3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

19179 commits

Author SHA1 Message Date
Graham Christensen 7fa7bf2fda
Merge pull request #104193 from grahamc/ec2-metadata-imdsv2
NixOS EC2 AMI: Support IMDSv2
2020-11-19 16:11:32 -05:00
Robert Hensing c68e739300
Merge pull request #104271 from adisbladis/dockertools-cross
dockerTools.buildLayeredImage: Fix cross compilation
2020-11-19 20:41:53 +01:00
Graham Christensen 0d87ce610e
nixos: release: add amazonImage as a channel blocker 2020-11-19 13:56:55 -05:00
Graham Christensen f2cfecdec3
nixos ami: preflight the imds token
According to Freenode's ##AWS, the metadata server can sometimes
take a few moments to get its shoes on, and the very first boot
of a machine can see failed requests for a few moments.
2020-11-19 13:56:44 -05:00
Graham Christensen 83ea88e03f
nixos: ec2 ami: support IMDSv2
AWS's metadata service has two versions. Version 1 allowed plain HTTP
requests to get metadata. However, this was frequently abused when a
user could trick an AWS-hosted server in to proxying requests to the
metadata service. Since the metadata service is frequently used to
generate AWS access keys, this is pretty gnarly. Version two is
identical except it requires the caller to request a token and provide
it on each request.

Today, starting a NixOS AMI in EC2 where the metadata service is
configured to only allow v2 requests fails: the user's SSH key is not
placed, and configuration provided by the user-data is not applied.
The server is useless. This patch addresses that.

Note the dependency on curl is not a joyful one, and it expand the
initrd by 30M. However, see the added comment for more information
about why this is needed. Note the idea of using `echo` and `nc` are
laughable. Don't do that.
2020-11-19 13:00:56 -05:00
adisbladis 11367b2db1
dockerTools: Add cross compilation test 2020-11-19 18:13:22 +01:00
Jörg Thalheim 2bf5899d6a
Merge pull request #104105 from spacefrogg/openafs-1.9 2020-11-19 14:42:17 +01:00
Robert Hensing c790ed8c4e
Merge pull request #96371 from asdf8dfafjk/fcitx_commit
fcitx: Add test (Unicode input, table input, m17n)
2020-11-19 11:05:36 +01:00
Silvan Mosberger 3307adf755
Merge pull request #98980 from JustinLovinger/idmapd
nixos/nfs: add idmapd.settings option
2020-11-18 22:46:48 +01:00
Jörg Thalheim 58bf9ed18b
nixos/telegraf: fix test 2020-11-18 21:42:01 +01:00
Jörg Thalheim 0f84e08fcd
nixos/telegraf: make example a bit more compact 2020-11-18 21:41:58 +01:00
Jörg Thalheim 69caedcc42
nixos/telegraf: null value for environmentFiles is invalid
it's also not needed given that empty list covers all use cases.
2020-11-18 21:41:55 +01:00
Graham Christensen 21339b41bf
nixos: openstack: have its own metadata fetcher expression
These two APIs have diverged over time and are no longer compatible.
2020-11-18 11:42:32 -05:00
Emery Hemingway 7e25b71132 nixos: use nativeBuildInputs in make- iso9660-image and system-tarball
The tools used to create iso9660 images and tarballs are independent of
the platform of the closure contained within.
2020-11-18 14:05:30 +01:00
Michael Raitza 1f323ec2b4 openafs: remove 1.6; point to openafs_1_8 2020-11-17 21:31:59 +01:00
Vladimír Čunát bdcd2d82ee
Merge #103633: kresd service: switch .listenDoH
... to new implementation - and a couple other improvements.
2020-11-17 20:06:55 +01:00
Vladimír Čunát e61ef63e4e
kresd service: switch .listenDoH to new implementation
Beware: extraFeatures are not needed *for this* anymore,
but their removal may still cause a regression in some configs
(example: prefill module).
2020-11-17 20:04:56 +01:00
Tim Steinbach 08e6c4d001
Merge pull request #104018 from NeQuissimus/xterm_update
xterm: 353 -> 362, add test, add update script
2020-11-17 12:15:19 -05:00
Tim Steinbach 0984125676
Merge pull request #103988 from NeQuissimus/nano_update
nano: Update script, test
2020-11-17 12:14:51 -05:00
Oleksii Filonenko 512c3c0a05 maintainers: rename filalex77 -> Br1ght0ne 2020-11-17 13:09:31 +02:00
Tim Steinbach 61e56265c2
xterm: Add test 2020-11-16 22:13:13 -05:00
Tim Steinbach 0338f728c0
nano: Add test 2020-11-16 14:00:34 -05:00
Jörg Thalheim e54cd0ef25
Merge pull request #103876 from Mic92/lvm-generator-fix
nixos/lvm2-activation-generator: fix warnings on activation
2020-11-16 18:37:36 +01:00
Florian Klink 462c5b26c5
Merge pull request #103966 from flokli/kernel-enable-ipv6
kernel config: explicitly enable CONFIG_IPV6
2020-11-16 16:32:50 +01:00
Frederik Rietdijk 36b27ccf77
Merge pull request #103462 from NixOS/staging-next
Staging next
2020-11-16 15:23:47 +01:00
Maximilian Bosch 9fc484c373
Merge pull request #103717 from WilliButz/codimd/add-package-option
nixos/codimd: add package option, refactor prettyJSON
2020-11-16 13:46:17 +01:00
Florian Klink 13be37662d kernel config: explicitly enable CONFIG_IPV6
We currently build CONFIG_IPV6=m.

This seems to be not really well-supported in mainline kernels - see
https://lore.kernel.org/netdev/20201115224509.2020651-1-flokli@flokli.de/T/#u

Compiling it as a module doesn't give too much benefit - even for people
who did explicitly set `enableIPv6` to false, the `ipv6` module was
still loaded, as soon as another module was loaded that requires it
(bridge,br_netfilter,wireguard,ip6table_mangle,sctp,…).

By compiling it in, we only loose the possibility to not add it to
`boot.kernelModules` anymore (as it's part of the kernel directly). The
space savings are negligible.

People wanting to disable IPv6 still get the appropriate sysctls and
options set (while having the kernel code loaded), nothing is really
changing here.
2020-11-16 13:07:49 +01:00
Andreas Rammhold ad37c2c445
Merge pull request #102916 from andir/nixos-help
nixos-help: fixup .desktop file & smaller refactoring
2020-11-16 12:17:28 +01:00
Frederik Rietdijk 986c2d36da Merge master into staging-next 2020-11-16 09:01:53 +01:00
Jörg Thalheim 8ac3a1503a
nixos/lvm2-activation-generator: fix warnings on activation 2020-11-15 08:06:05 +01:00
Jörg Thalheim e2289a5f18
Merge pull request #98025 from Mic92/telegraf 2020-11-14 17:02:53 +01:00
Jörg Thalheim 7534d92648
nixos/telegraf: allow multiple env files 2020-11-14 16:33:50 +01:00
Jörg Thalheim 8edc4619ab
nixos/telegraf: switch to setting types
This allows to split up configuration into multiple modules
2020-11-14 16:33:46 +01:00
Jörg Thalheim 157d7354d6
nixos/telegraf: add environmentFile option 2020-11-14 16:33:42 +01:00
Jörg Thalheim 9750813b89
nixos/telegraf: add support for native ping 2020-11-14 16:33:39 +01:00
Frederik Rietdijk 463f738cc6 Merge master into staging-next 2020-11-13 20:58:35 +01:00
WilliButz 74d354a397
nixos/codimd: add package option, refactor prettyJSON
This adds a `package` option to allow for easier overriding of the used
CodiMD version and `runCommandLocal` with `nativeBuildInputs` is now
used to pretty print the configuration.
2020-11-13 16:14:41 +01:00
Doron Behar 8769c817f4
Merge pull request #75615 from FSMaxB/patch-1
Add note about installing NixOS from distributions with /usr/sbin and…
2020-11-13 10:50:32 +02:00
Max Bruckner be0555b8a8 nixos/doc: Add note about /usr/sbin and /sbin
An installation from Debian buster may fail without adding /usr/sbin to
$PATH because chroot is not in the PATH of a non-root user.
2020-11-13 10:30:20 +02:00
Maximilian Bosch fca0aad258
Merge pull request #103500 from chkno/nixos-YY.MM-not-in-nixpkgs-channels
doc: 20.09 release notes: nixos-YY.MM branches no longer in nixos-channels repo
2020-11-12 23:27:27 +01:00
Martin Weinelt 9309563332
postfix: add passthru tests 2020-11-12 20:00:50 +01:00
Martin Weinelt 1b5a1c697d nixos/tests/postfix: migrate test to use tlsTrustedAuthorities
Fixes: 632104e ("postfix: deprecated `sslCACert` in favour of
`tlsTrustedAuthorities`")
2020-11-12 19:38:27 +01:00
Elis Hirwing 2789f47b97
Merge pull request #103531 from gnidorah/acpilight
nixos/acpilight: add to packages
2020-11-12 07:02:39 +01:00
zowoq 31051812bc nixos/doc/*: fix indentation 2020-11-12 14:24:00 +10:00
gnidorah ec26da1fc6 nixos/acpilight: add to packages 2020-11-12 05:22:18 +03:00
Kevin Cox 66c98ec550
Merge pull request #95751 from srhb/forceImportAll
nixos/zfs: Fix boot.zfs.forceImportAll
2020-11-11 20:32:42 -05:00
Maximilian Bosch c9e96d90de
Merge pull request #103499 from chkno/fix-doc-build
doc: Fix doc-building instructions
2020-11-11 23:42:35 +01:00
Scott Worley f72a3142f0 doc: 20.09 release notes: nixos-YY.MM branches no longer in nixos-channels repo
Since 7c442a2f67
for https://github.com/NixOS/nixpkgs/issues/99257
2020-11-11 11:29:39 -08:00
Scott Worley 88b7340a79 doc: Fix doc-building instructions 2020-11-11 11:22:29 -08:00
Gabriel Ebner 753656bbbc
Merge pull request #103225 from gebner/hsphfpd
pulseaudio: add hsphfpd support
2020-11-11 19:56:35 +01:00