alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
300036 commits 217 branches 121 tags 4.5 GiB
Commit graph

10936 commits

Author SHA1 Message Date
rnhmjoj 030a521adc
nixos/wireless: make wireless.interfaces mandatory 
This is the only way to solve issue #101963, for now.
 2021-06-01 23:19:40 +02:00
github-actions[bot] ffe6577d05
Merge staging-next into staging 2021-06-01 20:30:47 +00:00
Jan Tojnar ab0d28758e
Merge pull request #125180 from chpatrick/gnome-flashback-panel-modules 
gnome-flashback: add module support to gnome-panel for installing applets
 2021-06-01 19:34:36 +02:00
Sandro eb5c8e51b7
Merge pull request #124404 from nagy/option-types 2021-06-01 15:12:16 +02:00
Patrick Chilton 6bcd4fe4ef gnome-flashback: add module support to gnome-panel for installing applets 
Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
 2021-06-01 14:04:30 +02:00
Jörg Thalheim 846f44e880
Merge pull request #121667 from Mic92/buildkite 
nixos/buildkite-agents: fix race-condition when installing secrets
 2021-06-01 09:31:23 +02:00
Maciej Krüger ef555f6a0b
Merge pull request #123426 from mattchrist/brscan5 2021-05-31 17:52:16 +02:00
Robert Hensing 5699d027ec nixos/metricbeat: init 2021-05-31 10:42:08 +02:00
Johannes Schleifenbaum 878103ce55
nixos/trilium: use boolToString for noBackup 2021-05-30 18:16:13 +02:00
Daniel Nagy e57465a617
nixos/monero: set port type to types.port 2021-05-30 14:38:20 +02:00
Daniel Nagy cc5517da4c
nixos/gitlab: set port type to types.port 2021-05-30 14:38:20 +02:00
Daniel Nagy 8e760f4858
nixos/matrix-synapse: set port type to types.port 2021-05-30 14:38:19 +02:00
Daniel Nagy 65b32a0afe
nixos/syncserver: set port type to types.port 2021-05-30 14:38:19 +02:00
Daniel Nagy 048c45679f
nixos/gitDaemon: set port type to types.port 2021-05-30 14:38:19 +02:00
Daniel Nagy 0cde374a76
nixos/redis: set port type to types.port 2021-05-30 14:38:19 +02:00
Daniel Nagy 73f9c29a2c
nixos/discourse: set port type to types.port 2021-05-30 14:38:18 +02:00
Daniel Nagy 137924cc96
nixos/terraria: adapt option types 2021-05-30 14:38:18 +02:00
Daniel Nagy 941fd008ed
nixos/lighttpd: set port type to types.port 2021-05-30 14:38:18 +02:00
Daniel Nagy a5321aecfb
nixos/darkhttpd: set port type to types.port 2021-05-30 14:38:18 +02:00
markuskowa f188138af3
Merge pull request #124181 from pmenke-de/sdrplay 
sdrplay: init at 3.07.1
 2021-05-29 22:21:10 +02:00
Martin Weinelt ee8cf6a664
Merge pull request #124839 from mweinelt/wordpress/secret-key-regen 
nixos/wordpress: regenerate secret keys if misspelled key name is found
 2021-05-29 22:13:03 +02:00
Martin Weinelt 724ed08df0
nixos/wordpress: regenerate secret keys if misspelled key name is found 
A secret key generated by the nixos module was misspelled, which could
possibly impact the security of session cookies.

To recover from this situation we will wipe all security keys that were
previously generated by the NixOS module, when the misspelled one is
found. This will result in all session cookies being invalidated. This
is confirmed by the wordpress documentation:

> You can change these at any point in time to invalidate all existing
> cookies. This does mean that all users will have to login again.

https://wordpress.org/support/article/editing-wp-config-php/#security-keys

Meanwhile this issue shouldn't be too grave, since the salting function
of wordpress will rely on the concatenation of both the user-provided
and automatically generated values, that are stored in the database.

> Secret keys are located in two places: in the database and in the
> wp-config.php file. The secret key in the database is randomly
> generated and will be appended to the secret keys in wp-config.php.

https://developer.wordpress.org/reference/functions/wp_salt/

Fixes: 2adb03fdae ("nixos/wordpress:
generate secrets locally")

Reported-by: Moritz Hedtke <Moritz.Hedtke@t-online.de>
 2021-05-29 04:24:42 +02:00
Matt Christ dd54ac5648 brscan5: simplify mkEnableOption 2021-05-28 20:55:55 -05:00
Niklas Hambüchen d344dccf3d nixos/wireguard: Remove .path systemd unit for privkey. Fixes #123203 
As per `man systemd.path`:

> When a service unit triggered by a path unit terminates
> (regardless whether it exited successfully or failed),
> monitored paths are checked immediately again,
> **and the service accordingly restarted instantly**.

Thus the existence of the path unit made it impossible to stop the
wireguard service using e.g.

    systemctl stop wireguard-wg0.service

Systemd path units are not intended for program inputs such
as private key files.
This commit simply removes this usage; the private key is still
generated by the `generateKeyServiceUnit`.
 2021-05-28 17:44:19 -07:00
talyz cb80b67993 nixos/discourse: Assert deployed PostgreSQL version 
Assert that the PostgreSQL version being deployed is the one used
upstream. Allow the user to override this assertion, since it's not
always possible or preferable to use the recommended one.
 2021-05-28 17:43:02 -07:00
talyz 1f6b48be74 discourse: 2.6.5 -> 2.7.0 2021-05-28 17:43:02 -07:00
pmenke 9e0ed182aa
sdrplay: init at 3.07.1 
this adds support for software defined radio (SDR) devices by SDRplay.
SDRplay provides an unfree binary library and api-service as well
as a MIT licensed adapter library for SoapySDR for integration
with many popular SDR applications.
 2021-05-28 15:40:04 +02:00
Jan Tojnar b2f86e6662
nixos/gnome: Do not enable metacity by default 
Did not realize this is not conditional on gnome-flashback being enabled.

Partially reverts https://github.com/NixOS/nixpkgs/pull/113957
 2021-05-28 14:57:36 +02:00
Jan Tojnar e923fc2d2b
Merge pull request #113957 from chpatrick/gnome-flashback-panel-fix 
gnome-flashback: add option to remove gnome-panel, auto-generate wmName
 2021-05-28 13:32:22 +02:00
Patrick Chilton 424cd7d999 gnome-flashback: add option to remove gnome-panel, auto-generate wmName 2021-05-28 13:10:17 +02:00
Domen Kožar b72c2d3806
duplicati: 2.0.5.1 -> 2.0.6.1, fix nixos module 2021-05-28 10:33:53 +02:00
David Arnold 13750b25a5 kubernetes: fix generated kubeconfig 
The absence of current-context in the right place resulted in obscure
bugs. The reason this has not been detected before can only be that
it was unused.
 2021-05-26 23:39:48 -07:00
Sandro 5619e3eb35
Merge pull request #124147 from superherointj/package-firebird-v4.0.0 2021-05-27 05:13:50 +02:00
Sandro 5584b49a46
Merge pull request #123363 from FliegendeWurst/trilium-update-0.47.3 2021-05-27 04:52:55 +02:00
Matt Christ c92404dc69 brscan5: update example to be supported model 2021-05-25 19:14:18 -05:00
Martin Weinelt fcd6d0bc14
Merge pull request #124263 from Lassulus/solanum3 
solanum: remove obsolete BANDB settings/patches
 2021-05-25 20:51:32 +02:00
Sandro Jäckel 140828ce38
nixos/kresd: tell resolveconf to use local resolver 2021-05-25 16:37:00 +02:00
Niklas Hambüchen 83a8acc392
Merge pull request #121331 from nh2/wireguard-dynamicEndpointRefreshSeconds 
nixos/wireguard: Add `dynamicEndpointRefreshSeconds` option
 2021-05-24 21:49:05 +02:00
lassulus 8eb5701aaf solanum: remove obsolete BANDB settings/patches 2021-05-24 15:49:57 +02:00
Naïm Favier 821ca7d4cc
nixos/nginx: add option rejectSSL exposing ssl_reject_handshake 2021-05-24 15:10:09 +02:00
regnat 113823669b Revert "nixos/nix-daemon: fix sandbox-paths option" 
This reverts commit aeeee447bc.
 2021-05-24 10:51:02 +02:00
FliegendeWurst b9e2b878c5 nixos/trilium-server: noBackup option 2021-05-24 09:55:49 +02:00
FliegendeWurst 7cb492fb13 nixos/trilium-server: add myself as maintainer 2021-05-24 09:55:49 +02:00
Ivan Kozik d95960e275 nixos/bitwarden_rs: fix startup on 32 thread machines 
LimitNPROC=64 is too low for bitwarden_rs to start on a 32 thread machine.
Remove the limit.

This fixes:

```
bitwarden_rs[38701]: /--------------------------------------------------------------------\
bitwarden_rs[38701]: |                       Starting Bitwarden_RS                        |
bitwarden_rs[38701]: |--------------------------------------------------------------------|
bitwarden_rs[38701]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
bitwarden_rs[38701]: | official channels to report bugs/features, regardless of client.   |
bitwarden_rs[38701]: | Send usage/configuration questions or feature requests to:         |
bitwarden_rs[38701]: |   https://bitwardenrs.discourse.group/                             |
bitwarden_rs[38701]: | Report suspected bugs/issues in the software itself at:            |
bitwarden_rs[38701]: |   https://github.com/dani-garcia/bitwarden_rs/issues/new           |
bitwarden_rs[38701]: \--------------------------------------------------------------------/
bitwarden_rs[38701]: [INFO] No .env file found.
bitwarden_rs[38701]: [2021-05-24 03:34:41.121][bitwarden_rs::api::core::sends][INFO] Initiating send deletion
bitwarden_rs[38701]: [2021-05-24 03:34:41.122][start][INFO] Rocket has launched from http://127.0.0.1:8222
bitwarden_rs[38701]: [2021-05-24 03:34:41.126][panic][ERROR] thread 'unnamed' panicked at 'failed to spawn thread: Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }': /build/rustc-1.52.1-src/library/std/src/thread/mod.rs:620
bitwarden_rs[38701]:    0: bitwarden_rs::init_logging::{{closure}}
bitwarden_rs[38701]:    1: std::panicking::rust_panic_with_hook
bitwarden_rs[38701]:    2: std::panicking::begin_panic_handler::{{closure}}
bitwarden_rs[38701]:    3: std::sys_common::backtrace::__rust_end_short_backtrace
bitwarden_rs[38701]:    4: rust_begin_unwind
bitwarden_rs[38701]:    5: core::panicking::panic_fmt
bitwarden_rs[38701]:    6: core::result::unwrap_failed
bitwarden_rs[38701]:    7: hyper::server::listener::spawn_with
bitwarden_rs[38701]:    8: hyper::server::listener::ListenerPool<A>::accept
bitwarden_rs[38701]:    9: std::sys_common::backtrace::__rust_begin_short_backtrace
bitwarden_rs[38701]:   10: core::ops::function::FnOnce::call_once{{vtable.shim}}
bitwarden_rs[38701]:   11: std::sys::unix:🧵:Thread:🆕:thread_start
bitwarden_rs[38701]:   12: start_thread
bitwarden_rs[38701]:   13: __GI___clone
bitwarden_rs[38701]: [2021-05-24 03:34:41.126][panic][ERROR] thread 'main' panicked at 'internal error: entered unreachable code: the call to `handle_threads` should block on success': /build/bitwarden_rs-1.20.0-vendor.tar.gz/rocket/src/rocket.rs:751
bitwarden_rs[38701]:    0: bitwarden_rs::init_logging::{{closure}}
bitwarden_rs[38701]:    1: std::panicking::rust_panic_with_hook
bitwarden_rs[38701]:    2: std::panicking::begin_panic_handler::{{closure}}
bitwarden_rs[38701]:    3: std::sys_common::backtrace::__rust_end_short_backtrace
bitwarden_rs[38701]:    4: rust_begin_unwind
bitwarden_rs[38701]:    5: core::panicking::panic_fmt
bitwarden_rs[38701]:    6: rocket:🚀:Rocket::launch
bitwarden_rs[38701]:    7: bitwarden_rs::main
bitwarden_rs[38701]:    8: std::sys_common::backtrace::__rust_begin_short_backtrace
bitwarden_rs[38701]:    9: std::rt::lang_start::{{closure}}
bitwarden_rs[38701]:   10: std::rt::lang_start_internal
bitwarden_rs[38701]:   11: main
```
 2021-05-24 04:36:17 +00:00
Sandro Jäckel 0724518919
nixos/prometheus: init pihole-exporter 2021-05-24 04:05:59 +02:00
José Romildo Malaquias de84bd18d7
Merge pull request #121031 from romildo/fix.lxqt 
lxqt: does not explicitly require gvfs package
 2021-05-23 15:06:55 -03:00
superherointj 97d9e7849b nixos/firebird: updated firebird package 2021-05-23 10:53:00 -03:00
Matt Christ 14bf8f109b fix brscan5 config generation 
before this, the config utility was unable to locate the models folder
update tests to use a compatible model
 2021-05-23 08:08:31 -05:00
Jonathan Ringer 11a9ac00fc
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
 pkgs/tools/networking/xh/default.nix
 2021-05-22 18:19:10 -07:00
Martin Weinelt 84f649f693
Merge pull request #121626 from mweinelt/botamusique 2021-05-23 02:02:09 +02:00
Martin Weinelt 59e5ff4b29
nixos/botamusique: init 2021-05-23 01:01:51 +02:00
Jan Tojnar aea7b5f08e
Merge pull request #124073 from mkg20001/cinnamonpolkit 
nixos/cinnamon: add polkit_gnome to fix #124062
 2021-05-23 00:21:28 +02:00
Jan Tojnar 141e85cc69
Merge pull request #124056 from mkg20001/cinnamonlocale 
nixos/cinnamon: add cinnamon-translations to systemPackages
 2021-05-23 00:21:11 +02:00
Maciej Krüger eca2b05354
nixos/cinnamon: add cinnamon-translations to systemPackages 
This allows other cinnamon applications to use the locales

Without this the cinnamon UI is not properly translated
 2021-05-22 23:59:33 +02:00
Maciej Krüger 8664c2c743
nixos/cinnamon: add polkit_gnome to fix #124062 2021-05-22 23:58:06 +02:00
Maximilian Bosch 278bcdce1f
Merge pull request #123941 from mweinelt/matrix-synapse 
nixos/matrix-synapse: protect created files
 2021-05-22 22:20:16 +02:00
Martin Weinelt 79e675444c
nixos/matrix-synapse: protect created files 
Enforce UMask on the systemd unit to restrict the permissions of files
created. Especially the homeserver signing key should not be world
readable, and media is served through synapse itself, so no other user
needs access to these files.

Use a prestart chmod to fixup the permissions on the signing key.
 2021-05-22 20:30:49 +02:00
Sandro 7be85b5090
Merge pull request #104420 from danielfullmer/syncoid-perm-fix 2021-05-22 17:57:56 +02:00
Domen Kožar fdd42cb68c
Merge pull request #123211 from mdevlamynck/pipewire-plasma-pa 
nixos/plasma5: also add plasma-pa when using pipewire with pulseaudio support
 2021-05-22 15:20:50 +02:00
github-actions[bot] 563389a7fd
Merge master into staging-next 2021-05-22 12:27:09 +00:00
sohalt be01cb8b97 nixos/spacenavd: run as user service 2021-05-22 12:48:12 +02:00
Domen Kožar 3a28f72e7b
Merge pull request #123970 from kisik21/nix-fix-sandbox-paths 
nixos/nix-daemon: fix sandbox-paths option
 2021-05-22 12:05:11 +02:00
Vika aeeee447bc
nixos/nix-daemon: fix sandbox-paths option 
In newer versions of Nix (at least on 2.4pre20201102_550e11f) the
`extra-` prefix for config options received a special meaning and the
option `extra-sandbox-paths` isn't recognized anymore. This commit fixes
it.

It doesn't cause a behavior change when using older versions of Nix but
does cause an extra newline to appear in the config, thus changing the
hash.
 2021-05-22 05:14:56 +00:00
github-actions[bot] 901fb5e64e
Merge master into staging-next 2021-05-22 00:56:03 +00:00
Martin Weinelt 71fb79ee6b
Merge pull request #123828 from Lassulus/solanum2 
nixos/solanum: init
 2021-05-21 23:23:01 +02:00
Maximilian Bosch a2379c69a4
Merge pull request #122833 from helsinki-systems/feat/prometheus-metric-relabel 
nixos/prometheus: Add support for metric relabeling
 2021-05-21 23:13:41 +02:00
lassulus 48c16e48aa nixos/solanum: init 2021-05-21 23:06:38 +02:00
Maximilian Bosch 5dbd28d754
Merge pull request #123009 from deviant/fix-mailman-doc-links 
nixos/mailman: fix documentation option links
 2021-05-21 22:00:47 +02:00
Matt Christ a9b7300f6f brscan5: init at 1.2.6-0 2021-05-21 12:59:30 -05:00
Jonathan Ringer 5cd5b9b97f
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
 pkgs/development/tools/kubie/default.nix
 2021-05-21 10:39:34 -07:00
eyJhb 6000f420e8
nixos/znc: fixed chown not working after hardening (#123883) 2021-05-21 19:07:53 +02:00
Elis Hirwing e9cca93bf9
Merge pull request #121778 from talyz/keycloak-security 
nixos/keycloak: Security fixes + misc
 2021-05-21 16:55:26 +02:00
Kerstin Humm 224df6940f nixos/mastodon: use rails command instead of rake 
Co-Authored-By: Izorkin <izorkin@elven.pw>
 2021-05-21 15:04:12 +02:00
github-actions[bot] 929b12e7b5
Merge master into staging-next 2021-05-21 12:28:43 +00:00
ajs124 c455f3ccaf
Merge pull request #123084 from Yarny0/hylafax 
hylafaxplus & nixos/hylafax: small improvements
 2021-05-21 14:20:57 +02:00
talyz ba00b0946e
nixos/keycloak: Split certificatePrivateKeyBundle into two options 
Instead of requiring the user to bundle the certificate and private
key into a single file, provide separate options for them. This is
more in line with most other modules.
 2021-05-21 13:09:38 +02:00
talyz dbf91bc2f1
nixos/keycloak: keycloak.database* -> keycloak.database.* 
Move all database options to their own group / attribute. This makes
the configuration clearer and brings it in line with most other modern
modules.
 2021-05-21 13:09:32 +02:00
talyz 83e406e97a
nixos/keycloak: frontendUrl always needs to be suffixed with / 
In some places, Keycloak expects the frontendUrl to end with `/`, so
let's make sure it always does.
 2021-05-21 13:09:25 +02:00
talyz 58614f8416
nixos/keycloak: Add myself to maintainers 2021-05-21 13:09:19 +02:00
talyz d748c86389
nixos/keycloak: Improve readablility by putting executables in PATH 2021-05-21 13:09:14 +02:00
talyz 8309368e4c
nixos/keycloak: Set umask before copying sensitive files 
`install` copies the files before setting their mode, so there could
be a breif window where the secrets are readable by other users
without a strict umask.
 2021-05-21 13:09:09 +02:00
talyz c2bebf4ee2
nixos/keycloak: Improve bash error handling 2021-05-21 13:09:03 +02:00
talyz d6727d28e1
nixos/keycloak: Set the postgresql database password securely 
Feeding `psql` the password on the command line leaks it through the
`psql` process' `/proc/<pid>/cmdline` file. Using `echo` to put the
command in a file and then feeding `psql` the file should work around
this, since `echo` is a bash builtin and thus shouldn't spawn a new
process.
 2021-05-21 13:08:53 +02:00
Jonathan Ringer 6b15fdce86
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
 pkgs/shells/ion/default.nix
 pkgs/tools/misc/cicero-tui/default.nix
 2021-05-20 22:11:42 -07:00
legendofmiracles af0a54285e nixos/terraria: open ports in the firewall 2021-05-20 12:11:08 -07:00
Guillaume Girol 0d5fa1cff3
Merge pull request #120622 from symphorien/duplicity-master 
nixos/duplicity: enable to prevent backup from growing infinitely
 2021-05-20 19:00:59 +00:00
Jonas Chevalier 30c021fa15
Merge pull request #123744 from hercules-ci/init-ghostunnel 
ghostunnel: init
 2021-05-20 20:58:41 +02:00
Jonathan Ringer 14f3686af1
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  pkgs/applications/terminal-emulators/alacritty/default.nix
  pkgs/servers/clickhouse/default.nix
 2021-05-20 09:12:42 -07:00
Emery Hemingway 520b4a8496 nixos: convert netatalk to settings-style configuration 
Also, set StateDirectory in systemd.….serviceConfig.
 2021-05-20 17:39:28 +02:00
Robert Hensing dc9cb63de4 nixos/ghostunnel: init 2021-05-20 10:41:52 +02:00
Christoph Hrdinka 57acb6f9f7
Merge pull request #123598 from pschyska/master 
nixos/nsd: make nsd-checkconf work when configuration contains keys (#118140)
 2021-05-20 10:41:30 +02:00
Maximilian Bosch 3f3cec6d9e clickhouse: 20.11.4.13-stable -> 21.3.11.5-lts 
Failing Hydra build: https://hydra.nixos.org/build/143269865
ZHF #122042
 2021-05-19 14:08:46 -07:00
Gabriel Gonzalez 8e9d803bac
Fix description for services.kubernetes.addonManager.enable (#71448) 
`mkEnableOption` already prefixes the description with
"Whether to enable"
 2021-05-19 13:49:27 -07:00
Jonathan Ringer c1f8a15dac
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  nixos/doc/manual/release-notes/rl-2105.xml
  pkgs/tools/security/sequoia/default.nix
 2021-05-19 10:39:54 -07:00
Paul Schyska 69202853ea
nixos/nsd: make nsd-checkconf work when configuration contains keys 2021-05-19 18:21:10 +02:00
Martin Weinelt 446c97f96f
Merge pull request #123355 from Ma27/bump-matrix-synapse 2021-05-19 18:12:14 +02:00
Jan Tojnar a858f1a90d
Merge pull request #123507 from jtojnar/no-flatpak-guipkgs 
nixos/flatpak: Remove `guiPackages` internal option
 2021-05-19 16:33:56 +02:00
Guillaume Girol 41c7fa448f nixos/duplicity: add options to exercise all possible verbs 
except restore ;)
 2021-05-19 12:00:00 +00:00
Michele Guerini Rocco 376eabdac3
Merge pull request #123254 from rnhmjoj/ipsec 
libreswan: 3.2 -> 4.4
 2021-05-19 13:36:04 +02:00
talyz 380b52c737
nixos/keycloak: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:28 +02:00
talyz 88b76d5ef9
nixos/mpd: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead.
 2021-05-19 09:32:22 +02:00
talyz 3a29b7bf5b
nixos/mpdscribble: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:17 +02:00
talyz 7842e89bfc
nixos/gitlab: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:12 +02:00
talyz 38398fade1
nixos/discourse: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:06 +02:00
Aaron Andersen 58ddbfa71d
Merge pull request #118395 from jwygoda/grafana-google-oauth2 
grafana: add google oauth2 config
 2021-05-18 23:11:24 -04:00
github-actions[bot] 7000ae2b9a
Merge master into staging-next 2021-05-19 00:55:36 +00:00
Martin Weinelt a8f71f069f
Merge pull request #123006 from mweinelt/postgresqlbackup-startat 
nixos/postgresqlBackup: allow defining multiple times to start at
 2021-05-19 01:54:38 +02:00
Martin Weinelt 4c798857e2
Merge pull request #100274 from hax404/prometheus-xmpp-alerts 2021-05-19 01:36:28 +02:00
Georg Haas 03c092579a
prometheus-xmpp-alerts: apply RFC 42 2021-05-19 01:08:38 +02:00
Jonathan Ringer ca46ad3762
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  pkgs/tools/package-management/cargo-release/default.nix
 2021-05-18 11:03:38 -07:00
Pamplemousse 037e51702e
nixos/services/foldingathome: Add an option to set the "nice level" (#122864) 
Signed-off-by: Pamplemousse <xav.maso@gmail.com>
 2021-05-18 18:44:52 +02:00
Maciej Krüger 7458dcd956
Merge pull request #75242 from mkg20001/cjdns-fix 
services.cjdns: add missing, optional login & peerName attribute
 2021-05-18 18:22:29 +02:00
Jonathan Ringer f7a112f6c4
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  pkgs/applications/graphics/emulsion/default.nix
  pkgs/development/tools/misc/texlab/default.nix
  pkgs/development/tools/rust/bindgen/default.nix
  pkgs/development/tools/rust/cargo-udeps/default.nix
  pkgs/misc/emulators/ruffle/default.nix
  pkgs/tools/misc/code-minimap/default.nix
 2021-05-18 08:57:16 -07:00
Robert Schütz d189df235a
Merge pull request #122241 from dotlambda/znc-harden 
nixos/znc: harden systemd unit
 2021-05-18 17:44:14 +02:00
Maciej Krüger 7409f9bab3
services.cjdns: add missing, optional login & peerName attribute 2021-05-18 17:39:04 +02:00
Ashlynn Anderson 903665f31c
nixos/self-deploy: init (#120940) 
Add `self-deploy` service to facilitate continuous deployment of NixOS
configuration from a git repository.
 2021-05-18 08:29:37 -07:00
Jan Tojnar 1b1faeb2db
Merge pull request #86288 from worldofpeace/gnome-doc 
nixos/gnome3: add docs
 2021-05-18 14:19:33 +02:00
Jan Tojnar ed47351533
nixos/flatpak: Remove guiPackages internal option 
It was basically just a `environment.systemPackages` synonym,
only GNOME used it, and it was stretching the responsibilities
of the flatpak module too far.

It also makes it cleaner to avoid installing the program
using GNOME module’s `excludePackages` option.

Partially reverts: https://github.com/NixOS/nixpkgs/pull/101516
Fixes: https://github.com/NixOS/nixpkgs/issues/110310
 2021-05-18 14:06:23 +02:00
rnhmjoj 1a4db01c84
nixos/libreswan: update for version 4.x 
- Use upstream unit files
- Remove deprecated config options
- Add option to disable redirects
- Add option to configure policies
 2021-05-18 08:13:36 +02:00
Jonathan Ringer c227fb4b17
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
	pkgs/development/tools/rust/cargo-cache/default.nix
	pkgs/development/tools/rust/cargo-embed/default.nix
	pkgs/development/tools/rust/cargo-flash/default.nix
	pkgs/servers/nosql/influxdb2/default.nix
 2021-05-17 07:01:38 -07:00
Robert Schütz a22ebb6d6d
Merge pull request #123017 from DavHau/davhau-scikitlearn 
python3Packages.scikitlearn: rename to scikit-learn
 2021-05-17 15:13:33 +02:00
Maximilian Bosch 2addab5fd6
nixos/matrix-synapse: room_invite_state_types was deprecated and room_prejoin_state is used now 
See https://github.com/matrix-org/synapse/blob/release-v1.34.0/UPGRADE.rst#upgrading-to-v1340
 2021-05-17 13:45:28 +02:00
Jörg Thalheim b900661f6e
Merge pull request #122825 from Izorkin/update-duplicates-systemcallfilters 
treewide: remove duplicates SystemCallFilters
 2021-05-17 12:06:06 +01:00
DavHau cd8f3e6c44 python3Packages.scikitlearn: rename to scikit-learn 2021-05-17 17:41:36 +07:00
Richard Marko 16b0f07890 nixos/nginx: fix comment about acme postRun not running as root 
As of 67a5d66 this is no longer true, since acme postRun runs as root.
The idea of the service is good so reword a comment a bit.
 2021-05-17 18:03:04 +09:00
Richard Marko 7423afb5e4 nixos/molly-brown: fix description of certPath 
`allowKeysForGroup` is no longer available so this drops

```
security.acme.certs."example.com".allowKeysForGroup = true;
```

line. `SupplementaryGroups` should be enough for
allowing access to certificates.
 2021-05-17 18:03:04 +09:00
Richard Marko 29158fc0ac nixos/postgresql: fix description of ensureUsers.ensurePermissions 
`attrName` and `attrValue` are now in correct order.
 2021-05-17 18:03:04 +09:00
Evils 7641769055 nixos/fancontrol: back to running as root 
regular users don't have write access to /sys/devices
  which is where the kernel endpoints are to control fan speed
 2021-05-17 00:00:01 -07:00
github-actions[bot] 3ff6965554
Merge master into staging-next 2021-05-17 06:22:23 +00:00
Jonathan Ringer d8e62d8e41
Merge remote-tracking branch 'origin/master' into staging-next 
Fix cargo-flash build
 2021-05-16 18:27:14 -07:00
Sandro ec1dd62608
Merge pull request #118521 from SuperSandro2000/nginx-proxy-timeout 
nixos/nginx: add option to change proxy timeouts
 2021-05-17 03:15:54 +02:00
Sandro 700942d2a5
Merge pull request #121119 from SuperSandro2000/remove-gnidorah 
treewide: remove gnidorah
 2021-05-17 02:42:24 +02:00
Sandro Jäckel 51166f90c6
nixos/nginx: add option to change proxy timeouts 2021-05-17 02:37:44 +02:00
Martin Weinelt 7bd65d54f7 treewide: remove nand0p as maintainer 
While looking at the sphinx package I noticed it was heavily
undermaintained, which is when we noticed nand0p has been inactive for
roughly 18 months. It is therefore prudent to assume they will not be
maintaining their packages, modules and tests.

- Their last contribution to nixpkgs was in 2019/12
- On 2021/05/08 I wrote them an email to the address listed in the
  maintainer-list, which they didn't reply to.
 2021-05-17 01:50:49 +02:00
Aaron Andersen 21f5dd5c6e
Merge pull request #122647 from onny/caddy 
nixos/caddy: support user and group options
 2021-05-16 17:23:57 -04:00
Johan Thomsen 2142f88526 nixos/containerd: sanitize StateDirectory and RuntimeDirectory 2021-05-17 06:17:18 +10:00
Niklas Hambüchen 357cf46c8d wireguard module: Add dynamicEndpointRefreshSeconds option. 
See for an intro:
https://wiki.archlinux.org/index.php/WireGuard#Endpoint_with_changing_IP
 2021-05-16 20:11:51 +02:00
Matthias Devlamynck 2a217314f2 nixos/plasma5: also add plasma-pa when using pipewire with pulseaudio support 2021-05-16 10:51:11 +02:00
github-actions[bot] c10600230e
Merge staging-next into staging 2021-05-15 18:30:31 +00:00
github-actions[bot] f1b78f8618
Merge master into staging-next 2021-05-15 18:30:28 +00:00
Jonathan Ringer 5a6540c49c nixos/factorio: update admin setting 2021-05-15 09:04:35 -07:00
Jonas Heinrich fff9cf00fd caddy: support user and group options 2021-05-15 10:32:49 +02:00
github-actions[bot] 78ae7ac75e
Merge staging-next into staging 2021-05-15 06:22:25 +00:00
github-actions[bot] c48794dcef
Merge master into staging-next 2021-05-15 06:22:22 +00:00
Aaron Andersen fc63be7ac8
Merge pull request #122658 from aanderse/httpd-reload 
nixos/httpd: provide a stable path stable path to the configuration f…
 2021-05-14 23:50:43 -04:00
Yarny0 c2af1ff281 nixos/hylafax: enable ProtectKernelLogs for most services 
Also document that `ProtectClock` blocks access to serial line.
I couldn't found out why this is the case,
but faxgetty complains about the device file
not being accessible with `ProtectClock=true`.
 2021-05-14 22:55:50 +02:00
Vladimír Čunát c48eaa70e3
Merge branch 'master' into staging-next 2021-05-14 22:27:34 +02:00
Martin Weinelt 21746a7c80
nixos/postgresqlBackup: allow defining multiple times to start at 
Or … none! Because forcing a string always results in an OnCalender=
setting, but an empty string leads to an empty value.

>  postgresqlBackup-hass.timer: Timer unit lacks value setting. Refusing.

or

> postgresqlBackup-miniflux.timer: Cannot add dependency job, ignoring: Unit postgresqlBackup-miniflux.timer has a bad unit file setting.

I require the postgresqlBackup in my borgbackup unit, so I don't
strictly need the timer and could previously set it to an empty list.
 2021-05-14 20:41:08 +02:00
V f4c5ebea50 nixos/mailman: fix documentation option links 2021-05-14 18:33:24 +02:00
Robert Schütz e611d663f4
Merge pull request #120440 from dotlambda/radicale-settings 
nixos/radicale: add settings option
 2021-05-14 15:37:26 +02:00
WilliButz 94b2848559
Merge pull request #91663 from mweinelt/kea-exporter 
prometheus-kea-exporter: init at 0.4.1
 2021-05-14 14:38:08 +02:00
zowoq 004f8cd986 Merge staging-next into staging 2021-05-14 16:32:43 +10:00
Yarny0 4415846d5c nixos/hylafax: use runtimeShell where possible 
According to
https://github.com/NixOS/nixpkgs/pull/84556
this effort helps with cross-compilation.

This commit also renames a substituted variable `hylafax`
to `hylafaxplus` to permit substitution with `inherit`.
 2021-05-14 05:42:18 +02:00
Yarny0 89df33f882 nixos/hylafax: replace a nested expression with lib.pipe 
This avoids a tripple-nested function call,
and it looks slightly simpler (at least to me).
 2021-05-14 05:42:18 +02:00
Yarny0 449647daf5 nixos/hylafax: use lib.types.ints.positive 
I haven't realized earlier that there is
already an option type for postive integers.
 2021-05-14 05:42:17 +02:00
github-actions[bot] bf5d8bb531
Merge master into staging-next 2021-05-14 00:58:11 +00:00
Maximilian Bosch bfd4c121ff
Merge pull request #122637 from mayflower/prometheus-2.26.0 
Prometheus 2.26.0 + exporter updates
 2021-05-13 23:05:29 +02:00
Janne Heß 672e64701c
nixos/prometheus: Add support for metric relabeling 2021-05-13 15:59:46 +02:00
Izorkin feebe402f5
treewide: remove duplicates SystemCallFilters 2021-05-13 15:44:56 +03:00
Martin Weinelt bc4a80979b
nixos/prometheus-kea-exporter: init 2021-05-12 21:51:44 +02:00
github-actions[bot] b057978bb2
Merge staging-next into staging 2021-05-12 18:32:29 +00:00
github-actions[bot] f214722172
Merge master into staging-next 2021-05-12 18:32:26 +00:00
midchildan 6567031111
nixos/mirakurun: add polkit rule for smart card access (#122066) 
Fixes #122039
 2021-05-12 13:57:49 -04:00
Aaron Andersen f20aa073e1 nixos/httpd: provide a stable path stable path to the configuration file for reloads 2021-05-11 22:36:55 -04:00
Robin Gloster 9438b12f99
prometheus-collectd-exporter: fix options for new version 2021-05-11 17:57:46 -05:00
Robin Gloster b2956ce654
prometheus-bind-exporter: fix options for new version 2021-05-11 17:57:46 -05:00
Robin Gloster da85657a6c
prometheus-rspamd-exporter: fix for new json exporter syntax 2021-05-11 17:57:46 -05:00
Thomas Tuegel 799f351997
KDE Applications 20.12.3 -> KDE Gear 21.04.0 2021-05-11 12:14:58 -05:00
Jan Tojnar 8380ceb766
nixos/gnome: Allow disabling sysprof 2021-05-11 18:11:01 +02:00
worldofpeace 8ad5d65d09
nixos/gnome: add user docs 
Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
 2021-05-11 18:10:53 +02:00
github-actions[bot] 1e7a48b474
Merge master into staging-next 2021-05-11 12:24:28 +00:00
Tom 33a4c43126
nixos/tor: fix HidServAuth (#122439) 
* add an example for services.tor.settings.HidServAuth

* fix HidServAuth validation to require ".onion"
  Per https://manpages.debian.org/testing/tor/torrc.5.en.html :
  > Valid onion addresses contain 16 characters in a-z2-7 plus ".onion"
 2021-05-11 10:10:32 +02:00
github-actions[bot] 10e16ec9ab
Merge master into staging-next 2021-05-11 06:20:33 +00:00
Jörg Thalheim 8af4bf61fd
Merge pull request #122423 from Izorkin/update-netdata 
nixos/netdata: update configuration
 2021-05-11 06:07:48 +01:00
github-actions[bot] 49b8e6f7d4
Merge master into staging-next 2021-05-11 00:48:15 +00:00
Robert Schütz 7217b2d85e
Merge pull request #121785 from dotlambda/dendrite-rename 
matrix-dendrite: rename to dendrite
 2021-05-10 23:30:12 +02:00
Joe DeVivo bf92d0ec37 nixos/ssm-agent: conf files written to /etc 
ssm-agent expects files in /etc/amazon/ssm. The pkg substitutes a location in
the nix store for those default files, but if we ever want to adjust this
configuration on NixOS, we'd need the ability to modify that file.

This change to the nixos module writes copies of the default files from the nix
store to /etc/amazon/ssm. Future versions can add config, but right now this
would allow users to at least write out a text value to
environment.etc."amazon/ssm/amazon-ssm-agent.json".text to provide
their own config.
 2021-05-10 13:16:41 -07:00
github-actions[bot] 61fa3fdde8
Merge master into staging-next 2021-05-10 18:28:17 +00:00
Sandro f0bb4f066a
Merge pull request #95050 from paumr/bind-fmt 2021-05-10 19:06:00 +02:00
Julien Moutinho 7e794a1da2 nixos/davfs2: wrap {,u}mount.davfs with setuid=true 2021-05-10 15:54:52 +02:00
github-actions[bot] 115881e756
Merge master into staging-next 2021-05-10 12:24:32 +00:00
Izorkin 85914bc01d
nixos/netdata: change wrappers permissions 2021-05-10 10:35:51 +03:00
Izorkin 859633ee43
nixos/netdata: use cgroup v2 2021-05-10 10:24:31 +03:00
Izorkin 58497175be
nixos/netdata: cgroup-network: don't use AmbientCapabilities 2021-05-10 10:19:57 +03:00
Michele Guerini Rocco 4cbe186a8a
Merge pull request #121394 from bjornfor/atd-file-creation 
nixos/atd: prefer 'install' over 'mkdir/chmod/chown'
 2021-05-10 08:43:57 +02:00
github-actions[bot] f4d69ad1f2
Merge master into staging-next 2021-05-10 06:20:28 +00:00
Michele Guerini Rocco d0cbcce8d4
Merge pull request #121395 from bjornfor/nixos-wpa-supplicant 
nixos/wpa_supplicant: prefer 'install' over 'touch/chmod/mkdir/chgrp'
 2021-05-10 08:16:39 +02:00
Vladimír Čunát 5663b2b2d3
Merge branch 'master' into staging-next 
(a trivial conflict in transmission)
 2021-05-09 09:31:55 +02:00
paumr 5390d4b946 nixos/bind: formatted with nixpkgs-fmt 2021-05-08 23:13:58 +02:00
Robert Schütz 314a64a026 nixos/znc: fix example 2021-05-08 22:54:19 +02:00
Robert Schütz 5986f233a6 nixos/znc: remove trailing slash from dataDir 2021-05-08 22:54:19 +02:00
Robert Schütz 4400ee83ec nixos/znc: harden systemd unit 2021-05-08 22:54:15 +02:00
Robert Hensing 4433ba90aa
Merge pull request #121927 from rissson/nixos-unbound-fix-top-level-include 
nixos/unbound: allow list of strings in top-level settings option type
 2021-05-08 22:00:57 +02:00
github-actions[bot] 6d46d8a9b9
Merge master into staging-next 2021-05-08 18:22:46 +00:00
Marc 'risson' Schmitt 0340cd2abe
nixos/unbound: allow list of strings in top-level settings option type 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2021-05-08 19:55:17 +02:00
Aaron Andersen 9254b82706
Merge pull request #121746 from j0hax/monero-options 
nixos/monero: add dataDir option
 2021-05-08 11:43:49 -04:00
Martin Weinelt 9651084620 Merge remote-tracking branch 'origin/master' into staging-next 2021-05-08 14:43:43 +02:00
Vladimír Čunát 080cd658ca
Merge #121780: treewide meta.maintainers tweaks 2021-05-08 10:47:08 +02:00
Gemini Lasswell 28f51d7757 nixos/yggdrasil: set directory permissions before writing keys 
Remove the opportunity for someone to read the keys in between when
they are written and when the chmod is done.  Addresses #121293.
 2021-05-08 09:49:19 +02:00
Jan Tojnar 468cb5980b gnome: rename from gnome3 
Since GNOME version is now 40, it no longer makes sense to use the old attribute name.
 2021-05-08 09:47:42 +02:00
github-actions[bot] b4416b52c5
Merge master into staging-next 2021-05-08 00:46:50 +00:00
Johannes Arnold c0853b6e2c nixos/monero: use isSystemUser = true 2021-05-08 02:13:25 +02:00
Michele Guerini Rocco 4e4869b92b
Merge pull request #114745 from rnhmjoj/brltty 
brltty: 6.1 -> 6.3; nixos/brltty: use upstream units
 2021-05-07 23:35:57 +02:00
Evils 5ae90276c3 nixos/fancontrol: clean up module 
set a group and user for the service
remove default null config
  it's required, now it throws an error pointing to the option

set myself (module author) as maintainer
 2021-05-07 11:46:40 -07:00
github-actions[bot] 1ae6d3d02f
Merge master into staging-next 2021-05-07 18:24:29 +00:00
ajs124 cd609e7a1c
Merge pull request #117094 from helsinki-systems/drop/spidermonkey_1_8_5 
spidermonkey_1_8_5: drop
 2021-05-07 18:55:49 +02:00
Robert Hensing 316b82563a
Merge pull request #121702 from hercules-ci/nixos-hercules-ci-agent-update 
nixos/hercules-ci-agent: updates
 2021-05-07 15:48:33 +02:00
Vladimír Čunát 9f054b5e1a
treewide: remove worldofpeace from meta.maintainers 
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
 2021-05-07 15:36:40 +02:00
github-actions[bot] 12193913a1
Merge staging-next into staging 2021-05-07 12:23:21 +00:00
Jan Tojnar 9468b07326
Merge branch 'gnome-40' 2021-05-07 12:12:40 +02:00
github-actions[bot] e5f4def056
Merge staging-next into staging 2021-05-07 00:46:58 +00:00
John Ericson a3e54cb582 Merge remote-tracking branch 'upstream/staging-next' into staging 2021-05-06 15:48:25 -04:00
Sander van der Burg 77295e7e6b nixos/disnix: configure the remote client by default, if multi-user mode has been enabled 2021-05-06 19:33:02 +02:00
Martin Weinelt 6a09bc4405
Merge pull request #121865 from mweinelt/home-assistant 2021-05-06 18:05:00 +02:00
Martin Weinelt 24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection 
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.

It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.

This leaves us with these options unsecured:

✗ PrivateNetwork=                                             Service has access to the host's network                                                                 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                                                    0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                                       0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                                         0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                                       0.2
✗ PrivateUsers=                                               Service has access to other users                                                                        0.2
✗ SystemCallFilter=~@resources                                System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed)      0.2
✗ RestrictAddressFamilies=~AF_NETLINK                         Service may allocate netlink sockets                                                                     0.1
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                                            0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                                                   0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                                       0.1
✗ ProcSubset=                                                 Service has full access to non-process /proc files (/proc subset=)                                       0.1

→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
 2021-05-06 16:55:53 +02:00
Jörg Thalheim 4e783a4cb7
Merge pull request #121724 from Izorkin/update-netdata 
netdata: 1.29.3 -> 1.30.1
 2021-05-06 14:58:33 +01:00
github-actions[bot] c63e69cd89
Merge staging-next into staging 2021-05-06 12:23:32 +00:00
Maximilian Bosch a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple 
wpa_supplicant: allow both imperative and declarative networks
 2021-05-06 11:01:35 +02:00
Simon Thoby 1bdda029cd nixos/services/torrent/transmission.nix: add a missing apparmor rule 
libbrotli wasn't listed as a dependency for the AppArmor profile of the transmission-daemon binary.
As a result, transmission wouldn't run and would fail, logging this audit message to dmesg:
audit[11595]: AVC apparmor=DENIED operation=open profile=/nix/store/08i1rmakmnpwyxpvp0sfc5hcm106am7w-transmission-3.00/bin/transmission-daemon name=/proc/11595/environ pid=11595 comm=transmission-da requested_mask=r denied_mask=r fsuid=70 ouid=70
 2021-05-05 22:47:52 +02:00
Jan Tojnar 878abc6488
nixos/gnome3: Install GNOME Tour 
It will be run after startup.
 2021-05-05 22:43:02 +02:00
Jan Tojnar 316928e8c1
nixos/gnome3: Enable power-profiles-daemon 
GNOME 40 added support for it in Control Center.
 2021-05-05 22:43:01 +02:00
Jan Tojnar 49ae2e4c26
gnome3.gnome-getting-started-docs: drop 
It has been retired

https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/353
 2021-05-05 22:43:01 +02:00
Jan Tojnar d2e141e412
gnome3.gdm: 3.38.2.1 → 40.0 2021-05-05 22:42:32 +02:00
Izorkin 53651179b9
nixos/netdata: update capabilities 2021-05-05 20:46:07 +03:00
github-actions[bot] af9d9374fa
Merge staging-next into staging 2021-05-05 12:23:47 +00:00
Robert Schütz f82c6fdfd5 nixos/matrix-dendrite: rename to dendrite 2021-05-05 12:38:02 +02:00
Robert Schütz 007cab9644 matrix-dendrite: rename to dendrite 
No other distro calls it matrix-dendrite:
https://repology.org/project/matrix-dendrite
 2021-05-05 12:37:04 +02:00
Robert Hensing ce93c98ce2
Merge pull request #99132 from Infinisil/recursive-type-deprecation 
Recursive type deprecation
 2021-05-05 11:13:37 +02:00
Jörg Thalheim 503b937542
nixos/buildkite-agents: fix race-condition when installing secrets 2021-05-05 06:56:06 +02:00
Silvan Mosberger 0a377f11a5 nixos/treewide: Remove usages of deprecated types.string 2021-05-05 03:31:41 +02:00
Johannes Arnold ff65166f44 nixos/monero: fix typo 2021-05-04 21:57:21 +00:00
Johannes Arnold 7cf3ffbddd nixos/monero: add dataDir option 2021-05-04 21:56:45 +00:00
github-actions[bot] 4cbb35eba8
Merge staging-next into staging 2021-05-04 18:21:27 +00:00
Izorkin 9aad915539
nixos/netadata: add required packages 2021-05-04 21:02:23 +03:00
talyz deb58f6486 nixos/keycloak: Document how to use a custom local database 2021-05-04 19:27:08 +02:00
talyz fdf6bb5b95 Revert "nixos/keycloak: use db username in db init scripts" 
This reverts commit d9e18f4e7f.

This change is broken, since it doesn't configure the proper database
username in keycloak when provisioning a local database with a custom
username. Its intended behavior is also potentially confusing and
dangerous, so rather than fixing it, let's revert to the old one.
 2021-05-04 19:27:08 +02:00
Robert Schütz 762be5c86d nixos/radicale: harden systemd unit 2021-05-04 17:43:26 +02:00
Robert Hensing 519a435b08 nixos/hercules-ci-agent: Set default labels 2021-05-04 16:29:05 +02:00
Robert Hensing 4abd56732e nixos/hercules-ci-agent: Set default concurrency to auto 2021-05-04 16:28:31 +02:00
github-actions[bot] dfafc173e0
Merge staging-next into staging 2021-05-04 12:23:31 +00:00
Michele Guerini Rocco 93c5837be5
Merge pull request #121512 from rnhmjoj/searx 
searx: set settings.yml permissions using umask
 2021-05-04 11:43:12 +02:00
markuskowa 741ed21bea
Merge pull request #121336 from markuskowa/upd-slurm 
nixos/slurm: 20.11.5.1 -> 20.11.6.1, improve security
 2021-05-04 11:00:35 +02:00
Robert Schütz 022c5b0922 nixos/radicale: add settings option 
The radicale version is no longer chosen automatically based on
system.stateVersion because that gave the impression that old versions
are still supported.
 2021-05-04 10:22:05 +02:00
github-actions[bot] 98d7aac597
Merge staging-next into staging 2021-05-04 00:49:43 +00:00
Aaron Andersen aebebb5752
Merge pull request #119325 from ymarkus/bookstack 
bookstack: 0.31.7 -> 21.04.3 + nixos/bookstack: use umask before echoing & clear cache before starting
 2021-05-03 20:19:39 -04:00
Andreas Rammhold 3ec6977d30
Merge pull request #89572 from rissson/nixos/unbound 
nixos/unbound: add settings option, deprecate extraConfig
 2021-05-03 21:49:24 +02:00
Luke Granger-Brown 62f675eff6
Merge pull request #121558 from sumnerevans/fix-airsonic-service 
airsonic: force use of jre8
 2021-05-03 20:43:00 +01:00
Marc 'risson' Schmitt 52f6733203
nixos/unbound: deprecate extraConfig in favor of settings 
Follow RFC 42 by having a settings option that is
then converted into an unbound configuration file
instead of having an extraConfig option.

Existing options have been renamed or kept if
possible.

An enableRemoteAccess has been added. It sets remote-control setting to
true in unbound.conf which in turn enables the new wrapping of
unbound-control to access the server locally.  Also includes options
'remoteAccessInterfaces' and 'remoteAccessPort' for remote access.

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2021-05-03 21:27:15 +02:00
Silvan Mosberger a221e6c330
Merge pull request #121172 from eyJhb/bind-list-to-attrs 
nixos/bind: refactor zones from a list to attrset
 2021-05-03 21:21:22 +02:00
github-actions[bot] 5e177b16b1
Merge staging-next into staging 2021-05-03 18:25:49 +00:00