Commit Graph

46013 Commits

Author SHA1 Message Date
Masum Reza
e13831335f
treewide: stdenv.is -> stdenv.hostPlatform.is (#356363)
* treewide: stdenv.is -> stdenv.hostPlatform.is

* treewide: nixfmt due to ci error
2024-11-17 16:11:54 +05:30
Tom Fitzhenry
a2337e4f6c nixos/spiped: use systemctl restart during activation
As is common with other networking services, stopIfChanged=true (the default) can cause O(seconds) downtime during activation.

Reduce this downtime by disabling stopIfChanged as done in:
* sshd https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix#L569
* tailscale https://github.com/NixOS/nixpkgs/pull/170210
2024-11-17 20:39:25 +11:00
Tom Fitzhenry
235d103ff7 nixos/clatd: add enableNetworkManagerIntegration option 2024-11-17 20:38:55 +11:00
Martin Weinelt
f3a1d218b0
nixos/zigbee2mqtt: only add port to DeviceAllow if it is a device (#356573) 2024-11-16 22:52:47 +01:00
Andrew Marshall
577e162073 nixos/zigbee2mqtt: only add port to DeviceAllow if it is a path
zigbee2mqtt supports having non-device ports (e.g. `tcp://`); those
should not be set in DeviceAllow. No URI will start with `/`, so use
that as the filter that it is a “real” device that needs to be allowed.
2024-11-16 16:47:38 -05:00
Maximilian Bosch
97a911e8fb
Merge: nixos/postgresql: extension based hardening relaxation (#355010) 2024-11-16 22:29:36 +01:00
Leona Maroni
3013234aef
druid: 30.0.0 -> 31.0.0 (#351877) 2024-11-16 22:20:41 +01:00
Maximilian Bosch
6306bb79b8
Merge: nixos/rl-2411: fix version Grafana has been updated to (#356528) 2024-11-16 21:21:28 +01:00
Maximilian Bosch
68d9643388
nixos/tests/postgresql: test plv8 hardening on non-JIT variants only
PostgreSQL with JIT support enabled doesn't work with plv8. Hence, we'd
get an evaluation failure for each
`nixosTests.postgresql.postgresql.postgresql_jit_X`.

This should be restructured in the future (less VM tests for custom
extensions, but a single VM test for this case to cover). For now, we
should get this fix out and this is a good-enough approach.
2024-11-16 21:16:06 +01:00
Masum Reza
e6914ee14c
nixos/hyprland: adds programs.hyprland.withUWSM option (#355959) 2024-11-17 00:41:49 +05:30
Maximilian Bosch
3bad58ed01
nixos/rl-2411: fix version Grafana has been updated to 2024-11-16 18:57:15 +01:00
Martin Weinelt
e198536d26
nixosTests.postgresql: test hardening gets relaxed
The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.

Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
2024-11-16 17:29:34 +01:00
Martin Weinelt
d370af0785
nixos/postgresql: create infrastructure for relaxing systemd hardening
By matching on the package names of the plugins passed into the package
we can relax the systemd unit hardening as needed.
2024-11-16 17:29:34 +01:00
Masum Reza
f4ae47b33e
nixos/gdm: automatically enable services.displayManager (#353848) 2024-11-16 21:40:04 +05:30
Martin Weinelt
223a6c6ed0
nixos/postgresql: rename extraPlugins to extensions
This is the upstream lingo, and it makes everything slightly less
confusing.
2024-11-16 14:46:16 +01:00
Guillaume Girol
8bb2a40c90
sgx-psw+aesmd: 2.24 -> 2.25 (#353041) 2024-11-16 12:21:10 +01:00
Marcus Ramberg
0aa644e317
k3s_1_31: 1.31.1+k3s1 -> 1.31.2+k3s1 (#352182) 2024-11-16 09:42:43 +01:00
Emily
fbd635df5d nixos/doc/rl-2505: add more comments about ordering
This looks a little ridiculous right now, but my experience is that
it’s common to find the beginning or end of a section and add more
things there without seeing the comments. We should probably move
to a one file per release note system, but in the meantime this is
a low‐cost way to help reduce merge conflicts.
2024-11-16 06:48:00 +00:00
Emily
71e6c012dc nixos/doc/rl-2505: fix quotes
Fixes: a836397580
2024-11-16 06:47:32 +00:00
Adam C. Stephens
7ea9ba60d8
nixos/incus: add incus-user service and socket (#355645) 2024-11-15 23:34:21 -05:00
Adam Stephens
0214dd4ef2
nixos/tests/incus: test incus-user 2024-11-15 23:32:16 -05:00
jopejoe1
95b30da133
nixos/shairport-sync: add package option (#355985) 2024-11-16 03:12:02 +01:00
Lin Jian
8ebe7dbb74
kanata: 1.7.0-prerelease-1 -> 1.7.0 (#356078) 2024-11-16 09:20:36 +08:00
Felix Bühler
8a95f3f42b
nixos/mopidy: fix Python dependency collisions between extensions (#354069) 2024-11-16 00:59:30 +01:00
Gaétan Lepage
34dd7c3f68
nixos/auto-upgrade: Format (#356091) 2024-11-16 00:41:13 +01:00
Weijia Wang
cedd087b81
globalprotect-openconnect: Reinstate v1 (#355758) 2024-11-15 18:25:57 +01:00
Colin
c00cdccd00
nixos/teleport: add required utils to path (#332810) 2024-11-15 13:16:39 +00:00
GetPsyched
5b8a714968 nixos-render-docs: init redirects system
Co-authored-by: Valentin Gagarin <valentin@gagarin.work>
2024-11-15 14:09:21 +01:00
Masum Reza
2435883703
nixos/g810-led: add to modules-list.nix (#356164) 2024-11-15 18:27:50 +05:30
Jordan Williams
697fa78c9a
nixos/shairport-sync: add package option 2024-11-15 06:47:24 -06:00
John Titor
0388195e8a
nixos/release-notes-24.11: add g810-led 2024-11-15 17:58:12 +05:30
John Titor
059a8da6b1
nixos/g810-led: add to modules-list.nix 2024-11-15 17:53:14 +05:30
Maximilian Bosch
5c01691cf2
Merge: postgresql_12: remove (#353158) 2024-11-15 12:07:14 +01:00
K900
1bc481ce87
nixos/plasma6: add qtimageformats to the requiredPackages (#306227) 2024-11-15 13:20:59 +03:00
John Titor
04f223946c
nixos/hyprland: adds programs.hyprland.withUWSM option
Bool: controls whether Hyprland is configured with UWSM or not.

Upstream recommends using UWSM for better compatibility with systemd integration.
https://wiki.hyprland.org/Useful-Utilities/Systemd-start/
2024-11-15 14:32:29 +05:30
Dmitry Chermnykh
8abd7b3220 nixos/plasma6: add qtimageformats to the requiredPackages
This is needed for qt6 apps to be able to work with certain image formats such as .webp and .avif

Closes https://github.com/NixOS/nixpkgs/issues/304523
2024-11-15 13:27:05 +05:00
Maximilian Bosch
0b3eef7441
postgresql_12: remove
This will be EOL at the end of November, so there's little reason to
keep it in 24.11[1]. As discussed, we'd like to keep it for as long as
possible to make sure there's a state in nixpkgs that has the latest
minor of postgresql_12 available with the most recent CVEs fixed for
people who cannot upgrade[2].

This aspect has been made explicit in the manual now for the next .11
release.

During the discussions it has been brought up that if people just do
`services.postgresql.enable = true;` and let the code decide the
postgresql version based on `system.stateVersion`, there's a chance that
such EOL dates will be missed. To make this harder, a warning will now
be raised when using the stateVersion-condition and the oldest still
available major is selected.

Additionally regrouped the postgresql things in the release notes to
make sure these are all shown consecutively. Otherwise it's a little
hard to keep track of all the changes made to postgresql in 24.11.

[1] https://endoflife.date/postgresql
[2] https://github.com/NixOS/nixpkgs/pull/353158#issuecomment-2453056692
2024-11-15 09:17:06 +01:00
liberodark
b9956ceb87 nixos/auto-upgrade: Format 2024-11-15 08:36:15 +01:00
Colin
9bd0271b22
nixos/minidlna: add package option (#345770) 2024-11-15 06:29:43 +00:00
Lin Jian
6915a163f3
doc/release-notes: change "New Services" to "New Modules" (#356080) 2024-11-15 14:03:24 +08:00
Masum Reza
b90d2b442b
nixos/soteria: init module (#355924) 2024-11-15 11:32:05 +05:30
Lin Jian
6a4d0b34e4
doc/release-notes: change "New Services" to "New Modules" 2024-11-15 13:56:35 +08:00
Lin Jian
719cc9e742
kanata: 1.7.0-prerelease-1 -> 1.7.0
https://github.com/jtroo/kanata/compare/v1.7.0-prerelease-1...v1.7.0
2024-11-15 13:46:40 +08:00
Norbert Melzer
5193297a6c
nixos/dashy: import nixosModule (#355979) 2024-11-15 06:43:49 +01:00
Masum Reza
c04b381470
nixos/g810-led: init (#355884) 2024-11-15 10:03:47 +05:30
Marcus Ramberg
360e88231c
nixos/k3s: use same k3s package in multi-node test (#355964) 2024-11-14 23:36:23 +01:00
Austin Horstman
57533f358a
pingvin-share: 1.1.3 -> 1.2.4 (#354105) 2024-11-14 13:40:09 -06:00
TheRealGramdalf
ee070b132a nixos/dashy: import nixosModule 2024-11-14 19:10:32 +00:00
Robert Rose
2a79402b1e nixos/k3s: use same k3s package in multi-node test
The test previously violated the Kubernetes version skew policy by
deploying a kubelet of hte most recent version in a cluster with an
older apiserver.
2024-11-14 16:04:29 -03:00
John Titor
48da44a481
nixos/hyprland: format with nixfmt rfc style 2024-11-14 23:47:26 +05:30