alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
290063 commits 217 branches 121 tags 4.5 GiB
Commit graph

17113 commits

Author SHA1 Message Date
Michele Guerini Rocco 4cbe186a8a
Merge pull request #121394 from bjornfor/atd-file-creation 
nixos/atd: prefer 'install' over 'mkdir/chmod/chown'
 2021-05-10 08:43:57 +02:00
github-actions[bot] f4d69ad1f2
Merge master into staging-next 2021-05-10 06:20:28 +00:00
Michele Guerini Rocco d0cbcce8d4
Merge pull request #121395 from bjornfor/nixos-wpa-supplicant 
nixos/wpa_supplicant: prefer 'install' over 'touch/chmod/mkdir/chgrp'
 2021-05-10 08:16:39 +02:00
github-actions[bot] bc1f4b790e
Merge master into staging-next 2021-05-09 12:23:16 +00:00
Luke Granger-Brown 491216df02
Merge pull request #122099 from alekna/fix/docker 
nixos/docker: ensure ipv4 forwarding is enabled
 2021-05-09 12:15:16 +01:00
Michele Guerini Rocco e5452226af
Merge pull request #121791 from dotlambda/sudo-execWheelOnly 
nixos/sudo: add option execWheelOnly
 2021-05-09 10:04:15 +02:00
Vladimír Čunát 5663b2b2d3
Merge branch 'master' into staging-next 
(a trivial conflict in transmission)
 2021-05-09 09:31:55 +02:00
Robert Schütz 5624aa9f81 nixos/sudo: add option execWheelOnly 
By setting the executable's group to wheel and permissions to 4510, we
make sure that only members of the wheel group can execute sudo.
 2021-05-08 23:48:00 +02:00
paumr 5390d4b946 nixos/bind: formatted with nixpkgs-fmt 2021-05-08 23:13:58 +02:00
Robert Hensing 4433ba90aa
Merge pull request #121927 from rissson/nixos-unbound-fix-top-level-include 
nixos/unbound: allow list of strings in top-level settings option type
 2021-05-08 22:00:57 +02:00
github-actions[bot] 6d46d8a9b9
Merge master into staging-next 2021-05-08 18:22:46 +00:00
Laurynas Alekna 9317570735 nixos/docker: ensure ipv4 forwarding is enabled 
Fixes #118656
 2021-05-08 18:58:24 +01:00
Marc 'risson' Schmitt 0340cd2abe
nixos/unbound: allow list of strings in top-level settings option type 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2021-05-08 19:55:17 +02:00
Aaron Andersen 9254b82706
Merge pull request #121746 from j0hax/monero-options 
nixos/monero: add dataDir option
 2021-05-08 11:43:49 -04:00
Martin Weinelt 9651084620 Merge remote-tracking branch 'origin/master' into staging-next 2021-05-08 14:43:43 +02:00
Vladimír Čunát 080cd658ca
Merge #121780: treewide meta.maintainers tweaks 2021-05-08 10:47:08 +02:00
Gemini Lasswell 28f51d7757 nixos/yggdrasil: set directory permissions before writing keys 
Remove the opportunity for someone to read the keys in between when
they are written and when the chmod is done.  Addresses #121293.
 2021-05-08 09:49:19 +02:00
Jan Tojnar 468cb5980b gnome: rename from gnome3 
Since GNOME version is now 40, it no longer makes sense to use the old attribute name.
 2021-05-08 09:47:42 +02:00
github-actions[bot] e21fb16f9a
Merge master into staging-next 2021-05-08 06:20:05 +00:00
Silvan Mosberger 08d94fd2b0
Merge pull request #114374 from oxalica/lib/platform-support-check 
lib.meta: introduce `availableOn` to check package availability on given platform
 2021-05-08 03:54:36 +02:00
github-actions[bot] b4416b52c5
Merge master into staging-next 2021-05-08 00:46:50 +00:00
Johannes Arnold c0853b6e2c nixos/monero: use isSystemUser = true 2021-05-08 02:13:25 +02:00
Michele Guerini Rocco 4e4869b92b
Merge pull request #114745 from rnhmjoj/brltty 
brltty: 6.1 -> 6.3; nixos/brltty: use upstream units
 2021-05-07 23:35:57 +02:00
Domen Kožar 8ecb0344a0
Merge pull request #121720 from samueldr/feature/arm-stage-1-modules 
installer images: Add available modules to stage-1 on ARM platforms
 2021-05-07 22:01:09 +02:00
Evils 5ae90276c3 nixos/fancontrol: clean up module 
set a group and user for the service
remove default null config
  it's required, now it throws an error pointing to the option

set myself (module author) as maintainer
 2021-05-07 11:46:40 -07:00
github-actions[bot] 1ae6d3d02f
Merge master into staging-next 2021-05-07 18:24:29 +00:00
Robin Gloster 29e92116d1
Merge pull request #118037 from mayflower/privacy-extensions-configurable 
nixos/network: allow configuring tempaddr for undeclared interfaces
 2021-05-07 13:01:29 -05:00
ajs124 cd609e7a1c
Merge pull request #117094 from helsinki-systems/drop/spidermonkey_1_8_5 
spidermonkey_1_8_5: drop
 2021-05-07 18:55:49 +02:00
Robert Hensing 316b82563a
Merge pull request #121702 from hercules-ci/nixos-hercules-ci-agent-update 
nixos/hercules-ci-agent: updates
 2021-05-07 15:48:33 +02:00
Vladimír Čunát 9f054b5e1a
treewide: remove worldofpeace from meta.maintainers 
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
 2021-05-07 15:36:40 +02:00
github-actions[bot] 12193913a1
Merge staging-next into staging 2021-05-07 12:23:21 +00:00
Jan Tojnar 9468b07326
Merge branch 'gnome-40' 2021-05-07 12:12:40 +02:00
github-actions[bot] e5f4def056
Merge staging-next into staging 2021-05-07 00:46:58 +00:00
Robert Hensing 0633b6aa74
Merge pull request #121870 from Pacman99/pass-specialargs 
lib/modules: pass specialArgs to modules
 2021-05-07 01:54:48 +02:00
Pacman99 87c659ab94 nixos/top-level: specialArgs to specialisations 2021-05-06 16:04:08 -07:00
John Ericson a3e54cb582 Merge remote-tracking branch 'upstream/staging-next' into staging 2021-05-06 15:48:25 -04:00
Sander van der Burg 77295e7e6b nixos/disnix: configure the remote client by default, if multi-user mode has been enabled 2021-05-06 19:33:02 +02:00
Martin Weinelt 6a09bc4405
Merge pull request #121865 from mweinelt/home-assistant 2021-05-06 18:05:00 +02:00
Martin Weinelt 24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection 
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.

It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.

This leaves us with these options unsecured:

✗ PrivateNetwork=                                             Service has access to the host's network                                                                 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                                                    0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                                       0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                                         0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                                       0.2
✗ PrivateUsers=                                               Service has access to other users                                                                        0.2
✗ SystemCallFilter=~@resources                                System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed)      0.2
✗ RestrictAddressFamilies=~AF_NETLINK                         Service may allocate netlink sockets                                                                     0.1
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                                            0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                                                   0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                                       0.1
✗ ProcSubset=                                                 Service has full access to non-process /proc files (/proc subset=)                                       0.1

→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
 2021-05-06 16:55:53 +02:00
Jörg Thalheim 4e783a4cb7
Merge pull request #121724 from Izorkin/update-netdata 
netdata: 1.29.3 -> 1.30.1
 2021-05-06 14:58:33 +01:00
github-actions[bot] c63e69cd89
Merge staging-next into staging 2021-05-06 12:23:32 +00:00
Maximilian Bosch a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple 
wpa_supplicant: allow both imperative and declarative networks
 2021-05-06 11:01:35 +02:00
Simon Thoby 1bdda029cd nixos/services/torrent/transmission.nix: add a missing apparmor rule 
libbrotli wasn't listed as a dependency for the AppArmor profile of the transmission-daemon binary.
As a result, transmission wouldn't run and would fail, logging this audit message to dmesg:
audit[11595]: AVC apparmor=DENIED operation=open profile=/nix/store/08i1rmakmnpwyxpvp0sfc5hcm106am7w-transmission-3.00/bin/transmission-daemon name=/proc/11595/environ pid=11595 comm=transmission-da requested_mask=r denied_mask=r fsuid=70 ouid=70
 2021-05-05 22:47:52 +02:00
Jan Tojnar 878abc6488
nixos/gnome3: Install GNOME Tour 
It will be run after startup.
 2021-05-05 22:43:02 +02:00
Jan Tojnar 316928e8c1
nixos/gnome3: Enable power-profiles-daemon 
GNOME 40 added support for it in Control Center.
 2021-05-05 22:43:01 +02:00
Jan Tojnar 49ae2e4c26
gnome3.gnome-getting-started-docs: drop 
It has been retired

https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/353
 2021-05-05 22:43:01 +02:00
Jan Tojnar d2e141e412
gnome3.gdm: 3.38.2.1 → 40.0 2021-05-05 22:42:32 +02:00
Samuel Dionne-Riel 6cb46a3897 sd_image_raspberrypi4: Remove, as planned initially 
The replacement is the generic AArch64 image.

From there, you can customize an image that works better for your
needs, if need be.
 2021-05-05 16:19:13 -04:00
Izorkin 53651179b9
nixos/netdata: update capabilities 2021-05-05 20:46:07 +03:00
github-actions[bot] af9d9374fa
Merge staging-next into staging 2021-05-05 12:23:47 +00:00
Robert Schütz f82c6fdfd5 nixos/matrix-dendrite: rename to dendrite 2021-05-05 12:38:02 +02:00
Robert Schütz 007cab9644 matrix-dendrite: rename to dendrite 
No other distro calls it matrix-dendrite:
https://repology.org/project/matrix-dendrite
 2021-05-05 12:37:04 +02:00
Robert Hensing ce93c98ce2
Merge pull request #99132 from Infinisil/recursive-type-deprecation 
Recursive type deprecation
 2021-05-05 11:13:37 +02:00
Silvan Mosberger 0a377f11a5 nixos/treewide: Remove usages of deprecated types.string 2021-05-05 03:31:41 +02:00
github-actions[bot] 68e3ba2b1d
Merge staging-next into staging 2021-05-05 00:46:07 +00:00
Samuel Dionne-Riel 1cb977c858 sd-image: Rely on profiles/all-hardware.nix 
This ensures that SD images and UEFI installers don't drift in
compatibility with regards to early initrd.
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel cb9b46a3cd profiles/all-hardware.nix: Add vc4 for broadcom hardware 
Namely, early KMS on raspberry pi
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel f5b7687d26 profiles/all-hardware.nix: Share some config for all ARM 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel 14ac6de024 profiles/all-hardware.nix: Fix for arvmv7l-linux 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel 82625705c6 profiles/all-hardware.nix: Add analogix-dp 
While it's being brought in implicitly by the other analogix driver,
let's be explicit, in case things change.
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel 9fa3e2c2a3 profiles/all-hardware.nix: Add regulator needed for rockchip 
But not exclusive to rockchip
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel 535d463cf9 profiles/all-hardware.nix: Add rockchip modules 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel 70205bd13c profiles/all-hardware.nix: Add support for Raspberry Pi 4 USB 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel a846d19831 profiles/all-hardware.nix: Add power regulator modules 
This is used on some allwinner platforms, and is a weak dependency for
USB to work.
 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel a8af02fe6d profiles/all-hardware.nix: Add modules for integrated displays 
Namely, this is used by the pinebook's display
 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel 5bc36c1b30 profiles/all-hardware.nix: Add support for Allwinner hardware 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel c60de92917 profiles/all-hardware.nix: Add simplefb for AArch64 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel 556fc32d69 iso-image: Build using strictDeps 2021-05-04 19:37:49 -04:00
Samuel Dionne-Riel f1100e1506 iso-image: Add support for armv7l-linux 2021-05-04 19:37:49 -04:00
Samuel Dionne-Riel d053c05d19 iso-image: Fixes for cross-compilation 
Note that here, since it's not a in a callPackage call, splicing won't
work on nativeBuildInputs.
 2021-05-04 19:37:48 -04:00
Samuel Dionne-Riel 385dc32fa8
Merge pull request #119974 from samueldr/feature/grub-gfx-aarch64 
iso-image: Fix GRUB graphical menu on AArch64
 2021-05-04 19:36:40 -04:00
Johannes Arnold ff65166f44 nixos/monero: fix typo 2021-05-04 21:57:21 +00:00
Johannes Arnold 7cf3ffbddd nixos/monero: add dataDir option 2021-05-04 21:56:45 +00:00
github-actions[bot] 4cbb35eba8
Merge staging-next into staging 2021-05-04 18:21:27 +00:00
Izorkin 9aad915539
nixos/netadata: add required packages 2021-05-04 21:02:23 +03:00
talyz deb58f6486 nixos/keycloak: Document how to use a custom local database 2021-05-04 19:27:08 +02:00
talyz fdf6bb5b95 Revert "nixos/keycloak: use db username in db init scripts" 
This reverts commit d9e18f4e7f.

This change is broken, since it doesn't configure the proper database
username in keycloak when provisioning a local database with a custom
username. Its intended behavior is also potentially confusing and
dangerous, so rather than fixing it, let's revert to the old one.
 2021-05-04 19:27:08 +02:00
Robert Schütz 762be5c86d nixos/radicale: harden systemd unit 2021-05-04 17:43:26 +02:00
Robert Hensing 519a435b08 nixos/hercules-ci-agent: Set default labels 2021-05-04 16:29:05 +02:00
Robert Hensing 4abd56732e nixos/hercules-ci-agent: Set default concurrency to auto 2021-05-04 16:28:31 +02:00
github-actions[bot] dfafc173e0
Merge staging-next into staging 2021-05-04 12:23:31 +00:00
Michele Guerini Rocco 93c5837be5
Merge pull request #121512 from rnhmjoj/searx 
searx: set settings.yml permissions using umask
 2021-05-04 11:43:12 +02:00
markuskowa 741ed21bea
Merge pull request #121336 from markuskowa/upd-slurm 
nixos/slurm: 20.11.5.1 -> 20.11.6.1, improve security
 2021-05-04 11:00:35 +02:00
Robert Schütz 022c5b0922 nixos/radicale: add settings option 
The radicale version is no longer chosen automatically based on
system.stateVersion because that gave the impression that old versions
are still supported.
 2021-05-04 10:22:05 +02:00
github-actions[bot] 77c79724e3
Merge staging-next into staging 2021-05-04 06:20:26 +00:00
Silvan Mosberger 37e2fbda39
Merge pull request #121449 from endgame/metadata-fetcher-umask 
metadata fetchers: use umask instead of fetch-and-chmod
 2021-05-04 03:39:38 +02:00
github-actions[bot] 98d7aac597
Merge staging-next into staging 2021-05-04 00:49:43 +00:00
Aaron Andersen aebebb5752
Merge pull request #119325 from ymarkus/bookstack 
bookstack: 0.31.7 -> 21.04.3 + nixos/bookstack: use umask before echoing & clear cache before starting
 2021-05-03 20:19:39 -04:00
Andreas Rammhold 3ec6977d30
Merge pull request #89572 from rissson/nixos/unbound 
nixos/unbound: add settings option, deprecate extraConfig
 2021-05-03 21:49:24 +02:00
Luke Granger-Brown 62f675eff6
Merge pull request #121558 from sumnerevans/fix-airsonic-service 
airsonic: force use of jre8
 2021-05-03 20:43:00 +01:00
Marc 'risson' Schmitt 52f6733203
nixos/unbound: deprecate extraConfig in favor of settings 
Follow RFC 42 by having a settings option that is
then converted into an unbound configuration file
instead of having an extraConfig option.

Existing options have been renamed or kept if
possible.

An enableRemoteAccess has been added. It sets remote-control setting to
true in unbound.conf which in turn enables the new wrapping of
unbound-control to access the server locally.  Also includes options
'remoteAccessInterfaces' and 'remoteAccessPort' for remote access.

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2021-05-03 21:27:15 +02:00
Luke Granger-Brown 0f39652cee
Merge pull request #120800 from MetaDark/undistract-me 
undistract-me: init at unstable-2020-08-09
 2021-05-03 20:22:04 +01:00
Silvan Mosberger a221e6c330
Merge pull request #121172 from eyJhb/bind-list-to-attrs 
nixos/bind: refactor zones from a list to attrset
 2021-05-03 21:21:22 +02:00
github-actions[bot] 5e177b16b1
Merge staging-next into staging 2021-05-03 18:25:49 +00:00
Kira Bruneau a24d0ab51b modules/programs/bash: add support for undistract-me 2021-05-03 14:25:02 -04:00
Kira Bruneau 62a78fc361 modules/programs/bash: move prompt plugins into separate modules 2021-05-03 14:24:24 -04:00
Jean-Baptiste Giraudeau 62f241d445 nixos/oauth2_proxy_nginx: add nginx config only if oauth2_proxy is enabled. 2021-05-03 11:23:03 -07:00
Silvan Mosberger 0111666954
Merge pull request #109561 from mjlbach/init_matrix_dendrite 
matrix-dendrite: init at 0.3.11
 2021-05-03 20:16:27 +02:00
eyjhb 757a455dde
nixos/bind: refactor zones from a list to attrset 
This commit uses coercedTo to make zones a attrset instead of list.
Makes it easier to access/change zones in multiple places.
 2021-05-03 20:04:42 +02:00
Michael Lingelbach ff43bbe53e matrix-dendrite: add nixos module 2021-05-03 10:12:24 -07:00