Commit Graph

38937 Commits

Author SHA1 Message Date
Felix Bühler
5dac2ab264
Merge pull request #286577 from Pablo1107/photoprism-module/fix-manage-script-typo
nixos/photoprism: fix typo with duplicated exec call
2024-02-06 19:09:53 +01:00
github-actions[bot]
33b366b63f
Merge master into staging-next 2024-02-06 18:01:02 +00:00
Sandro
ed742ab4fc
Merge pull request #275621 from Yarny0/tsm-client-update
tsm-client: 8.1.20.0 -> 8.1.21.0
2024-02-06 17:17:40 +01:00
Florian Klink
7c0a129076
Merge pull request #256652 from giorgiga/rateLimitBurst-documentation
Clarify journal size limit defaults in documentaiton of services.journald.rateLimitBurst
2024-02-06 13:26:35 +01:00
github-actions[bot]
952bd69944
Merge master into staging-next 2024-02-06 06:00:54 +00:00
Sandro
4494fcaab7
nixos/acme: default to lets encrypt production URL instead of null, mention lets encrypt staging URI (#270221) 2024-02-06 01:51:09 +01:00
github-actions[bot]
8e7913be95
Merge master into staging-next 2024-02-06 00:02:21 +00:00
Pablo Andres Dealbera
14a1f86791 nixos/photoprism: fix typo 2024-02-05 19:34:43 -03:00
nu-nu-ko
ccf92aad9b nixos/jellyfin: add directory options 2024-02-06 11:07:33 +13:00
Robert Hensing
274ae6a454
Merge pull request #284117 from Stunkymonkey/amqp-write-secret
nixos/rabbitmq: prefer 'install' over 'mkdir/chmod/chown'
2024-02-05 19:29:19 +01:00
github-actions[bot]
2579984b85
Merge master into staging-next 2024-02-05 18:01:13 +00:00
Peder Bergebakken Sundt
a8880f1647 nixos/ttyd: add entrypoint option 2024-02-05 17:38:00 +01:00
Leona Maroni
2b7e1ddb4a
nixos/youtrack: fix warnings (#285775)
* nixos/youtrack: fix extraParams warning

* nixos/youtrack: use new option for port in nginx config
2024-02-05 17:17:45 +01:00
Sandro
1b06c0f273
Merge pull request #286341 from Izorkin/update-fastfetch 2024-02-05 17:08:45 +01:00
Sandro
a53f27e149
Merge pull request #278050 from purcell/sonarr-4 2024-02-05 16:35:41 +01:00
Franz Pletz
fadde8db1f
Merge pull request #286324 from Izorkin/update-libvirt-oom
nixos/libvirt: changing process priority for oom killer
2024-02-05 15:47:25 +01:00
Steve Purcell
a907d05c50 sonarr: 3.0.10.1567 -> 4.0.0.748 2024-02-05 14:38:12 +00:00
Mario Rodas
5ee614b31c
Merge pull request #278034 from trofi/nixosTests.kernel-generic-fix-eval
nixosTests.kernel-generic: fix the eval
2024-02-05 08:15:20 -05:00
Adam C. Stephens
af25a022c6
Merge pull request #285858 from adamcstephens/incus/refactor
incus: fix lxd-to-incus, add static client, support multi-version
2024-02-05 07:50:18 -05:00
github-actions[bot]
5f4d3d57a7
Merge master into staging-next 2024-02-05 12:01:16 +00:00
Cosima Neidahl
62046f5787
Merge pull request #283543 from OPNA2608/init/lomiri/ayatana-indicator-session
ayatana-indicator-session: init at 23.10.3
2024-02-05 12:26:10 +01:00
Robert Schütz
1dd5f2b1f9 nixos/nginx: turn auth_request off for ACME challenge
This is e.g. necessary when using tailscale-nginx-auth.
2024-02-05 00:33:33 -08:00
github-actions[bot]
0f22335f7d
Merge master into staging-next 2024-02-05 06:01:04 +00:00
jerrita
e686847d20
nixos/nftables: add option for flattening rulesetFile
Co-authored-by: Lin Jian <me@linj.tech>
2024-02-05 11:27:16 +08:00
360ied
11cf6ab0dd nixos/murmur: systemd service hardening
Murmur provides an official systemd service file in their repo,
which contains various service hardening settings:

c4b5858d14/auxiliary_files/config_files/mumble-server.service.in (L7)

The service configuration in nixpkgs does not include these hardening settings.

This commit adds the hardening settings to the murmur service in nixpkgs.
This drops the `systemd-analyze security` score of murmur.service from 9.2 (UNSAFE) to 2.1 (OK).
2024-02-04 21:23:34 -05:00
Weijia Wang
1f4b41071c
Merge pull request #286343 from fgaz/urn-timer/nixos-test
nixosTests.urn-timer: init
2024-02-05 01:57:20 +01:00
Sandro Jäckel
c64c45da9c
nixos/nextcloud: don't execute cron when in maintenace/upgrade, don't kill cgroup
Those are upstream recommendations taken from
22d2472b8f/admin_manual/configuration_server/background_jobs_configuration.rst (systemd)
2024-02-05 01:29:13 +01:00
Sandro Jäckel
42daa00928
nixos/nextcloud: little formatting 2024-02-05 01:29:13 +01:00
LRFLEW
8b0d333f54
nixos/archisteamfarm: allow bots.*.passwordFile to be null (#284978)
* Make services.archisteamfarm.bots.*.passwordFile Nullable

This adds support for alternate password specification methods, such as through the web-ui.

* Update description for services.archisteamfarm.bots.*.passwordFile

Adds note about omitting or setting to null to provide the password through the web-ui.
2024-02-05 01:18:23 +01:00
github-actions[bot]
42e44c0583
Merge master into staging-next 2024-02-05 00:02:17 +00:00
oddlama
b7f29692c0
nixos/hostapd: fix utf8Ssid setting not properly honored 2024-02-05 00:52:08 +01:00
Weijia Wang
7ece427021
Merge pull request #279268 from superherointj/etcd-fix-firewall-startup
nixos/etcd: fixes etcd failing to start at boot and add openFirewall option
2024-02-05 00:37:09 +01:00
Weijia Wang
295de1fecf
Merge pull request #279997 from ShamrockLee/optparse-bash-drop
optparse-bash: drop
2024-02-05 00:35:01 +01:00
Weijia Wang
e2fb30fabc
Merge pull request #239785 from milibopp/neo4j-5.9.0
neo4j: 4.4.11 -> 5.9.0
2024-02-05 00:21:21 +01:00
Izorkin
15dfbbd4c3
fastfetch: add vulkanSupport option 2024-02-05 01:32:05 +03:00
Izorkin
69206539d4
fastfetch: add waylandSupport option 2024-02-05 01:32:04 +03:00
Izorkin
556b8c7b6f
fastfetch: add x11Support option 2024-02-05 01:32:03 +03:00
Robert Hensing
6761394083 nixos/rabbitmq: Rename cookie -> unsafeCookie
Not a mkRenamedOptionModule, because user intervention is required
to determine whether they have a problem. mkRenamed* does not let
us explain anything to the user.
2024-02-04 21:41:29 +01:00
Francesco Gazzetta
6bc390f75b nixosTests.urn-timer: init 2024-02-04 19:59:22 +01:00
github-actions[bot]
145a9cb679
Merge master into staging-next 2024-02-04 18:01:14 +00:00
Izorkin
9ad115e5f3
nixos/libvirt: changing process priority for oom killer 2024-02-04 19:54:02 +03:00
Artturi
8f893ff1da
Merge pull request #221628 from rhysmdnz/intune
Microsoft Intune
2024-02-04 17:31:58 +02:00
OPNA2608
6bb7d0d790 ayatana-indicator-session: init at 23.10.3 2024-02-04 15:42:21 +01:00
piegames
65a2ccdd22
Merge pull request #285869 from 4JX/gnome-extensions-update
gnomeExtensions: auto-update
2024-02-04 15:28:49 +01:00
github-actions[bot]
5a036cc96a
Merge master into staging-next 2024-02-03 18:00:51 +00:00
Linus Heckemann
9f571cb4ef
Merge pull request #284508 from nikstur/etc-overlay-leading-slash
nixos/etc: remove leading slash from paths
2024-02-03 18:01:01 +01:00
linsui
b88eaf5d62 nixos/nautilus-open-any-terminal: add to module-list.nix 2024-02-03 22:27:31 +08:00
Vincent Haupert
e6854b295b nixos/github-runners: only override pkg if it has a nodeRuntimes arg
Older versions of the github-runner package might not have the
`nodeRuntimes` argument yet causing an error as the NixOS module always
tries to override the argument.

The commit makes sure we only override `nodeRuntimes` if the configured
package has a `nodeRuntimes` argument.
2024-02-03 14:33:39 +01:00
Felix Buehler
ffadbb6788 kubernetes: prefer 'install' over 'mkdir/chmod/chown' 2024-02-03 11:16:23 +01:00
github-actions[bot]
95ffc37024
Merge staging-next into staging 2024-02-03 06:01:25 +00:00
Martin Weinelt
e1ee205a99
Merge pull request #285931 from mweinelt/zigbee2mqtt-1.35.2
zigbee2mqtt: 1.35.1 -> 1.35.2
2024-02-03 03:44:36 +01:00
Martin Weinelt
dec6392bc2
nixos/tests/zigbee2mqtt: test against dummy serial device 2024-02-03 02:22:44 +01:00
Martin Weinelt
165326d2ca
zigbee2mqtt: 1.35.1 -> 1.35.2
https://github.com/Koenkk/zigbee2mqtt/releases/tag/1.35.2
2024-02-03 02:21:15 +01:00
Nick Cao
4ff6cdece8
Merge pull request #285602 from NickCao/nvmetcfg-test
nixosTests.nvmetcfg: init
2024-02-02 20:15:27 -05:00
Nick Cao
ed3e7a5208
nixosTests.nvmetcfg: init 2024-02-02 17:10:25 -05:00
4JX
59885a1059 nixosTests.gnome-extensions: system-monitor has been removed
https://github.com/NixOS/nixpkgs/pull/274140
2024-02-02 19:13:29 +01:00
Adam Stephens
5f087b3221
incus: lxd-to-incus is now part of main package
Previously upstream was packaging this separately due to the inclusion
of lxd in the go dependencies. This has been dropped and the package
has been merged into the main go.mod file.
2024-02-02 13:04:13 -05:00
github-actions[bot]
58c80dd7b8
Merge staging-next into staging 2024-02-02 18:01:50 +00:00
Adam Stephens
7585f26855
nixos/incus: add zfs/lib/udev to path
Incus needs to find zvol_id for some operations, but zfs does not put
this executable in the bin directory. Exposing lib/udev into the Incus
path solves discovery of the executable

e5690705e8/internal/server/storage/drivers/driver_zfs_volumes.go (L1820C1-L1820C41)
2024-02-02 12:36:41 -05:00
Martin Weinelt
d435c2d39f
Merge pull request #285698 from adamcstephens/lxc/test-sleep
nixos/tests/incus: check system is running for verifying up
2024-02-02 18:07:16 +01:00
Adam Stephens
cdcb919ff7
nixos/tests/incus: check system is running for verifying up
It can can take a few seconds for the generator to initialize in slow
environments. Switch to using systemctl is-system-running which should
reflect the system is fully booted.
2024-02-02 10:13:16 -05:00
Maximilian Bosch
11ef076aab
Merge pull request #285035 from Ma27/kernel-rust-matrix
nixos/tests/kernel-rust: test against 6.7 and testing (6.8rc1)
2024-02-02 15:24:05 +01:00
github-actions[bot]
0675b4b947
Merge staging-next into staging 2024-02-02 12:01:43 +00:00
h7x4
7ac5d2ce0c
Merge pull request #284154 from PassiveLemon/ALVR
alvr: init at 20.6.1
2024-02-02 11:36:08 +01:00
github-actions[bot]
3a8e4cc2aa
Merge staging-next into staging 2024-02-02 06:01:42 +00:00
Will Fancher
8c1a6046a2
Merge pull request #285411 from NickCao/networkd-stage1
nixos/networkd: drop upstreamed stage-1 unit dependencies
2024-02-01 20:35:17 -05:00
github-actions[bot]
6b866c8f85
Merge staging-next into staging 2024-02-02 00:02:44 +00:00
Rhys Davies
d102910f47
nixos/pam: Add pam_intune 2024-02-02 10:01:52 +13:00
Rhys Davies
295a32a6b1
nixos/intune: init 2024-02-02 10:00:33 +13:00
h7x4
932344b54a
Merge pull request #270475 from MinerSebas/prometheus-restic-exporter
prometheus-restic-exporter: init at 1.4.0
2024-02-01 20:05:11 +01:00
Pierre Bourdon
3484985991
Merge pull request #285587 from edef1c/wrapper-cve-2023-6246
nixos/modules/security/wrappers: limit argv0 to 512 bytes
2024-02-01 19:18:45 +01:00
edef
b4c9840652 nixos/modules/security/wrappers: limit argv0 to 512 bytes
This mitigates CVE-2023-6246, crucially without a mass-rebuild.

Change-Id: I762a0d489ade88dafd3775d54a09f555dc8c2527
2024-02-01 18:16:55 +00:00
github-actions[bot]
381e01e471
Merge staging-next into staging 2024-02-01 18:01:21 +00:00
Atemu
f38bca1ca5
Merge pull request #279677 from leona-ya/paperless-nltk
nixos/paperless: use nltk_data package as NLTK data source
2024-02-01 16:59:28 +01:00
Leona Maroni
6300f478e9
nixos/paperless: use nltk_data package as NLTK data source
nixos
2024-02-01 16:53:34 +01:00
MinerSebas
da91e4d75b nixos/tests/prometheus-exporters: add test for prometheus-restic-exporter 2024-02-01 15:00:35 +01:00
MinerSebas
d1f031cbbd nixos/prometheus-restic-exporter: init module 2024-02-01 14:48:56 +01:00
Leona Maroni
0f2df9ff19 nixos/youtrack: rebuild module for 2023.x support 2024-02-01 13:36:13 +01:00
Martin Weinelt
27fa02d0f1
Merge remote-tracking branch 'origin/staging-next' into staging
Conflicts:
-	pkgs/development/compilers/llvm/10/clang/default.nix
- pkgs/development/compilers/llvm/8/clang/default.nix
2024-02-01 12:25:11 +01:00
Markus Kowalewski
5b64cf6fc6 tests/slurm: use getDev for mpi test 2024-02-01 11:08:56 +01:00
Nick Cao
0850ee016b
nixos/networkd: drop upstreamed stage-1 unit dependencies
Reference: https://github.com/systemd/systemd/pull/27791
2024-01-31 22:52:52 -05:00
Andreas Stührk
fc6c92faf3 nixos/nftables: remove default systemd dependencies
With DefaultDependencies enabled, systemd adds "After=basic.target" to
service units. `basic.target` has a dependency on `sockets.target`, so
the `nftables` has (amongst others) the following order constraints:

* Before=network-pre.target
* After=sockets.target

Those constraints are often unsatisfiable. For example, `systemd-networkd`
has a dependency `After=network-pre.target`. When a socket unit now uses
`BindToDevice=` on a device managed by `networkd`, a timeout occurs
because `networkd` waits for `network-pre.target`, but
`network-pre.target` depends (through nftables) on `sockets.target`, but
the device to bind the socket to is never brought up, as this would
happen through `networkd`.

This is fixed by removing the implicit dependency on `basic.target`.
2024-01-31 23:26:05 +01:00
Adam Stephens
75ec325cb9
nixos/pam: remove pam_cgfs
pam_cgfs is a cgroups-v1 pam module. Verified with upstream that
this module no longer necessary on cgroups-v2 systems.
2024-01-31 17:19:23 -05:00
Felix Bühler
6c22593ad4
Merge pull request #284799 from Pablo1107/photoprism-module/fix-manage-script
nixos/photoprism: use nsenter to call photoprism bin with correct UID and PID
2024-01-31 20:52:11 +01:00
Martin Weinelt
509d6bc2ca
Merge pull request #285326 from pbsds/pretalx-1706723715
nixos/pretalx: add 24.05 "new service" release note
2024-01-31 20:04:23 +01:00
Franz Pletz
9e485b2169
Merge pull request #284326 from WilliButz/snmp-exporter-module/fix-logPrefix
nixos/prometheus-snmp-exporter: fix undefined logPrefix
2024-01-31 19:55:40 +01:00
Peder Bergebakken Sundt
15f31376b5 nixos/pretalx: add 24.05 "new service" release note 2024-01-31 18:57:53 +01:00
Jared Baur
514bfa6674
nixos/sysupdate: fix systemd-sysupdate test
The test fails when the `Target`'s parent directories don't exist. For
the purpose of this test though, we can just download it to the root
directory for simplicity.
2024-01-31 09:16:04 -08:00
Jared Baur
50866dc20f
nixos/sysupdate: allow lists in sysupdate config
Lists are convenient to have in sysupdate configuration when using
multiple `MatchPattern` under `Target` when the target can have multiple
filenames. This use-case is helpful for BootLoaderSpec bootcounting where the target file on
disk can have multiple filenames, and in order for sysupdate to properly
ensure only N number of instances of this target exist at one time, we
need to have multiple match patterns.
2024-01-31 09:12:28 -08:00
Peder Bergebakken Sundt
0d13d2a90f nixos/ttyd: remove with lib; 2024-01-31 17:58:59 +01:00
Peder Bergebakken Sundt
4c70703931 nixos/ttyd: add writable option
Co-authored-by: Carsten Rodin <19612711+carstoid@users.noreply.github.com>
2024-01-31 17:57:42 +01:00
Peder Bergebakken Sundt
19159ced3e
Merge pull request #249523 from greizgh/seafile-10
Seafile 10
2024-01-31 17:13:54 +01:00
Peder Bergebakken Sundt
d5d752af43
Merge pull request #280821 from SuperSandro2000/pretalx
pretalx: init 2023.1.3
2024-01-31 17:11:38 +01:00
Peder Bergebakken Sundt
9118823ed3
Merge pull request #226532 from SuperSandro2000/dhcpcd
dhcpcd: change files after patching; nixos/dhcpcd: link dhcpcd.conf to /etc/ to fix dhcpcd -k
2024-01-31 16:43:54 +01:00
Jörg Thalheim
7d5c09b02e
Merge pull request #285167 from Mic92/systemd-boot
nixos/systemd-boot: fix editor option
2024-01-31 22:38:09 +07:00
Nick Cao
2c4eca2c07
Merge pull request #285100 from Tungsten842/revert-281529-acpid
Revert "acpid: Disable network access"
2024-01-31 08:25:37 -05:00
Maximilian Bosch
37ac24e2c7
nixos/tests/kernel-rust: test against 6.7 and testing (6.8rc1)
In #283893 we realized that not only 6.7, but also testing is affected.
And with more stable kernels following, we'll probably want to test
against all of them whether Rust support is working fine. As long as
it's not the default at least, then we should probably move this to
`kernel-generic`.

Every kernel that's new enough to support `rust-out-of-tree-module` (and
`linux_testing`) is part of this text matrix.
2024-01-31 09:52:20 +01:00
Jörg Thalheim
202e697233 nixos/systemd-boot: fix editor option 2024-01-31 10:46:30 +07:00
Mario Rodas
4006079f95
Merge pull request #276177 from aaronjheng/prometheus-openvpn-exporter
prometheus-openvpn-exporter: remove
2024-01-30 19:32:50 -05:00
WilliButz
ccff749532
nixos/boot.uki: allow partial overrides of default UKI settings
Previously any user-provided config for boot.uki.settings would need to
either specify a full set of config for ukify or a combination of
mkOptionDefault to merge the "settings" attribute set with the module's
defaults and then mkOverride or mkForce to override a contained
attribute.

Now it is possible to trivially override parts of the module's default
config, such as the initrd or kernel command line, but overriding the
full set of settings now requires mkOverride / mkForce.
2024-01-30 23:54:40 +01:00
Thomas Gerbet
898c3061fe
Merge pull request #279253 from risicle/ris-packagekit-1.2.8
packagekit: 1.2.5.1pre -> 1.2.8
2024-01-30 23:37:46 +01:00
Tungsten842
c1afcd1c8c
Revert "acpid: Disable network access" 2024-01-30 22:49:43 +01:00
Robert Scott
19b3ab3fe4 packagekit: use test_nop backend by default
nix backend is broken and this is causing the nixos test to
fail
2024-01-30 20:41:15 +00:00
Guillaume Girol
996d064488
Merge pull request #278131 from symphorien/sane_test
nixos/sane: add nixos test
2024-01-30 21:00:12 +01:00
Robert Hensing
056a4d8d52
Merge pull request #283406 from tfc/nixos-rebuild-socket
nixos-rebuild: Handle too-long tmpdir paths on macOS
2024-01-30 19:02:37 +01:00
Martin Weinelt
5283fe407c
nixos/tests/pretalx: init 2024-01-30 17:41:34 +01:00
Martin Weinelt
8f03632997
nixos/pretalx: init 2024-01-30 17:41:34 +01:00
Ryan Lahfa
bed631549e
Merge pull request #284263 from amarshall/fix-zfs-test-wrong-pkg
nixos/tests/zfs: fix using wrong package in tests; minor cleanup
2024-01-30 16:37:17 +01:00
Ryan Lahfa
386c037cb7
Merge pull request #284174 from jmbaur/repart-sector-size
Fix appliance-repart-image NixOS VM test
2024-01-30 16:36:09 +01:00
K900
3176d495ff nixos/plasma5: enable qt stuff
Otherwise things like themes only work due to lucky wrapper leakage.
2024-01-30 17:36:06 +03:00
Weijia Wang
5116ea824d
Merge pull request #280549 from wineee/deepin-icon
deepin: move distribution.info back to deepin-desktop-base
2024-01-30 14:50:13 +01:00
Luke Granger-Brown
23310f467a
Merge pull request #284980 from patka-123/update-paperless-service-example-doc
nixos/paperless: update extraConfig to settings in service docs.
2024-01-30 12:53:31 +00:00
Yureka
a6c64fbd39
nixos/strongswan-swanctl: add includes option for secrets (#284742) 2024-01-30 12:47:33 +01:00
h7x4
ba5f81a6b6
Merge pull request #276547 from ambroisie/pyload-module
nixos/pyload: init module
2024-01-30 12:29:46 +01:00
Patka
3d028d17c9
nixos/paperless: update extraConfig to settings in service docs
Signed-off-by: Patka <patka@patka.dev>
2024-01-30 11:26:04 +01:00
Sandro
4891afd8df
Merge pull request #284735 from Izorkin/update-gpg-tui 2024-01-30 11:09:05 +01:00
Yureka
c94d63a527
nixos/utils: fix stack overflow in genJqReplacementSnippet (#284027)
When the input contains derivations, don't attempt to recurse into them
2024-01-30 11:00:08 +01:00
K900
0f34032f5a nixos/plasma5: install missing style plugins 2024-01-30 11:38:10 +03:00
github-actions[bot]
2f68b418f1
Merge staging-next into staging 2024-01-30 06:01:22 +00:00
Luke Granger-Brown
a12b828a26
Merge pull request #277661 from appsforartists/handheld-daemon
handheld-daemon: init at 1.1.0
2024-01-30 04:01:11 +00:00
Franz Pletz
540cdedf5d
Merge pull request #284676 from r-ryantm/auto-update/exportarr 2024-01-30 03:08:25 +01:00
Brenton Simpson
b960a217bd handheld-daemon: touchup code style to better match nixpkgs
Co-authored-by: h7x4 <h7x4@nani.wtf>
Co-authored-by: Luke Granger-Brown <git@lukegb.com>
Co-authored-by: Bruno BELANYI <bruno@belanyi.fr>
2024-01-29 17:20:30 -08:00
github-actions[bot]
93a73aa6cf
Merge staging-next into staging 2024-01-30 00:02:29 +00:00
Franz Pletz
f77e7dbd31
nixos/tests/prometheus-exporters: remove exportarr_sonarr
This test has never worked. Not sure why it was merged in the first
place.
2024-01-30 01:00:22 +01:00
Franz Pletz
3432be07e4
Merge pull request #278555 from leona-ya/kresd-port-only-regex 2024-01-30 00:41:53 +01:00
Bernardo Meurer
429a3accd9
Merge pull request #284800 from lovesegfault/fix-moonraker-warn
nixos/moonraker: fix update_manager.enable_system_updates being [bool] and not bool
2024-01-29 18:23:33 -05:00
Franz Pletz
da226d14bf
Merge pull request #284749 from 2xsaiko/outgoing/dovecot-fix-1 2024-01-30 00:17:12 +01:00
Felix Bühler
b6e25194a4
Merge pull request #283778 from linsui/noat
nixos/nautilus-open-any-terminal: init
2024-01-29 22:07:23 +01:00
Marco Rebhan
522d660f25
nixos/dovecot: fix sieve script config generation 2024-01-29 19:42:55 +01:00
Robert Hensing
2b4a1a1d4f doc/option-types: Definitions are not declared 2024-01-29 19:13:37 +01:00
github-actions[bot]
6a27b0be74
Merge staging-next into staging 2024-01-29 18:01:37 +00:00
Bernardo Meurer
392b32b2af
nixos/moonraker: fix update_manager.enable_system_updates being [bool] and not bool 2024-01-29 11:31:12 -05:00
Pablo Andres Dealbera
bb40443e77 nixos/photoprism: use nsenter to call photoprism bin with correct UID and PID 2024-01-29 13:26:35 -03:00
Bobby Rong
850bac2305
Merge pull request #284633 from FedericoSchonborn/budgie-desktop-10.9
Budgie Desktop 10.9
2024-01-29 21:58:15 +08:00
Bobby Rong
6b5dd0640b
nixosTests.budgie: Fix login subtest
After budgie-session is used.
2024-01-29 10:13:31 -03:00
Weijia Wang
273b8ebd64
Merge pull request #284711 from misuzu/netbird-test
nixosTests.netbird: fix after module update
2024-01-29 13:25:52 +01:00
github-actions[bot]
66542bb884
Merge staging-next into staging 2024-01-29 12:01:40 +00:00
Marco Rebhan
26e71b5a5b
nixos/dovecot: remove unused imports 2024-01-29 12:21:58 +01:00
Izorkin
fd21b17628
nixos/no-x-libs: add gpg-tui 2024-01-29 12:35:22 +03:00
Fabián Heredia Montiel
45fad8902f linux/hardened/patches/6.7: init at 6.7.2-hardened1 2024-01-29 09:44:08 +01:00
misuzu
83591dbbe5 nixosTests.netbird: fix after module update 2024-01-29 09:46:02 +02:00
Jacek Galowicz
d45acb5457 nixos-rebuilt-target-host test: Add long TMPDIR to verify that fix works 2024-01-29 07:59:15 +01:00
Nick Cao
519ebe37e2
Merge pull request #283452 from SuperSandro2000/pcsclite-outputs
pcsclite: move binaries, polkit, systemd files to out, move libraries to lib
2024-01-28 21:19:51 -05:00
github-actions[bot]
1a9dbf110b
Merge staging-next into staging 2024-01-29 00:02:49 +00:00
Felix Bühler
da47763cb8
Merge pull request #279384 from Stunkymonkey/recursive-pth-loader-normalize
python311Packages.recursive-pth-loader: rename from recursivePthLoader
2024-01-29 00:40:42 +01:00
Federico Damián Schonborn
0d209c6641
nixos/budgie: Replace gnome-session with budgie-session
Signed-off-by: Federico Damián Schonborn <fdschonborn@gmail.com>
2024-01-28 20:08:59 -03:00
Joachim F
6dd56e1483
Merge pull request #275579 from tamara-schmitz/master
update hardened profile to new recommendations
2024-01-28 20:25:27 +01:00
Sandro Jäckel
3da096a5c3
pcsclite: move binaries, polkit, systemd files to out, move libraries to lib
This should make the things related to the udev rules and binaries a lot
simpler and more expected.
2024-01-28 19:31:54 +01:00
Sandro
263af58884
Merge pull request #284488 from Silver-Golden/master
Bitwarden directory connector: fix bad preStart
2024-01-28 19:18:10 +01:00
github-actions[bot]
229c36bdcb
Merge staging-next into staging 2024-01-28 18:01:42 +00:00
K900
499b9a5de0
Merge pull request #284562 from K900/lemmy-nginx-fix
lemmy: fix nginx config generation
2024-01-28 20:48:51 +03:00
Kerstin
45b1d68c35
Merge pull request #283981 from f2k1de/mastodon-too-many-open-files-fix
mastodon: set LimitNOFILE
2024-01-28 18:47:53 +01:00
Nick Cao
2389ab15b4
Merge pull request #284496 from ElvishJerricco/systemd-255-hibernate-resume
systemd-stage-1: Fix hibernate-resume with systemd v255
2024-01-28 11:20:04 -05:00
K900
c34a1d5135 lemmy: fix nginx config generation 2024-01-28 19:15:02 +03:00
Adam C. Stephens
382935bf7a
Merge pull request #284109 from ambroisie/update-woodpecker
woodpecker-*: 1.0.5 -> 2.2.2
2024-01-28 10:19:02 -05:00
Aaron Andersen
0ed21f3b09
Merge pull request #284122 from Stunkymonkey/zabbix-write-secret
nixos/{zabbixServer,zabbixProxy}: prefer 'install' over 'mkdir/chmod/chown'
2024-01-28 06:24:11 -08:00
Andrew Marshall
5d798a0657 nixos/tests/zfs: decouple makeZfsTest params from unstable vs. stable
enableUnstable was trying to do too much, it’s more obvious to remove
the indirection to set zfsPackage and push the semantics up to the
caller.
2024-01-28 09:20:31 -05:00
Andrew Marshall
39ba1b4145 nixos/tests/zfs: improve naming
It is not one package, but the package set, and so is plural.
2024-01-28 09:19:21 -05:00
nikstur
dff64f549e nixos/x11: remove leading slash from environment.etc path
Even if the tools that assemble /etc can handle leading slashes, this
still is not correct. For example, you could have both /X11 and X11 in
environment.etc which makes overriding hard.
2024-01-28 13:38:09 +01:00
nikstur
a9161ceb5a nixos/etc: remove leading slash from target paths in build-composefs-dump.py
This is necessary so that duplicates in the composefs dump are avoided.
2024-01-28 13:37:23 +01:00
Will Fancher
6f1b17d4b8 systemd-stage-1: Fix hibernate-resume with systemd v255 2024-01-28 06:52:21 -05:00
Brendan Golden
fe59b6d24b
Bitwarden directory connector: fix bad preStart 2024-01-28 10:52:43 +00:00
Jared Baur
0bf5f3be25
appliance-repart-image: fix OVMF not detecting disk
With the update of systemd to v255, the repart tool switched to use 4K
sector sizes by default. This change sets the appliance-repart-image
test to use a sector size of 512B to fit in with the existing NixOS VM
test infrastructure using qemu disks with 512B sector sizes.
2024-01-27 17:20:04 -08:00
Jared Baur
4e139026b5
nixos/repart: add option for configuring sector size
This option is helpful for situations when the target host disk's sector
size differs from that of the build host.
2024-01-27 17:19:32 -08:00
nikstur
92b98478a8 nixos/etc: fix type checking of build-composefs-dump.py 2024-01-28 01:58:56 +01:00
PassiveLemon
1d3e2a92bc nixos/alvr: init module 2024-01-27 19:45:27 -05:00
github-actions[bot]
3d3220f45a
Merge staging-next into staging 2024-01-28 00:02:42 +00:00
Martin Weinelt
0deb00012d
Merge pull request #255707 from micahsoftdotexe/update-navidrome
nixos/navidrome: accept DataFolder option
2024-01-28 00:08:18 +01:00
Micah Tanner
7d9e3e510b nixos/navidrome: accept DataFolder option 2024-01-27 17:54:50 -05:00
Tamara Schmitz
b80c3284d5
nixos/hardened: update hardened profile to new recommendations
Borrowing from here to match hardened profile with more recent kernels:
* https://madaidans-insecurities.github.io/guides/linux-hardening.html?#boot-parameters
* https://github.com/a13xp0p0v/kernel-hardening-checker/

Removed "slub_debug" as that option disables kernel memory address
hashing. You also see a big warning about this in the dmesg:
"This system shows unhashed kernel memory addresses via the console, logs, and other interfaces."

"init_on_alloc=1" and "init_on_free=1" zeroes all SLAB and SLUB allocations. Introduced in 6471384af2a6530696fc0203bafe4de41a23c9ef. Also the default for the Android Google kernel btw. It is on by default through the KConfig.

"slab_nomerge" prevents the merging of slab/slub caches. These are
effectively slab/slub pools.

"LEGACY_VSYSCALL_NONE" disables the older vsyscall mechanic that relies on
static address. It got superseeded by vdsos a decade ago. Read some
LWN.net to learn more ;)

"debugfs=off" I'm sure there are some few userspace programs that rely on
debugfs, but they shouldn't.

Most other things mentioned on the blog where already the default on a
running machine or may not be applicable.

Most other Kconfigs changes come from the kernel hardening checker and
were added, when they were not applied to the kernel already.

Unsure about CONFIG_STATIC_USERMODEHELPER. Would need testing.
2024-01-27 20:43:58 +00:00
WilliButz
3a00809390
nixos/prometheus-snmp-exporter: fix undefined logPrefix
When I added `coerceConfigFile` based on the blackbox exporter module, I
did not notice the missing attribute definition.
2024-01-27 20:59:41 +01:00
github-actions[bot]
a390a2178d
Merge staging-next into staging 2024-01-27 18:01:49 +00:00
Sandro Jäckel
1af95a24c1
nixos/dhcpcd: link dhcpcd.conf to /etc/ to fix dhcpcd -k 2024-01-27 18:12:55 +01:00
Luke Granger-Brown
0f8804e6a5
Merge pull request #283916 from devusb/fix-pomerium-test
nixos/pomerium: fix UI test
2024-01-27 17:02:35 +00:00
Nick Cao
8138e47046
Merge pull request #284115 from jacekpoz/ratbagd-module
nixos/ratbagd: add package option
2024-01-27 11:12:55 -05:00
Sandro
8219e2c1bc
Merge pull request #279050 from SuperSandro2000/portunus-seedsettings
nixos/portunus: add seedSettings option
2024-01-27 16:08:41 +01:00
Andrew Marshall
fb346a8791 nixos/tests/zfs: fix using wrong package 2024-01-27 09:33:35 -05:00
github-actions[bot]
10d19dce50
Merge staging-next into staging 2024-01-27 12:01:38 +00:00
Will Fancher
2af1ee5bba
Merge pull request #259196 from liff/mod/systemd-lock-handler
nixos/systemd-lock-handler: init with corresponding package at 2.4.2
2024-01-27 06:13:38 -05:00
Maximilian Bosch
abd098fce8
Merge pull request #283972 from onny/nextcloud-settings
nixos/nextcloud: Rename extraOptions to settings
2024-01-27 11:01:23 +01:00
Olli Helenius
e103c5cfcf
nixos/systemd-lock-handler: init 2024-01-27 11:55:46 +02:00
github-actions[bot]
d976132a1f
Merge staging-next into staging 2024-01-27 06:01:37 +00:00
Pierre Bourdon
b0051767f1
Merge pull request #284153 from JulienMalka/systemd-boot-builder-folder
nixos/systemd-boot: move builder script in bin folder
2024-01-27 06:58:18 +01:00
K900
b5dc67dd94
Merge pull request #284130 from xNaxdy/fix-plasma5-mobilegear
nixos/plasma5: fix plasmaMobileGear path
2024-01-27 07:07:52 +03:00
Weijia Wang
4354538139 Merge branch 'staging-next' into staging 2024-01-27 04:17:36 +01:00
Weijia Wang
7d021ca26b
Merge pull request #265056 from rgri/init-mouse-actions
mouse-actions: init at 0.4.4
2024-01-27 03:47:42 +01:00
Julien Malka
ceeddc5b15 nixos/systemd-boot: move builder script in bin folder 2024-01-27 01:29:40 +00:00
Thomas Gerbet
117fd19a77
Merge pull request #276306 from ambroisie/aria2-rpc-secret-file
nixos/aria2: implement 'rpcSecretFile'
2024-01-27 00:46:56 +01:00
Bruno BELANYI
44792c6df4 nixos: release notes for woodpecker update 2024-01-26 22:54:32 +00:00
Naxdy
edc49b2e83
nixos/plasma5: fix plasmaMobileGear path 2024-01-26 23:52:49 +01:00
Yt
a759a579fb
Merge pull request #283447 from Munksgaard/livebook-fixes
livebook: Use `mix release` to build instead of escript
2024-01-26 22:14:08 +00:00
Felix Buehler
bdce5312c9 nixos/{zabbixServer,zabbixProxy}: prefer 'install' over 'mkdir/chmod/chown' 2024-01-26 23:10:57 +01:00
jacekpoz
49130d8bf7
nixos/ratbagd: add package option 2024-01-26 22:58:44 +01:00
Felix Buehler
4c9b5cb310 nixos/rabbitmq: prefer 'install' over 'mkdir/chmod/chown' 2024-01-26 22:56:28 +01:00
maxine
642317d03f
Merge pull request #283618 from SuperSandro2000/tailscale-resoleconf
nixos/tailscale: make resolvconf package depending on enablement of module
2024-01-26 22:41:14 +01:00
Felix Bühler
d9de6dd272
Merge pull request #284075 from rhoriguchi/nixos/esphome
nixos/esphome: add option to use ping to check online status of devices
2024-01-26 22:13:11 +01:00
Kira Bruneau
473b20c3d7
Merge pull request #281909 from kira-bruneau/gamemode
nixos/gamemode: add gamemode group
2024-01-26 15:25:56 -05:00
superherointj
cbe8e0c980 nixos/etcd: fix etcd category from misc to databases 2024-01-26 16:40:11 -03:00
superherointj
29d18e8f6f nixos/etcd: fixes etcd failing to start at boot and add openFirewall option
Fixes etcd failing to start at boot for network and firewall not being ready and etcd peers being unavailable because of network/firewall

* configure etcd systemd unit to:

  - delay etcd start-up until network and firewall are ready
  - restart on failure and be always on

* add openFirewall option

  The official etcd ports are 2379 for client requests and 2380 for peer communication:
  https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.txt
  https://etcd.io/docs/v3.4/op-guide/configuration/
2024-01-26 16:40:11 -03:00
Philip Munksgaard
1ee8e72834
livebook: Set KillMode=mixed
This will gracefully shut down the service instead of resulting in errors like
this:

```
Jan 24 10:11:11 foo livebook[981676]: 10:11:11.922 [error] GenServer :disksup terminating
Jan 24 10:11:11 foo livebook[981676]: ** (stop) {:port_died, :normal}
Jan 24 10:11:11 foo livebook[981676]: Last message: {:EXIT, #Port<0.8>, :normal}
Jan 24 10:11:11 foo livebook[981676]: 10:11:11.922 [error] GenServer :memsup terminating
Jan 24 10:11:11 foo livebook[981676]: ** (stop) {:port_died, :normal}
```
2024-01-26 20:19:49 +01:00