1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Commit graph

18282 commits

Author SHA1 Message Date
Jörg Thalheim 0f2ee10cbf
Merge pull request #94270 from jerith666/postfix-dane
postfix: add useDane config option
2020-08-13 06:53:53 +01:00
Matt McHenry a45f1453eb postfix: add useDane config option 2020-08-12 21:18:36 -04:00
Matthew Bauer 6fffd50623
Merge pull request #95220 from obsidiansystems/ipfs-quic-socket-activated
nixos/ipfs: Allow QUIC connections to socket activate too
2020-08-12 13:47:29 -05:00
Justin Humm 90ed2c01f0
Merge pull request #95266 from Lassulus/gollum-text
nixos/gollum: replace toFile with writeText
2020-08-12 19:28:41 +02:00
lassulus 957da625c5 nixos/gollum: replace toFile with writeText 2020-08-12 19:16:05 +02:00
Florian Klink 22e8ada3b3
Merge pull request #95264 from flokli/nginx-config-reload
nixos/nginx: move configuration testing script into reload command
2020-08-12 18:47:02 +02:00
Maximilian Bosch fddeb7cb73
Revert "nextcloud: use mkDefault for whole nginx config"
This breaks the Nextcloud vhost declaration when adding e.g. another
vhost as the `services.nginx.virtualHosts` option has `{ nextcloud =
...; }` as *default* value which will be replaced by another
`virtualHosts`-declaration with a higher (e.g. the default) priority.

The following cases are now supported & covered by the module:

* `nginx` is enabled with `nextcloud` enabled and other vhosts can be
  added / other options can be declared without having to care
  about the declaration's priority.

* Settings in the `nextcloud`-vhost in `nginx` have to be altered using
  `mkForce` as this is the only way how we officially support `nginx`
  for `nextcloud` and customizations have to be done explicitly using
  `mkForce`.

* `nginx` will be completely omitted if a user enables nextcloud
  and disables nginx using `services.nginx.enable = false;`. (because
  nginx will be enabled by this module using `mkDefault`).

This reverts commit 128dbb31cc.
Closes #95259
2020-08-12 18:28:45 +02:00
Florian Klink 300049ca51 nixos/nginx: move configuration testing script into reload command
nginx -t not only verifies configuration, but also creates (and chowns)
files. When the `nginx-config-reload` service is used, this can cause
directories to be chowned to `root`, causing nginx to fail.

This moves the nginx -t command into a second ExecReload command, which
runs as nginx's user. While fixing above issue, this will also cause the
configuration to be verified when running `systemctl reload nginx`, not
only when restarting the dummy `nginx-config-reload` unit. The latter is
mostly a workaround for missing features in our activation script
anyways.
2020-08-12 18:13:29 +02:00
Daniël de Kok 2c0034d5fb
Merge pull request #91938 from spacefrogg/openafs-1.6-deprecation
openafs: 1.6.23 -> 1.6.24, mark broken due to EOL
2020-08-12 17:11:28 +02:00
Michael Raitza b3c794d610 openafs: 1.6.23 -> 1.6.24, mark broken due to EOL
Last old stable release. Enforce switch to openafs_1_8 by marking broken while
leaving a reasonable short-term alternative.

Ref #90927
2020-08-12 15:31:11 +02:00
Florian Klink bab13cc0df nixos/doc/manual/release-notes: document fontconfig 2.10.x config and cache removal 2020-08-12 13:40:46 +02:00
Florian Klink f527651a67 nixos/fontconfig: stop generating fontconfig_210 config and cache
This fontconfig version isn't used anywhere inside nixpkgs anymore.
2020-08-12 13:40:45 +02:00
Jörg Thalheim dc255dcac0
Merge pull request #94291 from Izorkin/gitea 2020-08-12 12:23:05 +01:00
Aaron Andersen e3c210dfd1 nixos/mysql: run ExecStartPost as an unprivileged user 2020-08-12 07:21:27 -04:00
Aaron Andersen 31098a03a2 nixos/mysql: cleanup some descriptions 2020-08-12 07:11:00 -04:00
Aaron Andersen ff9921f0fd nixos/mysql: loosen mariadb check 2020-08-12 07:10:59 -04:00
Aaron Andersen 3792fef4ec nixos/mysql: add group option 2020-08-12 07:10:56 -04:00
Aaron Andersen 9b56677634 nixos/mysql: remove variable with confusing name 2020-08-11 21:09:41 -04:00
John Ericson e6fe9abd8b nixos/ipfs: Allow QUIC connections to socket activate too
Well, via the underlying UDP. QUIC-level socket activation we'll get
someday.
2020-08-11 22:08:19 +00:00
John Ericson 70d68f0478 nixos/systemd: Add support for listenDatagrams
This works exactly analogously to the existing `listenStreams`.
2020-08-11 22:08:19 +00:00
Jan Tojnar 11da469fa5
Merge branch 'staging-next' into staging 2020-08-11 16:18:42 +02:00
Florian Klink 921da91c8a
Merge pull request #93702 from tnias/usbguard20200723
nixos/usbguard: rework
2020-08-11 12:14:32 +02:00
Frederik Rietdijk 46ee7ddcad Merge staging-next into staging 2020-08-11 10:26:59 +02:00
Silvan Mosberger f21c42143b
Merge pull request #48740 from midchildan/add-mirakurun
mirakurun: init at 3.3.0
2020-08-11 06:55:56 +02:00
midchildan 3c951a6e93
video/mirakurun: add module 2020-08-11 13:52:17 +09:00
Kurt Robert Rudolph c54beb953d nixos/xmonad: Fix behavior of config opt
Prior to this change, the `config` option (which allows you define the
haskell configuration for xmonad in your configuration.nix instead of
needing something in the home directory) prevents desktop manager
resources from starting. This can be demonstrated by configuring the
following:

```
  services.xserver = {
    displayManager.defaultSession = "xfce+xmonad";
    displayManager.lightdm.enable = true;

    desktopManager.xterm.enable = false;
    desktopManager.xfce.enable = true;
    desktopManager.xfce.enableXfwm = false;
    desktopManager.xfce.noDesktop = true;

    windowManager.xmonad = {
      enable = true;
      enableContribAndExtras = true;
      extraPackages = haskellPackages: [
        haskellPackages.xmonad-contrib
        haskellPackages.xmonad-extras
        haskellPackages.xmonad
      ];
      config = ''
        import XMonad
        import XMonad.Config.Xfce
        main = xmonad xfceConfig
               { terminal = "terminator"
               , modMask = mod4Mask }
      '';
    };
  };
```

and after user log in, search for xfce processes `ps aux | grep xfce`.
You will not find xfce processes running until after the xmonad process is killed.

The bug prevents utilities included with the desktopManager,
(e.g. powerManagement, session logout, etc.)
from working as expected.
2020-08-10 19:17:54 -07:00
Elis Hirwing 6be7d1c176
php: Drop PHP 7.2 support 2020-08-10 22:28:12 +02:00
Maximilian Bosch dd957c2cb7
nixos/nextcloud: add documentation for alternative reverse-proxies
Follow-up for #93584[1]. This change adds a simple example how to use
`Nextcloud` with `httpd`.

[1] https://github.com/NixOS/nixpkgs/pull/93584#discussion_r465233063
2020-08-10 22:09:01 +02:00
Chris Ostrouchov 2147589c7a pythonPackages.systemdspawner: init at 0.14 2020-08-10 10:03:43 -07:00
Chris Ostrouchov 228f08035d nixos/jupyterhub: init service 2020-08-10 10:03:43 -07:00
Daniël de Kok 1c26e70bbc nixos/manual: add a section about enabling OpenCL for Intel GPUs 2020-08-10 16:26:42 +02:00
zowoq cc06d7a26f buildGoModule: change doCheck default to true 2020-08-10 16:01:03 +10:00
Stig Palmquist 15c53cf0fa
nixos/tests: add test for firejail 2020-08-10 06:54:26 +02:00
Matt Layher 15e5ad6c7c nixos/corerad: use SIGHUP to restart the service
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-08-09 16:15:49 -07:00
Francesco Gazzetta 6cfda0e92c shattered-pixel-dungeon: add nixos test 2020-08-09 15:34:30 -07:00
Stefan Frijters 5141082267 nixos/urserver: init 2020-08-09 12:33:37 -07:00
Stijn DW 552fb94877 dokuwiki: 2018-04-22b -> 2020-07-29 2020-08-09 17:42:57 +02:00
Izorkin 2f6a18af5a nixos/netadata: enable simple sandboxing 2020-08-09 10:19:30 +03:00
Martin Weinelt cb50679f0e
nixos/tests/pinnwand: init 2020-08-09 01:52:25 +02:00
Martin Weinelt 8774b9090d
nixos/pinnwand: init 2020-08-09 01:52:22 +02:00
Philipp Bartsch ffd18cc1b1 nixos/usbguard: rework
Use StateDirectory to create necessary directories and hardcode some
paths. Also drop file based audit logs, they can be found in the
journal. And add module option deprecation messages.
2020-08-08 23:26:07 +02:00
Luflosi 4d9dec0aba
nixos/ipfs: add QUIC transport to swarmAddress list
According to https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#addressesswarm, the default list of swarm multiaddrs now includes the QUIC transport.
2020-08-08 23:08:56 +02:00
Jörg Thalheim 08ba31a660
Merge pull request #94907 from zowoq/ecc-nixos
nixos/*: editorconfig fixes
2020-08-08 20:35:29 +01:00
asdf8dfafjk 8e52c2a63e
nixos/networking: Enhance hostId description (#94800)
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-08-08 20:30:50 +01:00
Jacek Galowicz 2a288cb1da
Merge pull request #93824 from blitz/fix-rpi4-installer
Fix Raspberry Pi 4B SD-Card Install Image
2020-08-08 13:45:02 +02:00
Peter Hoeg 4767015ec8
Merge pull request #84073 from pnelson/nextdns-1.4.36
nextdns: init at 1.7.0
2020-08-08 14:29:12 +08:00
zowoq 8fb410c0ad nixos/*: editorconfig fixes 2020-08-08 10:54:16 +10:00
Frederik Rietdijk cb634b2aa5 Merge staging-next into staging 2020-08-07 23:02:23 +02:00
Florian Klink da88c6eee5 nixos/railcar: fix typo 2020-08-07 18:00:28 +02:00
Jörg Thalheim ba930d8679
nixos/modules: remove trailing whitespace
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
2020-08-07 14:45:39 +01:00
Jörg Thalheim e879d83e38
Merge pull request #92106 from ju1m/transmission 2020-08-07 14:40:17 +01:00
Florian Klink 38724d8e8e
Merge pull request #94837 from aanderse/gitlab
nixos/gitlab: fix module after #94454
2020-08-07 09:05:35 +02:00
Aaron Andersen 69eb22e4cd nixos/gitlab: fix module after #94454 2020-08-06 22:37:48 -04:00
Julien Moutinho 2a49db6a89 transmission: apply RFC0042 and harden the service 2020-08-07 04:28:11 +02:00
aszlig 1365b9ac70
nixos/manual: Fix build
In fd9eb16b24, the option
"services.nextcloud.nginx.enable" has been removed since the module now
exclusively supports nginx only.

Unfortunately, with the option gone from the manual, the link in the
Nextcloud-specific documentation referencing the NixOS option also
became a dead link and thus the manual will no longer build.

I also removed a second reference to this option in the Nextcloud-
specific documentation, which while it doesn't lead to a build error in
the manual is nevertheless a good idea to remove as well to ensure we
don't present outdated information to readers of the manual.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @DavHau, @Ma27
2020-08-07 03:27:42 +02:00
Florian Klink c1f77f4544
Merge pull request #91960 from datafoo/fix-issue-91761
nixos/networkd: update options
2020-08-07 00:37:08 +02:00
Florian Klink d7f0530a15
Merge pull request #94805 from bachp/postgresql-setup-fix
nixos/postgresql: fix setup script
2020-08-06 23:50:12 +02:00
Jörg Thalheim 5e09542c3b
Merge pull request #89416 from Kloenk/autoUpgrade-flakes
nixos/autoUpgrade: add flake support
2020-08-06 21:45:07 +01:00
Pascal Bach cee4e14bdf nixos/postgresql: fix setup script
The missing () caused parts of the escripts to be added to the
ExecStartPost line instead of inside the script.

This caused postgresql start to fail under certain conditions.
2020-08-06 19:47:17 +02:00
Maximilian Bosch 50d8cdb3ca
Merge pull request #93584 from DavHau/nextcloud-improvements
nextcloud: restrict web server support to nginx; stop sharing nginx user/group; improve setup service
2020-08-06 19:00:21 +02:00
Florian Klink 8e0b2b9177
Merge pull request #66856 from flokli/systemd-cryptsetup-lvm
systemd: build with cryptsetup support, add cryptsetup generators
2020-08-06 12:06:54 +02:00
Florian Klink 056bb77adb
Merge pull request #94454 from aanderse/postgresql-cleanup
nixos/postgresql: fix several issues
2020-08-06 11:12:31 +02:00
volth 7503f280c8
nixos/systemd: fix TUN networking in LXC containers (#81481)
in LXC container /dev/net/tun is pre-available, "dev-net-tun.device" always fails
2020-08-05 21:12:57 -05:00
Jonathan Ringer 8d57f75f7a nixos/smartd: fix description for docbook 2020-08-06 10:06:59 +10:00
Aaron Andersen f42f8a6d3c nixos/postgresql: replace deprecated usage of PermissionsStartOnly 2020-08-05 17:31:16 -04:00
Aaron Andersen e50e89e1a8 nixos/postgresql: conditionally provision data directory with StateDirectory 2020-08-05 17:31:16 -04:00
Aaron Andersen 4f5fc729c7 nixos/postgresql: use a standard default value for dataDir 2020-08-05 17:31:12 -04:00
tmplt f9f48250fe nixos/smartd: add option for notifiction email sender 2020-08-05 14:26:48 -07:00
worldofpeace c9a3e0a8cb
Merge pull request #94660 from xaverdh/squashfs-configurable-compression
nixos/iso-image: make squashfs compression easily configurable
2020-08-05 14:24:37 -04:00
Aaron Andersen 4e3b009778
Merge pull request #94624 from dadada/dadada/dokuwiki-acl-path
nixos/dokuwiki: fix path to ACL
2020-08-05 07:28:12 -04:00
Marek Mahut 258ca6451d
Merge pull request #94617 from dadada/dadada/dokuwiki
nixos/dokuwiki: add test for login
2020-08-05 11:55:40 +02:00
Marek Mahut 0bc37f7cb4
Merge pull request #94609 from 1000101/dokuwiki
nixos/dokuwiki: drop SSL forcing and document incompatibility
2020-08-05 11:54:42 +02:00
Marek Mahut 6cf131d54e
Merge pull request #94340 from 1000101/maintainer
nixos/modules: add myself as maintainer of several services
2020-08-05 11:54:29 +02:00
Izorkin 31ce2636a4 nixos/gitea: add lfs options 2020-08-05 11:19:33 +03:00
Izorkin 6c258a7c21 nixos/gitea: add ssh options 2020-08-05 11:19:32 +03:00
Izorkin dfd32f11f3 nixos/gitea: update sandboxing options 2020-08-05 11:19:32 +03:00
Izorkin 6a0fd33b4c nixos/gitea: add support socket connection 2020-08-05 11:19:32 +03:00
Izorkin 1a0e633c60 nixos/gitea: enable pid file 2020-08-05 11:19:32 +03:00
Izorkin 4e68da6337 nixos/gitea: add 'backupDir' option 2020-08-05 11:19:32 +03:00
Izorkin f77e28d83d nixos/gitea: enable data access only for 'gitea' group 2020-08-05 11:19:32 +03:00
DavHau 128dbb31cc nextcloud: use mkDefault for whole nginx config 2020-08-05 11:50:26 +07:00
Peter Hoeg 4d8cc104a9
Merge pull request #78166 from peterhoeg/m/logitech_lcd
nixos/lcd: add support for Logitech LCD
2020-08-05 08:32:05 +08:00
Florian Klink eb58711edf nixosTests.systemd: test cryptsetup support
This creates and opens a luks volume, puts its passphrase into a keyfile
and writes a /etc/crypttab. It then reboots the machine, and verifies
systemd parsed /etc/crypttab properly, and was able to unlock the volume
with the keyfile provided (as we try to mount it).

The memorySize of the VM had to be bumped, as luksFormat would otherwise
run out of memory.
2020-08-05 01:34:12 +02:00
zowoq bf9d9cef58 doc/2009: remove trailing whitespace 2020-08-05 09:21:34 +10:00
Florian Klink 72c8ed0389 systemd: build with cryptsetup and cryptsetup-generators
There's a circular dependency to systemd via cryptsetup and lvm2
(systemd -> cryptsetup -> lvm2 -> udev=systemd).

However, cryptsetup only really needs the devmapper component shipped
with lvm2. So build `pkgs.cryptsetup` with a lvm2 that doesn't come with
udev.
2020-08-05 00:46:57 +02:00
Ryan Mulligan c4814c03b7 treewide: add Jitsi maintainers
* makes jitsi maintainer team
2020-08-04 13:07:36 -07:00
Dominik Xaver Hörl 7f5000c784 nixos/iso-image: make squashfs compression easily configurable 2020-08-04 21:22:01 +02:00
Aaron Andersen 620e154921
Merge pull request #94043 from aanderse/zabbix-settings
nixos/zabbix*: replace extraConfig option with settings option
2020-08-04 12:49:43 -04:00
Maximilian Bosch f5d964724d
nixos/tests/hydra*: fix eval
To specify distributed build-machines, `nix.distributedBuilds` must be
set to `true` now[1].

[1] 67b6e56391
2020-08-04 15:29:08 +02:00
Peter Hoeg 0c7eb9426e doc: release-note details of Logitech LCDs 2020-08-04 20:52:45 +08:00
Peter Hoeg cc305ede1c nixos/lcd: support for Logitech devices 2020-08-04 20:46:07 +08:00
dadada 20f052b6f6
nixos/dokuwiki: add test for login page
Cookie jar can be used to accurately test if the login was successful.
Simply searching for the user name is not sufficient, since it is always
part of the returned page after login. The page should display a phrase
containing the username after login.
2020-08-04 11:03:25 +02:00
Jörg Thalheim 1476c6f349
Merge pull request #91146 from tmplt/doc-zfs-replicate
nixos/zfs-replication: document expected lz4 on host system
2020-08-04 08:46:06 +01:00
dadada 938bd67988
nixos/dokuwiki: fix path to ACL 2020-08-03 23:40:41 +02:00
Ryan Mulligan 4162c69b3c
Merge pull request #92468 from petabyteboy/jitsi-meet
nixos/jitsi-meet: init
2020-08-03 12:43:37 -07:00
Maximilian Bosch 2ae62ef72f
Merge pull request #94611 from Ma27/rel-pkgs-error-msg
nixos/manual: improve error message for invalid values in `relatedPackages'
2020-08-03 20:17:46 +02:00
Jacek Galowicz 319d7ec8d4
Merge pull request #93413 from liff/taskserver-python-test
nixosTests.taskserver: Port to python
2020-08-03 19:38:57 +02:00
Martin Weinelt d1f59cf7b8
Merge pull request #94583 from mweinelt/zigbee2mqtt
zigbee2mqtt: 1.14.1 -> 1.14.2
2020-08-03 17:50:28 +02:00
Maximilian Bosch 04a10b3355
nixos/tests/systemd-networkd-vrf: add comment about trailing whitespaces in test script
For further context please read the discussion in https://github.com/NixOS/nixpkgs/pull/94607#issuecomment-668070029
2020-08-03 17:43:56 +02:00
Maximilian Bosch 76f2e271a2
Merge pull request #94600 from liff/patch-1
nixos/manual: Fix reference to send_key
2020-08-03 16:51:30 +02:00
Maximilian Bosch 5bd1fb2884
nixos/tests/systemd-networkd-vrf: fix test
Broken while fixing some `.editorconfig`-definitions[1], however this
test explicitly relies on the output of `iproute2`.

[1] 8ae7f8c359
2020-08-03 16:47:40 +02:00
Maximilian Bosch 6d19c04416
nixos/manual: improve error message for invalid values in `relatedPackages'
As reported in NixOS discourse[1], tracking down invalid values in
`relatedPackages'[2] (i.e. list-items that don't exist in `pkgs`) is
fairly hard as the message "Invalid package attribute path `foobar'"
is quite unhelpful and the trace doesn't point to the source of the
problem either.

This patch improves the error message by mentioning that the issue is an
invalid `relatedPackages`-declaration in $optionName.

[1] https://discourse.nixos.org/t/invalid-package-attribute-path-nextcloud19/8403/9
[2] https://nixos.org/nixpkgs/manual/#sec-functions-library-options
2020-08-03 16:37:59 +02:00
1000101 15b6edc4d1 release-notes/rl-2009: fix trailing whitespace 2020-08-03 16:31:54 +02:00
1000101 7d938b5e47 release-notes/rl-2009: document dokuwiki incompatibility 2020-08-03 16:26:17 +02:00
zowoq 8ae7f8c359 nixos/tests/*: editorconfig fixes 2020-08-04 00:23:54 +10:00
zowoq 2b5659c700 nixos/maintainers/*: editorconfig fixes 2020-08-04 00:23:54 +10:00
zowoq 25d7880f17 nixos/lib/*: editorconfig fixes 2020-08-04 00:23:54 +10:00
Martin Weinelt b41b902a1c
nixos/zigbee2mqtt: add test to all-tests.nix 2020-08-03 16:17:49 +02:00
1000101 850b3ea028 nixos/dokuwiki: drop SSL forcing 2020-08-03 16:10:05 +02:00
Marek Mahut 4181ae25bf
Merge pull request #94166 from 1000101/bitcoind
release-notes/rl-2009: amend bitcoind incompatibility
2020-08-03 15:56:56 +02:00
Aaron Andersen 34298f0673
Merge pull request #94551 from StijnDW/dokuwiki
nixos/dokuwiki: fix https redirect
2020-08-03 08:17:37 -04:00
Olli Helenius 446669cb5e
nixos/manual: Fix reference to send_key 2020-08-03 13:16:24 +03:00
DavHau ca916e8cb3 nextcloud: deprecate nginx, use chgrp, mkDefault for nginx, fix tests 2020-08-03 14:21:45 +07:00
John Ericson 3a512ab84e
Merge pull request #60246 from dfordivam/virtualbox-add-extra-disk
nixos/modules/virtualization: Options to add an extra disk in virtualbox VM
2020-08-02 13:13:52 -04:00
Martin Weinelt 6c140565d1
Merge pull request #94531 from ju1m/initrd-network
initrd-network: fix flushBeforeStage2
2020-08-02 18:07:27 +02:00
Martin Weinelt bd9ea65bda
Merge pull request #94071 from mweinelt/snapserver
nixos/snapserver: update module to work with snapcast 0.20
2020-08-02 17:24:21 +02:00
Martin Weinelt 0a9dd49634
nixos/tests: add snapcast
Checks
- if all configured ports are listened on
- if all pipes for multiple streams get set up
- if rpc interaction is possible
2020-08-02 17:09:57 +02:00
Robert Hensing 150bf4fa3b
Merge pull request #75584 from Infinisil/settings-formats
Configuration file formats for JSON, INI, YAML and TOML
2020-08-02 16:58:49 +02:00
Martin Weinelt cc4f533a9a
nixos/snapserver: update module to work with snapcast 0.20 2020-08-02 16:58:07 +02:00
Stijn DW f7b6bfd113 nixos/dokuwiki: fix https redirect
Even if the webserver had https disabled, the user would still get redirected to an https url when attemting to login.
2020-08-02 16:08:40 +02:00
Julien Moutinho a7439821bc initrd-network: fix flushBeforeStage2 2020-08-02 09:00:11 +02:00
Samuel Dionne-Riel 8857f400f9
Merge pull request #83678 from mkg20001/add-theme-option
boot.loader.grub: add theme option
2020-08-01 22:27:48 -04:00
Maciej Krüger a7a0d79ef3
boot.loader.grub: add theme option
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>

Co-authored-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
2020-08-02 04:03:45 +02:00
xeji 89e0d97d7e
Merge pull request #93538 from erictapen/tinc-rsa-key-file
nixos/tinc: allow configuration of RSA private key file
2020-08-01 23:32:26 +02:00
Maximilian Bosch 029e93391e
Merge pull request #94369 from Ma27/vrf-tcp-test
nixos/systemd-networkd-vrf: implement working TCP test on a 5.x kernel
2020-08-01 22:54:31 +02:00
Jörg Thalheim 633958732d
Merge pull request #94064 from Mic92/tlp
tlp: use structured config to fix cpu governor
2020-08-01 10:23:44 +01:00
Maximilian Bosch 37e3cadb8b
nixos/systemd-networkd-vrf: implement working TCP test on a 5.x kernel
By design, VRFs allow route-leaking for forwarded packages, but not for
local processes using a socket. While it was possible to leak such TCP
traffic through a VRF on a 4.x kernel, this behavior was considered
wrong and got fixed in Linux 5.x[1].

From now on, local unix sockets must run in the VRF itself using
`ip vrf exec`[2] which basically injects a BPF program into the VRF and
drops elevated networking capabilities by default for the specified
command.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c82a21f4320c8d54cf6456b27c8d49e5ffb722e
[2] https://man7.org/linux/man-pages/man8/ip-vrf.8.html
2020-07-31 21:06:00 +02:00
1000101 b5d21137f3 nixos/modules: add myself as maintainer of several services 2020-07-31 15:53:46 +02:00
Emery Hemingway 3f922834b8 nixos/lib/make-disk-image.nix: abritary format input
Pass unrecognized format types as the output file extension to
qemu-img. The motivation is support for "vdi" output.
2020-07-31 15:33:08 +02:00
Sarah Brofeldt c5a1eafc1b
Merge pull request #94243 from johanot/dockertools-fix-nixstore-perms
dockertools: fix buildLayeredImage nix-store permissions
2020-07-31 10:38:37 +02:00
Johan Thomsen f5db415e2f nixos/tests/dockerTools: add test for running non-root containers with buildLayeredImage
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2020-07-31 10:14:07 +02:00
zowoq b6ce3db981 nixos/doc/*: editorconfig fixes 2020-07-31 15:08:54 +10:00
Matthew Bauer 67b6e56391 nixos/nix-daemon.nix: fix nix.distributedBuilds assertion 2020-07-30 21:38:24 -05:00
Matthew Bauer ed1423b03c
Merge pull request #92415 from matthewbauer/nix-daemon-distributed-builds
Add assertion on distributedBuilds & buildMachines != []
2020-07-30 19:56:23 -05:00
Matthew Bauer 250885d0ca nixos/nix-daemon.nix: assert distributedBuilds and buildMachines!=[]
Without distributedBuilds, you can’t use buildMachines flag.

Fixes #56593
2020-07-30 19:55:12 -05:00
Maximilian Bosch ee06b3047e
Merge pull request #94253 from fadenb/graylog_3.3.3
graylog: 3.3.2 -> 3.3.3
2020-07-30 22:00:47 +02:00
Tristan Helmich (omniIT) 70be15c91b doc/rl-2009: Add warning on Graylog changes in version 3.3.3 2020-07-30 19:16:12 +00:00
worldofpeace b21c16fc5e
Merge pull request #83911 from mkg20001/boot-persistence
stage-1-init: add boot.persistence option
2020-07-30 14:56:06 -04:00
worldofpeace 08bc533dc6
Merge pull request #86480 from mkg20001/steam-module
nixos/steam: init
2020-07-30 14:51:58 -04:00
Maciej Krüger 2d63269e0d
doc/rl-2009: document new steam module in release notes 2020-07-30 20:26:34 +02:00
Maciej Krüger 1e98e895fa
nixos/steam: init 2020-07-30 20:23:57 +02:00
Jörg Thalheim a7888ee7f6
Merge pull request #94183 from fgaz/pt2-clone/1.22
pt2-clone: 1.20 -> 1.22, add nixos test
2020-07-30 12:54:49 +01:00
Marek Mahut 008deafb4b
Merge pull request #94167 from 1000101/blockbook-frontend
nixos/blockbook-frontend: adjust tests to bitcoind
2020-07-30 10:43:32 +02:00
Milan e49fb87b05
nixos/gitlab-runner: add clone-url option (#93894) 2020-07-30 10:24:33 +02:00
Keshav Kini 5e86bba082 nixos/boot: some documentation improvements
- Give a more accurate description of how fileSystems.<name/>.neededForBoot
  works

- Give a more detailed description of how fileSystems.<name/>.encrypted.keyFile
  works
2020-07-29 14:39:21 -07:00
Francesco Gazzetta 4436c0151e pt2-clone: add nixos test 2020-07-29 19:45:03 +02:00
Silvan Mosberger 83b16885f5
nixos/docs: Add documentation for settings options 2020-07-29 18:08:25 +02:00
Milan Pässler 2d819e968e nixos/mautrix-telegram: fix base-config path 2020-07-29 16:34:30 +02:00
1000101 046a80f7a4 nixos/blockbook-frontend: adjust tests to bitcoind 2020-07-29 12:58:25 +02:00
1000101 89b9c3ab92 release-notes/rl-2009: amend bitcoind incompatibility 2020-07-29 12:40:51 +02:00
Peter Hoeg e3d45be66f
Merge pull request #93699 from NixOS/f/do
nixos/do-agent: use .service from upstream
2020-07-29 09:13:56 +08:00
Lassulus 77cf1a6581
Merge pull request #89331 from Lassulus/make-disk-image
make-disk-image: add hybrid and dynamic sized images
2020-07-28 20:34:20 +02:00
Aaron Andersen 7415ba0be8 nixos/zabbixProxy: replace extraConfig option with settings option 2020-07-28 08:11:33 -04:00
Jörg Thalheim 4d0077addd
tlp: use structured config to fix cpu governor
Previously this module just disabled them.
Now tlp merges system defaults in
2020-07-28 09:41:18 +01:00
worldofpeace 654b66e0e4
Merge pull request #93963 from seqizz/g_typo_environment
treewide: fix typo on word environment
2020-07-28 02:18:28 -04:00
Gürkan Gür eb627de968 treewide: fix typo on word environment 2020-07-28 08:00:38 +02:00
Aaron Andersen b58e0905d0 nixos/zabbixAgent: replace extraConfig option with settings option 2020-07-27 22:09:25 -04:00
Aaron Andersen 3aa68faa78 nixos/zabbixServer: replace extraConfig option with settings option 2020-07-27 22:09:20 -04:00
lassulus 883a6079fd make-disk-image: add hybrid and dynamic sized images 2020-07-27 19:45:55 +02:00
DavHau b90a70d53f
nextcloud: shorten nginx group reference
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
2020-07-27 20:20:13 +07:00
Marek Mahut b415ebae97
Merge pull request #93700 from 1000101/bitcoind
nixos/bitcoind: change to multi-instance + add tests
2020-07-27 12:55:29 +02:00
1000101 a5ba1315c2 release-notes/rl-2009: document bitcoind incompatibility 2020-07-27 11:27:50 +02:00
Olli Helenius 6b1c347a85
nixosTests.taskserver: Port to python 2020-07-27 12:12:17 +03:00
1000101 95440f040e nixos/bitcoind: minor refactoring 2020-07-27 10:40:06 +02:00
DavHau 5823ed7841 nextcloud: fix group permissions on startup 2020-07-27 12:41:42 +07:00
DavHau fd9eb16b24 nextcloud: restrict web server support to nginx only 2020-07-27 12:06:04 +07:00
Julian Stecklina fd2047c642 nixos/lib/make-ext4-fs: fix after mkfs.ext4 refactoring
In 9ac1ab10c9 this library function was
refactored to use mkfs.ext4 instead of cptofs. There are two problems:

If populateImageCommands would create no files (which is fine), a cp
invocation would fail due to missing source arguments.

Another problem is that mkfs.ext4 relies on fakeroot to have sane
uid/gids in the generated filesystem image. This currently doesn't
work for cross compiling.
2020-07-26 22:49:55 +02:00
worldofpeace f84ee806e3 nixos/release: add pantheon closure 2020-07-26 15:30:08 -04:00
Silvan Mosberger ff5bdca1ed
Merge pull request #93813 from bobismijnnaam/update-wpa-supplicant-config
Ensure wpa_supplicant.conf is written when userControlled and extraConfig are used
2020-07-26 16:43:56 +02:00
Jan Tojnar a86f4110a7
Merge pull request #93771 from jtojnar/flatpak-1.8 2020-07-26 13:56:16 +02:00
Jan Tojnar 5d3f240ebd
Merge pull request #93712 from jtojnar/malcontent-0.8
malcontent: 0.7.0 → 0.8.0
2020-07-26 13:55:02 +02:00
Charlotte Van Petegem 8eca34dd16 nixos/tests/networking: fix macvlan tests
The range option still needs to be defined in dhcpd4 to be able to give out static IP addresses
2020-07-26 12:44:05 +02:00
DavHau 6ee3004132 nextcloud improve user/group handling
- remove optons cfg.user, cfg.groups
- add option `serverUser` which is required when not using nginx
- add `serverUser` to nextcloud group
- set user/group to "nextcloud" for nextcloud services
- make setup-service non-root
2020-07-26 15:54:23 +07:00
Florian Klink ebfae82674 nixos/yubikey-agent: add missing mkIf
This accidentially added pkgs.yubikey-agent to
environment.systemPackages unconditionally.
2020-07-26 09:34:24 +02:00
Vladimír Čunát 5475b84859
nixos/tests/installer lvm: increase partition size
We apparently didn't fit anymore.  I don't think this test is meant
to (also) check closure size.
2020-07-25 22:57:27 +02:00
ajs124 2a2b31ba4a nixos/tasks/lvm: fix systemd tmpfiles 2020-07-25 20:43:12 +02:00
Emery Hemingway d800d1e884 fixup! nixos/yggdrasil: add manual section 2020-07-25 16:34:20 +02:00
Emery Hemingway 764a9252a3 nixos/yggdrasil: add manual section 2020-07-25 16:34:20 +02:00
Emery Hemingway 39deb82e4b nixos/yggdrasil.nix: test 300::/7 addresses 2020-07-25 16:34:20 +02:00
Emery Hemingway a8780387ba nixos/dhcpd: make authoritative mode optional
There are circumstances where running secondary DHCP servers in
non-authoritative mode is advantageous. Retain the previous
authoritative behavior as a default.
2020-07-25 16:33:04 +02:00
Vladimír Čunát 2b7c0dcdaa
Merge branch 'staging-next'
Rebuild on Hydra seems OK-ish.
mongodb.nix needed some conflict resolution (scons versions);
all four versions seem to build fine.
2020-07-25 16:18:40 +02:00
Bob Rubbens 71ea6a9a41 nixos/wpa_supplicant: update config generation
Ensure wpa_supplicant.conf is also generated when userControlled and
extraConfig are used. (As discussed in issue #59959)
2020-07-25 14:24:57 +02:00
Jan Tojnar 352749e577
ostree: enable ed25519 support
This was omitted in the latest update.

Only adds ~400 KB.

It required adding openssl to tests so I tacked on some cleanups.
In particular, the GI_TYPELIB_PATH was already being set in the wrapper
so we can remove it from the module (not sure why Gtk was even there).

Also switched away from using pkgconfig and docbook_xsl aliases
and reordered the expression a bit.
2020-07-25 12:54:18 +02:00
Lassulus 032775d0ac
Merge pull request #93788 from chkno/syncthing-test
nixos/tests: Add test for syncthing
2020-07-25 11:40:06 +02:00
Sebastien Bourdeauducq ecafef0dd8 pam_p11: add 2020-07-25 09:37:48 +02:00
Scott Worley 140247cd8a nixos/tests: Add test for syncthing 2020-07-24 15:51:14 -07:00
Jan Tojnar 379038b4dc nixosTests.flatpak: clean up
GNOME is not necessary. Portals probably are not either,
but the NixOS module requires them.

Not sure why it did not work without GNOME before.
2020-07-24 21:02:02 +02:00
Jaka Hudoklin fea9351d81
Merge pull request #92719 from pjjw/update/mongodb-42
mongodb: 4.0.12 -> 4.2.8
2020-07-24 20:15:29 +02:00
Léo Gaspard 0c075ce453
Merge pull request #93715 from lovesegfault/roon-server-revamp
roon-server: revamp
2020-07-24 20:11:01 +02:00
Jan Tojnar 98710d2552
flatpak: 1.6.3 → 1.8.1
Changes:
* https://github.com/flatpak/flatpak/releases/tag/1.7.1
* https://github.com/flatpak/flatpak/releases/tag/1.7.2
* https://github.com/flatpak/flatpak/releases/tag/1.7.3
* https://github.com/flatpak/flatpak/releases/tag/1.8.0
* https://github.com/flatpak/flatpak/releases/tag/1.8.1

Commits:
https://github.com/flatpak/flatpak/compare/1.6.3...1.7.1
https://github.com/flatpak/flatpak/compare/1.7.1...1.8.1

Notable packaging changes:
* Flatpak now ships a sysusers.d file for allowing systemd to create the required users.
  4df019063b
* Completion support for fish shell
* If an app has filesystem access, the host /lib is accessible as /run/host/lib, etc.
* New filesystem permission "host-etc" and "host-os" give access to system /usr and /etc.
  fe2536b844
* We now always expose the host timezone data, allowing us the expose the host /etc/localtime in a way that works better, fixing several apps that had timezone issues.
  dc4e198766
* We now ship a systemd unit (not installed by default) to automatically detect plugged in usb sticks with sideload repos.
* By default we no longer install the gdm env.d file, as the systemd generators work better
  7c3a85bf43
* Use variant-schema-compiler for some GVariant code
  https://github.com/flatpak/flatpak/pull/3366
* zstd compression for oci deltas:
  bfa71e208a

Additionally:
* Remove glibcLocales which is not used since 1.4 bump because glibc contains a locale archive with C.UTF-8
  1728bc8d22
* Stop using aliases for docbook-xsl-nons and pkg-config packages
* Stop using autoreconfHook, the autogen.sh script contains some extra that are necessary when building from git.
* Increase disk space for installed tests, they were running out.
* Enable building developer documentation.
2020-07-24 19:38:51 +02:00
Peter Woodman dbd0f3e957
mongodb: 4.0.12 -> 4.2.8
Not strictly an upgrade, but adds a new mongodb-4_2 target with the
current mongodb from that branch.

Use matching client and server versions in mongodb tests- tests were
using the mongo 3.4 client to connect, and this finally doesn't work
with server 4.2.

Per reviewer suggestion, adding myself as cheetah3 maintainer.

Additionally, reestore comments describing the purpose of the
build-dependencies patch
2020-07-24 11:44:16 -04:00
Jan Tojnar 8d53e88346
nixosTests.installed-tests.flatpak: Fix
Along with the `socat` fix in the parent commit, this makes
the Flatpak’s installed tests finally pass again.

The tests seem to need slightly over 2G of disk space,
and it appears that the test suite was ported to Python 3 in 1.5.1:
2b6641575d
2020-07-24 16:32:34 +02:00
Jan Tojnar 2bfa6aa848
nixosTests.installed-tests: Add the test data to VM closure
Flatpak’s installed tests build Flatpak runtimes, among other things.
Upstream code does this by copying some programs on `PATH`
as well as some possible dependencies from host’s /usr.
We patch the code to use `nix-store --query --requisites`
to make the dependency discovery easier.

The Flatpak’s installed tests add `socat` to `PATH` and later run
`nix-store --query --requisites` on its location but it was failing with

    error: path '/nix/store/qcyf7nq5vvfw32967sv4j6z190inrbrc-socat-1.7.3.4' is not valid

The issue occurred because, while the host Nix store is bind mounted into the test VM,
the VM’s store uses its own database that only contains the packages in the VM’s closure.
Since the test commands are not actually part of the VM but only passed through PTY,
the `flatpak.installedTests` derivation was not part of the VM’s closure, so `nix-store`
in the VM could not get information about its dependency `socat`.

Let’s make the `installedTests` of the tested package part of the test VM’s closure
by passing it as a global environment variable. This will also have the added benefit
that user no longer has to type the path when running the installed tests manually in the VM;
they can just use `gnome-desktop-testing-runner -d $TESTED_PACKAGE_INSTALLED_TESTS`,
which is much more conducive to tab completion.
2020-07-24 16:30:49 +02:00
Emery Hemingway 76d60b0fcd nixos/molly-brown: init 2020-07-24 11:04:33 +02:00
Kirill Elagin e1d80de838 prometheus: Add assert for legacy listenAddress 2020-07-23 18:16:13 -04:00
Kirill Elagin 5d2a465add prometheus: Use types.port for port 2020-07-23 18:15:57 -04:00
Jan Tojnar 097117cf72
malcontent: 0.7.0 → 0.8.0
* Update: https://gitlab.freedesktop.org/pwithnall/malcontent/-/releases/0.8.0
    * Fix the separation patch.
    * Add `itstool` to ui (needed for building localized help).
* Use `pkg-config` instead of the `pkgconfig` alias.
* Fix some issues related to multiple outputs:
    * Make the module pass specific output to `dbus.packages` since the `dbus` NixOS module will not generate configuration with correct interface paths otherwise.
    * Change `malcontent-ui` package to primarily-a-program type derivation (`out`+`lib` instead of `bin`+`out`) since there are more and more `malcontent-control`-specific assets.
        * This also fixes the issue where application data (desktop files, icons…) were installed to `out`, which is not installed by `environment.systemPackages`/`system-path.nix`’s `buildEnv` by default when `bin` output is also present.
    * Make `malcontent` package install `out` output too so that `system-path.nix` links that too. It contains the AccountsService & Polkit data files.
    * Split the library and PAM module out of `malcontent.out` so that they are not installed with the data files.
        * This revealed a bug in the `gobject-introspection` setup hook.
2020-07-23 21:59:23 +02:00
Bernardo Meurer 0aadd405a3
services.roon-server: fix binary path 2020-07-23 11:38:13 -07:00
Florian Klink d5aa8ff17c
Merge pull request #93586 from makefu/pkgs/udpt/bump
udpt: 2017-09-27 -> 3.1.1
2020-07-23 17:54:39 +02:00
Florian Klink 8f7a623af6
Merge pull request #92936 from philandstuff/add-yubikey-agent
yubikey-agent: init at 0.1.3
2020-07-23 17:52:30 +02:00
makefu ecdc10db97
release-notes/rl-2009: add remark about udpt complete rewrite 2020-07-23 17:30:05 +02:00
Peter Hoeg e0589ec65b nixos/do-agent: use .service from upstream 2020-07-23 19:30:01 +08:00
1000101 7b76bc2c7d nixos/bitcoind: add tests 2020-07-23 12:05:52 +02:00
1000101 c6017d9895 nixos/bitcoind: change to multi-instance 2020-07-23 12:05:40 +02:00
Jan Tojnar 2988feba8c
Merge branch 'master' into staging-next 2020-07-23 08:19:14 +02:00
Mario Rodas af5765b0dc
Merge pull request #85681 from Beskhue/improve-descriptions
nixos/acme: improve some descriptions
2020-07-23 00:03:05 -05:00
MetaDark db96d8840f nixos/xpadneo: init at 0.8.1
I just got an Xbox One controller and I wasn't satisfied with the xpad
driver that ships with the Linux kernel

xpadneo supports more features and fixes problems with
incorrect button mappings

https://atar-axis.github.io/xpadneo
2020-07-22 21:08:11 -04:00
Florian Klink 80c2d2e2af
Merge pull request #93423 from helsinki-systems/feat/gitlab-redis-url
nixos/gitlab: Make redis URL configurable
2020-07-22 19:05:28 +02:00
Linus Heckemann a5d20d25eb
Merge pull request #88669 from Mic92/hidpi
nixos/hidpi: Reasonable defaults for high-density displays
2020-07-22 17:43:03 +02:00
Daniël de Kok 5226e6b513
Merge pull request #93591 from Flakebi/vulkan-manual
nixos/manual: add a section about Vulkan drivers
2020-07-22 16:59:51 +02:00
Sebastian Neubauer 350f1d64af nixos/manual: add a section about Vulkan drivers
- Add a general block about how to configure and test Vulkan
- Add a section about switching between mesa/radv and amdvlk on AMD
  GPUs.
2020-07-22 14:41:33 +02:00
Vladimír Čunát 7a5c6fee0f
Merge branch 'master' into staging-next
Some rebuilds, e.g. all of haskell.
Hydra nixpkgs: ?compare=1601713
2020-07-22 08:37:19 +02:00
ajs124 c708c41c11 qemu-vm: fix master eval 2020-07-21 20:14:49 +02:00
Nathan Fish 8ffa852aed
netboot: docs: building netboot should specify an arch (#75116)
Building without specifying an arch attempts to build all,
and fails.
2020-07-21 19:26:02 +02:00
DavHau 07076e9fe0 nextcloud: configurable user and group, enabled nginx, improve setup 2020-07-21 08:23:45 +00:00
Henri Menke fc4ea9ecba
ZFS: Request credentials only for selected pools
This change introduces more fine-grained requestEncryptionCredentials.
While previously when requestEncryptionCredentials = true, the
credentials for all imported pools and all datasets in these imported
pools were requested, it is now possible to select exactly the pools and
datasets for which credentials should be requested.

It is still possible to set requestEncryptionCredentials = true, which
continues to act as a wildcard for all pools and datasets, so the change
is backwards compatible.
2020-07-21 19:36:10 +12:00
Lassulus 72f66e7e42
Merge pull request #72320 from sweber83/sw-zigbee2mqtt
zigbee2mqtt package & module
2020-07-21 05:23:43 +02:00
edef 203f58ac1b
Merge pull request #93451 from edef1c/os-login
nixos/users-groups: don't consider a system with Google OS Login inaccessible
2020-07-20 23:34:15 +00:00
Timo Kaufmann 830a8d6ee1
Merge pull request #74174 from raboof/fix-74047-stable-gpt-disk-guid
make-iso9660-image: produce stable GPT disk GUID
2020-07-21 00:30:57 +02:00
Florian Klink fec45bdfbc
Merge pull request #93355 from Izorkin/nginx-unit
nixos/unit: add 'tmp' directory
2020-07-21 00:17:54 +02:00
Florian Klink f67288925a
Merge pull request #93422 from helsinki-systems/fix/gitlab-sidekiq-warn
nixos/gitlab: Drop sidekiq PID file
2020-07-21 00:11:24 +02:00
Florian Klink f14799c8e7
Merge pull request #93073 from helsinki-systems/tmpfiles-packages
nixos/systemd: Implement a packages option for tmpfiles
2020-07-20 23:56:41 +02:00
Simon Weber 3dc3f019cf nixos/zigbee2mqtt: add minimal test 2020-07-20 21:48:14 +02:00
Simon Weber 1af8759693 nixos/zigbee2mqtt: init 2020-07-20 21:48:14 +02:00
Justin Humm 1192255677
nixos/tinc: allow configuration of RSA key file
This is necessary for VPNs where some of the nodes run pre-1.1 versions.

Most of Linux distros [0] and even the nixpkgs.tinc attribute run on that
version, so it might be useful to have that option.

[0] https://repology.org/project/tinc/versions
2020-07-20 21:39:22 +02:00
Justin Humm d6f6424ac8
nixos/gollum: introduce --h1-title option 2020-07-20 16:15:18 +02:00
Bas van Dijk d06de760f8 nixos/modules/system/activation/top-level.nix: allow overriding system.name
The toplevel derivations of systems that have `networking.hostName`
set to `""` (because they want their hostname to be set by DHCP) used
to be all named
`nixos-system-unnamed-${config.system.nixos.label}`.
This makes them hard to distinguish.

A similar problem existed in NixOS tests where `vmName` is used in the
`testScript` to refer to the VM. It defaulted to the
`networking.hostName` which when set to `""` won't allow you to refer
to the machine from the `testScript`.

This commit makes the `system.name` configurable. It still defaults to:

```
if config.networking.hostName == ""
then "unnamed"
else config.networking.hostName;
```

but in case `networking.hostName` needs to be to `""` the
`system.name` can be set to a distinguishable name.
2020-07-20 13:44:18 +02:00
Bas van Dijk 6e7822b8f3 lib: toHex -> toHexString & toBase -> toBaseDigits
This makes the type of these functions more apparent from the name.
2020-07-20 13:14:19 +02:00
Bas van Dijk e15815e885 nixos/tests/networking.nix: test the services.dhcpd4.machines option
This modifies the `router` to not give out a range of IP addresses but
only give out a fixed address based on the MAC address using the
`services.dhcpd4.machines` option.

To get access to the MAC address the `qemuNicMac` function is defined
and exported from `qemu-flags.nix`.
2020-07-20 13:09:27 +02:00
Bas van Dijk 0410f5dff9 nixos/tests: support up to 255 nodes in NixOS tests 2020-07-20 13:09:27 +02:00
Daniël de Kok d0c12dc612
Merge pull request #85689 from danieldk/resilio-module-fix
nixos/resilio: fix directoryRoot configuration
2020-07-20 11:31:36 +02:00
Daniël de Kok b9e0992e87 nixos/resilio: fix directoryRoot configuration
The resilio module places the directoryRoot configuration in the webui
section. However, the generated configuration fails on the current
version of Resilio Sync with:

Invalid key context: 'directory_root' must be in global config section

This change places this key in the global configuration section to
solve this error.
2020-07-20 11:24:33 +02:00
Arnout Engelen be006eab1f
make-iso9660-image: produce stable GPT disk GUID
By generating a version-5 GUID based on $out (which contains
the derivation hash) and preventing isohybrid from overwriting
the GPT table (which already is populated correctly by xorriso).

Tested by:
* booting from USB disk on a UEFI system
* booting from USB disk on a non-UEFI system
* booting from CD on a UEFI system
* booting from CD on a non-UEFI system
* booting from CD on an OSX system

Also tested that "nix-build ./nixos/release-combined.nix -A
nixos.iso_minimal.x86_64-linux -I nixpkgs=~/nixpkgs-r13y --check"
now succeeds.

Fixes #74047
2020-07-20 11:16:59 +02:00
Nikola Knežević 53f42f245a
oauth2_proxy: 5.1.1 -> 6.0.0 (#93121)
The new release fixes one of the outstanding CVEs against oauth2_proxy:
https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv.

In addition, rename the owner and the project name to reflect the
changes upstream (it now belongs to the oauth2-proxy organization, and
the name is oauth2-proxy)
2020-07-19 22:08:33 -07:00
Jan Tojnar 83442a3533
Merge branch 'master' into staging-next 2020-07-20 02:16:21 +02:00
aszlig 4e92b613cc
nixos/wireguard: Fix mismatched XML tag
Build error introduced in fe7053f75a912197f312d890740dd3bdde0ed994:

  parser error : Opening and ending tag mismatch: commmand line 6139 and command
  escription><para>Base64 preshared key generated by <commmand>wg genpsk</command>
                                                                                 ^
Writing "command" with only two "m" fixes building the NixOS manual.

Signed-off-by: aszlig <aszlig@nix.build>
2020-07-20 00:14:44 +02:00
Jörg Thalheim 1c26e6baec
Merge pull request #93474 from tnias/fix20200719 2020-07-19 21:07:05 +01:00
06kellyjac 9edb189fa1 nixos/containers: correct isNormaUser to isNormalUser
Correct a small spelling slip up
2020-07-19 16:26:14 +01:00
Philipp Bartsch fe7053f75a nixos/wireguard: fix typos and unify formatting 2020-07-19 14:57:39 +02:00
edef 2e4fb5cf4c nixos/users-groups: don't consider a system with Google OS Login inaccessible
This allows disabling users.mutableUsers without configuring any
authentication mechanisms (passwords, authorized SSH keys) other than
Google OS Login.
2020-07-19 00:28:02 +00:00
Vladimír Čunát 4244b73917
Merge branch 'master' into staging 2020-07-18 17:50:23 +02:00
Janne Heß f459122ea3
nixos/gitlab: Support extra config for shell 2020-07-18 16:46:33 +02:00
Janne Heß e9bf4ca80f
nixos/gitlab: Make redis URL configurable
We run Redis via Unix socket
2020-07-18 16:28:59 +02:00
Janne Heß 026b4eb3ae
nixos/gitlab: Drop sidekiq PID file
> WARNING: PID file creation will be removed in Sidekiq 6.0, see #4045.
Please use a proper process supervisor to start and manage your
services

Since NixOS uses a proper process supervisor AND does not use the PID
file anywhere, we can just drop it to be upwards compatible and fix that
warning.
2020-07-18 16:00:04 +02:00
Olli Helenius 2d8311dac9
nixos/manual: Fix reference to copy_from_host 2020-07-18 14:26:44 +03:00
Jörg Thalheim eb66a32a56
Merge pull request #76487 from ryneeverett/lockkernelmodules-docker 2020-07-18 10:35:34 +01:00
Daniël de Kok cace440c15
Merge pull request #93290 from danieldk/manual-opencl-amd
nixos/manual: add a section about enabling OpenCL for AMD GPUs
2020-07-18 08:34:07 +02:00
ryneeverett f12581a7a3 nixos/docker: explicitly load kernel modules
This is analogous to #70447.

With security.lockKernelModules=true, docker commands result in the following
error without at least loading veth:

$ docker run hello-world
/nix/store/mr50kaan2vs4gc40ymwncb2vci25aq7z-docker-19.03.2/libexec/docker/docker: Error response from daemon: failed to create endpoint epic_kare on network bridge: failed to add the host (veth8b381f3) <=> sandbox (veth348e197) pair interfaces: operation not supported.
ERRO[0003] error waiting for container: context canceled
2020-07-18 02:31:25 +00:00
Janne Heß a44b2cdd3a nixos/systemd: Implement a packages option for tmpfiles
Also drop the `portables` tmpfiles because the file is missing in the
systemd derivation.
2020-07-18 00:03:47 +02:00
WilliButz c8a29f640a
Merge pull request #93291 from mdlayher/mdl-mmexporter
prometheus-modemmanager-exporter: init at 0.1.0, add NixOS module
2020-07-17 20:02:56 +02:00