Commit Graph

1490 Commits

Author SHA1 Message Date
Martin Weinelt
1d1b09c7c1
Merge pull request #148752 from sweber83/sw/zigbee2mqtt-1.22.1 2021-12-06 22:54:42 +01:00
Martin Weinelt
96d69e40f2 nixos/zigbee2mqtt: run as zigbee2mqtt group
Not setting a group is a security defect, since that will run the unit
under the root group.

Fixes: 1af87596 ("nixos/zigbee2mqtt: init")
2021-12-06 18:30:01 +01:00
Simon Weber
200c36255f nixos/zigbee2mqtt: no longer pass dataDir to package 2021-12-06 18:28:59 +01:00
Robert Hensing
862d167f17
Merge pull request #147441 from pennae/option-doc-staticizing
nixos/*: add trivial defaultText to options where applicable
2021-12-06 01:35:38 +01:00
pennae
c694c35f9d nixos/*: escape pkgs reference in examples and descriptions 2021-12-06 00:38:05 +01:00
Artturi
493d66a225
Merge pull request #145732 from gardspirito/mx-puppet-discord 2021-12-04 23:12:09 +02:00
pennae
2512455639 nixos/*: add trivial defaultText for options with simple defaults 2021-12-02 22:35:04 +01:00
Martin Weinelt
254dd2a102 nixos/home-assistant: consider extraComponents in hardening
Previously the extraComponents added to an overriden package would not
have been considered in hardening measures enforced by the module.

Home Assistant is warning the user about component definitions having
moved away from YAML, so using an override to include support for a
component might become the better way moving forward.
2021-12-01 01:09:52 +01:00
Thiago Kenji Okada
25cdc0a9c9
Merge pull request #147490 from illdefined/nix-daemon
modules/nix-daemon: Add missing mk(Rename|Removed)OptionModule
2021-11-26 19:31:02 -03:00
Mikael Voss
257e92258e
modules/nix-daemon: Add missing mk(Rename|Removed)OptionModule
Commit 3a92a1a replaced the nix.daemonNiceLevel and nix.daemonIONiceLevel
options. This commit adds appropriate mk(Rename|Removed)OptionModule.
2021-11-26 13:25:20 +01:00
Samuel Dionne-Riel
8e92630aae nixos: Provide nix-bash-completions again for stable commands 2021-11-26 02:16:56 -05:00
Sandro
338bf1f1b2
Merge pull request #143995 from erictapen/systemd-workingdirectory 2021-11-22 16:25:54 +01:00
Victor Freire
47f638403e nixos/xmrig: add kernel module msr 2021-11-17 18:53:58 -03:00
Victor Freire
ed312a6815 nixos/xmrig: add services.xmrig to module-list.nix 2021-11-17 12:29:40 -03:00
Artturin
a7ea834b17 nixos/plex: replace literalExample with literalExpression 2021-11-16 20:37:44 +02:00
Sandro
a0a5e0be1c
Merge pull request #139553 from andrew-d/andrew/plex-scanners 2021-11-16 19:17:31 +01:00
Mikael Voss
ee8e993fd4 modules/nix-daemon: Replace daemon(IO)NiceLevel options
The nix.daemonNiceLevel options allows for setting the nice level of the
Nix daemon process. On a modern Linux kernel with group scheduling the
nice level only affects threads relative to other threads in the same
task group (see sched(7)). Therefore this option has not the effect one
might expect.

The options daemonCPUSchedPolicy and daemonIOSchedClass are introduced
and the daemonIONiceLevel option renamed to daemonIOSchedPrority for
consistency. These options allow for more effective control over CPU
and I/O scheduling.

Instead of setting daemonNiceLevel to a high value to increase the
responsiveness of an interactive system during builds -- which would not
have the desired effect, as described above -- one could set both
daemonCPUSchedPolicy and daemonIOSchedClass to idle.
2021-11-15 18:34:17 +01:00
gardspirito
a3358146df
nixos/mx-puppet-discord: provide registration file & fix typo in settings example 2021-11-13 13:27:56 +03:00
Artturin
8743e81cd3 nixos/ananicy: init 2021-11-11 02:05:42 +02:00
Victor Freire
46180e407e nixos/xmrig: init 2021-11-06 15:04:14 -03:00
Kerstin Humm
6c8e827c23
nixos/gollum: Specify systemd WorkingDirectory 2021-10-31 13:37:00 +01:00
Flakebi
cb5186feea
signald: add module
Based on https://gitlab.com/coffeetables/myrdd/-/blob/master/modules/signald.nix
2021-10-29 22:48:10 +02:00
Pascal Wittmann
89a0ec8f3c
Merge pull request #142028 from NixOS/bugfix/subsonic-needs-jdk8
nixos/subsonic: use jre8
2021-10-18 20:44:41 +02:00
Pascal Wittmann
14c5fe8c1b
nixos/subsonic: use jre8
The latest version of Subsonic (6.1.6) does not suport Java SE 9 or later
because it depends on the JAXB APIs. Those are considered to be Java EE
APIs are no longer contained on the default classpath in Java SE 9 and
are completely removed in Java SE 11..
2021-10-17 22:55:05 +02:00
Artturi
3dac8b26d3
Merge pull request #141709 from rembo10/sickbeard-service-fix 2021-10-15 08:45:22 +03:00
rembo10
e8d0afd8d1 nixos/sickbeard: fix the startup command 2021-10-15 08:00:36 +03:00
John Ericson
f2a619bcca
Merge pull request #118960 from kquick/assert_buildmachine_system
nixos/nix-daemon: assert system or systems for buildMachines.
2021-10-14 23:51:58 -04:00
David Reaver
3d79c9250a nixos/prowlarr: init 2021-10-10 14:05:33 -07:00
Maximilian Bosch
cbfe4a42f6
Merge pull request #140979 from Ma27/matrix-workers
nixos/matrix-synapse: minor improvements to implement worker-support
2021-10-09 15:24:41 +02:00
Maximilian Bosch
b0ab15b0a1
nixos/matrix-synapse: expose rendered config file as readOnly option 2021-10-08 14:51:28 +02:00
Emil Karlson
d77c75a98e nixos/nix-daemon: Clarify daemonNiceLevel
The option doesn not currently do what some people expect,
clarify the limitations in documentation.
2021-10-08 13:59:35 +03:00
Robert Hensing
4bed9d16cc
Merge pull request #139325 from illdefined/nix-daemon-nice-level
modules/nix-daemon: Explain nice level limitations
2021-10-08 12:12:36 +02:00
Kevin Cox
709b594db4
Merge pull request #137438 from kevincox/mautrix-facebook-module
nixos.mautrix-facebook: init module
2021-10-07 06:36:52 -04:00
John Ericson
cc3f2432d0 nixos/nix-daemon: Add enable option
Don't worry, it's is true by default. But I think this is important to
have because NixOS indeed shouldn't need Nix at run time when the
installation is not being modified, and now we can verify that.

NixOS images that cannot "self-modify" are a legitamate
use-case that this supports more minimally. One should be able to e.g. do a
sshfs mount and use `nixos-install` to modify them remotely, or just
discard them and build fresh ones if they are run VMs or something.

The next step would be to make generations optional, allowing just
baking `/etc` and friends rather than using activation scripts. But
that's more involved so I'm leaving it out.
2021-10-06 16:43:48 -04:00
Yureka
2384362ca7 nixos/gitea: fix eval after #136909 2021-10-05 12:35:34 +02:00
Kevin Cox
ed5403efc3
nixos.mautrix-facebook: init module
This is the first version of the mautrix-facebook module. Due to lack of secret support on NixOS as well as the requirement of a homeserver domain it requires some setup. For completeness here is my working config using NixOps secrets:

```nix
deployment.keys."mautrix-facebook-config.env" = {
	text = ''
		MAUTRIX_FACEBOOK_APPSERVICE_AS_TOKEN=${secrets.as_token}
		MAUTRIX_FACEBOOK_APPSERVICE_HS_TOKEN=${secrets.hs_token}
	'';
	destDir = "/var/keys";
};

deployment.keys."mautrix-facebook-registration.yaml" = {
	text = builtins.toJSON config.services.mautrix-facebook.registrationData;
	destDir = "/var/keys";
	user = "matrix-synapse";
};

users.users.matrix-synapse.extraGroups = ["keys"];

systemd.services.matrix-synapse.after = ["keys.service"];
systemd.services.matrix-synapse.wants = ["keys.service"];

services.mautrix-facebook = {
	enable = true;
	settings = {
		homeserver.domain = "bots.kevincox.ca";

		bridge = {
			displayname_template = "{displayname}";

			permissions = {
				"@kevincox:matrix.org" = "admin";
			};
		};
	};

	environmentFile = "/var/keys/mautrix-facebook-config.env";

	registrationData = {
		as_token = secrets.as_token;
		hs_token = secrets.hs_token;
	};
};

systemd.services.mautrix-facebook = rec {
	wants = ["keys.target"];
	after = wants;
};

services.matrix-synapse.app_service_config_files = [
	"/var/keys/mautrix-facebook-registration.yaml"
];
```
2021-10-04 18:40:28 -04:00
Robert Hensing
0699530f08
Merge pull request #136909 from ncfavier/cleanup-defaults-examples
nixos/doc: clean up defaults and examples
2021-10-04 20:37:42 +02:00
Naïm Favier
2ddc335e6f
nixos/doc: clean up defaults and examples 2021-10-04 12:47:20 +02:00
Jörg Thalheim
0f5218878c
Merge pull request #140343 from Artturin/cfdynststartat
cfdyndns: fix startAt by setting it to *:0/5 instead of 5 minutes
2021-10-03 06:37:27 +01:00
Artturin
2e4938eb6a cfdyndns: fix startAt by setting it to *:0/5 instead of 5 minutes
5 minutes is invalid for startAt
2021-10-03 08:06:37 +03:00
Sandro
50b79f0270
Merge pull request #140178 from SuperSandro2000/SuperSandro2000-patch-1 2021-10-01 23:59:04 +02:00
Maximilian Bosch
598ad679d8
Merge pull request #140045 from SebTM/add_tp-auto-kbbl
tp-auto-kbbl: init at 0.1.5
2021-10-01 19:59:06 +02:00
Sandro
5d53e38d24
nixos/gitea: switch default log level to Info 2021-10-01 19:52:35 +02:00
Sebastian Sellmeier
f0d1af9bd4
tp-auto-kbbl: init at 0.1.5 2021-10-01 13:12:58 +02:00
Steve Purcell
4b518f4aa9 n8n: remove systemd option incompatible with nodejs
The MemoryDenyWriteExecute systemd option is widely known to be
incompatible with nodejs, and causes service crashes as reported in #119687.

Fixes #119687.
2021-09-29 14:21:13 +00:00
Peter Hoeg
aed860f876 nixos/zoneminder: not using zoneminder any longer 2021-09-28 09:21:08 +08:00
markuskowa
e3e5fc9bf1
Merge pull request #136925 from Artturin/snapperfix
nixos/snapper: change timer wantedBy to timers.target & add snapshotOnBoot
2021-09-27 14:13:34 +02:00
Andrew Dunham
ef9b3aea08 plex: add support for custom scanners 2021-09-26 13:46:07 -04:00
Aaron Andersen
57f1ee46e4
Merge pull request #136233 from MayNiklas/owncast
nixos/owncast: init at 0.0.8
2021-09-25 15:25:13 -04:00
Mikael Voss
5f9e069984
modules/nix-daemon: Explain nice level limitations 2021-09-25 20:43:06 +02:00