1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-30 01:20:40 +00:00
Commit graph

24900 commits

Author SHA1 Message Date
Artturi 3239e947d1
Merge pull request #151156 from Artturin/fsckonbat 2021-12-27 04:18:40 +02:00
Bobby Rong 2684d1a990
Merge pull request #148832 from r-ryantm/auto-update/autorestic
autorestic: 1.3.0 -> 1.5.0
2021-12-27 10:01:42 +08:00
Bernardo Meurer 2d7fc66c79
nixos/gvfs: fix libmtp udev package path
As pointed out by @sigprof[1] my bump of libmtp silently broke this, as I
moved the udev files out of the bin output of the pkg.

[1]: https://github.com/NixOS/nixpkgs/pull/144290#discussion_r775266642
2021-12-26 20:05:14 -03:00
Lucas Savva 46cd06eb9d
nixos/acme: Add test for caddy
This test is technically broken since reloading caddy
does not seem to load new certs. This needs to be fixed
in caddy.
2021-12-26 21:12:40 +00:00
Lucas Savva 65f1b8c6ae
nixos/acme: Add test for lego's built-in web server
In the process I also found that the CapabilityBoundingSet
was restricting the service from listening on port 80, and
the AmbientCapabilities was ineffective. Fixed appropriately.
2021-12-26 16:49:59 +00:00
Silvan Mosberger 2dcc3daadf
nixos/acme: Clean up default handling 2021-12-26 16:49:58 +00:00
Lucas Savva 41fb8d71ab
nixos/acme: Add useRoot option 2021-12-26 16:49:57 +00:00
Lucas Savva 8d01b0862d
nixos/acme: Update documentation
- Added defaultText for all inheritable options.
- Add docs on using new defaults option to configure
  DNS validation for all domains.
- Update DNS docs to show using a service to configure
  rfc2136 instead of manual steps.
2021-12-26 16:49:55 +00:00
Lucas Savva 07c1583309
nixos/acme: Update release notes 2021-12-26 16:49:52 +00:00
Lucas Savva 377c6bcefc
nixos/acme: Add defaults and inheritDefaults option
Allows configuring many default settings for certificates,
all of which can still be overridden on a per-cert basis.
Some options have been moved into .defaults from security.acme,
namely email, server, validMinDays and renewInterval. These
changes will not break existing configurations thanks to
mkChangedOptionModule.

With this, it is also now possible to configure DNS-01 with
web servers whose virtualHosts utilise enableACME. The only
requirement is you set `acmeRoot = null` for each vhost.

The test suite has been revamped to cover these additions
and also to generally make it easier to maintain. Test config
for apache and nginx has been fully standardised, and it
is now much easier to add a new web server if it follows
the same configuration patterns as those two. I have also
optimised the use of switch-to-configuration which should
speed up testing.
2021-12-26 16:44:10 +00:00
Lucas Savva a7f0001328
nixos/acme: Check for revoked certificates
Closes #129838

It is possible for the CA to revoke a cert that has not yet
expired. We must run lego to validate this before expiration,
but we must still ignore failures on unexpired certs to retain
compatibility with #85794

Also changed domainHash logic such that a renewal will only
be attempted at all if domains are unchanged, and do a full
run otherwises. Resolves #147540 but will be partially
reverted when go-acme/lego#1532 is resolved + available.
2021-12-26 16:44:09 +00:00
Lucas Savva 87403a0b07
nixos/acme: Add a human readable error on run failure
Closes NixOS/nixpkgs#108237

When a user first adds an ACME cert to their configuration,
it's likely to fail to renew due to DNS misconfig. This is
non-fatal for other services since selfsigned certs are
(usually) put in place to let dependant services start.
Tell the user about this in the logs, and exit 2 for
differentiation purposes.
2021-12-26 16:44:08 +00:00
Lucas Savva a88d846b91
nixos/acme: Remove selfsignedDeps from finished targets
selfsignedDeps is already appended to the after and wants
of a cert's renewal service, making these redundant.

You can see this if you run the following command:
systemctl list-dependencies --all --reverse acme-selfsigned-mydomain.com.service
2021-12-26 16:44:07 +00:00
Aaron Andersen 9ec14cd78d
Merge pull request #151255 from aanderse/nixos/mysql-cleanup
nixos/mysql: module cleanup
2021-12-25 17:04:35 -05:00
Aaron Andersen baa0e61569
Merge pull request #147973 from aanderse/nixos/caddy
nixos/caddy: introduce several new options
2021-12-25 17:01:54 -05:00
Lassulus 028f8c7625
Merge pull request #151482 from jbpratt/kubevirt
virtualisation: implement kubevirt config
2021-12-25 22:05:00 +01:00
Bobby Rong 8bc21bca03
nixos/rl-2205: mention autorestic update 2021-12-25 20:18:09 +08:00
Emery Hemingway 02cb654a4d nixos/stubby: reduce to a settings-style configuration
Extract the example configuration from the package to provide a
working example.

Remove pkgs.stubby from `environment.systemPackages`.
2021-12-25 12:07:06 +01:00
7c6f434c b0f154fd44
Merge pull request #147027 from Izorkin/update-nginx-ktls
nginxMainline: enable ktls support
2021-12-24 10:23:17 +00:00
Maximilian Bosch 3d91acc39a
Merge pull request #151481 from Ma27/privacyidea-uwsgi-buffer-size
nixos/privacyidea: increase buffer-size of uwsgi from 4096 to 8192
2021-12-24 10:21:24 +01:00
Bobby Rong 7378b39d1d
Merge pull request #149704 from squalus/nginx-prometheus-exporter-fix
nixos/prometheus-nginx-exporter: fix argument syntax
2021-12-23 10:27:16 +08:00
Guillaume Girol d96a3994cc nixos/collectd: validate config file syntax at build time 2021-12-23 00:08:43 +01:00
Guillaume Girol b55a253e15 nixos/collectd: add nixos test 2021-12-23 00:08:43 +01:00
Aaron Andersen d621ad09a8 nixos/mysql: minor cleanup and formatting 2021-12-22 08:57:18 -05:00
Aaron Andersen a96f6ef187 nixos/mysql: remove services.mysql.bind and services.mysql.port in favor of services.mysql.settings 2021-12-22 08:57:14 -05:00
Nikolay Amiantov ab64310a5e docker-rootless service: init 2021-12-22 14:23:23 +03:00
Florian Klink 60e571fa40
Merge pull request #150922 from ncfavier/systemd-tzdir
nixos/systemd: set TZDIR for PID 1
2021-12-22 11:52:27 +01:00
rembo10 3898a66cc4 Update nixos-rebuild man page to reflect target-host change
See:
https://github.com/NixOS/nixpkgs/pull/126614
2021-12-22 00:56:19 -08:00
Steven Kou 73050d70fc
thinkfan: fix typo in level
One of the valid values for the fan speed is "level disengaged",
however, it is represented as "level disengage" and does not match
what thinkfan expects.
2021-12-22 04:00:19 +08:00
jbpratt e96e5ddd1f virtualisation: implement kubevirt config
KubeVirt[1] allows for VMs to be run and managed as pods inside of
Kubernetes clusters. Information about the guests can be exposed through
qemu-guest-agent[2] as well as startup scripts can be injected through
cloud-init[3].

This config has been duplicated and modified from the `cloudstack`
config/script.

To test this out, deploy KubeVirt locally with KinD[4], build the disk
image, then package it into a container image (or upload to CDI[5]) and
provision a VirtualMachine.

[1]: https://kubevirt.io/user-guide/
[2]: https://kubevirt.io/user-guide/virtual_machines/guest_agent_information/
[3]: https://kubevirt.io/user-guide/virtual_machines/startup_scripts/#cloud-init-examples
[4]: https://kubevirt.io/quickstart_kind/
[5]: https://kubevirt.io/user-guide/operations/containerized_data_importer/#containerized-data-importer

Signed-off-by: jbpratt <jbpratt78@gmail.com>
2021-12-21 05:52:16 -06:00
Elis Hirwing e3a7c62565
Merge pull request #147411 from drupol/php/php-8.1.0
php: Init at 8.1.1
2021-12-21 12:33:07 +01:00
Aaron Andersen 81a67a3353 nixos/caddy: introduce several new options 2021-12-20 20:00:42 -05:00
Maximilian Bosch 8f9f754271
nixos/privacyidea: increase buffer-size of uwsgi from 4096 to 8192
When accessing the Audit log, I get an HTTP 502 when the frontend
requests `/audit` and I get the following error in my `nginx`-log:

    Dec 20 22:12:48 ldap nginx[336]: 2021/12/20 22:12:48 [error] 336#336: *8421 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 10.237.0.1, server: _, request: "GET /audit/?action=**&action_detail=**&administrator=**&client=**&date=**&duration=**&info=**&page=1&page_size=10&policies=**&privacyidea_server=**&realm=**&resolver=**&serial=**&sortorder=desc&startdate=**&success=**&tokentype=**&user=** HTTP/1.1", upstream: "uwsgi://unix:/run/privacyidea/socket:", host: "ldap.ist.nicht-so.sexy", referrer: "https://ldap.ist.nicht-so.sexy/"

This is because of an "invalid request block size"-error according to
`journalctl -u privacyidea.service`:

    Dec 20 22:12:48 ldap uwsgi[10721]: invalid request block size: 4245 (max 4096)...skip

Increasing the buffer to 8192 fixes the problem for me.
2021-12-21 00:51:45 +01:00
Graham Christensen 3907d19260 services.prometheus.exporters.fastly: add a smoke test 2021-12-20 10:57:31 -05:00
Graham Christensen 1753f97e13 services.prometheus.exporters.fastly: fixup broken module config 2021-12-20 10:29:13 -05:00
Pol Dellaiera 3d3479f717
php81: init at 8.1.1 2021-12-20 15:51:00 +01:00
Franz Pletz d5b0e12d9b
Merge pull request #147516 from pennae/dhcpcd
dhcpcd: 8.1.4 -> 9.4.1, module updates, enable privsep
2021-12-20 14:44:58 +01:00
pennae 971adf24eb nixos/dhcpcd: set RuntimeDirectory 2021-12-20 10:53:13 +01:00
Bob van der Linden f085d82ce0
make all daemon settings default 2021-12-19 14:17:04 +01:00
Bob van der Linden 6bbf3b6e0a
remove quotes for kebab-case settings 2021-12-19 14:17:04 +01:00
Bob van der Linden 92a23655c8
move cli options to json daemon settings 2021-12-19 14:17:04 +01:00
Bob van der Linden e8dae9246b
use pkgs.formats.json 2021-12-19 14:17:04 +01:00
Bob van der Linden c1b0d4acf5
rename daemonConfig -> daemon.settings 2021-12-19 14:16:58 +01:00
Bob van der Linden 142a1540d6
nixos/docker: add daemonConfig option
Adds the virtualisation.docker.daemonConfig option that allows
changing Docker daemon settings as done in daemon.conf.
2021-12-19 14:15:18 +01:00
Aaron Andersen 76457da532 nixos/mysql: remove services.mysql.extraOptions in favor of services.mysql.settings 2021-12-18 21:01:48 -05:00
Aaron Andersen f1d1d319ae nixos/mysql: update user and group descriptions 2021-12-18 21:01:48 -05:00
Aaron Andersen c7cac1bdc0 nixos/mysql: use systemd StateDirectory to provision the data directory 2021-12-18 21:01:42 -05:00
Andrew Marshall f10aea2434 nixos/ssh: Add enableAskPassword
Previously, this was only implicitly enabled if xserver.enable = true.
However, Wayland-based desktops do not require this, and so configuring
SSH_ASKPASS on a Wayland desktop becomes cumbersome. This simplifies
that by adding a new option that defaults to the old conditional.
2021-12-18 12:13:02 -05:00
0x4A6F 0b738b87db
Merge pull request #151145 from zhaofengli/unifi5-log4j-new-mitigation
unifi5: Follow new mitigation guidelines
2021-12-18 13:00:28 +01:00
Robert Hensing 058677c417
Merge pull request #151150 from agbrooks/oci-layer-order
dockerTools.buildImage: Fix incorrect layer unpack order before executing runAsRoot script
2021-12-18 11:03:03 +01:00
Zhaofeng Li 8bbae8e558 unifi: Add NixOS tests 2021-12-18 00:19:04 -08:00
Bobby Rong c9ec5a228d
Merge pull request #151153 from bobby285271/pantheon
Pantheon updates 2021-12-17
2021-12-18 14:01:54 +08:00
Artturin c44f95a855 nixos/stage1: run fsck on battery too
We are in 2021 almost 2022 not in 2004 when this may have been an issue!

https://alioth-lists.debian.net/pipermail/pkg-sysvinit-devel/2009-May/003196.html
https://www.nico.schottelius.org/blog/debian-ubuntu-fsck-skip-on-battery-bug/
d29daf3952
https://bugs.launchpad.net/ubuntu/+source/laptop-mode/+bug/11194
2021-12-18 06:06:10 +02:00
Bobby Rong 62103c4e41
pantheon.xdg-desktop-portal-pantheon: move to pkgs/desktop/pantheon
Only used by Pantheon AFAIK.
2021-12-18 11:35:55 +08:00
Aaron Andersen eeef6e1341
Merge pull request #151144 from Sohalt/spacenavd-syslog
nixos/spacenavd: remove syslog.target
2021-12-17 21:47:23 -05:00
Andrew Brooks 57718902e3 nixos/tests/docker-tools: add test for pre-runAsRoot layer unpack order 2021-12-17 19:26:53 -06:00
sohalt 9718fc1211 nixos/spacenavd: remove syslog.target 2021-12-18 00:59:48 +01:00
Zhaofeng Li a4bcad541e unifi5: Follow new mitigation guidelines
Simply disabling lookups isn't enough, and the JndiLookup class must be
removed:

https://web.archive.org/web/20211217085954/https://logging.apache.org/log4j/2.x/security.html
2021-12-17 15:55:13 -08:00
pennae 64bbe28843 nixos/unifi: rename openPorts to openFirewall
openFirewall is the much more common name for an option with this
effect. since the default was `true` all along, renaming it doesn't hurt
much and only improves consistency with other modules.
2021-12-17 21:30:52 +01:00
pennae 2000a1edcd nixos/unifi: add deprecation warning for openPorts
modules are discouraged from opening ports in the firewall unless
explicitly told to do so. add a deprecation notice for this in unifi.
2021-12-17 21:30:52 +01:00
ajs124 e6188c00f0
Merge pull request #149387 from sumnerevans/matrix-synapse-1.49
matrix-synapse: 1.48.0 -> 1.49.0
2021-12-17 19:51:34 +00:00
Franz Pletz 0cb8669638
dhcpcd: use dhcpcd as privsep user 2021-12-17 19:23:00 +01:00
Graham Christensen 06edb74413
Merge pull request #148785 from pennae/more-option-doc-staticizing
treewide: more defaultText for options
2021-12-17 11:14:08 -05:00
Flakebi 368b22d09b powerdns-admin: fix and add module
- Add the migrations directory to the package
- Add postgres support to the package
- Add a service for powerdns-admin

Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>
2021-12-17 10:33:40 +01:00
Bobby Rong 94144484c2
Merge pull request #148164 from veehaitch/nixos-github-runner-148024-v2
nixos/github-runner: refactor tokens handling
2021-12-17 16:28:21 +08:00
Alyssa Ross de27156be0 nixos/cage: log to journal
Previously, cage would log to the TTY it was running on top of, so log
messages were basically lost.
2021-12-16 23:55:15 +00:00
Nikolay Amiantov fe97584f15
Merge pull request #147679 from danderson/danderson/influx-update
influxdb2: 2.0.8 -> 2.1.1
2021-12-17 02:41:41 +03:00
Martin Weinelt 8086f8658e
Merge pull request #151029 from andir/snapcast-bind 2021-12-16 23:52:05 +01:00
Andreas Rammhold c9c93b0add
nixos/snapserver: use the correct bind address arguments
Snapserver expects the arguments `--tcp.bind_to_address` and
`--http.bind_to_address` instead of the `--tcp.address` (and http
equivalent) versions.

This caused the process to listen on `0.0.0.0` (for TCP and HTTP
sockets) regardless of the configuration value. It also never listend on
the IPv6 address `::` as our module system made the user believe.

This commit fixes the above issue and ensures that (at least for the TCP
socket) that our default `::` does indeed allow connections via IPv6
(to localhost aka ::1).
2021-12-16 23:27:56 +01:00
David Anderson 7708b9db26 infuxdb2: add package split to 22.05 release notes. 2021-12-16 12:17:20 -08:00
David Anderson 492f791f9d influxdb2: use the new server derivation in the nixos module. 2021-12-16 12:10:09 -08:00
Kim Lindberger ebaa226853
elk7: 7.11.1 -> 7.16.1, 6.8.3 -> 6.8.21 + add filebeat module and tests (#150879)
* elk7: 7.11.1 -> 7.16.1

* nixosTests.elk: Improve reliability and compatibility with ELK 7.x

- Use comparisons in jq instead of grepping
- Match for `.hits.total.value` if version >= 7, otherwise it always
  passes
- Make curl fail if requests fails

* nixos/filebeat: Add initial module and test

Filebeat is an open source file harvester, mostly used to fetch logs
files and feed them into logstash.

This module can be used instead of journalbeat if used with
`filebeat7` and configured with the `journald` input.

* python3Packages.parsedmarc.tests: Fix breakage

- Don't use the deprecated elasticsearch7-oss package
- Improve jq query robustness and add tracing

* rl-2205: Note the addition of the filebeat service

* elk6: 6.8.3 -> 6.8.21

The latest version includes a fix for CVE-2021-44228.

* nixos/journalbeat: Add a loose dependency on elasticsearch

Avoid unnecssary back-off when elasticsearch is running on the same
host.
2021-12-17 00:20:52 +09:00
Nikolay Amiantov 759f4afc65
tarsnap service: fix escaping (#150802) 2021-12-16 16:53:59 +03:00
zowoq 014236e9c9 nixos/kubernetes: don't import <nixpkgs> 2021-12-16 21:47:12 +10:00
Naïm Favier 901d4f13a3
nixos/systemd: set TZDIR for PID 1
Fixes #105049
2021-12-16 04:09:07 +01:00
Nikolay Amiantov aef12c8678
Merge pull request #150779 from abbradar/youtrack
youtrack: 2021.1.13597 -> 2021.4.35970, restart on failure
2021-12-15 16:04:58 +03:00
Markus S. Wamser b93e478777 writers.PyPy{2,3}: init 2021-12-15 10:01:08 +01:00
Markus S. Wamser 4e42f6bcb3 writers.writePython2: remove 2021-12-15 09:56:14 +01:00
Nikolay Amiantov 497d334c14 youtrack service: restart on failure 2021-12-15 01:40:00 +03:00
Sumner Evans c0a6554847
matrix-synapse: 1.48.0 -> 1.49.0 2021-12-14 10:34:41 -07:00
Silvan Mosberger d995f2abb9
Merge pull request #150631 from pennae/fix-option-docs-nix23
nixos/lib/make-options-doc: fix with nix 2.3
2021-12-14 11:58:41 +01:00
ajs124 84ce6a6286
Merge pull request #149868 from lostnet/couchopts
couchdb3: add vm.args option and fix pkgs.couchdb reference
2021-12-14 10:48:56 +00:00
Bobby Rong bbfbcefb02
Merge pull request #149628 from Izorkin/fix-wsdd
nixos/tests/wsdd: fix test
2021-12-14 14:58:40 +08:00
pennae a70b1eb630 nixos/lib/make-options-doc: fix with nix 2.3 2021-12-14 03:41:09 +01:00
zowoq d90103d112 Revert "kubernetes: disable rbac tests"
This reverts commit 91c6a97243.
2021-12-14 11:02:36 +10:00
Johan Thomsen 282b303e83 nixos/kubernetes: drop tty and stdin for execs in test pods 2021-12-14 11:02:07 +10:00
Julien Moutinho 5cf90a60e5 nixos/redis: cleanup tests 2021-12-13 14:42:19 -05:00
Julien Moutinho 7475554372 nixos/redis: enable multiple instances of redis-server 2021-12-13 14:42:19 -05:00
Bernardo Meurer f40283cf62
Merge pull request #149837 from helsinki-systems/feat/redo-activation-script-restarting
nixos/switch-to-configuration: Add a massive test and do a slight refactor
2021-12-13 11:37:20 -08:00
Maximilian Bosch bedca751c5
Merge pull request #150527 from malte-christian/master
nixos/nextcloud: update warning for MariaDB >= 10.6
2021-12-13 15:21:16 +01:00
Jörg Thalheim afa3c99cd5
Merge pull request #148593 from veehaitch/sgx-psw
sgx-psw: init package and module
2021-12-13 14:16:26 +00:00
Malte 7c43256291 nixos/nextcloud: update warning for MariaDB >= 10.6 2021-12-13 13:25:21 +01:00
maralorn b243326a02
Merge pull request #149013 from Ma27/postgres-docs
nixos/postgresql: improve docs on how to upgrade
2021-12-12 15:55:37 +01:00
Martin Weinelt 37527494b6
Merge pull request #150329 from zhaofengli/unifi-6.5.54 2021-12-12 14:10:10 +01:00
markuskowa 5d99afe652
Merge pull request #150311 from bachp/glusterfs-syslog-target
nixos/glusterfs: remove syslog.target from services
2021-12-12 12:42:53 +01:00
zowoq 91c6a97243 kubernetes: disable rbac tests
timed out on hydra
2021-12-12 19:56:19 +10:00
Zhaofeng Li e992604bf0 nixos/unifi: Apply log4j2 mitigation 2021-12-12 01:48:58 -08:00
Bobby Rong ebb5bd223c
Merge pull request #150372 from bobby285271/pantheon
pantheon.appcenter: re-add patch for disable packagekit backend
2021-12-12 13:30:53 +08:00
Bobby Rong c65f6852e4
Revert "nixos/pantheon: mention latest appcenter changes in manual"
This reverts commit d49d9a24b7.
2021-12-12 12:45:31 +08:00
Bobby Rong 1eef9ae2d1
Revert "nixos/pantheon: cleanup FAQ section"
This reverts commit cd58f44937.
2021-12-12 12:45:10 +08:00