3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

2950 commits

Author SHA1 Message Date
polykernel 4a9d9928dc nixos/nix-daemon: use structural settings
The `nix.*` options, apart from options for setting up the
daemon itself, currently provide a lot of setting mappings
for the Nix daemon configuration. The scope of the mapping yields
convience, but the line where an option is considered essential
is blurry. For instance, the `extra-sandbox-paths` mapping is
provided without its primary consumer, and the corresponding
`sandbox-paths` option is also not mapped.

The current system increases the maintenance burden as maintainers have to
closely follow upstream changes. In this case, there are two state versions
of Nix which have to be maintained collectively, with different options
avaliable.

This commit aims to following the standard outlined in RFC 42[1] to
implement a structural setting pattern. The Nix configuration is encoded
at its core as key-value pairs which maps nicely to attribute sets, making
it feasible to express in the Nix language itself. Some existing options are
kept such as `buildMachines` and `registry` which present a simplified interface
to managing the respective settings. The interface is exposed as `nix.settings`.

Legacy configurations are mapped to their corresponding options under `nix.settings`
for backwards compatibility.

Various options settings in other nixos modules and relevant tests have been
updated to use structural setting for consistency.

The generation and validation of the configration file has been modified to
use `writeTextFile` instead of `runCommand` for clarity. Note that validation
is now mandatory as strict checking of options has been pushed down to the
derivation level due to freeformType consuming unmatched options. Furthermore,
validation can not occur when cross-compiling due to current limitations.

A new option `publicHostKey` was added to the `buildMachines`
submodule corresponding to the base64 encoded public host key settings
exposed in the builder syntax. The build machine generation was subsequently
rewritten to use `concatStringsSep` for better performance by grouping
concatenations.

[1] - https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
2022-01-26 21:04:50 -05:00
Martin Weinelt a813be071c
nixos/polkit: don't enable by default
SUID wrappers really shouldn't be enabled by default, unless a consumer
relies on them. So in my opinion this falls upon the desktop
environments if needed or a user to explicltly enable this if wanted.

Most desktop environments and services like CUPS already enable polkit
by default, that should really be sufficient.
2022-01-27 01:45:44 +01:00
Patrick Hilhorst 2774f31f40
Merge pull request #156697 from marijanp/fix-146169 2022-01-26 20:24:57 +01:00
Marijan Petričević d590556d5c update docs 2022-01-26 10:46:46 +01:00
Jeremy Kolb 7be304a543 nixos/programs/tmux: specify wanted plugins
Currently it's rather difficult to install tmux plugins. The process involves two steps:
  1. Specify the correct `pkg.tmuxPlugins` package in `environment.systemPackages`
  2. Adding to the configuration file to instantiate the plugin.

This commit allows the user to specify a list of plugins under `programs.tmux.plugins`.

Update nixos/modules/programs/tmux.nix

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-01-25 17:12:44 -05:00
Martin Weinelt 48f17360d9 Merge remote-tracking branch 'origin/master' into staging-next 2022-01-25 15:53:19 +01:00
Robert Hensing 8919495cac
Merge pull request #156503 from hercules-ci/nixos-add-system.build-options
nixos: Add `system.build.`{`toplevel`,`installBootLoader`}, improve error message
2022-01-25 14:13:24 +01:00
Alexander Nortung 41dd1d4d8b nixos/autorandr: refactor
The autorandr module now provides options to set hooks declaratively
It also provides options to set profiles declaratively.
2022-01-25 10:50:46 +01:00
Jonathan Ringer e379e3d4bb
Merge remote-tracking branch 'origin/staging-next' into staging
Conflicts:
	pkgs/development/python-modules/googleapis-common-protos/default.nix
2022-01-24 23:49:19 -08:00
github-actions[bot] bbbd0a92af
Merge master into staging-next 2022-01-25 00:02:13 +00:00
Luflosi 1c58cdbeed
nixos/modprobe: add boot.initrd.extraModprobeConfig option
This option behaves exactly like `boot.extraModprobeConfig`, except that it also includes the generated modprobe.d file in the initrd.
Many years ago, someone tried to include the normal modprobe.d/nixos.conf file generated by `boot.extraModprobeConfig` in the initrd: 0aa2c1dc46. This file contains a reference to a directory with firmware files inside. Including firmware in the initrd made it too big, so the commit was reverted again in 4a4c051a95.
The `boot.extraModprobeConfig` option not changing the initrd caused me much confusion because I tried to set the maximum cache size for ZFS and it didn't work.
Closes https://github.com/NixOS/nixpkgs/issues/25456.
2022-01-24 22:56:14 +01:00
github-actions[bot] a45818989a
Merge master into staging-next 2022-01-24 18:01:03 +00:00
Alyssa Ross 1a60dd2adc
Merge remote-tracking branch 'nixpkgs/staging-next' into staging
Conflicts:
	pkgs/development/python-modules/cupy/default.nix
	pkgs/development/python-modules/staticjinja/default.nix
2022-01-24 15:39:34 +00:00
Robert Hensing 48dbe26229 nixos/doc: Document types.unique 2022-01-24 16:31:59 +01:00
pennae 865a9ed3f5
Merge pull request #155669 from schuelermine/patch-mkPackageOption
lib/options: Add mkPackageOption
2022-01-24 13:35:32 +00:00
github-actions[bot] 6fee71d339
Merge master into staging-next 2022-01-24 12:01:16 +00:00
Jonas Chevalier e7dbfd7ece
terraform.withPlugins: clean and remove 0.12 support (#155477)
Now that the terraform 0.12 compatibility is not needed anymore, the
`terraform.withPlugins` and `terraform-providers.mkProvider`
implementations can be simplified.

Instead of building a bunch of bin wrappers on instantiation, the
providers are now stored in
`$out/libexec/terraform-providers/<registry>/<owner>/<name>/<version>/<os>_<arch>/terraform-provider-<name>_v<version>`
and then a simple `buildEnv` can be used to merge them.

This breaks back-compat so it's not possible to mix-and-match with
previous versions of nixpkgs. In exchange, it now becomes possible to
use the providers from
[nixpkgs-terraform-providers-bin](https://github.com/numtide/nixpkgs-terraform-providers-bin)
directly.
2022-01-24 12:53:05 +01:00
Anselm Schüler c008b3d100 nixos/docs/option-declarations: Document mkEnableOption and mkPackageOption
This is a squashed commit. These are the original commit messages:

lib/option: Improve comment

better comment

Update documentation

Updated nixos/doc/manual/development/options-declarations.md with info on mkEnableOption and mkPackageOption.
Updated the comment on mkEnableOption in lib/options.nix

remove trailing whitespace

nixos/doc/option-declarations: Update IDs & formatting

nixos/docs/option-declarations: Escape angle brackets

Build DB from MD

(Amended) Fix typo
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>

(Amended) Build DB from MD (again)
2022-01-23 19:44:21 +01:00
github-actions[bot] 93a9821309
Merge master into staging-next 2022-01-23 18:01:11 +00:00
Jonas Heinrich c95e816c65
nixos/wordpress: Drop old deprecated interface (#152674) 2022-01-23 23:17:01 +09:00
github-actions[bot] 0c2dd9248c
Merge staging-next into staging 2022-01-23 00:02:27 +00:00
github-actions[bot] 429249f120
Merge master into staging-next 2022-01-23 00:01:54 +00:00
ajs124 5833536257 mariadb: mention multiple release support in release notes 2022-01-22 02:28:55 +01:00
github-actions[bot] d9c65c9d83
Merge staging-next into staging 2022-01-22 00:02:24 +00:00
github-actions[bot] 1ca0ba653f
Merge master into staging-next 2022-01-22 00:01:46 +00:00
pennae ce49a1d98c
Merge pull request #155517 from Radvendii/knownHosts
programs.ssh.knownHosts.<name>.hostNames -> extraHostNames
2022-01-21 23:24:05 +00:00
github-actions[bot] 233e4a0c95
Merge staging-next into staging 2022-01-21 00:03:13 +00:00
github-actions[bot] fc3ddb8979
Merge master into staging-next 2022-01-21 00:01:42 +00:00
Luflosi ca58bd0a50
nixos/networkd: Add routes from interfaces to [Route] section of .network file
Closes https://github.com/NixOS/nixpkgs/pull/93635.
2022-01-20 20:14:55 +01:00
github-actions[bot] aeb6db8171
Merge staging-next into staging 2022-01-20 18:01:55 +00:00
github-actions[bot] ce88a19065
Merge master into staging-next 2022-01-20 18:01:19 +00:00
rnhmjoj 79b4b7eaa1
docs/release-notes: document dhcpd hardening 2022-01-20 15:54:38 +01:00
Janne Heß 96d36b0c2e
nixos/switch-to-configuration: Proper unit file parser
This replaces the naive K=V unit parser with a proper INI parser from a
library and adds proper support for override files. Also adds a bunch of
comments about parsing, I hope this makes it easier to understand and
maintain in the future.

There are multiple reasons to do so, the first one is just general
correctness with is nice imo. But to get to more serious reasons (I
didn't put in all that effort for nothing) is that this is the first
step torwards more clever restart/reload handling. By using a library
like Data::Compare a future PR could replace the current way of
fingerprinting units (which is to compare store paths) by comparing the
hashes. This is more precise because units won't get restarted because
the order of the options change, comments are added, some dependency of
writeText changes, .... Also this allows us to add a feature like
`X-Reload-Triggers` so the unit can either be reloaded when these change
or restarted when everything else changes, giving module authors the
ability to have their services reloaded without having to fear that
updates are not applied because the service doesn't get restarted.
Another reason why this feature is nice is that now that the unit files
are parsed correctly (and values are just extracted from one section),
potential future rewrites can just rely on some INI library without
having to implement their own weird parser that is compatible with this
script.

This also comes with a new subroutine to handle systemd booleans because
I thought the current way of handling it was just ugly. This also allows
overriding values this script reads in an override file.

Apart from making this script more compatible with the world around it,
this also fixes two issues I saw bugging exactly 0 (zero) people. First
is that this script now supports multiple override files, also ones that
are not called override.conf and the second one is that `1` and `on` are
treated as bools by systemd but were previously not parsed as such by
switch-to-configuration.
2022-01-20 15:10:23 +01:00
Jonas Heinrich 80475b46f5
nixos/invoiceplane: init module and package at 1.5.11 (#146909) 2022-01-20 22:45:35 +09:00
Jan Tojnar a3a525b7b5
Merge pull request #155414 from jwygoda/fcc-unlock
modemmanager: 1.18.2 -> 1.18.4
2022-01-20 08:14:14 +01:00
Jarosław Wygoda 8e49e6168a modemmanager: 1.18.2 -> 1.18.4
Since release 1.18.4, the ModemManager daemon no longer automatically
performs the FCC unlock procedure by default. The user must, under their
own responsibility, enable the automatic FCC unlock as shipped by
ModemManager.
2022-01-19 23:06:11 +01:00
pennae 989fd06cb8 nixos/ssh: add release notes for extraHostNames option 2022-01-19 17:21:11 +01:00
github-actions[bot] 0fdca24272
Merge master into staging-next 2022-01-19 00:01:38 +00:00
sternenseemann 48965506a1 lib/asserts: use throw to display message for assertMsg
`assert` has the annoying property that it dumps a lot of code at the
user without the built in capability to display a nicer message. We have
worked around this using `assertMsg` which would *additionally* display
a nice message. We can do even better: By using `throw` we can make
evaluation fail before assert draws its conclusions and prevent it from
displaying the code making up the assert condition, so we get the nicer
message of `throw` and the syntactical convenience of `assert`.

Before:

    nix-repl> python.override { reproducibleBuild = true; stripBytecode = false; }
    trace: Deterministic builds require stripping bytecode.
    error: assertion (((lib).assertMsg  (reproducibleBuild -> stripBytecode))  "Deterministic builds require stripping bytecode.") failed at /home/lukas/src/nix/nixpkgs/pkgs/development/interpreters/python/cpython/2.7/default.nix:45:1

After:

    nix-repl> python.override { reproducibleBuild = true; stripBytecode = false; }
    error: Deterministic builds require stripping bytecode.
2022-01-19 00:50:06 +01:00
Robert Hensing ef6f8783ea nixos/doc/rl-2205.section.md: Hint to avoid merge conflicts 2022-01-18 23:40:28 +01:00
bb2020 272fc86d2c nixos/mbpfan: convert to structural settings 2022-01-18 21:31:33 +03:00
github-actions[bot] 1b0315af15
Merge master into staging-next 2022-01-18 18:01:04 +00:00
pennae 21115ea8f9
Merge pull request #155041 from tokudan/ssh-rename-optionCRA
openssh: Rename option, old option is deprecated upstream
2022-01-18 16:07:20 +00:00
talyz 07b64a2ad7
nixos/bookstack: Add option config to replace extraConfig
The `extraConfig` parameter only handles text - it doesn't support
arbitrary secrets and, with the way it's processed in the setup
script, it's very easy to accidentally unescape the echoed string and
run shell commands / feed garbage to bash.

To fix this, implement a new option, `config`, which instead takes a
typed attribute set, generates the `.env` file in nix and does
arbitrary secret replacement. This option is then used to provide the
configuration for all other options which change the `.env` file.
2022-01-18 15:16:23 +01:00
talyz e7fa7fdffc
nixos/bookstack: Clear the cache more reliably
When upgrading bookstack, if something in the cache conflicts with the
new installation, the artisan commands might fail. To solve this, make
the cache lifetime bound to the setup service. This also removes the
`cacheDir` option, since the path is now handled automatically by
systemd.
2022-01-18 15:16:04 +01:00
Daniel Frank d851c11a9f
openssh: add release-notes entry for services.openssh.{challengeResponseAuthentication -> kbdInteractiveAuthentication} 2022-01-18 14:01:20 +01:00
Franz Pletz 76aa0af628
Merge branch 'master' into mattermost-6.3 2022-01-18 13:23:38 +01:00
github-actions[bot] b456d67c98
Merge master into staging-next 2022-01-18 00:01:41 +00:00
Bernardo Meurer eaf7be02b9
Merge pull request #150859 from helsinki-systems/feat/redo-restart-by-activation-script 2022-01-17 21:11:09 +00:00
Janne Heß 2cf157c781
nixos/switch-to-configuration: Rework activation script restarts
This removes `/run/nixos/activation-reload-list` (which we will need in
the future when reworking the reload logic) and makes
`/run/nixos/activation-restart-list` honor `restartIfChanged` and
`reloadIfChanged`. This way activation scripts don't have to bother with
choosing between reloading and restarting.
2022-01-17 17:57:23 +01:00
Frederik Rietdijk 4d125692e5 Merge master into staging-next 2022-01-17 16:10:06 +01:00
Spencer Janssen ed5883c1b6 zrepl: 0.4.0 -> 0.5.0 2022-01-17 15:35:45 +01:00
github-actions[bot] 0eee7ee8c8
Merge master into staging-next 2022-01-17 12:01:25 +00:00
Timo Kaufmann e3b041ac07
Merge pull request #145767 from midchildan/fix/noto-cjk
noto-fonts-cjk: add missing serif font
2022-01-17 11:23:40 +01:00
github-actions[bot] f0a71fe6f3
Merge master into staging-next 2022-01-17 06:01:22 +00:00
Morgan Jones 9db1fb4772 nixos/mattermost: update release notes 2022-01-16 22:34:37 -07:00
Ben Darwin 43047ec128
nixos/rstudio-server: add to 22.05 release notes 2022-01-17 10:26:24 +11:00
midchildan bd8132ac62
noto-fonts-cjk: add missing serif font
Fixes #99940
2022-01-17 02:04:02 +09:00
github-actions[bot] 122cae786e
Merge master into staging-next 2022-01-16 06:01:16 +00:00
Martin Weinelt 369db3b2f3
mailpile, nixos/mailpile: drop
Still actively developed and yet stuck on python2. Also marked as
vulnerable and their issue tracker contains yet another security issue
reported in 2021/10 that the upstream hasn't acknowledged yet.

Mind blown.

Closes: #135543, #97274, #97275
2022-01-16 02:36:20 +01:00
Anderson Torres ce6fd0d857
Merge pull request #154051 from starcraft66/polymc
polymc: init at 1.0.4

polymc substitutes multimc.
2022-01-15 22:18:26 -03:00
Bernardo Meurer 4fa2647449
Merge pull request #154994 from mweinelt/kernel-disable-unpriv-ebpf
linux: enable BPF_UNPRIV_DEFAULT_OFF on 5.10 and later
2022-01-16 00:46:51 +00:00
Tristan Gosselin-Hane 155f315319 multimc: document replacement 2022-01-15 18:09:27 -05:00
Martin Weinelt 3ee206291a
linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15
Disable unprivileged access to BPF syscalls to prevent denial of service
and privilege escalation via

a) potential speculative execution side-channel-attacks on unmitigated
hardware[0]

or

b) unvalidated memory access in ringbuffer helper functions[1].

Fixes: CVE-2021-4204, CVE-2022-23222

[0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf
[1] https://www.openwall.com/lists/oss-security/2022/01/13/1
2022-01-15 23:44:19 +01:00
github-actions[bot] ed9751296d
Merge master into staging-next 2022-01-15 18:01:07 +00:00
Jonas Heinrich 75d417c267
nixos/dokuwiki: Drop deprecated old interface (#152676) 2022-01-16 02:38:20 +09:00
Jörg Thalheim e91ed60026
Merge pull request #154805 from Lassulus/ergochat
ergochat: init at 2.9.1 (+ module/test)
2022-01-15 12:15:46 +00:00
github-actions[bot] 6d8719a23d
Merge master into staging-next 2022-01-15 12:01:13 +00:00
0x4A6F 3cbdd13b11
Merge pull request #151364 from matthiasbeyer/add-timetagger
Add timetagger
2022-01-15 09:52:21 +01:00
Matthias Beyer 65aaf4e22d Add timetagger to release notes
Why the f*** would anyone ever add generated stuff to a git repository,
where the sources for the generated stuff AND the scripts to generate
them are in the repository?

Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2022-01-15 09:08:52 +01:00
lassulus eaf8890a6c nixos/ergochat: init 2022-01-14 23:33:23 +01:00
github-actions[bot] d5e672b839
Merge master into staging-next 2022-01-14 18:01:18 +00:00
Robert Hensing 2bf5958169
Merge pull request #151082 from hercules-ci/nixos-cleanup-vmWithBootLoader
nixos: turn vmWithBootLoader into option (`nixos-rebuild build-vm`)
2022-01-14 18:49:27 +01:00
github-actions[bot] a8b75d6f2f
Merge master into staging-next 2022-01-13 00:01:59 +00:00
0x4A6F 1e0d877e1d
Merge pull request #151946 from mweinelt/frr
frr: init at 8.1; libyang: init at 2.0.112
2022-01-12 20:51:12 +01:00
github-actions[bot] 7def368b6f
Merge master into staging-next 2022-01-12 18:01:16 +00:00
Daniel Thwaites 3f1ef8fe14
nixos/starship: init 2022-01-12 15:47:08 +00:00
adisbladis 02d732d2e4
Merge pull request #154742 from 06kellyjac/docbookrx
docbookrx: drop
2022-01-13 02:20:53 +12:00
06kellyjac 7148ebef25 docbookrx: drop 2022-01-12 12:04:44 +00:00
github-actions[bot] 9b5359861c
Merge master into staging-next 2022-01-12 12:01:06 +00:00
Winter c772c572cf nixos/doc: fix mention of reading test logs 2022-01-11 20:43:08 -05:00
github-actions[bot] e8dc263ca3
Merge staging-next into staging 2022-01-11 18:01:57 +00:00
Nikolay Amiantov 8956803ade prosody-filer service: init
Add user and group, as files stored are persistent and to be accessed by nginx or other web server.
2022-01-11 20:09:36 +03:00
Nikolay Amiantov 5a38ceb6a7
Merge pull request #154013 from abbradar/baget
BaGet package and service
2022-01-11 20:06:53 +03:00
Gabriel Ebner b57d7dc58f
Merge pull request #153449 from Mic92/opensmtpd-extras
opensmtpd-extras: drop python2 option
2022-01-11 17:57:39 +01:00
Nikolay Amiantov 74a88c4961 baget service: init 2022-01-11 19:54:54 +03:00
Alyssa Ross d77022e114
Merge remote-tracking branch 'nixpkgs/staging-next' into staging
Conflicts:
	nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
	nixos/doc/manual/release-notes/rl-2205.section.md
2022-01-11 16:35:43 +00:00
Aaron Andersen ee7e31edb4
Merge pull request #153825 from ymatsiuk/ymatsiuk/teleport-module-test-init
nixos/teleport: init + tests
2022-01-11 07:29:22 -05:00
Yurii Matsiuk 47dc5bf2b9
nixos/teleport: add release notes 2022-01-11 10:11:17 +01:00
wchresta 205b0f2c5e Idris2: Refactor default.nix
We take the idris2 projects version of the derivation. Originally,
Idris2 did not maintain their own nix derivation, so we created our
own. Now they maintain their own derivation, so we should try to
keep ours as close to theirs.

This change comes with the following differences:
* support files are in its own output, instead of packaged with idris2
  - This makes it necessary to provide --package for contrib and network
    !!! This is a breaking change !!!
* IDIRS2_PREFIX is set to ~/.idris2 instead of pointing to nix-store
  - This makes --install work as expected for the user
* Properly set IDRIS2_PACKAGE_PATH
* non-linux platform uses chez-racket instead of chez
2022-01-10 22:01:42 +01:00
Jan Tojnar 3dba2db347 Merge branch 'staging-next' into staging
; Conflicts:
;	nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
;	nixos/doc/manual/release-notes/rl-2205.section.md
2022-01-10 19:27:28 +01:00
Bernardo Meurer d72a2e7baf
firmwareLinuxNonfree -> linux-firmware
This renames our `firmwareLinuxNonfree` package to `linux-firmware`.
There is prior art for this in multiple other distros[1][2][3].

Besides making the package more discoverable by those searching for the
usual name, this also brings it in-line with the `kebab-case` we
normally see in `nixpkgs` pnames, and removes the `Nonfree` information
from the name, which I consider redundant given it's present in
`meta.license`.

The corresponding alias has been added, so this shouldn't break
anything.

[1]: https://archlinux.org/packages/core/any/linux-firmware/
[2]: https://src.fedoraproject.org/rpms/linux-firmware
[3]: https://packages.gentoo.org/packages/sys-kernel/linux-firmware
2022-01-10 12:28:03 -03:00
Martin Weinelt c61a33bc8b
Merge pull request #129559 from fortuneteller2k/thelounge 2022-01-10 11:46:46 +01:00
github-actions[bot] 0f8ce42c1f
Merge staging-next into staging 2022-01-10 06:01:45 +00:00
Aaron Andersen 03c291e6a3
Merge pull request #153987 from jakubgs/init/mtr-exporter
mtr-exporter: init at 0.1.0 (3ce854a5)
2022-01-09 22:34:30 -05:00
fortuneteller2k 38e1dbd942 nixos/thelounge: private -> public
Co-authored-by: Winter <78392041+winterqt@users.noreply.github.com>
2022-01-10 11:28:41 +08:00
legendofmiracles d9b2a764b0
Merge pull request #148541 from legendofmiracles/final-asf 2022-01-09 20:45:13 -06:00
Jan Tojnar f7aa55946b Merge branch 'staging-next' into staging
; Conflicts:
;	nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
;	nixos/doc/manual/release-notes/rl-2205.section.md
;	pkgs/build-support/libredirect/default.nix
2022-01-10 01:26:05 +01:00
Martin Weinelt 24999924b4
Merge pull request #153038 from winterqt/thelounge-plugins 2022-01-10 00:59:33 +01:00
Winter fe20f479e9 nixos/thelounge: add plugins option 2022-01-09 13:12:41 -05:00
Jakub Sokołowski 7d988867ff
mtr-exporter: init at 0.1.0 (3ce854a5)
This is a useful utility for monitoring network performance over time
using a combination of MTR and Prometheus. Also adding a service definition.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-01-09 13:57:06 +01:00
Nikolay Amiantov f2c5970a76 users-groups service: add autoSubUidGidRange option
Previously we allocated subuids automatically for all normal users.
Make this explicitly configurable, so that one can use this for system
users too (or explicitly disable for normal users). Also don't allocate
automatically by default if a user already has ranges specified statically.
2022-01-09 09:43:55 +03:00
Martin Weinelt 6008460c04
nixos/frr: add to release notes 2022-01-09 04:13:42 +01:00
Robert Hensing f80f85f228
Merge pull request #154015 from pennae/fix-docs-cross
nixos/documentation: fix docs cross build
2022-01-08 20:44:05 +01:00
Jacek Galowicz 048fd95f10
Merge pull request #146905 from Synthetica9/failure_mode
nixos/test-driver: add polling_condition
2022-01-08 18:28:25 +01:00
pennae 9d3ba92d63 nixos/documentation: fix docs cross build
a few things should've used buildPackages/nativeBuildInputs to not not require
the host architecture for building docs. tested by building aarch64-linux docs
on x86_64-linux, and the result looks good.
2022-01-08 16:03:23 +01:00
Jonathan Ringer 172bcecd6b
Merge remote-tracking branch 'origin/staging-next' into staging 2022-01-07 10:32:13 -08:00
Patrick Hilhorst 0c3f1cf420
Merge pull request #153273 from Synthetica9/passthru-driverInteractive 2022-01-07 16:04:43 +01:00
github-actions[bot] 1342506d40
Merge staging-next into staging 2022-01-07 00:04:19 +00:00
Renaud 952aa6f820
Merge pull request #148606 from McSinyx/fetch-srht-recurse
fetchFromSourcehut: allow recursive fetching
2022-01-06 22:55:23 +01:00
legendofmiracles bf30cd48ed
nixos/archisteamfarm: init 2022-01-05 14:09:23 -06:00
github-actions[bot] a738715d80
Merge staging-next into staging 2022-01-05 00:02:28 +00:00
Robert Hensing 70d27303da
Merge pull request #149532 from pennae/split-docs-build
nixos/*: split docs build
2022-01-04 22:33:23 +01:00
Patrick Hilhorst d4dc638d77
nixos/test-driver: also passthru driverInteractive 2022-01-04 14:52:37 +01:00
Jörg Thalheim e73fb8d32f opensmtpd-extras: drop python2 option
related to https://github.com/NixOS/nixpkgs/issues/148779
2022-01-04 09:17:33 +01:00
github-actions[bot] 25662d01ae
Merge staging-next into staging 2022-01-04 00:02:40 +00:00
piegames ae040631c9
Merge pull request #142758: Add Heisenbridge module 2022-01-03 18:05:55 +01:00
piegames 4d69ad4b1f nixos/heisenbridge: Init 2022-01-03 15:40:40 +01:00
Philipp 3d47865f7f nixos/matrix-conduit: init 2022-01-03 15:36:56 +01:00
Nguyễn Gia Phong b97ccaa18d
fetchFromSourcehut: allow recursive fetching 2022-01-03 16:37:16 +07:00
Andrew Marshall 238bf44f81 nixos/doc: Fix typo in release notes
Broken in f10aea2434.
2022-01-02 22:37:47 -05:00
pennae 50954ad1c5 nixos/make-options-doc: treat missing descriptions as errors by default
this partially solves the problem of "missing description" warnings of the
options doc build being lost by nix build, at the cost of failing builds that
previously ran. an option to disable this behaviour is provided.
2022-01-02 19:46:13 +01:00
pennae fc614c37c6 nixos/documentation: split options doc build
most modules can be evaluated for their documentation in a very
restricted environment that doesn't include all of nixpkgs. this
evaluation can then be cached and reused for subsequent builds, merging
only documentation that has changed into the cached set. since nixos
ships with a large number of modules of which only a few are used in any
given config this can save evaluation a huge percentage of nixos
options available in any given config.

in tests of this caching, despite having to copy most of nixos/, saves
about 80% of the time needed to build the system manual, or about two
second on the machine used for testing. build time for a full system
config shrank from 9.4s to 7.4s, while turning documentation off
entirely shortened the build to 7.1s.
2022-01-02 19:46:13 +01:00
Madoura e16074e889
nixos/tetrd: init 2022-01-01 17:43:37 -06:00
Patrick Hilhorst 4e1556ed4d
nixos/test-driver: add polling_condition 2022-01-01 23:17:32 +01:00
Aaron Andersen 34c283deda
Merge pull request #150846 from onny/maddy
nixos/maddy: Better description, user and group handling
2022-01-01 15:05:42 -05:00
Morgan Jones f5901b85d1 mattermost: update release notes 2021-12-31 23:49:00 -05:00
Martin Weinelt 5dd90167ce nixos/moinmoin, nixos/tests/moinmoin, python2Packages.moinmoin: remove
Stuck on python2 and the NixOS test has been failing for 6 months.
2021-12-31 16:39:24 -08:00
Jan Tojnar d995596052 Merge branch 'staging-next' into staging
; Conflicts:
;	nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
;	nixos/doc/manual/release-notes/rl-2205.section.md
2021-12-31 15:32:37 +01:00
sternenseemann 710699449a nixos/doc: document documentation.man changes in 22.05 rel notes 2021-12-31 11:17:34 +01:00
Michael Weiss 2c82929645
iputils: 20210722 -> 20211215
The tools "tftpd" and "traceroute6" were removed. See [0] for more details.

[0]: https://github.com/iputils/iputils/releases/tag/20211215
2021-12-30 15:00:33 +01:00
Jonas Heinrich 71c423671b nixos/maddy: Better description, user and group handling 2021-12-30 14:17:00 +01:00
zowoq 45dbb95515 nixos/kubernetes: remove dashboard 2021-12-30 18:51:03 +10:00
Lyndon Sanche c7008f8fdf
nixos/duplicati: Add dataDir to service
Other services such as minecraft-server and plex allow configuration of
the dataDir option, allowing the files stored by each service to be in a
custom location.

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
2021-12-29 08:35:41 -07:00
Benoit de Chezelles e040ff57a0 nixos/doc/rl-2205: Add note about reduced closure of python3.pkgs.matplotlib 2021-12-28 20:14:53 -05:00
Nikolay Amiantov a3e7a83514
Merge pull request #150774 from abbradar/docker-rootless
Rootless Docker service
2021-12-27 20:32:57 +03:00
Martin Weinelt 99e8065d4c
Merge pull request #147784 from m1cr0man/acme 2021-12-27 17:37:39 +01:00
Bobby Rong 2684d1a990
Merge pull request #148832 from r-ryantm/auto-update/autorestic
autorestic: 1.3.0 -> 1.5.0
2021-12-27 10:01:42 +08:00
Lucas Savva 07c1583309
nixos/acme: Update release notes 2021-12-26 16:49:52 +00:00
Bobby Rong 8bc21bca03
nixos/rl-2205: mention autorestic update 2021-12-25 20:18:09 +08:00
Emery Hemingway 02cb654a4d nixos/stubby: reduce to a settings-style configuration
Extract the example configuration from the package to provide a
working example.

Remove pkgs.stubby from `environment.systemPackages`.
2021-12-25 12:07:06 +01:00
Nikolay Amiantov ab64310a5e docker-rootless service: init 2021-12-22 14:23:23 +03:00
rembo10 3898a66cc4 Update nixos-rebuild man page to reflect target-host change
See:
https://github.com/NixOS/nixpkgs/pull/126614
2021-12-22 00:56:19 -08:00
Elis Hirwing e3a7c62565
Merge pull request #147411 from drupol/php/php-8.1.0
php: Init at 8.1.1
2021-12-21 12:33:07 +01:00
Pol Dellaiera 3d3479f717
php81: init at 8.1.1 2021-12-20 15:51:00 +01:00
Bob van der Linden c1b0d4acf5
rename daemonConfig -> daemon.settings 2021-12-19 14:16:58 +01:00
Bob van der Linden 142a1540d6
nixos/docker: add daemonConfig option
Adds the virtualisation.docker.daemonConfig option that allows
changing Docker daemon settings as done in daemon.conf.
2021-12-19 14:15:18 +01:00
Andrew Marshall f10aea2434 nixos/ssh: Add enableAskPassword
Previously, this was only implicitly enabled if xserver.enable = true.
However, Wayland-based desktops do not require this, and so configuring
SSH_ASKPASS on a Wayland desktop becomes cumbersome. This simplifies
that by adding a new option that defaults to the old conditional.
2021-12-18 12:13:02 -05:00
pennae 2000a1edcd nixos/unifi: add deprecation warning for openPorts
modules are discouraged from opening ports in the firewall unless
explicitly told to do so. add a deprecation notice for this in unifi.
2021-12-17 21:30:52 +01:00
Robert Hensing 439d7d493d nixos: Add release note about vmVariant 2021-12-17 14:49:31 +01:00
Flakebi 368b22d09b powerdns-admin: fix and add module
- Add the migrations directory to the package
- Add postgres support to the package
- Add a service for powerdns-admin

Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>
2021-12-17 10:33:40 +01:00
David Anderson 7708b9db26 infuxdb2: add package split to 22.05 release notes. 2021-12-16 12:17:20 -08:00
Kim Lindberger ebaa226853
elk7: 7.11.1 -> 7.16.1, 6.8.3 -> 6.8.21 + add filebeat module and tests (#150879)
* elk7: 7.11.1 -> 7.16.1

* nixosTests.elk: Improve reliability and compatibility with ELK 7.x

- Use comparisons in jq instead of grepping
- Match for `.hits.total.value` if version >= 7, otherwise it always
  passes
- Make curl fail if requests fails

* nixos/filebeat: Add initial module and test

Filebeat is an open source file harvester, mostly used to fetch logs
files and feed them into logstash.

This module can be used instead of journalbeat if used with
`filebeat7` and configured with the `journald` input.

* python3Packages.parsedmarc.tests: Fix breakage

- Don't use the deprecated elasticsearch7-oss package
- Improve jq query robustness and add tracing

* rl-2205: Note the addition of the filebeat service

* elk6: 6.8.3 -> 6.8.21

The latest version includes a fix for CVE-2021-44228.

* nixos/journalbeat: Add a loose dependency on elasticsearch

Avoid unnecssary back-off when elasticsearch is running on the same
host.
2021-12-17 00:20:52 +09:00
Markus S. Wamser b93e478777 writers.PyPy{2,3}: init 2021-12-15 10:01:08 +01:00
Markus S. Wamser 4e42f6bcb3 writers.writePython2: remove 2021-12-15 09:56:14 +01:00
Julien Moutinho 7475554372 nixos/redis: enable multiple instances of redis-server 2021-12-13 14:42:19 -05:00
Vincent Haupert 0b5c9f81e2 nixos/aesmd: add module
Co-authored-by: Alex Zero <joseph@marsden.space>
2021-12-10 10:18:31 +01:00
Silvan Mosberger 15c41e1d54
Merge pull request #147265 from pennae/option-docs-build
put all option docs build flavors on equal footing
2021-12-08 21:27:02 +01:00
Patrick Hilhorst 29671bc365
Merge pull request #137260 from onny/maddy 2021-12-08 00:00:13 +01:00
Jonas Heinrich ecd88f91a0
nixos/maddy: Add module for maddy
Co-authored-by: Patrick Hilhorst <git@hilhorst.be>
2021-12-07 22:58:22 +01:00
Maximilian Bosch c959de5b30
Merge pull request #148360 from helsinki-systems/drop/pg96
postgresql_9_6: drop
2021-12-06 21:57:05 +01:00
pennae c533b01863 nixos/doc/manual: remove non-matching optionsXML inherit 2021-12-06 16:12:32 +01:00
Alvar Penning 521f30f80c claws-mail: remove claws-mail-gtk2 version
The GTK+ 2 version of Claws Mail, major version number three, relies on
Python 2, which is end-of-life and might be dropped in the nixpkgs.

In favour of #148779, this older branch of Claws Mail was removed.
2021-12-05 23:08:18 +01:00
Martin Weinelt 68dc5484e9 nixos/doc/manual/release-notes/rl-2111: add prometheus-smartctl-exporter 2021-12-05 03:18:17 +01:00
Dmitry Kalinkin 721e732e36
Merge pull request #147809 from veprbl/pr/wafHook_release_notes
doc: add release notes for a wafHook change
2021-12-03 11:57:26 -05:00
Philipp Dargel a3401f6e33 OpenJDK: expose more versions
Provide a way to access all JDK versions.
2021-12-02 17:54:20 -08:00
ajs124 757dd008b2 postgresql_9_6: drop 2021-12-03 01:14:29 +01:00
Nicolas Benes 7065725f68
doc: add release notes for a wafHook change 2021-12-02 18:46:48 -05:00
Martin Weinelt 34d4676e9d
nixos/doc/manual/release-notes/rl-2111: fix multiple option links 2021-12-02 19:03:05 +01:00
Martin Weinelt d1da5658a6
nixos/doc/manual/release-notes/rl-2111: move highlights introduction 2021-12-02 18:45:04 +01:00
Vonfry 932ab304f0
emacsPackages.orgPackages: deprecated
org elpa is deprecated and moved into gnu elpa and nongnu elpa.

link: nix-community/emacs-overlay#191
2021-12-02 16:16:59 +08:00
Michele Guerini Rocco d616fde3ae
Merge pull request #146967 from AndrewKvalheim/PermanentMACAddress
nixos/doc: improve example of renaming network interfaces
2021-12-01 09:03:14 +01:00
Timothy DeHerrera 2f0f91fe69
Merge pull request #147898 from tomberek/release_bump
nixos/rl-21.11: bump
2021-11-29 19:12:44 -07:00
Timothy DeHerrera b1faa37cdf 21.11 Release Notes: fix typos 2021-11-29 20:15:37 -05:00
Tom Bereknyei af92f1c0cc [21.11] update README.md
[21.11] update upgrading

[21.11] update release date

run generation
2021-11-29 20:15:35 -05:00
sternenseemann 31ff641504 Merge remote-tracking branch 'origin/master' into haskell-updates 2021-11-28 19:31:56 +01:00
Daniel Olsen 0fff6b89ea hydrus: 462 -> 463 2021-11-28 04:11:31 +01:00
Daniel Olsen 40fb87f5ca nixos/doc: Add note about big updates regarding hydrus to release notes 2021-11-28 04:11:30 +01:00
github-actions[bot] 7012b918c3
Merge master into haskell-updates 2021-11-28 00:08:47 +00:00
Michael Weiss 1cfecb636b
Revert "Merge pull request #141192 from helsinki-systems/feat/improved-socket-handling2"
This reverts commit 57961d2b83, reversing
changes made to b04f913afc.
(I.e. this reverts PR #141192.)

While well-intended, this change does unfortunately introduce very
serious regressions that are especially disruptive/noticeable on desktop
systems (e.g. users of Sway will loose their graphical session when
running "nixos-rebuild switch").

Therefore, this change has to be reverted ASAP instead of trying to fix
it in "production".
Note: An updated version should be extensively discussed, reviewed, and
tested before re-landing this change as an earlier version also had to
be reverted for the exact same issues [0].

Fix: #146727

[0]: https://github.com/NixOS/nixpkgs/pull/73871#issuecomment-559783752
2021-11-27 17:22:22 +01:00
sternenseemann d4c2ca42d9 Merge remote-tracking branch 'origin/master' into haskell-updates 2021-11-25 21:20:21 +01:00
sternenseemann 558da925f3 ghc: make sure top level exposed GHC is always host->target
See the added comment in all-packages.nix for a more detailed
explanation. This makes the top-level GHC different from
haskellPackages.ghc (which is build->host and used for building the
package set), but more consistent with gcc, gnat etc.

Specifically, pkgsCross.${platform}.buildPackages.ghc will now be a
cross-compiler instead of a native build->build compiler.

Since this change has a slight chance of being disruptive, add a note to
the changelog.
2021-11-25 20:18:25 +01:00
Vladyslav Burzakovskyy 4deec4ec53 kratos: 0.7.6-alpha.1 -> 0.8.0-alpha.3 2021-11-23 16:11:48 +01:00
sternenseemann ef63ed7b10 nixos/doc: check in converted docbook for 22.05 release notes
This was forgotten in 2768bc07f7 and
should hopefully avoid an all too confusing rebase / merge conflict
later.
2021-11-22 23:21:27 +01:00
Timothy DeHerrera 2768bc07f7
add release notes for 22.05 and update codename 2021-11-22 15:10:53 -07:00
Graham Christensen 6cfd23fa0b nixos-install: support --no-root-password 2021-11-22 22:09:50 +02:00
Andrew Kvalheim 12bab91d3b nixos/doc: improve example of renaming network interfaces
For reliably identifying network interfaces, `PermanentMACAddress` is
likely to be preferable to `MACAddress`. NetworkManager in particular
commonly changes the MAC address of wireless interfaces.

Reference:

  - https://www.freedesktop.org/software/systemd/man/systemd.link.html#PermanentMACAddress=
2021-11-21 20:12:31 -08:00
Thiago Kenji Okada 36f6fd1f41 nixos/doc: add release notes about retroarch changes 2021-11-20 16:34:01 -03:00
sternenseemann debf4fc929 gnat: 9 -> 11
Update the default GNAT version from 9 to 11, as GNAT >= 11 is required
to compile the 22.* AdaCore libraries.

To allow this, we need to pick a patch from ghdl's master fixing a
compilation problem with GNAT 11.
2021-11-15 22:41:56 +01:00
Mikael Voss aeaafd1502 doc: Explain daemon(IO)NiceLevel removal in release note 2021-11-15 18:34:17 +01:00
github-actions[bot] c0c7fbda14
Merge master into staging-next 2021-11-13 00:01:45 +00:00
Artturi 4e61e1242c
Merge pull request #144933 from Artturin/ananicyinit
ananicy: init at unstable-2021-11-05
2021-11-12 21:08:14 +02:00
github-actions[bot] f2d7271432
Merge master into staging-next 2021-11-11 18:01:13 +00:00
Sandro 8f5e231aae
Merge pull request #144618 from fgaz/staticjinja/4.1.1 2021-11-11 14:43:45 +01:00
Artturin 8743e81cd3 nixos/ananicy: init 2021-11-11 02:05:42 +02:00
github-actions[bot] 259e08cd22
Merge master into staging-next 2021-11-10 18:01:21 +00:00
Anderson Torres d8f5d7f06b
Merge pull request #145227 from Synthetica9/julia-to-stable
julia: point to -stable instead of -lts
2021-11-10 12:58:23 -03:00
github-actions[bot] 6e4d2d1f10
Merge master into staging-next 2021-11-10 00:01:31 +00:00
Janne Heß edb295084a
Merge pull request #145181 from helsinki-systems/release-notes/openssh
nixos/changelog: Mention OpenSSH upgrade
2021-11-09 21:56:43 +01:00
Bernardo Meurer 8aa7ae22b8
nixos/doc/manual/release-notes/rl-2111: Nix 2.4 2021-11-09 10:47:08 -08:00