Commit Graph

34413 Commits

Author SHA1 Message Date
rnhmjoj
8fafc35158
resolvconf: reliably set group permissions
If `resolvconf` is invoked by a process not running with the resolvconf
group as primary group, other processes will run into trouble as files
or directories under /run/resolvconf won't have write permissions.

This ACL rule ensure that resolvconf files, include new files created by
any process, are always accessible by users of the resolvconf group.
2024-10-25 21:33:30 +02:00
Felix Bühler
29cdb4373e
pptpd: prefer 'install' over 'chmod/chown' (#308085) 2024-10-25 20:48:22 +02:00
K900
7f898ed413 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-25 21:06:42 +03:00
Frédéric Christ
8f4b41cfd4 nixos/systemd: Enable systemd-machine-id-commit.service
Prior to this contribution, every boot with a default configuration was
considered `ConditionFirstBoot=true` by systemd, since /etc/machine-id
was not commited to disk.

This also extends the systemd with a check for subsequent boots not
being considered first boots.
2024-10-25 14:03:15 +02:00
Rémi NICOLE
0433962e5b
netbox: 3.7.8 -> 4.1.3 (#331750) 2024-10-25 09:09:06 +00:00
Fabián Heredia Montiel
da7fb8d0ef Merge remote-tracking branch 'origin/master' into staging-next 2024-10-24 17:53:05 -06:00
Leona Maroni
a378c72099
youtrack_2022_3: drop (#349356) 2024-10-24 22:46:57 +02:00
Felix Buehler
ca63cb8a24 nixos/bazarr: normalize description 2024-10-24 22:39:43 +02:00
github-actions[bot]
ef782655d2
Merge master into staging-next 2024-10-24 18:04:38 +00:00
Emily
500f4dcf2b
nixos/switchable-system: add evaluation warning when using perl stc (#350945) 2024-10-24 16:59:43 +01:00
Jared Baur
9bbef50e24
nixos/switchable-system: add evaluation warning when using perl stc 2024-10-24 08:50:51 -07:00
Masum Reza
c87f82b6aa
nixos/sway: workaround idle inhibit not working in Firefox (#348792) 2024-10-24 19:48:30 +05:30
Jared Baur
81f92fbc29
nixos/switchable-system: nixfmt 2024-10-24 06:22:58 -07:00
Sefa Eyeoglu
15aad9d3a1
nixos/ntpd: cleanup; add tests (#349633) 2024-10-24 15:21:01 +02:00
Martin Weinelt
8a2439f1c2
nixos/avahi-daemon: set up sandboxing 2024-10-24 15:04:14 +02:00
Sefa Eyeoglu
0642aa2f53
nixos/monado: install monado-vulkan-layers
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
2024-10-24 15:01:42 +02:00
github-actions[bot]
e60fd6d56f
Merge master into staging-next 2024-10-24 12:05:54 +00:00
Victor Duarte
f2b58efde4 fix links to specifications.freedesktop.org 2024-10-24 13:00:55 +02:00
Maximilian Bosch
e7d631432f
Merge: nixos/nginx: create 127.0.0.1 alias for status page (#349536) 2024-10-24 12:49:10 +02:00
Ramses
fe8daa8bac
nixos/niri: init module (#348193) 2024-10-24 09:20:35 +02:00
K900
dee94df6f2 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-24 09:28:51 +03:00
rcerc
42d887adbf nixos/supplicant: Always provide a first configuration file argument
`wpa_supplicant` refuses to start when `configFile.path == null` because this
omits the `-c` (‘Configuration file’) option, which it requires even if the
`-I` (‘additional configuration file’) option is provided. If `configFile.path
== null`, pass `extraConfFile` with `-c` instead of `-I` to prevent this.
2024-10-24 08:25:02 +02:00
Michele Guerini Rocco
f93d86f657
nixos/getty: add option to autologin once per boot, take 2 (#348236) 2024-10-24 07:59:10 +02:00
Luke Granger-Brown
9e3e014de1
nixos/factorio: add allowedPlayers option to manage the whitelist (#350769) 2024-10-23 23:47:53 +01:00
Matthieu Coudron
5c8ff2e60c
nixos/immich: use 'immich' as syslog identifier (#350551)
use 'immich' as syslog identifier

seeing 'immich' instead of the generic 'server' in journalctl is more understandable
2024-10-24 00:15:19 +02:00
Jack Wilsdon
464e353fcc nixos/klipper: fix serial value inheritance 2024-10-23 22:32:26 +01:00
Ryan Horiguchi
449a963b0e nixos/nginx: create 127.0.0.1 alias for status page 2024-10-23 22:41:00 +02:00
Minijackson
4409a8d78f
nixos/netbox: increase timeout for NetBox pre-start script
since the script does database migrations and index,
it could timeout on slower system with a big enough database
2024-10-23 21:07:35 +02:00
Minijackson
69610ea296
netbox: switch to netbox_4_1, mark netbox_3_7 as EOL
also switch the netbox-upgrade test to check upgrade from 3.7 -> 4.1
2024-10-23 21:07:32 +02:00
github-actions[bot]
606bd3114c
Merge master into staging-next 2024-10-23 18:04:32 +00:00
Ben Millwood
c37e40d9ff nixos/factorio: add allowedPlayers
This writes a whitelist file and instructs the server process to use it.
I opted not to give the same treatment to the banlist because (as
explained in the comments) mutability and persistence seems more
important for bans, and they're less often known in advance.
2024-10-23 18:19:05 +01:00
teutat3s
7e7a06994f
nixos/sway: workaround idle inhibit not working
in Firefox

Source:
https://www.reddit.com/r/swaywm/comments/1dqud2a/how_to_get_firefox_to_inhibit_idle_when_watching/
> Firefox supports the Wayaland inhibit protocol, but it attempts to use the DBus interfaces first. However, the gtk portal has an issue where it returns success even though the wlr portal/sway doesn't have an implementation for the inhibit method, see #465.
2024-10-23 18:34:47 +02:00
Nick Cao
ef5045c670
nezha-agent: 0.18.5 -> 0.20.2 (#347544) 2024-10-23 12:17:09 -04:00
andre4ik3
c42b24b3f4
nixos/apple-touchbar: init module (#350219) 2024-10-23 17:14:34 +02:00
Ben Millwood
43377c06f3 nixos/factorio: correct extraSettings example
"admins" isn't a server setting, so this example wouldn't actually work.
"max_players" is the first thing I saw in the [example server settings
file][1] that hasn't already been encoded in the options.

[1]: https://github.com/wube/factorio-data/blob/master/server-settings.example.json
2024-10-23 16:11:58 +01:00
Moraxyc
61567875e5
nixos/nezha-agent: add some options for new features 2024-10-23 20:22:37 +08:00
github-actions[bot]
bafb3e4e13
Merge master into staging-next 2024-10-23 12:05:38 +00:00
Shaurya Shubham
a4b68ba2c4 nixos/nix-gc: Update nix.gc.dates description to be more precise 2024-10-23 22:17:49 +11:00
Jörg Thalheim
9584ba7f85 nixos/buildbot: use python version used of the buildbot package
Since the buildbot package can be overwritten, it can be build against a
different python version.
This pull request makes sure we don't use the wrong python version.
This makes using buildbot-nix easier for both nixpkgs unstable and
nixpkgs stable.
2024-10-23 22:16:55 +11:00
Ramses
f73e31408d
prometheus-klipper-exporter: init at v0.11.2 (#348187) 2024-10-23 09:48:17 +02:00
Wulfsta
e13a31e4bf prometheus-klipper-exporter: init at v0.11.2 2024-10-23 01:55:47 -04:00
github-actions[bot]
723e1a67de
Merge master into staging-next 2024-10-23 00:14:18 +00:00
Yt
e7d7f71c0b
nextcloudPackages.whiteboard: init at 1.0.4; nextcloudPackages: update (#342773) 2024-10-22 19:04:21 -04:00
Sandro
70e46c586f
doc/misc/docker-registry: fix extraConfig docs (#349495) 2024-10-22 21:06:38 +02:00
github-actions[bot]
5a11b86f67
Merge master into staging-next 2024-10-22 18:04:37 +00:00
Franz Pletz
eae71219ea
nixos/wakapi; fix logical errors; add NixOS test (#350435) 2024-10-22 19:02:05 +02:00
Fabián Heredia Montiel
fdc64cfee0 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-22 09:14:28 -06:00
Someone
c53153d5b8
nvidia-container-toolkit: nvidia driver: don't enable, assert enabled (#350339) 2024-10-22 13:13:55 +00:00
Martin Weinelt
053637c50c
maintainers: remove myself from packages that I don't really maintain anymore (#350453) 2024-10-22 12:51:23 +02:00
Martin Weinelt
cc2a580af3
pretalx: 2024.2.1 -> 2024.3.0 (#350361) 2024-10-22 12:50:20 +02:00
Kerstin Humm
b12bcabd24
maintainers: remove erictapen from packages that I don't really maintain anymore 2024-10-22 12:32:29 +02:00
NotAShelf
a466f14627
nixos/wakapi: fix incorrect assertion conditions
Using implication here (->) causes the assertions to fail haphazardly due to the ordering *implied* by the operator. By using AND, we avoid this case. Unsurprisingly, this was caught by the NixOS test.
2024-10-22 12:27:24 +03:00
NotAShelf
fbec0c0d7f
nixos/wakapi: fix failing assertions 2024-10-22 12:05:02 +03:00
NotAShelf
c3ce64b13a
nixos/wakapi: fix typo in warning conditional
This makes the warning work as intended again.
2024-10-22 11:59:09 +03:00
seth
942b12caba
nixos/niri: init module 2024-10-21 21:00:17 -04:00
Martin Weinelt
7d2fd18921
nixos/pretalx: feature the files.upload_limit setting
The default of 10 MiB might be too constraining for slide decks and
collateral in 2024.
2024-10-22 02:49:29 +02:00
Martin Weinelt
bd281d0259
pretalx: 2024.2.1 -> 2024.3.0
https://docs.pretalx.org/changelog/#v2024-3-0
2024-10-22 02:43:51 +02:00
Rafael Fernández López
3f119f80a5
nvidia-container-toolkit: assert nvidia driver is present
Also, do not add the `nvidia` driver to `videoDrivers` automatically;
assert it is present (or the datacenter one) instead.
2024-10-22 00:05:26 +02:00
github-actions[bot]
f2d7c5202d
Merge master into staging-next 2024-10-21 18:04:46 +00:00
Jonas Heinrich
345a761d13 nixos/nextcloud-whiteboard-server: init 2024-10-21 15:49:23 +00:00
Leona Maroni
dc14253a18
nixos/youtrack: drop support for YouTrack 2022.3 2024-10-21 17:36:23 +02:00
Pablo Andres Dealbera
24be165be3 nixos/bazarr: add 156 as a valid SuccessExitStatus 2024-10-21 12:34:15 -03:00
nikstur
7fad2c2e39 nixos/wrappers: add enable switch
Add enable switch to make it possible to disable all wrappers but then
also re-enable all at once by forcing the option to be true.

By default the wrappers are enabled and thus the default behaviour
doesn't change.
2024-10-21 14:41:17 +02:00
Izorkin
b93bbf6406
nixos/nginx: remove rejectSSL assertion 2024-10-21 14:49:53 +03:00
github-actions[bot]
3fc3038625
Merge master into staging-next 2024-10-21 06:05:19 +00:00
github-actions[bot]
8164a7aa6d
Merge master into staging-next 2024-10-21 00:14:52 +00:00
Martin Weinelt
6306bf790e
matrix-sliding-sync: drop
On the 2024 matrix conference the EOL for the sliding-sync-proxy was
announced to be 2024-10-15. While the repo does not yet reflect that
state, we should not be taking the the sliding-sync proxy into NixOS
24.11 under any circumstances.
2024-10-20 23:19:33 +02:00
Sefa Eyeoglu
99b100cc3a
nixos/pam: Strip config in documentation and messages (#341562) 2024-10-20 21:00:06 +02:00
K900
5c00a1355b
nixos/systemd-boot: fix substituteAll usage (#350081) 2024-10-20 21:49:36 +03:00
K900
c42028339a nixos/systemd-boot: fix substituteAll usage
Missed this one :(
2024-10-20 21:45:57 +03:00
Sefa Eyeoglu
05b9e0a09f
bazarr: allow overriding package in module (#334521) 2024-10-20 20:45:57 +02:00
K900
099cde3a92
Revert "nixos/ssh: disable authorizedKeysInHomedir by default" 2024-10-20 21:32:29 +03:00
Artturin
a0a7eb6616 Merge branch 'master' into staging-next 2024-10-20 19:28:48 +03:00
Ramses
063af9cc70
virtualbox: nixfmt (#349009) 2024-10-20 18:21:14 +02:00
nicoo
06929a6fb0
nixos/ssh: disable authorizedKeysInHomedir by default (#309025) 2024-10-20 16:19:25 +00:00
github-actions[bot]
c38df14dc7
Merge master into staging-next 2024-10-20 06:04:33 +00:00
Pol Dellaiera
88d3f02d30
cyrus-imapd: init at 3.8.2 (#305538) 2024-10-20 07:51:45 +02:00
Tomo
d249539594
wivrn: init at 0.19 (#316975) 2024-10-19 20:02:50 -07:00
Tomo
8d642257fb
nodePackages.shout: drop (#349715) 2024-10-19 18:46:30 -07:00
Mathieu Rene
dcc8b99d85 nixos/corefreq: add program defining both the daemon service and its kernel module 2024-10-19 21:23:55 -04:00
github-actions[bot]
1b6b0d4cac
Merge master into staging-next 2024-10-20 00:15:48 +00:00
Pyrox
4e632e9c3f
nixos/ntpd: Add hardening 2024-10-19 14:26:17 -04:00
Pyrox
53bc9450bc
nixos/ntpd: Use StateDirectory instead of a preStart script 2024-10-19 14:26:00 -04:00
github-actions[bot]
d5c9b46499
Merge master into staging-next 2024-10-19 18:03:54 +00:00
K900
8ac75ddb6f kdePackages.kunifiedpush: unstable -> 1.0.0, enable by default on Plasma 6 2024-10-19 20:55:43 +03:00
Tomo
76c7c2dd88 nodePackages.shout: drop
shout has been deprecated since 2016:
90a62c56af

Also, move the top-level `shout` alias to `pkgs/top-level/aliases.nix`.

Part of #229475
2024-10-19 17:53:20 +00:00
Moraxyc
8d90446d39
nixos/cyrus-imap: init module
Co-authored-by: jtbx <jeremy@baxters.nz>
Co-authored-by: pluiedev <hi@pluie.me>
2024-10-20 00:13:24 +08:00
Florian Klink
fdfb6e917c
nixos/kmonad: init (#349489) 2024-10-19 18:04:50 +02:00
Nick Cao
f8b17f235e
nixos/sing-box: generate config file into RuntimeDirectory (#338457) 2024-10-19 10:11:00 -04:00
K900
fcc185b986 nixos/bitmagnet: add help text for the options, fix typo 2024-10-19 15:55:15 +03:00
K900
3a4fc1a183 nixos: add bitmagnet module to the list
Fixes #337310
2024-10-19 15:50:18 +03:00
K900
d8f20db7a4
Merge branch 'master' into bitmagnet-module 2024-10-19 15:44:05 +03:00
K900
2ab7280fa2 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-19 15:07:50 +03:00
Pyrox
297f21e357
nixos/ntpd: format with nixfmt-rfc-style 2024-10-19 04:39:16 -04:00
Aleksana
8897c79d61
nixos/netdata: remove changefinder (#339803) 2024-10-19 16:02:59 +08:00
K900
894462661c Merge branch 'master' into staging-next 2024-10-19 09:09:13 +03:00
Peder Bergebakken Sundt
03d8f52dc6
nixos/tailscale: document tailscale-autoconnect (#347881) 2024-10-19 07:01:26 +02:00
Peder Bergebakken Sundt
465201822e
nixos/mihomo: fix option type and test (#345891) 2024-10-19 06:58:41 +02:00
github-actions[bot]
d0c2de8c22
Merge master into staging-next 2024-10-19 00:14:00 +00:00
Maximilian Bosch
c5b89642bf
Merge: nixos/nextcloud: fix shellcheck findings with enableStrictShellChecks enabled (#349558) 2024-10-18 23:57:53 +02:00
Sandro
f0bc4f6bbf
nixos-firewall-tool: add nftables support (#324615) 2024-10-18 23:57:39 +02:00
nicoo
6c62fbf539 nixos/sshd: warn if no authorized keys, and no authentication method other than pubkeys, were configured 2024-10-18 20:23:02 +00:00
nicoo
1f08575e3a nixos/sshd: Disable authorizedKeysInHomedir if stateVersion >= 24.11
Co-authored-by: Valentin Gagarin <valentin@gagarin.work>
2024-10-18 20:21:12 +00:00
Stanisław Pitucha
87c458e3ce
nixos/go-camo: fix shellcheck findings with enableStrictShellChecks enabled (#349557) 2024-10-19 06:22:18 +11:00
jmir1
858b5c6762 nixos/ddclient: Fix ip command with usev4 and usev6 2024-10-18 20:32:16 +02:00
Sandro
d72c0ce546
nixos/nextcloud-notify_push: fix connecting to mysql via socket (#348114) 2024-10-18 20:25:32 +02:00
Gary Guo
cabbab19e2
nixos-firewall-tool: add nftables support
Co-authored-by: Rvfg <i@rvf6.com>
2024-10-18 20:16:27 +02:00
github-actions[bot]
2c176e14b1
Merge master into staging-next 2024-10-18 18:04:25 +00:00
K900
e1bc488872
nixos/plasma6: fix shellcheck findings with enableStrictShellChecks e… (#349580) 2024-10-18 20:09:15 +03:00
Christina Sørensen
d218858bb1
nixos/wakapi: add database options; gate db creation behind database.createLocally (#341176) 2024-10-18 18:04:46 +02:00
Sandro Jäckel
fc31cfea42
nixos/plasma6: fix shellcheck findings with enableStrictShellChecks enabled 2024-10-18 17:29:23 +02:00
Sandro Jäckel
c4a7c0fae5
nixos/paperless: fix shellcheck findings with enableStrictShellChecks enabled 2024-10-18 17:28:03 +02:00
github-actions[bot]
a9f08a2b87
Merge master into staging-next 2024-10-18 12:05:39 +00:00
phaer
88b285c01d nixos/virtualisation: format image-related files 2024-10-18 13:32:50 +02:00
Atemu
dddcb35140
nixos/jupyter: set user primary group (#349415) 2024-10-18 12:05:43 +02:00
r-vdp
c9160efd81
nixos/kmonad: init 2024-10-18 11:47:26 +02:00
Rasmus Précenth
00e1112f9b
nixos/docker-registry: fix extraConfig docs
Co-authored-by: teutat3s <10206665+teutat3s@users.noreply.github.com>
2024-10-18 11:45:18 +02:00
Robert Hensing
01eb8df5f1
Rename macos-builder.nix -> nix-builder-vm.nix (#347255) 2024-10-18 11:26:20 +02:00
Vladimír Čunát
a8f84a9dff
nixos/kresd: add link to upstream doc (#311915) 2024-10-18 10:22:18 +02:00
Atemu
267847014a
nixos/immich: do not set services.redis.servers.immich.user (#345126) 2024-10-18 10:19:46 +02:00
Jacek Galowicz
d3a7fdf5b8
nixos/test-instrumentation: forward journald to correct tty also in systemd initrd (#349479) 2024-10-18 10:16:22 +02:00
nikstur
ea9b0daeee nixos/test-instrumentation: forward journald to correct tty also in systemd initrd
This is a follow up for #339730 where forwarding was correctly setup for
stage 2 but not for stage 1 if it is using systemd.
2024-10-18 10:08:29 +02:00
github-actions[bot]
275a4ece4b
Merge master into staging-next 2024-10-18 00:14:07 +00:00
Jack Wilsdon
df03b32278 nixos/jupyter: set user primary group 2024-10-17 23:44:53 +01:00
Will Fancher
594ac9011f
nixos/systemd-initrd: add missing kmod-blacklist src (#348505) 2024-10-17 15:46:51 -04:00
David McFarland
cd286b21e4
resolvconf: use correct output files when used with dnsmasq (#349320) 2024-10-17 16:44:18 -03:00
github-actions[bot]
7c78a608b4
Merge master into staging-next 2024-10-17 18:04:30 +00:00
David McFarland
403604ca66 resolvconf: use correct output files when used with dnsmasq 2024-10-17 14:20:57 -03:00
scrufulufugus
969102bd11 system76-scheduler: migrate to pkgs/by-name format 2024-10-17 18:22:34 +02:00
scrufulufugus
1d4df7adcc system76-scheduler: Move out of kernel category
system76-scheduler: add alias at old location
2024-10-17 18:22:34 +02:00
scrufulufugus
a1c03ab062 system76-power: Move out of kernel category
system76-power: add alias at old location
2024-10-17 18:22:34 +02:00
Maximilian Bosch
7cb22a0acb
nixos/users-groups: dump values of password options if multiple options have definitions
This was suggested since it might make it a little easier to identify
the places where the definitions come from.

Retrieving the effective definitions from the module-system seems
non-trivial, especially for submodules though, hence only the values are
shown for now.

I'd argue that especially the `password` option are mostly a convenience
thing for test setups. If the password is an actual secret, it should be
treated as such, i.e. `hashedPasswordFile` should be used.

For the `shadow` VM test, the new section of the warning looks like
this:

    The values of these options are:
    * users.users."leo".hashedPassword: "$6$ymzs8WINZ5wGwQcV$VC2S0cQiX8NVukOLymysTPn4v1zJoJp3NGyhnqyv/dAf4NWZsBWYveQcj6gEJr4ZUjRBRjM0Pj1L8TCQ8hUUp0"
    * users.users."leo".hashedPasswordFile: null
    * users.users."leo".password: null
    * users.users."leo".initialHashedPassword: "!"
    * users.users."leo".initialPassword: null
2024-10-17 17:41:34 +02:00
Paul Meyer
71c64f8ecc initrd: drop effectless modification of kmod-blacklist
The perl snippet as been added years ago. I assume the intention was to
remove the `## file: iwlwifi.conf` section up to the next `## file:`,
but as there is no file following, the snippet currently does nothing.
We should be fine to remove it.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-10-17 16:23:01 +02:00
Brendan Taylor
04e39de6eb nixos/immich: do not set services.redis.servers.immich.user
the redis module expects a user and group to exist with this name.
previously if there was no group with the same name as
`services.immich.user` the immich redis server would fail to start.

instead we can use the redis module's default behaviour: it will
create a user & group named "redis-immich".
2024-10-17 07:19:02 -06:00
github-actions[bot]
8ba820d7db
Merge master into staging-next 2024-10-17 12:05:34 +00:00
Atemu
644c36174b
nixos/redis: add option services.redis.servers.*.group (#345327) 2024-10-17 10:39:48 +02:00
Leona Maroni
edd292c18b
nixos/dokuwiki,nixos/wordpress,nixos/invoiceplane: Remove deprecated isCoercibleToString (#292801) 2024-10-17 09:32:14 +02:00
github-actions[bot]
2d65a9d98d
Merge master into staging-next 2024-10-17 00:14:14 +00:00
K900
bb72b22c6b
steam (and friends): migrate to by-name, small cleanups all over (#349109) 2024-10-16 23:54:49 +03:00
K900
5c33791df3 steam (and friends): migrate to by-name, small cleanups all over
- rename "steam-original" or "steam" to "steam-unwrapped", as that's what it is
- rename "steam-fhsenv" to "steam", as that's what you actually want
- remove some no-longer-relevant hacks
2024-10-16 23:27:24 +03:00
r-vdp
0f786baf5d
etc: remove unneeded temporary directions after putting in place the new etc 2024-10-16 22:22:58 +02:00
r-vdp
a2d4cea96e
etc: rename the temporary dirs so that they are recognisable
This makes it a lot easier to understand which dir is which
2024-10-16 22:22:58 +02:00
Ramses
7715240587
nixos/etc-overlay: avoid rebuilding the initrd every time the etc contents change (#340722) 2024-10-16 22:21:13 +02:00
Felix Bühler
cc42a1be7b
nixos/services.mysql: remove with lib; (#338048) 2024-10-16 21:38:48 +02:00
Robert Schütz
a9dee7c45b
immich: 1.117.0 -> 1.118.1 (#348890) 2024-10-16 12:31:58 -07:00
github-actions[bot]
775bea0160
Merge master into staging-next 2024-10-16 18:04:52 +00:00
Robert Schütz
e3152f80bf nixos/immich: change default port to 2283
This was always upstream's default but they also change the internal
port, i.e. behind the reverse proxy, to 2283 in
https://github.com/immich-app/immich/pull/13185.
2024-10-16 10:30:34 -07:00
Adam Stephens
bece21421b
nixos/atticd: wants network-online.target
fixes:

trace: evaluation warning: atticd.service is ordered after 'network-online.target' but doesn't depend on it
2024-10-16 12:36:19 -04:00
github-actions[bot]
d64350d170
Merge master into staging-next 2024-10-16 16:35:34 +00:00
r-vdp
24bf6e9cb8
nixos/etc-overlay: avoid rebuilding the initrd every time the etc contents change
Before this change, the hash of the etc metadata image was included in
the mount unit that's responsible for mounting this metadata image in the
initrd.
And because this metadata image changes with every change to the etc
contents, the initrd would be rebuild every time as well.
This can lead to a lot of rebuilds (especially when revision info is
included in /etc/os-release) and all these initrd archives use up a lot of
space on the ESP.

With this change, we instead include a symlink to the metadata image in the
top-level directory, in the same way as we already do for things like init and
prepare-root, and we deduce the store path from the init= kernel parameter,
in the same way as we already do to find the path to init and prepare-root.

Doing so avoids rebuilding the initrd all the time.
2024-10-16 17:42:58 +02:00
r-vdp
763dc50b08
nixos/systemd-initrd: pull the logic to find the nixos closure into a separate service 2024-10-16 17:42:50 +02:00
nikstur
e81710fa8b
nixos/userborn: fix username typo (#346773) 2024-10-16 17:00:39 +02:00
github-actions[bot]
05ae933cd6
Merge master into staging-next 2024-10-16 12:05:34 +00:00
Friedrich Altheide
53b37c99b4 virtualbox: nixfmt 2024-10-16 13:15:42 +02:00
Sefa Eyeoglu
77a65d189a
nixos/docker: keep live-restore disabled by default
See https://docs.docker.com/engine/daemon/live-restore/
See https://discourse.nixos.org/t/docker-hanging-on-reboot/18270/5
Closes https://github.com/NixOS/nixpkgs/issues/182916

Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
2024-10-16 11:17:37 +02:00
Sefa Eyeoglu
5900b644bb
nixos/docker: move live-restore option into daemon.settings
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
2024-10-16 11:15:37 +02:00
Aaron Andersen
2ab323a087
nixos/github-runners: Make 'enable' functional (#342996) 2024-10-16 10:18:14 +02:00
github-actions[bot]
0c3802422c
Merge master into staging-next 2024-10-16 06:04:54 +00:00
K900
70cc7b62f2
nixos/murmur: Set UMask to 027 (#348652) 2024-10-16 05:16:09 +03:00
github-actions[bot]
961e42940f
Merge master into staging-next 2024-10-16 00:14:08 +00:00
Robert Schütz
fb2d897809
nixos/headscale: don't set deprecated options in config (#347991) 2024-10-15 16:22:18 -07:00
Felix Bühler
e544a67eba
nixos/freshrss: fix phpfpm.pool (#347324) 2024-10-15 22:39:24 +02:00
Azat Bahawi
e2337957df
nixos/zapret: init (#347805) 2024-10-15 20:37:40 +00:00
Dmitry Voronin
5a5c04d1ea
nixos/zapret: init 2024-10-15 21:51:53 +03:00
Peder Bergebakken Sundt
13bf1d6259
nixos/resilio: add package option (#346427) 2024-10-15 20:38:41 +02:00
Will Fancher
a6e54f566a
nixos/networkd: support systemd-creds in WireGuard (#346964) 2024-10-15 14:31:27 -04:00
Martin Weinelt
72dd22a02d
nixos/coturn: reindent, unclutter
Make the module slightly easier to browse.
2024-10-15 18:31:52 +02:00
Martin Weinelt
6d9089c67d
nixos/coturn: set up sandboxing 2024-10-15 18:31:52 +02:00
Vladimír Čunát
8810e738c8
GNOME: 46 → 47 (#333911) 2024-10-15 18:07:04 +02:00
Felix Singer
13f6e2d85f nixos/murmur: Set UMask to 027
Group only needs limited access, while other users don't need access at
all. So set the UMask to 027.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
2024-10-15 02:43:42 +02:00
github-actions[bot]
31b11f1926
Merge staging-next into staging 2024-10-15 00:14:36 +00:00
Maximilian Bosch
0f1e2a1cd8
nixos/postgresql: MemoryDenyWriteExecute must be off when doing JIT
The test breaks like this otherwise:

    machine # WARNING:  error during JITing: Permission denied
    machine # [   14.012280] postgres[913]: [913] WARNING:  error during JITing: Permission denied
    machine # ERROR:  failed to look up symbol "evalexpr_0_1": Failed to materialize symbols: { (main, { evalexpr_0_1, evalexpr_0_0 }) }
2024-10-14 23:57:39 +02:00
Masum Reza
18760e4c99
{nixos/gpu-screen-recorder,gpu-screen-recorder{-,gtk}}: update to 4.1.11, remove cap_sys_nice (#339874) 2024-10-15 02:16:59 +05:30
Someone
a9b63f037b
nvidia-container-toolkit: add "nvidia" to services.xserver.videoDrivers (#344174) 2024-10-14 19:58:35 +00:00
Pol Dellaiera
242832e023
nixos/nix-fallback-paths: 2.24.8 -> 2.24.9 (#348411) 2024-10-14 21:10:40 +02:00
github-actions[bot]
873f258025
Merge staging-next into staging 2024-10-14 18:04:57 +00:00
Sandro Jäckel
db12279890
nixos/go-camo: fix shellcheck findings with enableStrictShellChecks enabled 2024-10-14 18:21:30 +02:00
Sandro Jäckel
1ada7c1d36
nixos/nextcloud: fix shellcheck findings with enableStrictShellChecks enabled 2024-10-14 18:20:25 +02:00
Arian van Putten
f167bdaab9
Make arianvp codeowner of aws (#348499) 2024-10-14 16:16:56 +02:00
Michele Guerini Rocco
35618d0b14
nixos/dhcpcd: fix race between namespace setup and resolvconf (#348305) 2024-10-14 15:44:32 +02:00
Adam C. Stephens
86420f4ee8
nixos/atticd: init module (#347749) 2024-10-14 09:33:35 -04:00
Bobby Rong
a506339b29
nixos/localsearch, nixos/tinysparql: Remove some empty lines
As requested by Sandro.
2024-10-14 20:54:19 +08:00
Bobby Rong
09918511b8
xdg-user-dirs-gtk: init at 0.11
https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1625#note_2234235
2024-10-14 20:54:17 +08:00
Bobby Rong
8a8d0974b8
nixos/localsearch: Format with nixfmt
As requested by CI.
2024-10-14 20:54:11 +08:00
Bobby Rong
c0a9799ad1
tinysparql: Renamed from tracker
The project renamed in 3.8.

This commit is done by hand.
2024-10-14 20:54:11 +08:00
Bobby Rong
bd9782dc89
localsearch: Renamed from tracker-miners
The project renamed in 3.8.

This commit is done by hand.
2024-10-14 20:54:11 +08:00
Bobby Rong
f65d304316
nixos/tinysparql: Format with nixfmt
As requested by CI.
2024-10-14 20:54:09 +08:00
Bobby Rong
6bfd9413a7
nixos/localsearch: Renamed from tracker-miners module
The project was renamed.
2024-10-14 20:54:09 +08:00
Bobby Rong
faf647b799
nixos/tinysparql: Renamed from tracker module
The project was renamed.
2024-10-14 20:54:09 +08:00
Bobby Rong
f65fd4b0dd
nixos/tracker: Remove subcommandPackages option
The TRACKER_CLI_SUBCOMMANDS_DIR env is superseded by TRACKER_CLI_DIR env in
d14c3bb0af

The TRACKER_CLI_DIR env is then removed in
3a86e86c9d
with the commit message "we do no longer expect this CLI to be extended by external
projects".

Also tracker-miners (localsearch) now provides its own cli tool:
a8989f4378
2024-10-14 20:54:09 +08:00
github-actions[bot]
a445289eb9
Merge staging-next into staging 2024-10-14 12:41:38 +00:00
Martin Weinelt
f4226b78df
knot-dns: 3.4.0 -> 3.4.1 (#348476) 2024-10-14 14:20:26 +02:00
github-actions[bot]
b9f01e6de3
Merge staging-next into staging 2024-10-14 12:06:08 +00:00
Richard Steinmetz
b9ca8498aa nixos/nextcloud-notify_push: fix connecting to mysql via socket 2024-10-14 13:30:05 +02:00
Sandro
eafd968bfd
nixos/systemd: fix enableStrictShellChecks description 2024-10-14 13:17:29 +02:00
Arian van Putten
0890727868 nixos/ec2-data: Make arianvp maintainer 2024-10-14 12:44:16 +02:00
Paul Meyer
2f6e0c8de3 nixos/systemd-initrd: add missing kmod-blacklist src
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2024-10-14 11:34:27 +02:00
Vladimír Čunát
46954f61c6
nixos/knotd: extend SystemCallFilter
It was breaking knot-dns.tests.knot
New knotd uses fchown to cover cases where user changes during startup.
In typical Linux cases the user is kept the same and there are
capabilities instead, but the syscall still happens and got caught here.
2024-10-14 10:26:46 +02:00
Markus Kowalewski
812640f38a
nixos/saunafs: add module + test (#347337) 2024-10-14 09:24:51 +02:00
github-actions[bot]
55382a65b9
Merge staging-next into staging 2024-10-14 06:05:43 +00:00
rnhmjoj
52e2e7027d
dhcpcd: fix race between namespace setup and resolvconf
systemd requires paths in `ReadWritePaths=` to exist before setting up
the service sandbox, so dhcpcd should be ordered after resolvconf.
Making resolvconf a oneshot service ensure `After=resolvconf.service`
works correctly.
2024-10-14 08:02:46 +02:00
Daniel Olsen
0ac0623e15 mjolnir: 1.6.5 -> 1.8.3 2024-10-14 07:43:39 +02:00
Pol Dellaiera
56cbea0d2e
snapweb: init at 0.8.0 (#347536) 2024-10-14 07:14:23 +02:00
zowoq
a87bc99783 nixos/nix-fallback-paths: 2.24.8 -> 2.24.9
https://releases.nixos.org/nix/nix-2.24.9/fallback-paths.nix
2024-10-14 13:00:57 +10:00
Felix Buehler
de810c5163 nixos/freshrss: update de parameters 2024-10-13 23:07:46 +02:00
github-actions[bot]
d489b14cea
Merge staging-next into staging 2024-10-13 18:04:18 +00:00
Christian Kögler
5082384e7d networkd: add missing option SendHostname and Hostname for dhcpV6Config 2024-10-13 18:44:25 +02:00
Bjørn Forsman
21529d1813 nixos/ups: shutdown UPS at host shutdown
Implement the missing bit of the NUT shutdown design[1]. This ensures
that machines come back up automatically after a power outage. (Without
this change they will only come back up if the UPS completely empties
its battery.)

[1] https://networkupstools.org/docs/user-manual.chunked/Configuration_notes.html#Shutdown_design
2024-10-13 17:55:52 +02:00
Bjørn Forsman
3b781a1e72 nixos/ups: document default upsmon MONITOR value 2024-10-13 17:55:52 +02:00
Bjørn Forsman
2b90f4cdb3 nixos/ups: sort settings attributes
They're listed twice (documentation and implementation) and this change
makes it easier to compare the attrsets.
2024-10-13 17:55:52 +02:00
Adam Stephens
8d4f3f2b3e
nixos/atticd: init module
Copied from 1b29816235/nixos/atticd.nix and modified
2024-10-13 08:23:34 -04:00
rnhmjoj
565f972ded
nixos/getty: add option to autologin once per boot, take 2
Another attempt to bring ae48df3e while avoiding the Nix symlink bug[1].
I guess the bug was triggered by the sbin -> bin symlink in util-linux.

[1]: https://github.com/NixOS/nix/issues/9579
2024-10-13 12:45:15 +02:00
Robert Schütz
cc4d29d353 nixos/headscale: assert that dns.base_domain is set when using MagicDNS 2024-10-12 18:28:17 -07:00
github-actions[bot]
bf97df9c1c
Merge staging-next into staging 2024-10-13 00:15:51 +00:00
github-actions[bot]
4a5ad0965f
Merge master into staging-next 2024-10-13 00:15:27 +00:00
nikstur
ca8147e42e
qemu-vm: fix case-hack appearing in store image (#347636) 2024-10-12 21:50:11 +02:00
K900
001fb496bf Merge remote-tracking branch 'origin/master' into staging-next 2024-10-12 21:08:11 +03:00
Kerstin
35c52ab030
mastodon: 4.2.13 -> 4.3.0 (#337545) 2024-10-12 19:37:08 +02:00
Markus Kowalewski
d22d60f3ac
nixos/saunafs: add module + test 2024-10-12 19:13:00 +02:00
James Atkins
f579c189a7 nixos/buildbot-master: allow merging extraConfig and extraImports
Allow multiple definitions to be concatenated together with a new line.
2024-10-12 11:56:07 -05:00
Florian Klink
2afe930c60
ipu6: update packages (#347918) 2024-10-12 19:27:43 +03:00
Maximilian Bosch
f840d87a6e
Merge: nixos/nginx: expand proxyResolveWhileRunning's description (#347164) 2024-10-12 17:14:43 +02:00
Cosima Neidahl
e58a261efb
lomiri.*: Updates (#341377) 2024-10-12 16:49:25 +02:00
github-actions[bot]
f201fe5883
Merge staging-next into staging 2024-10-12 12:05:39 +00:00
github-actions[bot]
4433a315bd
Merge master into staging-next 2024-10-12 12:05:08 +00:00
Florian Klink
237016d023
gogs: remove (#348053) 2024-10-12 13:13:13 +03:00
Ramses
b1e4854ecb
nixos/automatic-timezoned: set time.timeZone to null to avoid silent overriding (#347217) 2024-10-12 11:12:27 +02:00
Pol Dellaiera
afd96bad04
Bump and fix nextjs-ollama-llm-ui (#347856) 2024-10-12 10:42:53 +02:00
Maximilian Bosch
875f00ed40
gogs: remove
Upstream development has stalled and several critical vulnerabilities
that weren't addressed within a year[1][2].

Back then it was fair to mark it as insecure, but given nothing has
happened since, it's time to remove it.

[1] https://forgejo.org/2023-11-release-v1-20-5-1/
[2] https://github.com/gogs/gogs/issues/7777
2024-10-12 10:36:06 +02:00
Robert Schütz
0673e98248 nixos/headscale: update option descriptions 2024-10-11 20:17:15 -07:00
Robert Schütz
dfb0f00fc9 nixos/headscale: don't set deprecated options in config
We cannot use `mkRenamedOptionModule` or `mkRemovedOptionModule` inside
a freeform option. Thus we have to manually assert these deprecated
options aren't used rather than aliasing them to their replacement.
2024-10-11 20:05:29 -07:00
github-actions[bot]
9f6509c682
Merge staging-next into staging 2024-10-12 00:14:07 +00:00
github-actions[bot]
4f2eec3440
Merge master into staging-next 2024-10-12 00:13:45 +00:00
Matej Cotman
f53387e15a ipu6: update packages
This updates the ipu6 driver and firmware to a more recent version,
which seems to at least work in Chrom{e,ium}.

ipu6-drivers now relies on the in-kernel ipu6 kernel driver, so we
update our logic and metadata for it.
2024-10-12 00:45:04 +03:00
Kira Bruneau
79a1c330d3
nixos/gamemode: use listsAsDuplicateKeys for settings (#345121) 2024-10-11 17:36:26 -04:00
Robert Schütz
d4ae06c73b nixos/headscale: assert that server_url does not contain base_domain 2024-10-11 13:29:04 -07:00
Bruno Bigras
986d7cad0d
wakapi: set StateDirectory (#347431) 2024-10-11 14:48:16 -04:00
Atemu
12ef18d2e3
nixos/systemd-boot: Simpler windows dual booting (#344327) 2024-10-11 20:25:08 +02:00
github-actions[bot]
9b6cd89281
Merge staging-next into staging 2024-10-11 18:05:02 +00:00
github-actions[bot]
b415f9c282
Merge master into staging-next 2024-10-11 18:04:32 +00:00
MithicSpirit
08831a7160
nixos/gamemode: use listsAsDuplicateKeys for settings
This allows settings multiple scripts in `.custom.start` and
`.custom.end`, as Gamemode reads them back out into a list.

This is slightly annoying, as *any* duplicate keys will appear multiple
times, while gamemode will only accept the last one for most keys
(clobbering previous ones). Ideally, it would be possible to only enable
`listsAsDuplicateKeys` for scripts, but this does not seem to be
possible in `pkgs.formats.ini`.
2024-10-11 11:41:35 -04:00
Florian Klink
7ba149e9d1
nixos/gerrit: Apply initial hardening using the systemd unit (#347661) 2024-10-11 15:16:09 +03:00
Peder Bergebakken Sundt
233d422887 nixos/tailscale: document tailscale-autoconnect 2024-10-11 10:59:49 +02:00
Felix Uhl
73011ba96f nixos/systemd-boot: add windows option for easy dual-booting
When installing NixOS on a machine with Windows, the "easiest" solution
to dual-boot is re-using the existing EFI System Partition (ESP), which
allows systemd-boot to detect Windows automatically.

However, if there are multiple ESPs, maybe even on multiple disks,
systemd-boot is unable to detect the other OSes, and you either have to
use Grub and os-prober, or do a tedious manual configuration as
described in the wiki:
https://wiki.nixos.org/w/index.php?title=Dual_Booting_NixOS_and_Windows&redirect=no#EFI_with_multiple_disks

This commit automates and documents this properly so only a single line
like

    boot.loader.systemd-boot.windows."10".efiDeviceHandle = "HD0c2";

is required.

In the future, we might want to try automatically detecting this
during installation, but finding the correct device handle while the
kernel is running is tricky.
2024-10-11 10:56:02 +02:00
Felix Uhl
f2e5b04c4e nixos/systemd-boot: add edk2-uefi-shell boot option
We already have a edk2-uefi-shell package in nixpkgs, but adding it to
systemd-boot was somewhat tedious. Now it's a single line of nix.
2024-10-11 10:53:42 +02:00
Felix Uhl
548206583d nixos/systemd-boot: autoformat 2024-10-11 10:53:38 +02:00
Kranium Gikos Mendoza
f385d942e1 nextjs-ollama-llm-ui: fix nextjs cache dir (#344316) 2024-10-11 17:35:37 +11:00
github-actions[bot]
a45a33309f
Merge staging-next into staging 2024-10-11 06:05:14 +00:00
github-actions[bot]
e26f69eb82
Merge master into staging-next 2024-10-11 06:04:46 +00:00
Emily
50c2aef3e7
nixos/netboot: Compress squashfs with zstd 19 (#341422) 2024-10-11 05:11:50 +01:00