Commit Graph

41414 Commits

Author SHA1 Message Date
Marin
ffc03d2b46 tailscaled: after NetworkManager-wait-online
The wait will only be enabled on machines with NetworkManager enabled.

Closes #180175

(cherry picked from commit 0d822ccdbc)
2024-10-05 11:34:47 +00:00
Jonas Heinrich
17f958406c
nextcloud30: init at 30.0.0
(cherry picked from commit 1b121c1ea2)
2024-10-01 13:37:24 +02:00
⛧-440729 [sophie]
ced0da1e7e nixos/invidious: add options for configuring inv-sig-helper 2024-09-28 19:56:22 +02:00
Bjørn Forsman
7da1d417b3 nixos/influxdb2: wait until service is ready
Factor out part of the provisioning script into a
wait-until-service-is-ready script, and put it unconditionally in
front of ExecStartPost=, so that services that depend on influxdb2 are
not started until influxdb2 responds to requests.

Fixes https://github.com/NixOS/nixpkgs/issues/317017 ("Scrutiny tries to start before influxdb has started")

(cherry picked from commit 732d36522f)
2024-09-27 08:39:32 +02:00
Martin Weinelt
33fbc56f4d
[Backport release-24.05] nixos/printing: add option to disable browsed daemon (#344711) 2024-09-26 21:59:12 +02:00
seth
f1c0a9cab4 nixVersions.nix_2_18: 2.18.7 -> 2.18.8
Diff: https://github.com/NixOS/nix/compare/2.18.7...2.18.8
Fixes https://github.com/NixOS/nix/security/advisories/GHSA-6fjr-mq49-mm2c

(cherry picked from commit 0aed7f0d24)
2024-09-26 18:59:45 +00:00
Thomas Gerbet
48db5e72f2 nixos/printing: add option to disable browsed daemon
It is currently tied to `services.avahi.enable` which might not be
desirable.

With this change it is possible to disable the service with
`services.printing.browsed.enable = false`

(cherry picked from commit 981a63b005)
2024-09-26 18:45:28 +00:00
Adam C. Stephens
37df9bcf93
[Backport release-24.05] lxc/incus LTS upgrades: 6.0.1 -> 6.0.2 (#344337) 2024-09-25 13:19:57 -04:00
Franz Pletz
0f1657cd03
[Backport release-24.05] nixos/prometheus-smartctl-exporter: fix NVMe scanning (#343049) 2024-09-25 18:37:56 +02:00
Adam Stephens
5a084d21e8
incus-lts: 6.0.1 -> 6.0.2
https://discuss.linuxcontainers.org/t/incus-6-0-2-lts-has-been-released/21633
(cherry picked from commit ee30c817cb)
2024-09-24 22:19:00 -04:00
Rémi NICOLE
830f6d4a19
[Backport release-24.05] nixos/sssd: fix KCM to use new krb5 settings (#327930) 2024-09-24 14:32:50 +00:00
Arian van Putten
7faae2f631
[Backport release-24.05] amazon-ssm-agent: add the system's software to the path (#343104) 2024-09-24 10:33:01 +02:00
Arian van Putten
edfcc0c97b
[Backport release-24.05] amazon-init: include the general system's software and wrappers in PATH (#343105) 2024-09-24 10:32:20 +02:00
Jörg Thalheim
b34eac728a [release-24.05]: update nix-fallback-paths 2024-09-22 15:58:28 +02:00
Graham Christensen
b1d27e1322 amazon-init: include the general system's software and wrappers in PATH
It is surprising that software which was installed by the user at AMI
generation time isn't available to a script run over user data by
default.

When authoring user data to execute at startup, users will now have
more predictable access to baked-in software instead of an extremely
bare-minimum set currently there.

(cherry picked from commit 76b614be39)
2024-09-19 19:58:28 +00:00
Graham Christensen
e6fb8a4224 amazon-ssm-agent: add the system's software to the path
Follow up to #342584.

Similarly to that PR, it is surprising that software which was installed by the user isn't available to a script run over ssm by default.

When executing commands with ssm, users will now have more predictable access to baked-in software instead of an extremely bare-minimum set currently there.

(cherry picked from commit 7547a1f5f8)
2024-09-19 19:57:51 +00:00
Bjørn Forsman
04ba303d19 nixos/prometheus-smartctl-exporter: fix NVMe scanning
smartctl_exporter already runs with SupplementaryGroups "disk", which
gives full access to SATA drives, but NVMe devices are owned by
root:root, resulting in no access:

  [...] msg="Smartctl open device: /dev/nvme0 failed: Permission denied"

This patch introduces a "smartctl-exporter-access" supplementary
group, and an udev rule with setfacl to give the exporter access to NVMe
drives, without changing the base root:root ownership.

Fixes https://github.com/NixOS/nixpkgs/issues/210041

(cherry picked from commit 86a6ef5f15)
2024-09-19 15:29:32 +00:00
Julien Malka
2198681f51
[Backport release-24.05] nixos/systemd-boot: Fix regression in builder script (#342234) 2024-09-19 14:56:52 +02:00
Robert Hensing
3a458f7c76
[Backport release-24.05] #342778 (#342817) 2024-09-18 17:53:39 +02:00
Robert Hensing
291c95120d nixosTests.nix-serve: Use new entrypoint
This reuses the `pkgs`, so that `pkgs.nixosTests.nix-serve` will
run with the overlays of `pkgs` applied.

(cherry picked from commit 30620e7736)
2024-09-18 16:46:37 +02:00
Jean-François Roche
875e6ad20a nixos/systemd-boot: Fix regression in builder script
Avoid running Python scripts in the root of the package, as this
triggers `os.listdir` on the Nix store directory during import. This
operation can be time-consuming on large store directories
(see issue #283795 for more details).

The issue was initially fixed in #284153 but was reverted in #306339.

Co-authored-by: Sönke Hahn <soenkehahn@gmail.com>
(cherry picked from commit 251b0c958f)
2024-09-16 10:08:29 +02:00
Florian Agbuya
6b25604415 flarum: fix installation and migration logic
(cherry picked from commit 317a52a757)
2024-09-16 07:00:11 +00:00
github-actions[bot]
19adb9847e
[Backport release-24.05] nixos/doc: update Installing section (#342125)
nixos/doc: update `Installing` section (#341995)

Mention how to set a user password right after installation.
Also don't suggest to use `useradd` to add users.

(cherry picked from commit 4c1d53818b)

Co-authored-by: misuzu <bakalolka@gmail.com>
2024-09-15 21:29:17 +02:00
Bjørn Forsman
6ecc647b4e nixos/ups: set env vars in the global environment
This allows using upsdrvctl interactively, which otherwise tries to use
a missing ups.conf in the Nix store, instead of the correct
/etc/nut/ups.conf.

(cherry picked from commit 1cb392fdcd)
2024-09-14 08:59:39 +02:00
Bjørn Forsman
7ea9a39b4d nixos/ups: deduplicate environment variables
No functional change, but more DRY.

(cherry picked from commit 801388a6fa)
2024-09-14 08:59:39 +02:00
Peder Bergebakken Sundt
cd51764d0a
[Backport release-24.05] Syncthing: implemented folder type (#340775) 2024-09-13 02:51:44 +02:00
Adam C. Stephens
c1db88d848
[Backport release-24.05] zfs: 2.2.5 -> 2.2.6 (#340382) 2024-09-10 14:50:44 -04:00
Will Fancher
04c2feca6c nixos/tests/zfs: Fix flake build
(cherry picked from commit 9bd0b5ac05)
2024-09-10 11:29:37 -04:00
h7x4
d63965f14c nixos/doc: move implementation notes for formats.libconfig to docs
(cherry picked from commit bf2adb82b7)
2024-09-10 15:26:46 +00:00
h7x4
a77fc07ef9 nixos/doc: add documentation for formats.libconfig
(cherry picked from commit a891526b22)
2024-09-10 15:26:46 +00:00
h7x4
f326bccdbd nixos/doc: move implementation notes for formats.hocon to docs
(cherry picked from commit 141a8a6c86)
2024-09-10 15:26:46 +00:00
h7x4
e3d4cf9eeb nixos/doc: add documentation for formats.hocon
(cherry picked from commit 89aaab565e)
2024-09-10 15:26:46 +00:00
Jade Lovelace
43d39bad35 nixosTests.misc: fix override
This meant that pkgs.lix.passthru.tests.misc never evaluated.

It should be noted that it seems like completely different test
infrastructure is in use on master (25.11), or maybe it is just that the
same test got renamed to nix-misc. Either way, this is busted.
2024-09-10 13:51:45 +02:00
Maximilian Bosch
f3762903d6
nixos/prometheus-exporters/pgbouncer: don't leak DB password into cmdline
Since `connectionStringFile` reads the file and puts it into the
invocation of the exporter, it's part of the cmdline and thus
effectively world-readable.

Added a new `connectionEnvFile` which is supposed to be an environment
file of the form

  PGBOUNCER_EXPORTER_CONNECTION_STRING=...

that will be added to the systemd service. The exporter will read the
connection string from that value.

(cherry picked from commit 862ecd674f)
2024-09-09 22:54:13 +02:00
Maximilian Bosch
1a6587231b
nixos/prometheus-exporters: fix assertions declared in exporter modules
And it turns out, the test was using a removed option all along 🙃

(cherry picked from commit 4980a7d938)
2024-09-09 22:34:44 +02:00
K900
0a00d66fe6 nixos-install: fail if we can't set up bootloader
(cherry picked from commit fa39e3d642)
2024-09-09 13:22:53 +00:00
Cat
f41a13fc1b nixos/syncthing: implement folder type (#308832)
* Syncthing: implemented folder type

* Syncthing: fix syntax (via @johnhamelink )

This commit should be rebased/squashed into the previous one if ofborg cleares it!

Co-authored-by: John Hamelink <me@johnhame.link>

---------

Co-authored-by: John Hamelink <me@johnhame.link>
(cherry picked from commit ed1b6699c0)
2024-09-09 13:08:01 +00:00
Peder Bergebakken Sundt
bdb9b5d94a
[Backport release-24.05] docs: fix Nvidia casing to be consistent across different places (#336574) 2024-09-08 00:12:00 +02:00
Florian Agbuya
c2a2bf70c1 flarum: disable automatic DB creation
(cherry picked from commit 1032b5fa95)
2024-09-07 15:43:50 +00:00
Florian Agbuya
0e59203469 flarum: fix flarum directory permissions
(cherry picked from commit 249dacfaa8)
2024-09-07 15:43:50 +00:00
Justinas Stankevicius
db4e63a4e2 nixos/prowlarr: set HOME for the service
(cherry picked from commit 6e14231e83)
2024-09-03 10:08:36 +00:00
Peder Bergebakken Sundt
43d2816c1d
[Backport release-24.05] invidious: 2.20240427 -> 2.20240825.2 (#338811) 2024-09-02 17:16:20 -04:00
Emily
f778afc484
[24.05] python3Packages.{mautrix,matrix-nio}: add withOlm flags (#338843) 2024-09-02 03:41:25 +01:00
Niklas Hambüchen
114af9abab
[24.05] Backport fix for ceph with dmcrypt (#338630) 2024-09-01 20:49:25 +02:00
Artturin
891f087836
[Backport release-24.05] nixos/telegraf: make sure ping executable is available when trying to ping (#338740) 2024-09-01 21:29:28 +03:00
Emily
caef9784ec python3Packages.matrix-nio: add withOlm flag 2024-09-01 17:32:10 +01:00
Sandro
baca75692d
[Backport release-24.05] nixos/tsm-client: Fix multi-value dsm.sys options (#328031) 2024-09-01 18:11:53 +02:00
Gaetan Lepage
580de4d195 nixos/invidious: remove machine.config in test
(cherry picked from commit a1f7e3d10e)
2024-09-01 13:45:58 +00:00
Shea Levy
fbbd9323de
[Backport release-24.05] nixos/ipu6: Don't build out-of-tree driver for kernels that have it (#332240) 2024-09-01 06:33:05 -04:00
Echo Nolan
43e77c3a5f nixos/telegraf: make sure ping executable is available when trying to ping
We need ping to be in PATH of the service otherwise it can't ping. This commit
adds it, conditional on one of the inputs being a ping task.

(cherry picked from commit 934a337a13)
2024-09-01 04:25:31 +00:00