mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-02 10:31:36 +00:00
Code Issues Wiki Activity
290576 commits 199 branches 125 tags 5.6 GiB
Commit graph

17145 commits

Author SHA1 Message Date
Michael Weiss 60f2af5938
Merge pull request #122605 from primeos/nixos-sway-extend-default-configuration 
nixos/sway: Extend the default configuration for NixOS
 2021-05-13 20:48:55 +02:00
github-actions[bot] 39e3f7c2cc
Merge master into staging-next 2021-05-13 18:32:50 +00:00
Izorkin feebe402f5
treewide: remove duplicates SystemCallFilters 2021-05-13 15:44:56 +03:00
Luke Granger-Brown ca6255bf0b nixos/docker: fix evaluation when NAT is enabled too 
Both networking.nat.enable and virtualisation.docker.enable now want to
make sure that the IP forwarding sysctl is enabled, but the module
system dislikes that both modules contain this option.

Realistically this should be refactored a bit, so that the Docker module
automatically enables the NAT module instead, but this is a more obvious
fix.
 2021-05-13 10:26:45 +00:00
Martin Weinelt bc4a80979b
nixos/prometheus-kea-exporter: init 2021-05-12 21:51:44 +02:00
github-actions[bot] f214722172
Merge master into staging-next 2021-05-12 18:32:26 +00:00
midchildan 6567031111
nixos/mirakurun: add polkit rule for smart card access (#122066) 
Fixes #122039
 2021-05-12 13:57:49 -04:00
Aaron Andersen f20aa073e1 nixos/httpd: provide a stable path stable path to the configuration file for reloads 2021-05-11 22:36:55 -04:00
Robin Gloster 9438b12f99
prometheus-collectd-exporter: fix options for new version 2021-05-11 17:57:46 -05:00
Robin Gloster b2956ce654
prometheus-bind-exporter: fix options for new version 2021-05-11 17:57:46 -05:00
Robin Gloster da85657a6c
prometheus-rspamd-exporter: fix for new json exporter syntax 2021-05-11 17:57:46 -05:00
Michael Weiss 00e8e5b123
nixos/sway: Extend the default configuration for NixOS 
The default config.in template contains
"include @sysconfdir@/sway/config.d/*" but we've dropped it to better
support non-NixOS (which seems like a mistake in retrospect).
This restores that behaviour and extends the default configuration via
nixos.conf to fix #119445.

Note: The security configurations (security.d) where dropped entirely
(but maybe they'll return).
 2021-05-11 18:53:49 +02:00
Jan Tojnar 8380ceb766
nixos/gnome: Allow disabling sysprof 2021-05-11 18:11:01 +02:00
worldofpeace 8ad5d65d09
nixos/gnome: add user docs 
Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
 2021-05-11 18:10:53 +02:00
github-actions[bot] 1e7a48b474
Merge master into staging-next 2021-05-11 12:24:28 +00:00
Tom 33a4c43126
nixos/tor: fix HidServAuth (#122439) 
* add an example for services.tor.settings.HidServAuth

* fix HidServAuth validation to require ".onion"
  Per https://manpages.debian.org/testing/tor/torrc.5.en.html :
  > Valid onion addresses contain 16 characters in a-z2-7 plus ".onion"
 2021-05-11 10:10:32 +02:00
github-actions[bot] 10e16ec9ab
Merge master into staging-next 2021-05-11 06:20:33 +00:00
Jörg Thalheim 8af4bf61fd
Merge pull request #122423 from Izorkin/update-netdata 
nixos/netdata: update configuration
 2021-05-11 06:07:48 +01:00
github-actions[bot] 49b8e6f7d4
Merge master into staging-next 2021-05-11 00:48:15 +00:00
Robert Schütz 7217b2d85e
Merge pull request #121785 from dotlambda/dendrite-rename 
matrix-dendrite: rename to dendrite
 2021-05-10 23:30:12 +02:00
Joe DeVivo bf92d0ec37 nixos/ssm-agent: conf files written to /etc 
ssm-agent expects files in /etc/amazon/ssm. The pkg substitutes a location in
the nix store for those default files, but if we ever want to adjust this
configuration on NixOS, we'd need the ability to modify that file.

This change to the nixos module writes copies of the default files from the nix
store to /etc/amazon/ssm. Future versions can add config, but right now this
would allow users to at least write out a text value to
environment.etc."amazon/ssm/amazon-ssm-agent.json".text to provide
their own config.
 2021-05-10 13:16:41 -07:00
Samuel Dionne-Riel 37f14fa4d9
Merge pull request #121450 from samueldr/feature/cross-uefi-iso 
iso-image: Fixes for cross-compilation
 2021-05-10 14:42:59 -04:00
github-actions[bot] 61fa3fdde8
Merge master into staging-next 2021-05-10 18:28:17 +00:00
Samuel Dionne-Riel 79752e2310
Merge pull request #121834 from samueldr/feature/raspberrypi4-image-cleanup 
sd_image_raspberrypi4: Remove, as planned initially
 2021-05-10 14:05:02 -04:00
Sandro f0bb4f066a
Merge pull request #95050 from paumr/bind-fmt 2021-05-10 19:06:00 +02:00
github-actions[bot] 115881e756
Merge master into staging-next 2021-05-10 12:24:32 +00:00
Izorkin 85914bc01d
nixos/netdata: change wrappers permissions 2021-05-10 10:35:51 +03:00
Izorkin 859633ee43
nixos/netdata: use cgroup v2 2021-05-10 10:24:31 +03:00
Izorkin 58497175be
nixos/netdata: cgroup-network: don't use AmbientCapabilities 2021-05-10 10:19:57 +03:00
Michele Guerini Rocco 4cbe186a8a
Merge pull request #121394 from bjornfor/atd-file-creation 
nixos/atd: prefer 'install' over 'mkdir/chmod/chown'
 2021-05-10 08:43:57 +02:00
github-actions[bot] f4d69ad1f2
Merge master into staging-next 2021-05-10 06:20:28 +00:00
Michele Guerini Rocco d0cbcce8d4
Merge pull request #121395 from bjornfor/nixos-wpa-supplicant 
nixos/wpa_supplicant: prefer 'install' over 'touch/chmod/mkdir/chgrp'
 2021-05-10 08:16:39 +02:00
hyperfekt 3e3e763a07 nixos/systemd: enable systemd-pstore.service 
As described in issue #81138, the Install section of upstream units is
currently ignored, so we make it part of the sysinit.target manually.
 2021-05-09 23:21:51 +02:00
hyperfekt 870fa77ff6 nixos/filesystems: mount persistent storage to /sys/fs/pstore 2021-05-09 23:21:32 +02:00
github-actions[bot] bc1f4b790e
Merge master into staging-next 2021-05-09 12:23:16 +00:00
Luke Granger-Brown 491216df02
Merge pull request #122099 from alekna/fix/docker 
nixos/docker: ensure ipv4 forwarding is enabled
 2021-05-09 12:15:16 +01:00
Michele Guerini Rocco e5452226af
Merge pull request #121791 from dotlambda/sudo-execWheelOnly 
nixos/sudo: add option execWheelOnly
 2021-05-09 10:04:15 +02:00
Vladimír Čunát 5663b2b2d3
Merge branch 'master' into staging-next 
(a trivial conflict in transmission)
 2021-05-09 09:31:55 +02:00
Robert Schütz 5624aa9f81 nixos/sudo: add option execWheelOnly 
By setting the executable's group to wheel and permissions to 4510, we
make sure that only members of the wheel group can execute sudo.
 2021-05-08 23:48:00 +02:00
paumr 5390d4b946 nixos/bind: formatted with nixpkgs-fmt 2021-05-08 23:13:58 +02:00
Robert Hensing 4433ba90aa
Merge pull request #121927 from rissson/nixos-unbound-fix-top-level-include 
nixos/unbound: allow list of strings in top-level settings option type
 2021-05-08 22:00:57 +02:00
github-actions[bot] 6d46d8a9b9
Merge master into staging-next 2021-05-08 18:22:46 +00:00
Laurynas Alekna 9317570735 nixos/docker: ensure ipv4 forwarding is enabled 
Fixes #118656
 2021-05-08 18:58:24 +01:00
Marc 'risson' Schmitt 0340cd2abe
nixos/unbound: allow list of strings in top-level settings option type 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2021-05-08 19:55:17 +02:00
Aaron Andersen 9254b82706
Merge pull request #121746 from j0hax/monero-options 
nixos/monero: add dataDir option
 2021-05-08 11:43:49 -04:00
Martin Weinelt 9651084620 Merge remote-tracking branch 'origin/master' into staging-next 2021-05-08 14:43:43 +02:00
Vladimír Čunát 080cd658ca
Merge #121780: treewide meta.maintainers tweaks 2021-05-08 10:47:08 +02:00
Gemini Lasswell 28f51d7757 nixos/yggdrasil: set directory permissions before writing keys 
Remove the opportunity for someone to read the keys in between when
they are written and when the chmod is done.  Addresses #121293.
 2021-05-08 09:49:19 +02:00
Jan Tojnar 468cb5980b gnome: rename from gnome3 
Since GNOME version is now 40, it no longer makes sense to use the old attribute name.
 2021-05-08 09:47:42 +02:00
github-actions[bot] e21fb16f9a
Merge master into staging-next 2021-05-08 06:20:05 +00:00
Silvan Mosberger 08d94fd2b0
Merge pull request #114374 from oxalica/lib/platform-support-check 
lib.meta: introduce `availableOn` to check package availability on given platform
 2021-05-08 03:54:36 +02:00
github-actions[bot] b4416b52c5
Merge master into staging-next 2021-05-08 00:46:50 +00:00
Johannes Arnold c0853b6e2c nixos/monero: use isSystemUser = true 2021-05-08 02:13:25 +02:00
Michele Guerini Rocco 4e4869b92b
Merge pull request #114745 from rnhmjoj/brltty 
brltty: 6.1 -> 6.3; nixos/brltty: use upstream units
 2021-05-07 23:35:57 +02:00
Domen Kožar 8ecb0344a0
Merge pull request #121720 from samueldr/feature/arm-stage-1-modules 
installer images: Add available modules to stage-1 on ARM platforms
 2021-05-07 22:01:09 +02:00
Evils 5ae90276c3 nixos/fancontrol: clean up module 
set a group and user for the service
remove default null config
  it's required, now it throws an error pointing to the option

set myself (module author) as maintainer
 2021-05-07 11:46:40 -07:00
github-actions[bot] 1ae6d3d02f
Merge master into staging-next 2021-05-07 18:24:29 +00:00
Robin Gloster 29e92116d1
Merge pull request #118037 from mayflower/privacy-extensions-configurable 
nixos/network: allow configuring tempaddr for undeclared interfaces
 2021-05-07 13:01:29 -05:00
ajs124 cd609e7a1c
Merge pull request #117094 from helsinki-systems/drop/spidermonkey_1_8_5 
spidermonkey_1_8_5: drop
 2021-05-07 18:55:49 +02:00
Robert Hensing 316b82563a
Merge pull request #121702 from hercules-ci/nixos-hercules-ci-agent-update 
nixos/hercules-ci-agent: updates
 2021-05-07 15:48:33 +02:00
Vladimír Čunát 9f054b5e1a
treewide: remove worldofpeace from meta.maintainers 
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
 2021-05-07 15:36:40 +02:00
github-actions[bot] 12193913a1
Merge staging-next into staging 2021-05-07 12:23:21 +00:00
Jan Tojnar 9468b07326
Merge branch 'gnome-40' 2021-05-07 12:12:40 +02:00
github-actions[bot] e5f4def056
Merge staging-next into staging 2021-05-07 00:46:58 +00:00
Robert Hensing 0633b6aa74
Merge pull request #121870 from Pacman99/pass-specialargs 
lib/modules: pass specialArgs to modules
 2021-05-07 01:54:48 +02:00
Pacman99 87c659ab94 nixos/top-level: specialArgs to specialisations 2021-05-06 16:04:08 -07:00
John Ericson a3e54cb582 Merge remote-tracking branch 'upstream/staging-next' into staging 2021-05-06 15:48:25 -04:00
Sander van der Burg 77295e7e6b nixos/disnix: configure the remote client by default, if multi-user mode has been enabled 2021-05-06 19:33:02 +02:00
Martin Weinelt 6a09bc4405
Merge pull request #121865 from mweinelt/home-assistant 2021-05-06 18:05:00 +02:00
Martin Weinelt 24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection 
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.

It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.

This leaves us with these options unsecured:

✗ PrivateNetwork=                                             Service has access to the host's network                                                                 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                                                    0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                                       0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                                         0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                                       0.2
✗ PrivateUsers=                                               Service has access to other users                                                                        0.2
✗ SystemCallFilter=~@resources                                System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed)      0.2
✗ RestrictAddressFamilies=~AF_NETLINK                         Service may allocate netlink sockets                                                                     0.1
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                                            0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                                                   0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                                       0.1
✗ ProcSubset=                                                 Service has full access to non-process /proc files (/proc subset=)                                       0.1

→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
 2021-05-06 16:55:53 +02:00
Jörg Thalheim 4e783a4cb7
Merge pull request #121724 from Izorkin/update-netdata 
netdata: 1.29.3 -> 1.30.1
 2021-05-06 14:58:33 +01:00
github-actions[bot] c63e69cd89
Merge staging-next into staging 2021-05-06 12:23:32 +00:00
Maximilian Bosch a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple 
wpa_supplicant: allow both imperative and declarative networks
 2021-05-06 11:01:35 +02:00
Simon Thoby 1bdda029cd nixos/services/torrent/transmission.nix: add a missing apparmor rule 
libbrotli wasn't listed as a dependency for the AppArmor profile of the transmission-daemon binary.
As a result, transmission wouldn't run and would fail, logging this audit message to dmesg:
audit[11595]: AVC apparmor=DENIED operation=open profile=/nix/store/08i1rmakmnpwyxpvp0sfc5hcm106am7w-transmission-3.00/bin/transmission-daemon name=/proc/11595/environ pid=11595 comm=transmission-da requested_mask=r denied_mask=r fsuid=70 ouid=70
 2021-05-05 22:47:52 +02:00
Jan Tojnar 878abc6488
nixos/gnome3: Install GNOME Tour 
It will be run after startup.
 2021-05-05 22:43:02 +02:00
Jan Tojnar 316928e8c1
nixos/gnome3: Enable power-profiles-daemon 
GNOME 40 added support for it in Control Center.
 2021-05-05 22:43:01 +02:00
Jan Tojnar 49ae2e4c26
gnome3.gnome-getting-started-docs: drop 
It has been retired

https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/353
 2021-05-05 22:43:01 +02:00
Jan Tojnar d2e141e412
gnome3.gdm: 3.38.2.1 → 40.0 2021-05-05 22:42:32 +02:00
Samuel Dionne-Riel 6cb46a3897 sd_image_raspberrypi4: Remove, as planned initially 
The replacement is the generic AArch64 image.

From there, you can customize an image that works better for your
needs, if need be.
 2021-05-05 16:19:13 -04:00
Izorkin 53651179b9
nixos/netdata: update capabilities 2021-05-05 20:46:07 +03:00
github-actions[bot] af9d9374fa
Merge staging-next into staging 2021-05-05 12:23:47 +00:00
Robert Schütz f82c6fdfd5 nixos/matrix-dendrite: rename to dendrite 2021-05-05 12:38:02 +02:00
Robert Schütz 007cab9644 matrix-dendrite: rename to dendrite 
No other distro calls it matrix-dendrite:
https://repology.org/project/matrix-dendrite
 2021-05-05 12:37:04 +02:00
Robert Hensing ce93c98ce2
Merge pull request #99132 from Infinisil/recursive-type-deprecation 
Recursive type deprecation
 2021-05-05 11:13:37 +02:00
Silvan Mosberger 0a377f11a5 nixos/treewide: Remove usages of deprecated types.string 2021-05-05 03:31:41 +02:00
github-actions[bot] 68e3ba2b1d
Merge staging-next into staging 2021-05-05 00:46:07 +00:00
Samuel Dionne-Riel 1cb977c858 sd-image: Rely on profiles/all-hardware.nix 
This ensures that SD images and UEFI installers don't drift in
compatibility with regards to early initrd.
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel cb9b46a3cd profiles/all-hardware.nix: Add vc4 for broadcom hardware 
Namely, early KMS on raspberry pi
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel f5b7687d26 profiles/all-hardware.nix: Share some config for all ARM 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel 14ac6de024 profiles/all-hardware.nix: Fix for arvmv7l-linux 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel 82625705c6 profiles/all-hardware.nix: Add analogix-dp 
While it's being brought in implicitly by the other analogix driver,
let's be explicit, in case things change.
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel 9fa3e2c2a3 profiles/all-hardware.nix: Add regulator needed for rockchip 
But not exclusive to rockchip
 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel 535d463cf9 profiles/all-hardware.nix: Add rockchip modules 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel 70205bd13c profiles/all-hardware.nix: Add support for Raspberry Pi 4 USB 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel a846d19831 profiles/all-hardware.nix: Add power regulator modules 
This is used on some allwinner platforms, and is a weak dependency for
USB to work.
 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel a8af02fe6d profiles/all-hardware.nix: Add modules for integrated displays 
Namely, this is used by the pinebook's display
 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel 5bc36c1b30 profiles/all-hardware.nix: Add support for Allwinner hardware 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel c60de92917 profiles/all-hardware.nix: Add simplefb for AArch64 2021-05-04 19:42:12 -04:00
Samuel Dionne-Riel 556fc32d69 iso-image: Build using strictDeps 2021-05-04 19:37:49 -04:00
Samuel Dionne-Riel f1100e1506 iso-image: Add support for armv7l-linux 2021-05-04 19:37:49 -04:00