Commit Graph

9411 Commits

Author SHA1 Message Date
Sascha Grunert
35f7a3347c
kubernetes: fix certificate generation
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-10 13:07:32 +02:00
Izorkin
535896671b
nixos/nginx: remove option enableSandbox 2020-09-10 08:19:20 +03:00
Ryan Mulligan
531c08a1d9 nixos/jitsi-meet: add docs 2020-09-09 22:18:20 -07:00
ajs124
c97fcc3fe0
Merge pull request #97438 from pbogdan/openvpn-path
nixos/openvpn: path now requires conversion to a string
2020-09-09 23:59:01 +02:00
Kevin Cox
57b9d5c144
chrony: Create state directory with correct owner.
Fixes https://github.com/NixOS/nixpkgs/issues/97546
2020-09-09 15:48:48 -04:00
Thomas Tuegel
959c0bf468
Merge pull request #97456 from ttuegel/master--plasma5-no-qt-5.15
Remove Qt 5.15 from the Plasma 5 closure
2020-09-09 05:14:21 -05:00
Axel Forsman
b6139e58e3 nixos/picom: add experimentalBackends option
This option is only available as a command-line flag and not from the
config file, that is `services.picom.settings`. Therefore it is more
important that it gets its own option.

One reason one might need this set is that blur methods other than
kernel do not work with the old backends, see yshui/picom#464.

For reference, the home-manager picom module exposes this option too.
2020-09-09 11:30:48 +02:00
WORLDofPEACE
e044909aba
Merge pull request #93764 from evenbrenden/xdg-session-id-user-units
nixos/displayManager: add XDG_SESSION_ID to systemd user environment
2020-09-08 21:29:24 -04:00
Peter Hoeg
42eebd7ade
Merge pull request #96844 from peterhoeg/m/nfs
nixos/nfsd: run rpc-statd as a normal user
2020-09-09 09:10:46 +08:00
Lassulus
dd966067ae
Merge pull request #97381 from xaverdh/xmonad-configurable
nixos/xmonad: give users some build and runtime control
2020-09-08 20:57:17 +02:00
Maximilian Bosch
40f7a4ecec
Merge pull request #97371 from WilliButz/bitwarden_rs/environment-file
nixos/bitwarden_rs: add environmentFile option
2020-09-08 20:25:28 +02:00
Maciej Krüger
8c4dd13e3f
nixos/cinnamon: add warpinator & blueberry pkgs 2020-09-08 17:09:12 +02:00
Peter Hoeg
5882e3072a
Merge pull request #97325 from peterhoeg/m/mailhog
nixos/mailhog: run with DynamicUser
2020-09-08 22:55:47 +08:00
Thomas Tuegel
053b05d14d
Remove Qt 5.15 from Plasma closure 2020-09-08 08:47:34 -05:00
Piotr Bogdan
cb141359bf nixos/openvpn: path now requires conversion to a string
Following changes in https://github.com/NixOS/nixpkgs/pull/91092 the `path` attribute is now a list
instead of being a string. This resulted resulted in the following evaluation error:

"cannot coerce a list to a string, at [...]/nixos/modules/services/networking/openvpn.nix:16:18"

so we now need to convert it to the right type ourselves.

Closes https://github.com/NixOS/nixpkgs/issues/97360.
2020-09-08 11:09:04 +01:00
Oleksii Filonenko
45d7f59da8
Merge pull request #97217 from sephii/nixos-caddy-v2-migration 2020-09-08 11:17:55 +03:00
Linus Heckemann
ef4e81d756
Merge pull request #96830 from mayflower/unifi-poller
unifi-poller: add service and prometheus-exporter
2020-09-08 09:53:07 +02:00
Sylvain Fankhauser
b8bfe941fa
caddy: address remaining MR comments for v2 2020-09-08 09:29:04 +02:00
Richard Marko
f54612264e nixos/jack,pulseaudio: fix pulse connection to jackd service
This fixes the case when Jack Audio Daemon is running
as a service via `services.jack.jackd` and Pulseaudio
running as a *user* service.

Two issues prevented connecting `pulse` with `jackd`:
* Missing `JACK_PROMISCUOUS_SERVER` environment variable for `pulse` user service,
  resulting in `pulse` trying to access `jackd` as if it was running as part of
  the users session.
* `jackd` not being able to access socket created by `pulse` due to socket
  created using user ID and `users` group. Change allows `jackd` to access
  the socket created by `pulse` correctly.

`pulse` now also autoloads `module-jack-sink` and `module-jack-source`
if `services.jack.jackd.enable` is set.

The default `pulse` package is now set to `pulseaudioFull` automatically
if `services.jack.jackd.enable` is set.
2020-09-08 08:44:20 +02:00
Thomas Tuegel
0b3cc29f09
Merge pull request #97242 from ttuegel/qt-5.15
Qt 5.15.0
2020-09-07 20:18:57 -05:00
Maciej Krüger
04ea3a0ff6
nixos/cinnamon: init
Co-Authored-By: WORLDofPEACE <worldofpeace@protonmail.ch>
2020-09-08 01:44:09 +02:00
Dominik Xaver Hörl
10ecd1f45b nixos/xmonad: allow passing compile time options to ghc invocation 2020-09-07 20:16:25 +02:00
Dominik Xaver Hörl
15d87cb81c nixos/xmonad: allow passing command line arguments 2020-09-07 19:25:45 +02:00
WilliButz
76362dd7eb
nixos/bitwarden_rs: add environmentFile option
Add the option `environmentFile` to allow passing secrets to the service
without adding them to the Nix store, while keeping the current
configuration via the existing environment file intact.
2020-09-07 17:39:53 +02:00
Evan Stoll
a31736120c nixos/lorri: add package option 2020-09-07 15:46:15 +02:00
Thomas Tuegel
20bfb27eaf nixos/plasma5: Use Qt 5.14 2020-09-07 08:06:33 -05:00
Peter Hoeg
d6264419f5 nixos/nfsd: run rpc-statd as a normal user 2020-09-07 18:04:03 +08:00
Peter Hoeg
9123308be5 nixos/mailhog: run with DynamicUser 2020-09-07 17:56:53 +08:00
WilliButz
5d51096839
nixos/prometheus-exporters: fix default firewall filter
Instead of always using the default port of one exporter for its default
firewall filter, the port from the current service configuration is used.
2020-09-07 10:28:36 +02:00
Oleksii Filonenko
6322325a53
caddy: 1.0.5 -> 2.0.0
Rename legacy v1 to `caddy1`
2020-09-07 09:39:16 +02:00
Maximilian Bosch
cac5339531
nixos/doc/borgbackup: correct install instructions for vorta
No need to fiddle around with `flatpack` to get `vorta`, a graphical
desktop-client for `borgbackup` running as it's available in `nixpkgs`.
2020-09-06 22:44:37 +02:00
Silvan Mosberger
f822080b05
Merge pull request #68887 from teto/ssh_banner
services.openssh: add banner item
2020-09-06 22:15:25 +02:00
Matthieu Coudron
1835fc455b services.openssh: add banner
Add the possibility to setup a banner.

Co-authored-by: Silvan Mosberger <github@infinisil.com>
2020-09-06 21:32:20 +02:00
Florian Klink
d7046947e5
Merge pull request #91121 from m1cr0man/master
Restructure acme module
2020-09-06 18:26:22 +02:00
elseym
aaf0002f68
prometheus-unifi-poller-exporter: init module 2020-09-06 17:48:19 +02:00
elseym
b381aacbba
nixos/unifi-poller: init unifi-poller service 2020-09-06 17:47:52 +02:00
Peter Hoeg
6e22c6ea6a
Merge pull request #96769 from peterhoeg/m/phpfpm
nixos/phpfpm: always restart service on failure
2020-09-06 21:41:38 +08:00
Florian Klink
569fdb2c35
Merge pull request #93424 from helsinki-systems/feat/gitlab-mailroom
nixos/gitlab: Support incoming mail
2020-09-06 15:34:02 +02:00
Julien Moutinho
fb6d63f3fd apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
Peter Hoeg
5483b1e216
Merge pull request #97123 from peterhoeg/m/fscache
nixos/cachefilesd: don't set up manually
2020-09-06 10:23:32 +08:00
Evan Stoll
854a229ae5
nixos/terraria: allow dataDir to be configured (#89033)
* nixos/terraria: allow dataDir to be configured

add dataDir option to terraria module

* Update nixos/modules/services/games/terraria.nix

Co-authored-by: WORLDofPEACE <worldofpeace@protonmail.ch>

Co-authored-by: WORLDofPEACE <worldofpeace@protonmail.ch>
2020-09-05 16:37:52 -04:00
Lassulus
964606d40f
Merge pull request #96659 from doronbehar/module/syncthing
nixos/syncthing: add ignoreDelete folder option
2020-09-05 22:05:04 +02:00
Even Brenden
660882d883 nixos/displayManager: add XDG_SESSION_ID to systemd user environment
xss-lock needs XDG_SESSION_ID to respond to loginctl lock-session(s)
(and possibly other session operations such as idle hint management).
This change adds XDG_SESSION_ID to the list of imported environment
variables when starting systemctl.

Inspired by home-manager, add importVariables configuration.

Set session to XDG_SESSION_ID when running xss-lock as a service.

Co-authored-by: misuzu <bakalolka@gmail.com>
2020-09-05 20:36:18 +02:00
Oleksii Filonenko
d71cadacd9
nixos/caddy: use v2 by default 2020-09-05 14:09:17 +02:00
Oleksii Filonenko
8cc592abfa
nixos/caddy: add support for v2 2020-09-05 14:09:16 +02:00
Peter Hoeg
6ef2152b5d nixos/cachefilesd: don't set up manually
Use our available infrastructure instead of manually handling setup.
2020-09-04 16:11:55 +08:00
Philipp Bartsch
47928442a8 nixos/opendkim: add keyPath to ReadWritePaths 2020-09-03 17:54:16 +02:00
Philipp Bartsch
118f341723 nixos/opendkim: add systemd service sandbox 2020-09-03 17:54:15 +02:00
Lucas Savva
61dbf4bf89
nixos/acme: Add proper nginx/httpd config reload checks
Testing of certs failed randomly when the web server was still
returning old certs even after the reload was "complete". This was
because the reload commands send process signals and do not wait
for the worker processes to restart. This commit adds log watchers
which wait for the worker processes to be restarted.
2020-09-02 19:25:30 +01:00
Lucas Savva
982c5a1f0e
nixos/acme: Restructure module
- Use an acme user and group, allow group override only
- Use hashes to determine when certs actually need to regenerate
- Avoid running lego more than necessary
- Harden permissions
- Support "systemctl clean" for cert regeneration
- Support reuse of keys between some configuration changes
- Permissions fix services solves for previously root owned certs
- Add a note about multiple account creation and emails
- Migrate extraDomains to a list
- Deprecate user option
- Use minica for self-signed certs
- Rewrite all tests

I thought of a few more cases where things may go wrong,
and added tests to cover them. In particular, the web server
reload services were depending on the target - which stays alive,
meaning that the renewal timer wouldn't be triggering a reload
and old certs would stay on the web servers.

I encountered some problems ensuring that the reload took place
without accidently triggering it as part of the test. The sync
commands I added ended up being essential and I'm not sure why,
it seems like either node.succeed ends too early or there's an
oddity of the vm's filesystem I'm not aware of.

- Fix duplicate systemd rules on reload services

Since useACMEHost is not unique to every vhost, if one cert
was reused many times it would create duplicate entries in
${server}-config-reload.service for wants, before and
ConditionPathExists
2020-09-02 19:22:43 +01:00
Félix Baylac-Jacqué
09c383c17a
Merge pull request #94917 from ju1m/biboumi
nixos/biboumi: init
2020-09-02 17:43:27 +02:00
WORLDofPEACE
18348c7829
Merge pull request #96042 from rnhmjoj/loaOf
treewide: completely remove types.loaOf
2020-09-02 08:45:37 -04:00
Julien Moutinho
f333296776 nixos/biboumi: init 2020-09-02 08:31:53 +02:00
John Ericson
1965a241fc
Merge pull request #61019 from volth/gcc.arch-amd
platform.gcc.arch: support for AMD CPUs
2020-09-01 22:31:16 -04:00
rnhmjoj
bc62423a87
nixos/doc: convert loaOf options refs to attrsOf 2020-09-02 00:42:51 +02:00
rnhmjoj
20d491a317
treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00
Aaron Andersen
c51e7b7874 nixos/beanstalkd: add openFirewall option 2020-09-01 10:07:28 -04:00
Janne Heß
d85f50b71f
nixos/gitlab: Support pages
Fixes #84525
2020-09-01 12:08:36 +02:00
Lassulus
a081e99e41
Merge pull request #83780 from hax404/robustirc-bridge
robustirc-bridge: init at 1.8
2020-08-31 18:14:45 +02:00
Frederik Rietdijk
303e0bca3b
Merge pull request #96610 from romildo/rm.deepin
deepin: remove from nixpkgs
2020-08-31 17:58:11 +02:00
Peter Hoeg
07408cac94 nixos/phpfpm: always restart service on failure 2020-08-31 21:19:54 +08:00
Silvan Mosberger
6716867eb3
Merge pull request #96686 from nixy/add/tor-package-option
tor: Add option to tor service for package
2020-08-30 23:02:37 +02:00
Andrew R. M
168a9c8d38 Add option to tor service for package 2020-08-30 14:35:36 -04:00
José Romildo Malaquias
b768afb2e9 deepin: remove from nixpkgs
The Deepin Desktop Environment (DDE) is not yet fully packaged in
nixpkgs and it has shown a very difficult task to complete, as
discussed in https://github.com/NixOS/nixpkgs/issues/94870. The
conclusion is that it is better to completely remove it.
2020-08-30 15:27:42 -03:00
Georg Haas
9376dd8516
nixos/modules/robustirc-bridge: init 2020-08-30 18:34:22 +02:00
Doron Behar
8cd4d59a32 nixos/samba: remove upstream deprecated syncPasswordsByPam option 2020-08-30 14:29:13 +03:00
Doron Behar
5789ffc509 nixos/syncthing: add ignoreDelete folder option 2020-08-30 10:55:03 +03:00
Matthew Bauer
fc726e3494 Revert "nixos/nix-daemon.nix: assert distributedBuilds and buildMachines!=[]"
This reverts commit 67b6e56391.
This reverts commit 250885d0ca.

Causes issues for some configs, see 67b6e56391
2020-08-29 22:39:24 -05:00
Lassulus
a55bb108fc
Merge pull request #85328 from langston-barrett/lb/restart-dispatcher
nixos/networkmanager: restart dispatcher when nameservers change
2020-08-29 16:24:28 +02:00
Aaron Andersen
af25b37814
Merge pull request #96316 from aanderse/redmine
nixos/redmine: replace extraConfig option with settings option
2020-08-29 09:13:13 -04:00
Aaron Andersen
bcdcd5d9fc
Merge pull request #95880 from aanderse/postgresql-settings
nixos/postgresql: replace extraConfig option with settings option
2020-08-29 09:12:54 -04:00
Robert Hensing
4841b30784
Merge pull request #94804 from hercules-ci/init-nixos-hercules-ci-agent
nixos/hercules-ci-agent: init
2020-08-29 10:20:14 +02:00
Symphorien Gibol
7200fde2d5 nixos/dovecot: configure mailboxes for all processes
Notably fts plugins need them for fts_autoindex_exclude = \SomeFlag
2020-08-28 22:24:04 +02:00
Nick Hackman
626bd1f111 Fix typo in services/editors/emacs documentation
In section `sec-modify-via-packageOverrides`: is -> if
2020-08-27 16:58:52 -04:00
Matthew Bauer
3814422afa
Merge pull request #96218 from matthewbauer/cage-supply-pam-environment
nixos/cage: supply pamEnvironment
2020-08-27 10:15:29 -05:00
Matthew Bauer
fe8d0c2e0b nixos/cage: supply pamEnvironment
Without this, you don’t get any of the sessionVariables in the cage
application. Things like XDG_DATA_DIRS, XCURSOR_PATH, etc. are
missing.
2020-08-27 10:11:45 -05:00
Lassulus
c265ca02ca
Merge pull request #85963 from seqizz/g_physlock_message
physlock: add optional lock message
2020-08-27 10:18:34 +02:00
Aaron Andersen
2a44265608 nixos/postgresql: replace extraConfig option with settings option 2020-08-26 17:06:48 -04:00
Lassulus
e453860b8f
Merge pull request #86236 from ThibautMarty/fix-nullOr-types
treewide: fix modules options types where the default is null
2020-08-26 18:21:29 +02:00
Lassulus
12baef56e4
Merge pull request #96127 from hmenke/shadowsocks
shadowsocks service: support plugins
2020-08-26 16:49:55 +02:00
Aaron Andersen
a7c69047df nixos/redmine: remove database.password option 2020-08-26 07:08:07 -04:00
Aaron Andersen
6cf743e52d nixos/redmine: allow user to override contents of additional_environment.rb 2020-08-26 07:08:07 -04:00
Aaron Andersen
dee97b8b44 nixos/redmine: replace extraConfig option with settings option 2020-08-26 07:08:07 -04:00
Henri Menke
d35cb15153
nixos/shadowsocks: support plugins 2020-08-26 14:01:41 +12:00
Lassulus
e357d0ec8c
Merge pull request #95678 from helsinki-systems/upd/sogo
sogo: 4.3.2 -> 5.0.0
2020-08-26 00:04:36 +02:00
Herwig Hochleitner
49dba2c4ad
Merge pull request #96263 from bendlas/warn-wpa-supplicant-config
nixos: wpa_supplicant: warn on unused config
2020-08-25 23:34:18 +02:00
Anderson Torres
fffabfaefd
Merge pull request #96179 from bbigras/sssd
nixos/sssd: fix the module
2020-08-25 16:59:11 -03:00
Jonathan Ringer
7e07d142e7 nixos/octoprint: improve example 2020-08-25 09:13:13 -07:00
Augustin Borsu
19a7012769 jupyterhub: fix authenticator configuration
authentication_class  is invalid, it should be authenticator_class cfr [project doc|https://tljh.jupyter.org/en/latest/topic/authenticator-configuration.html]
2020-08-25 13:50:18 +02:00
Herwig Hochleitner
8e3da733b1 nixos: wpa_supplicant: warn on unused config 2020-08-25 12:29:58 +02:00
Sebastien Bariteau
db2de55cbe
nixos/espanso: init module (#93483)
nixos/espanso: init module
2020-08-24 20:37:33 -04:00
Bruno Bigras
5d36e00b7d nixos/sssd: fix the module
'system.nssModules' was not set correctly

fix #91242
2020-08-24 10:10:47 -04:00
Robert Hensing
346a1b0ec6 nixos/hercules-ci-agent: init 2020-08-23 20:13:15 +02:00
Lassulus
bfd706923e
Merge pull request #87700 from serokell/mkaito/upstream/prometheus-port
prometheus: Split options listenAddress and port
2020-08-23 09:29:01 +02:00
Lassulus
4165f9869e
Merge pull request #91586 from manveru/amazon-ssm-agent-2.3.1319.0
ssm-agent: 2.0.633.0 -> 2.3.1319.0
2020-08-23 08:48:16 +02:00
Justin Humm
6a7b11055c
Merge pull request #93532 from erictapen/gollum-h1-title
nixos/gollum: introduce --h1-title option
2020-08-22 22:45:43 +02:00
Lassulus
2fb9ee9caa
Merge pull request #87553 from JoeDupuis/enhancing-monit-module
nixos/monit: Allow splitting the config in multiple files
2020-08-22 19:21:55 +02:00
Silvan Mosberger
af1ac757ff
Merge pull request #95986 from turboMaCk/imwheel-service
nixos/services.imwheel: sleep 3s before restarting
2020-08-22 16:51:48 +02:00
Silvan Mosberger
f8e6745ad3
Merge pull request #82817 from pacien/smartd-fix-hostname-notifications
smartmontools: fix missing hostname in notifications
2020-08-22 16:09:14 +02:00
Marek Fajkus
dcaa2d2c74
nixos/services.imwheel: sleep 3s before restarting 2020-08-22 14:52:18 +02:00
Lassulus
d8e671676d
Merge pull request #89785 from buckley310/logstash
logstash: fix support for multiple plugin paths
2020-08-22 14:07:20 +02:00
Atemu
eb4e67505f undervolt: expose power limits as Nixopts
We no longer escape the flags because the power limit flags want two arguments
If we escaped them, we'd only get one argument with an escaped space in it.

Undervolt's flags don't have anything in them that would need to be escaped, so
that shouldn't break anything
2020-08-22 12:27:13 +02:00
Lassulus
82b424453b
Merge pull request #86632 from Atemu/undervolt-timer-optional
Undervolt: Make timer optional
2020-08-22 11:48:30 +02:00
Atemu
ed83bac1d9 undervolt: make timer opt-in
It should no longer be needed but is worth keeping around in case it is
2020-08-22 10:42:20 +02:00
Atemu
e6f0a1e7eb undervolt: apply undervolt on boot and resume
The undervolt did not persist reboots or sleep/hibernation. With this
change you should no longer have to apply the undervolt on a timer
2020-08-22 10:42:19 +02:00
Silvan Mosberger
1b8a94db67
nixos/logrotate: Fix option reference
Fixes the manual build
2020-08-22 01:38:38 +02:00
Aaron Andersen
4df837063f
Merge pull request #95809 from aanderse/logrotate
nixos/logrotate: switch `paths` option type from listOf to attrsOf
2020-08-21 17:31:52 -04:00
Aaron Andersen
91db1c8aec
Merge pull request #87712 from aanderse/zabbix
zabbix: 4.4.8 -> 5.0.2
2020-08-21 17:11:55 -04:00
Aaron Andersen
06d17caf92 nixos/httpd: configure log rotation 2020-08-21 17:04:07 -04:00
Aaron Andersen
00f08005af nixos/logrotate: switch paths option type from listOf to attrsOf 2020-08-21 17:04:04 -04:00
Silvan Mosberger
bf777413f9
Merge pull request #95722 from Infinisil/dovecot-mailboxes-improved
nixos/dovecot: Improve mailboxes type
2020-08-21 22:40:50 +02:00
Jörg Thalheim
6f4141507b
meguca: remove (#95920) 2020-08-21 13:00:40 -07:00
Jörg Thalheim
b6e2e4c777
Merge pull request #93425 from helsinki-systems/feat/gitlab-shell-config 2020-08-21 19:20:42 +01:00
Janne Heß
ae1dada42f
nixos/gitlab: Support incoming mail
When incoming mails are enabled, an extra service is needed.
Closes #36125.
2020-08-21 18:56:20 +02:00
Lassulus
ebf11e405d
Merge pull request #95122 from rudolph9/nixos/xmonad
nixos/xmonad: Fix behavior of config opt
2020-08-21 08:51:42 +02:00
adisbladis
7d6e7b3cd3
Merge pull request #95878 from adisbladis/emacs-26
emacs: Fix emacs26 attribute(s)
2020-08-21 01:26:44 +02:00
Aaron Andersen
b87b6abd17
Merge pull request #95294 from aanderse/postgresql-rootless
nixos/postgresql: run ExecStartPost as an unprivileged user
2020-08-20 19:16:23 -04:00
adisbladis
d1fdc67c53
nixos/editors: Remove any explicit mention of Emacs 25 2020-08-21 00:34:15 +02:00
Aaron Andersen
fd250d57bb
Merge pull request #79123 from aanderse/apachectl
nixos/httpd: remove impurity from /etc
2020-08-19 20:56:51 -04:00
Anderson Torres
e7139f46cd
Merge pull request #93654 from Church-/jellyfin_10.6.0
jellyfin 10.5.5 -> 10.6.0
2020-08-19 10:21:16 -03:00
Aaron Andersen
f6a3403055 nixos/zabbix: use proper character set and collation for mysql database 2020-08-18 10:30:27 -04:00
Silvan Mosberger
fc121e2813
nixos/dovecot: Improve mailboxes type
The previous use of types.either disallowed assigning a list at one
point and an attrset an another.
2020-08-18 14:25:51 +02:00
Frederik Rietdijk
fe7bab33d7
Merge pull request #95553 from zowoq/rename-maintainers
maintainers: prefix number with underscore
2020-08-18 11:30:24 +02:00
Silvan Mosberger
7db9fd1dbc
Merge pull request #81467 from dawidsowa/rss-bridge
rss-bridge: init at 2020-02-26
2020-08-18 05:00:41 +02:00
zowoq
0052523a18 maintainers: 1000101 -> _1000101 2020-08-18 07:59:48 +10:00
zowoq
7d9c49f8e6 maintainers: 0x4A6F -> _0x4A6F 2020-08-18 07:59:44 +10:00
Jörg Thalheim
8b18e07c40
Merge pull request #95522 from doronbehar/fix/transmission
nixos/transmission: handle watch-dir
2020-08-17 19:54:48 +01:00
Jörg Thalheim
914d37cbc9
Merge pull request #95686 from ju1m/transmission-fix
transmission: fix BindReadOnlyPaths=
2020-08-17 19:52:27 +01:00
Julien Moutinho
f6c3d4f723 transmission: fix BindReadOnlyPaths= 2020-08-17 14:09:12 +02:00
Martin Weinelt
a153452e54
Merge pull request #95508 from Ma27/nextcloud-nginx
nixos/nextcloud: update nginx config
2020-08-17 13:46:47 +02:00
ajs124
696357c376 sogo: remove SOGoZipPath
sogo links against libzip now
2020-08-17 12:15:16 +02:00
pacien
ea37c9caa1 smartmontools: use standard subject in notification emails
This makes the notification script use the subject generated by smartmontools
itself both for consistency with other distros and to include the hostname.
2020-08-16 20:48:42 +02:00
pacien
f1922cdbdc smartmontools: fix missing hostname in notifications
This properly registers some missing dependencies of smartd_warning.sh.
2020-08-16 20:48:03 +02:00
Florian Klink
bda86eee87
Merge pull request #95222 from eadwu/kresd/runtime-fixes
kresd: runtime fixes
2020-08-16 18:44:27 +02:00
Florian Klink
16fc531784
Merge pull request #95505 from flokli/remove-mathics
mathics: remove package, module and test
2020-08-16 18:42:10 +02:00
Edmund Wu
68366adf3c
nixos/kresd: ensure /run/knot-resolver exists 2020-08-16 12:20:10 -04:00
Edmund Wu
6c67af2fac
nixos/kresd: ensure /var/lib/knot-resolver exists 2020-08-16 12:20:03 -04:00
Edmund Wu
1a6240bde4
nixos/kresd: fix CacheDirectory permissions as per tmpfiles 2020-08-16 12:18:32 -04:00
Edmund Wu
ed89d043dc
nixos/kresd: remove derivation from systemd.tmpfiles
Using per-unit directives as per https://github.com/NixOS/nixpkgs/pull/95222#issuecomment-674512571
2020-08-16 12:17:14 -04:00
Maximilian Bosch
e8bdadb864
Merge pull request #95109 from Ma27/nextcloud-reverse-proxy
nixos/nextcloud: add documentation for alternative reverse-proxies
2020-08-16 18:09:45 +02:00
Noah Hendrickson
ce9f0c42f9 nixos/jellyfin: added a package option to the options section, defaults to using the default jellyfin package if nixos version is 20.09 or greater, otherwise will default to using the new jellyfin_10_5 derivation for older systems. 2020-08-16 11:41:41 -04:00
Doron Behar
ccee8dc09f nixos/mpd: Allow to configure a credentialsFile
Allow to specify a password file to be located outside the store, and be
read in `ExecStartPre`.
2020-08-16 18:03:47 +03:00
Florian Klink
b2f3bbd3fb
Merge pull request #95507 from flokli/remove-mesos
mesos: remove package, module and test (and chronos/marathon which depends on it)
2020-08-16 14:46:24 +02:00
Jörg Thalheim
aeffd67cec
Merge pull request #95493 from Izorkin/nginx-unit 2020-08-16 13:20:31 +01:00
paumr
d420369354 nixos/emacs: formatted with nixpkgs-fmt 2020-08-16 10:22:56 +00:00
Doron Behar
22abe3202f nixos/transmission: handle watch-dir as incomplete-dir
`watch-dir` was neglected after #92106 - this change makes using this
setting work.
2020-08-16 12:43:02 +03:00
Aaron Andersen
8e045b42fd nixos/postgresql: move ExecStartPost into postStart 2020-08-15 16:59:53 -04:00
Aaron Andersen
ec82ae3c39 nixos/postgresql: run ExecStartPost as an unprivileged user 2020-08-15 16:59:49 -04:00
Florian Klink
01684d6e9b nixos/mathics: remove module 2020-08-15 20:16:13 +02:00
Florian Klink
b7be00ad5e
Merge pull request #93358 from helsinki-systems/fix/gitlab-customrb
nixos/gitlab: Fix extra-gitlab.rb
2020-08-15 20:13:28 +02:00
Maximilian Bosch
42f6244899
nixos/nextcloud: update nginx config
This patch ensures that latest Nextcloud works flawlessly again on our
`nginx`. The new config is mostly based on upstream recommendations
(again)[1]:

* Trying to access internals now results in a 404.
* All `.php`-routes get properly resolved now.
* Removed 404/403 handling from `nginx` as the app itself takes care of
  this. Also, this breaks the `/ocs`-API.
* `.woff2?`-files expire later than other assets like images.

Closes #95293

[1] https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
2020-08-15 17:12:11 +02:00
Florian Klink
645ea787c9 nixos/marathon: remove module
The corresponding package failed to build for >9 months.
2020-08-15 16:59:58 +02:00
Florian Klink
a90b929020 nixos/chronos: remove module
The chronos package has been broken for > 9 months due to the breakage
of the mesos package.
2020-08-15 16:59:38 +02:00
Florian Klink
34d91a8cba nixos/mesos*: remove
The mesos package has been broken for >9 months.
2020-08-15 16:59:37 +02:00
Izorkin
26898b8518 nixos/unit: update sandboxing options 2020-08-15 11:21:09 +03:00
Martin Weinelt
f1efdd2c0b
Merge pull request #89444 from mweinelt/pinnwand-module
nixos/pinnwand: init; steck: init at 0.5.0; nixos/tests/pinnwand: init
2020-08-14 22:09:33 +02:00
Aaron Andersen
f1f4cc6e1b
Merge pull request #95231 from aanderse/mysql-cleanup
nixos/mysql: run postStart as an unprivileged user
2020-08-13 21:38:44 -04:00
Aaron Andersen
f08049e712 nixos/mysql: move ExecStartPost into postStart 2020-08-13 17:03:22 -04:00
dawidsowa
9aaf34bdb8 nixos/rss-bridge: init 2020-08-13 19:51:30 +02:00
Florian Klink
962e15aebc nixos: remove StandardOutput=syslog, StandardError=syslog lines
Since systemd 243, docs were already steering users towards using
`journal`:

eedaf7f322

systemd 246 will go one step further, it shows warnings for these units
during bootup, and will [automatically convert these occurences to
`journal`](f3dc6af20f):

> [    6.955976] systemd[1]: /nix/store/hwyfgbwg804vmr92fxc1vkmqfq2k9s17-unit-display-manager.service/display-manager.service:27: Standard output type syslog is obsolete, automatically updating to journal. Please update│······················
 your unit file, and consider removing the setting altogether.

So there's no point of keeping `syslog` here, and it's probably a better
idea to just not set it, due to:

> This setting defaults to the value set with DefaultStandardOutput= in
> systemd-system.conf(5), which defaults to journal.
2020-08-13 18:49:15 +02:00
Jörg Thalheim
0f2ee10cbf
Merge pull request #94270 from jerith666/postfix-dane
postfix: add useDane config option
2020-08-13 06:53:53 +01:00
Matt McHenry
a45f1453eb postfix: add useDane config option 2020-08-12 21:18:36 -04:00
Matthew Bauer
6fffd50623
Merge pull request #95220 from obsidiansystems/ipfs-quic-socket-activated
nixos/ipfs: Allow QUIC connections to socket activate too
2020-08-12 13:47:29 -05:00
Justin Humm
90ed2c01f0
Merge pull request #95266 from Lassulus/gollum-text
nixos/gollum: replace toFile with writeText
2020-08-12 19:28:41 +02:00
lassulus
957da625c5 nixos/gollum: replace toFile with writeText 2020-08-12 19:16:05 +02:00
Florian Klink
22e8ada3b3
Merge pull request #95264 from flokli/nginx-config-reload
nixos/nginx: move configuration testing script into reload command
2020-08-12 18:47:02 +02:00
Maximilian Bosch
fddeb7cb73
Revert "nextcloud: use mkDefault for whole nginx config"
This breaks the Nextcloud vhost declaration when adding e.g. another
vhost as the `services.nginx.virtualHosts` option has `{ nextcloud =
...; }` as *default* value which will be replaced by another
`virtualHosts`-declaration with a higher (e.g. the default) priority.

The following cases are now supported & covered by the module:

* `nginx` is enabled with `nextcloud` enabled and other vhosts can be
  added / other options can be declared without having to care
  about the declaration's priority.

* Settings in the `nextcloud`-vhost in `nginx` have to be altered using
  `mkForce` as this is the only way how we officially support `nginx`
  for `nextcloud` and customizations have to be done explicitly using
  `mkForce`.

* `nginx` will be completely omitted if a user enables nextcloud
  and disables nginx using `services.nginx.enable = false;`. (because
  nginx will be enabled by this module using `mkDefault`).

This reverts commit 128dbb31cc.
Closes #95259
2020-08-12 18:28:45 +02:00
Florian Klink
300049ca51 nixos/nginx: move configuration testing script into reload command
nginx -t not only verifies configuration, but also creates (and chowns)
files. When the `nginx-config-reload` service is used, this can cause
directories to be chowned to `root`, causing nginx to fail.

This moves the nginx -t command into a second ExecReload command, which
runs as nginx's user. While fixing above issue, this will also cause the
configuration to be verified when running `systemctl reload nginx`, not
only when restarting the dummy `nginx-config-reload` unit. The latter is
mostly a workaround for missing features in our activation script
anyways.
2020-08-12 18:13:29 +02:00
Jörg Thalheim
dc255dcac0
Merge pull request #94291 from Izorkin/gitea 2020-08-12 12:23:05 +01:00
Aaron Andersen
e3c210dfd1 nixos/mysql: run ExecStartPost as an unprivileged user 2020-08-12 07:21:27 -04:00
Aaron Andersen
31098a03a2 nixos/mysql: cleanup some descriptions 2020-08-12 07:11:00 -04:00
Aaron Andersen
ff9921f0fd nixos/mysql: loosen mariadb check 2020-08-12 07:10:59 -04:00
Aaron Andersen
3792fef4ec nixos/mysql: add group option 2020-08-12 07:10:56 -04:00
Aaron Andersen
9b56677634 nixos/mysql: remove variable with confusing name 2020-08-11 21:09:41 -04:00
John Ericson
e6fe9abd8b nixos/ipfs: Allow QUIC connections to socket activate too
Well, via the underlying UDP. QUIC-level socket activation we'll get
someday.
2020-08-11 22:08:19 +00:00
Florian Klink
921da91c8a
Merge pull request #93702 from tnias/usbguard20200723
nixos/usbguard: rework
2020-08-11 12:14:32 +02:00
Silvan Mosberger
f21c42143b
Merge pull request #48740 from midchildan/add-mirakurun
mirakurun: init at 3.3.0
2020-08-11 06:55:56 +02:00
midchildan
3c951a6e93
video/mirakurun: add module 2020-08-11 13:52:17 +09:00
Kurt Robert Rudolph
c54beb953d nixos/xmonad: Fix behavior of config opt
Prior to this change, the `config` option (which allows you define the
haskell configuration for xmonad in your configuration.nix instead of
needing something in the home directory) prevents desktop manager
resources from starting. This can be demonstrated by configuring the
following:

```
  services.xserver = {
    displayManager.defaultSession = "xfce+xmonad";
    displayManager.lightdm.enable = true;

    desktopManager.xterm.enable = false;
    desktopManager.xfce.enable = true;
    desktopManager.xfce.enableXfwm = false;
    desktopManager.xfce.noDesktop = true;

    windowManager.xmonad = {
      enable = true;
      enableContribAndExtras = true;
      extraPackages = haskellPackages: [
        haskellPackages.xmonad-contrib
        haskellPackages.xmonad-extras
        haskellPackages.xmonad
      ];
      config = ''
        import XMonad
        import XMonad.Config.Xfce
        main = xmonad xfceConfig
               { terminal = "terminator"
               , modMask = mod4Mask }
      '';
    };
  };
```

and after user log in, search for xfce processes `ps aux | grep xfce`.
You will not find xfce processes running until after the xmonad process is killed.

The bug prevents utilities included with the desktopManager,
(e.g. powerManagement, session logout, etc.)
from working as expected.
2020-08-10 19:17:54 -07:00
Maximilian Bosch
dd957c2cb7
nixos/nextcloud: add documentation for alternative reverse-proxies
Follow-up for #93584[1]. This change adds a simple example how to use
`Nextcloud` with `httpd`.

[1] https://github.com/NixOS/nixpkgs/pull/93584#discussion_r465233063
2020-08-10 22:09:01 +02:00
Chris Ostrouchov
2147589c7a pythonPackages.systemdspawner: init at 0.14 2020-08-10 10:03:43 -07:00
Chris Ostrouchov
228f08035d nixos/jupyterhub: init service 2020-08-10 10:03:43 -07:00
Matt Layher
15e5ad6c7c nixos/corerad: use SIGHUP to restart the service
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-08-09 16:15:49 -07:00
Stefan Frijters
5141082267 nixos/urserver: init 2020-08-09 12:33:37 -07:00
Izorkin
2f6a18af5a nixos/netadata: enable simple sandboxing 2020-08-09 10:19:30 +03:00
Martin Weinelt
8774b9090d
nixos/pinnwand: init 2020-08-09 01:52:22 +02:00
Philipp Bartsch
ffd18cc1b1 nixos/usbguard: rework
Use StateDirectory to create necessary directories and hardcode some
paths. Also drop file based audit logs, they can be found in the
journal. And add module option deprecation messages.
2020-08-08 23:26:07 +02:00
Luflosi
4d9dec0aba
nixos/ipfs: add QUIC transport to swarmAddress list
According to https://github.com/ipfs/go-ipfs/blob/master/docs/config.md#addressesswarm, the default list of swarm multiaddrs now includes the QUIC transport.
2020-08-08 23:08:56 +02:00
Jörg Thalheim
08ba31a660
Merge pull request #94907 from zowoq/ecc-nixos
nixos/*: editorconfig fixes
2020-08-08 20:35:29 +01:00
Peter Hoeg
4767015ec8
Merge pull request #84073 from pnelson/nextdns-1.4.36
nextdns: init at 1.7.0
2020-08-08 14:29:12 +08:00
zowoq
8fb410c0ad nixos/*: editorconfig fixes 2020-08-08 10:54:16 +10:00
Jörg Thalheim
ba930d8679
nixos/modules: remove trailing whitespace
This leads to ci failure otherwise if the file gets changed.
git-blame can ignore whitespace changes.
2020-08-07 14:45:39 +01:00
Jörg Thalheim
e879d83e38
Merge pull request #92106 from ju1m/transmission 2020-08-07 14:40:17 +01:00
Florian Klink
38724d8e8e
Merge pull request #94837 from aanderse/gitlab
nixos/gitlab: fix module after #94454
2020-08-07 09:05:35 +02:00
Aaron Andersen
69eb22e4cd nixos/gitlab: fix module after #94454 2020-08-06 22:37:48 -04:00
Julien Moutinho
2a49db6a89 transmission: apply RFC0042 and harden the service 2020-08-07 04:28:11 +02:00
aszlig
1365b9ac70
nixos/manual: Fix build
In fd9eb16b24, the option
"services.nextcloud.nginx.enable" has been removed since the module now
exclusively supports nginx only.

Unfortunately, with the option gone from the manual, the link in the
Nextcloud-specific documentation referencing the NixOS option also
became a dead link and thus the manual will no longer build.

I also removed a second reference to this option in the Nextcloud-
specific documentation, which while it doesn't lead to a build error in
the manual is nevertheless a good idea to remove as well to ensure we
don't present outdated information to readers of the manual.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @DavHau, @Ma27
2020-08-07 03:27:42 +02:00
Pascal Bach
cee4e14bdf nixos/postgresql: fix setup script
The missing () caused parts of the escripts to be added to the
ExecStartPost line instead of inside the script.

This caused postgresql start to fail under certain conditions.
2020-08-06 19:47:17 +02:00
Maximilian Bosch
50d8cdb3ca
Merge pull request #93584 from DavHau/nextcloud-improvements
nextcloud: restrict web server support to nginx; stop sharing nginx user/group; improve setup service
2020-08-06 19:00:21 +02:00
Florian Klink
056bb77adb
Merge pull request #94454 from aanderse/postgresql-cleanup
nixos/postgresql: fix several issues
2020-08-06 11:12:31 +02:00
Jonathan Ringer
8d57f75f7a nixos/smartd: fix description for docbook 2020-08-06 10:06:59 +10:00
Aaron Andersen
f42f8a6d3c nixos/postgresql: replace deprecated usage of PermissionsStartOnly 2020-08-05 17:31:16 -04:00
Aaron Andersen
e50e89e1a8 nixos/postgresql: conditionally provision data directory with StateDirectory 2020-08-05 17:31:16 -04:00
Aaron Andersen
4f5fc729c7 nixos/postgresql: use a standard default value for dataDir 2020-08-05 17:31:12 -04:00
tmplt
f9f48250fe nixos/smartd: add option for notifiction email sender 2020-08-05 14:26:48 -07:00
volth
5c384e1268
nix-daemon: platform.gcc.arch is not x86 specific 2020-08-05 17:03:45 +00:00
volth
707e43b961
nix-daemon: platform.gcc.arch is not x86 specific 2020-08-05 17:02:30 +00:00
Aaron Andersen
4e3b009778
Merge pull request #94624 from dadada/dadada/dokuwiki-acl-path
nixos/dokuwiki: fix path to ACL
2020-08-05 07:28:12 -04:00
volth
cf7b63df5b gcc.arch: refactor, move tables under lib/ 2020-08-05 11:18:26 +00:00
Marek Mahut
0bc37f7cb4
Merge pull request #94609 from 1000101/dokuwiki
nixos/dokuwiki: drop SSL forcing and document incompatibility
2020-08-05 11:54:42 +02:00
Marek Mahut
6cf131d54e
Merge pull request #94340 from 1000101/maintainer
nixos/modules: add myself as maintainer of several services
2020-08-05 11:54:29 +02:00
Izorkin
31ce2636a4 nixos/gitea: add lfs options 2020-08-05 11:19:33 +03:00
Izorkin
6c258a7c21 nixos/gitea: add ssh options 2020-08-05 11:19:32 +03:00
Izorkin
dfd32f11f3 nixos/gitea: update sandboxing options 2020-08-05 11:19:32 +03:00
Izorkin
6a0fd33b4c nixos/gitea: add support socket connection 2020-08-05 11:19:32 +03:00
Izorkin
1a0e633c60 nixos/gitea: enable pid file 2020-08-05 11:19:32 +03:00
Izorkin
4e68da6337 nixos/gitea: add 'backupDir' option 2020-08-05 11:19:32 +03:00
Izorkin
f77e28d83d nixos/gitea: enable data access only for 'gitea' group 2020-08-05 11:19:32 +03:00
DavHau
128dbb31cc nextcloud: use mkDefault for whole nginx config 2020-08-05 11:50:26 +07:00
Ryan Mulligan
c4814c03b7 treewide: add Jitsi maintainers
* makes jitsi maintainer team
2020-08-04 13:07:36 -07:00
Aaron Andersen
620e154921
Merge pull request #94043 from aanderse/zabbix-settings
nixos/zabbix*: replace extraConfig option with settings option
2020-08-04 12:49:43 -04:00
Jörg Thalheim
1476c6f349
Merge pull request #91146 from tmplt/doc-zfs-replicate
nixos/zfs-replication: document expected lz4 on host system
2020-08-04 08:46:06 +01:00
dadada
938bd67988
nixos/dokuwiki: fix path to ACL 2020-08-03 23:40:41 +02:00
Ryan Mulligan
4162c69b3c
Merge pull request #92468 from petabyteboy/jitsi-meet
nixos/jitsi-meet: init
2020-08-03 12:43:37 -07:00
1000101
850b3ea028 nixos/dokuwiki: drop SSL forcing 2020-08-03 16:10:05 +02:00
Aaron Andersen
34298f0673
Merge pull request #94551 from StijnDW/dokuwiki
nixos/dokuwiki: fix https redirect
2020-08-03 08:17:37 -04:00
DavHau
ca916e8cb3 nextcloud: deprecate nginx, use chgrp, mkDefault for nginx, fix tests 2020-08-03 14:21:45 +07:00
Martin Weinelt
cc4f533a9a
nixos/snapserver: update module to work with snapcast 0.20 2020-08-02 16:58:07 +02:00
Stijn DW
f7b6bfd113 nixos/dokuwiki: fix https redirect
Even if the webserver had https disabled, the user would still get redirected to an https url when attemting to login.
2020-08-02 16:08:40 +02:00
xeji
89e0d97d7e
Merge pull request #93538 from erictapen/tinc-rsa-key-file
nixos/tinc: allow configuration of RSA private key file
2020-08-01 23:32:26 +02:00
Jörg Thalheim
633958732d
Merge pull request #94064 from Mic92/tlp
tlp: use structured config to fix cpu governor
2020-08-01 10:23:44 +01:00
1000101
b5d21137f3 nixos/modules: add myself as maintainer of several services 2020-07-31 15:53:46 +02:00
Matthew Bauer
67b6e56391 nixos/nix-daemon.nix: fix nix.distributedBuilds assertion 2020-07-30 21:38:24 -05:00
Matthew Bauer
ed1423b03c
Merge pull request #92415 from matthewbauer/nix-daemon-distributed-builds
Add assertion on distributedBuilds & buildMachines != []
2020-07-30 19:56:23 -05:00
Matthew Bauer
250885d0ca nixos/nix-daemon.nix: assert distributedBuilds and buildMachines!=[]
Without distributedBuilds, you can’t use buildMachines flag.

Fixes #56593
2020-07-30 19:55:12 -05:00
Milan
e49fb87b05
nixos/gitlab-runner: add clone-url option (#93894) 2020-07-30 10:24:33 +02:00
Milan Pässler
2d819e968e nixos/mautrix-telegram: fix base-config path 2020-07-29 16:34:30 +02:00
Peter Hoeg
e3d45be66f
Merge pull request #93699 from NixOS/f/do
nixos/do-agent: use .service from upstream
2020-07-29 09:13:56 +08:00
Aaron Andersen
7415ba0be8 nixos/zabbixProxy: replace extraConfig option with settings option 2020-07-28 08:11:33 -04:00
Jörg Thalheim
4d0077addd
tlp: use structured config to fix cpu governor
Previously this module just disabled them.
Now tlp merges system defaults in
2020-07-28 09:41:18 +01:00
worldofpeace
654b66e0e4
Merge pull request #93963 from seqizz/g_typo_environment
treewide: fix typo on word environment
2020-07-28 02:18:28 -04:00
Gürkan Gür
eb627de968 treewide: fix typo on word environment 2020-07-28 08:00:38 +02:00
Aaron Andersen
b58e0905d0 nixos/zabbixAgent: replace extraConfig option with settings option 2020-07-27 22:09:25 -04:00
Aaron Andersen
3aa68faa78 nixos/zabbixServer: replace extraConfig option with settings option 2020-07-27 22:09:20 -04:00
DavHau
b90a70d53f
nextcloud: shorten nginx group reference
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
2020-07-27 20:20:13 +07:00
Marek Mahut
b415ebae97
Merge pull request #93700 from 1000101/bitcoind
nixos/bitcoind: change to multi-instance + add tests
2020-07-27 12:55:29 +02:00
1000101
95440f040e nixos/bitcoind: minor refactoring 2020-07-27 10:40:06 +02:00
DavHau
5823ed7841 nextcloud: fix group permissions on startup 2020-07-27 12:41:42 +07:00
DavHau
fd9eb16b24 nextcloud: restrict web server support to nginx only 2020-07-27 12:06:04 +07:00
Silvan Mosberger
ff5bdca1ed
Merge pull request #93813 from bobismijnnaam/update-wpa-supplicant-config
Ensure wpa_supplicant.conf is written when userControlled and extraConfig are used
2020-07-26 16:43:56 +02:00
Jan Tojnar
a86f4110a7
Merge pull request #93771 from jtojnar/flatpak-1.8 2020-07-26 13:56:16 +02:00
Jan Tojnar
5d3f240ebd
Merge pull request #93712 from jtojnar/malcontent-0.8
malcontent: 0.7.0 → 0.8.0
2020-07-26 13:55:02 +02:00
DavHau
6ee3004132 nextcloud improve user/group handling
- remove optons cfg.user, cfg.groups
- add option `serverUser` which is required when not using nginx
- add `serverUser` to nextcloud group
- set user/group to "nextcloud" for nextcloud services
- make setup-service non-root
2020-07-26 15:54:23 +07:00
Florian Klink
ebfae82674 nixos/yubikey-agent: add missing mkIf
This accidentially added pkgs.yubikey-agent to
environment.systemPackages unconditionally.
2020-07-26 09:34:24 +02:00
Emery Hemingway
d800d1e884 fixup! nixos/yggdrasil: add manual section 2020-07-25 16:34:20 +02:00
Emery Hemingway
764a9252a3 nixos/yggdrasil: add manual section 2020-07-25 16:34:20 +02:00
Emery Hemingway
a8780387ba nixos/dhcpd: make authoritative mode optional
There are circumstances where running secondary DHCP servers in
non-authoritative mode is advantageous. Retain the previous
authoritative behavior as a default.
2020-07-25 16:33:04 +02:00
Bob Rubbens
71ea6a9a41 nixos/wpa_supplicant: update config generation
Ensure wpa_supplicant.conf is also generated when userControlled and
extraConfig are used. (As discussed in issue #59959)
2020-07-25 14:24:57 +02:00
Léo Gaspard
0c075ce453
Merge pull request #93715 from lovesegfault/roon-server-revamp
roon-server: revamp
2020-07-24 20:11:01 +02:00
Jan Tojnar
98710d2552
flatpak: 1.6.3 → 1.8.1
Changes:
* https://github.com/flatpak/flatpak/releases/tag/1.7.1
* https://github.com/flatpak/flatpak/releases/tag/1.7.2
* https://github.com/flatpak/flatpak/releases/tag/1.7.3
* https://github.com/flatpak/flatpak/releases/tag/1.8.0
* https://github.com/flatpak/flatpak/releases/tag/1.8.1

Commits:
https://github.com/flatpak/flatpak/compare/1.6.3...1.7.1
https://github.com/flatpak/flatpak/compare/1.7.1...1.8.1

Notable packaging changes:
* Flatpak now ships a sysusers.d file for allowing systemd to create the required users.
  4df019063b
* Completion support for fish shell
* If an app has filesystem access, the host /lib is accessible as /run/host/lib, etc.
* New filesystem permission "host-etc" and "host-os" give access to system /usr and /etc.
  fe2536b844
* We now always expose the host timezone data, allowing us the expose the host /etc/localtime in a way that works better, fixing several apps that had timezone issues.
  dc4e198766
* We now ship a systemd unit (not installed by default) to automatically detect plugged in usb sticks with sideload repos.
* By default we no longer install the gdm env.d file, as the systemd generators work better
  7c3a85bf43
* Use variant-schema-compiler for some GVariant code
  https://github.com/flatpak/flatpak/pull/3366
* zstd compression for oci deltas:
  bfa71e208a

Additionally:
* Remove glibcLocales which is not used since 1.4 bump because glibc contains a locale archive with C.UTF-8
  1728bc8d22
* Stop using aliases for docbook-xsl-nons and pkg-config packages
* Stop using autoreconfHook, the autogen.sh script contains some extra that are necessary when building from git.
* Increase disk space for installed tests, they were running out.
* Enable building developer documentation.
2020-07-24 19:38:51 +02:00
Emery Hemingway
76d60b0fcd nixos/molly-brown: init 2020-07-24 11:04:33 +02:00
Kirill Elagin
e1d80de838 prometheus: Add assert for legacy listenAddress 2020-07-23 18:16:13 -04:00
Kirill Elagin
5d2a465add prometheus: Use types.port for port 2020-07-23 18:15:57 -04:00
Jan Tojnar
097117cf72
malcontent: 0.7.0 → 0.8.0
* Update: https://gitlab.freedesktop.org/pwithnall/malcontent/-/releases/0.8.0
    * Fix the separation patch.
    * Add `itstool` to ui (needed for building localized help).
* Use `pkg-config` instead of the `pkgconfig` alias.
* Fix some issues related to multiple outputs:
    * Make the module pass specific output to `dbus.packages` since the `dbus` NixOS module will not generate configuration with correct interface paths otherwise.
    * Change `malcontent-ui` package to primarily-a-program type derivation (`out`+`lib` instead of `bin`+`out`) since there are more and more `malcontent-control`-specific assets.
        * This also fixes the issue where application data (desktop files, icons…) were installed to `out`, which is not installed by `environment.systemPackages`/`system-path.nix`’s `buildEnv` by default when `bin` output is also present.
    * Make `malcontent` package install `out` output too so that `system-path.nix` links that too. It contains the AccountsService & Polkit data files.
    * Split the library and PAM module out of `malcontent.out` so that they are not installed with the data files.
        * This revealed a bug in the `gobject-introspection` setup hook.
2020-07-23 21:59:23 +02:00
Bernardo Meurer
0aadd405a3
services.roon-server: fix binary path 2020-07-23 11:38:13 -07:00
Florian Klink
8f7a623af6
Merge pull request #92936 from philandstuff/add-yubikey-agent
yubikey-agent: init at 0.1.3
2020-07-23 17:52:30 +02:00
Peter Hoeg
e0589ec65b nixos/do-agent: use .service from upstream 2020-07-23 19:30:01 +08:00
1000101
c6017d9895 nixos/bitcoind: change to multi-instance 2020-07-23 12:05:40 +02:00
Florian Klink
80c2d2e2af
Merge pull request #93423 from helsinki-systems/feat/gitlab-redis-url
nixos/gitlab: Make redis URL configurable
2020-07-22 19:05:28 +02:00
DavHau
07076e9fe0 nextcloud: configurable user and group, enabled nginx, improve setup 2020-07-21 08:23:45 +00:00
Lassulus
72f66e7e42
Merge pull request #72320 from sweber83/sw-zigbee2mqtt
zigbee2mqtt package & module
2020-07-21 05:23:43 +02:00
Florian Klink
fec45bdfbc
Merge pull request #93355 from Izorkin/nginx-unit
nixos/unit: add 'tmp' directory
2020-07-21 00:17:54 +02:00
Florian Klink
f67288925a
Merge pull request #93422 from helsinki-systems/fix/gitlab-sidekiq-warn
nixos/gitlab: Drop sidekiq PID file
2020-07-21 00:11:24 +02:00
Florian Klink
f14799c8e7
Merge pull request #93073 from helsinki-systems/tmpfiles-packages
nixos/systemd: Implement a packages option for tmpfiles
2020-07-20 23:56:41 +02:00
Simon Weber
1af8759693 nixos/zigbee2mqtt: init 2020-07-20 21:48:14 +02:00
Justin Humm
1192255677
nixos/tinc: allow configuration of RSA key file
This is necessary for VPNs where some of the nodes run pre-1.1 versions.

Most of Linux distros [0] and even the nixpkgs.tinc attribute run on that
version, so it might be useful to have that option.

[0] https://repology.org/project/tinc/versions
2020-07-20 21:39:22 +02:00
Justin Humm
d6f6424ac8
nixos/gollum: introduce --h1-title option 2020-07-20 16:15:18 +02:00
Daniël de Kok
d0c12dc612
Merge pull request #85689 from danieldk/resilio-module-fix
nixos/resilio: fix directoryRoot configuration
2020-07-20 11:31:36 +02:00
Daniël de Kok
b9e0992e87 nixos/resilio: fix directoryRoot configuration
The resilio module places the directoryRoot configuration in the webui
section. However, the generated configuration fails on the current
version of Resilio Sync with:

Invalid key context: 'directory_root' must be in global config section

This change places this key in the global configuration section to
solve this error.
2020-07-20 11:24:33 +02:00
Nikola Knežević
53f42f245a
oauth2_proxy: 5.1.1 -> 6.0.0 (#93121)
The new release fixes one of the outstanding CVEs against oauth2_proxy:
https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv.

In addition, rename the owner and the project name to reflect the
changes upstream (it now belongs to the oauth2-proxy organization, and
the name is oauth2-proxy)
2020-07-19 22:08:33 -07:00
aszlig
4e92b613cc
nixos/wireguard: Fix mismatched XML tag
Build error introduced in fe7053f75a:

  parser error : Opening and ending tag mismatch: commmand line 6139 and command
  escription><para>Base64 preshared key generated by <commmand>wg genpsk</command>
                                                                                 ^
Writing "command" with only two "m" fixes building the NixOS manual.

Signed-off-by: aszlig <aszlig@nix.build>
2020-07-20 00:14:44 +02:00
Jörg Thalheim
1c26e6baec
Merge pull request #93474 from tnias/fix20200719 2020-07-19 21:07:05 +01:00
Philipp Bartsch
fe7053f75a nixos/wireguard: fix typos and unify formatting 2020-07-19 14:57:39 +02:00
Janne Heß
f459122ea3
nixos/gitlab: Support extra config for shell 2020-07-18 16:46:33 +02:00
Janne Heß
e9bf4ca80f
nixos/gitlab: Make redis URL configurable
We run Redis via Unix socket
2020-07-18 16:28:59 +02:00
Janne Heß
026b4eb3ae
nixos/gitlab: Drop sidekiq PID file
> WARNING: PID file creation will be removed in Sidekiq 6.0, see #4045.
Please use a proper process supervisor to start and manage your
services

Since NixOS uses a proper process supervisor AND does not use the PID
file anywhere, we can just drop it to be upwards compatible and fix that
warning.
2020-07-18 16:00:04 +02:00
Janne Heß
a44b2cdd3a nixos/systemd: Implement a packages option for tmpfiles
Also drop the `portables` tmpfiles because the file is missing in the
systemd derivation.
2020-07-18 00:03:47 +02:00
WilliButz
c8a29f640a
Merge pull request #93291 from mdlayher/mdl-mmexporter
prometheus-modemmanager-exporter: init at 0.1.0, add NixOS module
2020-07-17 20:02:56 +02:00
Matt Layher
a58346a5ee
nixos/prometheus-modemmanager-exporter: new module
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-07-17 13:54:58 -04:00
Janne Heß
25bad1f9b8
nixos/gitlab: Fix extra-gitlab.rb
Line 794 removes the entire directory, rendering the tmpfiles rule
useless.

cc @bgamari @talyz
2020-07-17 19:34:49 +02:00
Izorkin
8129816f98 nixos/unit: add 'tmp' directory 2020-07-17 19:46:56 +03:00
Lassulus
b6eca9a2af
Merge pull request #93104 from Kloenk/moodle-plugins
nixos/moodle: add plugins
2020-07-17 17:47:11 +02:00
claudiiii
2d468be964 nixos/matrix-synapse: update documentation 2020-07-17 16:28:12 +02:00
Finn Behrens
832d2289c3
moodle: update to 3.9.1
use phpEnv to provide xmlrpc
2020-07-16 23:48:08 +02:00
Philip Potter
e4029c34fc yubikey-agent: init at 0.1.3
This adds yubikey-agent as a package and a nixos module.

On macOS, we use `wrapProgram` to set pinentry_mac as default in PATH;
on Linux we rely on the user to set their preferred pinentry in PATH.
In particular, we use a systemd override to prefix PATH to select a
chosen pinentry program if specified.

On Linux, we need libnotify to provide the notify-send utility for
desktop notifications (such as "Waiting for Yubikey touch...").

This might work on other flavors of unix, but I haven't tested.

We reuse the programs.gnupg.agent.pinentryFlavor option for
yubikey-agent, but in doing so I hit a problem: pinentryFlavour's
default value is specified in a mkDefault, but only conditionally.  We
ought to be able to pick up the pinentryFlavour whether or not gpg-agent
is running.  As a result, this commit moves the default value to the
definition of programs.gnupg.agent.enable.
2020-07-16 15:29:33 +01:00
Milan Pässler
1a5f3d133d Revert "nixos/jicofo: use ExecStart instead of script"
This reverts commit d3a26a5ecd.
Using ServiceConfig.ExecStart instead of script lead to the content not
being executed in a shell anymore, which broke the secrets being read
from a file and passed as a command line parameter.
2020-07-15 21:41:29 +02:00
Florian Klink
e99389a942
Merge pull request #93001 from aanderse/gitolite
nixos/gitolite: provision data directory only before service begins
2020-07-14 20:40:35 +02:00
Atemu
206dc0cfac spotifyd: make option link clickable 2020-07-14 08:34:28 +02:00
Roman Sharapov
d53d13b6ee nixos/buildbot: enable configurable keepalive for buildbot worker
In the current implementation, there's no possibility to modify the default
parameter for keepalive. This is a number that indicates how frequently
keepalive messages should be sent from the worker to the buildmaster,
expressed in seconds. The default (600) causes a message to be sent to
the buildmaster at least once every 10 minutes.

If the worker is behind a NAT box or stateful firewall, these messages
may help to keep the connection alive: some NAT boxes tend to forget about
a connection if it has not been used in a while. When this happens, the
buildmaster will think that the worker has disappeared, and builds will
time out. Meanwhile the worker will not realize than anything is wrong.
2020-07-13 13:07:20 -04:00
Aaron Andersen
5e32ec39ca nixos/gitolite: provision data directory only before service begins 2020-07-12 09:19:00 -04:00
Florian Klink
8c0708f0bb
Merge pull request #91424 from i077/restic-rclone-opts
nixos/restic: Add rclone options
2020-07-11 23:57:47 +02:00
Maximilian Bosch
3d9c143b77
Merge pull request #91895 from kristoff3r/jupyter-service
Improve jupyter service
2020-07-11 18:03:31 +02:00
Justin Humm
ce111fcc26
Merge pull request #92225 from bachp/unifi-5.13.32
unifiStable: 5.13.29 -> 5.13.32
2020-07-11 17:14:19 +02:00
worldofpeace
747fb48c72
Merge pull request #85065 from worldofpeace/autologin-unified
nixos/displayManager: make autoLogin options independent of DM type
2020-07-10 00:04:41 -04:00
worldofpeace
490cd7889e nixos/displayManager: make autoLogin options independent of DM type
Co-authored-by: volth <volth@volth.com>
2020-07-09 21:15:35 -04:00
lewo
9534da25bf
Merge pull request #90115 from asbachb/postfix-tls
postfix: Replaced config key by recommendation and introduced usage of system trust store
2020-07-09 20:29:49 +02:00
Milan Pässler
d3a26a5ecd nixos/jicofo: use ExecStart instead of script 2020-07-09 00:25:30 +02:00
Milan Pässler
5ff05249cf nixos/jitsi-meet: allow more room names 2020-07-09 00:20:34 +02:00
Milan Pässler
dcc12e4df6 nixos/jitsi-meet: enableACME by default 2020-07-09 00:20:34 +02:00
Milan Pässler
1a071343f2 nioxs/jicofo: use existing generator 2020-07-09 00:00:05 +02:00
Martin Milata
3f68a83c88 nixos/jitsi-meet: init 2020-07-09 00:00:04 +02:00
Martin Milata
47c38f00b2 nixos/jicofo: init 2020-07-09 00:00:04 +02:00
Martin Milata
c695d57895 nixos/jitsi-videobridge: init 2020-07-09 00:00:04 +02:00
Maximilian Bosch
87d7f0f0f3
Merge pull request #92329 from asbachb/roundcube/add-message-size
roundcube: Added new option `maxAttachmentSize` to configure max attachment size
2020-07-08 11:22:14 +02:00
Maximilian Bosch
5bc22adb5a
nixos/manual: fix build
Option names must be `opt-<full-option-name>` in docbook XML.
2020-07-08 11:09:01 +02:00
worldofpeace
aba048f0bf
Merge pull request #92587 from worldofpeace/session-settings-update
Pantheon updates 2020-07-07
2020-07-08 01:01:05 -04:00
Benjamin Asbach
12e0d726fd roundcube: Added new option maxAttachmentSize to configure the maximum attachment size
The multiplication is used since roundcube uses only 70% of the php configured upload size.
2020-07-08 01:22:28 +02:00
worldofpeace
eb3c53b4e9 nixos/pantheon: update greeter whitelist to new wording
This was a simple non fatal deprecation.

https://github.com/elementary/wingpanel/pull/326
2020-07-07 11:35:21 -04:00
Samuel Gräfenstein
82cf1d9dcd
nixos/plasma5: Noto Mono -> Noto Sans Mono
The font has been renamed.
See https://github.com/googlefonts/noto-fonts/pull/1029
2020-07-07 17:07:27 +02:00
Kristoffer Søholm
80a7a4295a nixos/jupyter: add package and command options 2020-07-07 15:00:49 +02:00
Michele Guerini Rocco
fc553c0bc5
Merge pull request #89773 from rnhmjoj/ncdns
ncdns: init at 0.0.10.3
2020-07-07 10:58:55 +02:00
Imran Hossain
7dd656a037 nixos/restic: Add options for rclone repositories 2020-07-06 10:27:55 -04:00
Eric Wolf
8af58eda12
postfix: Add submissions option for postfix and test (#91691)
RFC 8314 suggests, for end user submission of
mails, SMTP over TLS on port 465 should be used.

Closes #91690
2020-07-06 03:37:56 +02:00
Benjamin Hipple
152a29fef8
Merge pull request #77557 from c0deaddict/feature/nginx-sso-package-option
nixos/nginx.sso: add package option
2020-07-05 21:24:22 -04:00
Benjamin Hipple
1e835d98c5
Merge pull request #89498 from 0x4A6F/master-xandikos
xandikos: 0.1.0 -> 0.2.2
2020-07-05 20:04:50 -04:00
Vincent Breitmoser
5395397fd6 nixos/nix-daemon: work on buildMachines submodule 2020-07-05 16:51:55 +02:00
John Ericson
1ed248eac2 nixos/nix-daemon: Organize buildMachine options with a submodule 2020-07-05 16:51:55 +02:00
Benjamin Asbach
632104e5a4 postfix: deprecated sslCACert in favour of tlsTrustedAuthorities
`sslCACert` was used for trust store of client and server certificates. Since `smtpd_tls_ask_ccert` defaults to no the setup of `smtpd_tls_CApath` was removed.

>By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty.
see http://www.postfix.org/postconf.5.html#smtpd_tls_CAfile
2020-07-05 14:53:34 +02:00
Benjamin Asbach
9d697837f0 postfix: used recommended configuration key to enable tls
> With Postfix 2.3 and later use smtp_tls_security_level instead.

http://www.postfix.org/postconf.5.html#smtp_use_tls
2020-07-05 14:50:40 +02:00
worldofpeace
d3a40e7cfc
Merge pull request #92270 from samuelgrf/fix/whether-typo
nixos/*: fix misspellings of whether
2020-07-04 09:34:28 -04:00
Samuel Gräfenstein
5bb0b72720
nixos/*: wheter -> whether 2020-07-04 15:20:41 +02:00
Samuel Gräfenstein
850d7d1790
nixos/*: wether -> whether 2020-07-04 15:17:03 +02:00
Pascal Bach
3e7d650bcc nixos/unifi: restart service on package update
Currently the service doesn't detect if on of the packages is updated
and doesn't restart.

By manually adding a trigger we make sure the service restarts if any of
the involved packages update.
2020-07-03 22:34:29 +02:00
Peter Hoeg
8bc7721fb1
Merge pull request #91765 from asdf8dfafjk/onedrive_module
nixos/onedrive: init
2020-07-03 10:08:42 +08:00
Vincent Ambo
c0122d335b nixos/openldap: add option for configuring OpenLDAP package to use
In certain cases, for example when custom OpenLDAP modules are
compiled into the binary, users may want to override the package used
for OpenLDAP.

This is especially common in setups where LDAP is the primary
authentication source, as good password hashing mechanisms need to be
enabled as extra modules.
2020-07-01 20:49:04 +01:00
_
a3b0864bb0 nixos/onedrive: init 2020-06-29 19:56:41 +05:30
misuzu
fc9f994ee5
nixos/gitlab-runner: add more global options (#86946) 2020-06-29 13:35:21 +00:00
Florian Klink
aed85b7279
Merge pull request #85223 from arianvp/acme-fix-nginx-after
nixos/acme: Fix ordering of certificate requests (#81482)
2020-06-29 10:17:25 +02:00
Linus Heckemann
5b8b201e44 Revert "traefik: unify TOML generation"
This reverts commit a5e6901702.

yj doesn't distinguish floats and ints, which breaks some configs.
2020-06-29 09:34:41 +02:00
Robert Schütz
595a3d14b7
Merge pull request #91168 from dotlambda/radicale-3.0.3
radicale: 2.1.11 -> 3.0.3
2020-06-28 12:48:56 +02:00
Graham Christensen
38060ee399
Merge pull request #91666 from Atemu/undervolt-warning
undervolt: clarify that the service is unofficial
2020-06-27 08:39:55 -04:00
Atemu
2c7402b54d undervolt: clarify that the service is unofficial
The original warning almost made it sound like the service was made by or
somehow connected to Intel which is not the case
2020-06-27 14:21:58 +02:00
Christoph Hrdinka
b2655b6a34
Merge pull request #91514 from NinjaTrappeur/nin-fix-nsdconf
nixos/nsd: symlink conf file to /etc/nsd
2020-06-26 23:24:30 +02:00
Marek Mahut
bb7c60708a
Merge pull request #91497 from 1000101/blockbook
nixos/blockbook-frontend: init
2020-06-26 21:17:36 +02:00
Félix Baylac-Jacqué
7020dc8eac
nixos/nsd: symlink conf file to /etc/nsd
We remove the configFile build flag override in the NixOS module.

Instead of embedding the conf file link to the binaries, we symlink it
to /etc/nsd/nsd.nix, the hardcoded config file location for the
various CLI nsd utilities.

This config file build option override is triggerring a nsd rebuild
for each configuration change. This prevent us to use the nixos cache
in many cases.

Co-authored-by: Erjo <erjo@cocoba.work>
2020-06-26 20:18:33 +02:00
1000101
de3c56ffd8 nixos/blockbook-frontend: init 2020-06-26 16:16:49 +02:00
Michael Fellinger
d1c4bf967b
ssm-agent: 2.0.633.0 -> 2.3.1319.0 2020-06-26 12:43:27 +02:00
zowoq
29b75dc074
Merge pull request #91458 from mdlayher/mdl-corerad-0.2.7
corerad: 0.2.6 -> 0.2.7
2020-06-26 09:45:59 +10:00
Kim Lindberger
c00bf081d9
Merge pull request #88940 from stigtsp/package/convos-init
convos: init at 4.22
2020-06-25 09:32:33 +02:00
Matt Layher
09f0d65317
nixos/corerad: set systemd unit Type=notify
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-24 22:09:20 -04:00