Commit Graph

13555 Commits

Author SHA1 Message Date
Pierre Bourdon
67b7e70865
nixos/hardened: make pti=on overridable
Introduces a new security.forcePageTableIsolation option (default false
on !hardened, true on hardened) that forces pti=on.
2019-07-30 02:24:56 +02:00
Léo Gaspard
5f33bcd953
matrix-synapse: fix documentation better 2019-07-25 15:37:32 +02:00
Thomas Tuegel
294e75e832
Merge pull request #65339 from ttuegel/wrap-pinentry_qt5
pinentry: Use qt5.wrapQtApps as needed
2019-07-24 16:07:40 -05:00
Thomas Tuegel
9235a8eaef
nixos/config/no-x-libs: Fix pinentry arguments 2019-07-24 15:22:07 -05:00
Robin Gloster
5806e71834
Merge pull request #65299 from Ma27/fix-nextcloud-test
nixos/nextcloud: fix inclusion of trusted_domains in override config
2019-07-24 19:28:06 +00:00
Thomas Tuegel
3d76d810ed
Merge pull request #65090 from eadwu/compton/7
compton: 6.2 -> 7
2019-07-24 06:41:09 -05:00
Peter Hoeg
bede9851a1
Merge pull request #65078 from peterhoeg/f/st
nixos/syncthing: do not use nogroup
2019-07-24 13:22:08 +08:00
Aaron Andersen
72ef4786e1
Merge pull request #64151 from aanderse/httpd-extraSubservices
nixos/httpd: module cleanup
2019-07-23 21:58:40 -04:00
Florian Klink
101a4be5a7
Add spotifyd package and service (#65092)
Add spotifyd package and service
2019-07-24 00:54:24 +02:00
Silvan Mosberger
8403187566
thelounge: init at 3.0.1 (#51947)
thelounge: init at 3.0.1
2019-07-23 13:45:43 +02:00
Maximilian Bosch
c5e515f5c7
nixos/nextcloud: fix inclusion of trusted_domains in override config
Regression I caused with 3944aa051c, sorry
for this! The Nextcloud installer broke back then because
`trusted_domains` was an empty value by default (a.k.a an empty array)
which seemed to break the config merger of Nextcloud as Nextcloud
doesn't do recursive merging and now no domain was trusted because of
that, hence Nextcloud was unreachable for the `curl` call.
2019-07-23 13:29:43 +02:00
Mrmaxmeier
37a2f058ed nixos/thelounge: init
The Lounge is the official and community-managed fork of Shout.
This intends to replace the `shout` service.
2019-07-23 13:18:01 +02:00
Danylo Hlynskyi
d54e52276b
postgresql: update docs
https://github.com/NixOS/nixpkgs/issues/32156
2019-07-23 14:17:14 +03:00
Domen Kožar
cfd507d581
system-boot: configurationLimit should be null as default 2019-07-23 10:20:09 +02:00
WilliButz
5dc50eab68
Merge pull request #65102 from d-goldin/patch-1
docs prometheus.exporters: typo fix.
2019-07-23 10:06:20 +02:00
worldofpeace
356d9ad758 nixos/pantheon: don't add extraPortals
Pantheon's XDG Portal is still WIP and we
it's probably not proper to use gtk's one.
2019-07-23 03:43:41 -04:00
steve-chavez
dfd3a0269c Shorten mkEnableOption description 2019-07-23 12:19:28 +09:00
steve-chavez
5ccfa0c816 nixos/modules: add greenclip user service 2019-07-23 12:19:28 +09:00
Robin Gloster
da2eda65e3
Merge pull request #65179 from delroth/bind-extraconfig
nixos/bind: allow manual additions to zone config fragments
2019-07-22 17:53:49 +00:00
Robin Gloster
e891178dde
Merge pull request #63900 from Ma27/nextcloud-declarative-dbconfig
nixos/nextcloud: write config to additional config file
2019-07-22 16:50:02 +00:00
Johan Thomsen
bbd4a0c100 nixos/gitlab: gitlab-workhorse requires exiftool on path to process uploaded images 2019-07-22 16:41:16 +00:00
Maximilian Bosch
3944aa051c
nixos/nextcloud: write config to additional config file
One of the main problems of the Nextcloud module is that it's currently
not possible to alter e.g. database configuration after the initial
setup as it's written by their imperative installer to a file.

After some research[1] it turned out that it's possible to override all values
with an additional config file. The documentation has been
slightly updated to remain up-to-date, but the warnings should
remain there as the imperative configuration is still used and may cause
unwanted side-effects.

Also simplified the postgresql test which uses `ensure{Databases,Users}` to
configure the database.

Fixes #49783

[1] https://github.com/NixOS/nixpkgs/issues/49783#issuecomment-483063922
2019-07-22 18:29:52 +02:00
WilliButz
294bed66dc
nixos/release-notes: add note about nginx-exporter 2019-07-22 16:41:10 +02:00
WilliButz
c64f621bfd
nixos/prometheus-nginx-exporter: update module
Update exporter submodule to match the new exporter version.
2019-07-22 16:41:10 +02:00
WilliButz
fb6f0a48bb
nixos/prometheus-exporters: add option renaming for submodules
Adds the functionality to create option renamings and removals
for exporter submodules as in nixos/modules/rename.nix.
2019-07-22 16:41:10 +02:00
WilliButz
77ccb1fe6a
nixos/tests/prometheus-exporters: replace 'with lib;'
Replace 'with lib;' by explicit function imports.
2019-07-22 16:41:10 +02:00
WilliButz
774221191d
nixos/prometheus-exporters: refactor imports, replace 'with lib;'
Pass through 'options' to exporter definitions and replace 'with lib;'
by explicit function imports.
2019-07-22 16:41:09 +02:00
WilliButz
01ee2ee2ba
nixos/test: fix prometheus-{bind,varnish}-exporter tests 2019-07-22 16:41:09 +02:00
Nikolay Amiantov
a0ba42e3f4
Merge pull request #64268 from jameysharp/nscd-dynamicuser
nixos/nscd: DynamicUser and other cleanups
2019-07-22 16:23:07 +03:00
Nikolay Amiantov
5f4288d49d boot tests: don't use globbing
Turns out I broke all the boot tests except netboot.

Instead of relying on build-time search for .iso we can use a proper attribute.
2019-07-22 14:44:53 +03:00
Andrew Childs
d2144755a4 nixos-test-driver: allow configuration of net frontend and backend
When IPXE tests were added, an option was added for configuring only
the frontend, and the backend configuration was dropped entirely. This
caused most installer tests to fail.
2019-07-22 13:44:27 +03:00
Franz Pletz
376b5fd000
Merge pull request #64463 from Ma27/graylog-test
nixos/graylog: minor fixes, add test
2019-07-21 20:53:39 +00:00
Aaron Andersen
44565adda5
Merge pull request #60436 from nbardiuk/master
nixos/tiddlywiki: init
2019-07-21 16:39:42 -04:00
Franz Pletz
bc418837d5
Merge pull request #65225 from Ma27/bump-prometheus-wireguard-exporter
prometheus-wireguard-exporter: 2.0.1 -> 3.0.0
2019-07-21 20:19:22 +00:00
Maximilian Bosch
7095bdf988
nixos/prometheus-exporters/wireguard: add support for -s switch
Since version 3.0 all allowed IPs and subnets are exposed by the
exporter. With `-s` set on the CLI, instead of a comma-separated list,
each allowed IP and subnet will be in a single field with the schema
`allowed_ip_<index>`.
2019-07-21 21:39:49 +02:00
Maximilian Bosch
543ef567d9
prometheus-wireguard-exporter: 2.0.1 -> 3.0.0
Two new releases are available:
* https://github.com/MindFlavor/prometheus_wireguard_exporter/releases/tag/3.0.0
* https://github.com/MindFlavor/prometheus_wireguard_exporter/releases/tag/2.0.2

The main new feature is that the exporter exposes all allowed ips and
subnets.
2019-07-21 21:39:48 +02:00
Danylo Hlynskyi
caa0f82bf8
docs: update docs for postgresql plugins (#64899)
docs: update docs for postgresql plugins

Co-Authored-By: Mario Rodas <marsam@users.noreply.github.com>
2019-07-21 22:05:41 +03:00
Anders Lundstedt
53841fcea9 nixos/spotifyd: init 2019-07-21 00:58:20 +02:00
Aaron Andersen
9b970d07f3 nixos/httpd: drop postgresql reference 2019-07-20 18:36:24 -04:00
Aaron Andersen
0fd69629c7 nixos/httpd: mark extraSubservices option as deprecated 2019-07-20 18:36:19 -04:00
Aaron Andersen
505df09d50 nixos/httpd: drop the port option 2019-07-20 18:29:46 -04:00
Thomas Tuegel
a071bfa7e7
Merge pull request #65188 from xvello/master
plasma5: allow to configure the default phonon backend
2019-07-20 15:35:09 -05:00
Xavier Vello
df748aeefe nixos/plasma5: allow to configure the default phonon backend
Introduce a new .plasma5.phononBackend option. Default value
"gstreamer" installs the same packages as before. "vlc" installs
only the vlc phonon backend.
2019-07-20 21:53:46 +02:00
Samuel Dionne-Riel
56836c31ad nixos/tests: drop tomcat connector test
The httpd subservice was dropped in #64052.
2019-07-20 15:19:45 -04:00
Pierre Bourdon
6332bc25cd
nixos/bind: allow manual additions to zone config fragments 2019-07-20 17:50:37 +02:00
Aaron Andersen
30920fbf69
Merge pull request #64741 from dasJ/gitea-smtp-pw
nixos/gitea: Support SMTP without pw in the store
2019-07-20 08:32:51 -04:00
Aaron Andersen
faf884ca9b
Merge pull request #64365 from aanderse/tt-rss
nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation
2019-07-20 08:23:48 -04:00
worldofpeace
d734750608 nixos/xdg: default portal from xserver.enable
same affect as f84a4ef892
but we won't need to enable the module independently for DE
modules.
2019-07-19 19:47:02 -04:00
Samuel Dionne-Riel
f84a4ef892 nixos/xdg: Disables portal by default...
Left to do: re-enable as needed in the usual situations.

This added ~286MiB to the base system closure, which is enough to bring
the sd images over the limit allowed on Hydra.
2019-07-19 19:28:51 -04:00
Graham Christensen
a463582040
Merge pull request #65079 from mmahut/typo
Renaming security.virtualization.flushL1DataCache to virtualisation
2019-07-19 16:12:52 -04:00