1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-19 04:02:10 +00:00
Commit graph

17144 commits

Author SHA1 Message Date
Colin L Rice c5f18c44b1
go-modules: Doc updates 2020-05-14 07:21:52 +01:00
Jaka Hudoklin 9a29fe5808
Merge pull request #87576 from xtruder/pkgs/libvirtd/polkit
libvirtd: polkit integration, security fixes
2020-05-13 21:00:51 +07:00
Jaka Hudoklin 056ab3d278 nixos/libvirtd: use polkit for auth 2020-05-13 21:00:04 +07:00
Jörg Thalheim 6c437ef1bb
Merge pull request #85567 from Izorkin/nginx-sandbox 2020-05-13 10:34:02 +01:00
Dietrich Daroch 735c9a70d7 Services,IPFS,Fix: Require the ipfs-migrator package for handling upgrades.
Without it, the services get stuck on startup when the IPFS repo needs upgrades.
2020-05-13 00:15:50 -07:00
Linus Heckemann db010c5537
Merge pull request #85687 from mayflower/privacyidea
Init privacyIDEA packages and modules
2020-05-13 09:08:57 +02:00
Timmy Xiao fd13ca9f84 pam: fix spelling mistake in configuration 2020-05-12 15:56:37 -04:00
Izorkin 94391fce1d nixos/nginx: add option enableSandbox 2020-05-12 20:03:29 +03:00
Izorkin aa12fb8adb nginxModules: add option allowMemoryWriteExecute
The allowMemoryWriteExecute option is required to checking enabled nginxModules
and disable the nginx sandbox mode MemoryDenyWriteExecute.
2020-05-12 20:03:29 +03:00
Izorkin c7106610f1 nixos/tests: add nginx-sandbox test 2020-05-12 20:03:29 +03:00
Izorkin af6d0095f7 nixos/tests: fix nginx-pubhtml test 2020-05-12 20:03:29 +03:00
Izorkin 97a0928ccb nixos/nginx: add release notes 2020-05-12 20:03:28 +03:00
Izorkin 628354c686 nixos/nginx: enable sandboxing 2020-05-12 20:03:27 +03:00
adisbladis 30236aceaf
Merge pull request #87581 from cole-h/doas
nixos/doas: default rule should be first
2020-05-12 18:38:51 +02:00
Jacek Galowicz 11f49fb94d
Merge pull request #79966 from chkno/bcache
nixos/bcache: Installer test for / on bcache
2020-05-12 18:21:44 +02:00
Silvan Mosberger 6440000547
Merge pull request #87599 from helsinki-systems/znapzend-oracle-mode 2020-05-12 15:39:25 +02:00
Silvan Mosberger fea63944fd
Merge pull request #87280 from helsinki-systems/znapzend-mbuffer-path 2020-05-12 15:37:38 +02:00
betaboon fd41795f58 nixos/pixiecore: fix escaping of cmdline 2020-05-12 15:14:49 +02:00
Florian Klink d6f90e4f9e
Merge pull request #73530 from eadwu/nvidia/systemd-pm
nixos/nvidia: include systemd power management
2020-05-12 13:54:45 +02:00
Linus Heckemann 90c0191735
Merge pull request #85428 from serokell/kirelagin/unit-script-name
systemd: Simplify unit script names
2020-05-12 09:35:26 +02:00
Jacek Galowicz efe0051a9d
Merge pull request #87632 from chkno/installer-test-machine-name-fix
nixos/tests/installer: Fix machine name
2020-05-12 09:32:44 +02:00
Anderson Torres bae0829384
Merge pull request #87288 from AndersonTorres/tinywm-upload
tinywm: init at 2014-04-22
2020-05-11 21:31:41 -03:00
Chuck f9091581e8 nixos/tests/installer: Fix machine name 2020-05-11 15:41:18 -07:00
Matthew Bauer 43545032af
Merge pull request #87314 from matthewbauer/bazel-flat
build-bazel-package: switch hash mode to “flat”
2020-05-11 15:27:48 -05:00
Matthew Bauer fe48f63c3c build-bazel-package: Add hash change to changelog 2020-05-11 13:19:52 -05:00
Michel Weitbrecht 90533bfde2
nixos/znapzend: Add oracleMode feature; add maintainer
The feature destroys snapshots one-by-one instead of all at once.
If many snapshots accumulated, destroying them all at once can fail
because the argument list is too long. See
https://github.com/oetiker/znapzend/blob/master/lib/ZnapZend/ZFS.pm#L284
2020-05-11 14:35:30 +02:00
Michel Weitbrecht c46b26b9ad
nixos/znapzend: Use generic mbuffer path
The configured mbuffer path will be called on both the source and target
system. If you use pkgs.mbuffer from the source host and the target host
does not have this exact derivation, you will get a broken pipe when
sending snapshots. This is the case when transferring to a non-NixOS
system or to a host with a different mbuffer version.
2020-05-11 14:26:39 +02:00
Florian Klink b12c08ca88
Merge pull request #87414 from chkno/specify-shell-when-sudoing-to-user-with-unknown-shell
nixos/test-driver: Specify /bin/sh shell when running a bourne shell script as the user
2020-05-11 13:32:46 +02:00
Michele Guerini Rocco da19aa1319
Merge pull request #87593 from vojta001/monero
monero: fix rcp.restricted option
2020-05-11 12:39:16 +02:00
Jörg Thalheim 11c18faa4e
Merge pull request #85862 from Izorkin/nginx-paths 2020-05-11 11:17:04 +01:00
Vojtěch Káně e7ab236cab monero: fix rcp.restricted option
According to https://monerodocs.org/interacting/monerod-reference/#node-rpc-api
the correct option is restricted-rpc, not restrict-rpc.
2020-05-11 12:11:58 +02:00
Cole Helbling 01b645e872
nixos/doas: default rule should be first
In /etc/doas.conf, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.
2020-05-10 22:14:16 -07:00
Dominique Martinet d8fa2627f3 mpd: remove user/group from conf
the options should not be set as we already change user with service
file, man mpd.conf says "Do not use this option if you start MPD as an
unprivileged user"

The group option actually is not documented at all anymore and probably
no longer exists.

These options get in the way of setting up confinement for the service,
as it would otherwise be pretty straightforward to setup, but even if
mpd is not root it would check the user exists within the chroot which
is more work (need to get nss working):

  systemd.services.mpd = {
    serviceConfig.BindPaths = [
      # mpd state dir
      "/var/lib/mpd"
      # notify systemd service started up
      "/run/systemd/notify"
    ];
    serviceConfig.BindReadOnlyPaths = [
      "/path/to/music:/var/lib/mpd/music"
    ];
    # ProtectSystem is not compatible with confinement
    serviceConfig.ProtectSystem = lib.mkForce false;
    confinement = {
      enable = true;
      binSh = null;
      mode = "chroot-only";
    };
  };
2020-05-10 20:24:33 +02:00
Gaelan 4ed7e23636 nixos/device-tree: fix package name in examples
deviceTree_rpi got renamed to device-tree_rpi a while back, so this updates the examples to reflect that.
2020-05-10 20:13:54 +02:00
Dominique Martinet 4c81174f4c
nixos/confinement: add conflict for ProtectSystem service option
Systemd ProtectSystem is incompatible with the chroot we make
for confinement. The options is redundant with what we do anyway
so warn if it had been set and advise to disable it.

Merges: https://github.com/NixOS/nixpkgs/pull/87420
2020-05-10 19:25:41 +02:00
Edmund Wu 9a269f555a
nixos/nvidia: include systemd power management 2020-05-10 11:25:50 -04:00
Richard Marko a6ac6d00f9 nixos/raspberrypi-builder: fix cross using buildPackages 2020-05-10 16:03:31 +02:00
Richard Marko 03ae0c0fe2 nixos/uboot-builder: fix cross using buildPackages 2020-05-10 16:03:31 +02:00
Andreas Rammhold a432f832bf nixos/tests/gitdaemon: fix spurious test failures due to flaky network
This test is sometimes flaky on hydra as at the time of the `git clone`
the network isn't really configured yet[1]. That problem doesn't seem to
occur locally but if you run it on a machine with high enough load (such
as hydra build machines). Hopefully this will make the test not flaky
anymore.

[1] https://hydra.nixos.org/build/118710378/nixlog/21/raw
2020-05-10 15:58:54 +02:00
José Romildo Malaquias be03474637
Merge pull request #77054 from formbay/nvidia-persistenced
nixos/nvidia : added nvidia-persistenced
2020-05-10 07:42:47 -03:00
adisbladis 68ee2396f6
Merge pull request #86488 from cole-h/doas
nixos/doas: init
2020-05-10 10:33:29 +02:00
Matthew Bauer b907387ffe
Merge pull request #87212 from matthewbauer/dont-include-gdk-pixbuf-module-file
nixos/gdk-pixbuf.nix: don’t set GDK_PIXBUF_MODULE_FILE in cross
2020-05-09 14:06:48 -05:00
Florian Klink 8325e0db11 Revert "nixos/resolved: Include dbus alias of resolved unit"
This reverts commit 7fe539f799.
2020-05-09 20:05:01 +02:00
Chuck 751a27020e nixos/test-driver: Specify /bin/sh shell when running a bourne shell script as the user
The test harness provides the commands it wishes to run in Bourne
syntax.  This fails if the user uses a different shell.  For example,
with fish:

  machine.wait_for_unit("graphical-session.target", "alice")

machine # fish: Unsupported use of '='. To run '-u`' with a modified environment, please use 'env XDG_RUNTIME_DIR=/run/user/`id -u`…'
machine # XDG_RUNTIME_DIR=/run/user/`id -u` systemctl --user --no-pager show "graphical-session.target"
machine # ^
machine # [   16.329957] su[1077]: pam_unix(su:session): session closed for user alice
error: retrieving systemctl info for unit "graphical-session.target" under user "alice" failed with exit code 127
2020-05-09 11:01:17 -07:00
Florian Klink d4c2f1ab5d
Merge pull request #87263 from arianvp/resolved-dbus
nixos/resolved: Include dbus alias of resolved unit
2020-05-09 18:06:50 +02:00
Robin Gloster f1f0e82c50
privacyidea: address reviews 2020-05-09 12:11:44 +02:00
Eelco Dolstra 10d74709fe
Merge pull request #87191 from edolstra/no-nested-logs
testing{-python}.nix: Remove log pretty-printing cruft
2020-05-09 09:00:27 +02:00
Mario Rodas 72654dc57e
Merge pull request #87210 from Frostman/prom-2.18.0
prometheus: 2.17.2 -> 2.18.1
2020-05-08 14:03:15 -05:00
AndersonTorres 44d90b0619 tinywm: init at 2014-04-22
A tiny window manger for X11
2020-05-08 15:29:25 -03:00
Alexey Shmalko afbab5a3f3
Merge pull request #85996 from misuzu/nixos-install-low-memory
nixos/nixos-installer: use temporary directory on target filesystem
2020-05-08 18:40:24 +03:00