1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-21 05:25:38 +00:00
Commit graph

17446 commits

Author SHA1 Message Date
Martin Weinelt 9cc60287dc
Merge pull request #127554 from mweinelt/babel
nixos/babeld: update hardening
2021-06-23 21:53:20 +02:00
Michael Weiss eb8a694d92
nixos/sway: Drop rxvt-unicode from the extraPackages default
Upstream switched to Alacritty for the default configuration.
2021-06-23 17:35:20 +02:00
Sandro 1956a52857
Merge pull request #126656 from jwoudenberg/add-system76-power 2021-06-23 12:54:22 +02:00
Niklas Hambüchen 959c4e82bc
Merge pull request #100255 from nh2/sshd-default-log-level-info
sshd service: Default to INFO logLevel (upstream default)
2021-06-23 02:06:54 +02:00
Niklas Hambüchen 4bd5f1115f
Merge pull request #127166 from nh2/xserver-config-mkAfter-docs
services.xorg.config: Extend docs
2021-06-23 01:55:58 +02:00
Niklas Hambüchen a48fea4c5e sshd service: Default to INFO logLevel (upstream default).
The previous justification for using "VERBOSE" is incorrect,
because OpenSSH does use level INFO to log "which key was used
to log in" for sccessful logins, see:
6247812c76/auth.c (L323-L328)

Also update description to the wording of the sshd_config man page.

`fail2ban` needs, sshd to be "VERBOSE" to work well, thus
the `fail2ban` module sets it to "VERBOSE" if enabled.

The docs are updated accordingly.
2021-06-23 01:49:11 +02:00
Niklas Hambüchen e85693afde
Merge pull request #127157 from nh2/xserver-readable-config-indentation
xserver: Generate readable config indentation
2021-06-23 01:16:50 +02:00
Maximilian Bosch 5aad4e73b6
privacyIDEA: 3.5.2 -> 3.6
ChangeLog: https://github.com/privacyidea/privacyidea/releases/tag/v3.6

Unfortunately we have to use `sqlalchemy` at 1.3 for `sqlsoup`. As
`sqlalchemy` is required by a lot of packages, I decided to move this
package out of `pythonPackages` itself and instantiate a new
`pythonPackages` inside the expression where `sqlalchemy` points to
`sqlalchemy_1_3`.
2021-06-22 15:36:36 +02:00
Sandro 5f44b42bf4
Merge pull request #127641 from xfix/promethus-state-permissions 2021-06-22 10:23:56 +02:00
Linus Heckemann 203e81e4ee
Merge pull request #125281 from zhaofengli/phosh-systemd
phosh: 0.10.2 -> 0.11.0
2021-06-22 08:23:29 +02:00
Konrad Borowski 447b1cf03d nixos/prometheus: allow state access for service only
There is no reason for Prometheus state files to be
world-readable.
2021-06-21 10:16:47 +02:00
Sandro 84a79c2f0f
Merge pull request #126284 from aanderse/zabbix-user-params
zabbixAgent: add bash to $PATH
2021-06-20 17:58:43 +02:00
Sandro e6a012fb00
Merge pull request #127063 from talyz/fail2ban-restart
nixos/fail2ban: Remove `reloadIfChanged = true`
2021-06-20 17:57:57 +02:00
Martin Weinelt 8739f8cd7b
nixos/babeld: update hardening 2021-06-20 13:52:49 +02:00
illustris e0089c38ca nixos/jitsi-meet: include jitsi prosody plugins in prosody extraPluginPaths 2021-06-20 12:36:51 +02:00
illustris 34b9ba2e61 nixos/jitsi-meet: Update jitsi prosody configs
Changes made as per b6f7f8fba7
2021-06-20 12:36:51 +02:00
Martin Weinelt af664bf942
Merge pull request #127127 from mweinelt/home-assistant
nixos/home-assistant: update hardening
2021-06-18 20:15:05 +02:00
Niklas Hambüchen 65d3180336 services.xorg.config: Extend docs 2021-06-17 04:08:21 +02:00
Niklas Hambüchen 685e8ff7dd xserver: Generate readable config indentation 2021-06-17 03:34:40 +02:00
Martin Weinelt 36659d1efa
nixos/home-assistant: update hardening
This makes access to serial devices contingent on using certain
components and restricts the default setup even further.
2021-06-16 21:31:24 +02:00
Sandro 22a29f491a
Merge pull request #124566 from mweinelt/synapse-jemalloc 2021-06-16 17:52:56 +02:00
talyz b4c069b147
nixos/fail2ban: Remove reloadIfChanged = true
This makes the service fail when upgrading the package, so let's
properly restart it instead.
2021-06-16 13:52:46 +02:00
Erik Skytthe d1b4158155
nixos/grafana: Change services.grafana.provision.datasources.*.type to be open (#126831) 2021-06-16 11:12:51 +02:00
markuskowa 5ad54b5bc9
Merge pull request #126785 from oxzi/ucarp-1.5.2
ucarp: init at 1.5.2 / nixos/ucarp: init / nixos/test/ucarp: init
2021-06-16 10:54:23 +02:00
Sandro b8958bbfa6
Merge pull request #126874 from legendofmiracles/espanso-cleanup
espanso: add runtime dependencies correctly, nixos/espanso remove path hack
2021-06-16 03:01:18 +02:00
Martin Weinelt 60c62214f5
nixos/solanum: implement reload and allow config changes
Reload only works with a static configuration path as there is no way to
pass the dynamically generated config path to a running solanum
instance, therefore we symlink the configuration to
/etc/solanum/ircd.conf.

But that will prevent reloads of the ircd, because the systemd unit
wouldn't change when the configuration changes. That is why we add the
actual location of the config file to restartTriggers and enable
reloadIfChanged, so changes will not restart, but reload on changes.
2021-06-16 00:19:35 +02:00
Robert Hensing c2c47cc85b
Merge pull request #126922 from hercules-ci/ssh-keys-example
nixos/ssh: Add an example of verbatim keys
2021-06-15 21:38:19 +02:00
Alvar Penning 8673a40eda nixos/ucarp: init 2021-06-15 18:13:31 +02:00
Martin Weinelt fb49094c3f
nixos/home-assistant: NixOS is an unsupported installation method
Trying to steer NixOS users away from reporting bugs to the upstream,
when they don't have the capacity to support bugs that could be the
result of our downstreaming setup.
2021-06-15 15:31:01 +02:00
Sandro 2b49e4e735
Merge pull request #107728 from nessdoor/master 2021-06-15 14:40:21 +02:00
Robert Hensing dab747106e nixos/ssh: Document authorizedKeysFiles properly 2021-06-15 12:23:09 +02:00
Robert Hensing 8352cc9a23 nixos/ssh: Add an example of verbatim keys
This confused someone on SO.
2021-06-15 11:51:41 +02:00
Bernardo Meurer 2d29f4f2e7
Merge pull request #112971 from lovesegfault/roon-bridge
roon-bridge: init at 1.8-795
2021-06-14 19:57:20 -07:00
Aamaruvi Yogamani 358aa90e30
nixos/auto-cpufreq: fix service wantedBy 2021-06-14 20:01:26 -04:00
legendofmiracles 3e7ec42d68
espanso: add runtime dependencies correctly, nixos/espanso remove path hack 2021-06-14 13:09:57 -06:00
Profpatsch 799cdbd834 tailscale: add interfaceName option
tailscale allows to specify the interface name.
The upstream systemd unit does not expose it directly however, only
via the `FLAGS` environment variable.

I can’t be 100% sure that the escaping is correct, but this is as good
as we can do for now, unless upstream changes their unit file.
2021-06-14 11:25:08 +02:00
Kim Lindberger 26706834a5
Merge pull request #86967 from jakobrs/more-general-fsbefore
nixos/lib/utils: Add `fileSystems.<name>.depends` option and generalise fsBefore (fixes #86955)
2021-06-14 10:50:07 +02:00
Jasper Woudenberg 04d20258ea system76-power: init at 1.1.16 2021-06-13 22:11:42 +02:00
Robert Hensing ab11d2114e
Merge pull request #126680 from roberth/empty
emptyFile, emptyDirectory: init
2021-06-13 20:45:21 +02:00
Bernardo Meurer c8f95fd174
nixos.roon-bridge: init 2021-06-13 03:38:42 -07:00
Sandro 3d6416cc20
nixos/synergy: add encryption support to server (#125002)
Co-authored-by: Joshua Trees <me@jtrees.io>
2021-06-12 21:35:04 +02:00
Michele Guerini Rocco ff4f74259a
Merge pull request #126658 from ncfavier/patch-2
nixos/console: allow console.font to be a path
2021-06-12 18:47:18 +02:00
Robert Hensing d48591123f nixos/apache-httpd: Use pkgs.emptyDirectory 2021-06-12 17:28:42 +02:00
Naïm Favier 39bc736382
nixos/console: allow console.font to be a path
As for console.keyMap, all uses of this option are compatible with paths. This allows doing things like `console.font = pkgs.runCommand ...`.
2021-06-12 13:24:32 +02:00
misuzu ad502ab5c5 nixos/sourcehut: automatically build and import qemu image for docker 2021-06-11 11:48:49 -04:00
Domen Kožar 2072bba95d
Merge pull request #125311 from jansol/pipewire
pipewire: 0.3.27 -> 0.3.30
2021-06-11 16:48:52 +02:00
Joshua Trees 706ce9e230 nixos/synergy: add encryption support
Make it possible to use the Synergy server with TLS encryption without
resorting to the GUI.
2021-06-11 14:52:34 +02:00
Maciej Krüger 3f062397a5
x2goserver: fix rename whole module 2021-06-11 09:07:23 +02:00
Maciej Krüger 6dbeea0b40
nixos/x2goserver: put into networking, like xrdp 2021-06-11 08:13:49 +02:00
Maciej Krüger 03071fd5e3
nixos/xrdp: add openFirewall option 2021-06-11 08:13:48 +02:00