euxane
51b246a1ac
nixos/fcgiwrap: do not run as root by default
...
Use a dynamic user instead unless one is specified.
2024-06-22 19:45:25 +02:00
euxane
81f72015f0
nixos/fcgiwrap: add unix socket owner, private by default
...
This adds a few options to properly set the ownership and permissions
on UNIX local sockets, set to private by default.
Previously, the created UNIX local sockets could be used by any local
user. This was especially problematic when fcgiwrap is running as root
(the default).
2024-06-22 19:45:25 +02:00
euxane
41419ca288
nixos/fcgiwrap: refactor for multiple instances
...
This allows configuring and starting independent instances of the
fgciwrap service, each with their own settings and running user,
instead of having to share a global one.
I could not use `mkRenamedOptionModule` on the previous options
because the aliases conflict with `attrsOf submodule` now defined at
`services.fcgiwrap`. This makes this change not backward compatible.
2024-06-22 19:45:15 +02:00
Benjamin Staffin
e93ccda887
nixos/ipa: Make ipa_hostname configurable ( #321588 )
...
Some sites put hosts in domains outside of the IPA server's default
domain, so this needs to be user-configurable. The default is to use
the system's FQDN if it is configured, otherwise fallback to the
previous default behaviour of assuming the IPA's server's domain.
2024-06-22 11:29:54 -04:00
Nick Cao
d10d0fc423
nixos/keycloak: update options for release 25.0.0
...
Reference: https://www.keycloak.org/docs/25.0.0/upgrading/
2024-06-22 10:23:09 -04:00
github-actions[bot]
c6707a9686
Merge staging-next into staging
2024-06-21 12:01:53 +00:00
Doron Behar
7645dde059
transmission_3: rename from transmission
2024-06-21 12:33:37 +03:00
h7x4
11c5359c4f
Merge pull request #319516 from r-vdp/wstunnel-init
...
wstunnel: 9.6.2 -> 9.7.0
2024-06-21 09:17:42 +02:00
github-actions[bot]
667f4bf852
Merge staging-next into staging
2024-06-20 12:01:36 +00:00
K900
5ce022e0e0
Merge pull request #319865 from JohnRTitor/amdgpu-module
...
nixos/amdgpu: init module
2024-06-20 14:29:01 +03:00
Rick van Schijndel
43ce0f9ee0
Merge pull request #318256 from risicle/ris-stack-clash-protection
...
cc-wrapper: add stack clash protection hardening flag
2024-06-19 19:54:30 +02:00
github-actions[bot]
446fc5bdf3
Merge staging-next into staging
2024-06-19 00:03:05 +00:00
Martin Weinelt
f822b2ba5c
Merge remote-tracking branch 'origin/staging-next' into staging
...
Conflicts:
- pkgs/development/python-modules/langsmith/default.nix
- pkgs/development/python-modules/rich-pixels/default.nix
- pkgs/servers/teleport/generic.nix
2024-06-18 20:16:19 +02:00
Thiago Kenji Okada
6b15cd0387
nixos/doc: add services.flood to rl-2411
2024-06-18 08:47:29 -03:00
r-vdp
0faddabc33
nixos/wstunnel: Add a mention in the release notes
2024-06-18 11:07:07 +03:00
John Titor
4f0fbbd09a
docs/release-notes: 24.11: add amdgpu module
2024-06-18 10:04:03 +05:30
Marie Ramlow
56d1e7a41b
lib.systems.examples: update default android sdk to 33, ndk to 26
2024-06-17 09:53:31 +02:00
Sandro
f88f5fec3e
Merge pull request #318933 from mweinelt/vaultharden
...
nixos/vaultwarden: update state directory name, harden systemd unit
2024-06-16 13:31:10 +02:00
Pol Dellaiera
31ec299d80
Merge pull request #320194 from numinit/android-studio-full
...
android-studio-full: fix changelog ordering
2024-06-16 10:11:43 +02:00
Florian Klink
69efc46438
Merge pull request #315205 from widlarizer/tracy-remove-legacy
...
tracy: fix wayland - remove legacy build, add deps
2024-06-16 10:03:23 +03:00
Morgan Jones
cb452d89b3
android-studio-full: move changelog; fix duplicate merged line
2024-06-16 00:00:19 -07:00
Martin Weinelt
be53df7236
nixos/vaultwarden: harden systemd unit
...
Drops the capability to bind to privileged ports.
2024-06-16 01:33:12 +02:00
Emil J. Tywoniak
aefaf8f50b
tracy: move to wayland, add tracy-x11
2024-06-15 22:52:03 +02:00
Zach Mitchell
aeba240cf3
moonlight-qt: 5.0.1 -> 6.0.0
2024-06-13 19:11:19 +08:00
github-actions[bot]
aacd9cf894
Merge staging-next into staging
2024-06-13 00:02:48 +00:00
Masum Reza
7082d01967
nixos/amdvlk: init module ( #318175 )
2024-06-12 22:45:01 +02:00
github-actions[bot]
d4adfab6df
Merge staging-next into staging
2024-06-12 06:01:24 +00:00
OTABI Tomoya
1f278a2082
Merge pull request #318384 from NyCodeGHG/nixos/renovate
...
nixos/renovate: init
2024-06-12 10:05:27 +09:00
Marie Ramlow
0adb3b8033
nixos/renovate: init
2024-06-11 18:57:04 +02:00
euxane
e23df553b0
doc/release-notes: migration note for stalwart-mail user
...
This follows 6ee84bcda0
2024-06-10 21:03:24 +02:00
github-actions[bot]
507aeeb037
Merge staging-next into staging
2024-06-09 00:03:32 +00:00
github-actions[bot]
26e3a02633
Merge master into haskell-updates
2024-06-08 00:14:17 +00:00
Robert Scott
6375a5878d
doc/release-notes: 24.11: addition of stackclashprotection hardening flag
2024-06-07 23:55:33 +01:00
github-actions[bot]
ef554485a4
Merge staging-next into staging
2024-06-07 18:01:57 +00:00
Thomas Churchman
d226935fd7
nixos/ddclient: deprecate use, implement use{v4,v6}
...
Upstream replaced `use` with `use{v4,v6}`:
4a1b06630b/ChangeLog.md (new-features)
2024-06-07 17:28:25 +02:00
Martin Weinelt
7ff8facb8b
Merge remote-tracking branch 'origin/staging-next' into staging
2024-06-07 07:25:52 +02:00
github-actions[bot]
a5d1b908b4
Merge master into haskell-updates
2024-06-07 00:13:56 +00:00
Peder Bergebakken Sundt
4f06a00fa9
Merge pull request #295155 from onemoresuza/hare-hook
...
hareHook: init
2024-06-06 23:55:33 +02:00
github-actions[bot]
4883735d0c
Merge staging-next into staging
2024-06-06 06:01:40 +00:00
github-actions[bot]
bd4363d68b
Merge master into haskell-updates
2024-06-06 00:13:27 +00:00
Jonathan Davies
7d7cb3e425
doc/release-notes: 24.11: Added Quickwit item to new services.
2024-06-06 00:49:42 +01:00
github-actions[bot]
937c2fa134
Merge staging-next into staging
2024-06-05 18:01:19 +00:00
Adam C. Stephens
af4ac075a3
Merge pull request #312523 from emilylange/nixos-forgejo-secrets
...
nixos/forgejo: refactor secrets, add `cfg.secrets`, forgejo: build `environment-to-ini`, nixos/tests/forgejo: test `cfg.secrets` using /metrics endpoint
2024-06-05 10:01:37 -04:00
github-actions[bot]
d7993cebbc
Merge staging-next into staging
2024-06-05 12:01:43 +00:00
Thomas Gerbet
ef6fea2d86
openssh: move Kerberos support into a dedicated package
...
The `openssh` and `openssh_hpn` packages are now built without
the Kerberos support by default in an effort to reduce the attack surface.
The Kerberos support is likely used only by a fraction of the total users
(I'm guessing mainly users integrating SSH in an Active Directory env) so
dropping it should not impact too many users. It should also be noted that
the Kerberos/GSSAPI auth is disabled by default in the configuration.
`opensshWithKerberos` and `openssh_hpnWithKerberos` are added in order
to provide an easy migration path for users needing this support.
The `openssh_gssapi` package is kept untouched.
2024-06-05 19:45:31 +10:00
Pol Dellaiera
133aa44c38
Merge pull request #317286 from drupol/open-webui-add-more-env
...
nixos/{ollama,open-webui}: minor service update
2024-06-05 09:12:28 +02:00
Pol Dellaiera
8ea262601a
nixos/open-webui: add release note entry
2024-06-05 08:05:18 +02:00
github-actions[bot]
daadd0b777
Merge master into haskell-updates
2024-06-05 00:13:17 +00:00
github-actions[bot]
1e2381cfc5
Merge staging-next into staging
2024-06-05 00:02:59 +00:00
Coutinho de Souza
b0fcfa88cf
hareHook: init
...
Co-authored-by: Colin <colin@uninsane.org>
2024-06-04 20:32:51 -03:00
emilylange
ac20219508
nixos/rl-2411: add services.forgejo.secrets
...
and the accompanying `services.forgejo.mailerPasswordFile` deprecation.
2024-06-05 01:05:47 +02:00
José Ribeiro
6fc5c63584
doc(rl-24.11): zx v8 breaking changes
2024-06-03 22:16:55 +01:00
Robert Scott
35b3c16331
nixos/doc/rl-2411: zerocallusedregs hardening flag enabled by default
2024-06-03 22:02:18 +01:00
github-actions[bot]
ac1903efd3
Merge master into haskell-updates
2024-06-03 00:13:54 +00:00
Stefan Majewsky
d11d18df30
portunus: remove libxcrypt-legacy usage
2024-06-01 10:28:21 +02:00
sternenseemann
c2b48909d6
Merge master into haskell-updates
2024-05-31 12:49:29 +02:00
Yt
6606ce9c0c
Merge pull request #273101 from onny/invoiceplane-settings2
...
nixos/invoiceplane: Remove deprecated extraConfig
2024-05-31 00:04:34 +00:00
euxane
0174aa1c56
nixos/stalwart-mail: rocksdb as default storage
...
This sets RocksDB as the default storage backend for `stateVersion` >=
24.11. For previous `stateVersion`s, the structured data and blobs
remain on SQLite and the filesystem respectively.
This is closer to the suggested upstream configuration for fully local
storage.
2024-05-30 16:22:03 +02:00
github-actions[bot]
7476d0d0c9
Merge master into haskell-updates
2024-05-30 00:13:58 +00:00
Someone Serge
fdf0e19b73
imgui: mention cmake integration in release notes
2024-05-28 19:58:02 +00:00
Jonas Heinrich
4217b9cd9a
nixos/invoiceplane: Remove deprecated extraConfig
2024-05-28 14:07:44 +02:00
Rebecca Turner
d2618822ab
haskell.lib.compose.justStaticExecutables: Forbid references to GHC
...
This makes `justStaticExecutables` error if the produced store path
contains references to GHC. This is almost always erroneous and due to
the generated `Paths_*` module being imported. This helps prevent
`justStaticExecutables` from producing binaries with closure sizes in
the gigabytes.
See: https://github.com/NixOS/nixpkgs/issues/164630
Co-authored-by: sternenseemann <sternenseemann@systemli.org>
2024-05-27 21:08:16 +02:00
superherointj
f2a202ff38
nixos/doc/rl-2411: nginx now has gd, geoip as an optional
2024-05-25 12:12:50 -03:00
Jonas Heinrich
3c80361f9a
nixos/stalwart-mail: add release notes
2024-05-24 12:25:33 +02:00
Lucas Hoffmann
eff2e77eee
nvimpager: 0.12.0 -> 0.13.0
2024-05-23 14:57:33 +02:00
Weijia Wang
f7da007372
doc/release-notes: update codename
2024-05-22 18:48:39 +02:00
Weijia Wang
4a817d2083
24.05 is Vicuña
2024-05-22 18:15:34 +02:00
