1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-02 10:31:36 +00:00
Commit graph

24805 commits

Author SHA1 Message Date
Janne Heß 4cba5de303
nixos/hoogle: Type the last option 2021-12-07 18:36:01 +01:00
Silvan Mosberger 490d46f044
Merge pull request #148315 from hercules-ci/nixos-evalModules-legacy-cleanup
NixOS/evalModules legacy cleanup
2021-12-07 18:30:52 +01:00
Finn Behrens 673ad7eb36
nixos/pleroma: create cookie if not existing (#149368) 2021-12-07 17:32:55 +01:00
Janne Heß 1f41365cda
nixos/switch-to-configuration: Restart systemd when system.conf is changed 2021-12-07 14:32:19 +01:00
Janne Heß e37aab2130
nixos/acme: Allow disabling bash tracing
This is horrible if you want to debug failures that happened during
system switches but your 30-ish acme clients spam the log with the same
messages over and over again.
2021-12-07 14:17:56 +01:00
Bernardo Meurer ebb7f07eec
Merge pull request #148751 from NixOS/feat/slight-stc-improvements
nixos/switch-to-configuration: Add small improvements
2021-12-07 02:38:26 -08:00
Yuka ce54a4f658
nixos/networkd: add RoutingPolicyRule Type option (#146168) 2021-12-07 10:13:22 +01:00
Netix (Espinet François) 9d7ce57da5 freeradius: fix radius user
We now must choose either system or normal user when creating a user
2021-12-07 08:51:57 +01:00
Martin Weinelt 1d1b09c7c1
Merge pull request #148752 from sweber83/sw/zigbee2mqtt-1.22.1 2021-12-06 22:54:42 +01:00
Maximilian Bosch c959de5b30
Merge pull request #148360 from helsinki-systems/drop/pg96
postgresql_9_6: drop
2021-12-06 21:57:05 +01:00
Johannes Schleifenbaum 9f45c18515 sabnzbd: add simple test 2021-12-06 21:08:19 +01:00
Martin Weinelt 96d69e40f2 nixos/zigbee2mqtt: run as zigbee2mqtt group
Not setting a group is a security defect, since that will run the unit
under the root group.

Fixes: 1af87596 ("nixos/zigbee2mqtt: init")
2021-12-06 18:30:01 +01:00
Simon Weber 200c36255f nixos/zigbee2mqtt: no longer pass dataDir to package 2021-12-06 18:28:59 +01:00
Jan Tojnar 75eaab3757
Merge pull request #126832 from ncfavier/gio-extra-modules
nixos: make GIO_EXTRA_MODULES a session variable
2021-12-06 16:23:48 +01:00
pennae 027f7e1b7f nixos/lib/make-options-doc: generate options.xml from options.json
to do this we must replace derivations with attrsets in make-options-doc, since
xml can represent derivations differently from attrset but json cannot. this
also given asciidoc and mddoc the ability to handle derivation differently,
which they previously didn't have.
2021-12-06 16:12:32 +01:00
pennae 9b97a2ea88 nix/lib/make-options-doc: remove nix-level sorting
there are no remaining users of sorted option lists except the docbook build,
which sorts its input separately.
2021-12-06 16:12:32 +01:00
pennae c533b01863 nixos/doc/manual: remove non-matching optionsXML inherit 2021-12-06 16:12:32 +01:00
pennae 4670400309 nixos/lib/make-options-doc: generate asciidoc/md in derivations
use the json file derivation we already have to also generate the asciidoc and
md options docs instead of formatting the options in nix. docbook docs are
already produced in derivations.

the new script produce the exact same output as the old in-nix generation.
2021-12-06 16:12:30 +01:00
Artturi 779a657e37
Merge pull request #148649 from Artturin/sgxgid
nixos: add sgx group with gid 304
2021-12-06 17:05:00 +02:00
talyz 125bb7dac1
discourse: Don't patch the public path
Instead of patching the path to /public in Discourse's sources, make
the nginx configuration refer to the symlink in the discourse
package which points to the real path.

When there is a mismatch between the path nginx serves and the path
Discourse thinks it serves, we can run into issues like files not
being served - at least when sendfile requests from the ruby app are
processed by nginx. The issue I ran into most recently is that backup
downloads don't work.

Since Discourse refers to the public directory relative to the Rails
root in many places, it's much easier to just sync this path to the
nginx configuration than trying to patch all occurrences in the
sources. This should hopefully mean less potential for breakage in
future Discourse releases, too.
2021-12-06 14:21:39 +01:00
ajs124 47da70cdda
Merge pull request #148783 from oxzi/claws-mail-ciao-cacao-v3
claws-mail: remove claws-mail-gtk2 version
2021-12-06 11:00:00 +00:00
Jörg Thalheim c7fa870f5a
Merge pull request #148535 from martinetd/bpf
bpf update: bcc remove linux kernel dep + devendor libbpf again, bpftrace 0.13.0 -> 0.14.0 + remove kernel dep, pahole 1.20 -> 1.22 + remove submodule, libbpf revert 0.6.0 -> 0.5.0 (unusable)
2021-12-06 08:33:14 +00:00
Robert Hensing 862d167f17
Merge pull request #147441 from pennae/option-doc-staticizing
nixos/*: add trivial defaultText to options where applicable
2021-12-06 01:35:38 +01:00
pennae c694c35f9d nixos/*: escape pkgs reference in examples and descriptions 2021-12-06 00:38:05 +01:00
Alvar Penning 521f30f80c claws-mail: remove claws-mail-gtk2 version
The GTK+ 2 version of Claws Mail, major version number three, relies on
Python 2, which is end-of-life and might be dropped in the nixpkgs.

In favour of #148779, this older branch of Claws Mail was removed.
2021-12-05 23:08:18 +01:00
Janne Heß b30d619368
nixos/top-level: Check syntax of switch-to-configuration 2021-12-05 18:54:36 +01:00
Janne Heß 6f1e0dc34f
nixos/switch-to-configuration: Move excludes up 2021-12-05 18:54:19 +01:00
Janne Heß 5d34545954
nixos/switch-to-configuration: Ignore scopes 2021-12-05 18:47:35 +01:00
Janne Heß 1e422e7d58
nixos/switch-to-configuration: Fix dry order
This makes the order of the dry activation messages the same as the real
actions which makes more sense than another random order.
2021-12-05 18:46:50 +01:00
Janne Heß 3693e8b093
nixos/switch-to-configuration: Clean perl code
oct() is recommended by perlcritic and the rest was unused.
2021-12-05 18:45:44 +01:00
Janne Heß 50a0f33c2a
nixos/switch-to-configuration: Remove unnecessary TODOs
The first one doesn't make any sense because the directory where the
init binary resides does not contain other tools we need like
systemd-escape.

The second one doesn't make sense either because the errors are already
ignored.
2021-12-05 18:43:42 +01:00
Jörg Thalheim 8ae2771224
Merge pull request #148729 from bjornfor/add-missing-collectd-group-v2
nixos/collectd: add missing group
2021-12-05 17:18:55 +00:00
Ryan Mulligan 542e917e99
Merge pull request #148061 from astro/drbd_upstream
drbd: update, fix, add test
2021-12-05 09:10:22 -08:00
Bjørn Forsman 05bc708a7f nixos/collectd: add missing group
While upgrading my NixOS system I was greeted by this error:

  error:
  Failed assertions:
  - users.users.collectd.group is unset. This used to default to
  nogroup, but this is unsafe. For example you can create a group
  for this user with:
  users.users.collectd.group = "collectd";
  users.groups.collectd = {};

Let's fix it.
2021-12-05 17:17:12 +01:00
Bobby Rong af6071db60
Merge pull request #148415 from erictapen/borgbackup
Revert "nixos/borgbackup: specify systemd WorkingDirectory"
2021-12-05 18:02:49 +08:00
Martin Weinelt 68dc5484e9 nixos/doc/manual/release-notes/rl-2111: add prometheus-smartctl-exporter 2021-12-05 03:18:17 +01:00
Martin Weinelt 0c008f9c0d
Merge pull request #147056 from mweinelt/smartctl-exporter 2021-12-05 03:00:48 +01:00
Bobby Rong 894fb34b23
Merge pull request #148159 from bobby285271/pantheon
pantheon.extra-elementary-contracts: split package
2021-12-05 09:56:34 +08:00
Martin Weinelt d94cec6ead
Merge pull request #148543 from mweinelt/knot-hardening 2021-12-05 02:44:28 +01:00
Sean Heath 6af3d13bec
nixos/ddclient: fix permission for ddclient.conf (#148179) 2021-12-05 02:07:42 +01:00
Artturin fc4df13e26 nixos: add sgx group with gid 304
fix Unknown group 'sgx', ignoring message from udev
2021-12-05 01:37:43 +02:00
Artturi 493d66a225
Merge pull request #145732 from gardspirito/mx-puppet-discord 2021-12-04 23:12:09 +02:00
Samuel Dionne-Riel b976947ede
Merge pull request #121345 from samueldr/feature/plasma-mobile
Add support for Plasma Mobile
2021-12-04 15:37:26 -05:00
Thomas Gerbet 1a119b223c vault{,bin}: 1.8.4 -> 1.9.0
https://github.com/hashicorp/vault/blob/v1.9.0/CHANGELOG.md
2021-12-05 06:10:43 +10:00
Martin Weinelt 146ddee13b
nixos/tests/knot: add extra cpu core to master
This verifies that we allow setting affinity in multicore systems.
2021-12-04 16:53:31 +01:00
Martin Weinelt 893f7af236
nixos/tests/knot: log systemd unit hardening info 2021-12-04 16:53:31 +01:00
Martin Weinelt 67f102d8d8
nixos/knot: update systemd hardening 2021-12-04 16:53:31 +01:00
Felix Schröter d6a4500f88 nixos/ddclient: support all special characters in password 2021-12-04 16:28:31 +01:00
Robert Hensing 430c9173e4
Merge pull request #148363 from hercules-ci/add-dockerTools-fakechroot
dockerTools: Add fakechroot to fakeRootCommands
2021-12-04 15:13:37 +01:00
Maximilian Bosch 5ffc828912
Merge pull request #148301 from Kranzes/nextcloud
nextcloud23: init at 23.0.0
2021-12-04 14:54:25 +01:00
Robert Hensing ddda5f28e1 dockerTools: Keep fakechroot disabled by default
Avoid risk of breaking existing images by making it opt-in.
2021-12-04 13:49:10 +00:00
Robert Hensing 0e9bc9ffd1 dockerTools: Add fakechroot to fakeRootCommands 2021-12-04 13:49:10 +00:00
Dominique Martinet 559fe43665 nixos/tests: add bpf test
test bcc and bpftrace briefly
2021-12-04 21:12:07 +09:00
Dominique Martinet efe6967e93 bcc: move from linux-kernels packages to normal packages
bcc doesn't really need kernel itself, it just cares about module path.

It's actually better to use /run/booted-system/kernel-modules/lib/modules
for two reasons:
 - no need to rebuild bcc for each new kernel
 - can use a newer bcc with a booted kernel that doesn't match the current
   system
2021-12-04 21:07:09 +09:00
Maciej Krüger ca82a582d9
nixos/rtsp-simple-server: init 2021-12-04 12:58:36 +01:00
Tristan 7f6a2d5663 oci-containers: fix imageFile example 2021-12-04 10:23:58 +01:00
Samuel Dionne-Riel 2f12f30f00 nixos/plasma5: Split common Plasma config for Mobile from Desktop 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel 7f4324c64e nixos/plasma5: Add suggested plasma mobile apps 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel 7df34e1145 nixos/plasma5: configuration for plasma mobile 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel 13a03fb289 nixos/plasma5: Add maliit-keyboard to plasma mobile session 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel b41923c1ca nixos/plasma5: configuration for plasma mobile 2021-12-03 20:17:04 -05:00
Tyler Slabinski da6a39436b nixos/plasma5: Add mobile.enable option for plasma 2021-12-03 20:17:04 -05:00
Samuel Dionne-Riel fde4f481d9 nixos/plasma5: Make kwinrc/kdeglobals internally configurable
This is used with the Plasma Mobile configuration to configure the
system as upstream recommends.
2021-12-03 20:17:04 -05:00
Artturi 610b719d91
Merge pull request #148491 from Artturin/sendkeydelay
nixos/test-driver: add 10ms delay to send_key
2021-12-04 02:13:49 +02:00
Niklas Hambüchen 6c9f46d063
Merge pull request #148389 from GTrunSec/consul
nixos/consul: update deprecated setting
2021-12-03 21:53:10 +01:00
Martin Weinelt 42ae887b23
Merge pull request #148471 from Ma27/postfix-exporter-hardening 2021-12-03 20:26:10 +01:00
Artturin 60422ba2ea nixos/test-driver: add 10ms delay to send_key
attempt to fix https://github.com/NixOS/nixpkgs/issues/147294
2021-12-03 20:04:56 +02:00
Maximilian Bosch 8e6d403e65
nixos/prometheus-postfix-exporter: whitelist addr-family AF_UNIX
Otherwise, `postfix_up{path="/var/lib/postfix/queue/public/showq"}` will
always be `0` indicating an postfix outage because this is a unix domain
socket that cannot be connected to:

    2021/12/03 14:50:46 Failed to scrape showq socket: dial unix /var/lib/postfix/queue/public/showq: socket: address family not supported by protocol
2021-12-03 19:01:19 +01:00
Jörg Thalheim 4f08634a18
Merge pull request #148458 from lunik1/snapraid-fix
nixos/snapraid: relax permissions of snapraid-sync
2021-12-03 17:59:37 +00:00
Jörg Thalheim 99c916dd8e
Merge pull request #148201 from Artturin/nixservesecret
nix-serve: fix NIX_SECRET_KEY_FILE
2021-12-03 17:50:27 +00:00
GTrunSec 8e92c6c510
nixos/consul: update deprecated webUi 2021-12-03 09:46:24 -08:00
Artturi 7ca9a14f7d
Merge pull request #148382 from Artturin/lightdmtmpfile 2021-12-03 19:31:06 +02:00
Dmitry Kalinkin 721e732e36
Merge pull request #147809 from veprbl/pr/wafHook_release_notes
doc: add release notes for a wafHook change
2021-12-03 11:57:26 -05:00
Artturin d87d5731d5 nixos/tests: fix nix-serve path
nixos/tests: rename nix-ssh-serve to nix-serve-ssh

nixos/tests/nix-serve-ssh: add --experimental-features

nixos-serve: add nix-serve-ssh to passthru.tests
2021-12-03 18:40:03 +02:00
lunik1 6073b099d0
nixos/snapraid: relax permissions of snapraid-sync
Remove PrivateDevices to silence warning about SnapRAID being
unable to access disk UUIDs.

Add CAP_FOWNER when touch is enabled so file time stamps can be
set.
2021-12-03 15:55:27 +00:00
Maciej Krüger aac7065c8d
Merge pull request #148108 from mkg20001/lxdimageserver 2021-12-03 16:06:21 +01:00
Maciej Krüger 79f6a3147f
Merge pull request #147365 from FlorianFranzen/waydroid/psi-default 2021-12-03 14:58:31 +01:00
Florian Franzen 64a0cf0df2
nixos/waydroid: enable kernel psi interface if required 2021-12-03 13:04:17 +01:00
Kerstin Humm ac8a9c3f03
Revert "nixos/borgbackup: specify systemd WorkingDirectory"
This reverts commit 62ab77a322.

This broke nixosTests.borgbackup:
https://github.com/NixOS/nixpkgs/pull/143995#issuecomment-985136152
2021-12-03 12:21:13 +01:00
kyren c23851c47e Fix shairport-sync module to create and set an explicit group 2021-12-03 03:16:03 -05:00
Artturin ebbfccf8a0 nixos/lightdm: fix tmpfile by changing 0 to -
Closes https://github.com/NixOS/nixpkgs/issues/116631
2021-12-03 06:22:21 +02:00
Philipp Dargel a3401f6e33 OpenJDK: expose more versions
Provide a way to access all JDK versions.
2021-12-02 17:54:20 -08:00
ajs124 757dd008b2 postgresql_9_6: drop 2021-12-03 01:14:29 +01:00
github-actions[bot] 987163192b
Merge master into staging-next 2021-12-03 00:01:31 +00:00
ajs124 559552ea19
Merge pull request #145695 from mohe2015/step-ca-tests
nixos/tests: add step-ca test
2021-12-03 00:54:10 +01:00
Nicolas Benes 7065725f68
doc: add release notes for a wafHook change 2021-12-02 18:46:48 -05:00
Robert Hensing 66c19d856b
Merge pull request #148341 from hercules-ci/add-dockerTools-customization-layer-dependencies
dockerTools: Add store dependencies of the customization layer
2021-12-03 00:20:44 +01:00
Robert Hensing d0bcc212de nixosTests.docker-tools: Use unique binary in test case 2021-12-02 22:26:05 +00:00
pennae 3e9c5fc8ca nixos/*: escape config reference in examples and descriptions 2021-12-02 22:35:05 +01:00
pennae 2512455639 nixos/*: add trivial defaultText for options with simple defaults 2021-12-02 22:35:04 +01:00
Martin Weinelt 42ffc37872
Merge pull request #148307 from mweinelt/release-notes-fixups 2021-12-02 22:06:07 +01:00
Aaron Andersen ac573f3975
Merge pull request #148049 from hexagonal-sun/shairport-firewall-rules
nixos/shairport-sync: add firewall rules
2021-12-02 15:21:28 -05:00
Matthew Leach ea90c516e7 nixos/shairport-sync: add firewall rules
Add an option to automatically open the firewall for shairport.
2021-12-02 19:24:50 +00:00
Ilan Joselevich c0f4b20db7 nextcloud23: init at 23.0.0 2021-12-02 20:53:21 +02:00
Robert Hensing 78ada83361 nixos/eval-config: Deprecate extraArgs and check parameters 2021-12-02 18:23:43 +00:00
Robert Hensing 1a223857ab nixos/documentation: Use new extendModules instead of legacy args 2021-12-02 18:23:43 +00:00
Robert Hensing 0b5aea2b27 nixos/eval-config: Remove a rec 2021-12-02 18:23:43 +00:00
Robert Hensing 59c4a35aab nixos/eval-config: Avoid evalModules args and check parameters 2021-12-02 18:23:43 +00:00
Martin Weinelt 34d4676e9d
nixos/doc/manual/release-notes/rl-2111: fix multiple option links 2021-12-02 19:03:05 +01:00
github-actions[bot] bcc4d12e17
Merge master into staging-next 2021-12-02 18:01:11 +00:00
Martin Weinelt d1da5658a6
nixos/doc/manual/release-notes/rl-2111: move highlights introduction 2021-12-02 18:45:04 +01:00
AmineChikhaoui fa06cf556e ec2-amis: add release 21.11 2021-12-02 11:01:47 -05:00
Artturin 2fb77151e8 nix-serve: fix NIX_SECRET_KEY_FILE 2021-12-02 17:45:50 +02:00
github-actions[bot] a68e0fdca5
Merge master into staging-next 2021-12-02 12:01:12 +00:00
adisbladis fafe9a8d04
Merge pull request #148236 from Vonfry/emacs/remove-org-elpa
emacsPackages.orgPackages: deprecated
2021-12-02 01:43:22 -08:00
talyz ab042d6452
discourse.plugins: Update all plugins to their latest versions
Also, add support for updating plugins which keep gem versions in
files at the root of the repo (discourse-prometheus) and replace the
`up-plugin.sh` script with a README file pointing to the plugin
packaging documentation.
2021-12-02 10:43:14 +01:00
talyz e2415dbb8f
discourse: 2.7.9 -> 2.8.0.beta9
Update to the latest beta, since upstream advocates for it. See
https://github.com/NixOS/nixpkgs/issues/146308 for more info.
2021-12-02 10:31:00 +01:00
Jacek Galowicz 58371472fe
Merge pull request #146512 from DeterminateSystems/better-visibility
nixos/test-driver: more context when step finishes, give more functions nested labels
2021-12-02 09:26:21 +00:00
Vonfry 932ab304f0
emacsPackages.orgPackages: deprecated
org elpa is deprecated and moved into gnu elpa and nongnu elpa.

link: nix-community/emacs-overlay#191
2021-12-02 16:16:59 +08:00
github-actions[bot] 4746376a5f
Merge master into staging-next 2021-12-02 00:01:31 +00:00
Michele Guerini Rocco 9342984bde
Merge pull request #148160 from bb2020/transmission
nixos/transmission: adjust message-level enum
2021-12-01 21:28:16 +01:00
Jacek Galowicz 57dc1085dc
Merge pull request #146271 from DeterminateSystems/better-timeouts
nixos/test-driver: add execute_with_timeout, add (functional) timeouts to more functions
2021-12-01 19:01:05 +00:00
Martin Weinelt 0804405afb
Merge pull request #148086 from mweinelt/hass-consider-extracomponents 2021-12-01 19:43:33 +01:00
Cole Helbling af765f3abd nixos/test-driver: give more functions nested labels
This will make it easier to trace through the test execution without
having to scroll through the entire kernel output.
2021-12-01 10:29:56 -08:00
Cole Helbling c6ee63259a nixos/test-driver: more context when step finishes
When displaying the amount of time some step took, with no other
context, it becomes nigh impossible (especially in longer tests) to see
when specific steps finished.
2021-12-01 10:29:56 -08:00
github-actions[bot] 523293d53d
Merge master into staging-next 2021-12-01 18:01:12 +00:00
Vincent Haupert 3cf9508c72 nixos/github-runner: refactor tokens handling
This commit changes how we deal with the current token, i.e., the token
which may exist from a previous runner registration, and the configured
token, i.e., the path set for the respective NixOS configuration option.

Until now, we copied the configured and the current token (if any) to
the runtime directory to compare them. The path of the current token may
reference a file which is only accessible to specific users (even only
root). Therefore, we ran the copying of credentials with elevated
privileges by prefixing the `ExecStartPre=` script with a `+` (see
systemd.service(5)). In this script, we also changed the owner of the
files to the service user. Apparently, however, the user/group pair
sometimes did not exist because we use `DynamicUser=`.

To address this issue, we no longer change the owner of the file.
Instead, we change the file permissions to 0666 to allow the runner
configuration script (runs with full sandboxing) to read-write the file.
Due to the current permissions of the runtime directory (0755), this
would expose the token. Therefore, we process the tokens in the state
directory, which is only accessible to the service user.

If a new token file exists in the state directory, the configuration
script should trigger a new runner registration. Afterward, it deletes
the new token file. The token is still available using the path of the
current token which is inaccessible within the service's sandbox.
2021-12-01 16:15:43 +01:00
Bobby Rong 28a115edc4
pantheon.extra-elementary-contracts: drop 2021-12-01 23:00:10 +08:00
bb2020 21a54a4e4c nixos/transmission: adjust message-level enum 2021-12-01 17:55:06 +03:00
Bobby Rong b5038e5127
pantheon.gnome-bluetooth-contract: init at unstable-2021-02-23 2021-12-01 22:42:21 +08:00
Bobby Rong 0a9d1ce156
pantheon.file-roller-contract: init at unstable-2021-02-23 2021-12-01 22:42:21 +08:00
Robert Hensing 0f33d439a7
Merge pull request #140992 from hercules-ci/aarch64-amis
Add aarch64 AMIs
2021-12-01 14:48:00 +01:00
Thiago Kenji Okada d5f93fc0d5
Merge pull request #148080 from LibreCybernetics/update-gnome-docs
gnome: update docs regarding nvidiaWayland
2021-12-01 10:35:16 -03:00
Martin Weinelt 3070c350e6
Merge pull request #148082 from mweinelt/charybdis-reload 2021-12-01 13:02:11 +01:00
github-actions[bot] f6f101cca5
Merge master into staging-next 2021-12-01 12:01:26 +00:00
Robert Hensing 8a129f8cf0
Merge pull request #144094 from hercules-ci/nixos-specialisations-use-extendModules
nixos/specialisation: Rephrase in terms of extendModules, noUserModules
2021-12-01 11:03:36 +01:00
Michele Guerini Rocco d616fde3ae
Merge pull request #146967 from AndrewKvalheim/PermanentMACAddress
nixos/doc: improve example of renaming network interfaces
2021-12-01 09:03:14 +01:00
Maciej Krüger 7a89ee6171
nixos/lxd-image-server: fix logrotate 2021-12-01 08:39:36 +01:00
Martin Weinelt 9e234eba80 nixos/tests/home-assistant: test hardening with extraComponents 2021-12-01 01:19:01 +01:00
Martin Weinelt 254dd2a102 nixos/home-assistant: consider extraComponents in hardening
Previously the extraComponents added to an overriden package would not
have been considered in hardening measures enforced by the module.

Home Assistant is warning the user about component definitions having
moved away from YAML, so using an override to include support for a
component might become the better way moving forward.
2021-12-01 01:09:52 +01:00
github-actions[bot] 80fce0f4a7
Merge master into staging-next 2021-12-01 00:01:49 +00:00
Martin Weinelt 1f726635ee nixos/charybdis: implement reload functionality
IRC daemons are highly stateful daemons, so allow config changes without
kicking all server and client connections.

Basically a port of 60c62214f5.
2021-11-30 23:33:34 +01:00
Fabián Heredia Montiel 5bb9d9176d gnome: update docs regarding nvidiaWayland 2021-11-30 15:59:30 -06:00
Ryan Mulligan 7f4e071274 nixos/tests/drbd: init 2021-11-30 21:44:11 +01:00
Ryan Mulligan aa37441c3e nixos/drbd: fix
- fix environment.etc."drbd.conf"
- don't generate an ExecStart script for just one command
2021-11-30 21:43:51 +01:00
Sandro 39b1caa278
Merge pull request #146345 from SuperSandro2000/locate-pruneBindMounts 2021-11-30 21:16:25 +01:00
Sandro 06811e74f3
Merge pull request #146533 from SuperSandro2000/nginx 2021-11-30 21:16:09 +01:00
pennae 8072ee22f2 dhcpcd, nixos/dhcpcd: enable privsep
dhdpcd 9 support privilege separation with a dedicated user and seccomp
filtering. this has been enabled for a while in other distributions as
well.

if the dhcpcd module is not used and the _dhcpcd user/group isn't
definied otherwise dhcpcd will fall back to not using privsep.
2021-11-30 19:51:45 +01:00
pennae 5269674a6d dhcpcd: 8.1.4 -> 9.4.1
by @erictapen:

- Removed note about testing and moved it to passthru.tests
- Removed patch, as it is probably the same as
  56b2bb17d2ec67e1f93950944211f6cf8c40e0fb, wich landed in upstream.

other changes:

- changed PIDFile in the module, since dhcpcd 9 changed the location
2021-11-30 19:51:45 +01:00
github-actions[bot] 3c6eb8fe49
Merge master into staging-next 2021-11-30 18:01:33 +00:00
Sandro 1841f5f81c
Merge pull request #146336 from SuperSandro2000/locate-fs 2021-11-30 18:06:10 +01:00
Aaron Andersen 1800a86072
Merge pull request #146965 from pmeiyu/webdav
Add webdav-server-rs
2021-11-30 12:03:27 -05:00
Jan Tojnar dad4fddd52 nixos/nvidia: check modesetting for gdm-wayland only when gdm is enabled
Reported in https://github.com/NixOS/nixpkgs/pull/147153#issuecomment-982695772
2021-11-30 16:06:21 +01:00
Roman Frołow de6181dc51
nixos/acme: fix typo in docs 2021-11-30 21:31:50 +08:00
Martin Schwaighofer af180d554b qemu, runInLinuxVM: change default cpu to qemu64
The flag -cpu max leaves QEMU 6.1.0 stuck on some systems,
for example when /dev/kvm is not read-writable.
This does not happen with -cpu qemu64.

Getting stuck like that is a regression in 6.1.0 not yet present in 6.0.0
and should be fixed with 6.2.0 according to early testing with rc1.

We should consider reverting this change when we merge QEMU 6.2.0.
See #146526.

fixes #141596
2021-11-30 13:06:22 +00:00
Vincent Haupert ce81231420 nixos/networkd: add dhcpServerStaticLeaseConfig option
Add `systemd.network.networks.*.dhcpServerStaticLeaseConfig` to allow
for configuring static DHCP leases through the `[DHCPServerStaticLease]`
section. See systemd.network(5) of systemd 249 for details.

Also adds the NixOS test `systemd-networkd-dhcpserver-static-lease` to
test the assignment of static leases.
2021-11-30 09:58:33 +01:00
github-actions[bot] 18ca52de87
Merge master into staging-next 2021-11-30 06:01:26 +00:00
Artturi 6c39b6eda2
Merge pull request #147967 from Artturin/increasebootsizes 2021-11-30 06:30:05 +02:00
Peng Mei Yu 4abccb5466 nixos/webdav: set uid and gid 2021-11-30 10:19:14 +08:00
Peng Mei Yu ce4ad53e6a nixos/webdav-server-rs: init 2021-11-30 10:19:14 +08:00
Timothy DeHerrera 2f0f91fe69
Merge pull request #147898 from tomberek/release_bump
nixos/rl-21.11: bump
2021-11-29 19:12:44 -07:00
Artturin c19234d0df nixos/tests/installer: increase /boot sizes to 100MB 2021-11-30 03:53:14 +02:00
Timothy DeHerrera b1faa37cdf 21.11 Release Notes: fix typos 2021-11-29 20:15:37 -05:00
Tom Bereknyei af92f1c0cc [21.11] update README.md
[21.11] update upgrading

[21.11] update release date

run generation
2021-11-29 20:15:35 -05:00
Artturi 14d0efe51a
Merge pull request #147939 from NixOS/revert-116290-mar2021-hidpi 2021-11-30 02:50:14 +02:00
github-actions[bot] 941a6593c8
Merge master into staging-next 2021-11-30 00:01:51 +00:00
Kevin Cox b7caba7f59
Merge pull request #146902 from fgaz/vengi/init
vengi-tools: init at 0.0.14
2021-11-29 17:16:44 -05:00
Kevin Cox 2b35c41b81
Merge pull request #147153 from LibreCybernetics/enable-nvidia-wayland-on-gdm-by-default
nixos/gdm: enable nvidiaWayland by default
2021-11-29 17:15:06 -05:00
Artturi 04a499cdde
Revert "nixos/hidpi: add xserver dpi" 2021-11-29 23:26:46 +02:00
talyz e8cc900eae
make-disk-image: Make additionalPaths work with Nix 2.4
The `nix` command is marked as experimental since 2.4, so an extra
flag is required to unlock it.
2021-11-29 21:11:15 +01:00
Sandro 61c3243dc7
Merge pull request #113887 from xaverdh/install-grub-editorconfig-fixup 2021-11-29 21:03:41 +01:00
github-actions[bot] 909b92e198
Merge master into staging-next 2021-11-29 18:01:23 +00:00
Aaron Andersen a4977db2e8
caddy: include and utilize systemd service from upstream (#147305) 2021-11-29 23:16:25 +09:00
Aaron Andersen f366af7a1b
Merge pull request #136630 from mweinelt/logrotate-hourly
nixos/logrotate: allow hourly frequency
2021-11-29 07:42:14 -05:00
github-actions[bot] 096c9145eb
Merge master into staging-next 2021-11-29 12:01:28 +00:00
Peng Mei Yu 640e54cda9 maintainers: Rename pengmeiyu to pmy 2021-11-29 18:39:31 +08:00
Lucas Savva be952aba1c nixos/acme: Fix rate limiting of selfsigned services
Closes NixOS/nixpkgs#147348

I was able to reproduce this intermittently in the
test suite during the tests for HTTPd. Adding
StartLimitIntervalSec=0 to disable rate limiting
for these services works fine. I added it anywhere
there was a ConditionPathExists.
2021-11-29 11:15:31 +01:00
Maciej Krüger e14fadd95c
Merge pull request #147080 from mkg20001/cinstuff 2021-11-29 07:26:02 +01:00
github-actions[bot] a0e9d6e2c6
Merge master into staging-next 2021-11-29 00:01:22 +00:00
sternenseemann 31ff641504 Merge remote-tracking branch 'origin/master' into haskell-updates 2021-11-28 19:31:56 +01:00
github-actions[bot] 017d32f216
Merge master into staging-next 2021-11-28 18:00:57 +00:00
Michele Guerini Rocco af63e81ad9
Merge pull request #147683 from rnhmjoj/pr-monero-cli
monero: rename to monero-cli
2021-11-28 16:54:21 +01:00
Graham Christensen 5ce7574ce8
Merge pull request #147399 from dali99/update_hydrus2
hydrus: 462 -> 463
2021-11-28 10:54:10 -05:00
rnhmjoj 97a3b2af1d
monero: rename to monero-cli
To make repology.org happy, use the -cli suffix.
2021-11-28 11:35:14 +01:00
github-actions[bot] 2534e1384b
Merge master into staging-next 2021-11-28 06:01:05 +00:00
Artturi f62e110ae4
Merge pull request #147323 from Artturin/vmwareguest 2021-11-28 06:56:56 +02:00
Daniel Olsen 0fff6b89ea hydrus: 462 -> 463 2021-11-28 04:11:31 +01:00
Daniel Olsen 40fb87f5ca nixos/doc: Add note about big updates regarding hydrus to release notes 2021-11-28 04:11:30 +01:00
github-actions[bot] 7012b918c3
Merge master into haskell-updates 2021-11-28 00:08:47 +00:00
github-actions[bot] 9c838c8b51
Merge master into staging-next 2021-11-28 00:02:51 +00:00
Artturi 16eb003524
Merge pull request #146467 from l0b0/test-pam-d-generation 2021-11-27 22:32:46 +02:00
Victor Engmark dcb941f3ed security/pam: Document test location 2021-11-27 20:36:50 +02:00
Victor Engmark 3b2e6e72fa tests: Move all PAM tests into a separate directory
As per
<https://github.com/NixOS/nixpkgs/pull/146467#issuecomment-972743535>.
2021-11-27 20:36:50 +02:00
Michael Weiss 1cfecb636b
Revert "Merge pull request #141192 from helsinki-systems/feat/improved-socket-handling2"
This reverts commit 57961d2b83, reversing
changes made to b04f913afc.
(I.e. this reverts PR #141192.)

While well-intended, this change does unfortunately introduce very
serious regressions that are especially disruptive/noticeable on desktop
systems (e.g. users of Sway will loose their graphical session when
running "nixos-rebuild switch").

Therefore, this change has to be reverted ASAP instead of trying to fix
it in "production".
Note: An updated version should be extensively discussed, reviewed, and
tested before re-landing this change as an earlier version also had to
be reverted for the exact same issues [0].

Fix: #146727

[0]: https://github.com/NixOS/nixpkgs/pull/73871#issuecomment-559783752
2021-11-27 17:22:22 +01:00
Dominik Xaver Hörl 0360e03520 nixos/install-grub: fix whitespace
This time hopefully without changing the generated boot script.
2021-11-27 10:18:21 +01:00
Dominik Xaver Hörl 19447850a2 Revert "nixos/install-grub: normalize whitespace"
This morally reverts commit 0e8d7f9b3d.
It made the generated boot script hard to read.
2021-11-27 10:18:04 +01:00
Maciej Krüger 7aff811292
nixos/cinnamon: add xapps to extra app list 2021-11-27 09:10:58 +01:00
Victor Engmark 595543a314 tests: Verify /etc/pam.d/chfn file contents 2021-11-27 15:55:46 +13:00
github-actions[bot] c83509f73d
Merge master into haskell-updates 2021-11-27 00:07:28 +00:00
github-actions[bot] e3eba8f994
Merge master into staging-next 2021-11-27 00:01:39 +00:00
Thiago Kenji Okada 25cdc0a9c9
Merge pull request #147490 from illdefined/nix-daemon
modules/nix-daemon: Add missing mk(Rename|Removed)OptionModule
2021-11-26 19:31:02 -03:00
github-actions[bot] b529eccbb3
Merge master into staging-next 2021-11-26 18:01:19 +00:00
Thiago Kenji Okada 6f4eab2bd1
Merge pull request #147459 from samueldr/fix/nix-bash-completion-2.4
Fix bash completion for stable nix-* commands with Nix 2.4
2021-11-26 10:32:51 -03:00
Mikael Voss 257e92258e
modules/nix-daemon: Add missing mk(Rename|Removed)OptionModule
Commit 3a92a1a replaced the nix.daemonNiceLevel and nix.daemonIONiceLevel
options. This commit adds appropriate mk(Rename|Removed)OptionModule.
2021-11-26 13:25:20 +01:00
github-actions[bot] 956b399ffa
Merge master into staging-next 2021-11-26 12:01:30 +00:00
Samuel Dionne-Riel 8e92630aae nixos: Provide nix-bash-completions again for stable commands 2021-11-26 02:16:56 -05:00
Victor Engmark e0f1682910 nixos/installer: Quote variable references
See <https://github.com/koalaman/shellcheck/wiki/SC2086>.
2021-11-26 18:58:08 +13:00
Victor Engmark c9a7385997 nixos/installer: Use -n instead of ! -z
See <https://github.com/koalaman/shellcheck/wiki/SC2236>.
2021-11-26 18:55:53 +13:00
Victor Engmark adb8f5c858 nixos/installer: Mark scripts as Bash for ShellCheck
See <https://github.com/koalaman/shellcheck/wiki/SC2239>.
2021-11-26 18:54:23 +13:00
sternenseemann d4c2ca42d9 Merge remote-tracking branch 'origin/master' into haskell-updates 2021-11-25 21:20:21 +01:00