3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

25037 commits

Author SHA1 Message Date
Bob van der Linden f085d82ce0
make all daemon settings default 2021-12-19 14:17:04 +01:00
Bob van der Linden 6bbf3b6e0a
remove quotes for kebab-case settings 2021-12-19 14:17:04 +01:00
Bob van der Linden 92a23655c8
move cli options to json daemon settings 2021-12-19 14:17:04 +01:00
Bob van der Linden e8dae9246b
use pkgs.formats.json 2021-12-19 14:17:04 +01:00
Bob van der Linden c1b0d4acf5
rename daemonConfig -> daemon.settings 2021-12-19 14:16:58 +01:00
Bob van der Linden 142a1540d6
nixos/docker: add daemonConfig option
Adds the virtualisation.docker.daemonConfig option that allows
changing Docker daemon settings as done in daemon.conf.
2021-12-19 14:15:18 +01:00
Aaron Andersen 76457da532 nixos/mysql: remove services.mysql.extraOptions in favor of services.mysql.settings 2021-12-18 21:01:48 -05:00
Aaron Andersen f1d1d319ae nixos/mysql: update user and group descriptions 2021-12-18 21:01:48 -05:00
Aaron Andersen c7cac1bdc0 nixos/mysql: use systemd StateDirectory to provision the data directory 2021-12-18 21:01:42 -05:00
github-actions[bot] 916b5fb667
Merge staging-next into staging 2021-12-19 00:02:22 +00:00
Andrew Marshall f10aea2434 nixos/ssh: Add enableAskPassword
Previously, this was only implicitly enabled if xserver.enable = true.
However, Wayland-based desktops do not require this, and so configuring
SSH_ASKPASS on a Wayland desktop becomes cumbersome. This simplifies
that by adding a new option that defaults to the old conditional.
2021-12-18 12:13:02 -05:00
github-actions[bot] dd2f8bc91d
Merge staging-next into staging 2021-12-18 12:01:49 +00:00
0x4A6F 0b738b87db
Merge pull request #151145 from zhaofengli/unifi5-log4j-new-mitigation
unifi5: Follow new mitigation guidelines
2021-12-18 13:00:28 +01:00
Robert Hensing 058677c417
Merge pull request #151150 from agbrooks/oci-layer-order
dockerTools.buildImage: Fix incorrect layer unpack order before executing runAsRoot script
2021-12-18 11:03:03 +01:00
Zhaofeng Li 8bbae8e558 unifi: Add NixOS tests 2021-12-18 00:19:04 -08:00
github-actions[bot] 8d45187fd8
Merge staging-next into staging 2021-12-18 06:01:57 +00:00
Bobby Rong c9ec5a228d
Merge pull request #151153 from bobby285271/pantheon
Pantheon updates 2021-12-17
2021-12-18 14:01:54 +08:00
Artturin c44f95a855 nixos/stage1: run fsck on battery too
We are in 2021 almost 2022 not in 2004 when this may have been an issue!

https://alioth-lists.debian.net/pipermail/pkg-sysvinit-devel/2009-May/003196.html
https://www.nico.schottelius.org/blog/debian-ubuntu-fsck-skip-on-battery-bug/
d29daf3952
https://bugs.launchpad.net/ubuntu/+source/laptop-mode/+bug/11194
2021-12-18 06:06:10 +02:00
Bobby Rong 62103c4e41
pantheon.xdg-desktop-portal-pantheon: move to pkgs/desktop/pantheon
Only used by Pantheon AFAIK.
2021-12-18 11:35:55 +08:00
Aaron Andersen eeef6e1341
Merge pull request #151144 from Sohalt/spacenavd-syslog
nixos/spacenavd: remove syslog.target
2021-12-17 21:47:23 -05:00
Andrew Brooks 57718902e3 nixos/tests/docker-tools: add test for pre-runAsRoot layer unpack order 2021-12-17 19:26:53 -06:00
github-actions[bot] d1e6365b21
Merge staging-next into staging 2021-12-18 00:02:05 +00:00
sohalt 9718fc1211 nixos/spacenavd: remove syslog.target 2021-12-18 00:59:48 +01:00
Zhaofeng Li a4bcad541e unifi5: Follow new mitigation guidelines
Simply disabling lookups isn't enough, and the JndiLookup class must be
removed:

https://web.archive.org/web/20211217085954/https://logging.apache.org/log4j/2.x/security.html
2021-12-17 15:55:13 -08:00
pennae 64bbe28843 nixos/unifi: rename openPorts to openFirewall
openFirewall is the much more common name for an option with this
effect. since the default was `true` all along, renaming it doesn't hurt
much and only improves consistency with other modules.
2021-12-17 21:30:52 +01:00
pennae 2000a1edcd nixos/unifi: add deprecation warning for openPorts
modules are discouraged from opening ports in the firewall unless
explicitly told to do so. add a deprecation notice for this in unifi.
2021-12-17 21:30:52 +01:00
ajs124 e6188c00f0
Merge pull request #149387 from sumnerevans/matrix-synapse-1.49
matrix-synapse: 1.48.0 -> 1.49.0
2021-12-17 19:51:34 +00:00
Franz Pletz 0cb8669638
dhcpcd: use dhcpcd as privsep user 2021-12-17 19:23:00 +01:00
github-actions[bot] 3fa6ddfa60
Merge staging-next into staging 2021-12-17 18:01:42 +00:00
Graham Christensen 06edb74413
Merge pull request #148785 from pennae/more-option-doc-staticizing
treewide: more defaultText for options
2021-12-17 11:14:08 -05:00
github-actions[bot] a6adcc1edf
Merge staging-next into staging 2021-12-17 12:02:12 +00:00
Flakebi 368b22d09b powerdns-admin: fix and add module
- Add the migrations directory to the package
- Add postgres support to the package
- Add a service for powerdns-admin

Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>
2021-12-17 10:33:40 +01:00
Bobby Rong 94144484c2
Merge pull request #148164 from veehaitch/nixos-github-runner-148024-v2
nixos/github-runner: refactor tokens handling
2021-12-17 16:28:21 +08:00
Alyssa Ross e07182012b
Merge remote-tracking branch 'nixpkgs/staging-next' into staging
Conflicts:
	pkgs/development/python-modules/pint/default.nix
2021-12-17 05:50:06 +00:00
Alyssa Ross de27156be0 nixos/cage: log to journal
Previously, cage would log to the TTY it was running on top of, so log
messages were basically lost.
2021-12-16 23:55:15 +00:00
Nikolay Amiantov fe97584f15
Merge pull request #147679 from danderson/danderson/influx-update
influxdb2: 2.0.8 -> 2.1.1
2021-12-17 02:41:41 +03:00
Martin Weinelt 8086f8658e
Merge pull request #151029 from andir/snapcast-bind 2021-12-16 23:52:05 +01:00
Andreas Rammhold c9c93b0add
nixos/snapserver: use the correct bind address arguments
Snapserver expects the arguments `--tcp.bind_to_address` and
`--http.bind_to_address` instead of the `--tcp.address` (and http
equivalent) versions.

This caused the process to listen on `0.0.0.0` (for TCP and HTTP
sockets) regardless of the configuration value. It also never listend on
the IPv6 address `::` as our module system made the user believe.

This commit fixes the above issue and ensures that (at least for the TCP
socket) that our default `::` does indeed allow connections via IPv6
(to localhost aka ::1).
2021-12-16 23:27:56 +01:00
David Anderson 7708b9db26 infuxdb2: add package split to 22.05 release notes. 2021-12-16 12:17:20 -08:00
David Anderson 492f791f9d influxdb2: use the new server derivation in the nixos module. 2021-12-16 12:10:09 -08:00
Kim Lindberger ebaa226853
elk7: 7.11.1 -> 7.16.1, 6.8.3 -> 6.8.21 + add filebeat module and tests (#150879)
* elk7: 7.11.1 -> 7.16.1

* nixosTests.elk: Improve reliability and compatibility with ELK 7.x

- Use comparisons in jq instead of grepping
- Match for `.hits.total.value` if version >= 7, otherwise it always
  passes
- Make curl fail if requests fails

* nixos/filebeat: Add initial module and test

Filebeat is an open source file harvester, mostly used to fetch logs
files and feed them into logstash.

This module can be used instead of journalbeat if used with
`filebeat7` and configured with the `journald` input.

* python3Packages.parsedmarc.tests: Fix breakage

- Don't use the deprecated elasticsearch7-oss package
- Improve jq query robustness and add tracing

* rl-2205: Note the addition of the filebeat service

* elk6: 6.8.3 -> 6.8.21

The latest version includes a fix for CVE-2021-44228.

* nixos/journalbeat: Add a loose dependency on elasticsearch

Avoid unnecssary back-off when elasticsearch is running on the same
host.
2021-12-17 00:20:52 +09:00
Nikolay Amiantov 759f4afc65
tarsnap service: fix escaping (#150802) 2021-12-16 16:53:59 +03:00
zowoq 014236e9c9 nixos/kubernetes: don't import <nixpkgs> 2021-12-16 21:47:12 +10:00
Naïm Favier 901d4f13a3
nixos/systemd: set TZDIR for PID 1
Fixes #105049
2021-12-16 04:09:07 +01:00
github-actions[bot] 3e2d1c1e65
Merge staging-next into staging 2021-12-15 18:01:52 +00:00
Nikolay Amiantov aef12c8678
Merge pull request #150779 from abbradar/youtrack
youtrack: 2021.1.13597 -> 2021.4.35970, restart on failure
2021-12-15 16:04:58 +03:00
github-actions[bot] 5c3e01fe1c
Merge staging-next into staging 2021-12-15 12:02:07 +00:00
Markus S. Wamser b93e478777 writers.PyPy{2,3}: init 2021-12-15 10:01:08 +01:00
Markus S. Wamser 4e42f6bcb3 writers.writePython2: remove 2021-12-15 09:56:14 +01:00
Nikolay Amiantov 497d334c14 youtrack service: restart on failure 2021-12-15 01:40:00 +03:00
Sumner Evans c0a6554847
matrix-synapse: 1.48.0 -> 1.49.0 2021-12-14 10:34:41 -07:00
github-actions[bot] a292b5fe68
Merge staging-next into staging 2021-12-14 12:02:00 +00:00
Silvan Mosberger d995f2abb9
Merge pull request #150631 from pennae/fix-option-docs-nix23
nixos/lib/make-options-doc: fix with nix 2.3
2021-12-14 11:58:41 +01:00
ajs124 84ce6a6286
Merge pull request #149868 from lostnet/couchopts
couchdb3: add vm.args option and fix pkgs.couchdb reference
2021-12-14 10:48:56 +00:00
Bobby Rong bbfbcefb02
Merge pull request #149628 from Izorkin/fix-wsdd
nixos/tests/wsdd: fix test
2021-12-14 14:58:40 +08:00
github-actions[bot] b073a17f68
Merge staging-next into staging 2021-12-14 06:02:02 +00:00
pennae a70b1eb630 nixos/lib/make-options-doc: fix with nix 2.3 2021-12-14 03:41:09 +01:00
zowoq d90103d112 Revert "kubernetes: disable rbac tests"
This reverts commit 91c6a97243.
2021-12-14 11:02:36 +10:00
Johan Thomsen 282b303e83 nixos/kubernetes: drop tty and stdin for execs in test pods 2021-12-14 11:02:07 +10:00
github-actions[bot] 75e029e297
Merge staging-next into staging 2021-12-14 00:02:27 +00:00
Julien Moutinho 5cf90a60e5 nixos/redis: cleanup tests 2021-12-13 14:42:19 -05:00
Julien Moutinho 7475554372 nixos/redis: enable multiple instances of redis-server 2021-12-13 14:42:19 -05:00
Bernardo Meurer f40283cf62
Merge pull request #149837 from helsinki-systems/feat/redo-activation-script-restarting
nixos/switch-to-configuration: Add a massive test and do a slight refactor
2021-12-13 11:37:20 -08:00
github-actions[bot] 1a2b61419f
Merge staging-next into staging 2021-12-13 18:01:54 +00:00
Maximilian Bosch bedca751c5
Merge pull request #150527 from malte-christian/master
nixos/nextcloud: update warning for MariaDB >= 10.6
2021-12-13 15:21:16 +01:00
Jörg Thalheim afa3c99cd5
Merge pull request #148593 from veehaitch/sgx-psw
sgx-psw: init package and module
2021-12-13 14:16:26 +00:00
Malte 7c43256291 nixos/nextcloud: update warning for MariaDB >= 10.6 2021-12-13 13:25:21 +01:00
github-actions[bot] f73f987c8a
Merge staging-next into staging 2021-12-12 18:01:48 +00:00
maralorn b243326a02
Merge pull request #149013 from Ma27/postgres-docs
nixos/postgresql: improve docs on how to upgrade
2021-12-12 15:55:37 +01:00
Martin Weinelt 37527494b6
Merge pull request #150329 from zhaofengli/unifi-6.5.54 2021-12-12 14:10:10 +01:00
github-actions[bot] a1f533ecf6
Merge staging-next into staging 2021-12-12 12:01:57 +00:00
markuskowa 5d99afe652
Merge pull request #150311 from bachp/glusterfs-syslog-target
nixos/glusterfs: remove syslog.target from services
2021-12-12 12:42:53 +01:00
zowoq 91c6a97243 kubernetes: disable rbac tests
timed out on hydra
2021-12-12 19:56:19 +10:00
Zhaofeng Li e992604bf0 nixos/unifi: Apply log4j2 mitigation 2021-12-12 01:48:58 -08:00
github-actions[bot] 1120c2b1ac
Merge staging-next into staging 2021-12-12 06:01:43 +00:00
Bobby Rong ebb5bd223c
Merge pull request #150372 from bobby285271/pantheon
pantheon.appcenter: re-add patch for disable packagekit backend
2021-12-12 13:30:53 +08:00
Bobby Rong c65f6852e4
Revert "nixos/pantheon: mention latest appcenter changes in manual"
This reverts commit d49d9a24b7.
2021-12-12 12:45:31 +08:00
Bobby Rong 1eef9ae2d1
Revert "nixos/pantheon: cleanup FAQ section"
This reverts commit cd58f44937.
2021-12-12 12:45:10 +08:00
github-actions[bot] caebe15ce1
Merge staging-next into staging 2021-12-12 00:02:28 +00:00
Pascal Bach 51e80b4ded
Merge pull request #149723 from pingiun/patch-5
eternal-terminal: remove syslog.target from service
2021-12-11 22:45:22 +01:00
Pascal Bach 98a81a3152
Merge pull request #149733 from lunik1/adguard-syslog
nixos/adguardhome: remove syslog.target from service
2021-12-11 22:45:08 +01:00
Pascal Bach e6217908a3 nixos/glusterfs: remove syslog.target from services 2021-12-11 22:43:02 +01:00
Martin Weinelt e675946ecd
Merge pull request #125256 from deviant/acme-standalone 2021-12-11 22:06:48 +01:00
Guillaume Girol 57f7f3a87b
Merge pull request #148696 from MasseR/master
Fix the syntax error on tt-rss config file
2021-12-11 20:57:15 +00:00
spacefrogg fe44db8271
openafsServer: remove dependency on syslog.target (#150294)
syslog.target has been deprecated and removed
2021-12-11 14:46:23 -05:00
erdnaxe cf504b2330
nixos/nitter: remove syslog.target from service (#150224) 2021-12-11 14:45:54 -05:00
Dmitry Kalinkin 462d8e1bec
Merge pull request #150200 from sbruder/invidious-remove-syslog
nixos/invidious: remove syslog.target from service
2021-12-11 14:45:38 -05:00
Dmitry Kalinkin 07a8ae0c5a
Merge branch 'staging-next' into staging
Conflicts:
	pkgs/development/libraries/log4cplus/default.nix
2021-12-11 14:01:19 -05:00
Ryan Mulligan c84ba61d73
Merge pull request #149860 from 1000teslas/xrdp-conf
nixos/xrdp: add confDir option
2021-12-11 10:45:53 -08:00
Maximilian Bosch 2deb8c0fc5
nixos/postgresql: improve docs on how to upgrade
* It's IMHO a slight overkill to deploy an additional container even if
  it's never supposed to be running. Also, the currently suggested
  approach wouldn't use the default state-directory for the new version.
* Explain the structure of the state-directories and where the
  version-numbers are actually coming from.
* Mention `./analyze_new_cluster.sh` & `./delete_old_cluster.sh`.
2021-12-11 18:22:31 +01:00
Mats Rauhala 0eaecd60cb tt-rss-module handle situations without any password 2021-12-11 15:02:27 +02:00
Mats Rauhala de16da59f2 Fix the syntax error on tt-rss config file 2021-12-11 15:02:27 +02:00
Simon Bruder 35ed694793
nixos/invidious: remove syslog.target from service
It has been removed from systemd, see #149721.
2021-12-11 08:28:20 +01:00
Jacek Galowicz b6bf1ca717
Merge pull request #149329 from marijanp/test-driver-restructuring
nixos/test-driver: make the test-driver a python package
2021-12-10 18:41:49 +00:00
Stig 8f21565901
Merge pull request #121085 from colemickens/gpg-ccid-udev
nixos/hardware/gnupg-ccid: init udev rules
2021-12-10 14:22:06 +01:00
Marijan Petričević ab693de868 nixos/test-driver: make the test-driver a python package 2021-12-10 12:27:45 +00:00
Silvan Mosberger 2f2b60dd87 lib/nixos/eval-config.nix: Fix extraArgs
Fixes a mistake in https://github.com/NixOS/nixpkgs/pull/148315 that
caused https://github.com/NixOS/nixpkgs/issues/148343#issuecomment-990881216
2021-12-10 12:55:30 +01:00
Jörg Thalheim 096156aa50
Merge pull request #150003 from evils/rasdaemon
nixos/rasdaemon: remove syslog.target dependency
2021-12-10 11:31:21 +00:00
Mikael 4c39a29128
modules/nix-daemon: Amend daemon(CPU|IO)Sched(Policy|Class) description (#147497)
Suggest appropriate values for various types of systems and add some
formatting.
2021-12-10 11:30:51 +01:00
Lara c2b79874a7
nixos/jitsi-videobridge: Mitigate CVE-2021-44228 (#150021)
This commit mitigates a remote code execution vulnerability in the log4j
library.
2021-12-10 11:16:20 +01:00
Vincent Haupert d6cc0ad96e nixosTests.aesmd: init 2021-12-10 10:18:31 +01:00
Vincent Haupert 0b5c9f81e2 nixos/aesmd: add module
Co-authored-by: Alex Zero <joseph@marsden.space>
2021-12-10 10:18:31 +01:00
Vincent Haupert ac60e78b48 nixos/intel-sgx: add option for SGX provisioning 2021-12-10 10:09:41 +01:00
0x4A6F c28b4458d7
Merge pull request #147797 from romildo/upd.xfce
maintainers: add xfce team
2021-12-10 09:23:20 +01:00
Evils b22f50135c nixos/rasdaemon: remove syslog.target dependency
this was copied from upstream's unit file
but only used when the daemon runs in background mode
  --foreground is used unconditionally in this module
2021-12-10 08:18:05 +01:00
Graham Christensen 6617c39075
Merge pull request #149936 from Artturin/virtiokb
nixos/qemu-vm: add -device virtio-keyboard to opts
2021-12-09 21:01:51 -05:00
Artturin 39c5525cb1 nixos/qemu-vm: add -device virtio-keyboard to opts
by default a ps/2 keyboard input is used which seems to cause issues
on aarch64-linux when the machine is used high load, causing the keymap
qwertz test to always fail and azerty to sometimes fail
See https://github.com/NixOS/nixpkgs/issues/147294
2021-12-10 01:04:33 +02:00
Kevin Tran 1906561f8d
Update nixos/modules/services/networking/xrdp.nix
Co-authored-by: Ryan Mulligan <ryan@ryantm.com>
2021-12-10 09:08:45 +11:00
0x4A6F c92ba86931
Merge pull request #146605 from FlorianFranzen/zsa-udev
zsa-udev-rules: unstable-2020-12-16 -> 2.1.3
2021-12-09 21:03:35 +01:00
Janne Heß 595ceaf3a7
Merge pull request #149412 from helsinki-systems/feat/type-pam-options
nixos/pam: Type all limit options
2021-12-09 17:42:16 +01:00
Will a6196bc8b2 couchdb3: add vm.args and fix pkgs.couchdb reference 2021-12-09 14:55:01 +00:00
1000teslas 9c478c1995 nixos/xrdp: add confDir option 2021-12-10 00:56:21 +11:00
Guillaume Girol b2ed7c36c1
Merge pull request #149642 from r-ryantm/auto-update/os-prober
os-prober: 1.78 -> 1.79
2021-12-09 13:48:46 +00:00
Janne Heß 6807628791
nixos/switch-to-configuraton: Add details about sockets 2021-12-09 13:51:18 +01:00
Guillaume Girol 6f2ed3cd1e nixosTests.os-prober: fix infinite recursion 2021-12-09 12:00:00 +00:00
Andreas Rammhold 6e69e537ff
Merge pull request #145183 from veehaitch/networkd-DHCPServerStaticLease
nixos/networkd: add `dhcpServerStaticLeaseConfig` option
2021-12-09 12:57:46 +01:00
Janne Heß 7b5fb05a0d
nixos/pam: Type all limit options 2021-12-09 12:48:02 +01:00
Janne Heß 2024306048
nixos/switch-to-configuration: Restart non-services 2021-12-09 12:31:48 +01:00
Janne Heß efcdc01d62
nixos/switchTest: Massively extend the test 2021-12-09 12:30:48 +01:00
Janne Heß 393c721849
nixos/switch-to-configuration: Move handleModifiedUnit into a sub 2021-12-09 11:31:59 +01:00
adisbladis 273018e39a
Merge pull request #149769 from qowoz/podman-sort
nixos/podman: sort files into directories
2021-12-09 18:41:50 +12:00
Aaron Andersen ffa3ebb1f7
Merge pull request #149624 from dali99/fix_dokuwiki_php
nixos/dokuwiki: Use php74 for the phpfpm pool
2021-12-08 22:21:25 -05:00
zowoq 79e66fce1c nixos/podman: sort files into directories
Makes codeowners, git history, etc. a bit simpler now that podman has expanded beyond the original single file module and test.
2021-12-09 13:03:16 +10:00
adisbladis ce82da442b
Merge pull request #149732 from qowoz/podman
podman: 3.4.3 -> 3.4.4
2021-12-09 13:50:58 +12:00
pennae e67a646a92 treewide: add defaultText to remaining options
these are mostly options that use alias bindings, bindings to constants,
or bindings to calculated values.
2021-12-09 01:42:24 +01:00
pennae 1f960e7571 nixos/captive-browser: add defaultText for browser
easiest way to do this is to move the default expression out and
abstract over what is substituted into it, using a dependent value for
the default and a descriptive value for defaultText
2021-12-09 01:42:24 +01:00
pennae 0eaf46a1dc nixos/system-path: add defaultText for defaultPackages 2021-12-09 01:42:24 +01:00
pennae 1060fefae3 nixos/tarsnap, nixos/neo4j: defaultText for submodule options
unfortunately we don't have a good way to represent defaults that
reference other values of the current submodule, so we just use the
relative path of the referenced value and assume that the submodule was
declared as `rec`.
2021-12-09 01:42:24 +01:00
pennae 9407761763 treewide: add defaultText for options using other shortcut bindings 2021-12-09 01:42:24 +01:00
pennae 3226c5aded nixos/hbase: refactor settings option
instead of keeping a defaultConfig value around, set that value as the
default of the option and explicitly use the option default instead.
this also allows us to write a defaultText that makes sense and is in
proximity to the definition of the default.
2021-12-09 01:38:24 +01:00
pennae 2d564521c0 treewide: add literalDocBook text to options with complex defaults
some options have default that are best described in prose, such as
defaults that depend on the system stateVersion, defaults that are
derivations specific to the surrounding context, or those where the
expression is much longer and harder to understand than a simple text
snippet.
2021-12-09 01:38:24 +01:00
pennae 6eaf4f90c2 nixos/mpdscribble: add defaultText for some options using mpdCfg 2021-12-09 01:38:24 +01:00
pennae b9950385e5 treewide: make option examples constant
escape interpolations in examples, or replace them where they are not
useful.
2021-12-09 01:38:24 +01:00
pennae e72435e612 treewide: make option descriptions constants
escape interpolations in descriptions where possible, replace them with
sufficiently descriptive text elsewhere. also expand cfg.* paths in
descriptions.
2021-12-09 01:21:04 +01:00
pennae ed673a69db treewide: add defaultText for options with simple cfg.* expression defaults
adds defaultText for options with defaults that use only literals, full config.*
paths, and the cfg shortcut binding.
2021-12-09 01:14:16 +01:00
pennae fb0e5be843 treewide: add defaultText for options with simple interpolation defaults
adds defaultText for all options that use `cfg.*` values in their
defaults, but only for interpolations with no extra processing (other
than toString where necessary)
2021-12-09 01:13:48 +01:00
pennae f6d0b014fe nixos/kubernetes: add defaultText for addons options using top.*
the kubernetes modules cross-reference their config using an additional shortcut
binding `top = config.services.kubernetes`, expand those to defaultText like
`cfg` previously.
2021-12-09 01:13:12 +01:00
pennae e24a8775a8 treewide: set defaultText for options using simple path defaults
adds defaultText for all options that set their default to a path expression
using the ubiquitous `cfg` shortcut bindings.
2021-12-09 01:12:13 +01:00
zowoq 4df7ad53c7 Revert "nixos/podman/tests: add workaround for broken import"
This reverts commit 9edf2e0ffd.

This seems to have been fixed.
2021-12-09 08:32:24 +10:00
Florian Klink fec4daf38d
Merge pull request #149342 from helsinki-systems/feat/restart-systemd-on-systemconf-change
nixos/switch-to-configuration: Restart systemd when system.conf is changed
2021-12-08 23:23:04 +01:00
lunik1 1f0bbdb6fc
nixos/adguardhome: remove syslog.target from service 2021-12-08 22:18:25 +00:00
Jelle Besseling f226901f7f
eternal-terminal: remove syslog.target from service 2021-12-08 22:48:20 +01:00
pennae 70b105d1d0 nixos/journalbeat: remove support for versions < 6
nixos no longer ships journalbeat 5 and hasn't since at least 20.09. remove
checks for older versions from the module.
2021-12-08 21:41:18 +01:00
Silvan Mosberger 15c41e1d54
Merge pull request #147265 from pennae/option-docs-build
put all option docs build flavors on equal footing
2021-12-08 21:27:02 +01:00
squalus c3ab9e6d40 nixos/prometheus-nginx-exporter: fix argument syntax
Arguments were being ignored because the program expects an equals sign
to separate the argument name from the value.

Documented in https://github.com/nginxinc/nginx-prometheus-exporter/issues/153

Fixes #107541
2021-12-08 11:32:13 -08:00
Daniel Olsen 1681c0b49e nixos/dokuwiki: Use php74 for the phpfpm pool
php8 does not work and is not supported
2021-12-08 20:22:12 +01:00
Jan Tojnar bcb4b714bd Revert "nixos: make GIO_EXTRA_MODULES a session variable"
This reverts commit abfcb79abf.

Fixes: https://github.com/NixOS/nixpkgs/issues/149539
2021-12-08 19:54:18 +01:00
Artturi 3fe92b45cb
Merge pull request #149665 from Artturin/squashfscores 2021-12-08 20:20:32 +02:00
Artturin eea6baad50 make-squashfs: use $NIX_BUILD_CORES or 48 cores if above 48
by default all cores are used

hoping this will fix the hydra i686 squashfs build issues as all the
failures were using 64 cores

Parallel mksquashfs: Using 64 processors
Creating 4.0 filesystem on ..., block size 1048576.
FATAL ERROR: mangle2:: xz compress failed with error code 5
2021-12-08 19:23:31 +02:00
Kim Lindberger 9bf94de535
Merge pull request #147506 from talyz/discourse-2.8.0.beta8
discourse: 2.7.9 -> 2.8.0.beta9
2021-12-08 18:15:48 +01:00
Jörg Thalheim 2320324826
Merge pull request #149415 from helsinki-systems/feat/more-types
nixos: Type some more options
2021-12-08 15:37:36 +00:00
Jörg Thalheim 01ed14a53c
Merge pull request #149416 from helsinki-systems/feat/type-dysnomia-options
nixos/dysnomia: Type all options
2021-12-08 15:36:17 +00:00
ajs124 eee45bb295
Merge pull request #146815 from ElvishJerricco/systemd-utils-expressions
Move systemd-lib.nix and systemd-unit-options.nix into utils
2021-12-08 15:07:28 +00:00
Jörg Thalheim 8010ff0d54
Merge pull request #149504 from mattchrist/fix-brscan5-nixos-test
brscan5: fix nixos test
2021-12-08 15:06:17 +00:00
Jörg Thalheim 0b698e4af5
Merge pull request #149587 from davidkna/patch-1
nixos/snapraid: fix evaluation
2021-12-08 14:58:53 +00:00
Janne Heß e36ceb65e6
Merge pull request #129449 from ddz/copy-initrd-secrets-after-early-mount-script
nixos/stage1: copy initrd secrets into place after special mounts
2021-12-08 15:38:02 +01:00
José Romildo 24a4815693 xfce: add maintainers team 2021-12-08 11:34:00 -03:00
Izorkin 23d62decbb
nixos/tests/wsdd: fix test 2021-12-08 16:44:16 +03:00
David Knaack 28db2a481d
nixos/snapraid: fix evaluation
Use string concatenation operator (`+`) instead of incorrect list concatenation operator (`++`)
2021-12-08 11:10:02 +01:00
Janne Heß 9cdda88bb5
nixos/pcmcia: Type the last option 2021-12-08 11:02:34 +01:00
Matt Christ 7b1d8bd182 brscan5: fix nixos test
import 're' so we can do regex stuff in this test
2021-12-07 20:35:50 -06:00
github-actions[bot] df0c1b8745
Merge staging-next into staging 2021-12-08 00:02:16 +00:00
Patrick Hilhorst 29671bc365
Merge pull request #137260 from onny/maddy 2021-12-08 00:00:13 +01:00
Jonas Heinrich ecd88f91a0
nixos/maddy: Add module for maddy
Co-authored-by: Patrick Hilhorst <git@hilhorst.be>
2021-12-07 22:58:22 +01:00
Aaron Andersen 7f6f59e43c
Merge pull request #147324 from ju1m/transmission
nixos/transmission: disable downloadDirPermissions by default
2021-12-07 16:46:50 -05:00
Sandro e1f9dbf673
Merge pull request #139815 from ncfavier/fastcgiParams-path 2021-12-07 20:38:55 +01:00
Bjørn Forsman 8eb814e964 Revert "nixos/ddclient: fix permission for ddclient.conf (#148179)"
This reverts commit 6af3d13bec.

Reported by @arcnmx
(https://github.com/NixOS/nixpkgs/pull/148179#issuecomment-987197656):

  Does this not completely break the service? It doesn't change the
  owner to the same as the ddclient server (which is somewhat difficult
  due to it being a DynamicUser), so this now makes the service
  completely unusable because the config is only readable by its owner,
  root:

    ddclient[871397]: WARNING:  file /run/ddclient/ddclient.conf: Cannot open file '/run/ddclient/ddclient.conf'. (Permission denied)

  Given that the RuntimeDirectory was only readable by the ddclient
  service, the warning this PR fixes was spurious and not indicative of
  an actual information leak. I'm not sure of what a quick fix would be
  due to DynamicUser, but would at least request a revert of this so the
  service can work again?
2021-12-07 19:44:20 +01:00
Janne Heß fd6a2f3279
Merge pull request #149280 from netixx/fix-freeradius
freeradius: fix radius user
2021-12-07 19:35:38 +01:00
Janne Heß e14d34f80f
nixos/dysnomia: Type all options 2021-12-07 18:53:18 +01:00
Janne Heß 5015aeab6f
nixos/xmonad: Type the last option 2021-12-07 18:36:11 +01:00
Janne Heß 4cba5de303
nixos/hoogle: Type the last option 2021-12-07 18:36:01 +01:00
Silvan Mosberger 490d46f044
Merge pull request #148315 from hercules-ci/nixos-evalModules-legacy-cleanup
NixOS/evalModules legacy cleanup
2021-12-07 18:30:52 +01:00
Finn Behrens 673ad7eb36
nixos/pleroma: create cookie if not existing (#149368) 2021-12-07 17:32:55 +01:00
Matthew Leach 5ce7061945 nixos/networking: add options for configuring a GRE tunnel
Add `networking.greTunnels` option that allows a GRE tunnel to be
configured in NixOS.
2021-12-07 15:44:00 +00:00
Janne Heß 1f41365cda
nixos/switch-to-configuration: Restart systemd when system.conf is changed 2021-12-07 14:32:19 +01:00
Janne Heß e37aab2130
nixos/acme: Allow disabling bash tracing
This is horrible if you want to debug failures that happened during
system switches but your 30-ish acme clients spam the log with the same
messages over and over again.
2021-12-07 14:17:56 +01:00
ajs124 a43c2c1e70 Revert "nixos/tests/installer: lvm: test lvm2-pvscan@ units"
This reverts commit 53a34361af.
2021-12-07 13:17:42 +01:00
Florian Klink c6f07eae0b
Merge pull request #149153 from helsinki-systems/systemd-upd-and-misc
systemd: 249.5 -> 249.7 & various fixes
2021-12-07 13:06:52 +01:00
Bernardo Meurer ebb7f07eec
Merge pull request #148751 from NixOS/feat/slight-stc-improvements
nixos/switch-to-configuration: Add small improvements
2021-12-07 02:38:26 -08:00
Yuka ce54a4f658
nixos/networkd: add RoutingPolicyRule Type option (#146168) 2021-12-07 10:13:22 +01:00
Netix (Espinet François) 9d7ce57da5 freeradius: fix radius user
We now must choose either system or normal user when creating a user
2021-12-07 08:51:57 +01:00
Martin Weinelt 1d1b09c7c1
Merge pull request #148752 from sweber83/sw/zigbee2mqtt-1.22.1 2021-12-06 22:54:42 +01:00
Maximilian Bosch c959de5b30
Merge pull request #148360 from helsinki-systems/drop/pg96
postgresql_9_6: drop
2021-12-06 21:57:05 +01:00
Johannes Schleifenbaum 9f45c18515 sabnzbd: add simple test 2021-12-06 21:08:19 +01:00
Martin Weinelt 96d69e40f2 nixos/zigbee2mqtt: run as zigbee2mqtt group
Not setting a group is a security defect, since that will run the unit
under the root group.

Fixes: 1af87596 ("nixos/zigbee2mqtt: init")
2021-12-06 18:30:01 +01:00
Simon Weber 200c36255f nixos/zigbee2mqtt: no longer pass dataDir to package 2021-12-06 18:28:59 +01:00
Patrick Hilhorst 5e29d3ce2e
nixosTests.pulseAudio: init 2021-12-06 17:27:20 +01:00
Jan Tojnar 75eaab3757
Merge pull request #126832 from ncfavier/gio-extra-modules
nixos: make GIO_EXTRA_MODULES a session variable
2021-12-06 16:23:48 +01:00
pennae 027f7e1b7f nixos/lib/make-options-doc: generate options.xml from options.json
to do this we must replace derivations with attrsets in make-options-doc, since
xml can represent derivations differently from attrset but json cannot. this
also given asciidoc and mddoc the ability to handle derivation differently,
which they previously didn't have.
2021-12-06 16:12:32 +01:00
pennae 9b97a2ea88 nix/lib/make-options-doc: remove nix-level sorting
there are no remaining users of sorted option lists except the docbook build,
which sorts its input separately.
2021-12-06 16:12:32 +01:00
pennae c533b01863 nixos/doc/manual: remove non-matching optionsXML inherit 2021-12-06 16:12:32 +01:00
pennae 4670400309 nixos/lib/make-options-doc: generate asciidoc/md in derivations
use the json file derivation we already have to also generate the asciidoc and
md options docs instead of formatting the options in nix. docbook docs are
already produced in derivations.

the new script produce the exact same output as the old in-nix generation.
2021-12-06 16:12:30 +01:00
Artturi 779a657e37
Merge pull request #148649 from Artturin/sgxgid
nixos: add sgx group with gid 304
2021-12-06 17:05:00 +02:00
Arian van Putten 3efbd53c1b nixos/systemd: remove nss-{user,}-lookup.target from multi-user.target
There is no real harm having them there; but it means these units really
only become active if there is a service providing the underlying
functionality.

nss-lookup.target should not be pulled in unconditionally. It should be
pulled in by providers of DNS lookups. E.g. systemd-resolved.service has
a Wants=nss-lookup.target, Before=nss-lookup.target. So once
systemd-resolved.service has finished starting up; other units that rely
on DNS can be started; but if systemd-resolved is not enabled; those
units can start up immediately.

Same story goes for nss-user-lookup.target and daemons like sssd.

From https://systemd.io/UIDS-GIDS/:

 Note that nss-user-lookup.target is a passive unit: in order to
 minimize synchronization points on systems that don’t need it the unit
 is pulled into the initial transaction only if there’s at least one
 service that really needs it, and that means only if there’s a service
 providing the local user database somehow through IPC or suchlike.
2021-12-06 14:40:18 +00:00
Arian van Putten b4d7911263 nixos/systemd: remove local-fs.target, swap.target from multi-user.target
Since https://github.com/NixOS/nixpkgs/pull/56184/files  local-fs.target
is already pulled in by sysinit.target

swap.target has always already been pulled in by sysinit.target
2021-12-06 14:40:14 +00:00
talyz 125bb7dac1
discourse: Don't patch the public path
Instead of patching the path to /public in Discourse's sources, make
the nginx configuration refer to the symlink in the discourse
package which points to the real path.

When there is a mismatch between the path nginx serves and the path
Discourse thinks it serves, we can run into issues like files not
being served - at least when sendfile requests from the ruby app are
processed by nginx. The issue I ran into most recently is that backup
downloads don't work.

Since Discourse refers to the public directory relative to the Rails
root in many places, it's much easier to just sync this path to the
nginx configuration than trying to patch all occurrences in the
sources. This should hopefully mean less potential for breakage in
future Discourse releases, too.
2021-12-06 14:21:39 +01:00
ajs124 47da70cdda
Merge pull request #148783 from oxzi/claws-mail-ciao-cacao-v3
claws-mail: remove claws-mail-gtk2 version
2021-12-06 11:00:00 +00:00
Jörg Thalheim c7fa870f5a
Merge pull request #148535 from martinetd/bpf
bpf update: bcc remove linux kernel dep + devendor libbpf again, bpftrace 0.13.0 -> 0.14.0 + remove kernel dep, pahole 1.20 -> 1.22 + remove submodule, libbpf revert 0.6.0 -> 0.5.0 (unusable)
2021-12-06 08:33:14 +00:00
Robert Hensing 862d167f17
Merge pull request #147441 from pennae/option-doc-staticizing
nixos/*: add trivial defaultText to options where applicable
2021-12-06 01:35:38 +01:00
pennae c694c35f9d nixos/*: escape pkgs reference in examples and descriptions 2021-12-06 00:38:05 +01:00
Alvar Penning 521f30f80c claws-mail: remove claws-mail-gtk2 version
The GTK+ 2 version of Claws Mail, major version number three, relies on
Python 2, which is end-of-life and might be dropped in the nixpkgs.

In favour of #148779, this older branch of Claws Mail was removed.
2021-12-05 23:08:18 +01:00
Janne Heß b30d619368
nixos/top-level: Check syntax of switch-to-configuration 2021-12-05 18:54:36 +01:00
Janne Heß 6f1e0dc34f
nixos/switch-to-configuration: Move excludes up 2021-12-05 18:54:19 +01:00
Janne Heß 5d34545954
nixos/switch-to-configuration: Ignore scopes 2021-12-05 18:47:35 +01:00
Janne Heß 1e422e7d58
nixos/switch-to-configuration: Fix dry order
This makes the order of the dry activation messages the same as the real
actions which makes more sense than another random order.
2021-12-05 18:46:50 +01:00
Janne Heß 3693e8b093
nixos/switch-to-configuration: Clean perl code
oct() is recommended by perlcritic and the rest was unused.
2021-12-05 18:45:44 +01:00
Janne Heß 50a0f33c2a
nixos/switch-to-configuration: Remove unnecessary TODOs
The first one doesn't make any sense because the directory where the
init binary resides does not contain other tools we need like
systemd-escape.

The second one doesn't make sense either because the errors are already
ignored.
2021-12-05 18:43:42 +01:00
Jörg Thalheim 8ae2771224
Merge pull request #148729 from bjornfor/add-missing-collectd-group-v2
nixos/collectd: add missing group
2021-12-05 17:18:55 +00:00
Ryan Mulligan 542e917e99
Merge pull request #148061 from astro/drbd_upstream
drbd: update, fix, add test
2021-12-05 09:10:22 -08:00
Bjørn Forsman 05bc708a7f nixos/collectd: add missing group
While upgrading my NixOS system I was greeted by this error:

  error:
  Failed assertions:
  - users.users.collectd.group is unset. This used to default to
  nogroup, but this is unsafe. For example you can create a group
  for this user with:
  users.users.collectd.group = "collectd";
  users.groups.collectd = {};

Let's fix it.
2021-12-05 17:17:12 +01:00
Bobby Rong af6071db60
Merge pull request #148415 from erictapen/borgbackup
Revert "nixos/borgbackup: specify systemd WorkingDirectory"
2021-12-05 18:02:49 +08:00
Martin Weinelt 68dc5484e9 nixos/doc/manual/release-notes/rl-2111: add prometheus-smartctl-exporter 2021-12-05 03:18:17 +01:00
Martin Weinelt 0c008f9c0d
Merge pull request #147056 from mweinelt/smartctl-exporter 2021-12-05 03:00:48 +01:00
Bobby Rong 894fb34b23
Merge pull request #148159 from bobby285271/pantheon
pantheon.extra-elementary-contracts: split package
2021-12-05 09:56:34 +08:00
Martin Weinelt d94cec6ead
Merge pull request #148543 from mweinelt/knot-hardening 2021-12-05 02:44:28 +01:00
Sean Heath 6af3d13bec
nixos/ddclient: fix permission for ddclient.conf (#148179) 2021-12-05 02:07:42 +01:00
Artturin fc4df13e26 nixos: add sgx group with gid 304
fix Unknown group 'sgx', ignoring message from udev
2021-12-05 01:37:43 +02:00
Artturi 493d66a225
Merge pull request #145732 from gardspirito/mx-puppet-discord 2021-12-04 23:12:09 +02:00
Samuel Dionne-Riel b976947ede
Merge pull request #121345 from samueldr/feature/plasma-mobile
Add support for Plasma Mobile
2021-12-04 15:37:26 -05:00
Thomas Gerbet 1a119b223c vault{,bin}: 1.8.4 -> 1.9.0
https://github.com/hashicorp/vault/blob/v1.9.0/CHANGELOG.md
2021-12-05 06:10:43 +10:00
Martin Weinelt 146ddee13b
nixos/tests/knot: add extra cpu core to master
This verifies that we allow setting affinity in multicore systems.
2021-12-04 16:53:31 +01:00
Martin Weinelt 893f7af236
nixos/tests/knot: log systemd unit hardening info 2021-12-04 16:53:31 +01:00
Martin Weinelt 67f102d8d8
nixos/knot: update systemd hardening 2021-12-04 16:53:31 +01:00
Felix Schröter d6a4500f88 nixos/ddclient: support all special characters in password 2021-12-04 16:28:31 +01:00
Robert Hensing 430c9173e4
Merge pull request #148363 from hercules-ci/add-dockerTools-fakechroot
dockerTools: Add fakechroot to fakeRootCommands
2021-12-04 15:13:37 +01:00
Maximilian Bosch 5ffc828912
Merge pull request #148301 from Kranzes/nextcloud
nextcloud23: init at 23.0.0
2021-12-04 14:54:25 +01:00
Robert Hensing ddda5f28e1 dockerTools: Keep fakechroot disabled by default
Avoid risk of breaking existing images by making it opt-in.
2021-12-04 13:49:10 +00:00
Robert Hensing 0e9bc9ffd1 dockerTools: Add fakechroot to fakeRootCommands 2021-12-04 13:49:10 +00:00
Dominique Martinet 559fe43665 nixos/tests: add bpf test
test bcc and bpftrace briefly
2021-12-04 21:12:07 +09:00
Dominique Martinet efe6967e93 bcc: move from linux-kernels packages to normal packages
bcc doesn't really need kernel itself, it just cares about module path.

It's actually better to use /run/booted-system/kernel-modules/lib/modules
for two reasons:
 - no need to rebuild bcc for each new kernel
 - can use a newer bcc with a booted kernel that doesn't match the current
   system
2021-12-04 21:07:09 +09:00
Maciej Krüger ca82a582d9
nixos/rtsp-simple-server: init 2021-12-04 12:58:36 +01:00
Tristan 7f6a2d5663 oci-containers: fix imageFile example 2021-12-04 10:23:58 +01:00
Samuel Dionne-Riel 2f12f30f00 nixos/plasma5: Split common Plasma config for Mobile from Desktop 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel 7f4324c64e nixos/plasma5: Add suggested plasma mobile apps 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel 7df34e1145 nixos/plasma5: configuration for plasma mobile 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel 13a03fb289 nixos/plasma5: Add maliit-keyboard to plasma mobile session 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel b41923c1ca nixos/plasma5: configuration for plasma mobile 2021-12-03 20:17:04 -05:00
Tyler Slabinski da6a39436b nixos/plasma5: Add mobile.enable option for plasma 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel fde4f481d9 nixos/plasma5: Make kwinrc/kdeglobals internally configurable
This is used with the Plasma Mobile configuration to configure the
system as upstream recommends.
2021-12-03 20:17:04 -05:00
Artturi 610b719d91
Merge pull request #148491 from Artturin/sendkeydelay
nixos/test-driver: add 10ms delay to send_key
2021-12-04 02:13:49 +02:00
Niklas Hambüchen 6c9f46d063
Merge pull request #148389 from GTrunSec/consul
nixos/consul: update deprecated setting
2021-12-03 21:53:10 +01:00
Martin Weinelt 42ae887b23
Merge pull request #148471 from Ma27/postfix-exporter-hardening 2021-12-03 20:26:10 +01:00
Artturin 60422ba2ea nixos/test-driver: add 10ms delay to send_key
attempt to fix https://github.com/NixOS/nixpkgs/issues/147294
2021-12-03 20:04:56 +02:00
Maximilian Bosch 8e6d403e65
nixos/prometheus-postfix-exporter: whitelist addr-family AF_UNIX
Otherwise, `postfix_up{path="/var/lib/postfix/queue/public/showq"}` will
always be `0` indicating an postfix outage because this is a unix domain
socket that cannot be connected to:

    2021/12/03 14:50:46 Failed to scrape showq socket: dial unix /var/lib/postfix/queue/public/showq: socket: address family not supported by protocol
2021-12-03 19:01:19 +01:00
Jörg Thalheim 4f08634a18
Merge pull request #148458 from lunik1/snapraid-fix
nixos/snapraid: relax permissions of snapraid-sync
2021-12-03 17:59:37 +00:00
Jörg Thalheim 99c916dd8e
Merge pull request #148201 from Artturin/nixservesecret
nix-serve: fix NIX_SECRET_KEY_FILE
2021-12-03 17:50:27 +00:00
GTrunSec 8e92c6c510
nixos/consul: update deprecated webUi 2021-12-03 09:46:24 -08:00
Artturi 7ca9a14f7d
Merge pull request #148382 from Artturin/lightdmtmpfile 2021-12-03 19:31:06 +02:00
Dmitry Kalinkin 721e732e36
Merge pull request #147809 from veprbl/pr/wafHook_release_notes
doc: add release notes for a wafHook change
2021-12-03 11:57:26 -05:00
Artturin d87d5731d5 nixos/tests: fix nix-serve path
nixos/tests: rename nix-ssh-serve to nix-serve-ssh

nixos/tests/nix-serve-ssh: add --experimental-features

nixos-serve: add nix-serve-ssh to passthru.tests
2021-12-03 18:40:03 +02:00