Commit Graph

31079 Commits

Author SHA1 Message Date
John Titor
07a0b79ed1
nixos/hyprlock: init module 2024-05-27 17:32:22 +05:30
Sandro
99d60e5489
Merge pull request #314948 from Izorkin/update-pinentry-tty 2024-05-27 11:04:18 +02:00
Thomas Gerbet
00015f3ef9
Merge pull request #309036 from tomfitzhenry/sshd-package
nixos/ssh: add services.openssh.package
2024-05-27 09:40:31 +02:00
Will Fancher
0415aec200
Merge pull request #297250 from NickCao/sysuser
nixos/systemd-sysusers: make uid/gid allocation stable
2024-05-26 20:17:06 -04:00
Izorkin
3381fdd745
nixos/no-x-libs: add pinentry-tty 2024-05-27 00:22:07 +03:00
Maximilian Bosch
a5f800ab48
Merge pull request #311701 from Ma27/bump-grafana
grafana: 10.4.2 -> 11.0.0
2024-05-26 20:47:56 +00:00
Jörg Thalheim
f33f71f6f6
Merge pull request #240989 from m-bdf/hyprland-wayland-session
nixos/{sway,river,hyprland}: improve common wayland-session module
2024-05-26 22:06:53 +02:00
Sandro Jäckel
db66127c5b
nixos/no-x-libs: make sure gst-plugins-base has enableGl disabled 2024-05-26 20:51:00 +02:00
Sandro Jäckel
cb58275dc6
nixos/no-x-libs: build gst-plugins-rs without gtk 2024-05-26 20:51:00 +02:00
DavHau
3fe773a174 nixos/openssh: allow removing settings
# Motivation
So far it was not possible to configure sshd to allow password authentication only for a specific user. This is because in the generated config a `Match User xxx` section would be required before the global `PasswordAuthentication` is defined, as otherwise the global option always takes precedence.
The same problem occurs with multiple other options under `settings`.

# Done
This PR fixes that issue for all settings by simply allowing them to be overridden with `null`, which leads to a removal of that setting from the config.
The user can then correctly configure user specific settings using extraConfig, like this:
```
    Match User user1
    PasswordAuthentication yes
    Match all
    PasswordAuthentication no
```
2024-05-26 18:46:27 +02:00
北雁 Cryolitia
164f66169a
nixos/steam: add option fontPackages
fix #178121
2024-05-26 22:55:38 +08:00
北雁 Cryolitia
efef69a51d
nixos/steam: add option extraPackages 2024-05-26 22:03:50 +08:00
Pol Dellaiera
017ee1411d
Merge pull request #314433 from SuperSandro2000/mpv-nox
nixos/no-x-libs: fix mpv build
2024-05-26 07:56:52 +02:00
abysssol
428e60cad9 nixos/ollama: split listenAddress into host and port
breaking change; do not backport
2024-05-25 21:22:15 -04:00
fuggy
ef5ff2a075
nixos/xdg/portal: Fix typo
There was a typo that misspelled /etc/ as /etx/
2024-05-25 17:26:15 -05:00
Peter Lehmann
09be64ecc8
nixos/prometheus: Add query_log_file option 2024-05-25 17:03:24 +02:00
ivan770
1b288bca00
nixos/etc: support direct symlinks with etc overlay 2024-05-25 08:41:24 -04:00
sodiboo
0fa287f2ff nixos/invidious-router: maintianers.s1ls -> maintainers.sils 2024-05-25 13:10:20 +02:00
Pol Dellaiera
d091b7f681
Merge pull request #313112 from savyajha/firefly-iii
firefly-iii: 6.1.15 -> 6.1.16
2024-05-25 10:41:44 +02:00
Yt
1777f06494
Merge pull request #314244 from onny/stalwart-cleanup
stalwart-mail_0_6: drop
2024-05-25 01:59:37 +00:00
Sandro Jäckel
b9ec2c14d8
nixos/no-x-libs: fix mpv build by disabling drmSupport, disable more GUI only relevant features 2024-05-25 02:36:13 +02:00
Sandro Jäckel
2a8e5155c9
nixos/no-x-libs: add libplacebo 2024-05-25 02:36:12 +02:00
éclairevoyant
04548e7e1f
nixos/journalwatch: add package option 2024-05-24 19:11:54 -04:00
Sandro Jäckel
b064e2db69
nixos/mopidy: add wants network-online.target to fix warning 2024-05-25 00:43:18 +02:00
Silvan Mosberger
6c42e8745a
Merge pull request #309517 from bobrippling/fix/ebusd-args
Fix ebusd service argument passing
2024-05-24 23:25:28 +02:00
Atemu
061a135d05
Merge pull request #309585 from diniamo/global-steam-compat-paths-var
nixos/steam: add protontricks submodule
2024-05-24 20:17:35 +02:00
Vladimir Timofeenko
f41e387c26
nixos/frigate: drop BindPaths from systemd service (#309341)
Migrations have been working well even with misconfigured BindPaths => removing
2024-05-24 18:24:56 +02:00
Andrew Morgan
fad7ecc30f mealie: set the correct port in BASE_URL
Otherwise it would default to port 8080, which breaks generated links
when `cfg.port` is set to another port.
2024-05-24 09:17:47 -05:00
James Atkins
bcaf6de467 mealie: 1.2.0 -> 1.7.0
https://github.com/mealie-recipes/mealie/releases/tag/v1.7.0
2024-05-24 09:17:42 -05:00
Someone
67d54c2e29
Merge pull request #312811 from aidalgol/libxnvctrl-shared
linuxPackages.nvidia_x11.libXNVCtrl: make the shared library available
2024-05-24 13:35:19 +00:00
Jonas Heinrich
50388b71cc nixos/stalwart-mail: add onny as maintainer 2024-05-24 12:26:13 +02:00
Jonas Heinrich
3d6a20f380 nixos/stalwart-mail: drop legacy package 2024-05-24 12:15:50 +02:00
K900
69aa70cddf
Merge pull request #307766 from SuperSandro2000/oauth2-proxy-fix-headers
nixos/oauth2_proxy_nginx: fix proxy_set_header
2024-05-24 10:48:07 +03:00
diniamo
fcaec6bdf7 nixos/steam: add protontricks submodule 2024-05-24 08:51:37 +02:00
Pol Dellaiera
d9062cd5f9
Merge pull request #313146 from malteneuss/add-nextjs-ollama-llm-ui
Add nextjs ollama llm UI frontend for Ollama
2024-05-24 06:51:37 +02:00
Aidan Gauland
4e353b67f6
nixos/nvidia: make libXNVCtrl available on nvidia systems 2024-05-24 15:54:18 +12:00
pennae
4d2462511f
Merge pull request #314099 from mrkline/snapper-and-borgbackup-doc-fix
nixos/snapper, nixos/borgbackup: Fix module doc typo
2024-05-24 01:15:09 +02:00
Sandro
3e3ac0e7ba
Merge pull request #305516 from OPNA2608/init/lomiri/ayatana-indicator-display
ayatana-indicator-display: init & add to Lomiri
2024-05-24 00:40:55 +02:00
Malte Neuss
8a05b4f8d4 nixos/nextjs-ollama-llm-ui: init module
NixOS already has good support for the Ollama
backend service. Now we can benefit from
having a convenient web frontend as well for it.
2024-05-23 23:48:55 +02:00
Matt Kline
234f4db797 nixos/snapper, nixos/borgbackup: Fix module doc typo
The persistentTimer argument sets the _Persistent_ field in
systemd.timer(5).

Pointed out in #312549
2024-05-23 14:23:40 -07:00
Lin Jian
4be6150a4c
Merge pull request #313822 from linj-fork/pr/kanata-config-file
nixos/kanata: add a configFile option
2024-05-24 02:53:42 +08:00
Sandro
d836a3e678
Merge pull request #307499 from SuperSandro2000/bwdc-network-online
nixos/bitwarden-directory-connector-cli: add dependsOn network-online…
2024-05-23 20:47:05 +02:00
Nick Cao
9a0eef506d
Merge pull request #314038 from icewind1991/hydra-fix-init-script
nixos/hydra: fix typo in hydra init script
2024-05-23 14:38:44 -04:00
OPNA2608
d29e469f2a nixos/lomiri: Add display indicator 2024-05-23 20:37:34 +02:00
Sandro
f53713e2cf
Merge pull request #304893 from SuperSandro2000/portunus-note
nixos/portunus: add note about allowed characters to id
2024-05-23 20:10:52 +02:00
Robin Appelman
c64e560c86 nixos/hydra: fix typo in hydra init script 2024-05-23 19:25:12 +02:00
Linus Heckemann
cf50bd0aa1 nixos/networking: use mkIfs on the inner attributes
This is a bit more compact and yields the same evaluation results.
2024-05-23 17:46:15 +02:00
Sandro Jäckel
f221b4f5f5
nixos/oauth2_proxy_nginx: fix proxy_set_header 2024-05-23 16:34:37 +02:00
Bobby Rong
e967f2f99c
Merge pull request #313416 from bobby285271/upd/pantheon-tweaks
pantheon-tweaks: 1.1.2 -> 2.0.1
2024-05-23 21:26:59 +08:00
Sandro
6a82eb34cc
Merge pull request #305127 from OPNA2608/init/lomiri/ayatana-indicator-sound 2024-05-23 14:03:14 +02:00
Sandro
360221d4bf
Merge pull request #313096 from onny/stalwart-fix-test 2024-05-23 13:54:39 +02:00
Isabelle
56141e2236
nixos/wireguard: add option preShutdown for commands called before interface deletion (#310345) 2024-05-23 13:53:45 +02:00
Sandro
445809871d
Merge pull request #313228 from SuperSandro2000/asf-no-web-ui 2024-05-23 13:12:54 +02:00
Martin Weinelt
aee13d3d9a
nixos/wyoming*: depend on network-online.target
Ordering it after network-online.target only makes sense, if it actually
gets requested.
2024-05-23 10:43:33 +02:00
Martin Weinelt
5d515c373e
nixos/kea: make ctrl-agent want network-online.target
If it wants to run after it, it needs to want it for it to be there.
2024-05-23 10:31:30 +02:00
Florian Klink
fadd3fef94
Merge pull request #304322 from ElvishJerricco/sd-s1-resolved
nixos/systemd-stage-1: Support resolved
2024-05-23 10:46:51 +03:00
Thomas Watson
5aa9fc9273 nixos/stage-1-init: notify during copytoram
Demystifies a long pause at an unrelated message, particularly if the
source media is slow.
2024-05-22 18:43:18 -05:00
Lin Jian
d679ddfcab
nixos/kanata: add a configFile option
This brings two benefits.  For one thing, it exposes the generated
config file which users can build separately to validate it.  For
another, it allows users to provide their own config file.
2024-05-23 06:42:41 +08:00
Jeremy Baxter
20fc095a1c nixos/oink: init module 2024-05-23 10:12:53 +12:00
Maëlys Bras de fer
95674de399 nixos/{river,hyprland}: override package using apply 2024-05-22 20:01:05 +02:00
Maëlys Bras de fer
bcbeccfa7d nixos/{sway,river,hyprland}: cleanup 2024-05-22 19:45:46 +02:00
Maëlys Bras de fer
a4160dfe88 nixos/hyprland: use generic wayland-session module 2024-05-22 19:43:21 +02:00
Maëlys Bras de fer
cf159c437d nixos/{sway,river}: make XWayland support optional 2024-05-22 19:43:19 +02:00
Nick Cao
b72dc8eb43
Merge pull request #313440 from Kiskae/nvidia/555.42.02
linuxPackages.nvidiaPackages.beta: 550.40.07 -> 555.42.02
2024-05-22 13:20:09 -04:00
Bobby Rong
735a11d300
nixos/pantheon-tweaks: remove
You can just add the app to environment.systemPackages.
2024-05-22 21:58:16 +08:00
Kiskae
fbdcdde04a nixos/nvidia: apply nixfmt-rfc-style 2024-05-22 13:46:52 +02:00
Martin Weinelt
a68d0e6819
Merge pull request #312771 from mweinelt/garage-data-dir
nixos/garage: support 0.9.0+ data_dir format
2024-05-22 13:18:36 +02:00
Martin Weinelt
07a26ae742
nixos/garage: support 0.9.0+ data_dir format
https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#data_dir
2024-05-22 13:12:46 +02:00
Pol Dellaiera
543582d5e2
Merge pull request #313473 from thenhnn/filesender-packaging-filesender-module
nixos/filesender: init
2024-05-22 09:55:41 +02:00
K900
6ac507dd08
Merge pull request #309127 from omentic/plasma6
plasma6: mark dolphin + spectacle as optional packages & reorganize dependencies
2024-05-22 10:48:17 +03:00
Rob Pilling
5458b62cf7 ebusd: fix argument passing, separate using an equals (=) 2024-05-22 07:58:26 +01:00
Nydragon
70b284d60c
nixos/thunderbird: init module
Addition of the thunderbird policies and about:config options to reflect
firefox's capabilities and to allow system wide locking of options.
2024-05-22 14:55:16 +09:00
nhnn
3d47565193
nixos/filesender: init module 2024-05-22 08:37:48 +03:00
Will Fancher
072054ccb5 nixos/systemd-stage-1: Support systemd-resolved 2024-05-21 20:55:37 -04:00
Will Fancher
dd0ebdffcd nixos/systemd-stage-1/dbus: Fix systemd services 2024-05-21 20:55:37 -04:00
Peder Bergebakken Sundt
64076cea1d
Merge pull request #312518 from dali99/bluemap
bluemap: init at 3.21, and init module
2024-05-22 01:09:49 +02:00
Martin Weinelt
98d2dbc78d
Merge pull request #312591 from r-ryantm/auto-update/navidrome
navidrome: 0.52.0 -> 0.52.5
2024-05-21 21:43:12 +02:00
Martin Weinelt
90916525a6
nixos/navidrome: set empty settings default
This will not affect the options, but allows to not configure settings at
all, if you don't need to. Unbreaks the NixOS test, which relies on this
behavior.

Fixes: #312757
2024-05-21 21:23:35 +02:00
Jonas Heinrich
2c4128ea01 nixos/stalwart-mail: use publicsuffix-list package
Co-authored-by: shawn8901 <shawn8901@googlemail.com>
2024-05-21 21:09:38 +02:00
Jade Lovelace
f953913c65 nixos/gnupg: remove dead code 2024-05-21 11:45:27 -07:00
Kiskae
a4cbb24e12 nixos/nvidia: enable firmware for new beta driver 2024-05-21 20:39:00 +02:00
Daniel Olsen
718819092b nixos/bluemap: init module 2024-05-21 19:16:21 +02:00
Pol Dellaiera
4bb2fe0d38
Merge pull request #312251 from thenhnn/filesender-packaging-simplesamlphp-module
nixos/simplesamlphp: init
2024-05-21 17:12:11 +02:00
OPNA2608
af545969b6 nixos/lomiri: Add sound indicator 2024-05-21 16:15:23 +02:00
Sandro
b4bf5efd73
Merge pull request #305092 from OPNA2608/init/lomiri/ayatana-indicator-power 2024-05-21 16:01:47 +02:00
nhnn
3e14c44e21
nixos/simplesamlphp: init module 2024-05-21 11:47:39 +03:00
Will Fancher
154459858f nixos/systemd-resolved: Should be wanted by sysinit.target
As per its [Install] section upstream
2024-05-21 02:41:22 -04:00
Will Fancher
146bffe5aa nixos/systemd-resolved: Re-indent 2024-05-21 02:41:22 -04:00
Peder Bergebakken Sundt
087055ed4f
Merge pull request #293118 from xyven1/harden-plex-service
nixos/plex: Harden plex service
2024-05-21 00:37:47 +02:00
OPNA2608
98c84e67e4 nixos/lomiri: Add power indicator 2024-05-21 00:10:42 +02:00
Sandro Jäckel
02e9c36e59
nixos/archisteamfarm: fix crash when web-ui is disabled 2024-05-20 22:23:29 +02:00
Pol Dellaiera
04636fec37
Merge pull request #312757 from eclairevoyant/navidrome-fix
nixos/navidrome: fix settings type
2024-05-20 22:18:12 +02:00
nessdoor
633479572e
nixos/nsswitch: add support for overriding sudoers entries (#310818) 2024-05-20 12:28:31 -04:00
Maximilian Bosch
f9f943b36e
nixos/networking: use optionalAttrs -> mkIf for networkd route generation
Suggested in https://github.com/NixOS/nixpkgs/pull/312472#discussion_r1605894882
2024-05-20 17:30:21 +02:00
Maximilian Bosch
c4fd7cf16d
nixos/networkd: get rid of *Config attributes in lists
This patch is about removing `wireguardPeerConfig`,
`dhcpServerStaticLeaseConfig` - a.k.a. the
AbstractSingletonProxyFactoryBean of nixpkgs - and friends.

As a former colleague said

> worst abstraction ever

I second that. I've written enough networkd config for NixOS systems so
far to have a strong dislike. In fact, these don't even make sense:
`netdevs.wireguardPeers._.wireguardPeerConfig` will be rendered into
the key `[WireGuardPeer]` and every key from `wireguardPeerConfig` is in
there. Since it's INI, there's no place where sections on the same level
as wireguardPeerConfig fit into. Hence, get rid of it all.

For the transition, using the old way is still allowed, but gives a
warning. I think we could drop this after one release.

The tests of rosenpass and systemd-networkd-dhcpserver-static-leases
were broken on the rev before, hence they were updated, but are still
not building.
2024-05-20 17:26:42 +02:00
Savyasachee Jha
eee8b0bff3 nixos/firefly-iii: Changes to module and tests
Module has been fixed and now uses the maintenance service to cache
settings so as to not require environment files wherever possible.

The tests now test using mariadb and postgresql as well as sqlite to be
more complete. A test has been added for testing whether app.js has been
compiled successfully, as well as to check whether the cronjob fires
successfully.
2024-05-20 17:51:35 +05:30
Pol Dellaiera
a041ac59a9
Merge pull request #311608 from fsagbuya/flarum
flarum: init at 1.8.1, module
2024-05-20 09:19:31 +02:00
Tom Fitzhenry
05b0c4973f nixos/screen: fix assertion to actually execute
See https://github.com/NixOS/nixpkgs/issues/312194#issuecomment-2115239401 for explanation why the assertion currently fails to run.
2024-05-20 13:46:21 +10:00
Florian Agbuya
7ad171b5ad nixos/flarum: init module 2024-05-20 11:20:07 +08:00
Raito Bezarius
2759c33ca3 garage: drop maintenance
Given the current situation, I have not been able to take care of
anything related to that module. Upgrades are merged without upgrading
properly the module, unfortunately.

This caused too much divergence and I still do not have the energy to
take care of it.

I will leave it to the more active recent committers who touched the
module to take it from there.

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-05-19 23:01:36 +02:00
Sandro
8036f1ffa7
Merge pull request #285138 from michaelBelsanti/espanso
nixos/espanso: add wayland and package option
2024-05-19 19:15:22 +02:00
Sandro
28ecfe6e7b
Merge pull request #312489 from Shawn8901/sddm-wayland-only
nixos/sddm: dont generate X11 node if disabled
2024-05-19 18:06:23 +02:00
Sandro
52f4cce004
Merge pull request #308423 from Moraxyc/add-artalk
artalk: init at 2.8.6
2024-05-19 18:06:08 +02:00
Sandro
46334c6b31
Merge pull request #304812 from onny/stalwart-update
stalwart-mail: 0.6.0 -> 0.8.0; rocksdb_8_11: init at 8.11.4
2024-05-19 18:04:14 +02:00
Sandro
5497cebc92
Merge pull request #304257 from Raroh73/add/commafeed
commafeed: init at 4.3.3
2024-05-19 17:44:06 +02:00
Jonas Heinrich
1f4329cde6 nixos/stalwart-mail: pin module to package version 0.6 2024-05-19 14:17:31 +02:00
Pol Dellaiera
63af8c029c
Merge pull request #312785 from emilylange/fix-nixos-loki-config-validation
nixos/loki: skip config validation when it's impossible to validate
2024-05-19 10:40:32 +02:00
Pol Dellaiera
5f1abb30b2
Merge pull request #311986 from NyCodeGHG/nixos/rosenpass/fix-credentials
nixos/rosenpass: move preStart into script to workaround systemd bug
2024-05-19 09:35:52 +02:00
emilylange
100c1501e1
nixos/loki: skip config validation when it's impossible to validate
This is a follow-up to 8d7f3c9dbd and
ae48735c53.

Running the config validation in the build sandbox is impossible and
will fail when using `cfg.configFile` or `-config.expand-env=true`.

`cfg.configFile` is a string of a path which is simply not available to
the build sandbox.

Similarly, one may opt to use `cfg.configuration` with environment
variables in combination with `-config.expand-env=true`.

The environment variables referenced that way are also not available
in the build sandbox.

So we skip the validation when it's impossible (`cfg.configFile`) or
likely impossible (`-config.expand-env=true`).

An alternative approach would be something like nixos/prometheus'
`services.prometheus.checkConfig` that takes a boolean and makes
toggling the config validation user-facing.
2024-05-19 05:15:26 +02:00
éclairevoyant
a74fd69291
nixos/navidrome: run nixfmt-rfc-style 2024-05-18 19:32:19 -04:00
éclairevoyant
18e089be7f
nixos/navidrome: fix settings type 2024-05-18 19:32:19 -04:00
TNE
4582b524ba
pgadmin: Use systemd's LoadCredential for password files (#312569)
* pgadmin: Use systemd's LoadCredential for password files

* Update nixos/modules/services/admin/pgadmin.nix

---------

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2024-05-19 00:16:00 +02:00
Pol Dellaiera
aa5d9c30f8
Merge pull request #309236 from ElvishJerricco/sd-s1-fix-xfs-fsck
nixos/systemd-stage-1: Fix fsck.xfs needing bash's sh symlink
2024-05-18 23:57:04 +02:00
Jack Wilsdon
391dfcf9af nixos/steam: fix maintainers 2024-05-18 21:50:10 +01:00
JJ
d9443cb26b
plasma6: move ffmpegthumbs to optional, clarify comments 2024-05-18 13:41:50 -07:00
Sandro
c21d10ba30
Merge pull request #263375 from lorenzleutgeb/benchexec
benchexec: init at 3.21
2024-05-18 15:52:30 +02:00
Aleksana
419fffedfb
Merge pull request #295846 from linsui/yazi
nixos/yazi: support plugins and flavors
2024-05-18 12:44:27 +08:00
Lorenz Leutgeb
88d736df69 nixos/benchexec: init 2024-05-17 21:24:05 +02:00
Lorenz Leutgeb
1dd4d2283e nixos/pqos-wrapper: init 2024-05-17 21:24:05 +02:00
Lorenz Leutgeb
c250e8ee94 nixos/cpu-energy-meter: init 2024-05-17 21:21:50 +02:00
Moraxyc
da28a5ff2a
nixos/artalk: init module 2024-05-18 02:15:33 +08:00
Aleksana
9c4874ae8c
Merge pull request #307011 from acid-bong/qtile-final
nixos/qtile: add finalPackage option
2024-05-18 01:55:08 +08:00
linsui
ced6734812 yazi: add config files to wrapper 2024-05-18 01:52:43 +08:00
linsui
4826bc455d nixos/yazi: support plugins and flavors 2024-05-18 01:52:34 +08:00
Shawn8901
ef5142ec5b nixos/sddm: dont generate X11 node if disabled 2024-05-17 19:27:32 +02:00
tomberek
2c55e033f2
Merge pull request #306909 from mrkline/snapper-timer
nixos/snapper: Add persistent option to config
2024-05-17 10:01:04 -05:00
Lin Jian
805191d9fb
Merge pull request #309455 from c-leri/nixos/fix/thermald-adaptative
nixos/thermald: improve doc and code about configFile and adaptive
2024-05-17 21:15:43 +08:00
nikstur
203f99022a
Merge pull request #312212 from nikstur/os-release-uapi-version-format
nixos/version: support UAPI Version Format in IMAGE_VERSION field
2024-05-17 10:54:17 +02:00
K900
5233d62dcc
Merge pull request #312292 from Naxdy/work/kdeconnect-module-sshfs
nixos/kdeconnect: don't install `sshfs`
2024-05-17 07:23:57 +03:00
Tomáš Kuča
71ce6b582b
nixos/network-interfaces: prevent failure when a network address already exists
The original code tests output of `ip addr add` command to detect if an
adress already exists. The error message was changed in the past and the
test no longer works.

The patch replaces `ip addr add` with `ip addr replace`. The new command
replaces an existing address or creates a new one if there isn't any.

fixes 306841
2024-05-17 01:02:29 +02:00
Pol Dellaiera
7a338b0feb
Merge pull request #312294 from drupol/erratum-fix-pr-311999
nixos/loki: use `cfg.package`
2024-05-16 23:08:21 +02:00
Pol Dellaiera
3da72dcbc5
Merge pull request #312249 from dotlambda/nextcloud
nixos/nextcloud: correct latest version
2024-05-16 22:27:52 +02:00
Pol Dellaiera
ae48735c53
nixos/loki: use cfg.package 2024-05-16 22:11:19 +02:00
Pol Dellaiera
84d184a31e
Merge pull request #311999 from jpds/loki-verify-config
nixos/loki: Implement configuration verification
2024-05-16 21:57:29 +02:00
Naxdy
a765cd4a70
nixos/kdeconnect: don't install sshfs
see https://github.com/NixOS/nixpkgs/pull/311269 - it's now hardcoded
2024-05-16 21:48:34 +02:00
Yarny0
d93fb1bd10 nixos/hardware/printers: fix ppdOptions of ensured printers
Commit a52e27d4f6
changed the `ensurePrinter` mechanism such that it uses
`lib.cli.toGNUCommandLineShell` to assemble the
`lpadmin` command line that creates the required printer.
Before that commit, the command line contained
single quotes (')to protect certain options from being
(mis-)interpreted by the shell.
The new mechanism no longer needs those quotes as
`lib.cli.toGNUCommandLineShell` takes care of quoting/escaping.
Unfortunatelly, the commit missed the
quotes around the `-o` command line part.
`lib.cli.toGNUCommandLineShell` now properly escapes
those quotes, thereby including them in the effective
command line arguments that are passed to `lpadmin`.
The result is that no option is applied anymore.

The commit at hand simply removes the superfluous quotes.
With this change, options are again properly applied as before.
2024-05-16 18:55:28 +02:00
Robert Schütz
dce84c46d7 nixos/nextcloud: correct latest version 2024-05-16 08:53:01 -07:00
celeri
12e2e82939
nixos/thermald: improve doc and code about configFile and adaptive 2024-05-16 11:41:56 -04:00
Ilan Joselevich
49ba95b9a3
Merge pull request #310115 from Nanotwerp/virt-manager-dconf
nixos/virt-manager: use `dconf` to autoconnect `QEMU/KVM`
2024-05-16 16:47:23 +03:00
nikstur
ff776981fe nixos/version: support UAPI Version Format in IMAGE_VERSION field
Add '~' and '^' to the supported characters for the field. These
characters are needed to be able to define all versions that are
compatible with the UAPI Version Format specification.

One example where this is used is the `%A` flag in systemd.unit. If we
don't allow these other characters, we for example cannot declare a
pre-relase version.

systemd, as far as I can tell, doesn't enforce any restrictions on the
os-release fields.

https://uapi-group.org/specifications/specs/version_format_specification/
2024-05-16 15:37:41 +02:00
Weijia Wang
b6f403758f
Merge pull request #312169 from B4dM4n/remove-alias-usage
treewide: Remove usage of pkgs.{system,hostPlatform} aliases
2024-05-16 15:25:10 +02:00
Aleksana
7d94720e49
Merge pull request #312181 from Moraxyc/fix-atop-mkSystemd
nixos/atop: fix mkSystemd
2024-05-16 20:54:52 +08:00
Aleksana
be3aee43dd
Merge pull request #311397 from Raroh73/fix/services.llama-cpp
nixos/llama-cpp: fix rocm support
2024-05-16 20:26:28 +08:00
Moraxyc
e704b94191
nixos/atop: fix mkSystemd 2024-05-16 19:53:25 +08:00
Fabian Möller
da68f358bc
treewide: Remove usage of pkgs.{system,hostPlatform} aliases
These aliases should not be used inside nixpkgs and are only there for backward
compatibility.
2024-05-16 11:48:32 +02:00
Julius Michaelis
f303b593a2 nixos/firefox: fix use of listToAttrs
Broken in #304773
Fixes #312098
2024-05-16 16:15:52 +09:00
Jade Lovelace
f05ecf16e6
Merge pull request #250638 from benley/keycloak-systemd-notify
nixos/keycloak: Add systemd startup notification
2024-05-15 14:13:20 -07:00
Benjamin Staffin
b45bb628ea nixos/oauth2_proxy: Conditionally depend on keycloak.service
Co-Authored-By: Jade Lovelace <software@lfcode.ca>
2024-05-15 14:10:26 -07:00
Martin Weinelt
10955966a5
Merge pull request #311916 from wegank/pretalx-plugins-init
pretalx: add a few plugins
2024-05-15 21:41:03 +02:00
Jonathan Davies
8d7f3c9dbd
nixos/loki: Implement configuration verification
Fixes: #293088
2024-05-15 18:12:10 +01:00
Marie Ramlow
6478f80b17 nixos/rosenpass: move preStart into script to workaround systemd bug
Because of a systemd bug, using both ExecStartPre and ExecStart will fill up the systemd credentials directory,
which leads to rosenpass failing to start.
This will be fixed in systemd v256, see https://github.com/systemd/systemd/pull/31202

Related issue: https://github.com/NixOS/nixpkgs/issues/258371
2024-05-15 17:52:45 +02:00
Raghav Sood
ec2f5e1cb9
Merge pull request #309615 from mkienitz/fix/vsftpd-assertion
Fix/vsftpd assertion
2024-05-15 23:09:28 +08:00
Pol Dellaiera
4275fc290a
Merge pull request #293817 from PatrickDaG/your_spotify
nixos/your_spotify: init at 1.10.1
2024-05-15 16:45:23 +02:00
Martin Weinelt
f4f9f96037
nixos/pretalx: add plugins option
Allow loading pretalx plugins in a declarative manner. They are passed
into the package dependencies at build time, so that collectstatic and
other django maintenance functions account for them, since we cannot
regenerate assets at runtime anyway.
2024-05-15 16:24:24 +02:00
Jonas Heinrich
b3fcfcfabd
Merge pull request #311766 from pacien/stalwart-0-6-0-module-fixes
nixos/stalwart-mail: module and test fixes for v0.6.0
2024-05-15 14:04:30 +02:00
Florian Klink
24ace2abee nixos/garage: assert that replication_mode is string
The explicit `replication_mode` option in `services.garage.settings`
has been removed and is now handled by the freeform settings in order
to allow it being completely absent (for Garage 1.x).
That module option previously `toString`'ed the value it's configured
with, which is now no longer possible.
Warn the user if they're still using a non-string here.
2024-05-15 11:48:25 +02:00
Florian Klink
1284b4f7fa Reapply "nixos/garage: drop replication_mode setting"
This reverts commit 67cf6279d0.

Reintroduce the option, we'll fix it in followup commits.
2024-05-15 11:39:21 +02:00
Yureka
67cf6279d0
Revert "nixos/garage: drop replication_mode setting" 2024-05-15 09:51:48 +02:00
Pol Dellaiera
ec2ac8ec82
Merge pull request #275485 from Ex-32/binfmt-emulatedsystems-fix
nixos/binfmt: added assertion to prevent emulation of current system
2024-05-15 08:58:12 +02:00
euxane
f4c5060ecc nixos/stalwart-mail: set default lookup storage
This configuration key is now required.
The shared default DB is a good default.
2024-05-15 00:42:08 +02:00
Pol Dellaiera
8821e81e02
Merge pull request #311307 from michaelpj/mpj/remove-some-maintennce
Remove myself from some packages I no longer use
2024-05-14 21:23:12 +02:00
Benjamin Staffin
64c94bd40a nixos/keycloak: Add systemd startup notification
This makes it possible for other systemd units to depend on
keycloak.service using `after` and `wants` relationships, and systemd
will actually wait for Keycloak to finish its initialization before
starting any dependent units.  This can be important for services like
oauth2-proxy, which (when configured to use Keycloak as its auth
provider) will fail to start until Keycloak's
`.well-known/openid-configuration` endpoint is available.
2024-05-14 14:26:35 -04:00
Maximilian Bosch
0118cc1d67
grafana: 10.4.2 -> 11.0.0
Announcement: https://grafana.com/docs/grafana/latest/whatsnew/whats-new-in-v11-0/
ChangeLogs:
* https://github.com/grafana/grafana/releases/tag/v11.0.0
* https://github.com/grafana/grafana/blob/v11.0.0/CHANGELOG.md#1100-preview

Legacy notifiers were removed and could thus be removed from the module.
2024-05-14 19:03:25 +02:00
Nick Cao
ff610bbb02
Merge pull request #311376 from SuperSandro2000/display-managers-misc
nixos/display.managers: use cfg where possible
2024-05-14 09:36:02 -04:00
Aleksana
39458d9055
Merge pull request #300564 from Cynerd/bcg-fix
nixos/bcg: fix usage without environment files
2024-05-14 21:27:59 +08:00
Tom Fitzhenry
54ba3732f1 hostapd: add "wpa2-sha1" to authentication.mode enum
This is required for some Kindles (e.g. Kindle Paperwhite 7th Gen),
and printers (e.g. Brother MFC-J4440DW).

OpenWRT typically adds "wpa_key_mgmt = WPA-PSK", per 3f28c422ba/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh (L44-L71)
2024-05-14 19:28:15 +10:00
Guillaume Girol
673f00ad7b
Merge pull request #310199 from symphorien/borg_ignore_warnings_master
nixos/borgbackup: add an option to ignore warnings
2024-05-13 23:53:18 +02:00
Patrick
77a6460e74
nixos/your_spotify: init 2024-05-13 22:10:13 +02:00
Raroh73
1f2c3812d4
nixos/llama-cpp: fix rocm support 2024-05-13 17:01:33 +02:00
K900
37c6c6315b
Merge pull request #310786 from K900/greetd-plymouth
nixos/greetd: add option to make greetd not stop Plymouth early
2024-05-13 17:41:29 +03:00
Sandro Jäckel
4b1e83e97c
nixos/display.managers: use cfg where possible 2024-05-13 15:59:28 +02:00
Sandro
2616ccbcac
Merge pull request #310926 from Gerg-L/display-manager 2024-05-13 15:59:17 +02:00
Cosima Neidahl
068c0e3c95
Merge pull request #303745 from quantenzitrone/ydotool
ydotool: refactor ; nixos/ydotool: init module & nixosTest
2024-05-13 15:49:49 +02:00
Florian Klink
2a2f796888
Merge pull request #308801 from jmbaur/switch-to-configuration-rs
nixos/switch-to-configuration: add new implementation
2024-05-13 15:39:09 +02:00
Christina Rust
31a5a35b7e
Merge pull request #305286 from cafkafk/devpi-server-init
nixos/devpi-server: init
2024-05-13 13:14:51 +02:00
Florian Klink
c8b2579f1f
Merge pull request #309643 from flokli/garage-replication_mode
nixos/garage: drop replication_mode setting
2024-05-13 12:59:23 +02:00
Quantenzitrone
73d91cdd70
nixos/ydotool: init module
Co-authored-by: Cosima Neidahl <opna2608@protonmail.com>
2024-05-13 12:21:57 +02:00
Christina Sørensen
52e0ad744d
nixos/devpi-server: init
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
2024-05-13 12:14:44 +02:00
K900
446ec6d9ab
Merge pull request #310350 from oddlama/fix-oauth2-proxy
nixos/oauth2-proxy: fix invalid comparison between list and attrset
2024-05-13 13:06:41 +03:00
Michael Peyton Jones
cd981c1cc6
tzupdate: remove michaelpj as maintainer 2024-05-13 10:57:00 +01:00
Michael Peyton Jones
bf5bec1538
arbtt: remove michaeplj as maintainer 2024-05-13 10:56:59 +01:00
Franz Pletz
5f8fffdec4
Merge pull request #310819 from ilya-epifanov/thermald-config-fix
thermald: fixed handling of an external config
2024-05-13 11:34:12 +02:00
Jörg Thalheim
ba37bf5f3d
Merge pull request #307076 from flokli/caddy-reload
nixos/caddy: don't set ExecReload if enableReload is disabled
2024-05-13 10:45:28 +02:00
Florian Klink
2ec060b94e nixos/zsh: remove lib.lib
This fails my NixOS configuration:

```
       error: attribute 'lib' missing

       at /nix/store/ninrqc3pblnmqgh489cbr9rq5pijcpd6-nixpkgs-src/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix:90:7:

           89|     programs.zsh.interactiveShellInit =
           90|       lib.lib.mkAfter (lib.concatStringsSep "\n" ([
             |       ^
           91|         "source ${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh"
```
2024-05-13 10:21:47 +02:00
Martin Weinelt
9731a32d81
Merge pull request #309115 from NyCodeGHG/nixos/miniflux-sd-notify
nixos/miniflux: use systemd notify and watchdog
2024-05-13 10:12:37 +02:00
Yureka
aa64bb27ba nixos/garage: add assertion for replication_factor 2024-05-13 10:03:21 +02:00
Friedrich Altheide
64512b6200 virtualboxGuestAdditions: Add dragAndDrop service 2024-05-13 06:36:03 +02:00
Martin Weinelt
5a9b28e88b
Merge pull request #311197 from endocrimes/dani/fish-boogaloo
nixos/fish: Fix more lib references
2024-05-13 01:22:34 +02:00
Danielle Lancashire
d0e35cbd3e
nixos/fish: Fix more lib references 2024-05-13 01:18:49 +02:00
Florian Klink
aff6a121a3
Merge pull request #311039 from DavHau/pr_smokeping
nixos/smokeping: use nginx instead of thttpd
2024-05-13 01:11:59 +02:00
Danielle Lancashire
f26c2aa2fc
nixos/fish: fix reference to mapAttrsFlatten 2024-05-13 00:58:30 +02:00
aszlig
e4bd1e8f92
nixos/confinement: Use prio 100 for RootDirectory
One of the module that already supports the systemd-confinement module
is public-inbox. However with the changes to support DynamicUser and
ProtectSystem, the module will now fail at runtime if confinement is
enabled (it's optional and you'll need to override it via another
module).

The reason is that the RootDirectory is set to /var/empty in the
public-inbox module, which doesn't work well with the InaccessiblePaths
directive we now use to support DynamicUser/ProtectSystem.

To make this issue more visible, I decided to just change the priority
of the RootDirectory option definiton the default override priority so
that whenever another different option is defined, we'll get a conflict
at evaluation time.

Signed-off-by: aszlig <aszlig@nix.build>
2024-05-13 00:40:41 +02:00
aszlig
0a9cecc35a
nixos/systemd-confinement: Make / read-only
Our more thorough parametrised tests uncovered that with the changes for
supporting DynamicUser, we now have the situation that for static users
the root directory within the confined environment is now writable for
the user in question.

This is obviously not what we want and I'd consider that a regression.
However while discussing this with @ju1m and my suggestion being to
set TemporaryFileSystem to "/" (as we had previously), they had an even
better idea[1]:

> The goal is to deny write access to / to non-root users,
>
>   * TemporaryFileSystem=/ gives us that through the ownership of / by
>     root (instead of the service's user inherited from
>     RuntimeDirectory=).
>   * ProtectSystem=strict gives us that by mounting / read-only (while
>     keeping its ownership to the service's user).
>
> To avoid the incompatibilities of TemporaryFileSystem=/ mentioned
> above, I suggest to mount / read-only in all cases with
> ReadOnlyPaths = [ "+/" ]:
>
>   ...
>
> I guess this would require at least two changes to the current tests:
>
>   1. to no longer expect root to be able to write to some paths (like
>      /bin) (at least not without first remounting / in read-write
>      mode).
>   2. to no longer expect non-root users to fail to write to certain
>      paths with a "permission denied" error code, but with a
>      "read-only file system" error code.

I like the solution with ReadOnlyPaths even more because it further
reduces the attack surface if the user is root. In chroot-only mode this
is especially useful, since if there are no other bind-mounted paths
involved in the unit configuration, the whole file system within the
confined environment is read-only.

[1]: https://github.com/NixOS/nixpkgs/pull/289593#discussion_r1586794215

Signed-off-by: aszlig <aszlig@nix.build>
2024-05-13 00:40:40 +02:00
Julien Moutinho
0a5542c766
nixos/systemd-confinement: support ProtectSystem=/DynamicUser=
See https://discourse.nixos.org/t/hardening-systemd-services/17147/14
2024-05-13 00:40:25 +02:00
Franz Pletz
ef26d99b37
Merge pull request #310873 from ivan/radvd-debuglevel
nixos/radvd: add debugLevel option
2024-05-12 22:23:24 +02:00
Pol Dellaiera
378c5c67ed
Merge pull request #310348 from ehmry/nginx-validateConfigFile
nixos/nginx: add validateConfigFile option
2024-05-12 21:58:59 +02:00
Weijia Wang
4433bbfd2a
Merge pull request #304773 from acid-bong/no-libs
treewide: remove file-wide `with lib;` uses in nixos/modules/programs
2024-05-12 21:52:15 +02:00
Andreas Rammhold
d157db3480
Merge pull request #307051 from hax404/modules/tayga/mappings
nixos/tayga: add mappings option
2024-05-12 21:16:26 +02:00
Xyven1
201a5ff61f nixos/plex: add systemd hardening configuration 2024-05-12 14:22:04 -04:00
Marek Fajkus
cf1e14e8a9
Merge pull request #310880 from presto8/warn-xss-lock
nixos/xss-lock: add warning for startx
2024-05-12 19:53:52 +02:00
Florian Klink
0244a8d5d7 nixos/caddy: don't set ExecReload if enableReload is disabled
Otherwise, setting services.caddy.enableReload to false fails in a very bad fashion:

The reload command still gets executed, but fails:

```
Apr 26 21:23:01 n1-rk1 systemd[1]: Reloading Caddy...
Apr 26 21:23:01 n1-rk1 caddy[70793]: {"level":"info","ts":1714166581.733018,"msg":"using provided configuration","config_file":"/etc/caddy/caddy_config","config_adapter":"caddyfile"}
Apr 26 21:23:01 n1-rk1 caddy[70793]: {"level":"warn","ts":1714166581.7353032,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/caddy_config","line":3}
Apr 26 21:23:01 n1-rk1 caddy[70793]: Error: sending configuration to instance: performing request: Post "http://localhost:2019/load": dial tcp [::1]:2019: connect: connection refused
Apr 26 21:23:01 n1-rk1 systemd[1]: caddy.service: Control process exited, code=exited, status=1/FAILURE
Apr 26 21:23:01 n1-rk1 systemd[1]: Reload failed for Caddy.
```

… and the server is not restarted either, as a ExecReload= command is
specified.

Fix this, by only setting ExecReload if the reload exists.

The first empty string is still necessary to reset the old option.
2024-05-12 18:27:02 +03:00
Bobby Rong
e466c02ac3
Merge pull request #311074 from bobby285271/upd/mate-glib-networking
nixos/mate: enable services.gnome.glib-networking

cc #53700
2024-05-12 22:39:17 +08:00
Bobby Rong
3de41ce7a8
nixos/mate: enable services.gnome.glib-networking
This is already done in the 5 other desktop environments I maintain, I decided that I don't mind adding another one.
2024-05-12 22:05:22 +08:00
DavHau
0b6c484848 nixos/smokeping: use nginx instead of thttpd
Motivation:
fixes #265953

Changes:
- deprecate `services.smokeping.port` in favor of the niginx native option
- mention in release notes
2024-05-12 13:31:11 +02:00
Pol Dellaiera
8949291221
Merge pull request #305586 from drupol/private-gpt/init
private-gpt: init at 0.5.0
2024-05-12 12:53:53 +02:00
Acid Bong
49f6869f71
treewide: remove file-wide with lib; in nixos/modules/programs 2024-05-12 10:11:06 +03:00
Bjørn Forsman
7909e0f7d6 nixos/pixiecore: fix apiServer example
Add missing http:// scheme. Without it pixiecore logs this and never
contacts the API server:

  [DHCP] Couldn't get bootspec for [REDACTED_MAC_ADDR]: Get "localhost:8080/v1/boot/[REDACTED_MAC_ADDR]": unsupported protocol scheme "localhost"
2024-05-11 23:01:35 +02:00
Pol Dellaiera
aff1950a3f
nixos/private-gpt: init 2024-05-11 22:42:04 +02:00
Gerg-L
6e22a417e6
nixos/xserver: remove duplicate display-manager.script declaration 2024-05-11 16:34:08 -04:00
Preston Hunt
7f0158313d nixos/xss-lock: add warning for startx 2024-05-11 08:47:11 -07:00
Ivan Kozik
0482e54050 nixos/radvd: add debugLevel option 2024-05-11 14:59:09 +00:00
Ilya Epifanov
2099ff760f thermald: fixed handling of an external config 2024-05-11 12:32:49 +02:00
K900
6dd3061cae nixos/greetd: add option to make greetd not stop Plymouth early 2024-05-11 11:52:45 +03:00
Jared Baur
32bf051ba4
nixos/switch-to-configuration: add new implementation
This adds an implementation of switch-to-configuration that allows for
closer interaction with the lifecycle of systemd units by using DBus
APIs directly instead of using systemctl. It is disabled by default, but
can be enabled by specifying `{ system.switch = { enable = false; enableNg = true; }; }`.
2024-05-10 16:33:06 -07:00
superherointj
6cfcd3c754 k3s: format with nixfmt-rfc-style 2024-05-10 18:55:54 -03:00
Kyungrok Chung
81a58be20b nixos/tailscale: add extraSetFlags to configure daemon 2024-05-11 03:01:54 +09:00
K900
4733c9feec nixos/tests: set non-conflicting priority for logrotate disabling
CC https://github.com/NixOS/nixpkgs/pull/267880
2024-05-10 16:25:51 +03:00
Martin Weinelt
7da17ece76
Merge pull request #310366 from mweinelt/pretix-pretalx-homemode
pretix, pretalx: fixes, hardening
2024-05-10 14:50:24 +02:00
Franz Pletz
fb382c2628
Merge pull request #310452 from fpletz/nginx-acme-servername
nixos/nginx: fix reference to acme cert hostname
2024-05-10 14:04:24 +02:00
nu-nu-ko
1c0d10e4f4
nixos/navidrome: add nu-nu-ko to maintainers 2024-05-10 21:16:30 +12:00
nu-nu-ko
7519d230b5
nixos/navidrome: ensure data & cache dirs exist with valid permissions 2024-05-10 21:16:30 +12:00
nu-nu-ko
ffc0d8bf58
nixos/navidrome: remove apply from settings option 2024-05-10 21:16:30 +12:00
nu-nu-ko
da8cdc2782
nixos/navidrome: use lib.getExe 2024-05-10 21:16:30 +12:00
nu-nu-ko
4987663e27
nixos/navidrome: add user/group options 2024-05-10 21:16:29 +12:00
nu-nu-ko
bbba2bde44
nixos/navidrome: rfcfmt, rm mdDoc & with lib; 2024-05-10 21:16:29 +12:00
Franz Pletz
338a208e7d
Merge pull request #287505 from jpds/zfs-scrub-trim-randomizedDelaySec 2024-05-10 02:11:13 +02:00
Franz Pletz
7c520d4070
Merge pull request #287494 from jpds/zfs-autoscrub-monthly-default 2024-05-10 02:09:59 +02:00
Franz Pletz
04f0aed442
Merge pull request #267880 from Izorkin/update-nixos-tests-logrotate 2024-05-10 02:06:59 +02:00
Franz Pletz
b7d060d10d
nixos/nginx: fix reference to acme cert hostname
The change introduced in #308303 refers to the virtualHosts attrset
key which can be any string. The servername is the actual primary
hostname used for the certificate.

This fixes use cases like:

    services.nginx.virualHosts.foobar.serverName = "my.fqdn.org";
2024-05-10 01:36:34 +02:00
Martin Weinelt
622af635bb
pretalx: adopt and set up code ownership 2024-05-09 18:20:14 +02:00
Martin Weinelt
9afcf733f3
nixos/pretix: update hardening
- Transition from world-readable to group-readable UMask
- Remove world permissions from state directory
2024-05-09 18:20:14 +02:00
Martin Weinelt
82f2cc7489
nixos/pretalx: set up hardening 2024-05-09 18:20:13 +02:00
Martin Weinelt
b4b3165619
nixos/pretalx: fix state directory mode
The state directory contains static files that need to be accessible by
a webserver, but homeMode defaults to 0750 and switching the generation
will always force the homeMode, thereby breaking access to the assets.

Instead, fully rely on systemd to provide the StateDirectory with the
correct mode.
2024-05-09 18:20:13 +02:00
Martin Weinelt
a4193dba8f
nixos/pretix: fix state directory mode
The state directory contains static files that need to be accessible by
a webserver, but homeMode defaults to 0750 and switching the generation
will always force the homeMode, thereby breaking access to the assets.

Instead, fully rely on systemd to provide the StateDirectory with the
correct mode.
2024-05-09 17:00:02 +02:00
oddlama
58286e510c
nixos/oauth2-proxy: fix invalid comparison between list and attrset 2024-05-09 16:58:33 +02:00
Emery Hemingway
60c75135f8 nixos/nginx: add validateConfigFile option
Add an option to disable configuration file processing and
validation.
2024-05-09 16:48:26 +02:00
Adam C. Stephens
215dd64e07
Merge pull request #307039 from adamcstephens/nixos-unstable
nixos/incus: add support for soft daemon restarts
2024-05-09 09:59:37 -04:00
Nick Cao
fe4d8b1b73
Merge pull request #310298 from rouven0/portunus-dex
nixos/portunus: fix dangling service files for dex
2024-05-09 09:50:54 -04:00
Adam Stephens
7d5b333dcd
nixos/incus: add support for soft daemon restart
This is a feature supported out of the box by upstream and allows the
incusd service to be restarted without impacting running
instances. While this does give up a bit of reproducibility, qemu and
lxc for example, there are clear benefits in allowing the host to
apply updates without impacting instances.

Modeled after the zabbly implementation: 2a67c3e260/systemd/incus-startup.service

This will now be the default.
2024-05-09 09:01:12 -04:00
Guillaume Girol
00346bff2b nixos/borgbackup: add an option to ignore warnings
borgbackup exit code 1 means warning, not error. For example if a file
is modified during backup, borg create exits with code 1. It may be
desirable to count that as success.
2024-05-09 12:00:00 +00:00
Rouven Seifert
06667e028f
nixos/portunus: fix dangling service files for dex 2024-05-09 11:29:23 +02:00
Guillaume Girol
2931e934d0
Merge pull request #277368 from niklaskorz/nixos-mautrix-signal
nixos/mautrix-signal: add module
2024-05-08 22:33:29 +02:00
Nanotwerp
9630d00c18 nixos/virt-manager: use dconf to autoconnect QEMU/KVM 2024-05-08 13:53:10 -04:00
Linus Heckemann
a10842c7f0
Merge pull request #302300 from Ma27/kernel-zstd
linux kernel: prefer zstd where possible
2024-05-08 15:17:45 +02:00
Florian Klink
ddf728e50b
Merge pull request #306926 from tie/networkd-global-ipv6-privacy-extensions
nixos/networkd: allow IPv6PrivacyExtensions in networkd.conf
2024-05-08 14:41:08 +03:00
7c6f434c
55e9b296c1
Merge pull request #309696 from Uthar/lisp-removal-of-previous-variants
Lisp modules - removal of previous variants
2024-05-08 10:04:39 +00:00
Jonas Heinrich
4a451cb3ce
Merge pull request #308291 from Ma27/nc-update-db
nixos/nextcloud: add nextcloud-update-db.service, nextcloud-cron isn't oneshot
2024-05-08 11:29:45 +02:00
Pascal Wittmann
a751e2faa2
Merge pull request #302908 from kai-tub/nixos/restic/fix-checkCmd
nixos/restic: fix skipping of check command
2024-05-08 10:29:31 +02:00
Pascal Wittmann
b641bba3d7
Merge pull request #309052 from kira-bruneau/intel-gpu-tools
nixos/intel-gpu-tools: init basic security wrapper
2024-05-07 23:28:45 +02:00
Sandro
dc79d5b1b3
Merge pull request #308904 from SuperSandro2000/273761-follow-up
nixos/openrazer: properly rename mouseBatteryNotifier option
2024-05-07 22:18:31 +02:00