Jörg Thalheim
a110c227a3
Merge pull request #86180 from Mic92/prey-bash-client
2020-04-28 14:01:47 +01:00
hyperfekt
c0fe9d609d
nixos/fish: prevent fish from generating completions on first run
2020-04-28 14:05:28 +02:00
zowoq
c59c4e3589
nixos/*: use $out instead of $bin with buildGoPackage
2020-04-28 20:30:29 +10:00
zowoq
3f17518490
buildGoPackage: use $out instead of $bin
2020-04-28 20:30:23 +10:00
Jörg Thalheim
72773b9c97
prey-bash-client: remove
...
prey-bash-client is deprecated since 2018
2020-04-28 09:44:55 +01:00
talyz
c0a838df38
nixos/gitlab: Fix services.gitlab.enableStartTLSAuto
...
'toString false' results in an empty string, which, in this context,
is a syntax error. Use boolToString instead.
Fixes #86160
2020-04-28 09:05:26 +02:00
Luka Blaskovic
fe7f770666
sof-firmware: init at 1.4.2
2020-04-28 05:25:38 +00:00
Maximilian Bosch
1f6d33ef26
Merge pull request #86013 from Ma27/cups-allow-from
...
nixos/printing: make access to web-interface configurable
2020-04-28 02:56:16 +02:00
worldofpeace
a7ca287ecb
nixos/qemu-vm: don't set -vga std
...
This has been default since QEMU 2.2, it also prevents using a different
-vga
2020-04-27 20:04:03 +02:00
Jörg Thalheim
2bd4ff03cb
Merge pull request #86113 from colemickens/azure-local-nixpkgs
2020-04-27 13:04:33 +01:00
Jörg Thalheim
e92b11d964
Merge pull request #86104 from xaverdh/options-types
2020-04-27 11:03:43 +01:00
Cole Mickens
7c7e76450b
nixos/azure-new: use local nixpkgs
2020-04-27 02:11:10 -07:00
Dominik Xaver Hörl
c10d82358f
treewide: add types to boolean / enable options or make use of mkEnableOption
2020-04-27 09:32:01 +02:00
zowoq
3c83386c6b
nixos/podman: add assertion for dockerCompat
2020-04-27 14:08:19 +10:00
talyz
72636bc2f6
php: Get rid of all config.php parameters
...
Since all options controlled by the config.php parameters can now be
overridden directly, there's no reason to keep them around.
2020-04-26 16:43:23 +02:00
talyz
2ba7926959
php.buildEnv: Provide a list of currently enabled extensions
...
Rework withExtensions / buildEnv to handle currently enabled
extensions better and make them compatible with override. They now
accept a function with the named arguments enabled and all, where
enabled is a list of currently enabled extensions and all is the set
of all extensions. This gives us several nice properties:
- You always get the right version of the list of currently enabled
extensions
- Invocations chain
- It works well with overridden PHP packages - you always get the
correct versions of extensions
As a contrived example of what's possible, you can add ImageMagick,
then override the version and disable fpm, then disable cgi, and
lastly remove the zip extension like this:
{ pkgs ? (import <nixpkgs>) {} }:
with pkgs;
let
phpWithImagick = php74.withExtensions ({ all, enabled }: enabled ++ [ all.imagick ]);
phpWithImagickWithoutFpm743 = phpWithImagick.override {
version = "7.4.3";
sha256 = "wVF7pJV4+y3MZMc6Ptx21PxQfEp6xjmYFYTMfTtMbRQ=";
fpmSupport = false;
};
phpWithImagickWithoutFpmZip743 = phpWithImagickWithoutFpm743.withExtensions (
{ enabled, all }:
lib.filter (e: e != all.zip) enabled);
phpWithImagickWithoutFpmZipCgi743 = phpWithImagickWithoutFpmZip743.override {
cgiSupport = false;
};
in
phpWithImagickWithoutFpmZipCgi743
2020-04-26 16:43:05 +02:00
AmineChikhaoui
9cf9e66e6f
ec2-amis.nix: add NixOS 20.03 images
...
Fixes #85857 .
2020-04-26 09:54:10 -04:00
Janne Heß
bc2a4b341a
nixos/nsswitch: Make databases more configurable
...
Instead of hardcoding all nss modules that are added into nsswitch,
there are now options exposed.
This allows users to add own nss modules (I had this issue with
winbindd, for example).
Also, nss modules could be moved to their NixOS modules which would
make the nsswitch module slimmer.
As the lists are now handled by the modules system, we can use mkOrder
to ensure a proper order as well as mkForce to override one specific
database type instead of the entire file.
2020-04-26 03:16:57 +02:00
Aaron Andersen
16ab83760f
Merge pull request #85043 from aanderse/httpd-2020
...
nixos/httpd: modernize module standards
2020-04-25 20:04:05 -04:00
Graham Christensen
a2e9965d74
Merge pull request #82414 from AmineChikhaoui/update-ec2-amis-19-09
...
ec2 amis: update 19.09 AMIs
2020-04-25 18:15:41 -04:00
Florian Klink
02b57e72bb
Merge pull request #86010 from flokli/nscd-disable
...
nixos/nscd: be more specific in the nscd.enable description on what breaks
2020-04-26 00:05:25 +02:00
Maximilian Bosch
4062592f3a
nixos/printing: make access to web-interface configurable
...
Otherwise you'd always get a 403 when hosting the web-interface of cups
at a different location than `localhost`.
2020-04-25 19:48:34 +02:00
Florian Klink
2ececf1ed9
nixos/nscd: be more specific in the nscd.enable description on what breaks
2020-04-25 18:11:10 +02:00
adisbladis
1ca6909514
Merge pull request #74378 from ttuegel/lxc-container
...
docker-container: Remove /etc symlink
2020-04-25 16:25:15 +02:00
Jacek Galowicz
002b553b14
Merge pull request #85781 from blitz/spike-test
...
Add spike integration test to nixosTests
2020-04-25 15:50:38 +02:00
lewo
fcf547d0e2
Merge pull request #85813 from johnae/fix-k3s-systemd-units
...
The systemd unit for k3s should differ between agents and servers
2020-04-25 09:45:49 +02:00
worldofpeace
ee5cba24c3
Revert "ibus: fix dconf db installation"
2020-04-24 18:22:59 -04:00
worldofpeace
78a9359b2a
Merge pull request #85892 from symphorien/ibus-db
...
ibus: fix dconf db installation
2020-04-24 15:49:01 -04:00
worldofpeace
90e16f7ed6
Merge pull request #84242 from gnidorah/qt
...
nixos/qt5: support adwaita-dark theme
2020-04-24 08:47:21 -04:00
Symphorien Gibol
5b7ffe6140
nixos/tests/ibus: fix test
2020-04-24 12:00:00 +00:00
Symphorien Gibol
a71dc0b27e
ibus: fix installation of dconf database
...
Fixes this warning at ibus-daemon startup:
(ibus-dconf:15691): dconf-WARNING **: 21:49:24.018: unable to open file '/etc/dconf/db/ibus': Failed to open file ?/etc/dconf/db/ibus?: open() failed: No such file or directory; expect degraded performance
2020-04-24 13:15:56 +02:00
zowoq
b464d76126
nixos/cri-o: share registries with nixos/containers
2020-04-24 20:53:36 +10:00
adisbladis
67a61fbd34
nixos/podman: Add rootless containers to test
2020-04-24 10:50:17 +01:00
adisbladis
5a3b818368
Merge pull request #85894 from zowoq/podman-crio
...
podman team: add cri-o packages/module
2020-04-24 11:34:07 +02:00
zowoq
0944d77fc0
nixos/containers: move libpod to nixos/podman
2020-04-24 15:34:05 +10:00
Aaron Andersen
218049c5c2
nixos/gitea: add settings option
2020-04-23 21:06:26 -04:00
zowoq
4484e7981e
nixos/cri-o: update maintainers
2020-04-24 08:08:27 +10:00
Florian Klink
06a34e69ad
Merge pull request #85832 from benley/benley/grub-serial
...
installer test: Fix grub extraConfig syntax
2020-04-23 13:38:30 +02:00
Florian Klink
25605d2e3f
Merge pull request #85735 from nh2/journald-storage-limit-logs
...
journald service docs: Add helpful comments about the journal getting full
2020-04-23 13:35:12 +02:00
adisbladis
0dc3e485a1
Merge pull request #85822 from zowoq/cni-collision
...
nixos/{cri-o,podman}: remove cni-plugins from environment.systemPackages
2020-04-23 11:22:01 +02:00
Florian Klink
04e308a496
Merge pull request #85815 from arianvp/fix-85800
...
Fix networkd not restarting on unit changes
2020-04-23 10:36:57 +02:00
Arian van Putten
f332109ebf
nixos/datadog-agent: Fix restartTriggers
...
Fixes #85800
1d61efb7f1
2020-04-23 09:58:18 +02:00
Arian van Putten
14395cc687
nixos/networkd: Fix restartTriggers
...
1d61efb7f1
2020-04-23 09:53:44 +02:00
Frederik Rietdijk
cff0669a48
Merge master into staging-next
2020-04-23 08:11:16 +02:00
John Axel Eriksson
41a95b1b7d
The systemd unit for k3s should differ between agents and servers
2020-04-23 07:55:23 +02:00
Benjamin Staffin
f09b8be73d
installer test: Fix grub extraConfig syntax
...
It looks like `terminal_output.serial` is incorrect, according to the
grub documentation:
https://www.gnu.org/software/grub/manual/grub/html_node/Serial-terminal.html
Related PR: #79406
2020-04-22 20:30:19 -04:00
zowoq
4102db2127
nixos/podman: remove cni-plugins from environment.systemPackages
2020-04-23 10:29:17 +10:00
zowoq
54b59dd6c0
nixos/cri-o: remove cni-plugins from environment.systemPackages
2020-04-23 10:29:11 +10:00
Niklas Hambüchen
811411db6e
journald service: Add helpful comments about the journal getting full
2020-04-23 02:24:50 +02:00
Florian Klink
32516e4fee
Merge pull request #80103 from tfc/port-systemd-confinement-test
...
nixosTests.systemd-confinement: Port to Python
2020-04-23 01:00:51 +02:00
Piotr Bogdan
830733db24
nixos/manual: fix build
2020-04-22 16:56:44 +01:00
Frederik Rietdijk
8374a2a0ee
Merge master into staging-next
2020-04-22 17:20:20 +02:00
Julian Stecklina
a33ce7e4fb
spike: add test to nixosTests
2020-04-22 14:45:12 +02:00
Bas van Dijk
784aa2913a
Merge pull request #79840 from knl/update-oauth2_proxy-to-5.0.0
...
oauth2_proxy: 3.2.0 -> 5.1.0
2020-04-22 12:15:07 +02:00
Jörg Thalheim
6eb1020cbf
Merge pull request #85746 from iblech/patch-11
2020-04-22 10:47:28 +01:00
Jacek Galowicz
0b1bef70a9
nixosTests.redmine: Port to python
2020-04-22 08:36:27 +02:00
Elis Hirwing
9be2cbf27b
nixosTests.php: Add maintainer team as maintainers
2020-04-22 06:48:06 +02:00
Ingo Blechschmidt
2e2da182fe
nixos-containers: add docs about nested containers
2020-04-22 05:30:48 +02:00
Jan Tojnar
b231ac2101
Merge pull request #85402 from jtojnar/httpd-php
2020-04-22 04:23:24 +02:00
Aaron Andersen
7bc9f24fb6
nixos/httpd: update release notes
2020-04-21 20:34:55 -04:00
Aaron Andersen
d0de970279
nixos/httpd: some mod_php cleanup
2020-04-21 20:33:18 -04:00
Aaron Andersen
ee030b121b
nixos/httpd: set modern default values for mpm and http2
2020-04-21 20:33:18 -04:00
Aaron Andersen
20f37a4430
nixos/httpd: run as non root user
2020-04-21 20:33:18 -04:00
Alexandre Esteves
4cc383dd9a
Fix typos ( #85693 )
2020-04-22 01:02:11 +02:00
worldofpeace
af2009a800
Merge pull request #85710 from worldofpeace/gnome-iso-wayland-default
...
installation-cd-graphical-gnome: don't run xorg default
2020-04-21 18:19:44 -04:00
davidak
6a7e0562de
Update link in /etc/os-release ( #85723 )
2020-04-22 00:16:22 +02:00
Ismaël Bouya
3dbd3f2651
rl-2003: Update the release documentation
...
It currently says that everything will be backward compatible between lego and simp-le certificates, but it’s not.
(cherry picked from commit 21c4a33cee
2020-04-21 23:51:12 +02:00
adisbladis
2d91da909e
Merge pull request #85604 from adisbladis/podman-module
...
nixos/virtualisation.podman: Init module
2020-04-21 23:48:48 +02:00
Raphael Borun Das Gupta
347e251261
nixos/xonsh: source NixOS environment
...
Without doing that, xonsh is unusable as login shell
2020-04-21 23:43:37 +02:00
Florian Klink
c1a6e60335
Merge pull request #85598 from danderson/tailscale-fix-cachedir
...
nixos/tailscale: set a CacheDir in the systemd unit.
2020-04-21 22:38:32 +02:00
Florian Klink
6ba4ef6580
Merge pull request #85708 from Beskhue/fix-documentation
...
nixos/phpfpm: fix erroneous pools example
2020-04-21 22:16:15 +02:00
Florian Klink
cece19e0d8
Merge pull request #73505 from tomfitzhenry/networkd-dhcp-server-test
...
systemd-networkd: add DHCPServer test
2020-04-21 21:49:47 +02:00
worldofpeace
873f20f63e
rl-2009: GNOME ISO
2020-04-21 15:46:20 -04:00
worldofpeace
6464d8f4af
nixos/release: add GNOME ISO
2020-04-21 15:44:09 -04:00
worldofpeace
37e146c255
nixos/manual: fix build
2020-04-21 15:43:20 -04:00
worldofpeace
1f12a07179
installation-cd-graphical-gnome: don't run xorg default
...
If for some reason the Wayland session fails to start
it will just start the Xorg session.
2020-04-21 15:26:25 -04:00
Florian Klink
91e3358f62
Merge pull request #85692 from nh2/systemd-update-default-rate-limit
...
journald service: Increase default rate limit 1000 -> 10000.
2020-04-21 21:06:48 +02:00
Thomas Churchman
8880957042
nixos/phpfpm: fix erroneous pools example
2020-04-21 20:59:52 +02:00
Frederik Rietdijk
23be4a8b4d
Merge master into staging-next
2020-04-21 19:59:56 +02:00
worldofpeace
9b20a24d4d
Merge pull request #85643 from petabyteboy/feature/generate-config
...
nixos/tools: adapt for renamed console options
2020-04-21 12:50:55 -04:00
Niklas Hambüchen
d16d34732c
journald service: Increase default rate limit 1000 -> 10000.
...
Follows the upstream change of this default:
https://github.com/systemd/systemd/pull/8660
2020-04-21 18:29:03 +02:00
Domen Kožar
a85868fee9
Merge pull request #85685 from nh2/remove-unused-allSupportedNixpkgs
...
release-combined: Remove unused value `allSupportedNixpkgs`
2020-04-21 17:01:30 +02:00
Niklas Hambüchen
1da6613de1
release-combined: Remove unused value allSupportedNixpkgs.
...
It was made obsolete by commit
2de3caf0f996744fd3 (r38642487)
2020-04-21 16:41:41 +02:00
Tom Fitzhenry
0a49d329cb
systemd-networkd: add DHCPServer test
2020-04-22 00:12:00 +10:00
adisbladis
43f383c464
nixos.virtualisation.containers: Init common /etc/containers configuration module
...
What's happening now is that both cri-o and podman are creating
/etc/containers/policy.json.
By splitting out the creation of configuration files we can make the
podman module leaner & compose better with other container software.
2020-04-21 10:38:39 +01:00
adisbladis
650df709fb
nixos.virtualisation: Move containers.nix to nixos-containers.nix
...
In anticipation of the new containers module.
2020-04-21 10:36:56 +01:00
adisbladis
f0a92ef1d9
nixos/podman: Add maintainer team & add myself to podman team
2020-04-21 10:03:22 +01:00
adisbladis
b512a788a4
nixos/virtualisation.podman: Init module
2020-04-21 10:03:18 +01:00
Dominik Xaver Hörl
0412bde942
treewide: add bool type to enable options, or make use of mkEnableOption
...
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
2020-04-21 08:55:36 +02:00
Frederik Rietdijk
803b3d296c
Merge staging-next into staging
2020-04-21 08:29:51 +02:00
Milan Pässler
d19089e1e7
nixos/tools: adapt for renamed console options
2020-04-21 02:07:53 +02:00
David Anderson
cee5ddbb28
nixos/tailscale: set a CacheDir in the systemd unit.
...
Fixes a bug where tailscaled drops some files into / when CacheDir
is unset.
Signed-off-by: David Anderson <dave@natulte.net>
2020-04-20 15:35:55 -07:00
Marek Mahut
60100a7c92
Merge pull request #83769 from dadada/nixos/dokuwiki-multi-server
...
nixos/dokuwiki: add support for multi-site, additional plugins and templates
2020-04-20 19:39:48 +02:00
worldofpeace
e9e9582986
Merge pull request #85186 from worldofpeace/20.03-readme
...
README.md: 20.03 release
2020-04-20 11:57:45 -04:00
worldofpeace
6380be302a
rl-2003: release date
2020-04-20 11:52:57 -04:00
Eelco Dolstra
f76d7b5e41
Merge pull request #85620 from matthewbauer/use-modulesPath-for-nixos-generate-config
...
nixos/nixos-generate-config.pl: use modulesPath instead of <nixpkgs>
2020-04-20 17:25:17 +02:00
Matthew Bauer
c45295d47e
nixos/nixos-generate-config.pl: use modulesPath instead of <nixpkgs>
...
For imports, it is better to use ‘modulesPath’ than rely on <nixpkgs>
being correctly set. Some users may not have <nixpkgs> set correctly.
In addition, when ‘pure-eval=true’, <nixpkgs> is unset.
2020-04-20 09:57:17 -05:00
Léo Gaspard
203955fa0c
Merge pull request #82714 from delroth/s3tc
...
libtxc_dxtn{,_s2tc}: remove from nixpkgs + hardware.opengl options
2020-04-20 13:41:47 +02:00
Jörg Thalheim
2f0ee4bd0b
Merge pull request #85371 from Mic92/tmpfiles
2020-04-20 10:32:58 +01:00
Nikola Knezevic
3c551848be
oauth2_proxy: Update NixOS module
...
Update to match the current flags and apply fixes to all breaking changes.
2020-04-20 10:11:46 +02:00
adisbladis
ab37d7e7ea
nixos-containers: Add support for custom nixpkgs argument
2020-04-20 07:33:46 +01:00
Pierre Bourdon
1b89bffcf4
libtxc_dxtn{,_s2tc}: remove from nixpkgs + hardware.opengl options
...
Context: discussion in https://github.com/NixOS/nixpkgs/pull/82630
Mesa has been supporting S3TC natively without requiring these libraries
since the S3TC patent expired in December 2017.
2020-04-20 03:19:41 +02:00
Emily
bfffee9364
nixos/tests/acme: set maintainers to acme team
2020-04-20 01:39:31 +01:00
Emily
ef7e6eeaf4
nixos/acme: set maintainers to acme team
2020-04-20 01:39:31 +01:00
Florian Klink
ab0da25762
Merge pull request #85503 from emilazy/acme-test-cleanups
...
ACME test cleanups
2020-04-19 23:57:03 +02:00
Florian Klink
a88d17bc69
Merge pull request #83301 from evils/tuptime
...
Tuptime: Init Package, Module and Test
2020-04-19 23:38:53 +02:00
worldofpeace
f882896cc8
Merge pull request #73934 from flokli/nixos-test-port-cockroachdb
...
nixosTests.cockroachdb: port to python
2020-04-19 16:30:45 -04:00
Yegor Timoshenko
4f7e4a6b59
nixos/release-small: drop latestKernel.login
...
This partially reverts e133e396df
2020-04-19 22:20:07 +03:00
Yegor Timoshenko
6f1165a0cb
Merge pull request #84522 from emilazy/add-linux-hardened-patches
...
linux_*_hardened: use linux-hardened patch set
2020-04-19 20:01:35 +03:00
Michael Weiss
0e4417f118
Revert "nixos: Introduce nix.buildLocation option"
...
This reverts commit 5291925fd2https://github.com/NixOS/nixpkgs/issues/85552
- https://github.com/NixOS/nixpkgs/pull/83166#pullrequestreview-395960588
Fixes #85552 .
2020-04-19 15:16:08 +02:00
dadada
2d86cca35e
nixos/dokuwiki: change default of aclFile and usersFile
...
`aclFile` and `usersFile` will be set to a default value if `aclUse` is
specified and aclFile is not overriden by `acl`.
2020-04-18 23:37:19 +02:00
dadada
9460fb5788
nixos/dokuwiki: modify usersFile and aclFile
...
Use types.str instead of types.path to exclude private information from
the derivation.
Add a warinig about the contents of acl beeing included in the nix
store.
2020-04-18 23:37:19 +02:00
dadada
2b67a89f29
nixos/dokuwiki: dokuwiki user
2020-04-18 23:37:19 +02:00
dadada
2e699f1db1
nixos/dokuwiki: add option disableActions
2020-04-18 23:37:18 +02:00
dadada
a58dc30d34
nixos/dokuwiki: set default value for usersFile
...
If usersFile is not set, a file is created along the stateDir that can
hold the users and supports dynamically adding users using the web GUI.
2020-04-18 23:37:18 +02:00
dadada
0228046eec
nixos/dokuwiki: add assertion for usersFile
2020-04-18 23:37:18 +02:00
dadada
af6a7a0486
nixos/dokuwiki: add plugins and templates options
...
Adds support for additional plugins and templates similarly to how
wordpress.nix does it.
Plugins and templates need to be packaged as in the example.
2020-04-18 23:37:18 +02:00
dadada
71baf4801c
nixos/dokuwiki: refactor
2020-04-18 23:37:18 +02:00
dadada
dc7ed06615
nixos/dokuwiki: add <name?> option
...
Enables multi-site configurations.
This break compatibility with prior configurations that expect options
for a single dokuwiki instance in `services.dokuwiki`.
2020-04-18 23:37:18 +02:00
Vladimír Čunát
e233a9d4dd
Merge #84442 : staging-next branch
2020-04-18 23:11:00 +02:00
John Ericson
1ea80c2cc3
Merge remote-tracking branch 'upstream/master' into staging
2020-04-18 15:40:49 -04:00
Jan Tojnar
09c4736405
Merge pull request #83755 from jtojnar/jcat-0.1
2020-04-18 20:38:24 +02:00
Jörg Thalheim
35eb7793a3
Merge pull request #83166 from avnik/nix-build-location
2020-04-18 18:37:15 +01:00
Alexander V. Nikolaev
5291925fd2
nixos: Introduce nix.buildLocation option
...
Allow to specify where package build will happens.
It helps big packages (like browsers) not to overflow tmpfs.
2020-04-18 20:31:04 +03:00
worldofpeace
996ae856b6
Merge pull request #85365 from immae/fix_acme_postrun
...
nixos/acme: Fix postRun in acme certificate being ran at every run
2020-04-18 13:16:16 -04:00
Alyssa Ross
1b0d8015fe
nixos/rss2email: globally install rss2email
...
For man pages.
2020-04-18 14:16:00 +00:00
Pavol Rusnak
fadcfc3ea4
treewide: per RFC45, remove more unquoted URLs
2020-04-18 14:04:37 +02:00
Edmund Wu
4727e95eb6
manual/rl-2009.xml: fix build ( #85478 )
...
16a4332d60 (diff-43de86228df91216c5cfc9446cb041feL249)
2020-04-18 07:51:06 +02:00
Vladimír Čunát
d96487b9ca
Merge branch 'master' into staging-next
...
Hydra nixpkgs: ?compare=1582510
2020-04-18 07:42:26 +02:00
Emily
21f183a3fe
nixos/tests/common/acme: don't set nameservers for client
...
The resolver is mainly useful for the ACME server, and acme.nix uses its
own DNS server to test DNS-01 challenges.
2020-04-18 05:15:47 +01:00
Emily
e6d5e83cf1
nixos/tests/common/acme: enable Pebble strict mode
...
This lets us get early warning about any bugs or backwards-compatibility
hazards in lego.
Pebble will default to this in the future, but doesn't currently;
see https://github.com/letsencrypt/pebble/blob/v2.3.0/README.md#strict-mode .
2020-04-18 05:15:47 +01:00
Emily
695fd78ac4
nixos/tests/acme: use CAP_NET_BIND_SERVICE
2020-04-18 05:15:47 +01:00
Emily
d0f04c1623
nixos/tests/acme: use *.test domains
...
Shimming out the Let's Encrypt domain name to reuse client configuration
doesn't work properly (Pebble uses different endpoint URL formats), is
recommended against by upstream,[1] and is unnecessary now that the ACME
module supports specifying an ACME server. This commit changes the tests
to use the domain name acme.test instead, and renames the letsencrypt
node to acme to reflect that it has nothing to do with the ACME server
that Let's Encrypt runs. The imports are renamed for clarity:
* nixos/tests/common/{letsencrypt => acme}/{common.nix => client}
* nixos/tests/common/{letsencrypt => acme}/{default.nix => server}
The test's other domain names are also adjusted to use *.test for
consistency (and to avoid misuse of non-reserved domain names such
as standalone.com).
[1] https://github.com/letsencrypt/pebble/issues/283#issuecomment-545123242
Co-authored-by: Yegor Timoshenko <yegortimoshenko@riseup.net>
2020-04-18 05:15:47 +01:00
Emily
352e30df8a
nixos/tests/acme: don't restrict to x86_64
...
This was added in aade4e577b
2020-04-18 05:15:47 +01:00
John Ericson
e3d50e5cb0
Merge branch 'master' of github.com:NixOS/nixpkgs into staging
2020-04-18 00:10:08 -04:00
Milan Pässler
16a4332d60
nixos/deluge: support 2.x
2020-04-18 02:00:04 +02:00
John Ericson
33c2a76c5e
Merge remote-tracking branch 'upstream/master' into staging
2020-04-17 18:40:51 -04:00
Ismaël Bouya
8e88b8dce2
nixos/acme: Fix postRun in acme certificate being ran at every run
2020-04-17 22:16:50 +02:00
worldofpeace
40f3faedbd
nixos/manual: 19.09 -> 20.03
2020-04-17 12:41:24 -04:00
Emily
2e31fb407e
nixos/release-combined: add {,latestKernel.}hardened
...
These now depend on an external patch set; add them to the release tests
to ensure that the build doesn't break silently as new kernel updates
are merged.
2020-04-17 16:13:39 +01:00
Emily
e133e396df
nixos/release-{small,combined}: add latestKernel.login
...
Seems like a good idea to ensure that you can always use the latest
stable upstream kernel.
2020-04-17 16:13:39 +01:00
Emily
fe031d07f8
nixos/tests/hardened: add latestKernel argument
2020-04-17 16:13:39 +01:00
Emily
b0d5032ee4
nixos/hardened: add emily to maintainers
2020-04-17 16:13:39 +01:00
Emily
ad9bfe2254
nixos/hardened: enable user namespaces for root
...
linux-hardened sets kernel.unprivileged_userns_clone=0 by default; see
anthraxx/linux-hardened@104f44058f .
This allows the Nix sandbox to function while reducing the attack
surface posed by user namespaces, which allow unprivileged code to
exercise lots of root-only code paths and have lead to privilege
escalation vulnerabilities in the past.
We can safely leave user namespaces on for privileged users, as root
already has root privileges, but if you're not running builds on your
machine and really want to minimize the kernel attack surface then you
can set security.allowUserNamespaces to false.
Note that Chrome's sandbox requires either unprivileged CLONE_NEWUSER or
setuid, and Firefox's silently reduces the security level if it isn't
allowed (see about:support), so desktop users may want to set:
boot.kernel.sysctl."kernel.unprivileged_userns_clone" = true;
2020-04-17 16:13:39 +01:00
Emily
84f258bf09
nixos/hardened: don't set vm.unprivileged_userfaultfd
...
Upstreamed in anthraxx/linux-hardened@a712392b88 .
2020-04-17 16:13:39 +01:00
Emily
cc28d51237
nixos/hardened: don't set vm.mmap_min_addr
...
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd .
2020-04-17 16:13:39 +01:00
Emily
46d12cca56
nixos/hardened: don't set vm.mmap_rnd{,_compat}_bits
...
Upstreamed in anthraxx/linux-hardened@ae6d85f437 .
2020-04-17 16:13:39 +01:00
Emily
af4f57b2c4
nixos/hardened: don't set net.core.bpf_jit_harden
...
Upstreamed in anthraxx/linux-hardened@82e384401d .
2020-04-17 16:13:39 +01:00
Emily
71bbd876b7
nixos/hardened: don't set kernel.unprivileged_bpf_disabled
...
Upstreamed in anthraxx/linux-hardened@1a3e0c2830 .
2020-04-17 16:13:39 +01:00
Emily
9da578a78f
nixos/hardened: don't set kernel.dmesg_restrict
...
Upstreamed in anthraxx/linux-hardened@e3d3f13ffb .
2020-04-17 16:13:39 +01:00
