull request #97565 from samuelgrf/defaultPackages-nano 
nixos/config: move nano to defaultPackages
 2021-03-31 09:17:56 +02:00
github-actions[bot] 4ba71fb819
Merge master into staging-next 2021-03-31 00:12:29 +00:00
ajs124 db8b545233 xfsprogs: 5.10.0 -> 5.11.0 
also try to correct meta.license
 2021-03-30 20:14:53 +02:00
talyz abba76a3b9
nixos/gitlab: Document automatic backups 2021-03-30 19:15:33 +02:00
Samuel Gräfenstein e6cd793a74
nixos/config: move nano to defaultPackages 
Some people already have another editor installed and may want to
get rid of applications they don't use.
 2021-03-30 11:50:03 +02:00
github-actions[bot] 8cebf1dc19
Merge master into staging-next 2021-03-25 06:05:58 +00:00
Léo Gaspard 219ee8d091
release notes: typo fixes (#117539) 2021-03-25 01:28:41 +01:00
Jan Tojnar a16ce80193
Merge branch 'staging-next' into staging 2021-03-14 02:09:44 +01:00
Jan Tojnar b19f08ec61
nixos/doc: Fix release notes syntax 2021-03-14 02:01:46 +01:00
Doron Behar 5e367ecef9
Merge pull request #106599 from doronbehar/pkg/gnuradio/pkgs 2021-03-13 17:27:40 +00:00
Aaron Andersen 0bf8f56105
Merge pull request #115871 from aanderse/kodi-packages 
kodi: plugins cleanup
 2021-03-13 10:10:20 -05:00
Frederik Rietdijk 9d03ff5222 python: reproducible builds 
Achieve reproducible builds of the interpreter. Note this meant
disabling optimizations again.
 2021-03-13 13:11:50 +01:00
Doron Behar 2d08e55e9b gnuradio.pkgs: init 
- Write a `mkDerivation` and `mkDerivationWith` function for gnuradio,
  like qt5.
- qradiolink, gqrx: Use gnuradio's callPackage and mkDerivation.
- Use gnuradio.callPackage to define all gnuradio.pkgs.
- Move all gnuradio packages expressions to pkgs/development/gnuradio-modules/ -
  modeled after Python's.
- Add more paths to gnuradio's wrapper - add the extra packages as
  python modules, and add their executables with proper env vars
  wrapping.

Co-authored-by: Frederik Rietdijk <fridh@fridh.nl>
 2021-03-13 12:46:59 +02:00
Jan Tojnar 9a64ee2b45
Merge branch 'staging-next' into staging 2021-03-13 01:58:15 +01:00
Philipp Riegger ac59cb8276 nixos/release-notes/rl-2105.xml: fix typo 2021-03-12 15:44:13 +01:00
Aaron Andersen 696ac06a93 kodi: add release notes for version 19.0 update 2021-03-11 20:35:54 -05:00
Aaron Andersen 4769eb4f58 kodi: add release notes for kodi.withPackages 2021-03-11 20:35:54 -05:00
Chris Martin 5ae6e17795 kindlegen: remove the package (closes #96439) 2021-03-10 07:33:53 +00:00
Sarah Brofeldt fd02940262 nixos/apache-kafka: Use version-matched jre 2021-03-10 08:10:30 +01:00
rnhmjoj f3c77e5e61
nixos/release-notes: highlight privoxy updates 2021-03-09 11:03:00 +01:00
Michele Guerini Rocco af6037b338
Merge pull request #111551 from xaverdh/xserver-modern-drivers 
nixos/xserver: use modern video drivers
 2021-03-09 08:14:24 +01:00
Johan Thomsen 7b5c38e973 nixos/kubernetes: docker -> containerd 
also, nixos/containerd: module init
 2021-03-07 12:51:14 +10:00
Daniël de Kok 158578de40
Merge pull request #114731 from danieldk/release-notes-cargo-hooks 
nixos/rl-2105: add hookification of buildRustPackage
 2021-03-06 11:49:21 +01:00
TredwellGit e3d705e601 nixos/xserver: use modern video drivers 
cirrus is obsolete: https://www.vintage3d.org/cirrus.php
nv is obsolete: https://www.phoronix.com/scan.php?page=article&item=nvidia_kills_nv&num=1
vesa is obsolete: https://www.phoronix.com/scan.php?page=news_item&px=Nzc3Nw
ati and ati_unfree are superseded by amdgpu and amdgpu-pro: https://wiki.gentoo.org/wiki/ATI_FAQ#Is_my_AMD.2FATI_board_supported.3F
nouveau and fbdev added for better fallback support.
 2021-03-06 08:47:18 +01:00
Maximilian Bosch 594eff1d59
Merge pull request #113958 from Ma27/nextcloud21 
nextcloud21: init at 21.0.0, set as default version
 2021-03-04 21:47:26 +01:00
Daniël de Kok 3faea849b9 nixos/rl-2105: add hookification of buildRustPackage 2021-03-04 11:19:11 +01:00
Kim Lindberger e72375464b
Merge pull request #113635 from talyz/gitlab-improvements 
nixos/gitlab: Clean config dir, switch to puma, split PreStart script and more
 2021-03-01 13:37:53 +01:00
Milan Svoboda df3d560999 nixos/nix-gc: add persistent and randomizeDelaySec options 2021-02-28 04:21:21 -05:00
Robert Schütz 5cc881d0d8 imagemagick: make 7.0 default 2021-02-27 18:34:36 +01:00
talyz 2b3800b9c7
nixos/gitlab: Change default SMTP port, enable postfix only if used 
Change the default SMTP port to `25`, to better match the default
address `localhost`. This gets rid of some error outputs in the test,
where it fails to connect to localhost:465.

Also, don't enable postfix by default unless it's actually useful to
us.
 2021-02-24 18:32:24 +01:00
Florian Klink f3af2df658
Merge pull request #111635 from xaverdh/hide-pid-broken 
nixos/hidepid: remove module, it's broken
 2021-02-23 00:20:29 +01:00
Maximilian Bosch f7011c70f3
nextcloud21: init at 21.0.0, set as default version 
ChangeLog: https://nextcloud.com/changelog/#latest21

* Packaged 21.0.0, test-deployed it to my personal instance and tested
  the most basic functionality (`davfs2`-mount, {card,cal}dav sync, file
  management).

* Bumped the default version for unstable/21.05 to `nextcloud21`. Since
  `nextcloud20` was added after the release of 20.09 (and thus the
  default on 20.09 is still `nextcloud19`), it's now needed to upgrade
  across two majors.

  This is not a problem though since it's possible to upgrade to v20 on
  20.09 already and if not, the module will guard the administrator
  through the upgrade with eval warnings as it's the case since 20.03.

* Dropped `nextcloud17` attribute and marked `nextcloud18` as EOL.
 2021-02-22 13:04:42 +01:00
Dominik Xaver Hörl f7fce2c52f nixos/rl-2105: document removal of the hidepid module 2021-02-21 13:51:37 +01:00
Florian Klink e3d3643f1b nixos/release-notes/rl-2105.xml: fix typo 2021-02-21 13:14:55 +01:00
WORLDofPEACE 3c88820235 rl-2105: rngd 2021-02-21 07:09:13 -05:00
Michele Guerini Rocco 19d715c573
Merge pull request #107382 from rnhmjoj/no-udev-settle 
nixos/{networkd,dhcpcd}: remove udev-settle hack
 2021-02-20 20:49:19 +01:00
rnhmjoj d683d26d89
nixos/release-notes: warn on interface renaming 2021-02-19 09:26:14 +01:00
Dominik Xaver Hörl 3629c74c10 nixos/rl-2105: document removal of systemConfig parameter 2021-02-18 12:48:08 +01:00
Luke Granger-Brown cfed3b8b22 treewide: update 21.03 to 21.05 
The NixOS 21.03 release has been delayed to 21.05. See NixOS/rfcs#80.

There are two instances of 21.03 which have been left as is, since they
are in stateVersion comparisons. This will ensure that existing user
configurations which refer to 21.03 will continue to work.
 2021-02-12 14:12:48 -08:00
Bernardo Meurer 77a76e2ff8
release-notes/rl-2103: mention removal of flashplayer support from tree 2021-02-08 09:40:20 -08:00
Michele Guerini Rocco c9f6a7f349
Merge pull request #111624 from rnhmjoj/thinkfan 
nixos/thinkfan: rewrite for 1.2 update
 2021-02-08 12:20:07 +01:00
rnhmjoj c753910d98
nixos/release-notes: mention thinkfan 1.2 update 2021-02-07 14:35:37 +01:00
Michael Weiss d0b891c828
isync: 1.3.4 -> 1.4.0 
Important changes:
- The 'isync' compatibility wrapper was removed.
- The Master/Slave configuration keywords where deprecated and should be
  replaced with Far/Near. All users should update their configuration
  file accordingly. It's a trivial change and the old Master/Slave
  keywords will still work for now but result in the following message:
  Notice: Master/Slave are deprecated; use Far/Near instead.

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2021-02-04 19:54:54 +01:00
John Ericson 6717246373
Merge pull request #111284 from siraben/remove-new-stdenv-lib 
stdenv: warn about use of inherited lib
 2021-01-30 22:28:05 -05:00
Elias Probst 27da11972d nixos/restic: correct location of cache directory 
By default, restic determines the location of the cache based on the XDG
base dir specification, which is `~/.cache/restic` when the environment
variable `$XDG_CACHE_HOME` isn't set.
As restic is executed as root by default, this resulted in the cache being
written to `/root/.cache/restic`, which is not quite right for a system
service and also meant, multiple backup services would use the same cache
directory - potentially causing issues with locking, data corruption,
etc.

The goal was to ensure, restic uses the correct cache location for a
system service - one cache per backup specification, using `/var/cache`
as the base directory for it.

systemd sets the environment variable `$CACHE_DIRECTORY` once
`CacheDirectory=` is defined, but restic doesn't change its behavior
based on the presence of this environment variable.
Instead, the specifier [1] `%C` can be used to point restic explicitly
towards the correct cache location using the `--cache-dir` argument.

Furthermore, the `CacheDirectoryMode=` was set to `0700`, as the default
of `0755` is far too open in this case, as the cache might contain
sensitive data.

[1] https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers
 2021-01-30 18:24:51 -08:00
Ben Siraphob 0fa4858791 release-notes/rl-2103: mention deprecation of stdenv.lib 2021-01-30 20:26:37 +07:00
Florian Klink 1030745555
Merge pull request #106857 from m1cr0man/master 
nixos/acme: Fixes for account creation and remove tmpfiles usage
 2021-01-27 17:52:16 +01:00
bb2020 603e14c793 nixos/alsa: disable OSSEmulation by default 
OSS Emulation is considered incomplete so disabling it by default.
Using user level alsa-oss library (nix-env -iA nixos.alsaOss) over
this kernel module is recommended.
 2021-01-26 15:06:33 +03:00
markuskowa 2f34b4b883
Merge pull request #108983 from markuskowa/dev-mpi 
Use mpi attribute consistently to provide a default MPI implementation
 2021-01-23 22:51:09 +01:00
John Ericson 9c213398b3 lib: Clean up how linux and gcc config is specified 
Second attempt of 8929989614589ee3acd070a6409b2b9700c92d65; see that
commit for details.

This reverts commit 0bc275e634.
 2021-01-23 10:01:28 -05:00
Markus Kowalewski 68fa960f6a
nixos/release-notes: add comment about generic mpi attribute 2021-01-23 12:15:18 +01:00
Jonathan Ringer 0bc275e634
Revert "lib: Clean up how linux and gcc config is specified" 
This is a stdenv-rebuild, and should not be merged
into master

This reverts commit 8929989614.
 2021-01-22 14:07:06 -08:00
John Ericson d95aebbe0e
Merge pull request #107214 from Ericson2314/linux-config-cleanup 
lib: Clean up how linux and gcc config is specified
 2021-01-22 15:15:58 -05:00
John Ericson 8929989614 lib: Clean up how linux and gcc config is specified 
The `platform` field is pointless nesting: it's just stuff that happens
to be defined together, and that should be an implementation detail.

This instead makes `linux-kernel` and `gcc` top level fields in platform
configs. They join `rustc` there [all are optional], which was put there
and not in `platform` in anticipation of a change like this.

`linux-kernel.arch` in particular also becomes `linuxArch`, to match the
other `*Arch`es.

The next step after is this to combine the *specific* machines from
`lib.systems.platforms` with `lib.systems.examples`, keeping just the
"multiplatform" ones for defaulting.
 2021-01-21 22:44:09 -05:00
Linus Heckemann 5153deedd8
Merge pull request #108909 from thiagokokada/libinput-by-device-type 
nixos/libinput: separate settings by mouse/touchpad
 2021-01-21 10:43:44 +01:00
Ryan Mulligan 2b8cdd5f3b
Merge pull request #89472 from asymmetric/relnotes-grub 
rl-2003: mention grub 2.04 update
 2021-01-18 11:50:52 -08:00
Thiago Kenji Okada 0f762e5582 nixos/doc: document services.xserver.libinput changes 2021-01-13 10:20:38 -03:00
Izorkin 91e580397e
mariadb: 10.4.15 -> 10.5.8 2021-01-12 17:22:54 +03:00
Izorkin d688f790dd
mariadb: drop build server with tokudb storage 2021-01-12 17:22:47 +03:00
rnhmjoj 88f71722ea
nixos/doc: add searx changes to the relase notes 2021-01-11 08:41:16 +01:00
Florian Klink 581232454f
Merge pull request #108726 from omasanori/nixos/netgroup 
nixos/networking: make /etc/netgroup by default
 2021-01-10 23:01:12 +01:00
Guillaume Girol 0fbc0976db
Merge pull request #106082 from rnhmjoj/uwsgi 
nixos/uwsgi: run with capabilities instead of root
 2021-01-10 21:51:37 +00:00
rnhmjoj 3a17a9b05e
nixos/docs: add uWSGI changes to the relase notes 2021-01-10 19:33:41 +01:00
Jörg Thalheim 51894963cb
Merge pull request #89775 from numinit/update-androidenv 2021-01-10 15:09:36 +00:00
Jörg Thalheim b815fb2fd9
Merge pull request #105775 from xaverdh/iwd-link-unit 2021-01-10 12:35:25 +00:00
Michele Guerini Rocco db0adc9a44
Merge pull request #108897 from pacien/fish-foreign-env-remove-alias 
fish-foreign-env: remove alias to incompatible package
 2021-01-10 10:04:43 +01:00
Masanori Ogino d1d6403cb5 nixos/networking: make /etc/netgroup by default 
This will prevent nscd from complaining /etc/netgroup being absent.

Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
 2021-01-10 11:01:48 +09:00
pacien 052f58ffae fish-foreign-env: remove alias to incompatible package 
The fish-foreign-env and the fishPlugins.foreign-env packages aren't
compatible due to changes in directory layout.

It's better to remove the alias so that the evaluation explicitly fails
instead of allowing silent runtime breakage.

GitHub: see https://github.com/NixOS/nixpkgs/pull/107834#issuecomment-756995696
GitHub: see https://github.com/LnL7/nix-darwin/issues/269
GitHub: see https://github.com/nix-community/home-manager/issues/1701
GitHub: see https://github.com/nix-community/home-manager/issues/1702
 2021-01-10 01:03:23 +01:00
WORLDofPEACE 7c34e83cb2
Merge pull request #108107 from talyz/reintroduce-epiphany 
Revert "nixos/gnome3: don't install epiphany default"
 2021-01-09 16:45:31 -05:00
Dominik Xaver Hörl 86b3251c80 nixos/iwd: add release notes for changes to wireless interface renaming 2021-01-09 10:55:41 +01:00
Jörg Thalheim a14ea3aecc
Merge pull request #97740 from ju1m/tor 
nixos/tor: improve type-checking and hardening
 2021-01-05 16:00:40 +00:00
talyz 8ed9987894
nixos/gnome3: Note the reintroduction of epiphany in release notes 2021-01-05 16:27:20 +01:00
pacien d94921db12 fish-foreign-env: move to fishPlugins.foreign-env 
And relocate the installed fish functions to the `vendor_functions.d` so
that they're automatically loaded.
 2021-01-04 18:53:59 +01:00
numinit 5b91d4ab65 Rework androidenv package generation 
androidenv did not previously write license files, which caused certain
gradle-based Android tools to fail. Restructure androidenv's list of
Android packages into a single repo.json file to prevent duplication
and enable us to extract the EULA texts, which we then hash with
builtins.hashString to produce the license files that Android gradle
tools look for.

Remove includeDocs and lldbVersions, as these have been removed
from the Android package repositories.

Improve documentation and examples.
 2021-01-03 21:27:23 -07:00
Julien Moutinho 0ccdd6f2b0 nixos/tor: improve type-checking and hardening 
Fixes #77395.
Fixes #82790.
 2021-01-04 01:02:26 +01:00
Maximilian Bosch 3b57908018
Merge pull request #108179 from WilliButz/update/prometheus-json-exporter/0.2.0 
prometheus-json-exporter: unstable-2017-10-06 -> 0.2.0
 2021-01-03 19:28:12 +01:00
Maximilian Bosch 6e43cc7fb0
nixos/prometheus-exporters: minor doc improvements 
* Content of `programlisting` shouldn't be indented, otherwise it's
  weirdly indented in the output.
* Use `<xref linkend=.../>` in the release notes: then users can
  directly go to the option documentation when reading release notes.
* Don't use docbook tags in `mkRemovedOptionModule`: it's only used
  during evaluation where docbook isn't rendered.
 2021-01-03 19:04:33 +01:00
github-actions[bot] bc30d1eb34
Merge master into staging-next 2021-01-03 00:56:46 +00:00
ajs124 a2267f6341 xfsprogs: 4.19 -> 5.10 2021-01-02 18:45:22 +01:00
WilliButz 3f94c66ee1
nixos/prometheus-json-exporter: update modules & tests, add release notes 2021-01-02 13:10:27 +01:00
Lucas Savva e5913db0c9 nixos/acme: update documentation and release notes 
The instructions on recreating the cert were missing --what=state.
Also added a note on ensuring the group of manual certs is correct.
 2020-12-28 00:35:45 +00:00
Frederik Rietdijk 736dd028ca Merge staging-next into staging 2020-12-22 19:43:32 +01:00
WilliButz 97e863ad7f
nixos/doc: add note about codimd -> hedgedoc to release notes 2020-12-22 01:39:03 +01:00
Frederik Rietdijk f081225a83
Merge pull request #106533 from helsinki-systems/refactor/waf-hook 
[staging] wafHook: Don't wrap Python 2
 2020-12-19 19:28:05 +01:00
Michele Guerini Rocco d8cb103f79
Merge pull request #104589 from fadenb/release_notes_wpa_supplicant_breaking_change 
nixos/release-notes: Warn on wpa_supplicant changes
 2020-12-18 16:11:10 +01:00
rnhmjoj 8a76f5d811
nixos/doc: fix manual build 
This is a fixup of 9728907c
 2020-12-18 08:46:03 +01:00
Janne Heß cfc4f6347f
wafHook: Don't wrap python2 2020-12-17 19:01:28 +01:00
Andreas Rammhold fa0d499dbf
Merge pull request #106995 from andir/ml2pr/PATCH-nixos-users-groups-createHome-Ensure-HOME-permissions-fix-description 
nixos/users-groups: createHome: Ensure HOME permissions, fix description
 2020-12-17 17:23:46 +01:00
Markus Kowalewski 5df0cf7461
nixos/slurm: fix dbdserver config file handling 
Since slurm-20.11.0.1 the dbd server requires slurmdbd.conf to be
in mode 600 to protect the database password. This change creates
slurmdbd.conf on-the-fly at service startup and thus avoids that
the database password ends up in the nix store.
 2020-12-16 20:34:14 +01:00
Alyssa Ross e17d4b05a1 nixos/tor: don't do privoxy stuff by default 
It's very surprising that services.tor.client.enable would set
services.privoxy.enable.  This violates the principle of least
astonishment, because it's Privoxy that can integrate with Tor, rather
than the other way around.

So this patch moves the Privoxy Tor integration to the Privoxy module,
and it also disables it by default.  This change is documented in the
release notes.

Reported-by: V <v@anomalous.eu>
 2020-12-16 12:20:03 +00:00
Klemens Nanni 8833983f26 nixos/users-groups: createHome: Ensure HOME permissions, fix description 
configuration.nix(1) states

    users.extraUsers.<name>.createHome
        [...] If [...] the home directory already exists but is not
        owned by the user, directory owner and group will be changed to
        match the user.

i.e. ownership would change only if the user mismatched;  the code
however ignores the owner, it is sufficient to enable `createHome`:

    if ($u->{createHome}) {
        make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
        chown $u->{uid}, $u->{gid}, $u->{home};
    }

Furthermore, permissions are ignored on already existing directories and
therefore may allow others to read private data eventually.

Given that createHome already acts as switch to not only create but
effectively own the home directory, manage permissions in the same
manner to ensure the intended default and cover all primary attributes.

Avoid yet another configuration option to have administrators make a
clear and simple choice between securely managing home directories
and optionally defering management to own code (taking care of custom
location, ownership, mode, extended attributes, etc.).

While here, simplify and thereby fix misleading documentation.
 2020-12-16 03:40:29 +01:00
Guillaume Girol 824d2c92bd
Merge pull request #82584 from Atemu/dnscrypt-default-config 
dnscrypt-proxy2: base settings on example config
 2020-12-15 19:47:43 +00:00
Linus Heckemann cc786acdce
Merge pull request #105397 from kisik21/mailman-other-mta-support 
nixos/mailman: make Postfix support optional (provided you configure the MTA yourself)
 2020-12-14 09:46:05 +01:00
Vika ad023b0c88
nixos/mailman: make Postfix support optional (provided you configure the MTA yourself) 
Mailman can now work with MTAs other than Postfix. You'll have to configure
it yourself using the options in `services.mailman.settings.mta`.

This addition is reflected in the release notes for 21.03.
 2020-12-14 02:41:30 +03:00
Atemu 5242cec1b8 rl-2103: document nixos/dnscrypt-proxy2's default config change 2020-12-12 09:15:56 +01:00
Jan Tojnar 4f20afbc19
Merge branch 'master' into staging-next 2020-12-10 04:39:30 +01:00
Damien Diederen f77d01ffc5 zookeeper: 3.4.12 -> 3.6.2 
A big jump, but the structure hasn't changed much.

This recipe is still based on a binary release provided by upstream.

(It might be interesting to start doing our own builds at some point,
to split client from server, and/or to create packages for removed
"contribs" such as 'zooInspector'.  Upstream intends to further slim
down its release tarballs as most deployments only need specific assets.)
 2020-12-09 15:46:38 +01:00
Gabriel Ebner a474f0d1e6
Merge pull request #105275 from lukegb/nixpkgs-pa14 
pulseaudio: 13.0 -> 14.0
 2020-12-07 22:45:47 +01:00
zowoq fad293d452 nixos/doc/rl-2103: fix build 2020-12-06 12:15:26 +10:00
Doron Behar 44d041786b rl-2103: Mention gnuradio expressions changes. 
Mention 3.8 and that it's now possible to override it and 3.7 to compile
only certain features.
 2020-12-05 13:24:05 +02:00
Symphorien Gibol 9816bbbaa5 nixos/rspamd: add release notes 2020-12-01 14:45:56 +01:00
Frederik Rietdijk 9a63b3d3d6
Merge pull request #104781 from NixOS/staging-next 
Staging next
 2020-11-30 18:27:29 +01:00
Raghav Sood 1fd8d571ed
cpp_ethereum: remove 2020-11-30 03:23:21 +00:00
Luke Granger-Brown d29428523e rl-21.03: add PulseAudio 13.0 -> 14.0 upgrade to release notes 2020-11-29 13:27:46 +00:00
Frederik Rietdijk b2a3891e12 Merge master into staging-next 2020-11-27 15:09:19 +01:00
Jan Tojnar 6d99109b12
Merge branch 'staging-next' into staging 2020-11-24 05:44:44 +01:00
adisbladis ba1fa0c604
pam_ssh_agent_auth: Honour services.openssh.authorizedKeysFiles 
If a system administrator has explicitly configured key locations this
should be taken into account by `sudo`.
 2020-11-24 02:47:07 +01:00
Florian Klink bbf3c9483b
Merge pull request #104520 from Izorkin/wsdd 
wsdd: init at 0.6.2
 2020-11-23 23:18:23 +01:00
Frederik Rietdijk 587538d087 Merge staging-next into staging 2020-11-23 18:10:33 +01:00
Izorkin 03760ab82e
nixos/samba-wsdd: init service samba-wsdd 2020-11-23 13:26:00 +03:00
Florian Klink c76891314d
Merge pull request #104094 from flokli/systemd-unified-cgroup-hierarchy 
systemd: switch to unified cgroup hierarchy by default
 2020-11-22 22:35:42 +01:00
Tristan Helmich 3049064aa5 nixos/release-notes: Warn on wpa_supplicant changes 2020-11-22 11:43:43 +00:00
Jack Kelly 6fd871dec4 rl-21.03: describe EC2 instance user/meta data reloading 2020-11-22 12:22:46 +10:00
Kai Wohlfahrt 3f892c2174 nixos/openldap: Remove extraConfig options 
Instead of deprecating, as per PR feedback
 2020-11-21 16:13:03 +00:00
Kai Wohlfahrt 5fafbee87a nixos/openldap: Add release-notes for OLC config 2020-11-21 15:45:15 +00:00
Guillaume Girol 01083f116d
Merge pull request #102235 from symphorien/paperwork2 
Paperwork 2.0
 2020-11-20 21:30:08 +00:00
Florian Klink d22b3ed4bc systemd: switch to unified cgroup hierarchy by default 
See https://www.redhat.com/sysadmin/fedora-31-control-group-v2 for
details on why this is desirable, and how it impacts containers.

Users that need to keep using the old cgroup hierarchy can re-enable it
by setting `systemd.unifiedCgroupHierarchy` to `false`.

Well-known candidates not supporting that hierarchy, like docker and
hidepid=… will disable it automatically.

Fixes #73800
 2020-11-19 16:56:46 +01:00
Michael Raitza 1f323ec2b4 openafs: remove 1.6; point to openafs_1_8 2020-11-17 21:31:59 +01:00
Symphorien Gibol 3c9707d4a3 nixos: add release notes for the paperwork update. 2020-11-15 15:46:53 +01:00
Frederik Rietdijk 463f738cc6 Merge master into staging-next 2020-11-13 20:58:35 +01:00
Maximilian Bosch fca0aad258
Merge pull request #103500 from chkno/nixos-YY.MM-not-in-nixpkgs-channels 
doc: 20.09 release notes: nixos-YY.MM branches no longer in nixos-channels repo
 2020-11-12 23:27:27 +01:00
zowoq 31051812bc nixos/doc/*: fix indentation 2020-11-12 14:24:00 +10:00
Scott Worley f72a3142f0 doc: 20.09 release notes: nixos-YY.MM branches no longer in nixos-channels repo 
Since 7c442a2f67
for https://github.com/NixOS/nixpkgs/issues/99257
 2020-11-11 11:29:39 -08:00
Sarah Brofeldt e0d51db401 nixos: boot.zfsImportAll = false; by default 
Also add 21.03 release note
 2020-11-11 18:46:05 +01:00
Frederik Rietdijk 4076ffe580 Merge staging-next into staging 2020-11-11 16:00:34 +01:00
Daniël de Kok 3497b757d3
Merge pull request #102472 from helsinki-systems/feat/vim-python3 
vim: Get rid of Python 2 dependency
 2020-11-11 11:52:02 +01:00
Doron Behar 9db44f61a7 rubyMinimal: remove 
Due to being unused, and seemingly unusable, added appropriate release
notes.
 2020-11-09 16:17:41 +02:00
Frederik Rietdijk 20f001c01e Merge master into staging-next 2020-11-09 14:33:52 +01:00
Janne Heß 576a928794
vim: Get rid of Python 2 dependency 2020-11-09 13:02:04 +01:00
Daniël de Kok d43f378b4a
Merge pull request #103101 from matthiasbeyer/update-mutt 
mutt: 1.14.7 -> 2.0.0
 2020-11-08 18:26:51 +01:00
Niklas Hambüchen 1c460c0a5c
Merge pull request #103147 from nh2/nginx-sandbox-protecthome-release-notes 
manual: nginx: Mention ProtectHome in release notes. See #85567
 2020-11-08 18:01:03 +01:00
Niklas Hambüchen 2e7b320931 manual: nginx: Remove reference to stateDir from release notes. Fixes #102211. 
Fixed wording taken from:
https://github.com/NixOS/nixpkgs/issues/102211#issuecomment-719976230
 2020-11-08 17:55:11 +01:00
Daniël de Kok c65164ec75 nixos/release-notes: Mutt 2.x has some backward incompatible changes 2020-11-08 17:26:54 +01:00
Niklas Hambüchen 2f845dccbf manual: nginx: Mention ProtectHome in release notes. See #85567. 
See https://github.com/NixOS/nixpkgs/pull/85567#pullrequestreview-525820684
 2020-11-08 17:03:07 +01:00
Ninjatrappeur 5f5d38e88f
Merge pull request #101218 from andir/unbound-systemd 2020-11-08 16:55:29 +01:00
Niklas Hambüchen 169ab0b89f redis service: Listen on localhost by default. Fixes #100192. 
All other database servers in NixOS also use this safe-by-default setting.
 2020-11-08 01:15:33 +01:00
Jan Tojnar a821be7531
Merge branch 'master' into staging-next 2020-11-05 09:42:47 +01:00
freezeboy dc0f5ed6d2 btc1: remove 2020-11-04 12:26:42 +01:00
Frederik Rietdijk 10c57af49c Merge staging-next into staging 2020-11-04 09:28:07 +01:00
Andreas Rammhold 5c16c31e06
nixos/unbound: add release notes for the changes that were introduced 
As part of this patch series a few changes have been made to the unbound
serivce the deserve proper documentation.
 2020-11-03 19:21:25 +01:00
Kim Lindberger cf2d180a12
Merge pull request #99906 from talyz/keycloak 
nixos/keycloak: Init
 2020-11-03 18:31:19 +01:00
Kevin Cox 8230e62f57
Merge pull request #100495 from DianaOlympos/riak-cs-delete 
riak-cs: delete
 2020-11-03 11:17:42 -05:00
Frederik Rietdijk 83dde6c52c Merge staging-next into staging 2020-11-01 10:11:12 +01:00
Niklas Hambüchen 441abe9949 release notes: Document deprecation warning for StartLimitInterval in [Service] 2020-10-31 18:11:03 +01:00
talyz d1d3c86c70
rl-2103: Note the addition of the Keycloak service 2020-10-29 12:08:06 +01:00
Maximilian Bosch ca45bb574d
nixos/rl-2009: minor typo fix 2020-10-28 19:38:28 +01:00
Thomas Depierre 63caecee7d riak-cs: delete 2020-10-28 19:31:33 +01:00
Andreas Rammhold db0fe5c3eb
Merge branch master into staging to fix eval error 
This fixes the eval error of the small (and "big"?) NixOS test set that
was fixed in 1088f05 & eba8f542.
 2020-10-28 03:03:27 +01:00
Andreas Rammhold c127653b72
Merge pull request #101887 from jonringer/minor-release-notes-adjustment 
nixos/docs/rl-2009.xml: grafana: description, example agreement
 2020-10-28 02:38:55 +01:00
Jonathan Ringer 3963954fc8
nixos/docs/rl-2009.xml: grafana: description, example agreement 2020-10-27 17:50:39 -07:00
Markus S. Wamser a0cc1243cc doc: 20.09 release notes: remove duplicate service list entry 
opt-services.foldingathome.enable was listed twice
 2020-10-27 13:43:44 -07:00
davidak 4166a767de doc: improve 20.09 release notes 2020-10-27 21:11:22 +01:00
WORLDofPEACE 5a08ab936b rl-2009: release on a Tuesday 
Because hydra took it's good old time
 2020-10-27 03:03:43 -04:00
Jonathan Ringer 51ca426eb5
release-notes-2009: add contributions section 2020-10-26 18:36:12 -07:00
Jonathan Ringer 37236c2a23 nixos/doc/rl-20.09: normalize highlights, reorder entries 2020-10-25 17:40:47 -07:00
Vladimír Čunát 2f6b00b15e
Merge branch 'staging-next' into staging 2020-10-25 09:47:04 +01:00
Aaron Andersen 6393835b8d nixos/powerdns: update release notes 2020-10-24 16:41:32 -04:00
Jan Tojnar 346e1f020e
release-notes: Mention GNOME 3.38 2020-10-24 01:18:46 +02:00
symphorien 9e8eaea484
nixos/sslh: fix usage of the now removed ssl probe (#101087) 
and document
 2020-10-21 21:34:35 +02:00
Aluísio Augusto Silva Gonçalves cba9843aa0
nixos/doc: fix itemization in the 20.09 release notes 2020-10-19 07:11:48 -03:00
Aaron Andersen dc790c104c nixos/pdns-recursor: add release notes 2020-10-18 08:26:35 -04:00
Frederik Rietdijk 9e1943edc0 Merge master into staging-next 2020-10-13 19:34:34 +02:00
Jonathan Ringer 82e2fdea1e nixos/doc: add nvidia prime changes 2020-10-12 22:59:54 -07:00
Doron Behar 58b8ae4127
Merge pull request #100066 from matthuszagh/kicad-srcs 2020-10-12 22:55:16 +03:00
Matt Huszagh b90776cbbf add 21.03 release notes for renamed kicad options 2020-10-12 11:32:44 -07:00
WORLDofPEACE 8cae8e54a1 Revert "mediatomb/gerbera: Add release note information for 20.09" 
This was added to a release note when it's a feature not landing in that release.

This reverts commit a007e07abb.
 2020-10-10 23:26:42 -04:00
WORLDofPEACE 13b192749c nixos/gnome3: don't install epiphany default 
See https://github.com/NixOS/nixpkgs/issues/98819
 2020-10-10 22:12:59 -04:00
Jan Tojnar aabcf2d8f5
Merge branch 'master' into staging-next 2020-10-11 00:27:21 +02:00
WORLDofPEACE 38237e95e6
Merge pull request #100103 from jtojnar/fontconfig-rn 
nixos/doc: Mention fontconfig changes in 20.09 RN
 2020-10-10 16:47:39 -04:00
WORLDofPEACE 2e087fe0d9
Merge pull request #100097 from Jiehong/doc/release_note_python 
doc: add the removal of Python 3.5 to the 20.09 release notes (#95765)
 2020-10-10 16:44:25 -04:00
Michael Weiss 4a600af1b1 doc: Document a workaround for using an FQDN as hostname 
Since #76542 this workaround is required to use a FQDN as hostname. See
#94011 and #94022 for the related discussion. Due to some
potential/unresolved issues (legacy software, backward compatibility,
etc.) we're documenting this workaround [0].

[0]: https://github.com/NixOS/nixpkgs/issues/94011#issuecomment-705952300
 2020-10-10 10:48:54 -07:00
Vladimír Čunát 338b25697c
Merge branch 'master' into staging-next 
Quite many rebuilds from master:
> Estimating rebuild amount by counting changed Hydra jobs.
>    3926 x86_64-darwin
>    4645 x86_64-linux
 2020-10-10 11:32:10 +02:00
Jan Tojnar be2f1cb15c
nixos/doc: Mention fontconfig changes in 20.09 RN 
This is a major change but it should not cause any issues.
 2020-10-09 22:09:37 +02:00
Jiehong Ma 63c7735733 doc: add the removal of Python 3.5 to the 20.09 release notes (#95765) 2020-10-09 20:03:15 +02:00
Jiehong Ma c3e4594eaf doc: add AMD rocm and vulkan to 20.09 release notes (#95765) 2020-10-09 18:24:27 +02:00
Frederik Rietdijk ec28e32c9e Merge master into staging-next 2020-10-08 21:47:26 +02:00