Commit Graph

10816 Commits

Author SHA1 Message Date
Florian Klink
9de5cbca45
Merge pull request #128079 from flokli/serial-getty-keep-baud
nixos/getty: add missing --keep-baud
2021-06-25 22:31:02 +02:00
Florian Klink
ba42d639f1 nixos/getty: add missing --keep-baud
systemd ships `units/serial-getty@.service.m4` with the `--keep-baud`
option.

We override that unit, and didn't add the `--keep-baud` option. (We have
it in our other getty options there).

Having `--keep-baud` in `serial-getty@` makes a lot of sense - the
console keeps working if it's initialized with a less standard baud
rate, such as the [Helios64](https://wiki.kobol.io/helios64/intro/).
2021-06-25 09:56:54 +02:00
Yureka
2297eb35e5 nixos/gitlab: require at least postgresql 12 2021-06-25 01:21:19 +02:00
Martin Weinelt
9cc60287dc
Merge pull request #127554 from mweinelt/babel
nixos/babeld: update hardening
2021-06-23 21:53:20 +02:00
Niklas Hambüchen
959c4e82bc
Merge pull request #100255 from nh2/sshd-default-log-level-info
sshd service: Default to INFO logLevel (upstream default)
2021-06-23 02:06:54 +02:00
Niklas Hambüchen
4bd5f1115f
Merge pull request #127166 from nh2/xserver-config-mkAfter-docs
services.xorg.config: Extend docs
2021-06-23 01:55:58 +02:00
Niklas Hambüchen
a48fea4c5e sshd service: Default to INFO logLevel (upstream default).
The previous justification for using "VERBOSE" is incorrect,
because OpenSSH does use level INFO to log "which key was used
to log in" for sccessful logins, see:
6247812c76/auth.c (L323-L328)

Also update description to the wording of the sshd_config man page.

`fail2ban` needs, sshd to be "VERBOSE" to work well, thus
the `fail2ban` module sets it to "VERBOSE" if enabled.

The docs are updated accordingly.
2021-06-23 01:49:11 +02:00
Niklas Hambüchen
e85693afde
Merge pull request #127157 from nh2/xserver-readable-config-indentation
xserver: Generate readable config indentation
2021-06-23 01:16:50 +02:00
Maximilian Bosch
5aad4e73b6
privacyIDEA: 3.5.2 -> 3.6
ChangeLog: https://github.com/privacyidea/privacyidea/releases/tag/v3.6

Unfortunately we have to use `sqlalchemy` at 1.3 for `sqlsoup`. As
`sqlalchemy` is required by a lot of packages, I decided to move this
package out of `pythonPackages` itself and instantiate a new
`pythonPackages` inside the expression where `sqlalchemy` points to
`sqlalchemy_1_3`.
2021-06-22 15:36:36 +02:00
Konrad Borowski
447b1cf03d nixos/prometheus: allow state access for service only
There is no reason for Prometheus state files to be
world-readable.
2021-06-21 10:16:47 +02:00
Sandro
84a79c2f0f
Merge pull request #126284 from aanderse/zabbix-user-params
zabbixAgent: add bash to $PATH
2021-06-20 17:58:43 +02:00
Sandro
e6a012fb00
Merge pull request #127063 from talyz/fail2ban-restart
nixos/fail2ban: Remove `reloadIfChanged = true`
2021-06-20 17:57:57 +02:00
Martin Weinelt
8739f8cd7b
nixos/babeld: update hardening 2021-06-20 13:52:49 +02:00
illustris
e0089c38ca nixos/jitsi-meet: include jitsi prosody plugins in prosody extraPluginPaths 2021-06-20 12:36:51 +02:00
illustris
34b9ba2e61 nixos/jitsi-meet: Update jitsi prosody configs
Changes made as per b6f7f8fba7
2021-06-20 12:36:51 +02:00
Martin Weinelt
af664bf942
Merge pull request #127127 from mweinelt/home-assistant
nixos/home-assistant: update hardening
2021-06-18 20:15:05 +02:00
Niklas Hambüchen
65d3180336 services.xorg.config: Extend docs 2021-06-17 04:08:21 +02:00
Niklas Hambüchen
685e8ff7dd xserver: Generate readable config indentation 2021-06-17 03:34:40 +02:00
Martin Weinelt
36659d1efa
nixos/home-assistant: update hardening
This makes access to serial devices contingent on using certain
components and restricts the default setup even further.
2021-06-16 21:31:24 +02:00
Sandro
22a29f491a
Merge pull request #124566 from mweinelt/synapse-jemalloc 2021-06-16 17:52:56 +02:00
talyz
b4c069b147
nixos/fail2ban: Remove reloadIfChanged = true
This makes the service fail when upgrading the package, so let's
properly restart it instead.
2021-06-16 13:52:46 +02:00
Erik Skytthe
d1b4158155
nixos/grafana: Change services.grafana.provision.datasources.*.type to be open (#126831) 2021-06-16 11:12:51 +02:00
markuskowa
5ad54b5bc9
Merge pull request #126785 from oxzi/ucarp-1.5.2
ucarp: init at 1.5.2 / nixos/ucarp: init / nixos/test/ucarp: init
2021-06-16 10:54:23 +02:00
Sandro
b8958bbfa6
Merge pull request #126874 from legendofmiracles/espanso-cleanup
espanso: add runtime dependencies correctly, nixos/espanso remove path hack
2021-06-16 03:01:18 +02:00
Martin Weinelt
60c62214f5
nixos/solanum: implement reload and allow config changes
Reload only works with a static configuration path as there is no way to
pass the dynamically generated config path to a running solanum
instance, therefore we symlink the configuration to
/etc/solanum/ircd.conf.

But that will prevent reloads of the ircd, because the systemd unit
wouldn't change when the configuration changes. That is why we add the
actual location of the config file to restartTriggers and enable
reloadIfChanged, so changes will not restart, but reload on changes.
2021-06-16 00:19:35 +02:00
Robert Hensing
c2c47cc85b
Merge pull request #126922 from hercules-ci/ssh-keys-example
nixos/ssh: Add an example of verbatim keys
2021-06-15 21:38:19 +02:00
Alvar Penning
8673a40eda nixos/ucarp: init 2021-06-15 18:13:31 +02:00
Martin Weinelt
fb49094c3f
nixos/home-assistant: NixOS is an unsupported installation method
Trying to steer NixOS users away from reporting bugs to the upstream,
when they don't have the capacity to support bugs that could be the
result of our downstreaming setup.
2021-06-15 15:31:01 +02:00
Robert Hensing
dab747106e nixos/ssh: Document authorizedKeysFiles properly 2021-06-15 12:23:09 +02:00
Robert Hensing
8352cc9a23 nixos/ssh: Add an example of verbatim keys
This confused someone on SO.
2021-06-15 11:51:41 +02:00
Bernardo Meurer
2d29f4f2e7
Merge pull request #112971 from lovesegfault/roon-bridge
roon-bridge: init at 1.8-795
2021-06-14 19:57:20 -07:00
Aamaruvi Yogamani
358aa90e30
nixos/auto-cpufreq: fix service wantedBy 2021-06-14 20:01:26 -04:00
legendofmiracles
3e7ec42d68
espanso: add runtime dependencies correctly, nixos/espanso remove path hack 2021-06-14 13:09:57 -06:00
Profpatsch
799cdbd834 tailscale: add interfaceName option
tailscale allows to specify the interface name.
The upstream systemd unit does not expose it directly however, only
via the `FLAGS` environment variable.

I can’t be 100% sure that the escaping is correct, but this is as good
as we can do for now, unless upstream changes their unit file.
2021-06-14 11:25:08 +02:00
Robert Hensing
ab11d2114e
Merge pull request #126680 from roberth/empty
emptyFile, emptyDirectory: init
2021-06-13 20:45:21 +02:00
Bernardo Meurer
c8f95fd174
nixos.roon-bridge: init 2021-06-13 03:38:42 -07:00
Sandro
3d6416cc20
nixos/synergy: add encryption support to server (#125002)
Co-authored-by: Joshua Trees <me@jtrees.io>
2021-06-12 21:35:04 +02:00
Robert Hensing
d48591123f nixos/apache-httpd: Use pkgs.emptyDirectory 2021-06-12 17:28:42 +02:00
misuzu
ad502ab5c5 nixos/sourcehut: automatically build and import qemu image for docker 2021-06-11 11:48:49 -04:00
Domen Kožar
2072bba95d
Merge pull request #125311 from jansol/pipewire
pipewire: 0.3.27 -> 0.3.30
2021-06-11 16:48:52 +02:00
Joshua Trees
706ce9e230 nixos/synergy: add encryption support
Make it possible to use the Synergy server with TLS encryption without
resorting to the GUI.
2021-06-11 14:52:34 +02:00
Maciej Krüger
3f062397a5
x2goserver: fix rename whole module 2021-06-11 09:07:23 +02:00
Maciej Krüger
6dbeea0b40
nixos/x2goserver: put into networking, like xrdp 2021-06-11 08:13:49 +02:00
Maciej Krüger
03071fd5e3
nixos/xrdp: add openFirewall option 2021-06-11 08:13:48 +02:00
Milan Pässler
55cd291bbd pleroma-otp: remove 2021-06-10 22:53:00 +02:00
Maciej Krüger
c0c34eb757
Merge pull request #125619 from mkg20001/bulky 2021-06-10 08:51:44 +00:00
Vladimír Čunát
2ee781417e
nixos/*: replace alsa* aliases
The attributes got renamed in PR #126440 and in some places this caused
evaluation errors, e.g. the tarball job was saying (locally)
> attribute 'alsaUtils' missing, at /build/source/nixos/modules/services/audio/alsa.nix:6:4
and I suspect that trunk-combined jobset's failure to evaluate was also caused.
2021-06-10 09:46:55 +02:00
Maciej Krüger
e108e51d25
nixos/desktop-managers/cinnamon: add bulky as default app 2021-06-10 09:38:47 +02:00
Robin Gloster
5a29c4d3bf
Merge pull request #126426 from rnhmjoj/gale
nixos/gale: remove
2021-06-09 20:25:49 -05:00
rnhmjoj
336130a90f
nixos/gale: remove
This should have been removed along the package in 3f7d959.
2021-06-10 02:33:10 +02:00