3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

2229 commits

Author SHA1 Message Date
Niklas Hambüchen 0da74875c0 release notes: Mention WireGuard dynamicEndpointRefreshSeconds 2021-05-16 20:11:51 +02:00
github-actions[bot] 78ae7ac75e
Merge staging-next into staging 2021-05-15 06:22:25 +00:00
github-actions[bot] c48794dcef
Merge master into staging-next 2021-05-15 06:22:22 +00:00
Aaron Andersen 460f8def67
Merge pull request #122255 from aanderse/kodi
kodi: 19.0 -> 19.1
2021-05-14 23:21:08 -04:00
Vladimír Čunát c48eaa70e3
Merge branch 'master' into staging-next 2021-05-14 22:27:34 +02:00
Robert Schütz e611d663f4
Merge pull request #120440 from dotlambda/radicale-settings
nixos/radicale: add settings option
2021-05-14 15:37:26 +02:00
Jan Tojnar ac6a4f7cf5
Merge branch 'staging-next' into staging 2021-05-14 01:40:09 +02:00
github-actions[bot] 39e3f7c2cc
Merge master into staging-next 2021-05-13 18:32:50 +00:00
Jonas Chevalier c6b62f2381
mkShell: introduce packages argument (#122180)
The distinction between the inputs doesn't really make sense in the
mkShell context.  Technically speaking, we should be using the
nativeBuildInputs most of the time.

So in order to make this function more beginner-friendly, add "packages"
as an attribute, that maps to nativeBuildInputs.

This commit also updates all the uses in nixpkgs.
2021-05-13 19:17:29 +02:00
Robert Hensing 7b0e0ca35e nixos-install-tools: init
The essential commands from the NixOS installer as a package

With this package, you get the commands like nixos-generate-config and
nixos-install that you would otherwise only find on a NixOS system, such
as an installer image.

This way, you can install NixOS using a machine that only has Nix.

It also includes the manpages, which are important because the commands
rely on those for providing --help.
2021-05-13 01:29:02 +02:00
Thomas Tuegel af8532eee9
Add KDE Gear 21.04 to the release notes 2021-05-11 12:15:51 -05:00
hyperfekt 3e3e763a07 nixos/systemd: enable systemd-pstore.service
As described in issue #81138, the Install section of upstream units is
currently ignored, so we make it part of the sysinit.target manually.
2021-05-09 23:21:51 +02:00
Aaron Andersen 3f499a9c64 kodi: 19.0 -> 19.1 2021-05-08 18:26:19 -04:00
Martin Weinelt 9651084620 Merge remote-tracking branch 'origin/master' into staging-next 2021-05-08 14:43:43 +02:00
Jan Tojnar 468cb5980b gnome: rename from gnome3
Since GNOME version is now 40, it no longer makes sense to use the old attribute name.
2021-05-08 09:47:42 +02:00
github-actions[bot] 1ae6d3d02f
Merge master into staging-next 2021-05-07 18:24:29 +00:00
Robin Gloster 29e92116d1
Merge pull request #118037 from mayflower/privacy-extensions-configurable
nixos/network: allow configuring tempaddr for undeclared interfaces
2021-05-07 13:01:29 -05:00
github-actions[bot] 12193913a1
Merge staging-next into staging 2021-05-07 12:23:21 +00:00
Linus Heckemann 47828e7dc0 nixos/manual: document IPv6 Privacy Extensions options 2021-05-07 13:55:11 +02:00
Jan Tojnar 913123f3b1
rl-2105: Mention GNOME 40 2021-05-05 22:42:58 +02:00
Robert Schütz 762be5c86d nixos/radicale: harden systemd unit 2021-05-04 17:43:26 +02:00
github-actions[bot] dfafc173e0
Merge staging-next into staging 2021-05-04 12:23:31 +00:00
Robert Schütz 022c5b0922 nixos/radicale: add settings option
The radicale version is no longer chosen automatically based on
system.stateVersion because that gave the impression that old versions
are still supported.
2021-05-04 10:22:05 +02:00
Silvan Mosberger b8336c2b8a
formats.ini: Introduce listToValue argument (#121613)
Allows coercing lists to values. E.g.

  formats.ini { listToValue = lib.concatMapStringsSep ", " (lib.generators.mkValueStringDefault {}); }
2021-05-04 09:49:25 +02:00
github-actions[bot] 98d7aac597
Merge staging-next into staging 2021-05-04 00:49:43 +00:00
Marc 'risson' Schmitt 52f6733203
nixos/unbound: deprecate extraConfig in favor of settings
Follow RFC 42 by having a settings option that is
then converted into an unbound configuration file
instead of having an extraConfig option.

Existing options have been renamed or kept if
possible.

An enableRemoteAccess has been added. It sets remote-control setting to
true in unbound.conf which in turn enables the new wrapping of
unbound-control to access the server locally.  Also includes options
'remoteAccessInterfaces' and 'remoteAccessPort' for remote access.

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2021-05-03 21:27:15 +02:00
github-actions[bot] 5e177b16b1
Merge staging-next into staging 2021-05-03 18:25:49 +00:00
Silvan Mosberger 3e930b7e4a
Merge pull request #121294 from nh2/issue-121288-wireguard-fix-chmod-race
wireguard module: generatePrivateKeyFile: Fix chmod security race
2021-05-03 16:24:42 +02:00
github-actions[bot] a4c3a2d732
Merge staging-next into staging 2021-05-03 12:26:48 +00:00
José Romildo Malaquias 8073df31a5
Merge pull request #121046 from romildo/fix.xfce
xfce: does not explicitly require a gvfs package
2021-05-03 08:14:56 -03:00
Luke Granger-Brown 2eddff5480
Merge pull request #120569 from abathur/yadm-3x-release-note
yadm: add release note for 3.x
2021-05-03 10:50:45 +01:00
github-actions[bot] afe3fd192f
Merge staging-next into staging 2021-05-03 00:53:51 +00:00
Martin Weinelt d942d4473d neovim, neovimUtils, neovim-qt: drop python2 support
In 2a00e53bd pynvim support for python2 was disabled, this broke the
neovim build. I really think it is time to let go of python2 support in
neovim.
2021-05-02 22:43:53 +02:00
José Romildo Malaquias a611906544 xfce: add release note about dropping lighter gvfs package 2021-05-02 14:26:52 -03:00
github-actions[bot] ef6416a6ba
Merge staging-next into staging 2021-05-01 00:54:32 +00:00
Martin Weinelt e0f1e1f7bf
nixos/zigbee2mqtt: convert to rfc42 style settings 2021-04-30 19:42:26 +02:00
Niklas Hambüchen a874a8a98b release notes: Mention wireguard generatePrivateKeyFile permission changes 2021-04-30 19:28:04 +02:00
Travis A. Everett 5fb284dda6 yadm: add release note for 3.x 2021-04-30 11:07:35 -05:00
github-actions[bot] 97889a52e1
Merge staging-next into staging 2021-04-27 18:14:28 +00:00
ajs124 39a51c9923
Merge pull request #118338 from Izorkin/update-nginx-zlib-ng
nginx: update to 1.20.0, replace zlib to zlib-ng
2021-04-27 16:36:25 +02:00
github-actions[bot] 8634c6f7d1
Merge staging-next into staging 2021-04-26 00:17:03 +00:00
Michele Guerini Rocco e035c1b417
Merge pull request #119952 from attila-lendvai/extraLayouts
nixos/doc/manual: refine extraLayouts, add warnings an test commands
2021-04-25 21:06:49 +02:00
Jan Tojnar c1f851b2ee
Merge branch 'staging-next' into staging 2021-04-25 08:22:13 +02:00
Martin Weinelt e8988f7a30 nixos/babeld: run as DynamicUser
The last bits to prevent babeld from running unprivileged was its
kernel_setup_interface routine, that wants to set per interface
rp_filter. This behaviour has been disabled in a patch that has been
submitted upstream at https://github.com/jech/babeld/pull/68 and reuses
the skip-kernel-setup config option.

→ Overall exposure level for babeld.service: 1.7 OK 🙂
2021-04-25 00:54:52 +02:00
Michael Raskin d04f1c4314
Merge pull request #101071 from ju1m/apparmor
apparmor: try again to fix and improve
2021-04-24 11:24:26 +00:00
Attila Lendvai 603707a137 nixos/doc/manual: refine extraLayouts, add warnings an test commands 2021-04-24 09:52:43 +02:00
github-actions[bot] 944e32775d
Merge staging-next into staging 2021-04-24 00:16:20 +00:00
Luke Granger-Brown 4de343cccf nixos/test-driver: use a variety of different Tesseract settings for OCR
When performing OCR, some of the Tesseract settings perform better than
others on a variety of different workloads, but they mostly take
~negligible incremental time to run compared to the overhead of running
the ImageMagick filters.

After this commit, we try using all three of the current Tesseract
models (classic, LSTM, and classic+LSTM) to generate output text. This
fixes chromium-90's tests at release-20.09, and should make cases where
you're looking for *specific* text better, with the tradeoff of running
Tesseract multiple times.

To make it sensible to cherrypick this into release-20.09, this doesn't
change the existing API surface for the test driver. In particular,
get_screen_text continues to have the existing behaviour.
2021-04-23 18:42:35 +00:00
davidak fabdd46503 kbdKeymaps: remove
dvp and neo are now included in kbd

includes documentation in release notes and alias
2021-04-23 16:41:06 +02:00
Julien Moutinho b42a0e205d nixos/apparmor: disable killUnconfinedConfinables by default 2021-04-23 07:20:20 +02:00
Julien Moutinho 03b2156d26 nixos/apparmor: move release note to 21.05 2021-04-23 07:19:32 +02:00
Julien Moutinho 05d334cfe2 Revert "Revert "apparmor: fix and improve the service""
This reverts commit 420f89ceb2.
2021-04-23 07:17:55 +02:00
Izorkin 65ce0419ad
nginx: add release notes 2021-04-21 11:18:14 +03:00
Daniël de Kok f75286e063 cudatoolkit-{9,9_0,9_1,9_2}: remove
Remove old CUDA toolkits (and corresponding CuDNN versions).

- Not supported by upstream anymore.
- We do not use them in nixpkgs.
- We do not test or actively maintain them.
- Anything but ancient GPUs is supported by newer toolkits.

Fixes #107131.
2021-04-18 11:55:10 +02:00
Jörg Thalheim 0854659567
Merge pull request #119389 from marsam/drop-postgresql_9_5
postgresql_9_5: drop
2021-04-16 19:29:21 +01:00
Guillaume Girol f1a2ab6818
Merge pull request #115332 from symphorien/usertype
nixos/users: require one of users.users.name.{isSystemUser,isNormalUser}
2021-04-14 19:38:26 +00:00
Symphorien Gibol 7a87973b4c nixos/users: require one of users.users.name.{isSystemUser,isNormalUser}
As the only consequence of isSystemUser is that if the uid is null then
it's allocated below 500, if a user has uid = something below 500 then
we don't require isSystemUser to be set.

Motivation: https://github.com/NixOS/nixpkgs/issues/112647
2021-04-14 20:40:00 +02:00
Florian Klink 5429cc1af4 rl-2105: Document /etc/systemd-mutable/system is gone from the defaults, point to boot.extraSystemdUnitPaths 2021-04-14 12:52:58 +02:00
taku0 4c87cb87a2
Merge pull request #67684 from indiscipline/minio
nixos/minio: allow multiple data directories for erasure coding
2021-04-13 18:29:28 +09:00
Sandro 1781eeade9
Merge pull request #118773 from peterhoeg/doc/packagekit
document packagekit changes
2021-04-12 17:19:47 +02:00
Indiscipline 9ffc4ad790 nixos/minio: allow multiple data directories for erasure coding 2021-04-10 14:44:45 +03:00
Maximilian Bosch 842f900e73
Merge pull request #114128 from jorsn/docs.fix-hostName
nixos/docs: fix example for code-generated modules
2021-04-09 18:05:51 +02:00
Kim Lindberger 5a1bd5ff66
Merge pull request #116074 from talyz/discourse
discourse: Add package and NixOS module
2021-04-08 14:19:49 +02:00
Peter Hoeg b7f5bc61f3 document packagekit 2021-04-08 09:23:54 +08:00
talyz bc26a46943
rl-2105: Add Discourse module note 2021-04-05 13:56:02 +02:00
Guillaume Girol fe0e0afbc0
Merge pull request #92929 from symphorien/postgresql-check-config-file
nixos/postgresql: check config file syntax at build time
2021-04-02 16:27:03 +00:00
ajs124 2f42097c88
Merge pull request #118090 from helsinki-systems/upd/xfsprogs
xfsprogs: 5.10.0 -> 5.11.0
2021-04-01 13:51:01 +02:00
Mario Rodas 72ab382fb6 postgresql_9_5: drop
PostgreSQL 9.5 has reached EOL on February 11, 2021.
See https://www.postgresql.org/support/versioning/
2021-04-01 04:20:00 +00:00
Martin Weinelt 285301cd1f linuxPackages: 5.4 -> 5.10
The 5.10 series is the next longterm version of the linux kernel and
I've been using it on multiple x86_64 machines ever since it came out.

I think it is time to switch over the default now, so we get some
additional testing in time for NixOS 21.05.
2021-03-31 11:29:33 -04:00
Frederik Rietdijk 9b9e9cff00
Merge pull request #117015 from NixOS/staging-next
Staging next
2021-03-31 12:42:19 +02:00
davidak fe3eb35133
Merge pull request #97565 from samuelgrf/defaultPackages-nano
nixos/config: move nano to defaultPackages
2021-03-31 09:17:56 +02:00
github-actions[bot] 4ba71fb819
Merge master into staging-next 2021-03-31 00:12:29 +00:00
ajs124 db8b545233 xfsprogs: 5.10.0 -> 5.11.0
also try to correct meta.license
2021-03-30 20:14:53 +02:00
talyz abba76a3b9
nixos/gitlab: Document automatic backups 2021-03-30 19:15:33 +02:00
Samuel Gräfenstein e6cd793a74
nixos/config: move nano to defaultPackages
Some people already have another editor installed and may want to
get rid of applications they don't use.
2021-03-30 11:50:03 +02:00
github-actions[bot] 8cebf1dc19
Merge master into staging-next 2021-03-25 06:05:58 +00:00
Léo Gaspard 219ee8d091
release notes: typo fixes (#117539) 2021-03-25 01:28:41 +01:00
github-actions[bot] 380cb1e995
Merge master into staging-next 2021-03-24 12:11:57 +00:00
Robert Hensing 2f7be87a8a nixos/doc: Update Writing Documentation to use nix-shell 2021-03-22 21:21:08 +01:00
Robert Hensing 12e7698a65 nixos/doc/manual/Makefile: Do not format
Formatting has been neglected. Running `make` would format dozens
of files, which is a great way of scaring away newcomers and those
with less git experience. It would also annoy the heck out of
regular contributors.

The purpose of formatting is to avoid a small annoyance, so it
should not become a big annoyance that makes people give up on
their work.
2021-03-22 21:15:11 +01:00
github-actions[bot] feda7be375
Merge master into staging-next 2021-03-22 12:26:55 +00:00
Michele Guerini Rocco a88356cbbe
Merge pull request #97048 from bluecmd/patch-1
nixos/manual: luks entries are auto-detected
2021-03-22 08:15:42 +01:00
github-actions[bot] 1398d44bac
Merge staging-next into staging 2021-03-16 00:39:16 +00:00
Jade c6189e2f28 manual/installation: s/boot.loader.systemd/boot.loader.systemd-boot
The link had the wrong title.
2021-03-15 01:26:32 -07:00
Jan Tojnar a16ce80193
Merge branch 'staging-next' into staging 2021-03-14 02:09:44 +01:00
Jan Tojnar b19f08ec61
nixos/doc: Fix release notes syntax 2021-03-14 02:01:46 +01:00
Doron Behar 5e367ecef9
Merge pull request #106599 from doronbehar/pkg/gnuradio/pkgs 2021-03-13 17:27:40 +00:00
Aaron Andersen 0bf8f56105
Merge pull request #115871 from aanderse/kodi-packages
kodi: plugins cleanup
2021-03-13 10:10:20 -05:00
Frederik Rietdijk 9d03ff5222 python: reproducible builds
Achieve reproducible builds of the interpreter. Note this meant
disabling optimizations again.
2021-03-13 13:11:50 +01:00
Doron Behar 2d08e55e9b gnuradio.pkgs: init
- Write a `mkDerivation` and `mkDerivationWith` function for gnuradio,
  like qt5.
- qradiolink, gqrx: Use gnuradio's callPackage and mkDerivation.
- Use gnuradio.callPackage to define all gnuradio.pkgs.
- Move all gnuradio packages expressions to pkgs/development/gnuradio-modules/ -
  modeled after Python's.
- Add more paths to gnuradio's wrapper - add the extra packages as
  python modules, and add their executables with proper env vars
  wrapping.

Co-authored-by: Frederik Rietdijk <fridh@fridh.nl>
2021-03-13 12:46:59 +02:00
Jan Tojnar 9a64ee2b45
Merge branch 'staging-next' into staging 2021-03-13 01:58:15 +01:00
Philipp Riegger ac59cb8276 nixos/release-notes/rl-2105.xml: fix typo 2021-03-12 15:44:13 +01:00
Aaron Andersen 696ac06a93 kodi: add release notes for version 19.0 update 2021-03-11 20:35:54 -05:00
Aaron Andersen 4769eb4f58 kodi: add release notes for kodi.withPackages 2021-03-11 20:35:54 -05:00
Bryan Gardiner d3ea5a7290
nixos/manual/writing-nixos-tests: document how to disable Black silently 2021-03-10 18:56:52 -08:00
Chris Martin 5ae6e17795 kindlegen: remove the package (closes #96439) 2021-03-10 07:33:53 +00:00
Sarah Brofeldt fd02940262 nixos/apache-kafka: Use version-matched jre 2021-03-10 08:10:30 +01:00
rnhmjoj f3c77e5e61
nixos/release-notes: highlight privoxy updates 2021-03-09 11:03:00 +01:00
Michele Guerini Rocco af6037b338
Merge pull request #111551 from xaverdh/xserver-modern-drivers
nixos/xserver: use modern video drivers
2021-03-09 08:14:24 +01:00
Johan Thomsen 7b5c38e973 nixos/kubernetes: docker -> containerd
also, nixos/containerd: module init
2021-03-07 12:51:14 +10:00
Daniël de Kok 158578de40
Merge pull request #114731 from danieldk/release-notes-cargo-hooks
nixos/rl-2105: add hookification of buildRustPackage
2021-03-06 11:49:21 +01:00
TredwellGit e3d705e601 nixos/xserver: use modern video drivers
cirrus is obsolete: https://www.vintage3d.org/cirrus.php
nv is obsolete: https://www.phoronix.com/scan.php?page=article&item=nvidia_kills_nv&num=1
vesa is obsolete: https://www.phoronix.com/scan.php?page=news_item&px=Nzc3Nw
ati and ati_unfree are superseded by amdgpu and amdgpu-pro: https://wiki.gentoo.org/wiki/ATI_FAQ#Is_my_AMD.2FATI_board_supported.3F
nouveau and fbdev added for better fallback support.
2021-03-06 08:47:18 +01:00
Maximilian Bosch 594eff1d59
Merge pull request #113958 from Ma27/nextcloud21
nextcloud21: init at 21.0.0, set as default version
2021-03-04 21:47:26 +01:00
Daniël de Kok 3faea849b9 nixos/rl-2105: add hookification of buildRustPackage 2021-03-04 11:19:11 +01:00
laikq 5c99d24d1e doc: explain where pkgs comes from in writing-modules
The manual mentions how "[config and pkgs] are explained later". Added a link
to where they are explained, and a hint pointing to the NIX_PATH variable.
2021-03-03 11:09:21 -05:00
Kim Lindberger e72375464b
Merge pull request #113635 from talyz/gitlab-improvements
nixos/gitlab: Clean config dir, switch to puma, split PreStart script and more
2021-03-01 13:37:53 +01:00
Milan Svoboda df3d560999 nixos/nix-gc: add persistent and randomizeDelaySec options 2021-02-28 04:21:21 -05:00
Robert Schütz 5cc881d0d8 imagemagick: make 7.0 default 2021-02-27 18:34:36 +01:00
talyz 2b3800b9c7
nixos/gitlab: Change default SMTP port, enable postfix only if used
Change the default SMTP port to `25`, to better match the default
address `localhost`. This gets rid of some error outputs in the test,
where it fails to connect to localhost:465.

Also, don't enable postfix by default unless it's actually useful to
us.
2021-02-24 18:32:24 +01:00
Johannes Rosenberger aa5124d229 nixos/docs: fix example for code-generated modules 2021-02-23 15:38:23 +01:00
Florian Klink f3af2df658
Merge pull request #111635 from xaverdh/hide-pid-broken
nixos/hidepid: remove module, it's broken
2021-02-23 00:20:29 +01:00
Maximilian Bosch f7011c70f3
nextcloud21: init at 21.0.0, set as default version
ChangeLog: https://nextcloud.com/changelog/#latest21

* Packaged 21.0.0, test-deployed it to my personal instance and tested
  the most basic functionality (`davfs2`-mount, {card,cal}dav sync, file
  management).

* Bumped the default version for unstable/21.05 to `nextcloud21`. Since
  `nextcloud20` was added after the release of 20.09 (and thus the
  default on 20.09 is still `nextcloud19`), it's now needed to upgrade
  across two majors.

  This is not a problem though since it's possible to upgrade to v20 on
  20.09 already and if not, the module will guard the administrator
  through the upgrade with eval warnings as it's the case since 20.03.

* Dropped `nextcloud17` attribute and marked `nextcloud18` as EOL.
2021-02-22 13:04:42 +01:00
David Arnold 6bfaed9b2c
installer: fixup sd-card folder move from #110827 2021-02-21 16:12:54 -05:00
Dominik Xaver Hörl f7fce2c52f nixos/rl-2105: document removal of the hidepid module 2021-02-21 13:51:37 +01:00
Florian Klink e3d3643f1b nixos/release-notes/rl-2105.xml: fix typo 2021-02-21 13:14:55 +01:00
WORLDofPEACE 3c88820235 rl-2105: rngd 2021-02-21 07:09:13 -05:00
nicoo 16b6c4b2d7 nixos/manual/virtualbox-guest: Remove mentions of rngd 2021-02-21 01:37:18 +01:00
Michele Guerini Rocco 19d715c573
Merge pull request #107382 from rnhmjoj/no-udev-settle
nixos/{networkd,dhcpcd}: remove udev-settle hack
2021-02-20 20:49:19 +01:00
rnhmjoj d683d26d89
nixos/release-notes: warn on interface renaming 2021-02-19 09:26:14 +01:00
rnhmjoj aafaf3ba97
nixos/docs: add section on renaming interfaces 2021-02-19 09:26:14 +01:00
Dominik Xaver Hörl 3629c74c10 nixos/rl-2105: document removal of systemConfig parameter 2021-02-18 12:48:08 +01:00
Luke Granger-Brown cfed3b8b22 treewide: update 21.03 to 21.05
The NixOS 21.03 release has been delayed to 21.05. See NixOS/rfcs#80.

There are two instances of 21.03 which have been left as is, since they
are in stateVersion comparisons. This will ensure that existing user
configurations which refer to 21.03 will continue to work.
2021-02-12 14:12:48 -08:00
Bernardo Meurer 77a76e2ff8
release-notes/rl-2103: mention removal of flashplayer support from tree 2021-02-08 09:40:20 -08:00
Michele Guerini Rocco c9f6a7f349
Merge pull request #111624 from rnhmjoj/thinkfan
nixos/thinkfan: rewrite for 1.2 update
2021-02-08 12:20:07 +01:00
rnhmjoj c753910d98
nixos/release-notes: mention thinkfan 1.2 update 2021-02-07 14:35:37 +01:00
Michael Weiss d0b891c828
isync: 1.3.4 -> 1.4.0
Important changes:
- The 'isync' compatibility wrapper was removed.
- The Master/Slave configuration keywords where deprecated and should be
  replaced with Far/Near. All users should update their configuration
  file accordingly. It's a trivial change and the old Master/Slave
  keywords will still work for now but result in the following message:
  Notice: Master/Slave are deprecated; use Far/Near instead.

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-02-04 19:54:54 +01:00
John Ericson 6717246373
Merge pull request #111284 from siraben/remove-new-stdenv-lib
stdenv: warn about use of inherited lib
2021-01-30 22:28:05 -05:00
Elias Probst 27da11972d nixos/restic: correct location of cache directory
By default, restic determines the location of the cache based on the XDG
base dir specification, which is `~/.cache/restic` when the environment
variable `$XDG_CACHE_HOME` isn't set.
As restic is executed as root by default, this resulted in the cache being
written to `/root/.cache/restic`, which is not quite right for a system
service and also meant, multiple backup services would use the same cache
directory - potentially causing issues with locking, data corruption,
etc.

The goal was to ensure, restic uses the correct cache location for a
system service - one cache per backup specification, using `/var/cache`
as the base directory for it.

systemd sets the environment variable `$CACHE_DIRECTORY` once
`CacheDirectory=` is defined, but restic doesn't change its behavior
based on the presence of this environment variable.
Instead, the specifier [1] `%C` can be used to point restic explicitly
towards the correct cache location using the `--cache-dir` argument.

Furthermore, the `CacheDirectoryMode=` was set to `0700`, as the default
of `0755` is far too open in this case, as the cache might contain
sensitive data.

[1] https://www.freedesktop.org/software/systemd/man/systemd.unit.html#Specifiers
2021-01-30 18:24:51 -08:00
Ben Siraphob 0fa4858791 release-notes/rl-2103: mention deprecation of stdenv.lib 2021-01-30 20:26:37 +07:00
Erik Arvstedt 0b5fd3b784 qemu-guest: remove security.rngd setting
Since release 20.09 `rngd.enable` defaults to false, so this setting is redundant.

Also fix the `qemu-quest` section of the manual that incorrectly claimed
that `rngd` was enabled.
2021-01-27 18:27:34 +01:00
Florian Klink 1030745555
Merge pull request #106857 from m1cr0man/master
nixos/acme: Fixes for account creation and remove tmpfiles usage
2021-01-27 17:52:16 +01:00
bb2020 603e14c793 nixos/alsa: disable OSSEmulation by default
OSS Emulation is considered incomplete so disabling it by default.
Using user level alsa-oss library (nix-env -iA nixos.alsaOss) over
this kernel module is recommended.
2021-01-26 15:06:33 +03:00
Attila Lendvai 21c56fc3cf nixos/doc/manual: In the preface, add link to #chap-contributing
Turned the freetext suggestion about opening the build output
into a copy-pastable xdg-open line.

Renamed title to 'Contributing to this manual'.
2021-01-23 18:58:54 -08:00
markuskowa 2f34b4b883
Merge pull request #108983 from markuskowa/dev-mpi
Use mpi attribute consistently to provide a default MPI implementation
2021-01-23 22:51:09 +01:00
John Ericson 9c213398b3 lib: Clean up how linux and gcc config is specified
Second attempt of 8929989614589ee3acd070a6409b2b9700c92d65; see that
commit for details.

This reverts commit 0bc275e634.
2021-01-23 10:01:28 -05:00
Markus Kowalewski 68fa960f6a
nixos/release-notes: add comment about generic mpi attribute 2021-01-23 12:15:18 +01:00
Jonathan Ringer 0bc275e634
Revert "lib: Clean up how linux and gcc config is specified"
This is a stdenv-rebuild, and should not be merged
into master

This reverts commit 8929989614.
2021-01-22 14:07:06 -08:00
John Ericson d95aebbe0e
Merge pull request #107214 from Ericson2314/linux-config-cleanup
lib: Clean up how linux and gcc config is specified
2021-01-22 15:15:58 -05:00
John Ericson 8929989614 lib: Clean up how linux and gcc config is specified
The `platform` field is pointless nesting: it's just stuff that happens
to be defined together, and that should be an implementation detail.

This instead makes `linux-kernel` and `gcc` top level fields in platform
configs. They join `rustc` there [all are optional], which was put there
and not in `platform` in anticipation of a change like this.

`linux-kernel.arch` in particular also becomes `linuxArch`, to match the
other `*Arch`es.

The next step after is this to combine the *specific* machines from
`lib.systems.platforms` with `lib.systems.examples`, keeping just the
"multiplatform" ones for defaulting.
2021-01-21 22:44:09 -05:00
Linus Heckemann 5153deedd8
Merge pull request #108909 from thiagokokada/libinput-by-device-type
nixos/libinput: separate settings by mouse/touchpad
2021-01-21 10:43:44 +01:00
Jonathan Ringer 4edbbe523c nixos/manual: pkgconfig -> pkg-config 2021-01-19 01:16:25 -08:00
Ryan Mulligan 2b8cdd5f3b
Merge pull request #89472 from asymmetric/relnotes-grub
rl-2003: mention grub 2.04 update
2021-01-18 11:50:52 -08:00
Thiago Kenji Okada 0f762e5582 nixos/doc: document services.xserver.libinput changes 2021-01-13 10:20:38 -03:00
Thiago Kenji Okada 887386fbbe nixos/doc: fix manual reference to libinput 2021-01-13 10:20:34 -03:00
Izorkin 91e580397e
mariadb: 10.4.15 -> 10.5.8 2021-01-12 17:22:54 +03:00
Izorkin d688f790dd
mariadb: drop build server with tokudb storage 2021-01-12 17:22:47 +03:00
rnhmjoj 88f71722ea
nixos/doc: add searx changes to the relase notes 2021-01-11 08:41:16 +01:00
Florian Klink 581232454f
Merge pull request #108726 from omasanori/nixos/netgroup
nixos/networking: make /etc/netgroup by default
2021-01-10 23:01:12 +01:00
Guillaume Girol 0fbc0976db
Merge pull request #106082 from rnhmjoj/uwsgi
nixos/uwsgi: run with capabilities instead of root
2021-01-10 21:51:37 +00:00
rnhmjoj 3a17a9b05e
nixos/docs: add uWSGI changes to the relase notes 2021-01-10 19:33:41 +01:00
Jörg Thalheim 51894963cb
Merge pull request #89775 from numinit/update-androidenv 2021-01-10 15:09:36 +00:00
Jörg Thalheim b815fb2fd9
Merge pull request #105775 from xaverdh/iwd-link-unit 2021-01-10 12:35:25 +00:00
Michele Guerini Rocco db0adc9a44
Merge pull request #108897 from pacien/fish-foreign-env-remove-alias
fish-foreign-env: remove alias to incompatible package
2021-01-10 10:04:43 +01:00
Masanori Ogino d1d6403cb5 nixos/networking: make /etc/netgroup by default
This will prevent nscd from complaining /etc/netgroup being absent.

Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
2021-01-10 11:01:48 +09:00
pacien 052f58ffae fish-foreign-env: remove alias to incompatible package
The fish-foreign-env and the fishPlugins.foreign-env packages aren't
compatible due to changes in directory layout.

It's better to remove the alias so that the evaluation explicitly fails
instead of allowing silent runtime breakage.

GitHub: see https://github.com/NixOS/nixpkgs/pull/107834#issuecomment-756995696
GitHub: see https://github.com/LnL7/nix-darwin/issues/269
GitHub: see https://github.com/nix-community/home-manager/issues/1701
GitHub: see https://github.com/nix-community/home-manager/issues/1702
2021-01-10 01:03:23 +01:00
WORLDofPEACE 7c34e83cb2
Merge pull request #108107 from talyz/reintroduce-epiphany
Revert "nixos/gnome3: don't install epiphany default"
2021-01-09 16:45:31 -05:00
Dominik Xaver Hörl 86b3251c80 nixos/iwd: add release notes for changes to wireless interface renaming 2021-01-09 10:55:41 +01:00
Jörg Thalheim a14ea3aecc
Merge pull request #97740 from ju1m/tor
nixos/tor: improve type-checking and hardening
2021-01-05 16:00:40 +00:00
talyz 8ed9987894
nixos/gnome3: Note the reintroduction of epiphany in release notes 2021-01-05 16:27:20 +01:00
pacien d94921db12 fish-foreign-env: move to fishPlugins.foreign-env
And relocate the installed fish functions to the `vendor_functions.d` so
that they're automatically loaded.
2021-01-04 18:53:59 +01:00
talyz 0f0d5c0c49
profiles/hardened: Add note about potential instability
Enabling the profile can lead to hard-to-debug issues, which should be
warned about in addition to the cost in features and performance.

See https://github.com/NixOS/nixpkgs/issues/108262 for an example.
2021-01-04 16:03:29 +01:00
numinit 5b91d4ab65 Rework androidenv package generation
androidenv did not previously write license files, which caused certain
gradle-based Android tools to fail. Restructure androidenv's list of
Android packages into a single repo.json file to prevent duplication
and enable us to extract the EULA texts, which we then hash with
builtins.hashString to produce the license files that Android gradle
tools look for.

Remove includeDocs and lldbVersions, as these have been removed
from the Android package repositories.

Improve documentation and examples.
2021-01-03 21:27:23 -07:00
Julien Moutinho 0ccdd6f2b0 nixos/tor: improve type-checking and hardening
Fixes #77395.
Fixes #82790.
2021-01-04 01:02:26 +01:00
Maximilian Bosch 3b57908018
Merge pull request #108179 from WilliButz/update/prometheus-json-exporter/0.2.0
prometheus-json-exporter: unstable-2017-10-06 -> 0.2.0
2021-01-03 19:28:12 +01:00
Maximilian Bosch 6e43cc7fb0
nixos/prometheus-exporters: minor doc improvements
* Content of `programlisting` shouldn't be indented, otherwise it's
  weirdly indented in the output.
* Use `<xref linkend=.../>` in the release notes: then users can
  directly go to the option documentation when reading release notes.
* Don't use docbook tags in `mkRemovedOptionModule`: it's only used
  during evaluation where docbook isn't rendered.
2021-01-03 19:04:33 +01:00
github-actions[bot] bc30d1eb34
Merge master into staging-next 2021-01-03 00:56:46 +00:00
ajs124 a2267f6341 xfsprogs: 4.19 -> 5.10 2021-01-02 18:45:22 +01:00
WilliButz 3f94c66ee1
nixos/prometheus-json-exporter: update modules & tests, add release notes 2021-01-02 13:10:27 +01:00
Jörg Thalheim c2fca99f97
Revert "Merge branch 'master' into staging-next"
This reverts commit f19b7b03a0, reversing
changes made to 572a864d02.

Sorry. I pushed the wrong staging-next (the one that had my master
merged in). This was not intended.
2020-12-31 08:50:36 +01:00
Jörg Thalheim f19b7b03a0
Merge branch 'master' into staging-next 2020-12-31 07:31:38 +01:00
Jörg Thalheim b8a19ca2bc
nixos-rebuild: add --impure flag
There are two use case for this flag:

1. NixOS developer usually use a nixpkgs checkout for development.
Copying nixpkgs everytime when rebuilding NixOS is way to slow, even
with NVME disks.

2. Folks migrating from impure configuration in a sufficient complex
infrastructure need this flag to gradually migrate to NixOS flakes.
2020-12-30 07:50:30 +01:00
Jörg Thalheim e1e412215d
nixos-rebuild: document all nix flags 2020-12-30 07:50:30 +01:00
Lucas Savva e5913db0c9 nixos/acme: update documentation and release notes
The instructions on recreating the cert were missing --what=state.
Also added a note on ensuring the group of manual certs is correct.
2020-12-28 00:35:45 +00:00
Frederik Rietdijk 736dd028ca Merge staging-next into staging 2020-12-22 19:43:32 +01:00
WilliButz 97e863ad7f
nixos/doc: add note about codimd -> hedgedoc to release notes 2020-12-22 01:39:03 +01:00
github-actions[bot] d87de5dd7d
Merge staging-next into staging 2020-12-21 12:23:08 +00:00
Sandro 652da3f472
Merge pull request #107134 from psibi/patch-2
nixos/manual: fix typo in virtualbox installation guide
2020-12-21 11:32:52 +01:00
Sibi Prabakaran 15dcf1344f
nixos/manual: fix typo in virtualbox installation guide 2020-12-21 11:01:54 +05:30
Frederik Rietdijk f081225a83
Merge pull request #106533 from helsinki-systems/refactor/waf-hook
[staging] wafHook: Don't wrap Python 2
2020-12-19 19:28:05 +01:00
Silvan Mosberger 9e6737710c Revert "Module-builtin assertions, disabling assertions and submodule assertions" 2020-12-18 16:44:37 +01:00
Michele Guerini Rocco d8cb103f79
Merge pull request #104589 from fadenb/release_notes_wpa_supplicant_breaking_change
nixos/release-notes: Warn on wpa_supplicant changes
2020-12-18 16:11:10 +01:00
Silvan Mosberger 7698aa9776
Merge pull request #97023 from Infinisil/module-assertions
Module-builtin assertions, disabling assertions and submodule assertions
2020-12-18 14:17:52 +01:00
rnhmjoj 8a76f5d811
nixos/doc: fix manual build
This is a fixup of 9728907c
2020-12-18 08:46:03 +01:00
Silvan Mosberger 767d80099c
lib/modules: Introduce _module.checks.*.check
Previously the .enable option was used to encode the condition as well,
which lead to some oddness:
- In order to encode an assertion, one had to invert it
- To disable a check, one had to mkForce it

By introducing a separate .check option this is solved because:
- It can be used to encode assertions
- Disabling is done separately with .enable option, whose default can be
  overridden without a mkForce
2020-12-17 21:52:24 +01:00
Janne Heß cfc4f6347f
wafHook: Don't wrap python2 2020-12-17 19:01:28 +01:00
Andreas Rammhold fa0d499dbf
Merge pull request #106995 from andir/ml2pr/PATCH-nixos-users-groups-createHome-Ensure-HOME-permissions-fix-description
nixos/users-groups: createHome: Ensure HOME permissions, fix description
2020-12-17 17:23:46 +01:00
Markus Kowalewski 5df0cf7461
nixos/slurm: fix dbdserver config file handling
Since slurm-20.11.0.1 the dbd server requires slurmdbd.conf to be
in mode 600 to protect the database password. This change creates
slurmdbd.conf on-the-fly at service startup and thus avoids that
the database password ends up in the nix store.
2020-12-16 20:34:14 +01:00
Alyssa Ross e17d4b05a1 nixos/tor: don't do privoxy stuff by default
It's very surprising that services.tor.client.enable would set
services.privoxy.enable.  This violates the principle of least
astonishment, because it's Privoxy that can integrate with Tor, rather
than the other way around.

So this patch moves the Privoxy Tor integration to the Privoxy module,
and it also disables it by default.  This change is documented in the
release notes.

Reported-by: V <v@anomalous.eu>
2020-12-16 12:20:03 +00:00
Klemens Nanni 8833983f26 nixos/users-groups: createHome: Ensure HOME permissions, fix description
configuration.nix(1) states

    users.extraUsers.<name>.createHome
        [...] If [...] the home directory already exists but is not
        owned by the user, directory owner and group will be changed to
        match the user.

i.e. ownership would change only if the user mismatched;  the code
however ignores the owner, it is sufficient to enable `createHome`:

    if ($u->{createHome}) {
        make_path($u->{home}, { mode => 0700 }) if ! -e $u->{home};
        chown $u->{uid}, $u->{gid}, $u->{home};
    }

Furthermore, permissions are ignored on already existing directories and
therefore may allow others to read private data eventually.

Given that createHome already acts as switch to not only create but
effectively own the home directory, manage permissions in the same
manner to ensure the intended default and cover all primary attributes.

Avoid yet another configuration option to have administrators make a
clear and simple choice between securely managing home directories
and optionally defering management to own code (taking care of custom
location, ownership, mode, extended attributes, etc.).

While here, simplify and thereby fix misleading documentation.
2020-12-16 03:40:29 +01:00
Guillaume Girol 824d2c92bd
Merge pull request #82584 from Atemu/dnscrypt-default-config
dnscrypt-proxy2: base settings on example config
2020-12-15 19:47:43 +00:00
Linus Heckemann cc786acdce
Merge pull request #105397 from kisik21/mailman-other-mta-support
nixos/mailman: make Postfix support optional (provided you configure the MTA yourself)
2020-12-14 09:46:05 +01:00
Vika ad023b0c88
nixos/mailman: make Postfix support optional (provided you configure the MTA yourself)
Mailman can now work with MTAs other than Postfix. You'll have to configure
it yourself using the options in `services.mailman.settings.mta`.

This addition is reflected in the release notes for 21.03.
2020-12-14 02:41:30 +03:00
Atemu 5242cec1b8 rl-2103: document nixos/dnscrypt-proxy2's default config change 2020-12-12 09:15:56 +01:00
Jan Tojnar 4f20afbc19
Merge branch 'master' into staging-next 2020-12-10 04:39:30 +01:00
Damien Diederen f77d01ffc5 zookeeper: 3.4.12 -> 3.6.2
A big jump, but the structure hasn't changed much.

This recipe is still based on a binary release provided by upstream.

(It might be interesting to start doing our own builds at some point,
to split client from server, and/or to create packages for removed
"contribs" such as 'zooInspector'.  Upstream intends to further slim
down its release tarballs as most deployments only need specific assets.)
2020-12-09 15:46:38 +01:00
Gabriel Ebner a474f0d1e6
Merge pull request #105275 from lukegb/nixpkgs-pa14
pulseaudio: 13.0 -> 14.0
2020-12-07 22:45:47 +01:00
zowoq fad293d452 nixos/doc/rl-2103: fix build 2020-12-06 12:15:26 +10:00
Doron Behar 44d041786b rl-2103: Mention gnuradio expressions changes.
Mention 3.8 and that it's now possible to override it and 3.7 to compile
only certain features.
2020-12-05 13:24:05 +02:00
Symphorien Gibol 9816bbbaa5 nixos/rspamd: add release notes 2020-12-01 14:45:56 +01:00
Silvan Mosberger c03a809dc4
Merge pull request #105515 from alyssais/manual-declarative
nixos/manual: don't recommend nix-env -iA
2020-12-01 04:28:43 +01:00