Commit Graph

22497 Commits

Author SHA1 Message Date
Elis Hirwing
699ea65439
Merge pull request #131118 from etu/sanoid-syncoid-improvements
nixos/{syncoid,sanoid}: Improve ZFS permission delegation
2021-07-26 11:40:51 +02:00
Elis Hirwing
764e4acee1
nixos/tests/sanoid: Improve tests by checking that no permissions are left behind 2021-07-26 11:05:52 +02:00
Elis Hirwing
bd263441e2
nixos/rl-notes/21.11: Add note about remaining syncoid permissions 2021-07-26 11:05:48 +02:00
Elis Hirwing
a9d29a1d0d
nixos/syncoid: Drop ~[at]sync from the systemcallfilter to avoid coredumps 2021-07-26 11:05:45 +02:00
Elis Hirwing
ea9d5876a0
nixos/sanoid: Reformat file with nixpkgs-fmt 2021-07-26 11:05:37 +02:00
Elis Hirwing
fa58d89b24
nixos/syncoid: Reformat file with nixpkgs-fmt 2021-07-26 11:04:28 +02:00
Elis Hirwing
b9f98165ab
nixos/sanoid: Use a function to build allow/unallow commands 2021-07-26 11:03:35 +02:00
Elis Hirwing
ecd32b8104
nixos/syncoid: Build unallow commands as a post job to drop permissions 2021-07-26 11:02:13 +02:00
Michael Weiss
4ec2b24603
nixos/tests/chromium: Drop the workaround for Chrome GPU crashes
This regression was fixed by 51d83077ff.
2021-07-25 12:39:45 +02:00
Michael Weiss
7b3c054514
nixos/tests/chromium: Check the version and that it's an official build
This also prints and screenshots the output of chrome://version which
contains useful information.

Outputs (stable, beta, ungoogled, chrome-stable, chrome-beta, chrome-dev):
Chromium	92.0.4515.107 (Official Build) (64-bit)
Chromium        92.0.4515.107 (Official Build) (64-bit)
Chromium        91.0.4472.164 (Official Build, ungoogled-chromium) (64-bit)
Google Chrome   92.0.4515.107 (Official Build) (64-bit)
Google Chrome   92.0.4515.107 (Official Build) beta (64-bit)
Google Chrome   93.0.4577.8 (Official Build) dev (64-bit)
2021-07-25 12:35:21 +02:00
Luke Granger-Brown
a0b7bd69ac
Merge pull request #124431 from hyperfekt/systemd-pstore
nixos/filesystems: mount-pstore.service improvements
2021-07-25 10:33:39 +01:00
Elis Hirwing
bb35e7c404
nixos/sanoid: Extract datasets rather than pools
When making new snapshots we only need to delegate permissions to the
specific dataset rather than the entire pool.
2021-07-25 10:13:17 +02:00
Elis Hirwing
70862830f0
nixos/syncoid: Extract datasets rather than pools
When sending or receiving datasets with the old implementation it
wouldn't matter which dataset we were sending or receiving, we would
always delegate permissions to the entire pool.
2021-07-25 10:12:32 +02:00
Aaron Andersen
8813af6821
Merge pull request #128724 from fortuneteller2k/nixos/iwd
nixos/iwd: add settings option
2021-07-24 23:06:42 -04:00
Elis Hirwing
6984e68c51
Merge pull request #98455 from ju1m/syncoid-split
nixos/syncoid: split in multiple systemd services and harden them
2021-07-24 22:08:42 +02:00
Yuka
7d24d06c71
nixos/postgresql: use postgres 13 for 21.11 (#131018)
Co-authored-by: Kim Lindberger <kim.lindberger@gmail.com>
2021-07-24 19:12:08 +02:00
Julien Moutinho
d05a1ab1e4 nixos/syncoid: split in multiple systemd services 2021-07-24 11:26:28 +02:00
Bernardo Meurer
f7e77f65ee
Merge pull request #131173 from zhaofengli/klipper-cfg-list
nixos/klipper: Allow lists as values for gcode_macro
2021-07-23 08:57:12 -07:00
Sandro
42c7bd28e3
Merge pull request #131215 from Ma27/bump-grocy
grocy: 3.0.1 -> 3.1.0
2021-07-23 17:53:35 +02:00
fortuneteller2k
6ea6734f71 nixos/iwd: add settings option 2021-07-23 23:06:15 +08:00
Benjamin Asbach
9fd41a9a5b
tuxguitar: 125945 (#131028)
* tuxguitar: Ensure that tuxguitar is launched with java 8 comtabilbe jre and libraries as greate java version is not supported

* tuxguitar: Added test to verify application starts without problems

* tuxguitar: 1.5.2 -> 1.5.4
2021-07-23 10:02:20 -04:00
Maximilian Bosch
ccd348f846
Merge pull request #129732 from nivadis/patch-2
nextcloud: remove expires header
2021-07-23 12:29:52 +02:00
Jörg Thalheim
e2561ba61f
Merge pull request #129408 from kurnevsky/swap-luks-discards
nixos/swap: allow luks discards if swap discards are enabled
2021-07-23 11:11:04 +01:00
Maximilian Bosch
07b51f58df
grocy: 3.0.1 -> 3.1.0
ChangeLog: https://github.com/grocy/grocy/releases/tag/v3.1.0
2021-07-23 11:45:31 +02:00
Michael Weiss
70d1af74df
Merge pull request #131190 from primeos/nixos-tests-chromium
chromium: Check the text rendering
2021-07-23 10:59:28 +02:00
Robert Hensing
98352288bd
Merge pull request #128032 from Artturin/add-swap-options
nixos/swap: add options option
2021-07-23 10:45:53 +02:00
Michael Weiss
11400dcd65
chromium: Check the text rendering
This should catch regressions like #131074 in the future. In that case a
glibc update caused a regression that caused most of the text to become
invisible (just not the "Web Store" we've already been checking for).
2021-07-23 10:15:25 +02:00
Zhaofeng Li
34d2b83291 nixos/klipper: Allow lists as values for gcode_macro 2021-07-22 22:01:44 -07:00
Samuel Dionne-Riel
3af210329f
Merge pull request #131151 from tomfitzhenry/patch-1
nixos/iio: mention iio-sensor-proxy in option description
2021-07-23 00:27:37 -04:00
Tom
5409235160 nixos/iio: mention iio-sensor-proxy in option description
In https://github.com/NixOS/nixpkgs/pull/131094 I mistakenly created a new NixOS module for iio-sensor-proxy because I did not know about `hardware.sensor.iio`.

To help people find `hardware.sensor.iio`, include the string "iio-sensor-proxy" in the description.

To search for an iio-sensor-proxy module, I tried in vain:
* `find -iname '*iio-sensor-proxy*'`
* https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&query=iio-sensor-proxy
    * This PR will ensure this search query finds `hardware.sensor.iio`
2021-07-23 11:10:30 +10:00
Florian Klink
013e089000
Merge pull request #130503 from flokli/nss-fix-ordering
nixos/systemd: fix NSS database ordering
2021-07-23 02:28:32 +02:00
Martin Weinelt
b09661d41f
Merge pull request #129644 from NixOS/home-assistant 2021-07-23 01:16:55 +02:00
Martin Weinelt
a284c01d2a nixos/home-assistant: allow serial access for the zwave component 2021-07-23 00:27:16 +02:00
Martin Weinelt
70774da509
Merge pull request #130853 from mweinelt/pppd 2021-07-22 20:00:00 +02:00
Sandro
ead8cf4fc9
Merge pull request #128841 from Artturin/udevil 2021-07-22 15:55:21 +02:00
Maximilian Bosch
15dab3835f
Merge pull request #128649 from nrdxp/fix-unstable-nix-zsh-completions
zsh: fix nixUnstable completions
2021-07-22 14:58:20 +02:00
Maximilian Bosch
65d60ae78b
Merge pull request #130062 from nh2/plausible-fix-shell-scripting-errors
nixos/plausible: Fix shell scripting errors, runtime fixes
2021-07-22 00:27:56 +02:00
Timothy DeHerrera
6dbf8c0409
zsh: include completions for nix-* commands 2021-07-21 15:55:25 -06:00
Timothy DeHerrera
9ad645dce8
zsh: format module with nixpkgs-fmt 2021-07-21 15:55:25 -06:00
Timothy DeHerrera
d687fe88fd
zsh: remove conflicting nixUnstable completions 2021-07-21 15:55:22 -06:00
Pavol Rusnak
f4860dc785
Merge pull request #130945 from mdlayher/mdl-corerad-docs
nixos/corerad: update link to reference configuration file
2021-07-21 23:12:47 +02:00
Andreas Rammhold
ef9be9288b
Merge pull request #124799 from rissson/nixos-unbound-fix-124780
nixos/unbound: fix define-tag option
2021-07-21 22:08:44 +02:00
Martin Weinelt
ee26807e35
nixos/pppd: allow AF_NETLINK
The pppd daemon starting with version 2.4.9 uses rtnetlink to configure
the ipv6 peer address on the ppp interface. It therefore requires
allowing AF_NETLINK sockets.
2021-07-21 16:38:51 +02:00
Matt Layher
5c17e35a31
nixos/corerad: update link to reference configuration file
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2021-07-21 10:35:48 -04:00
Ben Siraphob
1308c47b1f
Merge pull request #130864 from pstn/mingw-64
mingw-64: 6.0.0 -> 9.0.0
2021-07-21 21:22:34 +07:00
Martin Weinelt
8abcc6ba09
nixos/pppd: replace CAP_SYS_ADMIN with CAP_BPF
The kernel before version 5.7 required CAP_SYS_ADMIN to conduct BPF
operations. After that a separate capability CAP_BPF was created, which
should be sufficient in this scenario and will further tighten the
sandbox around our pppd service.

Tested on my personal DSL line.
2021-07-21 15:20:47 +02:00
Michael Weiss
12e7ee0f31
Merge pull request #130877 from primeos/chromium
chromium: 91.0.4472.164 -> 92.0.4515.107
2021-07-21 11:38:02 +02:00
Michael Weiss
97570d30c7
chromium: 91.0.4472.164 -> 92.0.4515.107
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html

This update includes 35 security fixes.

CVEs:
CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568
CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573
CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577
CVE-2021-30578 CVE-2021-30579 CVE-2021-30580 CVE-2021-30581
CVE-2021-30582 CVE-2021-30583 CVE-2021-30584 CVE-2021-30585
CVE-2021-30586 CVE-2021-30587 CVE-2021-30588 CVE-2021-30589

Note: This won't be the smoothest update. Chromium seems to be fine but
requires gtk3 in $LD_LIBRARY_PATH to find libgtk-3.so.0 (otherwise it
crashes during startup) but Google Chrome fails to initialize
("GPU process exited unexpectedly: exit_code=132") and requires
"--use-gl=angle --use-angle=swiftshader" for hardware(?) acceleration
(which seems to work work fine and performant but SwiftShader should
actually use the CPU instead of the GPU).
2021-07-21 11:20:38 +02:00
Ryan Mulligan
b8d3210113
Merge pull request #130852 from seqizz/g_clipcat
nixos/clipcat: add user service module
2021-07-20 18:56:21 -07:00
Philipp
c60a0b0447
mingw-64: 6.0.0 -> 9.0.0 2021-07-20 22:34:50 +02:00