1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 07:00:43 +00:00
Commit graph

22689 commits

Author SHA1 Message Date
Guillaume Girol 71154a8a8a
Merge pull request #130519 from Mic92/journald
nixos/journald: don't set nogroup
2021-08-08 15:02:31 +00:00
Martin Weinelt 23e60ba325
Merge pull request #127606 from vincentbernat/fix/nginx-override-ssl-certs
nginx: allow overriding SSL trusted certificates when using ACME
2021-08-08 16:43:27 +02:00
Guillaume Girol 27cf2a42f2
Merge pull request #132872 from wentasah/nullmailer-failed-queue
nixos/nullmailer: Create "failed" directory
2021-08-08 14:40:29 +00:00
Guillaume Girol 25b4e3c741
Merge pull request #133098 from erdnaxe/nitter-hardening
nixos/nitter: systemd unit hardening
2021-08-08 14:33:23 +00:00
Artturi c10ded1bb2
Merge pull request #131966 from ArctarusLimited/fix/containerd-restart
nixos/virtualisation/containerd: do not wipe runtime directory on restart or stop
2021-08-08 17:21:30 +03:00
Vincent Bernat 85209382c1 nginx: allow overriding SSL trusted certificates when using ACME
Some ACME providers (like Buypass) are using a different certificate
to sign OCSP responses than for server certificates. Therefore,
sslTrustedCertificate should be provided by the user and we need to
allow that.
2021-08-08 16:07:11 +02:00
Martin Weinelt f49b03c40b
Merge pull request #123258 from mweinelt/acme-hardening 2021-08-08 15:50:24 +02:00
Martin Weinelt a5c6a0006a
Merge pull request #130521 from Mic92/tinc
nixos/tinc: don't run as nogroup
2021-08-08 15:39:42 +02:00
Alexandre Iooss 2e8e8f2c92
nixos/nitter: test with CAP_NET_BIND_SERVICE 2021-08-08 15:29:33 +02:00
Alexandre Iooss 9898f7e072
nixos/nitter: systemd unit hardening 2021-08-08 15:28:27 +02:00
Sandro b739a14b37
Merge pull request #121906 from ymarkus/nixos-mullvad
nixos/mullvad-vpn: fix firewall issues & remove xfix as maintainer
2021-08-08 15:03:26 +02:00
Martin Weinelt 611bc7c23b
Merge pull request #111692 from lopsided98/chrony-initstepslew-types
nixos/chrony: split the initstepslew attrset into options
2021-08-08 15:03:06 +02:00
erdnaxe 7a0c6cdd39
nixos/miniflux: systemd unit hardening (#133123) 2021-08-08 13:58:30 +02:00
lewo 7aa78642c5
Merge pull request #125979 from blaggacao/nixos-test-ref/03-normalse-the-python-entrypoint
nixos/test-driver: normalize the python entrypoint
2021-08-08 10:24:47 +02:00
Sandro 7f9530c7c2
Merge pull request #133083 from polykernel/yambar-patch-1 2021-08-08 06:51:26 +02:00
polykernel bc520477f4 yambar: document breaking changes
* Previously, both the xorg and wayland backend were built into the yambar
  package. The refactor breaks up each backends to its separate, with xorg
  being the default. Thus yambar users on wayland should switch to the
  yambar-wayland package.
2021-08-08 00:05:40 -04:00
Zane van Iperen 99d8d553da nixos/gitea: init/migrate db in startup script 2021-08-08 12:48:15 +09:00
Rouven Czerwinski 06667df72b
nixos/etc: use runCommandLocal (#133037)
Instead of setting preferLocalBuild & allowSubstitutes explicitly, use
runCommandLocal which sets the same options.
2021-08-07 14:56:21 -04:00
Martin Weinelt 4704dc2f1b
Merge pull request #130625 from rski/openrazer 2021-08-07 15:32:04 +02:00
Pascal Bach 463be7303e
Merge pull request #118855 from bachp/unifi-harden
nixos/unifi: harden service
2021-08-07 14:48:25 +02:00
Domen Kožar 2904cd7521
Merge pull request #132883 from Kranzes/bump-pipewire
pipewire: 0.3.32 -> 0.3.33
2021-08-07 12:47:25 +02:00
Sandro 53947a60c1
Merge pull request #132735 from ivan/victoriametrics-panic
nixos/victoriametrics: set LimitNOFILE=1048576 to fix panic and restart loop
2021-08-07 12:34:31 +02:00
Sandro 3384abd78a
Merge pull request #127711 from eadwu/nvidia_x11/127693 2021-08-07 12:24:35 +02:00
Romanos Skiadas 465c9269dd nixos/openrazer: Add a users option 2021-08-07 12:10:43 +03:00
Romanos Skiadas 42c6771744 nixos/openrazer: Change plugdev group to openrazer
For security reasons, and generally, it is best to create a more fine
grained group than plugdev. This way users that wish to tweak razer
devices don't have access to the entire plugdev group's permissions.

This is of course a breaking change.
2021-08-07 12:09:44 +03:00
Ninjatrappeur d00f146ca5
Merge pull request #132932 from NinjaTrappeur/nin-fix-prosody-test
nixos/nixosTests.prosody: extend self-signed cert expiration date
2021-08-07 10:29:11 +02:00
Edmund Wu 573aae39e2
nixos/modules: assertion for required PM files 2021-08-07 01:41:58 -04:00
Artturi 8072e71d8e
Merge pull request #132853 from peterhoeg/f/devmon
Revert "nixos/devmon: add systemd service"
2021-08-07 02:34:09 +03:00
Artturi 7d45138e68
Merge pull request #127402 from sigprof/nixos-ssh-askpass-args
nixos/ssh: fix passing arguments to ssh-askpass
2021-08-07 02:30:28 +03:00
Félix Baylac-Jacqué 6325d15e90
nixosTests.prosody: extend- self-signed cert expiration date
The test certificate expiration date was set to the default 30 days.
This certificate is generated through its own derivation. As with
every derivation, it gets cached by cache.nixos.org once we build it.

In practice, we rebuild this derivation only if one of its input
changes. The only inputs here being openssl and stdenv.

While it's not an issue on the unstable branches, it can be
problematic on a stable release: the test will fail after 30 days.

Extending the certificate lifespan from 1 month to 100 years to prevent
it from getting expired while being cached.

See
https://github.com/NixOS/nixpkgs/pull/132898#issuecomment-894495057
for more context.
2021-08-06 23:46:17 +02:00
Timothy DeHerrera cc455c004a
Merge pull request #132895 from poscat0x04/chrony-dns
nixos/chrony: wait for DNS services to start up before starting
2021-08-06 13:02:08 -06:00
Maximilian Bosch 67a5d63b33
Merge pull request #131867 from maxeaubrey/traefik_2.4.12
traefik: 2.4.8 -> 2.4.13
2021-08-06 18:55:07 +02:00
Ilan Joselevich a876500f5d pipewire: updated JSON configs 2021-08-06 16:50:56 +03:00
Poscat 6e3cecf1f7
nixos/chrony: wait for dns services to start up before starting 2021-08-06 21:03:55 +08:00
Michal Sojka a2943e74e3 nixos/nullmailer: Create "failed" directory
Nullmailer expects that this directory exists (see
073f4e9c5d/doc/nullmailer-send.8 (L185)).
When it doesn't and an email cannot be sent due to a permanent failure
or has been in the queue longer than queuelifetime (7 days), message
"Can't rename file: No such file or directory" starts appearing in the
log and nullmailer never sends "Could not send message" notification.
This means that the user may never learn that his email was not
delivered.
2021-08-06 10:48:19 +02:00
Peter Hoeg 8b167a0c11 Revert "nixos/devmon: add systemd service"
This reverts commit 1db44c4ff1.
2021-08-06 13:43:24 +08:00
Jörg Thalheim de5a599492
Merge pull request #130429 from Ninlives/yubico_chlrep
nixos/pam: allow users to set the path to store yubikey challenge file
2021-08-06 05:23:10 +01:00
David Arnold 926fb93968
nixos/tests/test-driver: normalise test driver entrypoint(s)
Previously the driver was configured exclusively through convoluted
environment variables.

Now the driver's defaults are configured through env variables.

Some additional concerns are in the github comments of this PR.
2021-08-05 19:07:11 -05:00
Jörg Thalheim 8c5c0d6748 nixos: fix zinputrc on flake-enabled systems 2021-08-05 22:19:37 +02:00
Michael Weiss c4c087da21
nixos/tests/signal-desktop: Improve the DB test
The command "file ~/.config/Signal/sql/db.sqlite | grep 'db.sqlite: data'"
can randomly fail because "file" sometimes recognizes the "random"
(encrypted) data as something. This occasionally causes test failures,
e.g. [0] were it was recognized as "PGP Secret Sub-key -" or in another
instance as an ext4 filesystem [1].

[0]: https://github.com/NixOS/nixpkgs/pull/132644#issuecomment-892601504
[1]: https://social.primeos.dev/notice/A7H8VWV0KtQHUZZIsC
2021-08-05 18:26:59 +02:00
Robert Hensing c5373ce006
Merge pull request #132593 from rycee/postgresql-backup-compression
nixos postgresql-backup: add `compression` option
2021-08-05 13:20:40 +02:00
Benjamin Smith 45c4b6b9e4
Apache Kafka: add 2.7.1 and 2.8.0 (#128043) 2021-08-05 13:01:59 +02:00
Yaroslav Bolyukin b7e79637ba plasma5: install plasma-systemmonitor by default
As ksysguard was replaced, and it was installed by default

Signed-off-by: Yaroslav Bolyukin <iam@lach.pw>
2021-08-05 17:01:19 +09:00
Yaroslav Bolyukin b0f1caf522 ksystemstats: init at 5.22.0
Signed-off-by: Yaroslav Bolyukin <iam@lach.pw>
2021-08-05 17:01:19 +09:00
Yaroslav Bolyukin 85dcd8d3ed ksysguard: replace with throw alias
It was deprecated in favour of system-monitor

Signed-off-by: Yaroslav Bolyukin <iam@lach.pw>
2021-08-05 17:01:19 +09:00
Sandro 99fe362cf1
Merge pull request #131576 from j0hax/mlvwm
nixos/mlvwm: init at 0.9.3
2021-08-05 09:46:02 +02:00
Ivan Kozik fb6fbcb85c nixos/victoriametrics: set LimitNOFILE=1048576 to fix panic and restart loop
This fixes:

```
systemd[1]: Started VictoriaMetrics time series database.
victoria-metrics[379550]: 2021-08-04T19:33:39.833Z        panic        VictoriaMetrics/lib/storage/partition.go:954        FATAL: unrecoverable error when merging small parts in the partition "/var/lib/victoriametrics/data/small/2021_08": cannot open source part for merging: cannot open metaindex file in stream mode: cannot open file "/var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin": open /var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin: too many open files
victoria-metrics[379550]: panic: FATAL: unrecoverable error when merging small parts in the partition "/var/lib/victoriametrics/data/small/2021_08": cannot open source part for merging: cannot open metaindex file in stream mode: cannot open file "/var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin": open /var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin: too many open files
victoria-metrics[379550]: goroutine 629 [running]:
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logMessage(0xbb3ea1, 0x5, 0xc001113800, 0x1e7, 0x4)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:270 +0xc69
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logLevelSkipframes(0x1, 0xbb3ea1, 0x5, 0xbe3f8b, 0x4b, 0xc000bb3f88, 0x2, 0x2)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:138 +0xd1
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logLevel(...)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:130
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.Panicf(...)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:126
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.(*partition).smallPartsMerger(0xc0014d7980)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/partition.go:954 +0x145
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.(*partition).startMergeWorkers.func1(0xc0014d7980)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/partition.go:933 +0x2b
victoria-metrics[379550]: created by github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.(*partition).startMergeWorkers
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/partition.go:932 +0x6c
systemd[1]: victoriametrics.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
systemd[1]: victoriametrics.service: Failed with result 'exit-code'.
systemd[1]: victoriametrics.service: Consumed 587ms CPU time, received 6.5K IP traffic, sent 1.7K IP traffic.
systemd[1]: victoriametrics.service: Scheduled restart job, restart counter is at 2064.
systemd[1]: Stopped VictoriaMetrics time series database.
systemd[1]: victoriametrics.service: Consumed 587ms CPU time, received 6.5K IP traffic, sent 1.7K IP traffic.
systemd[1]: Starting VictoriaMetrics time series database...
```
2021-08-05 05:35:53 +00:00
Bernardo Meurer 64a2790e99
Merge pull request #130617 from zhaofengli/moonraker
moonraker: init at unstable-2021-07-18, nixos/moonraker: init
2021-08-05 02:59:59 +00:00
Zhaofeng Li 5fbdf2ef1f nixos/moonraker: init 2021-08-04 19:48:58 -07:00
Robert Helgesson bcc7a902d5
nixos postgresql-backup: add compression option
This option allows basic configuration of the compression technique
used in the backup script. Specifically it adds `none` and `zstd` as
new alternatives, keeping `gzip` as the default.
2021-08-05 00:42:16 +02:00