mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Code Issues Wiki Activity
312506 commits 204 branches 125 tags 10 GiB
Commit graph

11268 commits

Author SHA1 Message Date
github-actions[bot] f15360e6a4
Merge master into staging-next 2021-06-26 00:09:07 +00:00
Niklas Hambüchen f254bdb473
Merge pull request #128150 from scvalex/etcd-passthru-test 
etcd: refactor the service to add etcd to systemPackages instead of the etcdctl alias
 2021-06-26 01:50:42 +02:00
Alexandru Scvortov e08b3f0c85 etcd: fix old aliased package name to make tests pass 2021-06-25 23:45:12 +01:00
Robert Schütz d6234c2165 Merge branch 'master' into staging-next 2021-06-26 00:33:58 +02:00
Florian Klink 9de5cbca45
Merge pull request #128079 from flokli/serial-getty-keep-baud 
nixos/getty: add missing --keep-baud
 2021-06-25 22:31:02 +02:00
github-actions[bot] be086cc67b
Merge staging-next into staging 2021-06-25 12:06:08 +00:00
github-actions[bot] bae6b2055f
Merge master into staging-next 2021-06-25 12:06:04 +00:00
Florian Klink ba42d639f1 nixos/getty: add missing --keep-baud 
systemd ships `units/serial-getty@.service.m4` with the `--keep-baud`
option.

We override that unit, and didn't add the `--keep-baud` option. (We have
it in our other getty options there).

Having `--keep-baud` in `serial-getty@` makes a lot of sense - the
console keeps working if it's initialized with a less standard baud
rate, such as the [Helios64](https://wiki.kobol.io/helios64/intro/).
 2021-06-25 09:56:54 +02:00
Yureka 2297eb35e5 nixos/gitlab: require at least postgresql 12 2021-06-25 01:21:19 +02:00
talyz 9af3672f4f
discourse: Fix plugin support 
For plugins to work properly, their assets need to be precompiled
along with the rest of Discourse's assets. This means we need to build
new packages when the list of plugins change.
 2021-06-24 19:38:19 +02:00
github-actions[bot] 1f528e6ac6
Merge staging-next into staging 2021-06-24 00:06:31 +00:00
github-actions[bot] d437a6cac2
Merge master into staging-next 2021-06-24 00:06:27 +00:00
Martin Weinelt 9cc60287dc
Merge pull request #127554 from mweinelt/babel 
nixos/babeld: update hardening
 2021-06-23 21:53:20 +02:00
github-actions[bot] 64eb8c173d
Merge staging-next into staging 2021-06-23 00:09:37 +00:00
github-actions[bot] e8122c3628
Merge master into staging-next 2021-06-23 00:09:33 +00:00
Niklas Hambüchen 959c4e82bc
Merge pull request #100255 from nh2/sshd-default-log-level-info 
sshd service: Default to INFO logLevel (upstream default)
 2021-06-23 02:06:54 +02:00
Niklas Hambüchen 4bd5f1115f
Merge pull request #127166 from nh2/xserver-config-mkAfter-docs 
services.xorg.config: Extend docs
 2021-06-23 01:55:58 +02:00
Niklas Hambüchen a48fea4c5e sshd service: Default to INFO logLevel (upstream default). 
The previous justification for using "VERBOSE" is incorrect,
because OpenSSH does use level INFO to log "which key was used
to log in" for sccessful logins, see:
6247812c76/auth.c (L323-L328)

Also update description to the wording of the sshd_config man page.

`fail2ban` needs, sshd to be "VERBOSE" to work well, thus
the `fail2ban` module sets it to "VERBOSE" if enabled.

The docs are updated accordingly.
 2021-06-23 01:49:11 +02:00
Niklas Hambüchen e85693afde
Merge pull request #127157 from nh2/xserver-readable-config-indentation 
xserver: Generate readable config indentation
 2021-06-23 01:16:50 +02:00
Martin Weinelt b607aadaac
Merge branch 'master' into staging-next 2021-06-22 23:55:21 +02:00
Maximilian Bosch 5aad4e73b6
privacyIDEA: 3.5.2 -> 3.6 
ChangeLog: https://github.com/privacyidea/privacyidea/releases/tag/v3.6

Unfortunately we have to use `sqlalchemy` at 1.3 for `sqlsoup`. As
`sqlalchemy` is required by a lot of packages, I decided to move this
package out of `pythonPackages` itself and instantiate a new
`pythonPackages` inside the expression where `sqlalchemy` points to
`sqlalchemy_1_3`.
 2021-06-22 15:36:36 +02:00
github-actions[bot] b766664645
Merge staging-next into staging 2021-06-22 12:05:04 +00:00
github-actions[bot] c7bb5a79c8
Merge master into staging-next 2021-06-22 12:05:00 +00:00
github-actions[bot] 1df79d27a7
Merge staging-next into staging 2021-06-22 00:07:12 +00:00
Martin Weinelt eef9694ebc
Merge branch 'master' into staging-next 2021-06-22 00:58:31 +02:00
Konrad Borowski 447b1cf03d nixos/prometheus: allow state access for service only 
There is no reason for Prometheus state files to be
world-readable.
 2021-06-21 10:16:47 +02:00
Sandro 84a79c2f0f
Merge pull request #126284 from aanderse/zabbix-user-params 
zabbixAgent: add bash to $PATH
 2021-06-20 17:58:43 +02:00
Sandro e6a012fb00
Merge pull request #127063 from talyz/fail2ban-restart 
nixos/fail2ban: Remove `reloadIfChanged = true`
 2021-06-20 17:57:57 +02:00
github-actions[bot] cca41fbbb9
Merge staging-next into staging 2021-06-20 12:04:41 +00:00
github-actions[bot] 9c8cef37d2
Merge master into staging-next 2021-06-20 12:04:37 +00:00
Martin Weinelt 8739f8cd7b
nixos/babeld: update hardening 2021-06-20 13:52:49 +02:00
illustris e0089c38ca nixos/jitsi-meet: include jitsi prosody plugins in prosody extraPluginPaths 2021-06-20 12:36:51 +02:00
illustris 34b9ba2e61 nixos/jitsi-meet: Update jitsi prosody configs 
Changes made as per b6f7f8fba7
 2021-06-20 12:36:51 +02:00
github-actions[bot] 222489e4be
Merge staging-next into staging 2021-06-19 00:08:40 +00:00
github-actions[bot] d0cc21f4bd
Merge master into staging-next 2021-06-19 00:08:37 +00:00
Martin Weinelt af664bf942
Merge pull request #127127 from mweinelt/home-assistant 
nixos/home-assistant: update hardening
 2021-06-18 20:15:05 +02:00
Daniel Nagy e08f7a3bb8
nixos/infinoted: use port type 2021-06-18 17:32:03 +02:00
Daniel Nagy 5940259a21
nixos/mwlib: use port type 2021-06-18 17:31:44 +02:00
Daniel Nagy 34b4df8993
nixos/subsonic: use port type 2021-06-18 17:30:56 +02:00
Daniel Nagy 06962df4d2
nixos/murmur: use port type 2021-06-18 17:30:33 +02:00
Daniel Nagy 50ba0ac3d6
nixos/dockerRegistry: use port type 2021-06-18 17:30:11 +02:00
Daniel Nagy a8808784e5
nixos/leaps: use port type 2021-06-18 17:29:44 +02:00
Daniel Nagy 50af10e205
nixos/gpsd: use port type 2021-06-18 17:29:24 +02:00
Daniel Nagy 864dabf232
nixos/paperless: use port type 2021-06-18 17:29:15 +02:00
Daniel Nagy bc87386ac1
nixos/redmine: use port type 2021-06-18 17:29:05 +02:00
Daniel Nagy 7d1363d0cb
nixos/nar-serve: use port type 2021-06-18 17:28:54 +02:00
Daniel Nagy 73896b0634
nixos/nix-serve: use port type 2021-06-18 17:28:35 +02:00
Daniel Nagy 4161c37628
nixos/ttyd: use port type 2021-06-18 17:28:17 +02:00
Daniel Nagy d566bd2ddc
nixos/namecoind: use port type 2021-06-18 17:27:42 +02:00
Daniel Nagy 044d996906
nixos/grafana: use port type 2021-06-18 17:27:31 +02:00
Daniel Nagy c726455687
nixos/octoprint: use port type 2021-06-18 17:27:16 +02:00
Daniel Nagy ab5d317d51
nixos/gitea: use port type 2021-06-18 17:27:06 +02:00
Daniel Nagy 4037c974f5
nixos/mysql: use port type 2021-06-18 17:26:55 +02:00
Daniel Nagy d65f16bc02
nixos/rabbitmq: use port type 2021-06-18 17:26:27 +02:00
Niklas Hambüchen 65d3180336 services.xorg.config: Extend docs 2021-06-17 04:08:21 +02:00
Niklas Hambüchen 685e8ff7dd xserver: Generate readable config indentation 2021-06-17 03:34:40 +02:00
Martin Weinelt 36659d1efa
nixos/home-assistant: update hardening 
This makes access to serial devices contingent on using certain
components and restricts the default setup even further.
 2021-06-16 21:31:24 +02:00
github-actions[bot] 8b9fa8d446
Merge staging-next into staging 2021-06-16 18:04:48 +00:00
Jan Tojnar e3dfa79441
Merge branch 'staging-next' into staging 
Regenerated pkgs/servers/x11/xorg/default.nix to resolve the conflict.
 2021-06-16 19:59:05 +02:00
Sandro 22a29f491a
Merge pull request #124566 from mweinelt/synapse-jemalloc 2021-06-16 17:52:56 +02:00
talyz b4c069b147
nixos/fail2ban: Remove reloadIfChanged = true 
This makes the service fail when upgrading the package, so let's
properly restart it instead.
 2021-06-16 13:52:46 +02:00
Erik Skytthe d1b4158155
nixos/grafana: Change services.grafana.provision.datasources.*.type to be open (#126831) 2021-06-16 11:12:51 +02:00
markuskowa 5ad54b5bc9
Merge pull request #126785 from oxzi/ucarp-1.5.2 
ucarp: init at 1.5.2 / nixos/ucarp: init / nixos/test/ucarp: init
 2021-06-16 10:54:23 +02:00
Sandro b8958bbfa6
Merge pull request #126874 from legendofmiracles/espanso-cleanup 
espanso: add runtime dependencies correctly, nixos/espanso remove path hack
 2021-06-16 03:01:18 +02:00
Martin Weinelt 60c62214f5
nixos/solanum: implement reload and allow config changes 
Reload only works with a static configuration path as there is no way to
pass the dynamically generated config path to a running solanum
instance, therefore we symlink the configuration to
/etc/solanum/ircd.conf.

But that will prevent reloads of the ircd, because the systemd unit
wouldn't change when the configuration changes. That is why we add the
actual location of the config file to restartTriggers and enable
reloadIfChanged, so changes will not restart, but reload on changes.
 2021-06-16 00:19:35 +02:00
Robert Hensing c2c47cc85b
Merge pull request #126922 from hercules-ci/ssh-keys-example 
nixos/ssh: Add an example of verbatim keys
 2021-06-15 21:38:19 +02:00
Alvar Penning 8673a40eda nixos/ucarp: init 2021-06-15 18:13:31 +02:00
Martin Weinelt fb49094c3f
nixos/home-assistant: NixOS is an unsupported installation method 
Trying to steer NixOS users away from reporting bugs to the upstream,
when they don't have the capacity to support bugs that could be the
result of our downstreaming setup.
 2021-06-15 15:31:01 +02:00
Robert Hensing dab747106e nixos/ssh: Document authorizedKeysFiles properly 2021-06-15 12:23:09 +02:00
Robert Hensing 8352cc9a23 nixos/ssh: Add an example of verbatim keys 
This confused someone on SO.
 2021-06-15 11:51:41 +02:00
Pamplemousse 4265efef54 nixos/modules/jenkins: Add option to add CLI 
Signed-off-by: Pamplemousse <xav.maso@gmail.com>
 2021-06-14 20:16:20 -07:00
Bernardo Meurer 2d29f4f2e7
Merge pull request #112971 from lovesegfault/roon-bridge 
roon-bridge: init at 1.8-795
 2021-06-14 19:57:20 -07:00
Aamaruvi Yogamani 358aa90e30
nixos/auto-cpufreq: fix service wantedBy 2021-06-14 20:01:26 -04:00
legendofmiracles 3e7ec42d68
espanso: add runtime dependencies correctly, nixos/espanso remove path hack 2021-06-14 13:09:57 -06:00
github-actions[bot] dbed958bf2
Merge staging-next into staging 2021-06-14 12:04:44 +00:00
Profpatsch 799cdbd834 tailscale: add interfaceName option 
tailscale allows to specify the interface name.
The upstream systemd unit does not expose it directly however, only
via the `FLAGS` environment variable.

I can’t be 100% sure that the escaping is correct, but this is as good
as we can do for now, unless upstream changes their unit file.
 2021-06-14 11:25:08 +02:00
github-actions[bot] 9a860729b2
Merge staging-next into staging 2021-06-14 00:08:51 +00:00
Robert Hensing ab11d2114e
Merge pull request #126680 from roberth/empty 
emptyFile, emptyDirectory: init
 2021-06-13 20:45:21 +02:00
Bernardo Meurer c8f95fd174
nixos.roon-bridge: init 2021-06-13 03:38:42 -07:00
github-actions[bot] de8250217d
Merge staging-next into staging 2021-06-13 00:10:27 +00:00
Sandro 3d6416cc20
nixos/synergy: add encryption support to server (#125002) 
Co-authored-by: Joshua Trees <me@jtrees.io>
 2021-06-12 21:35:04 +02:00
Robert Hensing d48591123f nixos/apache-httpd: Use pkgs.emptyDirectory 2021-06-12 17:28:42 +02:00
github-actions[bot] 8f3ead7190
Merge staging-next into staging 2021-06-11 18:05:09 +00:00
misuzu ad502ab5c5 nixos/sourcehut: automatically build and import qemu image for docker 2021-06-11 11:48:49 -04:00
Domen Kožar 2072bba95d
Merge pull request #125311 from jansol/pipewire 
pipewire: 0.3.27 -> 0.3.30
 2021-06-11 16:48:52 +02:00
Joshua Trees 706ce9e230 nixos/synergy: add encryption support 
Make it possible to use the Synergy server with TLS encryption without
resorting to the GUI.
 2021-06-11 14:52:34 +02:00
github-actions[bot] 8e50248719
Merge staging-next into staging 2021-06-11 12:04:41 +00:00
Maciej Krüger 3f062397a5
x2goserver: fix rename whole module 2021-06-11 09:07:23 +02:00
Maciej Krüger 6dbeea0b40
nixos/x2goserver: put into networking, like xrdp 2021-06-11 08:13:49 +02:00
Maciej Krüger 03071fd5e3
nixos/xrdp: add openFirewall option 2021-06-11 08:13:48 +02:00
Alyssa Ross 926765c5e3
Merge remote-tracking branch 'nixpkgs/staging-next' into staging 
Conflicts:
	pkgs/servers/http/apache-httpd/2.4.nix
 2021-06-11 02:05:00 +00:00
Milan Pässler 55cd291bbd pleroma-otp: remove 2021-06-10 22:53:00 +02:00
Jan Tojnar ba733d435b
Merge branch 'staging-next' into staging 2021-06-10 14:07:45 +02:00
Maciej Krüger c0c34eb757
Merge pull request #125619 from mkg20001/bulky 2021-06-10 08:51:44 +00:00
Vladimír Čunát 2ee781417e
nixos/*: replace alsa* aliases 
The attributes got renamed in PR #126440 and in some places this caused
evaluation errors, e.g. the tarball job was saying (locally)
> attribute 'alsaUtils' missing, at /build/source/nixos/modules/services/audio/alsa.nix:6:4
and I suspect that trunk-combined jobset's failure to evaluate was also caused.
 2021-06-10 09:46:55 +02:00
Maciej Krüger e108e51d25
nixos/desktop-managers/cinnamon: add bulky as default app 2021-06-10 09:38:47 +02:00
Robin Gloster 5a29c4d3bf
Merge pull request #126426 from rnhmjoj/gale 
nixos/gale: remove
 2021-06-09 20:25:49 -05:00
rnhmjoj 336130a90f
nixos/gale: remove 
This should have been removed along the package in 3f7d959.
 2021-06-10 02:33:10 +02:00
Maciej Krüger f4ddc02b0e
nixos/gitlab: add container registry 2021-06-09 23:19:25 +02:00
github-actions[bot] cf8441dd85
Merge staging-next into staging 2021-06-09 18:14:53 +00:00
Jan Solanti c702cc4321 pipewire: 0.3.27 -> 0.3.30 2021-06-09 19:46:51 +03:00
talyz 8f16b16291
gitlab: Make sure the FOSS version isn't identified as EE 2021-06-09 17:50:45 +02:00
Sandro c6a306d19e
Merge pull request #125810 from ElXreno/package-bees-0.6.5 2021-06-09 12:47:33 +02:00
Julien Moutinho b62a093a58 sanoid: fix sanoid.conf generation 2021-06-09 03:25:04 +02:00
Aaron Andersen a0a11fd22c zabbixAgent: add bash to $PATH 2021-06-08 19:42:39 -04:00
Maciej Krüger 7135ac0e00
nixos/gitlab: add extraEnv option 
This allows users to define custom environment variables for gitlab, 
without having to modify the service file directly
 2021-06-08 21:29:18 +02:00
github-actions[bot] e40e33d9d8
Merge staging-next into staging 2021-06-08 18:16:30 +00:00
Kevin Cox af51d70857
nixos/networkmanager: Add connectionConfig. (#118308) 
Adds the `networking.networkmanager.connectionConfig` option which allows setting arbitrary settings inside the `[connection]` section.

This also reworked the underlying representation significantly to be less string-pasting and more semantic. In a future step it probably makes sense to provide raw access to other sections to users rather than replying on `extraConfig`. However I decided to defer this primarily because ordering of sections can matter. (Although IIUC this is only true for different `[connection]` sections). I think in the future we could expose an object where users can define/edit all sections and map the current configuration onto those. For now however only `[connection]` is exposed and the rest are just used internally.
 2021-06-08 11:13:59 -04:00
Florian Klink ea4e8724f8
Merge pull request #122455 from ju1m/davfs2 
nixos/davfs2: wrap {,u}mount.davfs with setuid=true
 2021-06-08 16:22:06 +02:00
Luke Granger-Brown 631250e818
Merge pull request #126075 from rnhmjoj/fixup 
Revert "nixos/wireless: make wireless.interfaces mandatory"
 2021-06-08 14:04:19 +01:00
github-actions[bot] fde4df19f2
Merge staging-next into staging 2021-06-08 12:04:39 +00:00
Robert Hensing 843248d39f
Merge pull request #117379 from hercules-ci/nixos-metricbeat 
nixos/metricbeat: init
 2021-06-08 13:53:20 +02:00
rnhmjoj be01320a6c
nixos/wireless: only warn for no interfaces 
A hard failure breaks the NixOS installer, which can't possibly
know the interface names in advance.
 2021-06-08 07:42:34 +02:00
github-actions[bot] 59ab4de3e0
Merge staging-next into staging 2021-06-08 00:19:01 +00:00
Robin Gloster 218d6c37c8
Merge pull request #126045 from NixOS/jtojnar-patch-1 
nixos/gnome: fix option label
 2021-06-07 15:49:14 -05:00
Ashlynn Anderson 47db174a3c
nixos/self-deploy: make nixAttribute nullable (#125617) 
Allows using a nix file that directly provides the derivation
 2021-06-07 12:44:13 -07:00
rnhmjoj eba5f5c1e5
Revert "nixos/wireless: make wireless.interfaces mandatory" 
This reverts commit 030a521adc.
 2021-06-07 15:55:58 +02:00
talyz 7cc39b13b0
nixos/geoipupdate: Add stricter service security 2021-06-07 14:19:57 +02:00
github-actions[bot] d3f2c41b26
Merge staging-next into staging 2021-06-07 12:15:58 +00:00
talyz 41c82cd570
nixos/geoipupdate: Run the service right away one time 
We don't want to have to wait for the timer to expire for the updater
to make its first run. This adds a timer unit which triggers the
geoipupdate.service unit immediately, but only runs if the configured
DatabaseDirectory doesn't exist yet.
 2021-06-07 13:08:59 +02:00
talyz ba4d2bd03c
nixos/geoipupdate: Create database directory in a separate unit 
The database directory needs to be created before the
geoipupdate.service unit is activated; otherwise, systemd will not be
able to set up the mount namespacing to grant the service read-write
access.
 2021-06-07 13:01:49 +02:00
talyz 41387135dd nixos/grafana: Add error handling to service script 
Without this, the services starts even if files are missing or
prerequisite commands fail, which can lead to incorrect initial
state.
 2021-06-07 18:00:13 +09:00
talyz 98f07d6cc5 nixos/grafana: Filter out duplicate plugins 
If the same plugin appears multiple times in `declarativePlugins`, for
example due to being added both by a module and in user config, the
build fails with an error message similar to

ln: failed to create symbolic link 'grafana-worldmap-panel/glmqcj88zk2bz3mvdr3r7920wxg02qnq-grafana-worldmap-panel-0.3.2': Permission denied

This is solved by removing all duplicates.
 2021-06-07 18:00:13 +09:00
talyz 7cf55d1f4e
nixos/geoipupdate: Add myself to maintainers 2021-06-07 09:44:05 +02:00
talyz 99454b6f77
nixos/geoipupdate: Fix config filename copy-paste fail 2021-06-07 09:29:21 +02:00
github-actions[bot] e218376e4a
Merge staging-next into staging 2021-06-07 06:37:31 +00:00
Jan Tojnar 99fcca7b6b
nixos/gnome: fix option label 
It is no longer GNOME 3.
 2021-06-07 08:34:38 +02:00
Luke Granger-Brown 91fb672b21
Merge pull request #125573 from Flakebi/prometheus-script-exporter 
prometheus-script-exporter: init at 1.2.0
 2021-06-07 01:59:41 +01:00
Flakebi 3bcf4e31ef
nixos/prometheus: add script exporter 2021-06-06 22:42:46 +02:00
Christine Dodrill 2b220cc57b nixos/tailscale: add procps to $PATH 
Currently tailscaled expects `sysctl` (from package procps) to be present
in the path when running on Linux. It can function without the `sysctl`
command present but it prints an error about it. This fixes that error.

    Warning: couldn't check net.ipv4.ip_forward (exec: "sysctl":
        executable file not found in $PATH).

Signed-off-by: Christine Dodrill <me@christine.website>
 2021-06-06 14:17:03 +00:00
github-actions[bot] 385224957b
Merge staging-next into staging 2021-06-06 12:14:34 +00:00
Michele Guerini Rocco 78d9a75d9e
Merge pull request #125288 from rnhmjoj/wpa-race-fix 
nixos/wireless: make wireless.interfaces mandatory
 2021-06-06 10:35:15 +02:00
github-actions[bot] 500db2661d
Merge staging-next into staging 2021-06-06 00:15:23 +00:00
Flakebi 5e5a3c39ed nixos/prometheus: add process exporter 2021-06-06 08:17:25 +09:00
tomberek 157aee00a5
nixos/sourcehut: init (#113244) 
* nixos/sourcehut: init

* sourcehut: default nginx setup

* sourcehut: documentation

* sourcehut: re-structure settings

* sourcehut: tests

* nixos/sourcehut: adopt StateDirectory

* Apply suggestions from code review

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
Co-authored-by: Thibaut Marty <github@thibautmarty.fr>
Co-authored-by: malte-v <34393802+malte-v@users.noreply.github.com>

* nixos/sourcehut: PR suggestions

* nixos/sourcehut: malte-v patch

* nixos/sourcehut: add base virtualhost

* nixos/sourcehut: remove superfluous key

* nixos/sourcehut: use default from cfg

* nixos/sourcehut: use originBase for logs

* nixos/sourcehut: use toPythonApplication in systemPackages

* nixos/sourcehut: directly use ExecStart

* nixos/sourcehut: update docs

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
Co-authored-by: Thibaut Marty <github@thibautmarty.fr>
Co-authored-by: malte-v <34393802+malte-v@users.noreply.github.com>
 2021-06-05 14:42:51 -04:00
github-actions[bot] 0397e518b7
Merge staging-next into staging 2021-06-05 18:30:31 +00:00
Kim Lindberger 0dda2a708f
Merge pull request #125699 from talyz/fix-mysql-alias 
treewide: Fix mysql alias deprecation breakage
 2021-06-05 19:07:35 +02:00
Sandro ef45f53bc9
Merge pull request #106465 from jerith666/globalprotect-vpn 2021-06-05 16:40:21 +02:00
ElXreno 7b9df38982
bees: 0.6.3 -> 0.6.5 
Change-Id: I1866eab9c348d9c10219290ecba698121a32d128
 2021-06-05 17:39:12 +03:00
ElXreno a3fa2cf7c2
bees: nixpkgs-fmt 
Change-Id: If4e9431dad00ffade3316cf22235d8d44d12d149
 2021-06-05 17:39:12 +03:00
Malte Voos f41f456422 nixos/roundcube: Use php74 2021-06-05 15:28:29 +02:00
Robert Hensing 81c8189a84 nixos/postgresqlBackup: Only replace backup when successful 
Previously, a failed backup would always overwrite ${db}.sql.gz,
because the bash `>` redirect truncates the file; even if the
backup was going to fail.
On the next run, the ${db}.prev.sql.gz backup would be
overwritten by the bad ${db}.sql.gz.

Now, if the backup fails, the ${db}.in-progress.sql.gz is in an
unknown state, but ${db}.sql.gz will not be written.
On the next run, ${db}.prev.sql.gz (our only good backup) will
not be overwritten because ${db}.sql.gz does not exist.
 2021-06-05 15:09:27 +02:00
github-actions[bot] d776739d99
Merge staging-next into staging 2021-06-05 06:28:02 +00:00
Jörg Thalheim 6fdb73a3b4
Merge pull request #118801 from Mic92/k3s 
nixos/k3s: improve zfs/docker support
 2021-06-05 07:54:54 +02:00
Jörg Thalheim 03582eb6e3
nixos/k3s: add zfs to path 2021-06-05 07:52:53 +02:00
Jörg Thalheim 7c310e8d28
nixos/k3s: add to environment.systemPackages for adminstration 2021-06-05 07:52:48 +02:00
Pascal Bach b1b9e003dc nixos/minio: credentialfile 2021-06-04 23:27:12 +02:00
talyz 59e0120aa5
treewide: Fix mysql alias deprecation breakage 
62733b37b4 broke evaluation in all
places `pkgs.mysql` was used. Fix this by changing all occurrences to
`pkgs.mariadb`.
 2021-06-04 21:42:08 +02:00
github-actions[bot] c06baac6ff
Merge staging-next into staging 2021-06-04 19:41:02 +00:00
Robert Hensing c586e42763 nixos/postgresqlBackup: Use PATH for readability 2021-06-04 17:49:53 +02:00
Robin Gloster 5433abfd6d
Merge pull request #125483 from Ma27/prometheus-exporter-fixes 
nixos/prometheus-exporters: improve docs & fix rspamd exporter
 2021-06-04 09:10:34 -05:00
github-actions[bot] 0b0d0c21ec
Merge staging-next into staging 2021-06-04 13:00:29 +00:00
Luke Granger-Brown 39e225b0f4 nixos/engelsystem: don't rely on mysql alias 
Since 3edde6562e, we can no longer use
aliases inside the test framework. This has the implication that we can
no longer use aliases in any NixOS modules used by the test framework as
well (which is good), but does mean we need to clean up any instances
where this is the case.
 2021-06-04 08:43:48 +00:00
Maximilian Bosch 951e6988ac
Merge pull request #104543 from chkno/sftpServerExecutable 
nixos/sshd: Option to set the sftp server executable
 2021-06-04 10:16:20 +02:00
github-actions[bot] b511c637c8
Merge staging-next into staging 2021-06-03 19:52:05 +00:00
talyz f5f8341c76
nixos/geoipupdate: Replace the old geoip-updater module 
Our old bespoke GeoIP updater doesn't seem to be working
anymore. Instead of trying to fix it, replace it with the official
updater from MaxMind.
 2021-06-03 20:57:25 +02:00
Bjørn Forsman 4bcb22e17a nixos/jenkins-job-builder: add support for folder jobs 
Add support for folder jobs
(https://plugins.jenkins.io/cloudbees-folder/) by reworking the service
to support nested jobs.

This also fixes this deprecation warning (as a happy side effect):

  WARNING:jenkins_jobs.cli.subcommand.test:(Deprecated) The default output behavior of `jenkins-jobs test` when given the --output flag will change in JJB 3.0. Instead of writing jobs to OUTPUT/jobname; they will be written to OUTPUT/jobname/config.xml. The new behavior can be enabled by the passing `--config-xml` parameter
 2021-06-03 19:29:57 +02:00
github-actions[bot] 25b7ba022b
Merge staging-next into staging 2021-06-03 12:49:14 +00:00
Maximilian Bosch ba9768f314
nixos/mail-exporter: add note about rspamd marking probe mails as spam 2021-06-03 13:10:23 +02:00
Maximilian Bosch 6fb847c556
nixos/dovecot-exporter: fix documentation for old stats 2021-06-03 13:01:11 +02:00
Maximilian Bosch 976d668e5c
nixos/rspamd-exporter: fix metrics 
In 0.3.0 of the json-exporter[1] it was switched to a different jsonpath
library which made some changes - especially for spaces in keys -
necessary. Also I decided to remove the pretty-printed JSON as this
would interfere with the bash quoting too much. If one needs
pretty-printed output, they can still pipe the output to `jq`.

[1] https://github.com/prometheus-community/json_exporter/releases/tag/v0.3.0
 2021-06-03 12:37:48 +02:00
Linus Heckemann 19cd7343fd
Merge pull request #125331 from wentasah/fix-mailman-serivce 
nixos/mailman: Fix mailman-settings.service configuration
 2021-06-03 10:34:45 +02:00
Martin Weinelt 01f8f4f074
nixos/matrix-synapse: allow preloading jemalloc 
This is the default in the upstreams docker image and claims to reduce
memory fragmentation and usage.
 2021-06-03 05:16:45 +02:00
Matt McHenry e2b7cfedd6 globalprotect-openconnect: init at 1.2.6 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>

Co-authored-by: sterni <sternenseemann@systemli.org>
 2021-06-02 19:22:13 -04:00
github-actions[bot] a261aaf9c2
Merge staging-next into staging 2021-06-02 13:08:16 +00:00
Maximilian Bosch cc88797ce0 plausible: minor polishing 2021-06-02 19:21:31 +09:00
Maximilian Bosch 6bc72cdd4a plausiblew: cleanup build & update script 2021-06-02 19:21:31 +09:00
Maximilian Bosch 02b15d0f5b plausible: first review fix iteration 
* Most significant is probably the patching necessary to run plausible
  with postgres without superuser privilege. This change includes:
  * updating ecto_sql to 3.6 where `CREATE DATABASE` is only executed if
    it doesn't exist[1].
  * patching a migration to only modify the `users.email` column (to use
    `citext` rather than creating the extension. `plausible-postgres`
    takes care of that).
* Correctly declare dependencies in systemd.
* A few minor fixes.

[1] 051baf669e
 2021-06-02 19:21:31 +09:00
Maximilian Bosch b06ea1146c plausible: init at 1.3.0 2021-06-02 19:21:31 +09:00
Michal Sojka 2a4755e1d4 nixos/mailman: Fix mailman-settings.service configuration 
Without this change, mailman-settings.service is not guaranteed to
complete before dependent services. This can lead to various errors
like:

    mailman-web-setup.service: Changing to the requested working directory failed: No such file or directory
 2021-06-02 08:20:08 +02:00
rnhmjoj 030a521adc
nixos/wireless: make wireless.interfaces mandatory 
This is the only way to solve issue #101963, for now.
 2021-06-01 23:19:40 +02:00
github-actions[bot] ffe6577d05
Merge staging-next into staging 2021-06-01 20:30:47 +00:00
Jan Tojnar ab0d28758e
Merge pull request #125180 from chpatrick/gnome-flashback-panel-modules 
gnome-flashback: add module support to gnome-panel for installing applets
 2021-06-01 19:34:36 +02:00
Sandro eb5c8e51b7
Merge pull request #124404 from nagy/option-types 2021-06-01 15:12:16 +02:00
Patrick Chilton 6bcd4fe4ef gnome-flashback: add module support to gnome-panel for installing applets 
Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
 2021-06-01 14:04:30 +02:00
Jörg Thalheim 11a38f62f0
k3s: add tokenFile option 
To avoid having secrets in the nix store.
 2021-06-01 13:35:04 +02:00
Jörg Thalheim 852739337b
nixos/k3s: add to environment.systemPackages for adminstration 2021-06-01 13:35:03 +02:00
Jörg Thalheim 846f44e880
Merge pull request #121667 from Mic92/buildkite 
nixos/buildkite-agents: fix race-condition when installing secrets
 2021-06-01 09:31:23 +02:00
rsynnest b562ae6c31 nixos/unifi-video: init at 3.10.13 2021-05-31 16:26:13 -07:00
Maciej Krüger ef555f6a0b
Merge pull request #123426 from mattchrist/brscan5 2021-05-31 17:52:16 +02:00
Robert Hensing 5699d027ec nixos/metricbeat: init 2021-05-31 10:42:08 +02:00
Johannes Schleifenbaum 878103ce55
nixos/trilium: use boolToString for noBackup 2021-05-30 18:16:13 +02:00
Pascal Bach f552bd52b5 nixos/unifi: harden service 
Co-authored-by: Vincent Haupert <mail@vincent-haupert.de>
 2021-05-30 15:14:00 +02:00
Daniel Nagy e57465a617
nixos/monero: set port type to types.port 2021-05-30 14:38:20 +02:00
Daniel Nagy cc5517da4c
nixos/gitlab: set port type to types.port 2021-05-30 14:38:20 +02:00
Daniel Nagy 8e760f4858
nixos/matrix-synapse: set port type to types.port 2021-05-30 14:38:19 +02:00
Daniel Nagy 65b32a0afe
nixos/syncserver: set port type to types.port 2021-05-30 14:38:19 +02:00
Daniel Nagy 048c45679f
nixos/gitDaemon: set port type to types.port 2021-05-30 14:38:19 +02:00
Daniel Nagy 0cde374a76
nixos/redis: set port type to types.port 2021-05-30 14:38:19 +02:00
Daniel Nagy 73f9c29a2c
nixos/discourse: set port type to types.port 2021-05-30 14:38:18 +02:00
Daniel Nagy 137924cc96
nixos/terraria: adapt option types 2021-05-30 14:38:18 +02:00
Daniel Nagy 941fd008ed
nixos/lighttpd: set port type to types.port 2021-05-30 14:38:18 +02:00
Daniel Nagy a5321aecfb
nixos/darkhttpd: set port type to types.port 2021-05-30 14:38:18 +02:00
markuskowa f188138af3
Merge pull request #124181 from pmenke-de/sdrplay 
sdrplay: init at 3.07.1
 2021-05-29 22:21:10 +02:00
Martin Weinelt ee8cf6a664
Merge pull request #124839 from mweinelt/wordpress/secret-key-regen 
nixos/wordpress: regenerate secret keys if misspelled key name is found
 2021-05-29 22:13:03 +02:00
Marc 'risson' Schmitt 6b12cff0b5
nixos/unbound: fix define-tag option 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2021-05-29 18:00:44 +02:00
Martin Weinelt 724ed08df0
nixos/wordpress: regenerate secret keys if misspelled key name is found 
A secret key generated by the nixos module was misspelled, which could
possibly impact the security of session cookies.

To recover from this situation we will wipe all security keys that were
previously generated by the NixOS module, when the misspelled one is
found. This will result in all session cookies being invalidated. This
is confirmed by the wordpress documentation:

> You can change these at any point in time to invalidate all existing
> cookies. This does mean that all users will have to login again.

https://wordpress.org/support/article/editing-wp-config-php/#security-keys

Meanwhile this issue shouldn't be too grave, since the salting function
of wordpress will rely on the concatenation of both the user-provided
and automatically generated values, that are stored in the database.

> Secret keys are located in two places: in the database and in the
> wp-config.php file. The secret key in the database is randomly
> generated and will be appended to the secret keys in wp-config.php.

https://developer.wordpress.org/reference/functions/wp_salt/

Fixes: 2adb03fdae ("nixos/wordpress:
generate secrets locally")

Reported-by: Moritz Hedtke <Moritz.Hedtke@t-online.de>
 2021-05-29 04:24:42 +02:00
Matt Christ dd54ac5648 brscan5: simplify mkEnableOption 2021-05-28 20:55:55 -05:00
Niklas Hambüchen d344dccf3d nixos/wireguard: Remove .path systemd unit for privkey. Fixes #123203 
As per `man systemd.path`:

> When a service unit triggered by a path unit terminates
> (regardless whether it exited successfully or failed),
> monitored paths are checked immediately again,
> **and the service accordingly restarted instantly**.

Thus the existence of the path unit made it impossible to stop the
wireguard service using e.g.

    systemctl stop wireguard-wg0.service

Systemd path units are not intended for program inputs such
as private key files.
This commit simply removes this usage; the private key is still
generated by the `generateKeyServiceUnit`.
 2021-05-28 17:44:19 -07:00
talyz cb80b67993 nixos/discourse: Assert deployed PostgreSQL version 
Assert that the PostgreSQL version being deployed is the one used
upstream. Allow the user to override this assertion, since it's not
always possible or preferable to use the recommended one.
 2021-05-28 17:43:02 -07:00
talyz 1f6b48be74 discourse: 2.6.5 -> 2.7.0 2021-05-28 17:43:02 -07:00
pmenke 9e0ed182aa
sdrplay: init at 3.07.1 
this adds support for software defined radio (SDR) devices by SDRplay.
SDRplay provides an unfree binary library and api-service as well
as a MIT licensed adapter library for SoapySDR for integration
with many popular SDR applications.
 2021-05-28 15:40:04 +02:00
Jan Tojnar b2f86e6662
nixos/gnome: Do not enable metacity by default 
Did not realize this is not conditional on gnome-flashback being enabled.

Partially reverts https://github.com/NixOS/nixpkgs/pull/113957
 2021-05-28 14:57:36 +02:00
Jan Tojnar e923fc2d2b
Merge pull request #113957 from chpatrick/gnome-flashback-panel-fix 
gnome-flashback: add option to remove gnome-panel, auto-generate wmName
 2021-05-28 13:32:22 +02:00
Patrick Chilton 424cd7d999 gnome-flashback: add option to remove gnome-panel, auto-generate wmName 2021-05-28 13:10:17 +02:00
Domen Kožar b72c2d3806
duplicati: 2.0.5.1 -> 2.0.6.1, fix nixos module 2021-05-28 10:33:53 +02:00
David Arnold 13750b25a5 kubernetes: fix generated kubeconfig 
The absence of current-context in the right place resulted in obscure
bugs. The reason this has not been detected before can only be that
it was unused.
 2021-05-26 23:39:48 -07:00
Sandro 5619e3eb35
Merge pull request #124147 from superherointj/package-firebird-v4.0.0 2021-05-27 05:13:50 +02:00
Sandro 5584b49a46
Merge pull request #123363 from FliegendeWurst/trilium-update-0.47.3 2021-05-27 04:52:55 +02:00
Matt Christ c92404dc69 brscan5: update example to be supported model 2021-05-25 19:14:18 -05:00
Martin Weinelt fcd6d0bc14
Merge pull request #124263 from Lassulus/solanum3 
solanum: remove obsolete BANDB settings/patches
 2021-05-25 20:51:32 +02:00
Sandro Jäckel 140828ce38
nixos/kresd: tell resolveconf to use local resolver 2021-05-25 16:37:00 +02:00
Niklas Hambüchen 83a8acc392
Merge pull request #121331 from nh2/wireguard-dynamicEndpointRefreshSeconds 
nixos/wireguard: Add `dynamicEndpointRefreshSeconds` option
 2021-05-24 21:49:05 +02:00
lassulus 8eb5701aaf solanum: remove obsolete BANDB settings/patches 2021-05-24 15:49:57 +02:00
Naïm Favier 821ca7d4cc
nixos/nginx: add option rejectSSL exposing ssl_reject_handshake 2021-05-24 15:10:09 +02:00
regnat 113823669b Revert "nixos/nix-daemon: fix sandbox-paths option" 
This reverts commit aeeee447bc.
 2021-05-24 10:51:02 +02:00
FliegendeWurst b9e2b878c5 nixos/trilium-server: noBackup option 2021-05-24 09:55:49 +02:00
FliegendeWurst 7cb492fb13 nixos/trilium-server: add myself as maintainer 2021-05-24 09:55:49 +02:00
Ivan Kozik d95960e275 nixos/bitwarden_rs: fix startup on 32 thread machines 
LimitNPROC=64 is too low for bitwarden_rs to start on a 32 thread machine.
Remove the limit.

This fixes:

```
bitwarden_rs[38701]: /--------------------------------------------------------------------\
bitwarden_rs[38701]: |                       Starting Bitwarden_RS                        |
bitwarden_rs[38701]: |--------------------------------------------------------------------|
bitwarden_rs[38701]: | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
bitwarden_rs[38701]: | official channels to report bugs/features, regardless of client.   |
bitwarden_rs[38701]: | Send usage/configuration questions or feature requests to:         |
bitwarden_rs[38701]: |   https://bitwardenrs.discourse.group/                             |
bitwarden_rs[38701]: | Report suspected bugs/issues in the software itself at:            |
bitwarden_rs[38701]: |   https://github.com/dani-garcia/bitwarden_rs/issues/new           |
bitwarden_rs[38701]: \--------------------------------------------------------------------/
bitwarden_rs[38701]: [INFO] No .env file found.
bitwarden_rs[38701]: [2021-05-24 03:34:41.121][bitwarden_rs::api::core::sends][INFO] Initiating send deletion
bitwarden_rs[38701]: [2021-05-24 03:34:41.122][start][INFO] Rocket has launched from http://127.0.0.1:8222
bitwarden_rs[38701]: [2021-05-24 03:34:41.126][panic][ERROR] thread 'unnamed' panicked at 'failed to spawn thread: Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }': /build/rustc-1.52.1-src/library/std/src/thread/mod.rs:620
bitwarden_rs[38701]:    0: bitwarden_rs::init_logging::{{closure}}
bitwarden_rs[38701]:    1: std::panicking::rust_panic_with_hook
bitwarden_rs[38701]:    2: std::panicking::begin_panic_handler::{{closure}}
bitwarden_rs[38701]:    3: std::sys_common::backtrace::__rust_end_short_backtrace
bitwarden_rs[38701]:    4: rust_begin_unwind
bitwarden_rs[38701]:    5: core::panicking::panic_fmt
bitwarden_rs[38701]:    6: core::result::unwrap_failed
bitwarden_rs[38701]:    7: hyper::server::listener::spawn_with
bitwarden_rs[38701]:    8: hyper::server::listener::ListenerPool<A>::accept
bitwarden_rs[38701]:    9: std::sys_common::backtrace::__rust_begin_short_backtrace
bitwarden_rs[38701]:   10: core::ops::function::FnOnce::call_once{{vtable.shim}}
bitwarden_rs[38701]:   11: std::sys::unix:🧵:Thread:🆕:thread_start
bitwarden_rs[38701]:   12: start_thread
bitwarden_rs[38701]:   13: __GI___clone
bitwarden_rs[38701]: [2021-05-24 03:34:41.126][panic][ERROR] thread 'main' panicked at 'internal error: entered unreachable code: the call to `handle_threads` should block on success': /build/bitwarden_rs-1.20.0-vendor.tar.gz/rocket/src/rocket.rs:751
bitwarden_rs[38701]:    0: bitwarden_rs::init_logging::{{closure}}
bitwarden_rs[38701]:    1: std::panicking::rust_panic_with_hook
bitwarden_rs[38701]:    2: std::panicking::begin_panic_handler::{{closure}}
bitwarden_rs[38701]:    3: std::sys_common::backtrace::__rust_end_short_backtrace
bitwarden_rs[38701]:    4: rust_begin_unwind
bitwarden_rs[38701]:    5: core::panicking::panic_fmt
bitwarden_rs[38701]:    6: rocket:🚀:Rocket::launch
bitwarden_rs[38701]:    7: bitwarden_rs::main
bitwarden_rs[38701]:    8: std::sys_common::backtrace::__rust_begin_short_backtrace
bitwarden_rs[38701]:    9: std::rt::lang_start::{{closure}}
bitwarden_rs[38701]:   10: std::rt::lang_start_internal
bitwarden_rs[38701]:   11: main
```
 2021-05-24 04:36:17 +00:00
Sandro Jäckel 0724518919
nixos/prometheus: init pihole-exporter 2021-05-24 04:05:59 +02:00
José Romildo Malaquias de84bd18d7
Merge pull request #121031 from romildo/fix.lxqt 
lxqt: does not explicitly require gvfs package
 2021-05-23 15:06:55 -03:00
Guillaume Girol 8fe0143d88 nixos: add option to load wireless regulatory database as firmware 
use it when networkmanager or wpa_supplicant is enabled.

fixes #57053
fixes "Direct firmware load for regulatory.db failed with error -2"
in dmesg

Note that all kernels on unstable are newer that 4.15, which is required
for this to work.
 2021-05-23 19:49:05 +02:00
superherointj 97d9e7849b nixos/firebird: updated firebird package 2021-05-23 10:53:00 -03:00
Matt Christ 14bf8f109b fix brscan5 config generation 
before this, the config utility was unable to locate the models folder
update tests to use a compatible model
 2021-05-23 08:08:31 -05:00
Jonathan Ringer 11a9ac00fc
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
 pkgs/tools/networking/xh/default.nix
 2021-05-22 18:19:10 -07:00
Martin Weinelt 84f649f693
Merge pull request #121626 from mweinelt/botamusique 2021-05-23 02:02:09 +02:00
Martin Weinelt 59e5ff4b29
nixos/botamusique: init 2021-05-23 01:01:51 +02:00
Jan Tojnar aea7b5f08e
Merge pull request #124073 from mkg20001/cinnamonpolkit 
nixos/cinnamon: add polkit_gnome to fix #124062
 2021-05-23 00:21:28 +02:00
Jan Tojnar 141e85cc69
Merge pull request #124056 from mkg20001/cinnamonlocale 
nixos/cinnamon: add cinnamon-translations to systemPackages
 2021-05-23 00:21:11 +02:00
Maciej Krüger eca2b05354
nixos/cinnamon: add cinnamon-translations to systemPackages 
This allows other cinnamon applications to use the locales

Without this the cinnamon UI is not properly translated
 2021-05-22 23:59:33 +02:00
Maciej Krüger 8664c2c743
nixos/cinnamon: add polkit_gnome to fix #124062 2021-05-22 23:58:06 +02:00
Maximilian Bosch 278bcdce1f
Merge pull request #123941 from mweinelt/matrix-synapse 
nixos/matrix-synapse: protect created files
 2021-05-22 22:20:16 +02:00
Martin Weinelt 79e675444c
nixos/matrix-synapse: protect created files 
Enforce UMask on the systemd unit to restrict the permissions of files
created. Especially the homeserver signing key should not be world
readable, and media is served through synapse itself, so no other user
needs access to these files.

Use a prestart chmod to fixup the permissions on the signing key.
 2021-05-22 20:30:49 +02:00
Sandro 7be85b5090
Merge pull request #104420 from danielfullmer/syncoid-perm-fix 2021-05-22 17:57:56 +02:00
Kira Bruneau b6e764bd68 nixos/replay-sorcery: add module 2021-05-22 10:54:24 -04:00
Domen Kožar fdd42cb68c
Merge pull request #123211 from mdevlamynck/pipewire-plasma-pa 
nixos/plasma5: also add plasma-pa when using pipewire with pulseaudio support
 2021-05-22 15:20:50 +02:00
github-actions[bot] 563389a7fd
Merge master into staging-next 2021-05-22 12:27:09 +00:00
sohalt be01cb8b97 nixos/spacenavd: run as user service 2021-05-22 12:48:12 +02:00
Domen Kožar 3a28f72e7b
Merge pull request #123970 from kisik21/nix-fix-sandbox-paths 
nixos/nix-daemon: fix sandbox-paths option
 2021-05-22 12:05:11 +02:00
Vika aeeee447bc
nixos/nix-daemon: fix sandbox-paths option 
In newer versions of Nix (at least on 2.4pre20201102_550e11f) the
`extra-` prefix for config options received a special meaning and the
option `extra-sandbox-paths` isn't recognized anymore. This commit fixes
it.

It doesn't cause a behavior change when using older versions of Nix but
does cause an extra newline to appear in the config, thus changing the
hash.
 2021-05-22 05:14:56 +00:00
github-actions[bot] 901fb5e64e
Merge master into staging-next 2021-05-22 00:56:03 +00:00
Martin Weinelt 71fb79ee6b
Merge pull request #123828 from Lassulus/solanum2 
nixos/solanum: init
 2021-05-21 23:23:01 +02:00
Maximilian Bosch a2379c69a4
Merge pull request #122833 from helsinki-systems/feat/prometheus-metric-relabel 
nixos/prometheus: Add support for metric relabeling
 2021-05-21 23:13:41 +02:00
lassulus 48c16e48aa nixos/solanum: init 2021-05-21 23:06:38 +02:00
Maximilian Bosch 5dbd28d754
Merge pull request #123009 from deviant/fix-mailman-doc-links 
nixos/mailman: fix documentation option links
 2021-05-21 22:00:47 +02:00
Matt Christ a9b7300f6f brscan5: init at 1.2.6-0 2021-05-21 12:59:30 -05:00
Jonathan Ringer 5cd5b9b97f
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
 pkgs/development/tools/kubie/default.nix
 2021-05-21 10:39:34 -07:00
eyJhb 6000f420e8
nixos/znc: fixed chown not working after hardening (#123883) 2021-05-21 19:07:53 +02:00
Elis Hirwing e9cca93bf9
Merge pull request #121778 from talyz/keycloak-security 
nixos/keycloak: Security fixes + misc
 2021-05-21 16:55:26 +02:00
Kerstin Humm 224df6940f nixos/mastodon: use rails command instead of rake 
Co-Authored-By: Izorkin <izorkin@elven.pw>
 2021-05-21 15:04:12 +02:00
github-actions[bot] 929b12e7b5
Merge master into staging-next 2021-05-21 12:28:43 +00:00
ajs124 c455f3ccaf
Merge pull request #123084 from Yarny0/hylafax 
hylafaxplus & nixos/hylafax: small improvements
 2021-05-21 14:20:57 +02:00
talyz ba00b0946e
nixos/keycloak: Split certificatePrivateKeyBundle into two options 
Instead of requiring the user to bundle the certificate and private
key into a single file, provide separate options for them. This is
more in line with most other modules.
 2021-05-21 13:09:38 +02:00
talyz dbf91bc2f1
nixos/keycloak: keycloak.database* -> keycloak.database.* 
Move all database options to their own group / attribute. This makes
the configuration clearer and brings it in line with most other modern
modules.
 2021-05-21 13:09:32 +02:00
talyz 83e406e97a
nixos/keycloak: frontendUrl always needs to be suffixed with / 
In some places, Keycloak expects the frontendUrl to end with `/`, so
let's make sure it always does.
 2021-05-21 13:09:25 +02:00
talyz 58614f8416
nixos/keycloak: Add myself to maintainers 2021-05-21 13:09:19 +02:00
talyz d748c86389
nixos/keycloak: Improve readablility by putting executables in PATH 2021-05-21 13:09:14 +02:00
talyz 8309368e4c
nixos/keycloak: Set umask before copying sensitive files 
`install` copies the files before setting their mode, so there could
be a breif window where the secrets are readable by other users
without a strict umask.
 2021-05-21 13:09:09 +02:00
talyz c2bebf4ee2
nixos/keycloak: Improve bash error handling 2021-05-21 13:09:03 +02:00
talyz d6727d28e1
nixos/keycloak: Set the postgresql database password securely 
Feeding `psql` the password on the command line leaks it through the
`psql` process' `/proc/<pid>/cmdline` file. Using `echo` to put the
command in a file and then feeding `psql` the file should work around
this, since `echo` is a bash builtin and thus shouldn't spawn a new
process.
 2021-05-21 13:08:53 +02:00
Jonathan Ringer 6b15fdce86
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
 pkgs/shells/ion/default.nix
 pkgs/tools/misc/cicero-tui/default.nix
 2021-05-20 22:11:42 -07:00
legendofmiracles af0a54285e nixos/terraria: open ports in the firewall 2021-05-20 12:11:08 -07:00
Guillaume Girol 0d5fa1cff3
Merge pull request #120622 from symphorien/duplicity-master 
nixos/duplicity: enable to prevent backup from growing infinitely
 2021-05-20 19:00:59 +00:00
Jonas Chevalier 30c021fa15
Merge pull request #123744 from hercules-ci/init-ghostunnel 
ghostunnel: init
 2021-05-20 20:58:41 +02:00
Jonathan Ringer 14f3686af1
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  pkgs/applications/terminal-emulators/alacritty/default.nix
  pkgs/servers/clickhouse/default.nix
 2021-05-20 09:12:42 -07:00
Emery Hemingway 520b4a8496 nixos: convert netatalk to settings-style configuration 
Also, set StateDirectory in systemd.….serviceConfig.
 2021-05-20 17:39:28 +02:00
Robert Hensing dc9cb63de4 nixos/ghostunnel: init 2021-05-20 10:41:52 +02:00
Christoph Hrdinka 57acb6f9f7
Merge pull request #123598 from pschyska/master 
nixos/nsd: make nsd-checkconf work when configuration contains keys (#118140)
 2021-05-20 10:41:30 +02:00
Maximilian Bosch 3f3cec6d9e clickhouse: 20.11.4.13-stable -> 21.3.11.5-lts 
Failing Hydra build: https://hydra.nixos.org/build/143269865
ZHF #122042
 2021-05-19 14:08:46 -07:00
Gabriel Gonzalez 8e9d803bac
Fix description for services.kubernetes.addonManager.enable (#71448) 
`mkEnableOption` already prefixes the description with
"Whether to enable"
 2021-05-19 13:49:27 -07:00
Jonathan Ringer c1f8a15dac
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  nixos/doc/manual/release-notes/rl-2105.xml
  pkgs/tools/security/sequoia/default.nix
 2021-05-19 10:39:54 -07:00
Paul Schyska 69202853ea
nixos/nsd: make nsd-checkconf work when configuration contains keys 2021-05-19 18:21:10 +02:00
Martin Weinelt 446c97f96f
Merge pull request #123355 from Ma27/bump-matrix-synapse 2021-05-19 18:12:14 +02:00
Jan Tojnar a858f1a90d
Merge pull request #123507 from jtojnar/no-flatpak-guipkgs 
nixos/flatpak: Remove `guiPackages` internal option
 2021-05-19 16:33:56 +02:00
Guillaume Girol 41c7fa448f nixos/duplicity: add options to exercise all possible verbs 
except restore ;)
 2021-05-19 12:00:00 +00:00
Michele Guerini Rocco 376eabdac3
Merge pull request #123254 from rnhmjoj/ipsec 
libreswan: 3.2 -> 4.4
 2021-05-19 13:36:04 +02:00
talyz 380b52c737
nixos/keycloak: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:28 +02:00
talyz 88b76d5ef9
nixos/mpd: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead.
 2021-05-19 09:32:22 +02:00
talyz 3a29b7bf5b
nixos/mpdscribble: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:17 +02:00
talyz 7842e89bfc
nixos/gitlab: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:12 +02:00
talyz 38398fade1
nixos/discourse: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:06 +02:00
Aaron Andersen 58ddbfa71d
Merge pull request #118395 from jwygoda/grafana-google-oauth2 
grafana: add google oauth2 config
 2021-05-18 23:11:24 -04:00
github-actions[bot] 7000ae2b9a
Merge master into staging-next 2021-05-19 00:55:36 +00:00
Martin Weinelt a8f71f069f
Merge pull request #123006 from mweinelt/postgresqlbackup-startat 
nixos/postgresqlBackup: allow defining multiple times to start at
 2021-05-19 01:54:38 +02:00
Martin Weinelt 4c798857e2
Merge pull request #100274 from hax404/prometheus-xmpp-alerts 2021-05-19 01:36:28 +02:00
Georg Haas 03c092579a
prometheus-xmpp-alerts: apply RFC 42 2021-05-19 01:08:38 +02:00
Jonathan Ringer ca46ad3762
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  pkgs/tools/package-management/cargo-release/default.nix
 2021-05-18 11:03:38 -07:00
Pamplemousse 037e51702e
nixos/services/foldingathome: Add an option to set the "nice level" (#122864) 
Signed-off-by: Pamplemousse <xav.maso@gmail.com>
 2021-05-18 18:44:52 +02:00
Maciej Krüger 7458dcd956
Merge pull request #75242 from mkg20001/cjdns-fix 
services.cjdns: add missing, optional login & peerName attribute
 2021-05-18 18:22:29 +02:00
Jonathan Ringer f7a112f6c4
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  pkgs/applications/graphics/emulsion/default.nix
  pkgs/development/tools/misc/texlab/default.nix
  pkgs/development/tools/rust/bindgen/default.nix
  pkgs/development/tools/rust/cargo-udeps/default.nix
  pkgs/misc/emulators/ruffle/default.nix
  pkgs/tools/misc/code-minimap/default.nix
 2021-05-18 08:57:16 -07:00
Robert Schütz d189df235a
Merge pull request #122241 from dotlambda/znc-harden 
nixos/znc: harden systemd unit
 2021-05-18 17:44:14 +02:00
Maciej Krüger 7409f9bab3
services.cjdns: add missing, optional login & peerName attribute 2021-05-18 17:39:04 +02:00
Ashlynn Anderson 903665f31c
nixos/self-deploy: init (#120940) 
Add `self-deploy` service to facilitate continuous deployment of NixOS
configuration from a git repository.
 2021-05-18 08:29:37 -07:00
Jan Tojnar 1b1faeb2db
Merge pull request #86288 from worldofpeace/gnome-doc 
nixos/gnome3: add docs
 2021-05-18 14:19:33 +02:00
Jan Tojnar ed47351533
nixos/flatpak: Remove guiPackages internal option 
It was basically just a `environment.systemPackages` synonym,
only GNOME used it, and it was stretching the responsibilities
of the flatpak module too far.

It also makes it cleaner to avoid installing the program
using GNOME module’s `excludePackages` option.

Partially reverts: https://github.com/NixOS/nixpkgs/pull/101516
Fixes: https://github.com/NixOS/nixpkgs/issues/110310
 2021-05-18 14:06:23 +02:00
rnhmjoj 1a4db01c84
nixos/libreswan: update for version 4.x 
- Use upstream unit files
- Remove deprecated config options
- Add option to disable redirects
- Add option to configure policies
 2021-05-18 08:13:36 +02:00
Jonathan Ringer c227fb4b17
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
	pkgs/development/tools/rust/cargo-cache/default.nix
	pkgs/development/tools/rust/cargo-embed/default.nix
	pkgs/development/tools/rust/cargo-flash/default.nix
	pkgs/servers/nosql/influxdb2/default.nix
 2021-05-17 07:01:38 -07:00
Robert Schütz a22ebb6d6d
Merge pull request #123017 from DavHau/davhau-scikitlearn 
python3Packages.scikitlearn: rename to scikit-learn
 2021-05-17 15:13:33 +02:00
Maximilian Bosch 2addab5fd6
nixos/matrix-synapse: room_invite_state_types was deprecated and room_prejoin_state is used now 
See https://github.com/matrix-org/synapse/blob/release-v1.34.0/UPGRADE.rst#upgrading-to-v1340
 2021-05-17 13:45:28 +02:00
Jörg Thalheim b900661f6e
Merge pull request #122825 from Izorkin/update-duplicates-systemcallfilters 
treewide: remove duplicates SystemCallFilters
 2021-05-17 12:06:06 +01:00
DavHau cd8f3e6c44 python3Packages.scikitlearn: rename to scikit-learn 2021-05-17 17:41:36 +07:00
Richard Marko 16b0f07890 nixos/nginx: fix comment about acme postRun not running as root 
As of 67a5d66 this is no longer true, since acme postRun runs as root.
The idea of the service is good so reword a comment a bit.
 2021-05-17 18:03:04 +09:00
Richard Marko 7423afb5e4 nixos/molly-brown: fix description of certPath 
`allowKeysForGroup` is no longer available so this drops

```
security.acme.certs."example.com".allowKeysForGroup = true;
```

line. `SupplementaryGroups` should be enough for
allowing access to certificates.
 2021-05-17 18:03:04 +09:00
Richard Marko 29158fc0ac nixos/postgresql: fix description of ensureUsers.ensurePermissions 
`attrName` and `attrValue` are now in correct order.
 2021-05-17 18:03:04 +09:00
Evils 7641769055 nixos/fancontrol: back to running as root 
regular users don't have write access to /sys/devices
  which is where the kernel endpoints are to control fan speed
 2021-05-17 00:00:01 -07:00
github-actions[bot] 3ff6965554
Merge master into staging-next 2021-05-17 06:22:23 +00:00
Jonathan Ringer d8e62d8e41
Merge remote-tracking branch 'origin/master' into staging-next 
Fix cargo-flash build
 2021-05-16 18:27:14 -07:00
Sandro ec1dd62608
Merge pull request #118521 from SuperSandro2000/nginx-proxy-timeout 
nixos/nginx: add option to change proxy timeouts
 2021-05-17 03:15:54 +02:00
Sandro 700942d2a5
Merge pull request #121119 from SuperSandro2000/remove-gnidorah 
treewide: remove gnidorah
 2021-05-17 02:42:24 +02:00
Sandro Jäckel 51166f90c6
nixos/nginx: add option to change proxy timeouts 2021-05-17 02:37:44 +02:00
Martin Weinelt 7bd65d54f7 treewide: remove nand0p as maintainer 
While looking at the sphinx package I noticed it was heavily
undermaintained, which is when we noticed nand0p has been inactive for
roughly 18 months. It is therefore prudent to assume they will not be
maintaining their packages, modules and tests.

- Their last contribution to nixpkgs was in 2019/12
- On 2021/05/08 I wrote them an email to the address listed in the
  maintainer-list, which they didn't reply to.
 2021-05-17 01:50:49 +02:00
Aaron Andersen 21f5dd5c6e
Merge pull request #122647 from onny/caddy 
nixos/caddy: support user and group options
 2021-05-16 17:23:57 -04:00
Johan Thomsen 2142f88526 nixos/containerd: sanitize StateDirectory and RuntimeDirectory 2021-05-17 06:17:18 +10:00
Niklas Hambüchen 357cf46c8d wireguard module: Add dynamicEndpointRefreshSeconds option. 
See for an intro:
https://wiki.archlinux.org/index.php/WireGuard#Endpoint_with_changing_IP
 2021-05-16 20:11:51 +02:00
Matthias Devlamynck 2a217314f2 nixos/plasma5: also add plasma-pa when using pipewire with pulseaudio support 2021-05-16 10:51:11 +02:00
github-actions[bot] c10600230e
Merge staging-next into staging 2021-05-15 18:30:31 +00:00
github-actions[bot] f1b78f8618
Merge master into staging-next 2021-05-15 18:30:28 +00:00
Jonathan Ringer 5a6540c49c nixos/factorio: update admin setting 2021-05-15 09:04:35 -07:00
Jonas Heinrich fff9cf00fd caddy: support user and group options 2021-05-15 10:32:49 +02:00
github-actions[bot] 78ae7ac75e
Merge staging-next into staging 2021-05-15 06:22:25 +00:00
github-actions[bot] c48794dcef
Merge master into staging-next 2021-05-15 06:22:22 +00:00
Aaron Andersen fc63be7ac8
Merge pull request #122658 from aanderse/httpd-reload 
nixos/httpd: provide a stable path stable path to the configuration f…
 2021-05-14 23:50:43 -04:00
Yarny0 c2af1ff281 nixos/hylafax: enable ProtectKernelLogs for most services 
Also document that `ProtectClock` blocks access to serial line.
I couldn't found out why this is the case,
but faxgetty complains about the device file
not being accessible with `ProtectClock=true`.
 2021-05-14 22:55:50 +02:00
Vladimír Čunát c48eaa70e3
Merge branch 'master' into staging-next 2021-05-14 22:27:34 +02:00
Martin Weinelt 21746a7c80
nixos/postgresqlBackup: allow defining multiple times to start at 
Or … none! Because forcing a string always results in an OnCalender=
setting, but an empty string leads to an empty value.

>  postgresqlBackup-hass.timer: Timer unit lacks value setting. Refusing.

or

> postgresqlBackup-miniflux.timer: Cannot add dependency job, ignoring: Unit postgresqlBackup-miniflux.timer has a bad unit file setting.

I require the postgresqlBackup in my borgbackup unit, so I don't
strictly need the timer and could previously set it to an empty list.
 2021-05-14 20:41:08 +02:00
V f4c5ebea50 nixos/mailman: fix documentation option links 2021-05-14 18:33:24 +02:00
Robert Schütz e611d663f4
Merge pull request #120440 from dotlambda/radicale-settings 
nixos/radicale: add settings option
 2021-05-14 15:37:26 +02:00
WilliButz 94b2848559
Merge pull request #91663 from mweinelt/kea-exporter 
prometheus-kea-exporter: init at 0.4.1
 2021-05-14 14:38:08 +02:00
zowoq 004f8cd986 Merge staging-next into staging 2021-05-14 16:32:43 +10:00
Yarny0 4415846d5c nixos/hylafax: use runtimeShell where possible 
According to
https://github.com/NixOS/nixpkgs/pull/84556
this effort helps with cross-compilation.

This commit also renames a substituted variable `hylafax`
to `hylafaxplus` to permit substitution with `inherit`.
 2021-05-14 05:42:18 +02:00
Yarny0 89df33f882 nixos/hylafax: replace a nested expression with lib.pipe 
This avoids a tripple-nested function call,
and it looks slightly simpler (at least to me).
 2021-05-14 05:42:18 +02:00
Yarny0 449647daf5 nixos/hylafax: use lib.types.ints.positive 
I haven't realized earlier that there is
already an option type for postive integers.
 2021-05-14 05:42:17 +02:00
github-actions[bot] bf5d8bb531
Merge master into staging-next 2021-05-14 00:58:11 +00:00
Maximilian Bosch bfd4c121ff
Merge pull request #122637 from mayflower/prometheus-2.26.0 
Prometheus 2.26.0 + exporter updates
 2021-05-13 23:05:29 +02:00
Janne Heß 672e64701c
nixos/prometheus: Add support for metric relabeling 2021-05-13 15:59:46 +02:00
Izorkin feebe402f5
treewide: remove duplicates SystemCallFilters 2021-05-13 15:44:56 +03:00
Martin Weinelt bc4a80979b
nixos/prometheus-kea-exporter: init 2021-05-12 21:51:44 +02:00
github-actions[bot] b057978bb2
Merge staging-next into staging 2021-05-12 18:32:29 +00:00
github-actions[bot] f214722172
Merge master into staging-next 2021-05-12 18:32:26 +00:00
midchildan 6567031111
nixos/mirakurun: add polkit rule for smart card access (#122066) 
Fixes #122039
 2021-05-12 13:57:49 -04:00
Aaron Andersen f20aa073e1 nixos/httpd: provide a stable path stable path to the configuration file for reloads 2021-05-11 22:36:55 -04:00
Robin Gloster 9438b12f99
prometheus-collectd-exporter: fix options for new version 2021-05-11 17:57:46 -05:00
Robin Gloster b2956ce654
prometheus-bind-exporter: fix options for new version 2021-05-11 17:57:46 -05:00
Robin Gloster da85657a6c
prometheus-rspamd-exporter: fix for new json exporter syntax 2021-05-11 17:57:46 -05:00
Thomas Tuegel 799f351997
KDE Applications 20.12.3 -> KDE Gear 21.04.0 2021-05-11 12:14:58 -05:00
Jan Tojnar 8380ceb766
nixos/gnome: Allow disabling sysprof 2021-05-11 18:11:01 +02:00
worldofpeace 8ad5d65d09
nixos/gnome: add user docs 
Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
 2021-05-11 18:10:53 +02:00
github-actions[bot] 1e7a48b474
Merge master into staging-next 2021-05-11 12:24:28 +00:00
Tom 33a4c43126
nixos/tor: fix HidServAuth (#122439) 
* add an example for services.tor.settings.HidServAuth

* fix HidServAuth validation to require ".onion"
  Per https://manpages.debian.org/testing/tor/torrc.5.en.html :
  > Valid onion addresses contain 16 characters in a-z2-7 plus ".onion"
 2021-05-11 10:10:32 +02:00
github-actions[bot] 10e16ec9ab
Merge master into staging-next 2021-05-11 06:20:33 +00:00
Jörg Thalheim 8af4bf61fd
Merge pull request #122423 from Izorkin/update-netdata 
nixos/netdata: update configuration
 2021-05-11 06:07:48 +01:00
github-actions[bot] 49b8e6f7d4
Merge master into staging-next 2021-05-11 00:48:15 +00:00
Robert Schütz 7217b2d85e
Merge pull request #121785 from dotlambda/dendrite-rename 
matrix-dendrite: rename to dendrite
 2021-05-10 23:30:12 +02:00
Joe DeVivo bf92d0ec37 nixos/ssm-agent: conf files written to /etc 
ssm-agent expects files in /etc/amazon/ssm. The pkg substitutes a location in
the nix store for those default files, but if we ever want to adjust this
configuration on NixOS, we'd need the ability to modify that file.

This change to the nixos module writes copies of the default files from the nix
store to /etc/amazon/ssm. Future versions can add config, but right now this
would allow users to at least write out a text value to
environment.etc."amazon/ssm/amazon-ssm-agent.json".text to provide
their own config.
 2021-05-10 13:16:41 -07:00
github-actions[bot] 61fa3fdde8
Merge master into staging-next 2021-05-10 18:28:17 +00:00
Sandro f0bb4f066a
Merge pull request #95050 from paumr/bind-fmt 2021-05-10 19:06:00 +02:00
Julien Moutinho 7e794a1da2 nixos/davfs2: wrap {,u}mount.davfs with setuid=true 2021-05-10 15:54:52 +02:00
github-actions[bot] 115881e756
Merge master into staging-next 2021-05-10 12:24:32 +00:00
Izorkin 85914bc01d
nixos/netdata: change wrappers permissions 2021-05-10 10:35:51 +03:00
Izorkin 859633ee43
nixos/netdata: use cgroup v2 2021-05-10 10:24:31 +03:00
Izorkin 58497175be
nixos/netdata: cgroup-network: don't use AmbientCapabilities 2021-05-10 10:19:57 +03:00
Michele Guerini Rocco 4cbe186a8a
Merge pull request #121394 from bjornfor/atd-file-creation 
nixos/atd: prefer 'install' over 'mkdir/chmod/chown'
 2021-05-10 08:43:57 +02:00
github-actions[bot] f4d69ad1f2
Merge master into staging-next 2021-05-10 06:20:28 +00:00
Michele Guerini Rocco d0cbcce8d4
Merge pull request #121395 from bjornfor/nixos-wpa-supplicant 
nixos/wpa_supplicant: prefer 'install' over 'touch/chmod/mkdir/chgrp'
 2021-05-10 08:16:39 +02:00
Vladimír Čunát 5663b2b2d3
Merge branch 'master' into staging-next 
(a trivial conflict in transmission)
 2021-05-09 09:31:55 +02:00
paumr 5390d4b946 nixos/bind: formatted with nixpkgs-fmt 2021-05-08 23:13:58 +02:00
Robert Schütz 314a64a026 nixos/znc: fix example 2021-05-08 22:54:19 +02:00
Robert Schütz 5986f233a6 nixos/znc: remove trailing slash from dataDir 2021-05-08 22:54:19 +02:00
Robert Schütz 4400ee83ec nixos/znc: harden systemd unit 2021-05-08 22:54:15 +02:00
Robert Hensing 4433ba90aa
Merge pull request #121927 from rissson/nixos-unbound-fix-top-level-include 
nixos/unbound: allow list of strings in top-level settings option type
 2021-05-08 22:00:57 +02:00
github-actions[bot] 6d46d8a9b9
Merge master into staging-next 2021-05-08 18:22:46 +00:00
Marc 'risson' Schmitt 0340cd2abe
nixos/unbound: allow list of strings in top-level settings option type 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2021-05-08 19:55:17 +02:00
Aaron Andersen 9254b82706
Merge pull request #121746 from j0hax/monero-options 
nixos/monero: add dataDir option
 2021-05-08 11:43:49 -04:00
Martin Weinelt 9651084620 Merge remote-tracking branch 'origin/master' into staging-next 2021-05-08 14:43:43 +02:00
Vladimír Čunát 080cd658ca
Merge #121780: treewide meta.maintainers tweaks 2021-05-08 10:47:08 +02:00
Gemini Lasswell 28f51d7757 nixos/yggdrasil: set directory permissions before writing keys 
Remove the opportunity for someone to read the keys in between when
they are written and when the chmod is done.  Addresses #121293.
 2021-05-08 09:49:19 +02:00
Jan Tojnar 468cb5980b gnome: rename from gnome3 
Since GNOME version is now 40, it no longer makes sense to use the old attribute name.
 2021-05-08 09:47:42 +02:00
github-actions[bot] b4416b52c5
Merge master into staging-next 2021-05-08 00:46:50 +00:00
Johannes Arnold c0853b6e2c nixos/monero: use isSystemUser = true 2021-05-08 02:13:25 +02:00
Michele Guerini Rocco 4e4869b92b
Merge pull request #114745 from rnhmjoj/brltty 
brltty: 6.1 -> 6.3; nixos/brltty: use upstream units
 2021-05-07 23:35:57 +02:00
Evils 5ae90276c3 nixos/fancontrol: clean up module 
set a group and user for the service
remove default null config
  it's required, now it throws an error pointing to the option

set myself (module author) as maintainer
 2021-05-07 11:46:40 -07:00
github-actions[bot] 1ae6d3d02f
Merge master into staging-next 2021-05-07 18:24:29 +00:00
ajs124 cd609e7a1c
Merge pull request #117094 from helsinki-systems/drop/spidermonkey_1_8_5 
spidermonkey_1_8_5: drop
 2021-05-07 18:55:49 +02:00
Robert Hensing 316b82563a
Merge pull request #121702 from hercules-ci/nixos-hercules-ci-agent-update 
nixos/hercules-ci-agent: updates
 2021-05-07 15:48:33 +02:00
Vladimír Čunát 9f054b5e1a
treewide: remove worldofpeace from meta.maintainers 
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
 2021-05-07 15:36:40 +02:00
github-actions[bot] 12193913a1
Merge staging-next into staging 2021-05-07 12:23:21 +00:00
Jan Tojnar 9468b07326
Merge branch 'gnome-40' 2021-05-07 12:12:40 +02:00
github-actions[bot] e5f4def056
Merge staging-next into staging 2021-05-07 00:46:58 +00:00
John Ericson a3e54cb582 Merge remote-tracking branch 'upstream/staging-next' into staging 2021-05-06 15:48:25 -04:00
Sander van der Burg 77295e7e6b nixos/disnix: configure the remote client by default, if multi-user mode has been enabled 2021-05-06 19:33:02 +02:00
Martin Weinelt 6a09bc4405
Merge pull request #121865 from mweinelt/home-assistant 2021-05-06 18:05:00 +02:00
Martin Weinelt 24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection 
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.

It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.

This leaves us with these options unsecured:

✗ PrivateNetwork=                                             Service has access to the host's network                                                                 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                                                    0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                                       0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                                         0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                                       0.2
✗ PrivateUsers=                                               Service has access to other users                                                                        0.2
✗ SystemCallFilter=~@resources                                System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed)      0.2
✗ RestrictAddressFamilies=~AF_NETLINK                         Service may allocate netlink sockets                                                                     0.1
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                                            0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                                                   0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                                       0.1
✗ ProcSubset=                                                 Service has full access to non-process /proc files (/proc subset=)                                       0.1

→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
 2021-05-06 16:55:53 +02:00
Jörg Thalheim 4e783a4cb7
Merge pull request #121724 from Izorkin/update-netdata 
netdata: 1.29.3 -> 1.30.1
 2021-05-06 14:58:33 +01:00
github-actions[bot] c63e69cd89
Merge staging-next into staging 2021-05-06 12:23:32 +00:00
Maximilian Bosch a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple 
wpa_supplicant: allow both imperative and declarative networks
 2021-05-06 11:01:35 +02:00
Simon Thoby 1bdda029cd nixos/services/torrent/transmission.nix: add a missing apparmor rule 
libbrotli wasn't listed as a dependency for the AppArmor profile of the transmission-daemon binary.
As a result, transmission wouldn't run and would fail, logging this audit message to dmesg:
audit[11595]: AVC apparmor=DENIED operation=open profile=/nix/store/08i1rmakmnpwyxpvp0sfc5hcm106am7w-transmission-3.00/bin/transmission-daemon name=/proc/11595/environ pid=11595 comm=transmission-da requested_mask=r denied_mask=r fsuid=70 ouid=70
 2021-05-05 22:47:52 +02:00
Jan Tojnar 878abc6488
nixos/gnome3: Install GNOME Tour 
It will be run after startup.
 2021-05-05 22:43:02 +02:00
Jan Tojnar 316928e8c1
nixos/gnome3: Enable power-profiles-daemon 
GNOME 40 added support for it in Control Center.
 2021-05-05 22:43:01 +02:00
Jan Tojnar 49ae2e4c26
gnome3.gnome-getting-started-docs: drop 
It has been retired

https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/353
 2021-05-05 22:43:01 +02:00
Jan Tojnar d2e141e412
gnome3.gdm: 3.38.2.1 → 40.0 2021-05-05 22:42:32 +02:00