Marek Mahut
d7b3d2d0fd
Merge pull request #65995 from danderson/master
...
nixos/sshguard: create ipsets before starting, and clean up after stopping.
2019-08-19 21:05:42 +02:00
Marek Mahut
7c15694c29
Merge pull request #66271 from vdot0x23/patch-1
...
nixos/stubby: clearer wording for upstreamServers
2019-08-19 20:58:45 +02:00
Marek Mahut
7a4b296c8d
Merge pull request #66687 from joachifm/feat/hardened-nixos-revert-graphene-malloc
...
Revert "nixos/hardened: use graphene-hardened malloc by default"
2019-08-19 20:56:07 +02:00
Marek Mahut
94c51859df
Merge pull request #66846 from uvNikita/containers/ephemeral
...
nixos/containers: add 'ephemeral' option
2019-08-19 20:55:33 +02:00
Nikolay Amiantov
fca97dfebc
stage-1 init: fix debug menu
...
* Read one char at a time, so user doesn't have to enter "i<ENTER>"
contrary to the menu;
* Exec shell inside setsid.
2019-08-19 19:54:00 +03:00
worldofpeace
9125f51b70
Merge pull request #66860 from worldofpeace/dconf-update
...
nixos/dconf: cleanup
2019-08-19 11:59:06 -04:00
Florian Klink
0aa5e3165c
sd-image.nix: set installer.cloneConfig to false
...
As SD Card images are both installation media and installation target,
don't copy over a /etc/nixos/configuration.nix
Closes #63576 .
2019-08-19 16:34:06 +02:00
Florian Klink
f71fd79ff0
nixos/installation-device.nix: explain sshd usage
2019-08-19 16:34:06 +02:00
Florian Klink
93a03177f2
Merge pull request #66482 from flokli/systemd-sysctl
...
nixos/systemd: install sysctl snippets
2019-08-19 16:32:00 +02:00
Nikita Uvarov
c740f0d400
nixos/containers: add 'ephemeral' option
2019-08-19 15:21:35 +02:00
davidak
6d4c69e640
netdata: enable cgroup accounting
2019-08-19 14:57:41 +02:00
Marek Mahut
f0d1db99db
Merge pull request #66857 from nrdxp/fix/caddy
...
caddy: remove 'bin' attribute
2019-08-19 13:50:14 +02:00
worldofpeace
38c7d55d5d
nixos/pantheon: use programs.dconf
2019-08-18 21:56:52 -04:00
worldofpeace
a7b5d6142f
nixos/gnome3: use programs.dconf
2019-08-18 21:55:52 -04:00
worldofpeace
918b7d572f
nixos/dconf: cleanup
...
Add dconf to systemPackages and make GIO_EXTRA_MODULES
a list so it can actually merge.
2019-08-18 21:54:00 -04:00
Timothy DeHerrera
98e6c1432e
caddy: remove 'bin' attribute
2019-08-18 18:46:21 -06:00
Silvan Mosberger
918e1e0925
nixos/cadvisor: allow passing custom arguments ( #66855 )
...
nixos/cadvisor: allow passing custom arguments
2019-08-19 02:28:38 +02:00
Aaron Andersen
8227b2f29e
Merge pull request #66399 from mmahut/metabase
...
metabase: service module and test
2019-08-18 19:49:05 -04:00
tilpner
944a3a0dfc
nixos/cadvisor: allow passing custom arguments
2019-08-19 01:32:01 +02:00
Sarah Brofeldt
e0cf7d6093
nixos/sd-image: Increase default firmware partition size
2019-08-18 22:55:39 +02:00
Nikolay Amiantov
79ebe562fb
shadowsocks service: support dual-stack server
...
Enable IPv6 by default.
2019-08-18 23:07:51 +03:00
WilliButz
4835f65e95
Merge pull request #66814 from mguentner/synapse_1_3_1
...
matrix-synapse: 1.2.1 -> 1.3.1
2019-08-18 19:30:14 +02:00
Eric Litak
ccf3557015
nixos/cjdns: add extraConfig option ( #53502 )
2019-08-18 18:47:56 +02:00
Marek Mahut
e6fb350cf6
Merge pull request #66606 from DerTim1/riemann-config
...
nixos/riemann-tools: Add ExtraArgs Config Option
2019-08-18 18:47:19 +02:00
Florian Klink
bafc256915
nixos/systemd: remove separate coredump module
2019-08-18 17:54:26 +02:00
Florian Klink
9be0327a49
nixos/systemd: install sysctl snippets
...
systemd provides two sysctl snippets, 50-coredump.conf and
50-default.conf.
These enable:
- Loose reverse path filtering
- Source route filtering
- `fq_codel` as a packet scheduler (this helps to fight bufferbloat)
This also configures the kernel to pass coredumps to `systemd-coredump`.
These sysctl snippets can be found in `/etc/sysctl.d/50-*.conf`,
and overridden via `boot.kernel.sysctl`
(which will place the parameters in `/etc/sysctl.d/60-nixos.conf`.
Let's start using these, like other distros already do for quite some
time, and remove those duplicate `boot.kernel.sysctl` options we
previously did set.
In the case of rp_filter (which systemd would set to 2 (loose)), make
our overrides to "1" more explicit.
2019-08-18 17:54:26 +02:00
Florian Klink
e5965bd489
nixos/sysctl: rename /etc/sysctl.d/nixos.conf -> 60-nixos.conf
...
sysctl.d(5) recommends prefixing all filenames in /etc/sysctl.d with a
two-digit number and a dash, to simplify the ordering of the files.
Some packages provide custom files, often with "50-" prefix.
To ensure user-supplied configuration takes precedence over the one
specified via `boot.kernel.sysctl`, prefix the file generated there with
"60-".
2019-08-18 17:54:26 +02:00
danbst
d80cd26ff9
Merge branch 'master' into flip-map-foreach
2019-08-18 18:00:25 +03:00
Danylo Hlynskyi
2b393c8913
elasticsearch: add example on how to use plugins ( #55115 )
...
See https://discourse.nixos.org/t/elastic-search-plugins/1997
2019-08-18 17:11:20 +03:00
Florian Klink
36ece762e5
Merge pull request #66621 from flokli/gitlab-12.1.6
...
gitlab-ce: 12.0.3 -> 12.1.6
2019-08-18 14:08:14 +02:00
Marek Mahut
69089e990e
modules: adding metabase service
2019-08-18 13:44:26 +02:00
Frederik Rietdijk
f65aa21bb2
Merge master into staging-next
2019-08-18 12:53:44 +02:00
worldofpeace
4f3e9ca93a
Merge pull request #65291 from worldofpeace/xdg-updates
...
Flatpak updates
2019-08-18 04:23:54 -04:00
worldofpeace
ce0511e302
nixos/flatpak: add comment about selinux
2019-08-18 04:23:17 -04:00
worldofpeace
1728bc8d22
flatpak: 1.2.4 -> 1.4.2
...
* Regenerated all patches for 1.4.2 and resolved
any conflicts.
* fix-test-paths.patch doesn't copy the whole locale archive
because we have C.UTF8 now.
* nixos/flatpak creates a Flatpak system helper user
Change introduced in 1.3.2.
Changes:
See https://github.com/flatpak/flatpak/releases/tag/1.3.1 through
1.4.2.
2019-08-18 04:23:17 -04:00
Maximilian Güntner
dac8fe9cee
nixos/matrix-synapse: use notify instead of simple
...
Starting with 1.3.0, matrix-synapse supports notifying
systemd. Relevant PR: matrix-org/synapse#5732
2019-08-18 09:41:33 +02:00
Frederik Rietdijk
295888c622
Merge pull request #66381 from NixOS/staging-next
...
Staging next
2019-08-18 08:54:45 +02:00
worldofpeace
5892773eb6
nixos/pantheon: adjust to renamed gnome3 options
2019-08-17 16:34:55 -04:00
Marek Mahut
caf9b8cc35
Merge pull request #66591 from aanderse/zabbix-proxy
...
nixos/zabbixProxy: fix database initialization logic
2019-08-17 20:55:13 +02:00
Symphorien Gibol
c3e1e64e4c
remove all instances of nix-env -i without -A in the NixOS manual
...
motivation: https://nixos.wiki/wiki/FAQ/Why_not_use_nix-env_-i_foo%3F
2019-08-17 18:04:43 +02:00
WilliButz
ecd4d03dfe
grafana-loki: fix typo in service config
2019-08-17 12:08:51 +02:00
Frederik Rietdijk
fe9a3e3e63
Merge staging-next into staging
2019-08-17 09:39:23 +02:00
Frederik Rietdijk
c68f58d95c
Merge master into staging-next
2019-08-17 09:30:16 +02:00
Samuel Dionne-Riel
b750ebf1b3
Merge pull request #60422 from kwohlfahrt/device-tree
...
nixos/hardware.deviceTree: new module
2019-08-16 13:26:48 -04:00
Marek Mahut
5712bea91b
trezord: adding emultor support
2019-08-16 16:58:48 +02:00
Edmund Wu
aa251bbc3e
systemd-networkd: link: Name -> OriginalName
2019-08-15 21:58:24 -04:00
Aaron Andersen
efbdce2e96
nixos/mantisbt: drop unmaintained module
2019-08-15 21:01:23 -04:00
Aaron Andersen
265163da07
nixos/systemhealth: drop unmaintained module
2019-08-15 21:01:23 -04:00
Aaron Andersen
ac4327c025
nixos/awstats: replace usage of deprecated services.httpd.extraSubservices
2019-08-15 21:00:27 -04:00
Joachim Fasting
4ead3d2ec3
Revert "nixos/hardened: use graphene-hardened malloc by default"
...
This reverts commit 48ff4f1197
.
Causes too much breakage to be enabled by default [1][2].
[1]: https://github.com/NixOS/nixpkgs/issues/61489
[2]: https://github.com/NixOS/nixpkgs/issues/65000
2019-08-15 18:49:57 +02:00
Joachim Fasting
da0b67c946
nixos-hardened: disable unprivileged userfaultfd syscalls
...
New in 5.2 [1]
[1]: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cefdca0a86be517bc390fc4541e3674b8e7803b0
2019-08-15 18:43:34 +02:00
Joachim Fasting
4b21d1ac8c
nixos-hardened: enable page alloc randomization
2019-08-15 18:43:32 +02:00
volth
46420bbaa3
treewide: name -> pname (easy cases) ( #66585 )
...
treewide replacement of
stdenv.mkDerivation rec {
name = "*-${version}";
version = "*";
to pname
2019-08-15 13:41:18 +01:00
Marek Mahut
08749c4860
Merge pull request #66588 from lschuermann/nixos-enter-silent
...
nixos-enter: add --silent to suppress activation script output
2019-08-15 10:22:27 +02:00
Peter Hoeg
503ca1f40c
nixos aws: use in-kernel ixgbevf driver ( #58956 )
2019-08-15 02:58:22 +03:00
aszlig
dc525e8b12
Merge pull request #66648 (improve xkbvalidate)
...
This allows xkbvalidate to be compiled via Clang and also has a few
other portability improvements, eg. it now can even be compiled on OS X,
even though it's probably not needed there.
In addition, I changed the binary name so that it matches the package
name.
I'm merging this in right now, because there is only the xserver NixOS
module where this is used, so the risk of a catastrophic breakage is
very low.
Checks and build done by ofborg also ran successfully and I also did a
few local tests (eg. running via valgrind to avoid leaks) to make sure
it's still working properly.
2019-08-15 01:32:09 +02:00
aszlig
16ecd0d5ca
xkbvalidate: Rename output binary to xkbvalidate
...
So far, the output binary has been just "validate", which is quite a
very generic name and doesn't match the package name.
Even though I highly doubt that this program will ever be used outside
of NixOS modules, it's nevertheless less confusing to have a consistent
naming.
Signed-off-by: aszlig <aszlig@nix.build>
2019-08-15 01:11:32 +02:00
worldofpeace
bc0072305b
Merge pull request #66638 from worldofpeace/favorite-apps-gnome3
...
nixos/gnome3: set favorite-apps
2019-08-14 17:12:48 -04:00
worldofpeace
83c0b5f06f
nixos/gnome3: set favorite-apps
...
The upstream defaults [0] for this key include shotwell and
rhythmbox which aren't installed by the gnome3 module.
We swap these out for gnome-photos and gnome-music
which are.
[0]: https://gitlab.gnome.org/GNOME/gnome-shell/blob/3.32.2/data/org.gnome.shell.gschema.xml.in#L42
2019-08-14 16:55:45 -04:00
Matthew Bauer
e9b7085ff8
cups: add myself as maintainer
2019-08-14 11:47:48 -04:00
Matthew Bauer
c068488817
nixos/cupsd: use socket-based activation by default
...
Make socket-based activation the
default (services.printing.startWhenNeeded)
2019-08-14 11:47:12 -04:00
Matthew Bauer
28040465be
nixos/cupsd: include /run/cups/cups.sock in ListenStreams
...
This socket should always be created by systemd.
2019-08-14 11:47:12 -04:00
Matthew Bauer
35e633bde5
nixos/cupsd: only enable cups when startWhenNeeded = false
...
cups-browsed was pulling in cups.service even when we were using the
socket-based initialization.
2019-08-14 11:47:12 -04:00
Matthew Bauer
04ea093eb6
nixos/cupsd: Set CUPS_DATADIR globally
...
This is used by some programs that need CUPS data files. For instance,
print-manager looks here for printing test pages.
2019-08-14 11:47:12 -04:00
worldofpeace
dd49cf711e
Merge pull request #66338 from worldofpeace/installer/no-root
...
installer: Don't run as root
2019-08-14 11:20:54 -04:00
Matthew Bauer
3411c1566a
Merge pull request #66480 from primeos/nixos-fuse
...
nixos/fuse: init
2019-08-14 10:16:02 -04:00
Ben Gamari
d7d873b8cb
nixos/gitlab: Delete stale hooks directories with -R
...
These can be directories.
2019-08-14 15:29:50 +02:00
Frederik Rietdijk
8d56f2472e
Merge master into staging-next
2019-08-14 13:45:54 +02:00
WilliButz
ddf15d321f
Merge pull request #66612 from fadenb/oxidized_permission_issue
...
nixos/oxidized: Use symlinks for config files
2019-08-14 11:56:34 +02:00
Tristan Helmich (omniIT)
02dfc07a04
nixos/oxidized: Use symlinks for config files
...
The old `cp` suffers from a permission issue on the 2nd start of the
service. The files were copied from the read-only nix store. On the 2nd
start of the service the `cp` failed.
The new version force creates a symlink which does not suffer from this.
2019-08-14 09:30:51 +00:00
Tim Digel
5bbde1e1ca
nixos/riemann-tools: Add ExtraArgs Config Option
...
Added option "extraArgs" to forward any switches to riemann-tools.
2019-08-14 08:26:13 +02:00
worldofpeace
d66f89022f
Merge pull request #66593 from aaronjanse/crashdump-poll-fix
...
fix crashDump overheating
2019-08-13 19:11:26 -04:00
Aaron Janse
011fa89b92
nixos/modules/misc/crashdump: remove idle=poll ( fix #66464 )
...
Previously, "idle=poll" would severely overheat some CPUs
2019-08-13 16:08:22 -07:00
Aaron Andersen
9af06755f3
nixos/zabbixProxy: fix database initialization logic
2019-08-13 18:50:28 -04:00
Leon Schuermann
415993d6b7
nixos-enter: silent activation script option
...
Also, fix a few shellcheck errors.
2019-08-13 23:48:58 +02:00
Matthew Bauer
329e097828
Merge pull request #66425 from Gerschtli/fix/path-order
...
environment.profiles: fix order of profiles and PATH
2019-08-13 15:06:09 -04:00
Marek Mahut
cb8f4b0552
Merge pull request #65439 from aanderse/httpd-extra-modules
...
nixos/httpd: remove duplicate module entries from httpd.conf
2019-08-13 18:51:15 +02:00
Aaron Andersen
6f6468bef3
Merge pull request #65728 from Infinisil/types-eithers
...
lib/types: Add oneOf, extension of either to a list of types
2019-08-13 11:48:42 -04:00
Marek Mahut
4754ca7d2e
Merge pull request #62936 from dasJ/sandbox-memcached
...
nixos/memcached: Isolate the service
2019-08-13 08:56:34 +02:00
Jeff Slight
2ee14c34ed
nixos/gitlab: properly clear out initializers
2019-08-12 12:50:02 -07:00
worldofpeace
397c7d26fc
installer: Don't run as root
...
There's many reason why it is and is going to
continue to be difficult to do this:
1. All display-managers (excluding slim) default PAM rules
disallow root auto login.
2. We can't use wayland
3. We have to use system-wide pulseaudio
4. It could break applications in the session.
This happened to dolphin in plasma5
in the past.
This is a growing technical debt, let's just use
passwordless sudo.
2019-08-12 14:45:27 -04:00
Franz Pletz
f3160a2db6
Merge pull request #66476 from WilliButz/fix-prometheus-alertmanager-option
...
nixos/prometheus2: replace alertmanagerURL with new alertmanagers option
2019-08-12 17:59:27 +00:00
Maximilian Bosch
f0d6955052
Merge pull request #66470 from WilliButz/update-blackbox-exporter
...
prometheus-blackbox-exporter: 0.12.0 -> 0.14.0, run tests and check config
2019-08-12 19:38:43 +02:00
Silvan Mosberger
a7c7bb156f
clight: init ( #64309 )
...
clight: init
2019-08-12 18:18:05 +02:00
Graham Christensen
5d807f80c7
Merge pull request #63864 from cransom/datadog-agent-integrations-fix
...
datadog-agent: fix extraIntegrations
2019-08-12 12:15:48 -04:00
Edmund Wu
7c8ea897be
clight: include module
2019-08-12 11:56:47 -04:00
Edmund Wu
c4de0bf492
timezone.nix -> locale.nix
...
Also includes geolocation information abstracted from redshift.nix
2019-08-12 11:56:40 -04:00
Michael Weiss
62f7711e29
Fix the indentation
...
Co-Authored-By: Alexey Shmalko <rasen.dubi@gmail.com>
2019-08-12 13:37:15 +02:00
WilliButz
c28ded36ef
nixos/prometheus-blackbox-exporter: add config check
2019-08-12 10:53:00 +02:00
WilliButz
a8847c870a
nixos/rename: add prometheus2 change
2019-08-12 10:42:29 +02:00
WilliButz
543f219b30
nixos/prometheus: replace 'alertmanagerURL' options for prometheus2
...
Prometheus2 does no longer support the command-line flag to specify
an alertmanager. Instead it now supports both service discovery and
configuration of alertmanagers in the alerting config section.
Simply mapping the previous option to an entry in the new alertmanagers
section is not enough to allow for complete configurations of an
alertmanager.
Therefore the option alertmanagerURL is no longer used and instead
a full alertmanager configuration is expected.
2019-08-12 10:42:28 +02:00
worldofpeace
e9e165fa23
Merge pull request #66449 from delroth/no-ibus-qt
...
nixos/ibus: do not default-install ibus-qt
2019-08-11 22:41:02 -04:00
worldofpeace
bddce34e49
Merge pull request #66478 from aanderse/nylas-mail
...
nylas-mail-bin: drop package which is no longer supported upstream
2019-08-11 17:52:26 -04:00
Aaron Andersen
26f128c1af
nylas-mail-bin: drop package which is no longer supported upstream
2019-08-11 17:44:05 -04:00
Danylo Hlynskyi
329fa4b01e
Merge pull request #66401 from eadwu/postgresql/fix-quoted-query
...
nixos/postgresql: fix quoted queries
2019-08-11 22:46:50 +03:00
Notkea
4ff9a48398
nixos/postgresql-wal-receiver: add module ( #63799 )
2019-08-11 20:09:42 +03:00
Michael Weiss
2473d902e6
nixos/fuse: init
...
Add a module for /etc/fuse.conf.
Fixes #30923 .
2019-08-11 16:13:23 +02:00
Jean Potier
9847967594
Fix typo in assert in grafana module
...
Current assert prevents using secretKeyFile entirely
2019-08-11 13:21:26 +03:00
Silvan Mosberger
ca3820dd00
nixos/misc: Fix nixpkgs.config merge function
...
Previously nested attrsets would override each other
2019-08-10 20:03:11 +02:00
Pierre Bourdon
67d1cf4707
nixos/ibus: do not default-install ibus-qt
...
ibus-qt has not seen a release in 5 years and is only relevant for Qt
4.x, which is becoming more and more rare. Using my current laptop as a
data point, ibus-qt is the only dependency left that drags in qt-4.8.7.
2019-08-10 19:37:12 +02:00
worldofpeace
1ce7ece4b2
Merge pull request #66398 from worldofpeace/gnome3-option-renames
...
Move certain GNOME3 options to programs
2019-08-10 11:17:47 -04:00
worldofpeace
0722e88665
nixos/gpaste: don't set sessionPath
...
Not needed since f63d94eba3
2019-08-10 11:17:18 -04:00
worldofpeace
be3fe4a869
nixos/gpaste: move to programs
2019-08-10 11:17:18 -04:00
Tobias Happ
33c834f2fb
environment.profiles: fix order of profiles
...
This change is needed because the order of profiles correlate to the
order in PATH, therefore "/etc/profiles/per-user/$USER" always appeared
after the system packages directories.
2019-08-10 10:28:12 +02:00
Alex Guzman
9fec6dfa39
roon-server: add back state directory
2019-08-09 22:21:46 -07:00
Silvan Mosberger
ce82d0b61a
Couchdb: Don't chown /var/log to couchdb ( #65347 )
...
Couchdb: Don't chown /var/log to couchdb
2019-08-10 01:36:15 +02:00
Alex Guzman
d830ae9af3
[roon-server] Use non-deprecated string type
2019-08-09 13:02:46 -07:00
Edmund Wu
18d176dc20
nixos/postgresql: fix quoted queries
2019-08-09 15:11:24 -04:00
Matthew Bauer
ddf38a8241
Merge pull request #65002 from matthewbauer/binfmt-wasm
...
Add binfmt interpreter for wasm
2019-08-09 14:04:21 -04:00
Matthieu Coudron
2da1ad60a8
boot.kernelPackages: check for conflicts
...
It's currently possible to set conflicting `boot.kernelPackages` several times
which can prove confusing.
This is an attempt to warn for this.
2019-08-10 02:27:52 +09:00
worldofpeace
f12f2bb828
nixos/gnome-documents: move to programs
2019-08-09 12:56:11 -04:00
worldofpeace
6c525b1076
nixos/gnome-disks: move to programs
2019-08-09 12:56:11 -04:00
worldofpeace
ff0e3aae35
nixos/file-roller: move to programs
2019-08-09 12:56:11 -04:00
worldofpeace
db69d2dfe7
nixos/evince: move to programs
2019-08-09 12:56:11 -04:00
Silvan Mosberger
013d403f30
nixos/dwm-status: add module ( #51319 )
...
nixos/dwm-status: add module
2019-08-09 15:39:50 +02:00
Bas van Dijk
fae25242e9
Merge pull request #66327 from basvandijk/parameterizable-nixos-generate-config
...
nixos-generate-config: enable overriding configuration.nix
2019-08-09 14:39:34 +02:00
Frederik Rietdijk
9bd78cb048
Merge master into staging-next
2019-08-09 14:00:27 +02:00
Marek Mahut
f14628e576
Merge pull request #66341 from Ma27/bump-prometheus-wireguard-exporter
...
prometheus-wireguard-exporter: 3.0.0 -> 3.0.1
2019-08-09 13:12:06 +02:00
Periklis Tsirakidis
95dec03601
[throttled] Enable custom config
2019-08-09 09:22:38 +02:00
Silvan Mosberger
88bb9fa403
nixos/modules: Replace all nested types.either's with types.oneOf's
2019-08-08 23:35:52 +02:00
Maximilian Bosch
41b9c5f1da
nixos/prometheus-wireguard-exporter: add support for -r
switch
...
With this switch activated, the exporter also exposes the remote IP of
each active WireGuard peer.
2019-08-08 21:54:49 +02:00
Bas van Dijk
810388afd2
nixos-generate-config: enable overriding configuration.nix
2019-08-08 17:00:10 +02:00
Alex Guzman
9f9b458ce3
[roon-server] don't create user if user changes defaults
...
If the user changes the user for roon, we can assume they handled the setup for it
2019-08-07 13:23:36 -07:00
Alex Guzman
6572b5e4a1
[roon-server] make roon user a system user
2019-08-07 13:12:57 -07:00
Alex Guzman
f160233793
roon-server: let nix assign ids
2019-08-07 12:34:52 -07:00
Alex Guzman
62d242d1cd
roon-server: Add actual user piping
...
Adds defined IDs
2019-08-07 12:27:52 -07:00
Alex Guzman
8becc897ea
roon-server: disable DynamicUser
...
DynamicUser currently breaks the backup functionality provided by roon,
as the roon server cannot write to non-canonical directories and the
recycled UIDs/GIDs would make managing permissions for the directory
impossible. On top of that, it would break the ability to manage the
local music library files (as it would not be able to delete them).
2019-08-07 11:57:42 -07:00
Thomas Tuegel
38f3c6afa1
Merge pull request #66226 from xvello/xvello/bluez-qt
...
Add bluez-qt as an explicit dependency of plasma5
2019-08-07 08:46:02 -05:00
Kai Wohlfahrt
28cf80acf8
nixos/hardware.deviceTree: Move things around
...
In response to comments, create a sub-folder for deviceTree packages
(starting with rpi), and a top-level package for helpers.
2019-08-07 13:51:22 +01:00
Kai Wohlfahrt
dd0a951279
nixos/hardware.deviceTree: new module
...
Add support for custom device-tree files, and applying overlays to them.
This is useful for supporting non-discoverable hardware, such as sensors
attached to GPIO pins on a Raspberry Pi.
2019-08-07 13:51:22 +01:00
vdot0x23
386f9739b5
nixos/stubby: Clearer wording for upstreamServers
...
Indicate that upstreamServers actually replaces defaults instead of adding to default.
2019-08-07 12:23:20 +00:00
Danylo Hlynskyi
0730e81785
postgresql: running initdb
from command line now works ( #65309 )
...
The issue was only with NixOS service, `postgresql` installed through
`nix-env` was not affected.
Fixes https://github.com/NixOS/nixpkgs/issues/23655
2019-08-07 14:17:36 +03:00
worldofpeace
a4c6a7b336
Merge pull request #63790 from chpatrick/gdm-autosuspend-option
...
nixos/gdm: add autoSuspend option
2019-08-06 18:09:20 -04:00
Patrick Chilton
7c854aa974
nixos/gdm: add autoSuspend option
2019-08-06 18:08:21 -04:00
Xavier Vello
e383d99244
Add bluez-qt as an explicit dependency of plasma5
...
When bluetooth is enabled, we install bluedevil, but
its applet cannot work without the qml components in
bluez-qt.
Superseedes #65440 that failed to address the issue.
2019-08-06 21:53:30 +02:00
Franz Pletz
666b291d19
Merge pull request #66073 from WilliButz/fix-unifi
...
nixos/unifi: create data directory with correct permissions
2019-08-06 16:34:30 +00:00
worldofpeace
7a53b1cbe7
Merge pull request #65860 from etu/surf-display-kiosk-session
...
Surf display kiosk session
2019-08-05 14:41:56 -04:00
Elis Hirwing
792da0c4d4
nixos/surf-display: Add kiosk display manager session
2019-08-05 17:50:06 +02:00
WilliButz
d6a4902662
nixos/unifi: create data directory with correct permissions
2019-08-05 15:09:16 +02:00
Danylo Hlynskyi
7585496eff
Merge branch 'master' into flip-map-foreach
2019-08-05 14:09:28 +03:00
danbst
0f8596ab3f
mass replace "flip map -> forEach"
...
See `forEach`-introduction commit.
```
rg 'flip map ' --files-with-matches | xargs sed -i 's/flip map /forEach /g'
```
2019-08-05 14:03:38 +03:00
danbst
91bb646e98
Revert "mass replace "flip map -> foreach""
...
This reverts commit 3b0534310c
.
2019-08-05 14:01:45 +03:00
worldofpeace
d745487c1e
nixos/pantheon: use filechooser module
...
Setting GTK_CSD=1 works around the issue
we were having with this [0]
[0]: https://github.com/elementary/files/issues/971
2019-08-05 05:43:48 -04:00
worldofpeace
399ff42d73
nixos/pantheon: set GTK_CSD
...
Causes various issues when not set
* https://github.com/elementary/files/issues/971
* https://github.com/elementary/default-settings/pull/103
* https://github.com/cassidyjames/ideogram/issues/26
However this can cause certain problems in gala
* https://github.com/elementary/gala/issues/244
2019-08-05 05:42:35 -04:00
David Anderson
089da1c14d
nixos/sshguard: create ipsets before starting, and clean up after stopping.
...
The fix for #62874 introduced a race condition on startup: the postStart
commands that configure the firewall run concurrently with sshguard's
creation of the ipsets that the rules depend on. Unfortunately iptables
fails hard when referencing an ipset that doesn't exist, so this causes
non-deterministic crashlooping until sshguard wins the race.
This change fixes that race condition by always creating the ipset and
reconfiguring the firewall before starting sshguard, so that the order
of operations is always deterministic.
This change also cleans up the ipsets on sshguard shutdown, so that
removing sshguard from a running system doesn't leave state behind.
Fixes #65985 .
2019-08-04 16:23:22 -07:00
bake
9e2a710117
nixos/gitolite: dataDir group-readable
2019-08-04 18:47:02 +09:00
Frederik Rietdijk
27e030a1cc
Merge pull request #62812 from Tomahna/bloop
...
bloop: 1.2.5 -> 1.3.2
2019-08-04 10:07:16 +02:00
Jörg Thalheim
d02ead41f8
Merge pull request #65407 from alunduil/add-zfs-replication
...
Add zfs replication
2019-08-03 09:14:08 +01:00
Frederik Rietdijk
7560e2d64f
Merge pull request #65376 from abbradar/mdadm-upstream
...
Use upstream units for mdadm
2019-08-03 08:06:07 +02:00
Frederik Rietdijk
d20a59d2e5
Merge master into staging-next
2019-08-02 23:27:18 +02:00
WilliButz
1ce989cce6
nixos/prometheus-exporters: update documentation
2019-08-02 18:50:01 +02:00
WilliButz
29d765e250
nixos/prometheus-wireguard-exporter: use ExecStart instead of script
2019-08-02 18:50:01 +02:00
WilliButz
afd0dc17d6
nixos/prometheus-exporters: use DynamicUser by default
...
Only define seperate users and groups when necessary.
2019-08-02 18:50:01 +02:00
WilliButz
495222a840
nixos/prometheus-exporter: use separate user for each exporter
...
Stop using nobody/nogroup by default and use seperate users for each
exporter instead.
2019-08-02 18:49:56 +02:00
WilliButz
c221f9fdf2
Merge pull request #65751 from mayflower/pkgs/prometheus-postgres-exporter
...
prometheus-postgres-exporter: init at 0.5.1
2019-08-02 18:45:32 +02:00
Alex Brandt
bdd7b5a3ab
nixos/zfs: add autoReplication functionality
...
This adds a simple configuration for sending snapshots to a remote
system using zfs-replicate that ties into the autoSnapshot settings
already present in services.zfs.autoSnapshot.
2019-08-02 08:04:21 -07:00
Franz Pletz
e4c60a1e42
prometheus-postgres-exporter: init at 0.5.1
2019-08-02 15:59:29 +02:00
Frederik Rietdijk
6f723b9bad
Merge master into staging-next
2019-08-02 09:18:37 +02:00
Peter Hoeg
f2639566b5
Merge pull request #30712 from peterhoeg/f/service
...
systemd user services shouldn't run as root and other "non-interactive" users
2019-08-02 11:58:27 +08:00
Robin Gloster
443b0f6332
Merge pull request #65566 from rasendubi/syncthing-group-fix
...
syncthing: create default group if not overridden
2019-08-01 23:17:37 +00:00
Robin Gloster
41dac4bf9f
Merge pull request #65582 from WilliButz/add-mailexporter
...
prometheus-mail-exporter: init at 2019-07-14, add module and test
2019-08-01 23:14:21 +00:00
Robin Gloster
19c737fd79
Merge pull request #65699 from jslight90/patch-5
...
nixos/gitlab: fix config initializer permissions
2019-08-01 23:08:39 +00:00
worldofpeace
64b4a24047
nixos/xdg/portal: set GTK_USE_PORTAL with lib.mkIf
...
If lib.optional is given a false value it will return an empty list.
Thusly the set-environment script can have
```
export GTK_USE_PORTAL=
```
This can rub certain bugs the wrong way #65679
so lets make sure this isn't set in the environment
at all.
2019-08-01 17:51:51 -04:00
Frederik Rietdijk
55e4555b77
Merge master into staging-next
2019-08-01 09:42:54 +02:00
Colin L Rice
d7aa6df31f
nix-daemon: Fix builduser count to work when maxJobs is auto
2019-08-01 01:54:28 -04:00
Aaron Andersen
a1f738ba87
Merge pull request #62748 from aanderse/mediawiki
...
nixos/mediawiki: init service to replace httpd subservice
2019-07-31 22:12:23 -04:00
Artemis Tosini
42c3eefd77
nixos/xonsh: Use the package specified in the package option
2019-07-31 23:28:13 +00:00
Nikolay Amiantov
717b8b3219
systemd service: remove generator-packages option
...
Use systemd.packages instead, it's less error prone and more in line with
what's expected.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov
ca780f4a18
swraid service: use upstream units
...
This fixes a serious bug on NixOS with swraid where mdadm arrays weren't
properly stopped on shutdown. Rather than fixing the unit by adding
`Before=final.target` we completely move to upstream units, which uses
systemd shutdown hooks instead. This also drives down maintenance costs
for us.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov
b458121105
stage-1 initrd: replace absolute paths for mdadm
...
We don't patch basename and readlink now too as they were added for
mdadm in 8ecd3a5e1d
.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov
a304fc5d75
systemd service: add support for shutdown packages
...
Shutdown hooks are executed right before the shutdown, which is useful
for some applications. Among other things this is needed for mdadm hook
to run.
2019-08-01 00:55:35 +03:00
Nikolay Amiantov
fd405dab3e
systemd service: rename generator-packages
2019-08-01 00:55:35 +03:00
Jeff Slight
7efcbead2c
nixos/gitlab: fix config initializer permissions
2019-07-31 14:55:08 -07:00
edef
4bcc6e11d3
Merge pull request #65227 from NixOS/openssh-known-hosts-ca
...
nixos/programs/ssh: allow specifying known host CAs
2019-07-31 12:08:58 +00:00
worldofpeace
bb4f61f73d
Merge pull request #64121 from tadeokondrak/nixos/programs/shell.nix/remove-gnu-specific-option
...
nixos/programs/shell.nix: don't use unnecessary GNU-specific option
2019-07-31 02:19:59 -04:00
worldofpeace
ea8fc75160
Merge pull request #64948 from ambrop72/videodrivers-radeon-alias
...
nixos/xserver: Make radeon in videoDrivers an alias for ati.
2019-07-31 02:13:24 -04:00
WilliButz
5818c73d95
nixos/prometheus-exporters: add mail exporter module
2019-07-30 19:24:26 +02:00
Joachim F
a7d71da84d
Merge pull request #65585 from delroth/hardened-pti
...
nixos/hardened: make pti=on overridable
2019-07-30 10:35:31 +00:00
Janne Heß
ae608faa85
nixos/xfs: Add xfs_repair to the initrd
...
Closes #8820
2019-07-30 09:28:34 +02:00
worldofpeace
7f2f31a812
Merge pull request #65449 from worldofpeace/disable-portals
...
nixos/xdg: disable portals (again, again)
2019-07-29 21:47:51 -04:00
worldofpeace
1b21c9db91
nixos/xdg: add gtkUsePortal option to portals
...
Prior to this change GTK_USE_PORTAL was unconditionally
set to "1". For this to not break things you have to have some
sort of portal implementation in extraPortals.
Setting GTK_USE_PORTAL in this manner is actually only useful
when using portals for applications outside flatpak. For example
people using non-flatpak Firefox who want native filechoosers.
It's also WIP for electron applications to support this.
2019-07-29 21:47:09 -04:00
Pierre Bourdon
67b7e70865
nixos/hardened: make pti=on overridable
...
Introduces a new security.forcePageTableIsolation option (default false
on !hardened, true on hardened) that forces pti=on.
2019-07-30 02:24:56 +02:00
Alexey Shmalko
e50539f7b5
syncthing: create default group if not overridden
...
The following configuration generates a systemd unit that doesn't
start.
```nix
{
services.syncthing = {
enable = true;
user = "my-user";
};
}
```
It fails with
```
systemd[1]: Started Syncthing service.
systemd[6745]: syncthing.service: Failed to determine group credentials: No such process
systemd[6745]: syncthing.service: Failed at step GROUP spawning /nix/store/n1ydz3i08nqp1ajc50ycy1zribmphqc9-syncthing-1.1.4-bin/bin/syncthing: No such process
systemd[1]: syncthing.service: Main process exited, code=exited, status=216/GROUP
systemd[1]: syncthing.service: Failed with result 'exit-code'.
```
This is due to the fact that `syncthing` group (default) is not
created if the user is overridden.
Add a separate check for setting up the default group, so that
user/group are created independently.
2019-07-29 21:56:12 +03:00
Jörg Thalheim
3b0f0741ea
Merge pull request #65335 from Baughn/wifi-crda
...
wifi: Include CRDA regulatory database
2019-07-29 07:02:22 +01:00
Svein Ove Aas
d28a8cc4af
nixos/pantheon: Include CRDA regulatory database
2019-07-28 22:17:19 +01:00
Svein Ove Aas
186dd1ce58
nixos/gnome3: Include CRDA regulatory database
2019-07-28 22:17:10 +01:00
Svein Ove Aas
7ee6226bdd
nixos/networkmanager: Include CRDA regulatory database
2019-07-28 22:10:28 +01:00
Svein Ove Aas
ac50d8e709
nixos/wpa_supplicant: Include CRDA regulatory database
2019-07-28 22:10:28 +01:00
Bas van Dijk
9ff408a2a4
Merge pull request #60500 from basvandijk/thanos-init
...
thanos: init at 0.6.0 & NixOS module
2019-07-28 19:14:55 +02:00
edef
9897956d36
Merge pull request #65485 from arcnmx/pr-taskserver-nixos
...
nixos/taskserver: crl file is optional
2019-07-28 13:02:05 +00:00
Bas van Dijk
0a59be7136
thanos: 0.5.0 -> 0.6.0
2019-07-28 13:28:27 +02:00
Bas van Dijk
dc69b3e6ad
nixos/thanos: code style: don't use a space before a colon
2019-07-28 13:28:27 +02:00
Bas van Dijk
e32e0e6e02
nixos/thanos: assert that prometheus2 is running and has labels set
2019-07-28 13:28:27 +02:00
Bas van Dijk
13da811853
nixos/thanos: allow overriding arguments to the thanos subcommands
2019-07-28 13:28:27 +02:00
Bas van Dijk
2d0243c187
thanos: 0.4.0 -> 0.5.0-rc.0
2019-07-28 13:28:27 +02:00
Bas van Dijk
ebc65a5f21
nixos/thanos: add module for the thanos service
2019-07-28 13:28:27 +02:00
Frederik Rietdijk
cb3ce5d26d
Merge master into staging-next
2019-07-28 12:11:37 +02:00
Frederik Rietdijk
cca5ee9c07
Merge staging-next into staging
2019-07-28 09:10:03 +02:00
arcnmx
c604b38791
nixos/taskserver: crl file is optional
2019-07-27 15:49:46 -07:00
Ashish SHUKLA
d3c2b992d4
sshguard: do not create ipset in post-start
...
Upstream switched to a different type of ipset table, whereas we
create ipset in post-start which overrides upstream, and renders
sshguard ineffective.
Remove ipset creation from post-start, and let it get automatically
by upstream script (sshg-fw-ipset) as part of startup
2019-07-27 10:59:50 +05:30