nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 07:53:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
345,213 Commits 240 Branches 124 Tags 7.3 GiB
0806c2602a
Commit Graph

25080 Commits

Author SHA1 Message Date
Jan Tojnar
380c030740 Merge branch 'master' into staging-next 
; Conflicts:
;	pkgs/development/python-modules/aiohttp-socks/default.nix
;	pkgs/development/python-modules/emv/default.nix
;	pkgs/development/python-modules/mocket/default.nix
;	pkgs/development/python-modules/types-protobuf/default.nix
 2021-12-31 07:26:03 +01:00
Robert Scott
c8d137961d nixos/tests/systemd-binfmt: Add ldPreload test for LD_PRELOAD error messages 2021-12-30 14:52:34 -08:00
Vladimír Čunát
0e5dab9db7
Revert "nixos/dhcpd: switch to DynamicUser" 2021-12-30 14:22:08 +01:00
Jonas Heinrich
71c423671b nixos/maddy: Better description, user and group handling 2021-12-30 14:17:00 +01:00
Patrick Hilhorst
59c187f2c3
Merge pull request #148217 from Synthetica9/pulseaudio-test 2021-12-30 11:04:36 +01:00
zowoq
45dbb95515 nixos/kubernetes: remove dashboard 2021-12-30 18:51:03 +10:00
Dmitry Kalinkin
e10d27e503
Merge branch 'master' into staging-next 
Conflicts:
	pkgs/development/python-modules/mautrix/default.nix
 2021-12-29 16:27:23 -05:00
Aaron Andersen
4ceea6850a
Merge pull request #152043 from Lyndeno/duplicati-dataDir 
nixos/duplicati: Add dataDir to service
 2021-12-29 15:05:01 -05:00
pennae
55daffc1c9 nixos/sourcehut: add missing defaultText, escape antiquotations 2021-12-29 20:12:03 +01:00
pennae
3dbb117aa5 nixos/aesmd: add missing defaultText 2021-12-29 20:12:03 +01:00
pennae
bf58a90d09 nixos/xrdp: add missing defaultText 2021-12-29 20:12:02 +01:00
pennae
55863f14ce nixos/couchdb: add missing defaultText 2021-12-29 20:12:02 +01:00
pennae
7e28421e17 nixos/kubernetes: make lib option internal and readonly 
this set almost certainly shouldn't be touched by users, nor listed in
the manual. make it internal and use it only through the option path to
make clear that this should not be modified.
 2021-12-29 20:12:02 +01:00
pennae
abef4b10b6 nixos/kubernetes: add missing defaultText to expression default 2021-12-29 19:57:55 +01:00
Yureka
407d75ae11 nixos/mautrix-telegram: run alembic only if available 2021-12-29 19:28:24 +01:00
Lyndon Sanche
c7008f8fdf
nixos/duplicati: Add dataDir to service 
Other services such as minecraft-server and plex allow configuration of
the dataDir option, allowing the files stored by each service to be in a
custom location.

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
 2021-12-29 08:35:41 -07:00
Julien Moutinho
0e5611e0be security/wrappers: remove C compiler from the nixos/security.wrappers AppArmor profile 2021-12-29 16:26:57 +01:00
github-actions[bot]
129083edcf
Merge master into staging-next 2021-12-29 06:01:11 +00:00
tomberek
94cb489156
Merge pull request #133984 from ju1m/sourcehut 
nixos/sourcehut: updates, fixes, hardening
 2021-12-28 22:29:36 -05:00
Julien Moutinho
42da4f78d8 nixos/sourcehut: add more tests 2021-12-28 22:18:45 -05:00
Julien Moutinho
e1549f5df9 nixos/sourcehut: fix links to gitsrht-update-hook 2021-12-28 22:18:44 -05:00
Julien Moutinho
ac2a39ac75 nixos/sourcehut: fix post-update-script 2021-12-28 22:18:44 -05:00
Julien Moutinho
96e103cfe3 nixos/sourcehut: fix OnCalendar 2021-12-28 22:18:44 -05:00
Julien Moutinho
0dc4ccc9a3 nixos/sourcehut: update test 2021-12-28 22:18:44 -05:00
Julien Moutinho
8ed7fd0f3a nixos/sourcehut: full rewrite, with fixes and hardening 2021-12-28 22:18:40 -05:00
Julien Moutinho
8b842173d0 nixos/make-options-doc: fix invalid ':' in XML NCName (non-colonized name) 2021-12-28 22:18:16 -05:00
Benoit de Chezelles
e040ff57a0 nixos/doc/rl-2205: Add note about reduced closure of python3.pkgs.matplotlib 2021-12-28 20:14:53 -05:00
Julien Moutinho
f7ff512d6d nixos/logrotate: rotate login/logout logs by default 2021-12-29 02:07:02 +01:00
Julien Moutinho
c2fd94a61c nixos/logrotate: enable multiple paths per entry 2021-12-28 21:23:46 +01:00
Alexandre Iooss
650945df31
nixos/minecraft-server: systemd unit hardening 
Does not set MemoryDenyWriteExecute as OpenJDK need to mark memory page as
executable. Does not set ProcSubset as /proc/cpuinfo and /proc/meminfo
are needed.
 2021-12-28 13:49:14 +01:00
github-actions[bot]
2e759d4fd0
Merge master into staging-next 2021-12-28 12:01:23 +00:00
José Romildo Malaquias
628e9125e9
Merge pull request #152344 from romildo/upd.qt5ct 
qt5ct: move to qt5-packages
 2021-12-28 07:33:37 -03:00
Martin Weinelt
6afaf36a3c
Merge branch 'master' into staging-next 2021-12-28 00:04:06 +01:00
Martin Weinelt
eb51af35ad
Merge pull request #152311 from arachnist/kea-fixes 2021-12-27 22:01:32 +01:00
matthewcroughan
473a571a8c nixos/tests/mtp: use QEMU v6.0.0 
A change in QEMU v6.1.0 has somehow caused QEMU to behave differently
enough to cause this test to fail. This commit forces the test to be ran
with QEMU 6.0.0 from Nixpkgs at revision
e1fc1a80a0, which is the commit prior to
the QEMU 6.1.0 version bump.

Co-authored-by: Julio Sueiras <juliosueiras@gmail.com>
 2021-12-27 19:45:34 +00:00
matthewcroughan
795ecaf851 nixos/tests/mtp: init 
Adds a fully fledged NixOS VM integration test which uses jmtpfs and
gvfs to test the functionality of MTP inside of NixOS. It uses USB
device emulation in QEMU to create MTP device(s) which can be tested
against.

Co-authored-by: nixinator <33lockdown33@protonmail.com>
 2021-12-27 19:45:33 +00:00
CRTified
24b8c37281 nixos/adguardhome: Add settings option 
This commit introduces `services.adguardhome.settings` and
`services.adguardhome.mutableSettings`.

The first option allows declarative configuration of
AdGuard Home, while the second one controls whether changes
made in the web interface are kept between service restarts.

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
 2021-12-27 20:03:52 +01:00
github-actions[bot]
8ce4686310
Merge master into staging-next 2021-12-27 18:01:11 +00:00
Nikolay Amiantov
a3e7a83514
Merge pull request #150774 from abbradar/docker-rootless 
Rootless Docker service
 2021-12-27 20:32:57 +03:00
Nikolay Amiantov
9027a59f7a influxdb2 service: don't use dynamic user 
It breaks something inside of influxdb2, which results in flurry of errors like these:

> ts=2021-12-21T18:19:35.513910Z lvl=info msg="Write failed" log_id=0YZYwvV0000 service=storage-engine service=write shard=50 error="[shard 50] unlinkat ./L1-00000055.tsi: read-only file system"

I believe this is somehow caused by a mount namespace that systemd creates for
the service, but I didn't investigate this deeper.
 2021-12-27 20:31:27 +03:00
Michele Guerini Rocco
3a7d97bff2
Merge pull request #139873 from rnhmjoj/dhcpd 
nixos/dhcpd: switch to DynamicUser
 2021-12-27 18:07:16 +01:00
Martin Weinelt
99e8065d4c
Merge pull request #147784 from m1cr0man/acme 2021-12-27 17:37:39 +01:00
José Romildo
44c1dfb32d qt5ct: move to qt5-packages 2021-12-27 11:03:07 -03:00
github-actions[bot]
ae39fad8d0
Merge master into staging-next 2021-12-27 12:08:21 +00:00
Philipp
aecc901b4b
nixos/hydra: Removing self as maintainer 2021-12-27 12:38:09 +01:00
Bobby Rong
c2b7c98814
Merge pull request #151678 from kouyk/thinkfan-typo 
thinkfan: fix typo in level
 2021-12-27 17:35:59 +08:00
github-actions[bot]
0a6981698e
Merge master into staging-next 2021-12-27 06:01:10 +00:00
Robert Gerus
6faa7ad3fc nixos/kea: fixes for the systemd units 
Fix a typo in the kea-dhcp-ddns-server unit definition, and add a
KEA_LOCKFILE_DIR environment variable without which kea daemons try to
access a lockfile under /var/run/kea path, which is prevented by
systemd's ProtectSystem (or one of the other Protect*) mechanism.
kea-dhcp-ddns-server doesn't react to updates from dhcp4 server at all
without it.
 2021-12-27 04:41:20 +01:00
Bernardo Meurer
f6d17af6b3
Merge pull request #152289 from lovesegfault/fix-mtp-udev-path 
nixos/gvfs: fix libmtp udev package path
 2021-12-27 02:27:53 +00:00
Artturi
3239e947d1
Merge pull request #151156 from Artturin/fsckonbat 2021-12-27 04:18:40 +02:00
Bobby Rong
2684d1a990
Merge pull request #148832 from r-ryantm/auto-update/autorestic 
autorestic: 1.3.0 -> 1.5.0
 2021-12-27 10:01:42 +08:00
Bernardo Meurer
2d7fc66c79
nixos/gvfs: fix libmtp udev package path 
As pointed out by @sigprof[1] my bump of libmtp silently broke this, as I
moved the udev files out of the bin output of the pkg.

[1]: https://github.com/NixOS/nixpkgs/pull/144290#discussion_r775266642
 2021-12-26 20:05:14 -03:00
Lucas Savva
46cd06eb9d
nixos/acme: Add test for caddy 
This test is technically broken since reloading caddy
does not seem to load new certs. This needs to be fixed
in caddy.
 2021-12-26 21:12:40 +00:00
Lucas Savva
65f1b8c6ae
nixos/acme: Add test for lego's built-in web server 
In the process I also found that the CapabilityBoundingSet
was restricting the service from listening on port 80, and
the AmbientCapabilities was ineffective. Fixed appropriately.
 2021-12-26 16:49:59 +00:00
Silvan Mosberger
2dcc3daadf
nixos/acme: Clean up default handling 2021-12-26 16:49:58 +00:00
Lucas Savva
41fb8d71ab
nixos/acme: Add useRoot option 2021-12-26 16:49:57 +00:00
Lucas Savva
8d01b0862d
nixos/acme: Update documentation 
- Added defaultText for all inheritable options.
- Add docs on using new defaults option to configure
  DNS validation for all domains.
- Update DNS docs to show using a service to configure
  rfc2136 instead of manual steps.
 2021-12-26 16:49:55 +00:00
Lucas Savva
07c1583309
nixos/acme: Update release notes 2021-12-26 16:49:52 +00:00
Lucas Savva
377c6bcefc
nixos/acme: Add defaults and inheritDefaults option 
Allows configuring many default settings for certificates,
all of which can still be overridden on a per-cert basis.
Some options have been moved into .defaults from security.acme,
namely email, server, validMinDays and renewInterval. These
changes will not break existing configurations thanks to
mkChangedOptionModule.

With this, it is also now possible to configure DNS-01 with
web servers whose virtualHosts utilise enableACME. The only
requirement is you set `acmeRoot = null` for each vhost.

The test suite has been revamped to cover these additions
and also to generally make it easier to maintain. Test config
for apache and nginx has been fully standardised, and it
is now much easier to add a new web server if it follows
the same configuration patterns as those two. I have also
optimised the use of switch-to-configuration which should
speed up testing.
 2021-12-26 16:44:10 +00:00
Lucas Savva
a7f0001328
nixos/acme: Check for revoked certificates 
Closes #129838

It is possible for the CA to revoke a cert that has not yet
expired. We must run lego to validate this before expiration,
but we must still ignore failures on unexpired certs to retain
compatibility with #85794

Also changed domainHash logic such that a renewal will only
be attempted at all if domains are unchanged, and do a full
run otherwises. Resolves #147540 but will be partially
reverted when go-acme/lego#1532 is resolved + available.
 2021-12-26 16:44:09 +00:00
Lucas Savva
87403a0b07
nixos/acme: Add a human readable error on run failure 
Closes NixOS/nixpkgs#108237

When a user first adds an ACME cert to their configuration,
it's likely to fail to renew due to DNS misconfig. This is
non-fatal for other services since selfsigned certs are
(usually) put in place to let dependant services start.
Tell the user about this in the logs, and exit 2 for
differentiation purposes.
 2021-12-26 16:44:08 +00:00
Lucas Savva
a88d846b91
nixos/acme: Remove selfsignedDeps from finished targets 
selfsignedDeps is already appended to the after and wants
of a cert's renewal service, making these redundant.

You can see this if you run the following command:
systemctl list-dependencies --all --reverse acme-selfsigned-mydomain.com.service
 2021-12-26 16:44:07 +00:00
github-actions[bot]
10263fd59e
Merge master into staging-next 2021-12-26 00:01:55 +00:00
Dmitry Kalinkin
2ddda43924
Merge branch 'staging' into staging-next 
Conflicts:
	pkgs/os-specific/linux/kernel/common-config.nix
 2021-12-25 17:16:26 -05:00
Aaron Andersen
9ec14cd78d
Merge pull request #151255 from aanderse/nixos/mysql-cleanup 
nixos/mysql: module cleanup
 2021-12-25 17:04:35 -05:00
Aaron Andersen
baa0e61569
Merge pull request #147973 from aanderse/nixos/caddy 
nixos/caddy: introduce several new options
 2021-12-25 17:01:54 -05:00
Lassulus
028f8c7625
Merge pull request #151482 from jbpratt/kubevirt 
virtualisation: implement kubevirt config
 2021-12-25 22:05:00 +01:00
Bobby Rong
8bc21bca03
nixos/rl-2205: mention autorestic update 2021-12-25 20:18:09 +08:00
Emery Hemingway
02cb654a4d nixos/stubby: reduce to a settings-style configuration 
Extract the example configuration from the package to provide a
working example.

Remove pkgs.stubby from `environment.systemPackages`.
 2021-12-25 12:07:06 +01:00
7c6f434c
b0f154fd44
Merge pull request #147027 from Izorkin/update-nginx-ktls 
nginxMainline: enable ktls support
 2021-12-24 10:23:17 +00:00
Maximilian Bosch
3d91acc39a
Merge pull request #151481 from Ma27/privacyidea-uwsgi-buffer-size 
nixos/privacyidea: increase buffer-size of uwsgi from 4096 to 8192
 2021-12-24 10:21:24 +01:00
Jonathan Ringer
182e07f0d9
Merge remote-tracking branch 'origin/staging-next' into staging 
Conflicts:
	pkgs/development/libraries/webkitgtk/default.nix
	pkgs/development/python-modules/pylast/default.nix
	pkgs/development/python-modules/pymavlink/default.nix
 2021-12-23 10:16:42 -08:00
Bobby Rong
7378b39d1d
Merge pull request #149704 from squalus/nginx-prometheus-exporter-fix 
nixos/prometheus-nginx-exporter: fix argument syntax
 2021-12-23 10:27:16 +08:00
Guillaume Girol
d96a3994cc nixos/collectd: validate config file syntax at build time 2021-12-23 00:08:43 +01:00
Guillaume Girol
b55a253e15 nixos/collectd: add nixos test 2021-12-23 00:08:43 +01:00
Aaron Andersen
d621ad09a8 nixos/mysql: minor cleanup and formatting 2021-12-22 08:57:18 -05:00
Aaron Andersen
a96f6ef187 nixos/mysql: remove services.mysql.bind and services.mysql.port in favor of services.mysql.settings 2021-12-22 08:57:14 -05:00
Nikolay Amiantov
ab64310a5e docker-rootless service: init 2021-12-22 14:23:23 +03:00
Florian Klink
60e571fa40
Merge pull request #150922 from ncfavier/systemd-tzdir 
nixos/systemd: set TZDIR for PID 1
 2021-12-22 11:52:27 +01:00
rembo10
3898a66cc4 Update nixos-rebuild man page to reflect target-host change 
See:
https://github.com/NixOS/nixpkgs/pull/126614
 2021-12-22 00:56:19 -08:00
Steven Kou
73050d70fc
thinkfan: fix typo in level 
One of the valid values for the fan speed is "level disengaged",
however, it is represented as "level disengage" and does not match
what thinkfan expects.
 2021-12-22 04:00:19 +08:00
Allen Short
9e47e60971 amdgpu-pro: 17.40 -> 21.30 2021-12-21 11:17:34 -04:00
David McFarland
2f846e69c4 nixos/xserver: set correct LD_LIBRARY_PATH for opengl driver 
This got broken by 370d3af0c4.  Previously
it was setting /run/opengl-driver/lib.  `driverLink` is missing the
/lib.
 2021-12-21 10:56:12 -04:00
jbpratt
e96e5ddd1f virtualisation: implement kubevirt config 
KubeVirt[1] allows for VMs to be run and managed as pods inside of
Kubernetes clusters. Information about the guests can be exposed through
qemu-guest-agent[2] as well as startup scripts can be injected through
cloud-init[3].

This config has been duplicated and modified from the `cloudstack`
config/script.

To test this out, deploy KubeVirt locally with KinD[4], build the disk
image, then package it into a container image (or upload to CDI[5]) and
provision a VirtualMachine.

[1]: https://kubevirt.io/user-guide/
[2]: https://kubevirt.io/user-guide/virtual_machines/guest_agent_information/
[3]: https://kubevirt.io/user-guide/virtual_machines/startup_scripts/#cloud-init-examples
[4]: https://kubevirt.io/quickstart_kind/
[5]: https://kubevirt.io/user-guide/operations/containerized_data_importer/#containerized-data-importer

Signed-off-by: jbpratt <jbpratt78@gmail.com>
 2021-12-21 05:52:16 -06:00
Elis Hirwing
e3a7c62565
Merge pull request #147411 from drupol/php/php-8.1.0 
php: Init at 8.1.1
 2021-12-21 12:33:07 +01:00
Aaron Andersen
81a67a3353 nixos/caddy: introduce several new options 2021-12-20 20:00:42 -05:00
Maximilian Bosch
8f9f754271
nixos/privacyidea: increase buffer-size of uwsgi from 4096 to 8192 
When accessing the Audit log, I get an HTTP 502 when the frontend
requests `/audit` and I get the following error in my `nginx`-log:

    Dec 20 22:12:48 ldap nginx[336]: 2021/12/20 22:12:48 [error] 336#336: *8421 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 10.237.0.1, server: _, request: "GET /audit/?action=**&action_detail=**&administrator=**&client=**&date=**&duration=**&info=**&page=1&page_size=10&policies=**&privacyidea_server=**&realm=**&resolver=**&serial=**&sortorder=desc&startdate=**&success=**&tokentype=**&user=** HTTP/1.1", upstream: "uwsgi://unix:/run/privacyidea/socket:", host: "ldap.ist.nicht-so.sexy", referrer: "https://ldap.ist.nicht-so.sexy/"

This is because of an "invalid request block size"-error according to
`journalctl -u privacyidea.service`:

    Dec 20 22:12:48 ldap uwsgi[10721]: invalid request block size: 4245 (max 4096)...skip

Increasing the buffer to 8192 fixes the problem for me.
 2021-12-21 00:51:45 +01:00
Graham Christensen
3907d19260 services.prometheus.exporters.fastly: add a smoke test 2021-12-20 10:57:31 -05:00
Graham Christensen
1753f97e13 services.prometheus.exporters.fastly: fixup broken module config 2021-12-20 10:29:13 -05:00
Pol Dellaiera
3d3479f717
php81: init at 8.1.1 2021-12-20 15:51:00 +01:00
Franz Pletz
d5b0e12d9b
Merge pull request #147516 from pennae/dhcpcd 
dhcpcd: 8.1.4 -> 9.4.1, module updates, enable privsep
 2021-12-20 14:44:58 +01:00
pennae
971adf24eb nixos/dhcpcd: set RuntimeDirectory 2021-12-20 10:53:13 +01:00
Bob van der Linden
f085d82ce0
make all daemon settings default 2021-12-19 14:17:04 +01:00
Bob van der Linden
6bbf3b6e0a
remove quotes for kebab-case settings 2021-12-19 14:17:04 +01:00
Bob van der Linden
92a23655c8
move cli options to json daemon settings 2021-12-19 14:17:04 +01:00
Bob van der Linden
e8dae9246b
use pkgs.formats.json 2021-12-19 14:17:04 +01:00
Bob van der Linden
c1b0d4acf5
rename daemonConfig -> daemon.settings 2021-12-19 14:16:58 +01:00
Bob van der Linden
142a1540d6
nixos/docker: add daemonConfig option 
Adds the virtualisation.docker.daemonConfig option that allows
changing Docker daemon settings as done in daemon.conf.
 2021-12-19 14:15:18 +01:00
Aaron Andersen
76457da532 nixos/mysql: remove services.mysql.extraOptions in favor of services.mysql.settings 2021-12-18 21:01:48 -05:00
Aaron Andersen
f1d1d319ae nixos/mysql: update user and group descriptions 2021-12-18 21:01:48 -05:00
Aaron Andersen
c7cac1bdc0 nixos/mysql: use systemd StateDirectory to provision the data directory 2021-12-18 21:01:42 -05:00
github-actions[bot]
916b5fb667
Merge staging-next into staging 2021-12-19 00:02:22 +00:00
Andrew Marshall
f10aea2434 nixos/ssh: Add enableAskPassword 
Previously, this was only implicitly enabled if xserver.enable = true.
However, Wayland-based desktops do not require this, and so configuring
SSH_ASKPASS on a Wayland desktop becomes cumbersome. This simplifies
that by adding a new option that defaults to the old conditional.
 2021-12-18 12:13:02 -05:00
github-actions[bot]
dd2f8bc91d
Merge staging-next into staging 2021-12-18 12:01:49 +00:00
0x4A6F
0b738b87db
Merge pull request #151145 from zhaofengli/unifi5-log4j-new-mitigation 
unifi5: Follow new mitigation guidelines
 2021-12-18 13:00:28 +01:00
Robert Hensing
058677c417
Merge pull request #151150 from agbrooks/oci-layer-order 
dockerTools.buildImage: Fix incorrect layer unpack order before executing runAsRoot script
 2021-12-18 11:03:03 +01:00
Zhaofeng Li
8bbae8e558 unifi: Add NixOS tests 2021-12-18 00:19:04 -08:00
github-actions[bot]
8d45187fd8
Merge staging-next into staging 2021-12-18 06:01:57 +00:00
Bobby Rong
c9ec5a228d
Merge pull request #151153 from bobby285271/pantheon 
Pantheon updates 2021-12-17
 2021-12-18 14:01:54 +08:00
Artturin
c44f95a855 nixos/stage1: run fsck on battery too 
We are in 2021 almost 2022 not in 2004 when this may have been an issue!

https://alioth-lists.debian.net/pipermail/pkg-sysvinit-devel/2009-May/003196.html
https://www.nico.schottelius.org/blog/debian-ubuntu-fsck-skip-on-battery-bug/
d29daf3952
https://bugs.launchpad.net/ubuntu/+source/laptop-mode/+bug/11194
 2021-12-18 06:06:10 +02:00
Bobby Rong
62103c4e41
pantheon.xdg-desktop-portal-pantheon: move to pkgs/desktop/pantheon 
Only used by Pantheon AFAIK.
 2021-12-18 11:35:55 +08:00
Aaron Andersen
eeef6e1341
Merge pull request #151144 from Sohalt/spacenavd-syslog 
nixos/spacenavd: remove syslog.target
 2021-12-17 21:47:23 -05:00
Andrew Brooks
57718902e3 nixos/tests/docker-tools: add test for pre-runAsRoot layer unpack order 2021-12-17 19:26:53 -06:00
github-actions[bot]
d1e6365b21
Merge staging-next into staging 2021-12-18 00:02:05 +00:00
sohalt
9718fc1211 nixos/spacenavd: remove syslog.target 2021-12-18 00:59:48 +01:00
Zhaofeng Li
a4bcad541e unifi5: Follow new mitigation guidelines 
Simply disabling lookups isn't enough, and the JndiLookup class must be
removed:

https://web.archive.org/web/20211217085954/https://logging.apache.org/log4j/2.x/security.html
 2021-12-17 15:55:13 -08:00
pennae
64bbe28843 nixos/unifi: rename openPorts to openFirewall 
openFirewall is the much more common name for an option with this
effect. since the default was `true` all along, renaming it doesn't hurt
much and only improves consistency with other modules.
 2021-12-17 21:30:52 +01:00
pennae
2000a1edcd nixos/unifi: add deprecation warning for openPorts 
modules are discouraged from opening ports in the firewall unless
explicitly told to do so. add a deprecation notice for this in unifi.
 2021-12-17 21:30:52 +01:00
ajs124
e6188c00f0
Merge pull request #149387 from sumnerevans/matrix-synapse-1.49 
matrix-synapse: 1.48.0 -> 1.49.0
 2021-12-17 19:51:34 +00:00
Franz Pletz
0cb8669638
dhcpcd: use dhcpcd as privsep user 2021-12-17 19:23:00 +01:00
github-actions[bot]
3fa6ddfa60
Merge staging-next into staging 2021-12-17 18:01:42 +00:00
Graham Christensen
06edb74413
Merge pull request #148785 from pennae/more-option-doc-staticizing 
treewide: more defaultText for options
 2021-12-17 11:14:08 -05:00
github-actions[bot]
a6adcc1edf
Merge staging-next into staging 2021-12-17 12:02:12 +00:00
Flakebi
368b22d09b powerdns-admin: fix and add module 
- Add the migrations directory to the package
- Add postgres support to the package
- Add a service for powerdns-admin

Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>
 2021-12-17 10:33:40 +01:00
Bobby Rong
94144484c2
Merge pull request #148164 from veehaitch/nixos-github-runner-148024-v2 
nixos/github-runner: refactor tokens handling
 2021-12-17 16:28:21 +08:00
Alyssa Ross
e07182012b
Merge remote-tracking branch 'nixpkgs/staging-next' into staging 
Conflicts:
	pkgs/development/python-modules/pint/default.nix
 2021-12-17 05:50:06 +00:00
Alyssa Ross
de27156be0 nixos/cage: log to journal 
Previously, cage would log to the TTY it was running on top of, so log
messages were basically lost.
 2021-12-16 23:55:15 +00:00
Nikolay Amiantov
fe97584f15
Merge pull request #147679 from danderson/danderson/influx-update 
influxdb2: 2.0.8 -> 2.1.1
 2021-12-17 02:41:41 +03:00
Martin Weinelt
8086f8658e
Merge pull request #151029 from andir/snapcast-bind 2021-12-16 23:52:05 +01:00
Andreas Rammhold
c9c93b0add
nixos/snapserver: use the correct bind address arguments 
Snapserver expects the arguments `--tcp.bind_to_address` and
`--http.bind_to_address` instead of the `--tcp.address` (and http
equivalent) versions.

This caused the process to listen on `0.0.0.0` (for TCP and HTTP
sockets) regardless of the configuration value. It also never listend on
the IPv6 address `::` as our module system made the user believe.

This commit fixes the above issue and ensures that (at least for the TCP
socket) that our default `::` does indeed allow connections via IPv6
(to localhost aka ::1).
 2021-12-16 23:27:56 +01:00
David Anderson
7708b9db26 infuxdb2: add package split to 22.05 release notes. 2021-12-16 12:17:20 -08:00
David Anderson
492f791f9d influxdb2: use the new server derivation in the nixos module. 2021-12-16 12:10:09 -08:00
Kim Lindberger
ebaa226853
elk7: 7.11.1 -> 7.16.1, 6.8.3 -> 6.8.21 + add filebeat module and tests (#150879) 
* elk7: 7.11.1 -> 7.16.1

* nixosTests.elk: Improve reliability and compatibility with ELK 7.x

- Use comparisons in jq instead of grepping
- Match for `.hits.total.value` if version >= 7, otherwise it always
  passes
- Make curl fail if requests fails

* nixos/filebeat: Add initial module and test

Filebeat is an open source file harvester, mostly used to fetch logs
files and feed them into logstash.

This module can be used instead of journalbeat if used with
`filebeat7` and configured with the `journald` input.

* python3Packages.parsedmarc.tests: Fix breakage

- Don't use the deprecated elasticsearch7-oss package
- Improve jq query robustness and add tracing

* rl-2205: Note the addition of the filebeat service

* elk6: 6.8.3 -> 6.8.21

The latest version includes a fix for CVE-2021-44228.

* nixos/journalbeat: Add a loose dependency on elasticsearch

Avoid unnecssary back-off when elasticsearch is running on the same
host.
 2021-12-17 00:20:52 +09:00
Nikolay Amiantov
759f4afc65
tarsnap service: fix escaping (#150802) 2021-12-16 16:53:59 +03:00
zowoq
014236e9c9 nixos/kubernetes: don't import <nixpkgs> 2021-12-16 21:47:12 +10:00
Naïm Favier
901d4f13a3
nixos/systemd: set TZDIR for PID 1 
Fixes #105049
 2021-12-16 04:09:07 +01:00
github-actions[bot]
3e2d1c1e65
Merge staging-next into staging 2021-12-15 18:01:52 +00:00
Nikolay Amiantov
aef12c8678
Merge pull request #150779 from abbradar/youtrack 
youtrack: 2021.1.13597 -> 2021.4.35970, restart on failure
 2021-12-15 16:04:58 +03:00
github-actions[bot]
5c3e01fe1c
Merge staging-next into staging 2021-12-15 12:02:07 +00:00
Markus S. Wamser
b93e478777 writers.PyPy{2,3}: init 2021-12-15 10:01:08 +01:00
Markus S. Wamser
4e42f6bcb3 writers.writePython2: remove 2021-12-15 09:56:14 +01:00
Nikolay Amiantov
497d334c14 youtrack service: restart on failure 2021-12-15 01:40:00 +03:00
Sumner Evans
c0a6554847
matrix-synapse: 1.48.0 -> 1.49.0 2021-12-14 10:34:41 -07:00
github-actions[bot]
a292b5fe68
Merge staging-next into staging 2021-12-14 12:02:00 +00:00
Silvan Mosberger
d995f2abb9
Merge pull request #150631 from pennae/fix-option-docs-nix23 
nixos/lib/make-options-doc: fix with nix 2.3
 2021-12-14 11:58:41 +01:00
ajs124
84ce6a6286
Merge pull request #149868 from lostnet/couchopts 
couchdb3: add vm.args option and fix pkgs.couchdb reference
 2021-12-14 10:48:56 +00:00
Bobby Rong
bbfbcefb02
Merge pull request #149628 from Izorkin/fix-wsdd 
nixos/tests/wsdd: fix test
 2021-12-14 14:58:40 +08:00
github-actions[bot]
b073a17f68
Merge staging-next into staging 2021-12-14 06:02:02 +00:00
pennae
a70b1eb630 nixos/lib/make-options-doc: fix with nix 2.3 2021-12-14 03:41:09 +01:00
zowoq
d90103d112 Revert "kubernetes: disable rbac tests" 
This reverts commit 91c6a97243.
 2021-12-14 11:02:36 +10:00
Johan Thomsen
282b303e83 nixos/kubernetes: drop tty and stdin for execs in test pods 2021-12-14 11:02:07 +10:00
github-actions[bot]
75e029e297
Merge staging-next into staging 2021-12-14 00:02:27 +00:00
Julien Moutinho
5cf90a60e5 nixos/redis: cleanup tests 2021-12-13 14:42:19 -05:00
Julien Moutinho
7475554372 nixos/redis: enable multiple instances of redis-server 2021-12-13 14:42:19 -05:00
Bernardo Meurer
f40283cf62
Merge pull request #149837 from helsinki-systems/feat/redo-activation-script-restarting 
nixos/switch-to-configuration: Add a massive test and do a slight refactor
 2021-12-13 11:37:20 -08:00
github-actions[bot]
1a2b61419f
Merge staging-next into staging 2021-12-13 18:01:54 +00:00
Maximilian Bosch
bedca751c5
Merge pull request #150527 from malte-christian/master 
nixos/nextcloud: update warning for MariaDB >= 10.6
 2021-12-13 15:21:16 +01:00
Jörg Thalheim
afa3c99cd5
Merge pull request #148593 from veehaitch/sgx-psw 
sgx-psw: init package and module
 2021-12-13 14:16:26 +00:00
Malte
7c43256291 nixos/nextcloud: update warning for MariaDB >= 10.6 2021-12-13 13:25:21 +01:00
github-actions[bot]
f73f987c8a
Merge staging-next into staging 2021-12-12 18:01:48 +00:00
maralorn
b243326a02
Merge pull request #149013 from Ma27/postgres-docs 
nixos/postgresql: improve docs on how to upgrade
 2021-12-12 15:55:37 +01:00
Martin Weinelt
37527494b6
Merge pull request #150329 from zhaofengli/unifi-6.5.54 2021-12-12 14:10:10 +01:00
github-actions[bot]
a1f533ecf6
Merge staging-next into staging 2021-12-12 12:01:57 +00:00
markuskowa
5d99afe652
Merge pull request #150311 from bachp/glusterfs-syslog-target 
nixos/glusterfs: remove syslog.target from services
 2021-12-12 12:42:53 +01:00
zowoq
91c6a97243 kubernetes: disable rbac tests 
timed out on hydra
 2021-12-12 19:56:19 +10:00
Zhaofeng Li
e992604bf0 nixos/unifi: Apply log4j2 mitigation 2021-12-12 01:48:58 -08:00
github-actions[bot]
1120c2b1ac
Merge staging-next into staging 2021-12-12 06:01:43 +00:00
Bobby Rong
ebb5bd223c
Merge pull request #150372 from bobby285271/pantheon 
pantheon.appcenter: re-add patch for disable packagekit backend
 2021-12-12 13:30:53 +08:00
Bobby Rong
c65f6852e4
Revert "nixos/pantheon: mention latest appcenter changes in manual" 
This reverts commit d49d9a24b7.
 2021-12-12 12:45:31 +08:00
Bobby Rong
1eef9ae2d1
Revert "nixos/pantheon: cleanup FAQ section" 
This reverts commit cd58f44937.
 2021-12-12 12:45:10 +08:00
github-actions[bot]
caebe15ce1
Merge staging-next into staging 2021-12-12 00:02:28 +00:00
Pascal Bach
51e80b4ded
Merge pull request #149723 from pingiun/patch-5 
eternal-terminal: remove syslog.target from service
 2021-12-11 22:45:22 +01:00
Pascal Bach
98a81a3152
Merge pull request #149733 from lunik1/adguard-syslog 
nixos/adguardhome: remove syslog.target from service
 2021-12-11 22:45:08 +01:00
Pascal Bach
e6217908a3 nixos/glusterfs: remove syslog.target from services 2021-12-11 22:43:02 +01:00
Martin Weinelt
e675946ecd
Merge pull request #125256 from deviant/acme-standalone 2021-12-11 22:06:48 +01:00
Guillaume Girol
57f7f3a87b
Merge pull request #148696 from MasseR/master 
Fix the syntax error on tt-rss config file
 2021-12-11 20:57:15 +00:00
spacefrogg
fe44db8271
openafsServer: remove dependency on syslog.target (#150294) 
syslog.target has been deprecated and removed
 2021-12-11 14:46:23 -05:00
erdnaxe
cf504b2330
nixos/nitter: remove syslog.target from service (#150224) 2021-12-11 14:45:54 -05:00
Dmitry Kalinkin
462d8e1bec
Merge pull request #150200 from sbruder/invidious-remove-syslog 
nixos/invidious: remove syslog.target from service
 2021-12-11 14:45:38 -05:00
Dmitry Kalinkin
07a8ae0c5a
Merge branch 'staging-next' into staging 
Conflicts:
	pkgs/development/libraries/log4cplus/default.nix
 2021-12-11 14:01:19 -05:00
Ryan Mulligan
c84ba61d73
Merge pull request #149860 from 1000teslas/xrdp-conf 
nixos/xrdp: add confDir option
 2021-12-11 10:45:53 -08:00
Maximilian Bosch
2deb8c0fc5
nixos/postgresql: improve docs on how to upgrade 
* It's IMHO a slight overkill to deploy an additional container even if
  it's never supposed to be running. Also, the currently suggested
  approach wouldn't use the default state-directory for the new version.
* Explain the structure of the state-directories and where the
  version-numbers are actually coming from.
* Mention `./analyze_new_cluster.sh` & `./delete_old_cluster.sh`.
 2021-12-11 18:22:31 +01:00
Mats Rauhala
0eaecd60cb tt-rss-module handle situations without any password 2021-12-11 15:02:27 +02:00
Mats Rauhala
de16da59f2 Fix the syntax error on tt-rss config file 2021-12-11 15:02:27 +02:00
Simon Bruder
35ed694793
nixos/invidious: remove syslog.target from service 
It has been removed from systemd, see #149721.
 2021-12-11 08:28:20 +01:00
Jacek Galowicz
b6bf1ca717
Merge pull request #149329 from marijanp/test-driver-restructuring 
nixos/test-driver: make the test-driver a python package
 2021-12-10 18:41:49 +00:00
Stig
8f21565901
Merge pull request #121085 from colemickens/gpg-ccid-udev 
nixos/hardware/gnupg-ccid: init udev rules
 2021-12-10 14:22:06 +01:00
Marijan Petričević
ab693de868 nixos/test-driver: make the test-driver a python package 2021-12-10 12:27:45 +00:00
Silvan Mosberger
2f2b60dd87 lib/nixos/eval-config.nix: Fix extraArgs 
Fixes a mistake in https://github.com/NixOS/nixpkgs/pull/148315 that
caused https://github.com/NixOS/nixpkgs/issues/148343#issuecomment-990881216
 2021-12-10 12:55:30 +01:00
Jörg Thalheim
096156aa50
Merge pull request #150003 from evils/rasdaemon 
nixos/rasdaemon: remove syslog.target dependency
 2021-12-10 11:31:21 +00:00
Mikael
4c39a29128
modules/nix-daemon: Amend daemon(CPU|IO)Sched(Policy|Class) description (#147497) 
Suggest appropriate values for various types of systems and add some
formatting.
 2021-12-10 11:30:51 +01:00
Lara
c2b79874a7
nixos/jitsi-videobridge: Mitigate CVE-2021-44228 (#150021) 
This commit mitigates a remote code execution vulnerability in the log4j
library.
 2021-12-10 11:16:20 +01:00
Vincent Haupert
d6cc0ad96e nixosTests.aesmd: init 2021-12-10 10:18:31 +01:00
Vincent Haupert
0b5c9f81e2 nixos/aesmd: add module 
Co-authored-by: Alex Zero <joseph@marsden.space>
 2021-12-10 10:18:31 +01:00
Vincent Haupert
ac60e78b48 nixos/intel-sgx: add option for SGX provisioning 2021-12-10 10:09:41 +01:00
0x4A6F
c28b4458d7
Merge pull request #147797 from romildo/upd.xfce 
maintainers: add xfce team
 2021-12-10 09:23:20 +01:00
Evils
b22f50135c nixos/rasdaemon: remove syslog.target dependency 
this was copied from upstream's unit file
but only used when the daemon runs in background mode
  --foreground is used unconditionally in this module
 2021-12-10 08:18:05 +01:00
Graham Christensen
6617c39075
Merge pull request #149936 from Artturin/virtiokb 
nixos/qemu-vm: add -device virtio-keyboard to opts
 2021-12-09 21:01:51 -05:00
Artturin
39c5525cb1 nixos/qemu-vm: add -device virtio-keyboard to opts 
by default a ps/2 keyboard input is used which seems to cause issues
on aarch64-linux when the machine is used high load, causing the keymap
qwertz test to always fail and azerty to sometimes fail
See https://github.com/NixOS/nixpkgs/issues/147294
 2021-12-10 01:04:33 +02:00
Kevin Tran
1906561f8d
Update nixos/modules/services/networking/xrdp.nix 
Co-authored-by: Ryan Mulligan <ryan@ryantm.com>
 2021-12-10 09:08:45 +11:00