nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-29 18:33:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
398,704 Commits 258 Branches 124 Tags 5.6 GiB
14c47e30b8
Commit Graph

22041 Commits

Author SHA1 Message Date
github-actions[bot]
b38a1818bc
Merge staging-next into staging 2022-07-23 12:02:12 +00:00
github-actions[bot]
6629a2339e
Merge master into staging-next 2022-07-23 12:01:31 +00:00
Bjørn Forsman
65399c4742 nixos/syncthing: don't leak the secret API key in process listings 2022-07-23 13:59:11 +02:00
Bjørn Forsman
16108ff74a nixos/jenkins-job-builder: set serviceConfig.Type = "oneshot" 
This change allows detecting configuration errors during
switch-to-configuration instead of them being reported asynchronously
*after* switch-to-configuration has exited.

(And update the NixOS test accordingly.)
 2022-07-23 13:30:53 +02:00
Nick Cao
f1a08f54f0
nixos/mautrix-telegram: add lottieconverter to path 2022-07-23 16:43:39 +08:00
Bernardo Meurer
836af9c15e nixos/hqplayerd: allow GPU acceleration 2022-07-22 21:21:46 -07:00
Bernardo Meurer
d66f766cac nixos/roon-server: fix openFirewall 2022-07-22 21:20:50 -07:00
Dan Callaghan
133ebbe46a
nixos/sssd: add an option to enable KCM support 2022-07-23 10:14:09 +10:00
github-actions[bot]
b4832bac52
Merge staging-next into staging 2022-07-22 15:34:59 +00:00
Artturin
6789222b1c Merge branch 'master' into staging-next 2022-07-22 18:23:16 +03:00
Jörg Thalheim
8807057296 nixos/openldap: drop myself as maintainer 2022-07-22 16:54:13 +02:00
Sandro
8455ba6d64
Merge pull request #181258 from SuperSandro2000/onlyoffice 2022-07-22 16:28:13 +02:00
Martin Weinelt
b5e4c14806 Merge remote-tracking branch 'origin/master' into staging-next 2022-07-22 14:56:01 +02:00
pennae
e4d4b3cd64
Merge pull request #182441 from leungbk/lemmy-whitespace 
services/web-apps/lemmy.nix: Remove space that causes a type error
 2022-07-22 14:30:23 +02:00
Maximilian Bosch
200ce70e63
Merge pull request #180603 from m-bdf/substitute-nix-instantiate 
nixos-generate-config: substitute nix-instantiate
 2022-07-22 14:22:52 +02:00
Maximilian Bosch
779853b52b
Merge pull request #182413 from NetaliDev/pam-mount-fix-refactor 
nixos/pam: refactor pam_mount unmounting fix
 2022-07-22 14:05:44 +02:00
github-actions[bot]
dec2508b80
Merge staging-next into staging 2022-07-22 12:02:21 +00:00
github-actions[bot]
a3ba713cd4
Merge master into staging-next 2022-07-22 12:01:35 +00:00
Maximilian Bosch
ee2413c326
nixos/crowd: store openid password securely 2022-07-22 13:13:12 +02:00
Maximilian Bosch
1f6910b7dd
Merge pull request #182267 from mayflower/confluence-secrets 
nixos/confluence: store crowd SSO password securely
 2022-07-22 13:12:17 +02:00
Maximilian Bosch
85231bbd6e
Merge pull request #182261 from mayflower/mailman-rest-api-pass-file 
nixos/mailman: don't leak MAILMAN_REST_API_PASS into the store
 2022-07-22 13:11:37 +02:00
Ilan Joselevich
d0617a58e2
services/web-apps/lemmy.nix: Remove space that causes a type error 2022-07-22 01:19:28 -07:00
Florian Klink
ad29dc19c1
Merge pull request #182436 from K900/systemd-initrd-fixes 
nixos/systemd: make sure all the device nodes are created in stage1
 2022-07-22 15:06:59 +07:00
Florian Klink
7c119675a3
Merge pull request #179002 from klemensn/move-passwdEntry-type 
move passwdEntry type
 2022-07-22 14:16:57 +07:00
K900
c9183d3738 nixos/systemd: make sure all the device nodes are created in stage1 
The ConditionFileNotEmpty override patch wasn't correct for stage1, which
does have the modules in /lib. So, remove the patch and set
the right path with overrides in the final system.

Also, make sure systemd-tmpfiles-setup-dev is pulled in to create
all the necessary symlinks.
 2022-07-22 10:01:21 +03:00
Netali
93132dc09c
nixos/pam: refactor pam_mount unmounting fix 2022-07-22 04:17:14 +02:00
github-actions[bot]
df9f22a8b8
Merge staging-next into staging 2022-07-22 00:03:25 +00:00
github-actions[bot]
d44e369b44
Merge master into staging-next 2022-07-22 00:02:40 +00:00
Martin Weinelt
457d109dcd
Merge pull request #179597 from Mic92/openldap-path 
[staging] openldap: remove deprecated options, improve encapsulation
 2022-07-22 00:26:32 +02:00
Stig Palmquist
d07f3037e2
nixos/security/pam: fix u2f options leakage 
Fix bug where pam_u2f options would be partially included in other pam.d
files if the module was enable for specific services, resulting in
broken configuration.
 2022-07-21 23:14:09 +02:00
Sandro
98b4daa994
Merge pull request #181881 from SuperSandro2000/searx 2022-07-21 22:39:48 +02:00
Sandro
f7f8721b1e
Merge pull request #162689 from astro/glusterfs 
nixos/glusterfs: exclude hook "S10selinux-label-brick.sh"
 2022-07-21 22:15:00 +02:00
Lassulus
bcd7e09db0
Merge pull request #182204 from helsinki-systems/upd/vdo 
(k)vdo: 8.1.1.360 -> 8.2.0.2
 2022-07-21 21:46:27 +02:00
Sofi
e2b34f0f11
nixos/minecraft-server: let server shutdown cleanly (#182149) 2022-07-21 15:05:43 -04:00
github-actions[bot]
a92f7ed60a
Merge staging-next into staging 2022-07-21 18:02:00 +00:00
talyz
ddf8182d5b
sshd: Don't remove symlinks to host key files 
If a host key file is a symlink pointing to an as of yet non-existent
file, we don't want to remove it, but instead follow the symlink and
create the file at that location.

See https://github.com/nix-community/impermanence/issues/101 for more
information on the issue the original behavior creates.
 2022-07-21 19:15:04 +02:00
Timothy DeHerrera
e8c3d13d00
Merge pull request #181674 from nrdxp/nvidia-udev 
nvidia: improve robustness of udev rules
 2022-07-21 09:00:47 -07:00
Vincent Haupert
539b61ea37 nixos/github-runner: fix capset syscall filtering 
capset(2) is a single system call, not a set of multiple system calls.
 2022-07-21 16:08:15 +02:00
Robert Hensing
9aa588ecc3 nixos/documentation: Add unit test 2022-07-21 15:32:10 +02:00
Robert Hensing
ec3e1c6a3a nixos/documentation: Remove systemd/initrd dependency 
Working towards a unit-testable documentation module.
 2022-07-21 15:32:10 +02:00
Robert Hensing
08e6f45747 nixos: Declare module dependencies 
Working towards a unit-testable documentation module.
 2022-07-21 15:32:10 +02:00
Robert Hensing
5a98c63077 nixos: Move getty helpLine definition to getty module 
Working towards a unit-testable documentation module.
 2022-07-21 15:32:00 +02:00
Robert Hensing
9a0b26b216 nixos/documentation: Make extraModules configurable 2022-07-21 15:31:35 +02:00
Robert Hensing
e135c417bb nixos/documentation: Forward the specialArgs 
This is necessary when generating the complete documenation for
configurations that import modules from the module arguments.
 2022-07-21 15:31:35 +02:00
github-actions[bot]
f09c360345
Merge staging-next into staging 2022-07-21 00:03:40 +00:00
Maximilian Bosch
258060c37d
nixos/confluence: store crowd SSO password securely 
Basically the same as the JIRA change[1], but I figured that we can
actually implement that in a backwards compatible manner.

[1] https://github.com/NixOS/nixpkgs/pull/181715
 2022-07-20 23:11:53 +02:00
Maximilian Bosch
db9937b578
nixos/mailman: don't leak MAILMAN_REST_API_PASS into the store 2022-07-20 22:23:54 +02:00
Maximilian Bosch
501bbad4ce
Merge pull request #182104 from mayflower/mail-exporter-secrets 
nixos/prometheus-mail-exporter: support storing `passphrase` outside of the store, use umask when using envsubst
 2022-07-20 20:42:14 +02:00
Maximilian Bosch
92bd77e85e
nixos/prometheus-mail-exporter: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch
590e60d124
nixos/mxisd: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch
81add6600c
nixos/privacyidea-ldap-proxy: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
ajs124
c386f8658b (k)vdo: 8.1.1.360 -> 8.2.0.2 2022-07-20 15:00:53 +02:00
Maximilian Bosch
39c0694709
nixos/prometheus-mail-exporter: support storing passphrase outside of the store 2022-07-19 17:32:08 +02:00
pennae
7388711363 nixos/resolved: convert option docs to MD 2022-07-19 16:23:57 +02:00
pennae
3fdde45825 nixos/oci-containers: convert option docs to MD 
no changes to the manpages, no rendering changes to the html manual
 2022-07-19 16:23:57 +02:00
pennae
875acd1c2b nixos/qt5: convert option docs to MD 
changing a varlist to an md list changes the rendering slightly.
 2022-07-19 16:23:56 +02:00
github-actions[bot]
f0d5e4f5ad
Merge staging-next into staging 2022-07-19 12:02:34 +00:00
github-actions[bot]
cfe78489c9
Merge master into staging-next 2022-07-19 12:01:43 +00:00
Sandro
bca69a4037
Merge pull request #181867 from newAM/github-runner 
nixos/github-runner: fix systemd defaults for common workflows
 2022-07-19 12:56:17 +02:00
Euan Kemp
f158ac45ef nixos/k3s: use default cgroup-driver again 
Setting `cgroup-driver=systemd` was originally necessary to match with
docker, else the kubelet would not start (#111835)

However, since then, docker support has been dropped from k3s (#177790).
As such, this option is much less necessary.

More importantly, it now seems to be actively causing issues. Due to an
upstream k3s bug, it's resulting in the kubelet and containerd having
different cgroup drivers, which seems to result in some difficult to
debug failure modes.

See
https://github.com/NixOS/nixpkgs/issues/181790#issuecomment-1188840862
for a description of this problem.

Removing this flag entirely seems reasonable to me, and it results in
k3s working again on my machine.
 2022-07-19 02:52:12 -07:00
Wei Tang
b0a0087d53
nixos/flannel: upgrade to etcdv3 (#180315) 2022-07-19 16:09:42 +10:00
github-actions[bot]
1ae70f1c80
Merge staging-next into staging 2022-07-19 06:03:43 +00:00
github-actions[bot]
305e8cb7b8
Merge master into staging-next 2022-07-19 06:03:02 +00:00
Wout Mertens
3ee8d4c909
netdata module: fix ExecStartPost (#181976) 2022-07-19 06:19:18 +02:00
github-actions[bot]
5467a35e74
Merge staging-next into staging 2022-07-19 00:02:54 +00:00
github-actions[bot]
d64d75f2f3
Merge master into staging-next 2022-07-19 00:02:21 +00:00
Artturi
6dc4ee65f7
Merge pull request #179163 from cmm/network-setup-bindTo 
nixos/network-interfaces-scripted: don't bindTo absent network-setup.service
 2022-07-19 01:33:14 +03:00
Joachim F
0640ef2ccc
Merge pull request #180231 from dfithian/heartbeat 
heartbeat service: specify package
 2022-07-18 20:56:08 +02:00
Dan Fithian
49a5377557 heartbeat service: specify package 
Other elastic services can specify the package. Now we can also do it for heartbeat.
 2022-07-18 14:39:22 -04:00
github-actions[bot]
9339fffb65
Merge staging-next into staging 2022-07-18 18:01:57 +00:00
github-actions[bot]
83702a6ef7
Merge master into staging-next 2022-07-18 18:01:14 +00:00
oaksoaj
fc9e22fca1 yggdrasil: add group option back and remove systemd User= directive 
The group configuration parameter allow to share access to yggdrasil
control socket with the users in the system. In the version we propose,
it is null by default so that only root can access the control socket,
but let user create their own group if they need.

Remove User= durective in systemd unit. Should a user with the specified
name already exist in the system, it would be used silently instead of a
dynamic user which could be a security concern.
 2022-07-18 12:56:59 -05:00
oaksoaj
080774e28f yggdrasil: reenable DynamicUser 
Since version 0.4 Yggdrasil works again using systemd's DynamicUser option.
This patch reenables it to improve security.

We tested this with both persistent and non-persistent keys. Everything
seems to work fine.
 2022-07-18 12:56:59 -05:00
Maximilian Bosch
179688c7c8
Merge pull request #181377 from mayflower/mxisd-secrets 
nixos/mxisd: allow passing secrets
 2022-07-18 15:10:49 +02:00
Maximilian Bosch
8b72dae17b
Merge pull request #181528 from Ma27/privacyidea-ldap-proxy-secrets 
nixos/privacyidea: better secret-handling ldap-proxy & RFC42-style settings for ldap-proxy
 2022-07-18 14:19:47 +02:00
github-actions[bot]
a2fce4c651
Merge staging-next into staging 2022-07-18 12:02:35 +00:00
github-actions[bot]
71fe747e70
Merge master into staging-next 2022-07-18 12:01:55 +00:00
Maximilian Bosch
949c334ea9
nixos/privacyidea-ldap-proxy: use list for EnvironmentFile for mergeability 2022-07-18 13:58:08 +02:00
Maximilian Bosch
dab3ae9d8b
Merge pull request #181715 from mayflower/jira-secret-opts 
nixos/atlassian-jira: allow to store SSO password for crowd outside of the Nix store
 2022-07-18 13:53:42 +02:00
Jörg Thalheim
9a020f31aa
Merge pull request #175439 from Mic92/jellyfin 
nixos/jellyfin: better defaults for hardware acceleration
 2022-07-18 12:51:54 +01:00
Maximilian Bosch
c2c82fbe43
nixos/mxisd: use a list for env file for mergeability 2022-07-18 13:47:09 +02:00
Janne Heß
4e0f8f7f44
Merge pull request #181882 from SuperSandro2000/systemd-boot 
nixos/systemd-boot: remove default log message if nothing changes
 2022-07-18 10:02:43 +02:00
Vladimír Čunát
250922fd1e
Merge branch 'master' into staging-next 2022-07-18 08:29:53 +02:00
Alex Martens
c34749dd63 nixos/github-runner: fix systemd defaults for common workflows 2022-07-17 22:02:57 -07:00
Sandro
24aefd2c82
Merge pull request #177240 from Majiir/streamdeck-ui 2022-07-17 23:27:43 +02:00
Sandro Jäckel
4396fd615c
nixos/systemd-boot: remove default log message if nothing changes 2022-07-17 21:46:50 +02:00
Sandro Jäckel
3920bb41f2
nixos/searx: improve searxng compatibility 2022-07-17 21:45:30 +02:00
Sandro
0890c4aef1
Merge pull request #168879 from aidalgol/pass-secret-service-systemd-unit 2022-07-17 16:45:27 +02:00
Bjørn Forsman
0080a93cdf nixos/jenkins-job-builder: create secret file with umask 0077 
IOW, don't make it world readable.
 2022-07-17 15:24:48 +02:00
Majiir Paktu
3ba735cce2 nixos/streamdeck-ui: init 2022-07-16 22:10:33 -04:00
github-actions[bot]
97f117148f
Merge staging-next into staging 2022-07-17 00:02:54 +00:00
github-actions[bot]
8df1eb061a
Merge master into staging-next 2022-07-17 00:02:14 +00:00
Sandro
04a5c30245
Merge pull request #179582 from catap/prl-tools 2022-07-17 01:41:46 +02:00
Sandro
769329f5f8
Merge pull request #172058 from midchildan/improvement/1pw-gid 
nixos/_1password{,-gui}: use a static gid
 2022-07-17 01:21:42 +02:00
Sivizius
5e941caa0d
nixos/cri-o: removed defaultText of internal package-option 2022-07-17 08:04:15 +10:00
Sandro Jäckel
5e297d07aa
nixos/onlyoffice: init 2022-07-16 23:32:07 +02:00
Vladimír Čunát
0879ac5da6
Merge branch 'master' into staging-next 2022-07-16 20:07:05 +02:00
Maximilian Bosch
4adf26f018
nixos/privacyidea-ldap-proxy: always run envsubst 
Otherwise the file doesn't exist at the expected location.
 2022-07-16 14:00:46 +02:00
Kim Lindberger
d012de5b1d
Merge pull request #181401 from yayayayaka/gitlab-bump-git-to-2.35.4 
nixos/gitlab: Bump git to 2.35.4
 2022-07-16 13:37:16 +02:00
Maximilian Bosch
765cc35042
nixos/atlassian-jira: allow to store SSO password for crowd outside of the Nix store 
The option `services.jira.sso.applicationPassword` has been replaced by
`applicationPasswordFile` that needs to be readable by the `jira`-user
or group.

The new `crowd.properties` is created on startup in `~jira` and the
secret is injected into it using `replace-secret`.
 2022-07-16 13:01:29 +02:00
Bjørn Forsman
50eaf82b6f nixos/jenkins-job-builder: fix jenkins authentication 
The current authentication code is broken against newer jenkins:

  jenkins-job-builder-start[1257]: Asking Jenkins to reload config
  jenkins-start[789]: 2022-07-12 14:34:31.148+0000 [id=17]        WARNING hudson.security.csrf.CrumbFilter#doFilter: Found invalid crumb 31e96e52938b51f099a61df9505a4427cb9dca7e35192216755659032a4151df. If you are calling this URL with a script, please use the API Token instead. More information: https://www.jenkins.io/redirect/crumb-cannot-be-used-for-script
  jenkins-start[789]: 2022-07-12 14:34:31.160+0000 [id=17]        WARNING hudson.security.csrf.CrumbFilter#doFilter: No valid crumb was included in request for /reload by admin. Returning 403.
  jenkins-job-builder-start[1357]: curl: (22) The requested URL returned error: 403

Fix it by using `jenkins-cli` instead of messing with `curl`.

This rewrite also prevents leaking the password in process listings. (We
could probably do it without `replace-secret`, assuming `printf` is a
shell built-in, but this implementation should be safe even with shells
not having a built-in `printf`.)

Ref https://github.com/NixOS/nixpkgs/issues/156400.
 2022-07-16 12:30:41 +02:00
Arian van Putten
55bd770662
Merge pull request #167514 from shimunn/pam_u2f_module 
nixos/security/pam: added `origin` option to pamu2f
 2022-07-16 10:56:26 +02:00
Vladimír Čunát
7fbdf335d8
Merge #180368: nixos/i18n: normalise locale names 2022-07-16 09:01:42 +02:00
Timothy DeHerrera
371db36e56
nvidia: improve robustness of udev rules 
fixes #165719
 2022-07-15 19:37:13 -07:00
github-actions[bot]
fa3b53e492
Merge staging-next into staging 2022-07-16 00:03:07 +00:00
github-actions[bot]
fa96a4fa79
Merge master into staging-next 2022-07-16 00:02:26 +00:00
Sandro
2d0f98389f
Merge pull request #175738 from SuperSamus/plasma 2022-07-16 00:56:08 +02:00
Bernardo Meurer
ed0e38f28d
Merge pull request #181625 from lovesegfault/nix-2.10.3 
nix: 2.10.2 -> 2.10.3
 2022-07-15 15:28:41 -07:00
Aaron Andersen
9b01242132
Merge pull request #131261 from bb2020/dlna 
nixos/minidlna: convert to structural settings
 2022-07-15 21:28:19 +02:00
Bernardo Meurer
ea8a1ac198 nix-fallback-paths: 2.10.2 -> 2.10.3 2022-07-15 12:00:56 -07:00
shimun
327d99c0ca
nixos/security/pam: added origin option to pamu2f 2022-07-15 20:38:24 +02:00
github-actions[bot]
8eb75b850f
Merge staging-next into staging 2022-07-15 18:02:01 +00:00
github-actions[bot]
9f53d5cc15
Merge master into staging-next 2022-07-15 18:01:23 +00:00
Sandro
8e45a79ab1
Merge pull request #181579 from NixOS/netdata-module-startpost 
netdata: fix post start for module
 2022-07-15 16:20:55 +02:00
Sandro
475b23340b
Merge pull request #181410 from lilyinstarlight/fix/greetd-default-user 
nixos/greetd: fix minor typo for default user
 2022-07-15 16:12:09 +02:00
github-actions[bot]
9303bacb57
Merge staging-next into staging 2022-07-15 12:01:52 +00:00
github-actions[bot]
a4622e8226
Merge master into staging-next 2022-07-15 12:01:15 +00:00
Lucas Eduardo
e13404895a
nixos/label: add validation for system.nixos.label (#181479) 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2022-07-15 11:45:25 +02:00
Wout Mertens
7f55ee3a53
netdata: fix post start for module 2022-07-15 09:57:13 +02:00
zowoq
e2659eea36 nixos/kubernetes: use copyToRoot instead of deprecated contents 2022-07-15 10:23:06 +10:00
Maximilian Bosch
bccaac9535
nixos/privacyidea: better secret-handling ldap-proxy & RFC42-style settings for ldap-proxy 
Instead of hard-coding a single `configFile` for
`privacyidea-ldap-proxy.service` which is pretty unmergable with other
declarations it now uses a RFC42-like approach. Also to make sure that
secrets can be handled properly without ending up in the Nix store, it's
possible to inject secrets via envsubst

    {
      services.privacyidea.ldap-proxy = {
        enable = true;
        environmentFile = "/run/secrets/ldap-pw";
        settings = {
          privacyidea.instance = "privacyidea.example.org";
          service-account = {
            dn = "uid=readonly,ou=serviceaccounts,dc=example,dc=org";
            password = "$LDAP_PW";
          };
        };
      };
    }

and the following secret file (at `/run/secrets`):

    LDAP_PW=<super-secret ldap pw>

For backwards-compat the old `configFile`-option is kept, but it throws
a deprecation warning and is mutually exclusive with the
`settings`-attrset. Also, it doesn't support secrets injection with
`envsubst` & `environmentFile`.
 2022-07-14 23:51:17 +02:00
Martin Weinelt
b2d57db6c2
Merge pull request #180516 from Atemu/kernel-disable-ashmem 
linux: disable ASHMEM on >= 5.18
 2022-07-14 23:20:26 +02:00
github-actions[bot]
1a74c5d703
Merge master into staging-next 2022-07-14 18:01:27 +00:00
Nick Cao
c543c996a9
nix-fallback-paths.nix: Update to 2.10.2 2022-07-14 23:53:44 +08:00
Elis Hirwing
e4d73b8bdd
Merge pull request #181474 from etu/drop-some-maintainerships 
treewide: Drop myself as maintainer for some packages I don't use
 2022-07-14 15:08:07 +02:00
Elis Hirwing
729fb87ae3
treewide: Drop myself as maintainer for some packages I don't use 2022-07-14 14:39:58 +02:00
github-actions[bot]
e0608ddfd9
Merge master into haskell-updates 2022-07-14 00:15:36 +00:00
Lily Foster
6f5c1bcf7b nixos/greetd: fix minor typo for default user 
It has been like this since the module was added, but it hasn't caused
problems because greetd assumes a default user of "greeter"[1] when it
isn't found anyway

[1]: d700309623/item/greetd/src/config/mod.rs (L127)
 2022-07-13 18:11:16 -04:00
M. A
61e3490c1c nixos/gitlab: Bump git to 2.35.4 
Resolves CVE-2022-29187
 2022-07-13 21:03:46 +00:00
github-actions[bot]
00ec8bc8d3
Merge master into staging-next 2022-07-13 18:01:28 +00:00
Maximilian Bosch
d54d70f166
nixos/mxisd: allow passing secrets 
Suppose you want to provide a LDAP-based directory search to your
homeserver via a service-user with a bind-password. To make sure that
this doesn't end up in the Nix store, it's now possible to set a
substitute for the bindPassword like

    services.mxisd.extraConfig.ldap.connection = {
      # host, bindDn etc.
      bindPassword = "$LDAP_BIND_PW";
    };

and write the actual secret into an environment file that's readable for
`mxisd.service` containing

    LDAP_BIND_PW=<your secret bind pw>

and the following setting in the Nix expression:

    services.mxisd.environmentFile = "/runs/ecrets/mxisd";

(cherry picked from commit aa25ce7aa1a89618e4257fd46c7d20879f54c728)
 2022-07-13 19:19:17 +02:00
Domen Kožar
c46a3dc50a cachix-agent: allow restarts now that deployments are subprocesses 2022-07-13 11:40:54 -05:00
Sandro
a959a2cd26
Merge pull request #180992 from romildo/new.xdg.portal.lxqt 2022-07-13 14:15:09 +02:00
github-actions[bot]
9e8540af02
Merge master into staging-next 2022-07-13 12:01:13 +00:00
illustris
f60f165501 nixos/proxmox-image: use qemu 6.2 for building VMA 2022-07-13 10:44:41 +02:00
Vladimír Čunát
8169a7fce0
Merge branch 'master' into staging-next 2022-07-13 09:57:41 +02:00
José Romildo
7e30ebb2c2 nixos/lxqt: add a module for the lxqt portal 2022-07-12 17:17:39 -03:00
Luflosi
db4fdd6247
nixos/filesystems: skip fsck for bind mounts 
Without this change, configurations like
```nix
fileSystems."/path/to/bindMountedDirectory" = {
  device = "/path/to/originalDirectory";
  options = [ "bind" ];
};
```
will lead to a warning message in `dmesg`:
```
systemd-fstab-generator: Checking was requested for "/path/to/originalDirectory", but it is not a device.
```
This happens because the generated /etc/fstab entry contains a non-zero fsck pass number, which doesn't make sense for a bind mount.
 2022-07-12 16:51:25 +02:00
Sandro
78fff7ed35
Merge pull request #181197 from bjornfor/fix-ddclient-password-leak 2022-07-12 15:13:43 +02:00
github-actions[bot]
446763e8e1
Merge master into staging-next 2022-07-12 12:01:18 +00:00
Martin Weinelt
b7dc3d66c2
Merge pull request #181184 from kittywitch/ha-empty-config-fix 
nixos/home-assistant: make the reload triggers dependent upon cfg.config
 2022-07-12 11:39:39 +02:00
Bjørn Forsman
e0f2f7f9ea nixos/ddclient: don't leak password in process listings 
...by using `replace-secret` instead of `sed` when injecting the
password into the ddclient config file. (Verified with `execsnoop`.)

Ref https://github.com/NixOS/nixpkgs/issues/156400.
 2022-07-12 10:23:40 +02:00
Pascal Wittmann
6d1cabe9d9
Merge pull request #158346 from kurnevsky/i2pd-yggdrasil 
i2pd: add yggdrasil settings
 2022-07-12 10:19:18 +02:00
Alyssa Ross
c3fafea4ed nixos: remove unused "system tarball" modules 
This has all been commented in nixos/release.nix since at least 2015,
so it's not doing us any good to keep it around.
 2022-07-12 07:34:20 +00:00
github-actions[bot]
aef69f5f34
Merge master into staging-next 2022-07-12 06:01:09 +00:00
Aaron Andersen
bf57026e6a
Merge pull request #179511 from jian-lin/fix-force-caddy-reload-config 
nixos/caddy: force caddy to reload config in ExecReload
 2022-07-12 04:53:45 +02:00
github-actions[bot]
2caa4189ea
Merge master into staging-next 2022-07-12 00:02:27 +00:00
Aidan Gauland
d9119dbbdf
pass-secret-service: unstable-2020-04-12 -> unstable-2022-03-21 
* Update to the latest upstream version of pass-secret-service that includes
  systemd service files.
* Add patch to fix use of a function that has been removed from the Python
  Cryptography library in NixOS 22.05
* Install systemd service files in the Nix package.
* Add NixOS test to ensure the D-Bus API activates the service unit.
* Add myself as a maintainer to the package and NixOS test.
* Use checkTarget instead of equivalent custom checkPhase.
 2022-07-12 07:33:26 +12:00
Sandro Jäckel
af66b47b3a nixos/postgresql-backup: allow setting compression level 2022-07-11 21:28:22 +02:00
Gaute Ravndal
cc0d38b58e nixos/i18n: normalise locale codeset names in supportedLocales 2022-07-11 20:17:50 +02:00
github-actions[bot]
5f2ff17a45
Merge master into staging-next 2022-07-11 18:01:16 +00:00
Kat Inskip
8f2c49ece6
nixos/home-assistant: make the reload triggers dependent upon cfg.config 2022-07-11 08:19:25 -07:00
Sandro
e2f14dd31a
Merge pull request #181026 from queezle42/pipewire-systemwide-bluetooth 
pipewire: fix bluetooth for system-wide configuration
 2022-07-11 15:38:55 +02:00
Jens Nolte
61c9f44a1d pipewire: fix bluetooth for system-wide configuration 2022-07-11 02:35:36 +02:00
github-actions[bot]
55e8459a46
Merge staging-next into staging 2022-07-11 00:04:08 +00:00
Melvyn
ef6d6d4c4a
Add bash to netdata service path 
The `bash` binary is needed for running some plugins, notably the alarm notify plugins. If the binary isn't in the path, alarms notifications aren't sent and the netdata error log instead contains `/usr/bin/env: 'bash': No such file or directory`.
 2022-07-10 16:26:05 -07:00
Bernardo Meurer
c6b0888a86
Merge pull request #180991 from aij/raspberrypi-bootloader-config.txt 
raspberrypi-bootloader: Update doc URL for config.txt options
 2022-07-10 14:09:43 -07:00
Guillaume Girol
e21a770188
Merge pull request #180933 from yuuyins/nvidia-busidtype 
hardware/nvidia: add @ to constraint on busIDType
 2022-07-10 20:00:30 +00:00
Sandro
366683965e
Merge pull request #166308 from ncfavier/wg-resolvconf 
nixos/resolvconf: allow different implementations
 2022-07-10 21:00:00 +02:00
Shawn8901
98ac43a1cf
zrepl: add package option to module (#179189) 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2022-07-10 20:32:27 +02:00
github-actions[bot]
05798fee88
Merge staging-next into staging 2022-07-10 18:01:55 +00:00
Martin Weinelt
0044b4fa22
Merge pull request #180950 from alyssais/graphite 2022-07-10 17:22:45 +02:00
Martin Weinelt
f8137a54eb
Merge pull request #153445 from erdnaxe/prometheus_protecthome 
nixos/prometheus-node-exporter: do not protect home
 2022-07-10 17:21:44 +02:00
Emery Hemingway
429fc9aaf7 nixos/hedgedoc: convert to settings-style configuration 
Replace "services.hedgedoc.configuration" with ".settings" to be
consistent with RFC0042. This allows control of settings not
declared in the module.
 2022-07-10 08:07:14 -05:00
github-actions[bot]
4bff9bab6b
Merge staging-next into staging 2022-07-10 12:02:29 +00:00
Ivan Jager
34aa4fe7a9 raspberrypi-bootloader: Update doc URL for config.txt options 
The old URL was redirecting to more generic Rasbperry Pi documentation.
 2022-07-10 06:58:32 -05:00
Robert Hensing
acd969a4dd nixos/nixpkgs.nix: Recommend hostPlatform instead of system 
The ${opt.*} syntax will print the full path when NixOS is used
as a submodule.

nixpkgs.system / nixpkgs.localSystem must not be read by any
other module because its meaning is ambiguous in cross vs
non-cross contexts. hostPlatform is generally what you need.
*Where* you build something generally doesn't matter in a
system _configuration_ context like NixOS.
 2022-07-10 13:36:24 +02:00
Robert Hensing
e153087276 nixos: Fix use of nixpkgs.localSystem 
localSystem is ill-defined because unlike hostPlatform, its
meaning is different in a cross or non-cross context.
 2022-07-10 13:35:54 +02:00
Janne Heß
9412f62782
Merge pull request #180536 from SuperSandro2000/hydra-runuser 
nixos/hydra: use runuser like hydra flake
 2022-07-10 13:30:42 +02:00
K900
d2b579b23e
Merge pull request #178254 from K900/update-tempo 
tempo: 1.1.0 -> 1.4.1, add NixOS module
 2022-07-10 14:01:30 +03:00
Alyssa Ross
1f18d44106
python3.pkgs.graphite_api: remove 
Due to lack of maintenance.  It doesn't build, the last upstream
commit was in 2017, and last significant change in Nixpkgs was in
2018.
 2022-07-10 09:46:20 +00:00
Alyssa Ross
ada1d87767
python3.pkgs.graphite_beacon: remove 
Due to lack of maintenance.  It is not compatible with the default
Python version (due to the tornado 5) dependency, and doesn't look
like it will be any time soon.
 2022-07-10 09:17:23 +00:00
github-actions[bot]
4fa8151b9f
Merge staging-next into staging 2022-07-10 06:01:52 +00:00
yuu
ce2e4707b7
hardware/nvidia: add @ to constraint on busIDType 
On some configurations, the only known syntax that works
requires the `@` character, such as `intelBusId = "0@0:2:0";`  and
`nvidiaBusId = "1@1:0:0";` [1].

[1]. https://discourse.nixos.org/t/struggling-with-nvidia-prime/13794/4
 2022-07-10 02:48:40 -03:00
José Romildo Malaquias
7802f1b647
Merge pull request #180570 from romildo/upd.nixos.qt5 
nixos/qt5: add kde platform theme
 2022-07-09 21:44:28 -03:00
github-actions[bot]
ed2918e1af
Merge staging-next into staging 2022-07-09 18:01:55 +00:00
Kirill A. Korinsky
f41fc22111
prl-tools: 12.2.1-41615 -> 17.1.4-51567 
Install Parallel Tools updated for version 17 of Parallels for macOS. This
fixes clipboard sharing, so that copy and paste works between the host
macOS and the guest NixOS VM. Support for guests on M1 Apple Silicon-based
Macs (aarch64-linux) is also added.

Co-authored-by: Paul Smith <paulsmith@gmail.com>
Co-authored-by: Weijia Wang <9713184+wegank@users.noreply.github.com>
 2022-07-09 14:43:27 +02:00
Artturi
9209b23d44
Merge pull request #180778 from martinetd/logrotate-test-nosandbox 
logrotate: fix config check without sandbox
 2022-07-09 15:12:25 +03:00
github-actions[bot]
449ceff4fa
Merge staging-next into staging 2022-07-09 12:01:54 +00:00
Vladimír Čunát
a6d59d9ee4
Merge #180513: nixos/i18n: always generate C locale 2022-07-09 09:15:50 +02:00
Dominique Martinet
fd701a9cd1 logrotate: fix config check without sandbox 
make logrotate not try to write to /var/lib/logrotate.status by
using an alternate path.

Also avoid /tmp and use build CWD

Fixes #180734
 2022-07-09 09:55:03 +09:00
github-actions[bot]
5c6643bcdd
Merge staging-next into staging 2022-07-09 00:02:42 +00:00
Martino Fontana
5e84f7899e nixos/plasma5: expose qdbus in PATH 2022-07-08 23:33:19 +02:00
Martino Fontana
7a4e909905 nixos/plasma5: enable power-profiles-daemon by default 2022-07-08 23:32:51 +02:00
K900
512a26ae13
Merge pull request #177389 from K900/plasma-exclude-packages 
nixos/plasma5: add excludePackages option
 2022-07-08 21:33:35 +03:00
K900
03dd01dd2f nixos: add module for tempo 
It's very barebones but should be OK for now.
 2022-07-08 21:33:17 +03:00
Jan Tojnar
819fe6a918 Merge branch 'staging-next' into staging 
; Conflicts:
;	pkgs/data/icons/papirus-icon-theme/default.nix
 2022-07-08 20:21:39 +02:00
Peder Bergebakken Sundt
50dd61a9ba nixos/polaris: init 2022-07-08 12:27:48 -04:00
Sandro Jäckel
90761632ae
nixos/hydra: use runuser like hydra flake 2022-07-07 22:37:51 +02:00
José Romildo
41dbc0bdf2 nixos/qt5: add kde platform theme 2022-07-07 16:29:34 -03:00
Jan Tojnar
e374cc2aad
Merge pull request #179736 from jansol/pipewire 
pipewire: 0.3.52 -> 0.3.54
 2022-07-07 20:48:51 +02:00
José Romildo Malaquias
ebdd91b4e3
Merge pull request #180549 from romildo/upd.nixos.qt 
nixos/qt5: add lxqt platform theme
 2022-07-07 14:40:43 -03:00
Maëlys Bras de fer
b2224764ee
nixos-generate-config: substitute nix-instantiate 2022-07-07 18:42:44 +02:00
Jan Solanti
844f03a9dd pipewire: 0.3.53 -> 0.3.54 2022-07-07 19:26:26 +03:00
Sandro
de9a1f4e81
Merge pull request #180039 from astro/openwebrx 2022-07-07 14:48:48 +02:00
Atemu
339ce46af2 nixos/waydroid: add FIXME regarding ASHMEM removal in 5.18 2022-07-07 14:40:17 +02:00
Sandro Jäckel
59128a34c3
nixos/i18n: always generate C locale 2022-07-07 14:25:13 +02:00
José Romildo
6593595ee5 nixos/qt5: add lxqt platform theme 2022-07-07 09:05:46 -03:00
Astro
10565fccde m17-cxx-demod: init at 2.3, add to nixos/openwebrx 2022-07-07 00:41:30 +02:00
zowoq
b7eb3285b3 railcar, nixos/railcar: remove 
Upstream repo is archived and hasn't had any commits since 2018, isn't packaged anywhere else apart from AUR.
 2022-07-07 07:16:58 +10:00