Commit Graph

41410 Commits

Author SHA1 Message Date
Shea Levy
486943af00 ipu6: Don't build out-of-tree driver for kernels that have it
(cherry picked from commit 3bfeae1428)
2024-08-04 13:12:19 +00:00
Bjørn Forsman
fea54e56e7 nixos/deconz: mention RaspBee hardware
(cherry picked from commit 849492e6e2)
2024-08-04 09:51:25 +02:00
Bjørn Forsman
c35006b99c nixos/deconz: update URL to hardware products
There are multiple products/versions, so replace the "version 2" URL
with a landing page for all products.

(cherry picked from commit aeaf887dcb)
2024-08-04 09:51:25 +02:00
networkException
03b63017ed nixos/flatpak: add package option
this patch adds the `services.flatpak.package` option to
allow overriding the package added by this module to
`environment.systemPackages` and the likes.

This is useful in scenarios where applications call the
flatpak binary to query information like writable directories
and there is a custom package returning different results
from the vanilla binary.

See https://github.com/crabdancing/nixpak-flatpak-wrapper

(cherry picked from commit af69223f46)
2024-08-03 15:15:01 +00:00
euxane
31cdff5baf nixos/cgit: use isolated fcgiwrap instance, add user/group options
This adds options to set the users and groups as which cgit instances
run, allowing the use of an unprivileged user instead of root.

"root" is kept as the default user to avoid breaking existing setups,
but a warning is shown in that case to alert the user.

Backport of:

commit 4f2da6c9c1
    nixos/fcgiwrap: add option migration instruction errors
    (partial: move to instances)
commit 3d10deb7a5
    nixos/cgit: fix GIT_PROJECT_ROOT ownership
commit 2d8626bf0a
    nixos/cgit: configurable user instead of root
commit c5dc3e2034
    nixos/fcgiwrap: adapt consumer modules and tests
commit 8101ae41f8
    nixos/fcgiwrap: adapt consumer modules and tests
commit bf2ad6f48c
    nixos/fcgiwrap: adapt consumer modules and tests
2024-08-02 10:51:17 +02:00
euxane
483dd7e3c6 nixos/zoneminder: use isolated fcgiwrap instance
Backport of:

commit fcb2a4a5ff
    nixos/zoneminder: set fcgiwrap socket owner
commit 4f2da6c9c1
    nixos/fcgiwrap: add option migration instruction errors
    (partial: move to instances)
commit 8101ae41f8
    nixos/fcgiwrap: adapt consumer modules and tests
commit bf2ad6f48c
    nixos/fcgiwrap: adapt consumer modules and tests
2024-08-02 10:51:17 +02:00
euxane
6a8e12421c nixos/smokeping: use isolated fcgiwrap instance
This makes the CGI part of smokeping run as the unprivileged
"smokeping" user like the rest of the service (instead of root).

This also sets proper permissions for the fcgiwrap control socket.

Backport of:

commit 4f2da6c9c1
    nixos/fcgiwrap: add option migration instruction errors
    (partial: move to instances)
commit c5dc3e2034
    nixos/fcgiwrap: adapt consumer modules and tests
commit 8101ae41f8
    nixos/fcgiwrap: adapt consumer modules and tests
commit bf2ad6f48c
    nixos/fcgiwrap: adapt consumer modules and tests
2024-08-02 10:51:17 +02:00
euxane
0cb1143443 nixos/fcgiwrap: add deprecation notice and security warning
This deprecates the use of the global shared instance of fcgiwrap,
due to its security issues (running as root by default, actually
insecure control socket, allowing local remote escalation privileges,
with no fix due to the multiple consumers).

A warning is added to encourage users to migrate to properly isolated
instances (`services.fcgiwrap.instances.*`).
2024-08-02 10:51:17 +02:00
euxane
aaa045714c nixos/fcgiwrap-instances: backport isolated multi-instance module
This backports the options `services.fcgiwrap.instances.*`,
allowing to configure isolated instances of fcgiwrap,
as an alternative to the global shared one.
This prepares the deprecation of the latter.

Backport of:

commit efc7aebda7
    nixos/fcgiwrap: require explicit owner for UNIX sockets
commit 4f2da6c9c1
    nixos/fcgiwrap: add option migration instruction errors
    (partial: move to instances)
commit 51b246a1ac
    nixos/fcgiwrap: do not run as root by default
commit 81f72015f0
    nixos/fcgiwrap: add unix socket owner, private by default
commit 289c1585c2
    nixos/fcgiwrap: limit prefork type to positives
commit 3955eaf450
    nixos/fcgiwrap: improve readability of CLI args
commit 022289f2fa
    nixos/fcgiwrap: group options logically, fix doc
commit 41419ca288
    nixos/fcgiwrap: refactor for multiple instances
2024-08-02 10:51:17 +02:00
OPNA2608
058334e3ee tests/lomiri: Drop OCR for starter content
It has started to take 10 minutes to get a match, and we open the starter more than once.

Let's just drop this check, ydotool helps alot with getting it open more reliably.

(cherry picked from commit 6e42f74cf9)
2024-07-31 11:59:36 +00:00
OPNA2608
38dc1ca235 nixos/lomiri: Add camera app
(cherry picked from commit 826486cd2f)
2024-07-31 11:59:36 +00:00
OPNA2608
303b5baac6 tests/lomiri-camera-app: init
(cherry picked from commit b45fe2e63c)
2024-07-31 11:59:36 +00:00
Sandro
5ea2431441
Merge pull request #330861 from teutat3s/backport-docker-default-bump 2024-07-31 13:20:34 +02:00
teutat3s
dbef07c3e5
docker: move default from 24.x to 25.x
24.x is no longer maintained as of February 1, 2024[1].
It did not (yet?) receive a fix for CVE-2024-41110.

According to [1] 25.x will be the next LTS version, use that version to
reduce risk of possible breakage.

[1] https://github.com/moby/moby/pull/46772#discussion_r1686464084
2024-07-29 14:59:41 +02:00
Robert Hensing
5c3491ba46 nixos/nix-channel.nix: shellcheck and fix the activation check
(cherry picked from commit 2d9a686483)
2024-07-28 11:31:42 +00:00
Robert Hensing
99f1301be3 nixosTests.installer.switchToFlake: It is probably really stupid
We may want to clear NIX_PATH when channels are disabled, or maybe
it has to be a separate option.
This is just very frustrating to me.

(cherry picked from commit 3f76dcea93)
2024-07-28 11:31:42 +00:00
Robert Hensing
9d6195d69d nixosTests.installer.switchToFlake: Adjust for workaround in #323613
(cherry picked from commit 46df92b270)
2024-07-28 11:31:42 +00:00
Robert Hensing
5a715379eb nixos/nix-channel: Highlight and tidy the warnings
(cherry picked from commit 34fee8c804)
2024-07-28 11:31:41 +00:00
Robert Hensing
b096badfeb nixos/activation-script: Add lib.sh with warn()
(cherry picked from commit 1022da85ab)
2024-07-28 11:31:41 +00:00
Vladimir Panteleev
98bccac2f9 nix-channel: do not set empty nix-path when disabling channels
An empty nix-path in nix.conf will disable NIX_PATH environment variable
entirely, which is not necessarily implied by users who want to disable
nix channels. NIX_PATH also has some usages in tools like nixos-rebuild
or just as user aliases.

That change is surprising and debatable, and also caused breakages in
nixpkgs-review and user configs.

See:
- https://github.com/NixOS/nixpkgs/pull/242098/files#r1269891427
- https://github.com/Mic92/nixpkgs-review/issues/343
- https://github.com/NixOS/nix/pull/10998

Co-authored-by: oxalica <oxalicc@pm.me>
(cherry picked from commit 1e6acabaeb)
2024-07-28 11:31:41 +00:00
Rafael Fernández López
16bb67ec64 virtualisation/{docker,podman}: update nvidia-ctk warning
Warnings and descriptions for `virtualisation.docker.enableNvidia` and
`virtualisation.podman.enableNvidia` point erroneously to set
`virtualisation.containers.cdi.dynamic.nvidia.enable`. This NixOS
option has been deprecated and the recommended NixOS option is
`hardware.nvidia-container-toolkit.enable`.

(cherry picked from commit 3d2a21eddf)
2024-07-28 11:25:19 +00:00
Sandro Jäckel
d24055bd37 nixos/plasma6: enable programs.kde-pim by default
(cherry picked from commit 4169ba8920)
2024-07-27 22:07:50 +00:00
Sandro Jäckel
e6dacc093c programs/kde-pim: init
(cherry picked from commit aa5ebae159)
2024-07-27 22:07:50 +00:00
Yaya
290dd599d9 nixosTests.gitlab: add git package
(cherry picked from commit 66f9d60dd7)
2024-07-25 23:23:31 +02:00
Yaya
7f19bbe215 nixos/gitlab: Replace git package with bundled git
This commit switches gitaly's git package from `pkgs.git` to the bundled
`git` package in order to maintain compatibility with the supported git
release by gitaly.

(cherry picked from commit feeb53a430)
2024-07-25 23:23:31 +02:00
Benno Bielmeier
4fdb8ffc8d nixos/graylog: add option dataDir
in order to use this nixos module with Graylog 6.0, in which

> the default value for the data_dir configuration option has been
> removed and must be specified in graylog.conf [1].
> -- https://go2docs.graylog.org/current/upgrading_graylog/upgrading_to_graylog_6.0.x.htm

The value set by default is the same as before introducing this option.
See also [1,2]

[1]: https://go2docs.graylog.org/current/setting_up_graylog/server.conf.html
[2]: https://go2docs.graylog.org/5-2/setting_up_graylog/server.conf.html

(cherry picked from commit ed904c256f)
2024-07-22 23:33:20 +00:00
Bjørn Forsman
ea73e7ae9d nixos/dictd: treat SIGTERM exit status as success
dictd doesn't handle SIGTERM and terminates with code 143 (128 + 15
(SIGTERM) instead of 0. This results in systemd marking the service as
failed when a user stops it (with `systemctl stop dictd`). Fix it by
treating code 143 as success.

(cherry picked from commit 7db3dc0fa4)
2024-07-22 17:31:20 +02:00
Franz Pletz
38ad1f17e7 nixos/proxmox-lxc: fix nixos-rebuild
Same is being done in lxc-container module.

(cherry picked from commit ceafec213f)
2024-07-21 07:10:11 +00:00
Franz Pletz
6ab0cafeae nixos/proxmox-lxc: fix getty start
Otherwise there is no getty on tty1 in Proxmox.

(cherry picked from commit c501d3fa97)
2024-07-21 07:10:11 +00:00
Franz Pletz
f9b9828216 nixos/proxmox-lxc: reformat
(cherry picked from commit 4aa419c046)
2024-07-21 07:10:11 +00:00
Franz Pletz
83887abeed
Merge pull request #328838 from NixOS/backport-320075-to-release-24.05 2024-07-21 09:09:27 +02:00
Franz Pletz
924059143b
Merge pull request #328837 from NixOS/backport-267764-to-release-24.05 2024-07-21 09:09:15 +02:00
illustris
5a65ef0b08 nixos/proxmox-lxc: fix ping in unprivileged LXCs
(cherry picked from commit 01b159092f)
2024-07-21 06:25:34 +00:00
Brendan Golden
f879790bc1 nixos/proxmox-lxc: allow importing module without activation, for used in mixed machine clusters
(cherry picked from commit c20f3b70ab)
2024-07-21 06:25:04 +00:00
illustris
fe84f99154 nixos/proxmox-lxc: fix console access (#307163)
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
(cherry picked from commit da799551a4)
2024-07-21 06:24:24 +00:00
Peder Bergebakken Sundt
272ab0c0c6
Merge pull request #327625 from NixOS/backport-327324-to-release-24.05
[Backport release-24.05] programs.ydotool: remove invalid systemd directive
2024-07-20 18:38:35 +02:00
Guillaume Girol
7f14f6aaaf
Merge pull request #327154 from NixOS/backport-318897-to-release-24.05
[Backport release-24.05] nixos/btrbk: undeprecate extraPackages
2024-07-20 18:00:27 +02:00
Pol Dellaiera
c34bfade68 nixos/boot: use --replace-fail
(cherry picked from commit f2318b9d58)
2024-07-19 20:53:12 +00:00
Lukas Werling
1fac62a833 nixos/tsm-client: Fix multi-value dsm.sys options
A configuration such as:

    programs.tsmClient.servers.backup.domain = [ "/dir1" "dir2" ];

...would previously result in an error ("cannot coerce a list to a
string"), since `makeDsmSysLines` would return a nested list.

(cherry picked from commit f52ee2af39)
2024-07-17 21:46:23 +00:00
Dan Callaghan
645052a473 nixos/sssd: fix KCM to use new krb5 settings
krb5.libdefaults moved to security.krb5.settings.libdefaults in PR #243169.

(cherry picked from commit 375ef3c127)
2024-07-17 14:29:37 +00:00
Franz Pletz
18e1e8ec7c
Merge pull request #327386 from NixOS/backport-325589-to-release-24.05 2024-07-16 16:38:22 +02:00
Zitrone
651684c92b programs.ydotool: remove invalid systemd directive
fixes #327156

(cherry picked from commit 10c8868b7f)
2024-07-16 11:25:14 +00:00
Cosima Neidahl
f49f761cd3
Merge pull request #327152 from NixOS/backport-324663-to-release-24.05
[Backport release-24.05] lomiri.teleports: init at 1.20
2024-07-16 08:07:33 +02:00
wskeele
83caf04904 nixos/duplicity: Add support for --include-filelist / --exclude-filelist
(cherry picked from commit fff878e7c6)
2024-07-15 14:35:46 +00:00
Julian Stecklina
f6a8567aac nixos/virtualbox-host: remove obsolete warnings
Version 20240617 of the KVM patch allows for turning hardening on in
VirtualBox.

(cherry picked from commit 9cec4b55f6)
2024-07-15 14:06:38 +00:00
Robert Hensing
77df3f1792
Update nixos/modules/installer/tools/nix-fallback-paths.nix
Co-authored-by: Emily <vcs@emily.moe>
2024-07-14 20:06:56 +02:00
Guillaume Girol
4d3f56b92c nixos/btrbk: undeprecate extraPackages
it is required on systems where ssh access is configured for
lz4-compressed btrfs send, but no instances are present.

fixes https://github.com/NixOS/nixpkgs/issues/316676

(cherry picked from commit 952b1a3d96)
2024-07-14 17:14:19 +00:00
OPNA2608
ac799e549f nixos/lomiri: Add teleports
(cherry picked from commit 77aaa0695f)
2024-07-14 16:48:22 +00:00
OPNA2608
f6cd0d58b3 tests/teleports: init
(cherry picked from commit e5ad7914a8)
2024-07-14 16:48:22 +00:00
Jean-François Roche
d05d904cec nixVersions.nix_2_18: 2.18.4 -> 2.18.5
Fix sandbox on macos.

More details here: https://github.com/NixOS/nix/compare/2.18.4...2.18.5

(cherry picked from commit c08c79536c)
2024-07-11 12:30:26 +00:00
Sandro
89bc15e14e
Merge pull request #323423 from NixOS/backport-278982-to-release-24.05 2024-07-10 16:28:43 +02:00
Franz Pletz
e424737b35
Merge pull request #325852 from fpletz/backport-325377-to-release-24.05 2024-07-10 15:33:25 +02:00
abysssol
18a35d93f2
Merge pull request #325791 from abysssol/ollama-fix-override
[24.05] nixos/ollama: make overrides compatible with unstable package
2024-07-10 10:38:41 +00:00
abysssol
f95457b3e8 [24.05] nixos/ollama: make overrides compatible with unstable package
The unstable package no longer uses `linuxPackages` for nvidia/cuda,
so when `services.ollama.package = unstable.ollama;` is set,
the unstable package is overridden with `linuxPackages` causing a build failure.
2024-07-10 06:36:04 -04:00
Martin Weinelt
abd2967927
Merge pull request #325672 from mweinelt/24.05/firefox-128.0
[release-24.05] Firefox: 127.0.2 -> 128.0; 115.12.0esr -> 115.13.0esr; init 128.0esr
2024-07-10 01:32:14 +02:00
Cosima Neidahl
a4dd777ab9
Merge pull request #325886 from NixOS/backport-325247-to-release-24.05
[Backport release-24.05] lomiri.*: Revert GLib workarounds
2024-07-09 22:07:52 +02:00
Leonardo Eugênio
aa01c35210
[Backport release-24.05] virtualbox & virtualboxGuestAdditions: cleanup (#318311)
* virtualbox: remove with lib

* virtualboxGuestAdditions: remove with lib

* virtualboxGuestAdditions: move more buildInputs to nativeBuildInputs

* virtualbox: introduce finalAttrs

* virtualbox: remove old patch

* virtualboxGuestAdditions: Add dragAndDrop service

* fixup! virtualboxGuestAdditions: Add dragAndDrop service

* virtualbox: disable VBOX_WITH_UPDATE_AGENT

* virtualboxGuestAdditions: disable VBOX_WITH_UPDATE_AGENT

* virtualboxGuestAdditions: disable more includes

* virtualboxGuestAdditions: ignore more includes when building

* virtualboxGuestAdditions: cleanup

* virtualboxGuestAdditions: remove alsa & pulse deps

* virtualboxGuestAdditions: remove makeWrapper dep

* virtualboxGuestAdditions: use nix packaged lzma

* virtualbox: remove nasm

* Update nixos/modules/virtualisation/virtualbox-guest.nix

---------

Co-authored-by: Friedrich Altheide <11352905+FriedrichAltheide@users.noreply.github.com>
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2024-07-09 17:53:41 +02:00
OPNA2608
327e47ef03 Revert "lomiri.telephony-service: Mark broken & exclude everywhere"
This reverts commit 3ef60ac499.

(cherry picked from commit c34ee327e6)
2024-07-09 15:52:19 +00:00
Hugh O'Brien
467e433357
profiles/qemu_guest: add virtio_gpu to initrd
(cherry picked from commit 66b896630d)
2024-07-09 15:56:30 +02:00
Bjørn Forsman
58f859572d nixos/deconz: treat SIGTERM exit status as success
deconz doesn't handle SIGTERM and terminates with code 143 (128 + 15
(SIGTERM) instead of 0. This results in systemd marking the service as
failed when a user stops it (with `systemctl stop deconz`). Fix it by
treating code 143 as success.

(cherry picked from commit 5aab6344c2)
2024-07-09 13:08:06 +00:00
Martin Weinelt
3b6aec240d
firefox-esr-128-unwrapped: init at 128.0esr
(cherry picked from commit 6d85f70d35)
2024-07-09 13:06:53 +02:00
Judson Lester
298692111e (lorri) (update tests)
(cherry picked from commit c862b97f72)
2024-07-09 12:46:59 +02:00
OPNA2608
e67f19672d nixos/lomiri: Add clock
(cherry picked from commit 2204726a6d)
2024-07-08 15:51:51 +00:00
OPNA2608
6e7550e08f tests/lomiri-clock-app: init
(cherry picked from commit 3efabb3359)
2024-07-08 15:51:51 +00:00
OPNA2608
08baeb4b3d nixos/lomiri: Add calculator
(cherry picked from commit 60f68545b1)
2024-07-07 22:30:45 +00:00
OPNA2608
c23c8976ed tests/lomiri-calculator-app: init
(cherry picked from commit 7a3cb59d2a)
2024-07-07 22:30:45 +00:00
OPNA2608
4eeded0054 tests/lomiri: Add polkit agent test
(cherry picked from commit 3a788099cd)
2024-07-06 22:48:24 +00:00
OPNA2608
740a982d63 nixos/lomiri: Add polkit agent
(cherry picked from commit 916ba54f24)
2024-07-06 22:48:24 +00:00
Weijia Wang
d6285bd3f0
Merge pull request #324886 from eclairevoyant/backport-322386-to-release-24.05
[24.05] treewide: remove jonringer as package maintainer and code owner
2024-07-06 02:35:55 +02:00
Paul Meyer
c908aa4ffd
treewide: remove jonringer as package maintainer
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
(cherry picked from commit fbe8538aa1)
2024-07-05 15:52:33 -04:00
OPNA2608
6a83f618e0 tests/lomiri: Fix OCR detection
(cherry picked from commit ad6c2fc76f)
2024-07-05 07:09:24 +00:00
Yaya
f2a40608e6 nixos/gitlab: Add missing state folder 2024-07-05 01:56:06 +02:00
Yaya
6dd53e2532 nixos/gitlab: Assert PostgreSQL >= 14.9
Support for PostgreSQL 13 has been removed in GitLab 17.0. [1]
Module users should upgrade their database installation to
PostgreSQL >= 14.9.

[1]: https://docs.gitlab.com/ee/update/deprecations.html#postgresql-13-no-longer-supported
2024-07-05 01:56:06 +02:00
melvyn
781498fe98 nixos/networkd: add new Network section options
Adds IPv4LLStartAddress, IPv4ReversePathFilter, IPv4ReversePathFilter, IPv4RouteLocalnet, and IPv4RouteLocalnet

(cherry picked from commit d4f459fa89)
2024-07-04 19:09:00 +00:00
Gary Guo
219ce470c4 nixos/networkd: allow KeepCarrier in tunConfig and tapConfig
This is added in systemd.netdev in 252, see
https://www.freedesktop.org/software/systemd/man/latest/systemd.netdev.html#KeepCarrier=

(cherry picked from commit 39ae2babce)
2024-07-04 16:36:05 +00:00
piegames
ce05c27abc
Revert "[Backport release 24.05] nixos/snapper: add snapper opts" 2024-07-02 10:13:13 +02:00
Francesco Gazzetta
bff4a7e9d0 nixos/smartd: add systembus-notify notifications
(cherry picked from commit 20a73ab51d)
2024-06-30 20:00:46 +00:00
OPNA2608
b05cbc841f tests/lomiri: Don't need to keep Morph in the background anymore, content-hub can launch it now
(cherry picked from commit af779007e7)
2024-06-30 04:05:46 +00:00
Nico Felbinger
41ef0e02f0
nixos/peering-manager: add oidc support
Co-authored-by: Jenny <me@netali.de>
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
(cherry picked from commit c4d2c90da0)
2024-06-29 21:20:51 +02:00
Weijia Wang
7de667dc8a nixos/limesurvey: drop default encryption key and nonce
Co-authored-by: Thomas Gerbet <thomas@gerbet.me>
(cherry picked from commit daa81ecb2e)
2024-06-28 21:44:05 +00:00
Robert Hensing
8a59ac52a8
Merge pull request #323008 from fricklerhandwerk/backport-322886-to-release-24.05
Backport 322886 to release 24.05
2024-06-28 14:28:16 +02:00
Jörg Thalheim
71e51a064f
Merge pull request #322178 from NixOS/backport-319238-to-release-24.05
[Backport release-24.05] make-disk-image: fix build for systems that use boot.loader.grub.devices
2024-06-28 07:44:35 +02:00
Valentin Gagarin
c03d3ce3c7 nixVersions: bump patch releases
(cherry picked from commit 144ac0d7fc)
2024-06-27 22:22:12 +02:00
Artturin
58bc9dd509
Merge pull request #321713 from alois31/nix-2.18.3-24.05
nixVersions.nix_2_18: 2.18.2 -> 2.18.3
2024-06-27 21:06:16 +03:00
Alexandre Badez
08f4b8c3fc nixos/snapper: add timeline limit options
(cherry picked from commit a1ded8273d)
2024-06-26 14:09:57 +02:00
Artturin
cbce6cb470 nixos/polkit: Add package option
Overlaying polkit results in a lot of rebuilds thus it makes sense to
add a package option.

Assists in using the patch needed to fix https://www.github.com/NixOS/nixpkgs/issues/18012

(cherry picked from commit b61e0ff19b)
2024-06-26 09:43:05 +00:00
Yaya
ec89585696
[24.05] nixos/gitlab-runner: Add support for runner authentication tokens (#322440)
* nixos/gitlab-runner: Remove global with lib;

(cherry picked from commit 92a26526b9)

* nixos/gitlab-runner: Add support runner authentication tokens

Support for *runner registration tokens* is deprecated since GitLab
16.0, has been disabled by default in GitLab 17.0 and will be removed in
GitLab 18.0, as outlined in the [GitLab documentation].

It is possible to [re-enable support for runner registration tokens]
until GitLab 18.0, to prevent the registration workflow from
breaking.

*Runner authentication tokens*, the replacement for registration tokens,
have been available since GitLab 16.0 and are expected to be defined in
the `CI_SERVER_TOKEN` environment variable, instead of the previous
`REGISTRATION_TOKEN` variable.

This commit adds a new option
`services.gitlab-runner.services.<name>.authenticationTokenConfigFile`.
Defining such option next to
`services.gitlab-runner.services.<name>.registrationConfigFile` brings
the following benefits:
- A warning message can be emitted to notify module users about the
  upcoming breaking change with GitLab 17.0, where *runner registration
  tokens* will be disabled by default, potentially disrupting
  operations.
- Some configuration options are no longer supported with *runner
  authentication tokens* since they will be defined when creating a new
  token in the GitLab UI instead. New warning messages can be emitted to
  notify users to remove the affected options from their configuration.
- Once support for *registration tokens* has been removed in GitLab 18,
  we can remove
  `services.gitlab-runner.services.<name>.registrationConfigFile` as
  well and make module users configure an *authentication token*
  instead.

This commit changes the option type of
`services.gitlab-runner.services.<name>.registrationConfigFile` to
`with lib.types; nullOr str` to allow configuring an authentication
token in
`services.gitlab-runner.services.<name>.authenticationTokenConfigFile`
instead.

A new assertion will make sure that
`services.gitlab-runner.services.<name>.registrationConfigFile` and
`services.gitlab-runner.services.<name>.authenticationTokenConfigFile`
are mutually exclusive. Setting both at the same time would not make
much sense in this case.

[GitLab documentation]: https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#estimated-time-frame-for-planned-changes
[re-enable support for runner registration tokens]: https://docs.gitlab.com/17.0/ee/ci/runners/new_creation_workflow.html#prevent-your-runner-registration-workflow-from-breaking

(cherry picked from commit 6f211d899d)
2024-06-26 11:29:14 +02:00
Will Fancher
3507ab88c4
Merge pull request #322230 from NixOS/backport-319359-to-release-24.05
[Backport release-24.05] nixos/clevis: add support for parent encrypted zfs datasets
2024-06-25 23:53:20 -04:00
Azat Bahawi
77a2b67c04
Merge pull request #321794 from NixOS/backport-314579-to-release-24.05
[Backport release-24.05] nixos/etc: support direct symlinks with etc overlay
2024-06-25 14:48:56 +03:00
misuzu
3dc81ab161 nixos/clevis: add support for parent encrypted zfs datasets
(cherry picked from commit 4df3c4c17b)
2024-06-24 18:48:25 +00:00
Jörg Thalheim
c902526b89 make-disk-image: fix build for systems that use boot.loader.grub.devices
config.boot.loader.grub.device is just an alias that gets assigned to config.boot.loader.grub.devices.
If config.boot.loader.grub.device is set to null, it will fail with the following error
as described in https://github.com/nix-community/nixos-generators/issues/339

(cherry picked from commit d0126c0508)
2024-06-24 13:40:51 +00:00
K900
2c1ba84cf1 nixos/plasma6: allow null password for screen lock
This was fixed and we missed it, I think?

(cherry picked from commit cc5ee2d621)
2024-06-23 14:53:18 +00:00
ivan770
aa91e7f0b5 nixos/etc: support direct symlinks with etc overlay
(cherry picked from commit 1b288bca00)
2024-06-22 16:42:37 +00:00
Alois Wohlschlager
ffc864e163
nixVersions.nix_2_18: 2.18.2 -> 2.18.3
Diff: https://github.com/NixOS/nix/compare/2.18.2...2.18.3
2024-06-22 11:00:18 +02:00
Marcus Ramberg
1079d9fdfb
Merge pull request #321344 from NixOS/backport-321097-to-release-24.05
[Backport release-24.05] firefly-iii: 6.1.17 -> 6.1.18
2024-06-21 18:44:31 +02:00
Weijia Wang
756554c5c1 doc/release-notes: fix mention of ankisyncd
(cherry picked from commit 9835090379)
2024-06-21 08:17:22 +00:00
Patrick
5028226c9c nixos/firefly-iii: enhance provisioning service
(cherry picked from commit 6154279455)
2024-06-20 21:04:13 +00:00
John Titor
e3f4e7aaf2
docs/release-notes: 24.05: add amdgpu module
(cherry picked from commit c508cc5bed)
2024-06-20 17:40:51 +05:30
John Titor
606aeb617a
nixos/amdgpu: init module
(cherry picked from commit 6a0b6a6b74)
2024-06-20 17:40:50 +05:30
stuebinm
0a3a4f2724 nixos/nextcloud: remove warning referencing 24.11 from 24.05
The warning for nextcloud 29 does not apply here: It warns against
having a nextcloud install older than nixos 24.11 on installations
which are older than 24.11, which is superfluous.
2024-06-19 20:35:26 +02:00
Jonas Heinrich
7c6f84533a
Merge pull request #320757 from NixOS/backport-320593-to-release-24.05
[Backport release-24.05] nixos/invoiceplane: Ensure patching index.php
2024-06-18 14:31:19 +02:00
Sandro
cc60881398
Merge pull request #320640 from NixOS/backport-318348-to-release-24.05
[Backport release-24.05] nixos/no-x-libs: fix gjs
2024-06-18 13:33:43 +02:00
Jonas Heinrich
455da51371 nixos/invoiceplane: Ensure patching index.php
(cherry picked from commit 2a8ccf6144)
2024-06-18 11:33:37 +00:00
github-actions[bot]
03938a7a09
nixos/oauth2-proxy: prevent redirect loop when running on single domain (#320729)
(cherry picked from commit b32992089f)

Co-authored-by: Enno Richter <enno@nerdworks.de>
2024-06-18 12:31:21 +02:00
Sandro Jäckel
34b5204d7e nixos/no-x-libs: fix gjs
Due to the switch to finalAttrs, we now need to properly disable installTests.

(cherry picked from commit 131ef6d2ed)
2024-06-17 23:44:04 +00:00
Sandro
818bf0b707
Merge pull request #320412 from NixOS/backport-320325-to-release-24.05
[Backport release-24.05] nixos/oauth2-proxy: restart service when keyFile option changes
2024-06-17 14:08:31 +02:00
Jörg Thalheim
df5dfa6525
Merge pull request #318794 from NixOS/backport-314422-to-release-24.05
[Backport release-24.05] nixos/journalwatch: add package option
2024-06-17 12:45:17 +02:00
Sandro Jäckel
71004159f4 nixos/oauth2-proxy: restart service when keyFile option changes
(cherry picked from commit 0b30b27e1b)
2024-06-17 02:23:46 +00:00
Savyasachee Jha
a92f94c551 nixos/tests/firefly-iii: Use postgres 16
(cherry picked from commit b9e13e3528)
2024-06-15 17:09:06 +00:00
Felix Buehler
204a119210 nixos/freshrss: fix reload when config changes
(cherry picked from commit edcdf6ad3b)
2024-06-13 18:44:37 +00:00
Masum Reza
4cc1d31d77 nixos/amdvlk: init module
Backport of #318175
2024-06-13 14:00:12 +02:00
Sandro Jäckel
f961fbcfb6 nixos/locate: drop with lib{,.types}, misc cleanup
(cherry picked from commit 8e66b653e8)
2024-06-11 13:48:30 +00:00
Sandro Jäckel
51d9d476d9 nixos/locate: only set LOCATE_PATH for findutils locate
For plocate/mlocate it causes the results to be printed twice.

(cherry picked from commit dec5ef74b0)
2024-06-11 13:48:30 +00:00
éclairevoyant
0024e5487a nixos/journalwatch: add package option
(cherry picked from commit 04548e7e1f)
2024-06-10 13:26:41 +00:00
lucasew
b6079d99ac nixos/loki: add network.target to after
Signed-off-by: lucasew <lucas59356@gmail.com>
(cherry picked from commit 4c621ef886)
2024-06-10 11:47:46 +00:00
Francesco Gazzetta
a0c1afd5d8 nixosTests.ladybird: use programs.ladybird option
(cherry picked from commit 21aa5ae374)
2024-06-10 09:46:17 +00:00
OPNA2608
34b6455ddb lomiri.lomiri: Try to consider services.xserver.xkb.layout
Propagate the configuration setting through an envvar, check the envvar in the compositor.
Needed because querying AccountsSettings for this information fails, due to Ubuntu-only
"InputSources" interface. So you're stuck on US layout without this hack.

(cherry picked from commit 2735184f6d)
2024-06-07 17:50:00 +00:00
Keith Pine
968425a092 nixos/inadyn: fix cache directory path
The CacheDirectory subdirectory is already part of $CACHE_DIRECTORY.

(cherry picked from commit 5776f733cd)
2024-06-07 19:05:04 +02:00
OPNA2608
225cdd883a nixos/lomiri: Add file manager
(cherry picked from commit 6477cb49a5)
2024-06-07 12:34:06 +00:00
OPNA2608
e0fc7d81b4 tests/lomiri-filemanager-app: init
(cherry picked from commit 4a495ec755)
2024-06-07 12:34:06 +00:00
a-kenji
4df6487be3 nixos/virtualbox-host: fix typo in assertion
(cherry picked from commit 406e613b95)
2024-06-05 14:11:42 +00:00
OPNA2608
6bbffa915f nixos/tests/lomiri: Fix sound indicator subtest name
It's an ayatana one, not a lomiri one.

(cherry picked from commit 01152519d6)
2024-06-05 10:53:49 +00:00
OPNA2608
b6b72f20ab nixos/lomiri: Add display indicator
(cherry picked from commit d29e469f2a)
2024-06-05 10:53:49 +00:00
OPNA2608
fed04ebeb3 ayatana-indicator-display: init at 24.5.0
(cherry picked from commit d4a5183180)
2024-06-05 10:53:48 +00:00
Sandro
8202acc7e9
Merge pull request #316740 from NixOS/backport-316581-to-release-24.05 2024-06-05 12:17:41 +02:00
Sandro
2de8b4fa26
Merge pull request #316874 from NixOS/backport-316732-to-release-24.05 2024-06-05 12:17:25 +02:00
Sandro
e82edf7dad
Merge pull request #314978 from NixOS/backport-240989-to-release-24.05 2024-06-05 12:10:45 +02:00
Sandro
a802a5dfdd
Merge pull request #315067 from NixOS/backport-314428-to-release-24.05 2024-06-05 12:09:59 +02:00
Sandro
cd4cc97104
Merge pull request #314047 from NixOS/backport-305127-to-release-24.05 2024-06-05 12:08:25 +02:00
Sandro
3acf28fdf7
Merge pull request #316696 from NixOS/backport-312261-to-release-24.05 2024-06-05 11:22:00 +02:00
Arian van Putten
25ad2c8206
Merge pull request #317296 from NixOS/backport-317257-to-release-24.05
[Backport release-24.05] nixos/acme: allow setting security.acme.defaults.server = null to keep old accounts directory
2024-06-05 08:36:29 +02:00
Jeremy Baxter
05a3d70d1d nixos/oink: init module
(cherry picked from commit 20fc095a1c)
2024-06-05 04:17:47 +00:00
Sandro
867492ed4f
Merge pull request #316970 from NixOS/backport-316879-to-release-24.05 2024-06-05 01:20:35 +02:00
Arian van Putten
85ae069139 doc/release-notes: Add note about backwards compatibility in ACME module
Co-authored-by: Stéphan Kochen <git@stephank.nl>
(cherry picked from commit f8439331dc)
2024-06-04 20:38:55 +00:00
Stéphan Kochen
608eaf4303 nixos/acme: allow setting security.acme.defaults.server = null to keep old accounts directory
The accounts directory is based on the hash of the settings.

https://github.com/NixOS/nixpkgs/pull/270221 changed the  default of
security.acme.defaults.server from null to the default letsencrypt URL
however as an unwanted side effect this means the accounts directory
changes and the ACME module will create a new a new account.

This can cause issues with people using CAA records that pin the
account ID or people who have datacenter-scale NixOS deployments

We allow setting this option to null again for people who want
to keep the old account and migrate at their own leisure.

Fixes https://github.com/NixOS/nixpkgs/issues/316608

Co-authored-by: Arian van Putten <arian.vanputten@gmail.com>
(cherry picked from commit d1f07e6382)
2024-06-04 20:38:55 +00:00
Sandro
d9e937d2bd doc/release-notes: repalce security.pam.enableSSHAgentAuth with security.pam.sshAgentAuth.enable
(cherry picked from commit 617a79dd10)
2024-06-04 20:37:53 +00:00
Adam C. Stephens
c1f09f78eb
Merge pull request #317092 from NixOS/backport-316162-to-release-24.05
[Backport release-24.05] lxd-virtual-machine-image: install initial configuration read-write
2024-06-04 08:36:21 -04:00
Florian Klink
6d0168bbd0
Merge pull request #316838 from NixOS/backport-316836-to-release-24.05
[Backport release-24.05] nixos/garage: fix replication 1.0 assertion
2024-06-04 11:22:21 +02:00
fuggy
794c16a433 nixos/xdg/portal: Fix typo
There was a typo that misspelled /etc/ as /etx/

(cherry picked from commit ef5ff2a075)
2024-06-04 05:27:39 +00:00
Adam Stephens
017fbd720a lxd-virtual-machine-image: install initial configuration read-write
(cherry picked from commit dfd0d14efc)
2024-06-04 04:16:35 +00:00
tcmal
1bfad3e169 nixos/akkoma: dont disable protectsystem in confinement mode
this works fine since #289593

(cherry picked from commit 7952d92b82)
2024-06-04 01:14:04 +02:00
tcmal
465548938a nixos/akkoma: deal with $RUNTIME_DIRECTORY containing multiple entries
this fixes issues with confined module tests.

see https://github.com/NixOS/nixpkgs/pull/313794#issuecomment-2126909110

(cherry picked from commit a247fc94b4)
2024-06-04 01:14:04 +02:00
Nick Cao
d7dc410014
Merge pull request #316707 from NixOS/backport-316648-to-release-24.05
[Backport release-24.05] nixos/invidious-router: remove redundant "Enables" in description
2024-06-03 13:59:16 -04:00
Sandro Jäckel
ab559c1b6d treewide: fix all obviously wrong mkEnableOptions
(cherry picked from commit 41452802cb)
2024-06-03 17:03:38 +00:00
Michele Guerini Rocco
92706b2141
Merge pull request #316911 from NixOS/backport-312317-to-release-24.05
[Backport release-24.05] nixos/network-interfaces: prevent failure when a network address already exists
2024-06-03 17:58:46 +02:00
Tomáš Kuča
f1dc0b175f nixos/network-interfaces: prevent failure when a network address already exists
The original code tests output of `ip addr add` command to detect if an
adress already exists. The error message was changed in the past and the
test no longer works.

The patch replaces `ip addr add` with `ip addr replace`. The new command
replaces an existing address or creates a new one if there isn't any.

fixes 306841

(cherry picked from commit 71ce6b582b)
2024-06-03 13:30:36 +00:00
Sandro Jäckel
bb4139e922 nixos/tailscale-auth: fix enable option description
(cherry picked from commit f643e4fa5b)
2024-06-03 10:49:58 +00:00
Sarah Brofeldt
abb032d2a9 nixos/garage: fix replication 1.0 assertion
Use the `cfg.package.version` (string) instead of the entire package so
users don't see  `error: value is a set while a string was expected`
instead of the intended assertion message.

(cherry picked from commit f7393d13fe)
2024-06-03 08:14:27 +00:00
Benno Bielmeier
ea7a8812fe nixos/gollum: fix systemd tempfile permission
When services.gollum.{user,group} was specified a value other than its
default (i.e. "gollum"), the build failed due to referencing a
non-existing user.

(cherry picked from commit b5c7987b52)
2024-06-03 05:48:03 +00:00
Eric Wolf
f19c43fc92
nixos/nextcloud-notify_push: use Type=notify
This prevents the post start script from running
before necessary sockets have been created.

It also prevents an unused shell from being kept around
by using `exec` to make `notify_push` the main process.
2024-06-02 23:26:00 +02:00