Commit Graph

31440 Commits

Author SHA1 Message Date
Sandro
31a8448c93
Merge pull request #279917 from h7x4/nixos-module-update-add-samba-slice 2024-07-04 11:48:27 +02:00
Masum Reza
24ced04659
Merge pull request #324347 from jtojnar/gdm-fingerprint-fix
nixos/gdm: Fix fingerprint auth rules
2024-07-04 10:54:46 +05:30
Aleksana
d5a4f459ea
Merge pull request #304362 from Stunkymonkey/ec2-data-chmod-install
ec2-data: prefer 'install/umask' over 'chmod'
2024-07-04 12:51:53 +08:00
Aaron Andersen
1af787b0e7
Merge pull request #324320 from tomaskala/add-package-option-to-blocky
nixos/blocky: Add an option for the package to be used
2024-07-04 00:25:12 -04:00
Jan Tojnar
af0cdb44a0 nixos/gdm: Fix fingerprint auth rules
We introduced the gdm-fingerprint.pam in 9d41fe6fcc.

We used the [upstream Arch config] as a template, which contains an extended control field that jumps over **one** immediately-following `auth` rule unless `pam_gdm.so` succeeds.

But we decided to not include `pam_gnome_keyring.so` so there was no rule to skip over, resulting in a broken control flow and the PAM module failing with “PAM bad jump in stack”, breaking the fingerprint authentication in GDM.

Let’s actually add `pam_gnome_keyring.so`, like the Arch config does. Because we are creating the PAM file using the `text` option, `security.pam.services.gdm-fingerprint.enableGnomeKeyring` does not do anything so we need to do it manually.

For the case where gnome-keyring is not enabled, we could add a no-op rule like `optional pam_permit.so` after `pam_gdm.so` so that the branching always has something to jump over but it will be simpler to just make the both conditional. There are no further `auth` rules that could benefit from `pam_gdm.so` doing something so it should be fine.

Unlike in Arch, we are not going to invoke `pam_gnome_keyring.so` in a `session` rule since that is already done by the included `login` module.

[upstream Arch config]: 81ee658c11/data/pam-arch/gdm-fingerprint.pam
2024-07-03 23:36:52 +02:00
Jan Tojnar
1cf4155498 nixos/gdm: Clean up gdm-fingerprint pam module
The `optional pam_permit.so` comes from the [upstream Arch config] we used as a template in 9d41fe6fcc. But I do not think it does anything in this position – see also the discussion at https://bbs.archlinux.org/viewtopic.php?id=245892 – so let’s just remove it.

Let’s also add a comment about disabling `fprintAuth` and a blank line for clarity.

[upstream Arch config]: 81ee658c11/data/pam-arch/gdm-fingerprint.pam
2024-07-03 23:32:43 +02:00
Felix Buehler
6fd0acb81b ec2-data: prefer 'install/umask' over 'chmod' 2024-07-03 23:18:43 +02:00
Someone
7cdac9fd12
Merge pull request #306730 from ShamrockLee/apptainer-default-path
apptainer, singularity: precede system-level bin paths in `defaultPath` and fix `singularity` image running
2024-07-03 19:56:08 +00:00
Jan Tojnar
68211b3546 Revert "nixos/gnome-keyring: unlock keyring with gdm-password, gdm-autologin"
`gdm-autologin` and `gdm-password` PAM modules are defined using the `text` option, so the option here is a no-op.

Furthermore, `gdm-password` already includes `login` for all module types,
and that invokes `pam_gnome_keyring.so` in the same way Arch’s `gdm-password` module would:
81ee658c11/data/pam-arch/gdm-password.pam

This reverts commit c24c7933ba.
2024-07-03 21:32:34 +02:00
Jan Tojnar
0e83d67373 Revert "nixos/gnome-keyring: enable gnome-keyring for fingerprint authentication'"
`gdm-fingerprint` PAM module is defined using the `text` option, so the option here is a no-op.

This reverts commit 6bb516d45f.
2024-07-03 21:25:17 +02:00
Aleksana
3a96597d4f
Merge pull request #317457 from rawkode/fix/espanso-opts
nixos/espanso: fix wayland option
2024-07-03 23:20:03 +08:00
David Flanagan
f13e08ac0e
nixos/espanso: fix wayland option
Co-authored-by: Aleksana <alexander.huang.y@gmail.com>
2024-07-03 16:17:52 +01:00
OTABI Tomoya
3ca8ba2a73
Merge pull request #324114 from NyCodeGHG/renovate-unix-socket
nixos/renovate: allow AF_UNIX access
2024-07-03 22:40:17 +09:00
Tomas Kala
6930dd3dee nixos/blocky: Add an option for the package to be used
Previously, the blocky package was hardcoded to the one in pkgs. This
change allows to set it, so the user can configure the blocky service to
run blocky from nixpkgs-unstable, for example.
2024-07-03 13:42:34 +02:00
Jonas Chevalier
f2506eaef6
Merge pull request #324102 from johannwagner/fix/cloud-init-fixes
nixos/cloud-init: Bug fix and enhancements
2024-07-03 13:25:09 +02:00
Martin Weinelt
84164bf098
Merge pull request #318659 from mweinelt/fastly-exporter
nixos/prometheus-fastly-exporter: unwrap execstart
2024-07-03 12:40:10 +02:00
Aleksana
2240a1aa31
Merge pull request #324163 from SuperSandro2000/271914
nixos/kmscon: fix eval
2024-07-03 12:38:01 +08:00
Weijia Wang
9c1cfad9a0
Merge pull request #307910 from r-ryantm/auto-update/pixelfed
pixelfed: 0.11.13 -> 0.12.1
2024-07-03 00:55:55 +02:00
Sandro Jäckel
6868a97e5e
nixos/kmscon: fix eval 2024-07-03 00:01:12 +02:00
Ryan Lahfa
d387fafe2f
Merge pull request #324101 from hexchen/drop-hexchen
maintainers: remove myself
2024-07-02 23:38:02 +02:00
Thomas Gerbet
8ddb1bb721
Merge pull request #318599 from pacien/nixos-fcgiwrap-isolation
nixos/fcgiwrap: refactor to fix permissions
2024-07-02 21:52:33 +02:00
Sandro
15705830ce
Merge pull request #321061 from SomeoneSerge/prosody-logs
nixos/prosody: provide an (internal) escape hatch for overriding the …
2024-07-02 20:36:07 +02:00
Sandro
230c213fae
Merge pull request #314767 from Guanran928/mihomo
nixos/mihomo: add assertion for configFile
2024-07-02 20:27:36 +02:00
Sandro
bd4241bcc8
Merge pull request #297826 from anthonyroussel/update-tomcat_connectors
apacheHttpdPackages.mod_jk: 1.2.48 -> 1.2.49, rename from tomcat_connectors
2024-07-02 20:26:13 +02:00
Sandro
4f90cfd2f9
Merge pull request #313984 from yayayayaka/gitlab-17.0.1
gitlab: 16.11.5 -> 17.1.1
2024-07-02 20:12:42 +02:00
Marie Ramlow
787354f63c nixos/renovate: allow AF_UNIX access
renovate can update nix dependencies, which results in nix trying to communicate with the nix-daemon over a unix socket.
2024-07-02 20:09:12 +02:00
K900
caff135cb1
Merge pull request #323419 from Ma27/bump-grafana
grafana: 11.0.0 -> 11.1.0
2024-07-02 20:59:21 +03:00
Felix Bühler
4b015946c9
Merge pull request #307459 from Stunkymonkey/freshrss-extensions
freshrss-extensions: init
2024-07-02 19:43:22 +02:00
hexchen
2104f810b0 decklink, blackmagic-desktop-video: drop package and module
I am the singular maintainer for these packages. They are difficult to
maintain and are going to start to bitrot pretty much as soon as BMD
releases new software versions. Therefore, I am not only removing myself
as the maintainer but dropping them entirely.
2024-07-02 17:26:03 +00:00
Johann Wagner
49d137a967 nixos/cloud-init: Allow additional packages in cloud-init module 2024-07-02 19:19:56 +02:00
Johann Wagner
33c55024dc nixos/cloud-init: Allow systemd.network to be enabled if cloud-init.network is disabled 2024-07-02 19:12:30 +02:00
Florian Klink
0ef1870535
Merge pull request #323996 from hercules-ci/journald.conf-link
nixos/journald: Link to journald manpage
2024-07-02 14:49:24 +03:00
Cat
ed1b6699c0
nixos/syncthing: implement folder type (#308832)
* Syncthing: implemented folder type

* Syncthing: fix syntax (via @johnhamelink )

This commit should be rebased/squashed into the previous one if ofborg cleares it!

Co-authored-by: John Hamelink <me@johnhame.link>

---------

Co-authored-by: John Hamelink <me@johnhame.link>
2024-07-02 19:49:03 +08:00
Robert Hensing
7b1af67486 nixos/journald: Link to journald manpage
This creates a link to https://www.freedesktop.org/software/systemd/man/latest/journald.conf.html,
thanks to `doc/manpage-urls.json`.
2024-07-02 12:09:07 +02:00
Jonas Heinrich
c0b4d43442
Merge pull request #314525 from onny/stalwart-openfirewall
nixos/stalwart-mail: add openFirewall option
2024-07-02 10:00:46 +02:00
Jan Tojnar
0f56e32213
Merge pull request #319659 from jtojnar/gnome-extract
Move various packages out of gnome scope
2024-07-02 08:03:53 +02:00
ckie
7d34b64eca maintainers: remove ckie
well, we failed. we have not saved nix together[0], and today's show of
utter incompetence[1] has pushed me over the edge along with many others[2]

it's been good. a lot of PRs. a lot of endless reviews.
some new friends, some old friends converted :P

cya in the next world, cuties <3

[0] https://save-nix-together.org/
[1] https://discourse.nixos.org/t/nca-member-jonringer-joint-announcement/48231
[2] https://github.com/NixOS/nixpkgs/issues?q=label%3A%228.has%3A+maintainer-list+%28update%29%22+remove+in%3Atitle+created%3A%3C2024-07-10
2024-07-02 02:40:02 +02:00
Janik H.
76cd1d2211 maintainers: drop janik
I guess my time has come as well...

With this commit, I'm not just dropping my maintainer entry, but I'm also
resigning from my duties as a board observer and NixCon project lead.
I also terminated my Summer of Nix contract today.
I'll also stop hosting the local NixOS meetup.

The only "project" I'll finish under the NixOS Foundation umbrella is
Google Summer of Code because the mentees aren't even remotely
responsible for why I'm leaving, and it would be unfair to leave them
hanging.

I'm grateful for all the things I was able to learn, for all the experiences
I could gather, and for all the friends I made along the way.
NixOS is what makes computers bearable for me, so I'll go and work on
some fork (*something something* you always meet twice in life).
2024-07-02 02:36:42 +02:00
Jasper Woudenberg
71e88077ca maintainers: remove jwoudenberg 2024-07-02 01:35:17 +02:00
Marcus Ramberg
a449a2a14a
Merge pull request #321079 from res0Nanz/master
nixos/cloudflared: fix links in doc
2024-07-01 23:39:57 +02:00
Felix Buehler
bb33682f3a nixos/freshrss: add extensions 2024-07-01 23:38:56 +02:00
Guillaume Girol
3b82fcc6c3
Merge pull request #318826 from NorfairKing/borgbackup-requiremount
borgbackup: Use RequiresMountsFor to require that the repo is mounted
2024-07-01 22:03:55 +02:00
Maximilian Bosch
c2586ca239 nixos/nextcloud: warn about unsafe path transitions
Closes #294588
It _may_ also be an answer to #169733.

See explanation from upstream[1] for further details.

[1] https://github.com/systemd/systemd/issues/19618#issuecomment-843273818
2024-07-01 21:20:12 +02:00
pennae
5c5aaaaaae maintainers: remove pennae
https://discourse.nixos.org/t/nca-jonringer-joint-announcement/48231
https://web.archive.org/web/20240701165505/https://discourse.nixos.org/t/nca-jonringer-joint-announcement/48231

we had little faith in the NCA process, but this is going deep, *deep*
into the territory of wilfully insulting all those had placed even a
modicum of trust in that process.

have you fucking nazi bar.
2024-07-01 18:56:40 +02:00
r-vdp
d1e0f30cb2
Fix SSH in scripted initrd
Co-authored-by: Emily <vcs@emily.moe>
2024-07-01 15:35:55 +02:00
r-vdp
79d8116671
Fix ssh in initrd for systemd-initrd
Broken in https://github.com/NixOS/nixpkgs/pull/323753
2024-07-01 15:35:55 +02:00
Jonas Heinrich
f45e645e92 nixos/stalwart-mail: add openFirewall option 2024-07-01 14:10:11 +02:00
Jörg Thalheim
c08bd9add4
Merge pull request #307123 from CaptainJawZ/shiori
shiori: 1.5.5 -> 1.7.0
2024-07-01 13:46:24 +02:00
Thiago Kenji Okada
7fb13d1dff
Merge pull request #285299 from loispostula/patch-1
nixos/rtorrent: rpcsock perm should reflect provided options
2024-07-01 10:55:55 +00:00
Someone
9c1849ebd0
Merge pull request #323249 from abysssol/ollama-driver-runpath
ollama: remove dependency on`linuxPackages.nvidia_x11`, use `autoAddDriverRunpath` instead
2024-07-01 10:41:42 +00:00