Commit Graph

22905 Commits

Author SHA1 Message Date
Guillaume Girol
25b4e3c741
Merge pull request #133098 from erdnaxe/nitter-hardening
nixos/nitter: systemd unit hardening
2021-08-08 14:33:23 +00:00
Artturi
c10ded1bb2
Merge pull request #131966 from ArctarusLimited/fix/containerd-restart
nixos/virtualisation/containerd: do not wipe runtime directory on restart or stop
2021-08-08 17:21:30 +03:00
Vincent Bernat
85209382c1 nginx: allow overriding SSL trusted certificates when using ACME
Some ACME providers (like Buypass) are using a different certificate
to sign OCSP responses than for server certificates. Therefore,
sslTrustedCertificate should be provided by the user and we need to
allow that.
2021-08-08 16:07:11 +02:00
Martin Weinelt
f49b03c40b
Merge pull request #123258 from mweinelt/acme-hardening 2021-08-08 15:50:24 +02:00
Martin Weinelt
a5c6a0006a
Merge pull request #130521 from Mic92/tinc
nixos/tinc: don't run as nogroup
2021-08-08 15:39:42 +02:00
Alexandre Iooss
2e8e8f2c92
nixos/nitter: test with CAP_NET_BIND_SERVICE 2021-08-08 15:29:33 +02:00
Alexandre Iooss
9898f7e072
nixos/nitter: systemd unit hardening 2021-08-08 15:28:27 +02:00
Sandro
b739a14b37
Merge pull request #121906 from ymarkus/nixos-mullvad
nixos/mullvad-vpn: fix firewall issues & remove xfix as maintainer
2021-08-08 15:03:26 +02:00
Martin Weinelt
611bc7c23b
Merge pull request #111692 from lopsided98/chrony-initstepslew-types
nixos/chrony: split the initstepslew attrset into options
2021-08-08 15:03:06 +02:00
Guillaume Girol
582a9c13b5 nixos/tests/nagios.nix: fix eval 2021-08-08 12:00:00 +00:00
erdnaxe
7a0c6cdd39
nixos/miniflux: systemd unit hardening (#133123) 2021-08-08 13:58:30 +02:00
lewo
7aa78642c5
Merge pull request #125979 from blaggacao/nixos-test-ref/03-normalse-the-python-entrypoint
nixos/test-driver: normalize the python entrypoint
2021-08-08 10:24:47 +02:00
Sandro
7f9530c7c2
Merge pull request #133083 from polykernel/yambar-patch-1 2021-08-08 06:51:26 +02:00
polykernel
bc520477f4 yambar: document breaking changes
* Previously, both the xorg and wayland backend were built into the yambar
  package. The refactor breaks up each backends to its separate, with xorg
  being the default. Thus yambar users on wayland should switch to the
  yambar-wayland package.
2021-08-08 00:05:40 -04:00
Zane van Iperen
99d8d553da nixos/gitea: init/migrate db in startup script 2021-08-08 12:48:15 +09:00
Rouven Czerwinski
06667df72b
nixos/etc: use runCommandLocal (#133037)
Instead of setting preferLocalBuild & allowSubstitutes explicitly, use
runCommandLocal which sets the same options.
2021-08-07 14:56:21 -04:00
Martin Weinelt
4704dc2f1b
Merge pull request #130625 from rski/openrazer 2021-08-07 15:32:04 +02:00
Pascal Bach
463be7303e
Merge pull request #118855 from bachp/unifi-harden
nixos/unifi: harden service
2021-08-07 14:48:25 +02:00
Domen Kožar
2904cd7521
Merge pull request #132883 from Kranzes/bump-pipewire
pipewire: 0.3.32 -> 0.3.33
2021-08-07 12:47:25 +02:00
Sandro
53947a60c1
Merge pull request #132735 from ivan/victoriametrics-panic
nixos/victoriametrics: set LimitNOFILE=1048576 to fix panic and restart loop
2021-08-07 12:34:31 +02:00
Sandro
3384abd78a
Merge pull request #127711 from eadwu/nvidia_x11/127693 2021-08-07 12:24:35 +02:00
Romanos Skiadas
465c9269dd nixos/openrazer: Add a users option 2021-08-07 12:10:43 +03:00
Romanos Skiadas
42c6771744 nixos/openrazer: Change plugdev group to openrazer
For security reasons, and generally, it is best to create a more fine
grained group than plugdev. This way users that wish to tweak razer
devices don't have access to the entire plugdev group's permissions.

This is of course a breaking change.
2021-08-07 12:09:44 +03:00
Ninjatrappeur
d00f146ca5
Merge pull request #132932 from NinjaTrappeur/nin-fix-prosody-test
nixos/nixosTests.prosody: extend self-signed cert expiration date
2021-08-07 10:29:11 +02:00
Edmund Wu
573aae39e2
nixos/modules: assertion for required PM files 2021-08-07 01:41:58 -04:00
Tom Fitzhenry
5d0bd88cdd programs/calls: init 2021-08-07 15:07:18 +10:00
Artturi
8072e71d8e
Merge pull request #132853 from peterhoeg/f/devmon
Revert "nixos/devmon: add systemd service"
2021-08-07 02:34:09 +03:00
Artturi
7d45138e68
Merge pull request #127402 from sigprof/nixos-ssh-askpass-args
nixos/ssh: fix passing arguments to ssh-askpass
2021-08-07 02:30:28 +03:00
Félix Baylac-Jacqué
6325d15e90
nixosTests.prosody: extend- self-signed cert expiration date
The test certificate expiration date was set to the default 30 days.
This certificate is generated through its own derivation. As with
every derivation, it gets cached by cache.nixos.org once we build it.

In practice, we rebuild this derivation only if one of its input
changes. The only inputs here being openssl and stdenv.

While it's not an issue on the unstable branches, it can be
problematic on a stable release: the test will fail after 30 days.

Extending the certificate lifespan from 1 month to 100 years to prevent
it from getting expired while being cached.

See
https://github.com/NixOS/nixpkgs/pull/132898#issuecomment-894495057
for more context.
2021-08-06 23:46:17 +02:00
Timothy DeHerrera
cc455c004a
Merge pull request #132895 from poscat0x04/chrony-dns
nixos/chrony: wait for DNS services to start up before starting
2021-08-06 13:02:08 -06:00
Maximilian Bosch
67a5d63b33
Merge pull request #131867 from maxeaubrey/traefik_2.4.12
traefik: 2.4.8 -> 2.4.13
2021-08-06 18:55:07 +02:00
Ilan Joselevich
a876500f5d pipewire: updated JSON configs 2021-08-06 16:50:56 +03:00
Poscat
6e3cecf1f7
nixos/chrony: wait for dns services to start up before starting 2021-08-06 21:03:55 +08:00
Michal Sojka
a2943e74e3 nixos/nullmailer: Create "failed" directory
Nullmailer expects that this directory exists (see
073f4e9c5d/doc/nullmailer-send.8 (L185)).
When it doesn't and an email cannot be sent due to a permanent failure
or has been in the queue longer than queuelifetime (7 days), message
"Can't rename file: No such file or directory" starts appearing in the
log and nullmailer never sends "Could not send message" notification.
This means that the user may never learn that his email was not
delivered.
2021-08-06 10:48:19 +02:00
Peter Hoeg
8b167a0c11 Revert "nixos/devmon: add systemd service"
This reverts commit 1db44c4ff1.
2021-08-06 13:43:24 +08:00
Jörg Thalheim
de5a599492
Merge pull request #130429 from Ninlives/yubico_chlrep
nixos/pam: allow users to set the path to store yubikey challenge file
2021-08-06 05:23:10 +01:00
David Arnold
926fb93968
nixos/tests/test-driver: normalise test driver entrypoint(s)
Previously the driver was configured exclusively through convoluted
environment variables.

Now the driver's defaults are configured through env variables.

Some additional concerns are in the github comments of this PR.
2021-08-05 19:07:11 -05:00
David Arnold
2937038bf3
lib/modules: add mkImageMediaOverride docs 2021-08-05 18:53:59 -05:00
Jörg Thalheim
8c5c0d6748 nixos: fix zinputrc on flake-enabled systems 2021-08-05 22:19:37 +02:00
Michael Weiss
c4c087da21
nixos/tests/signal-desktop: Improve the DB test
The command "file ~/.config/Signal/sql/db.sqlite | grep 'db.sqlite: data'"
can randomly fail because "file" sometimes recognizes the "random"
(encrypted) data as something. This occasionally causes test failures,
e.g. [0] were it was recognized as "PGP Secret Sub-key -" or in another
instance as an ext4 filesystem [1].

[0]: https://github.com/NixOS/nixpkgs/pull/132644#issuecomment-892601504
[1]: https://social.primeos.dev/notice/A7H8VWV0KtQHUZZIsC
2021-08-05 18:26:59 +02:00
Robert Hensing
c5373ce006
Merge pull request #132593 from rycee/postgresql-backup-compression
nixos postgresql-backup: add `compression` option
2021-08-05 13:20:40 +02:00
Benjamin Smith
45c4b6b9e4
Apache Kafka: add 2.7.1 and 2.8.0 (#128043) 2021-08-05 13:01:59 +02:00
Yaroslav Bolyukin
b7e79637ba plasma5: install plasma-systemmonitor by default
As ksysguard was replaced, and it was installed by default

Signed-off-by: Yaroslav Bolyukin <iam@lach.pw>
2021-08-05 17:01:19 +09:00
Yaroslav Bolyukin
b0f1caf522 ksystemstats: init at 5.22.0
Signed-off-by: Yaroslav Bolyukin <iam@lach.pw>
2021-08-05 17:01:19 +09:00
Yaroslav Bolyukin
85dcd8d3ed ksysguard: replace with throw alias
It was deprecated in favour of system-monitor

Signed-off-by: Yaroslav Bolyukin <iam@lach.pw>
2021-08-05 17:01:19 +09:00
Sandro
99fe362cf1
Merge pull request #131576 from j0hax/mlvwm
nixos/mlvwm: init at 0.9.3
2021-08-05 09:46:02 +02:00
Ivan Kozik
fb6fbcb85c nixos/victoriametrics: set LimitNOFILE=1048576 to fix panic and restart loop
This fixes:

```
systemd[1]: Started VictoriaMetrics time series database.
victoria-metrics[379550]: 2021-08-04T19:33:39.833Z        panic        VictoriaMetrics/lib/storage/partition.go:954        FATAL: unrecoverable error when merging small parts in the partition "/var/lib/victoriametrics/data/small/2021_08": cannot open source part for merging: cannot open metaindex file in stream mode: cannot open file "/var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin": open /var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin: too many open files
victoria-metrics[379550]: panic: FATAL: unrecoverable error when merging small parts in the partition "/var/lib/victoriametrics/data/small/2021_08": cannot open source part for merging: cannot open metaindex file in stream mode: cannot open file "/var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin": open /var/lib/victoriametrics/data/small/2021_08/1228_1228_20210804184120.712_20210804184121.899_16982E83CD7A763A/metaindex.bin: too many open files
victoria-metrics[379550]: goroutine 629 [running]:
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logMessage(0xbb3ea1, 0x5, 0xc001113800, 0x1e7, 0x4)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:270 +0xc69
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logLevelSkipframes(0x1, 0xbb3ea1, 0x5, 0xbe3f8b, 0x4b, 0xc000bb3f88, 0x2, 0x2)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:138 +0xd1
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.logLevel(...)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:130
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/logger.Panicf(...)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/logger/logger.go:126
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.(*partition).smallPartsMerger(0xc0014d7980)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/partition.go:954 +0x145
victoria-metrics[379550]: github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.(*partition).startMergeWorkers.func1(0xc0014d7980)
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/partition.go:933 +0x2b
victoria-metrics[379550]: created by github.com/VictoriaMetrics/VictoriaMetrics/lib/storage.(*partition).startMergeWorkers
victoria-metrics[379550]:         github.com/VictoriaMetrics/VictoriaMetrics/lib/storage/partition.go:932 +0x6c
systemd[1]: victoriametrics.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
systemd[1]: victoriametrics.service: Failed with result 'exit-code'.
systemd[1]: victoriametrics.service: Consumed 587ms CPU time, received 6.5K IP traffic, sent 1.7K IP traffic.
systemd[1]: victoriametrics.service: Scheduled restart job, restart counter is at 2064.
systemd[1]: Stopped VictoriaMetrics time series database.
systemd[1]: victoriametrics.service: Consumed 587ms CPU time, received 6.5K IP traffic, sent 1.7K IP traffic.
systemd[1]: Starting VictoriaMetrics time series database...
```
2021-08-05 05:35:53 +00:00
Bernardo Meurer
64a2790e99
Merge pull request #130617 from zhaofengli/moonraker
moonraker: init at unstable-2021-07-18, nixos/moonraker: init
2021-08-05 02:59:59 +00:00
Zhaofeng Li
5fbdf2ef1f nixos/moonraker: init 2021-08-04 19:48:58 -07:00
Robert Helgesson
bcc7a902d5
nixos postgresql-backup: add compression option
This option allows basic configuration of the compression technique
used in the backup script. Specifically it adds `none` and `zstd` as
new alternatives, keeping `gzip` as the default.
2021-08-05 00:42:16 +02:00
Maxine Aubrey
34add8ca59
nixos/traefik: wait for first success
possible fix for #115418
2021-08-04 23:55:56 +02:00
Guillaume Girol
2eb2a255b9
Merge pull request #131255 from erdnaxe/nitter
nitter: init at unstable-2021-07-18
2021-08-04 20:25:22 +00:00
Jonathan Ringer
f1de8c02e2 nixos/rl-notes: Add mention of zfs.latestCompatibleLinuxPackges 2021-08-04 12:56:59 -07:00
davidak
872111e9d2
Merge pull request #131305 from davidak/nixos-icons-fix
nixos-icons: fix icons not installed when documentation disabled
2021-08-04 21:35:45 +02:00
Bernardo Meurer
1df5e3cdf3
nixos/hqplayerd: use upstream unit as much as possible 2021-08-04 12:15:33 -07:00
Bernardo Meurer
e242633669
nixos/hqplayerd: remove configurable user/group
The service is adamant that it must run under the right user, so let's
just enforce it.
2021-08-04 12:15:31 -07:00
Bernardo Meurer
3ccb633f85
nixos/hqplayerd: use package-provided config file instead of blank 2021-08-04 12:15:14 -07:00
Zhaofeng Li
fd435bdab7 nixos/klipper: Add default value for apiSocket 2021-08-04 12:09:15 -07:00
Bernardo Meurer
6b3d1790de
Merge pull request #132624 from lovesegfault/hqplayerd-fixes
nixos/hqplayerd: set HOME to path in state directory
2021-08-04 17:08:12 +00:00
Janne Heß
307b1253a7 nixos/neovim: Fix neovim runtime path generation 2021-08-04 09:44:04 +02:00
Bernardo Meurer
f949ce7449
nixos/hqplayerd: set HOME to path in state directory
The service likes to write files uploaded by the user to the service
user's $HOME. In our case the hqplayerd user has no home directory,
since it's a system user, and regardless we'd like to keep the service's
state contained.

With this change the unit forces HOME to point to
/var/lib/hqplayer/home, which works around the issue.
2021-08-03 23:29:31 -07:00
David Arnold
9e42d02047
lib/modules: add mkImageMediaOverride
so the underlaying use case of the preceding commit is so
generic, that we gain a lot in reasoning to give it an
appropriate name.

As the comment states:
image media needs to override host config short of mkForce
2021-08-03 18:28:14 -05:00
Bernardo Meurer
39bce8345f
Merge pull request #126798 from lovesegfault/nixos-hqplayerd
nixos/hqplayerd: init
2021-08-03 23:23:45 +00:00
Bernardo Meurer
05cba47810
nixos/hqplayerd: init 2021-08-03 15:54:23 -07:00
David Arnold
2af2d3146d
nixos/boot-media: soft-force entire fs layout
https://github.com/NixOS/nixpkgs/pull/131760 was made to avo
a speicific configuration conflict that errored out for multiple definitions of "/" when the installer where overlayed
on any existing host configuration.

---

Problem 1: It turns out that in also other mountpoints can coflict.

Solution 1: use `mkOverride 60` for all mountpoints (even for the ones unlikely causing confilct for consistency sake)

---

Problem 2: It turns out that on an installation media for a fresh machine (before formatting), we usually don't have any devices yet formatted. However defining for example `fileSystems.<nme>.device = "/dev/disk/by-label/...", in newer versions of nixos, seems to make the system startup fail. Similarily waiting for a non-existent swap device does not make the startup fail, but has a 1:30 min timeout.

Solution 2: For an installation medium, soft-override ("unless users know what they are doing") the entire `fileSystems` and `swapDevices` definitions.
2021-08-03 15:05:52 -05:00
Bernardo Meurer
974e1b51d6
Merge pull request #132519 from lovesegfault/networkaudiod
networkaudiod: init
2021-08-03 19:47:27 +00:00
adisbladis
6b5ca7a2c7
release-notes: Add notice regarding dropped Emacs aliases 2021-08-03 12:52:17 -05:00
Iceman
090f33f788 nixos/geth: Change default to snap sync
Starting in v1.10.4, go-ethereum changed the default sync mode to snap
sync. This adds "snap" as one of valid types of syncmode and updates
`services.geth.syncmode` to use it by default instead of the previous
fast sync.
2021-08-03 09:13:02 -04:00
Jörg Thalheim
f0672fa7fb
Merge pull request #129413 from ngkz/binfmt-order-fix
nixos/binfmt: run binfmt activation script after mounting /run
2021-08-03 12:20:17 +01:00
Sandro
e3ac38c730
Merge pull request #121829 from davidak/pantheon-team 2021-08-03 10:20:20 +00:00
Bernardo Meurer
a8998d11c9
nixos/networkaudiod: init 2021-08-03 01:44:41 -07:00
Bernardo Meurer
b3ca5f904a
Merge pull request #132507 from lovesegfault/roon-bridge-aarch64
roon-bridge: support aarch64-linux
2021-08-03 08:13:48 +00:00
Bernardo Meurer
cfdc62259d
nixos/roon-bridge: register module in module-list 2021-08-03 00:22:32 -07:00
davidak
bd27e2e831
Merge pull request #123045 from kira-bruneau/replay-sorcery
replay-sorcery: init at 0.5.0
2021-08-03 07:44:35 +02:00
Florian Klink
50e3b159e3
Merge pull request #131952 from yu-re-ka/feature/gitlab-14-1-1
gitlab: 14.1.0 -> 14.1.1
2021-08-03 00:13:52 +02:00
Robert Hensing
48ea8eb813
Merge pull request #132416 from turion/dev_rabbitmq-server_1.8_1.9
rabbitmq-server: 3.8.9 -> 3.9.1
2021-08-02 22:08:30 +02:00
Pascal Bach
ee50c21488
Merge pull request #111768 from misuzu/gitlab-runner-warnings
nixos/gitlab-runner: warn about possible secrets leak
2021-08-02 21:41:50 +02:00
Linus Heckemann
43f5945e9f
Merge pull request #132338 from Ma27/fix-captive-browser-startup
nixos/captive-browser: fix startup
2021-08-02 20:16:45 +02:00
davidak
8f02a4486d pantheon: add maintainers team 2021-08-02 19:09:29 +02:00
Robert Hensing
ce1485112d
Merge pull request #131390 from dminuoso/redis-fix-string-interpolation
nixos/redis: Use toString for interpolating slaveOf.port
2021-08-02 18:09:22 +02:00
Yureka
6b021012c5 nixos/tests/gitlab: disable gitlab-pages tests 2021-08-02 18:04:54 +02:00
Domen Kožar
05240cfbaa
Merge pull request #132431 from domenkozar/rtw89-firmware
enableRedistributableFirmware: add rtw89-firmware
2021-08-02 17:53:12 +02:00
Domen Kožar
749620cd4f
enableRedistributableFirmware: add rtw89-firmware 2021-08-02 17:23:54 +02:00
Robin Gloster
15ffca434e
Merge branch 'master' into meshcentral 2021-08-02 17:08:40 +02:00
Victor Nawothnig
6b317b7404 nixos/redis: Use toString for interpolating slaveOf.port 2021-08-02 16:41:37 +02:00
Manuel Bärenz
b0f33d7c2e rabbitmq-server: 3.8.9 -> 3.9.1 2021-08-02 16:19:30 +02:00
Florian Klink
b8662b8dba
Merge pull request #131948 from flokli/systemd-coredump-user
nixos/systemd: provision a systemd-coredump user
2021-08-02 16:14:49 +02:00
Ben Siraphob
c8a731593b
Merge pull request #113185 from fabaff/libreddit
libreddit: init at 0.10.1
2021-08-02 17:05:00 +07:00
Ben Siraphob
4ef4a1e62a
Merge pull request #131967 from vcunat/p/etc_os-release
nixos/version: make versions in /etc/os-release less verbose
2021-08-02 15:39:31 +07:00
Luke Granger-Brown
5a7d7dc19f nixos/display-managers: update set-session for new "SessionType" property
GDM 40.1 switched from storing X11 sessions in the "XSession" property
on AccountService to "Session" with a "x11" "SessionType".

For compatibility reasons, we should set both, since AccountService
doesn't seem to provide the compatibility for us.
2021-08-01 22:22:35 +00:00
Robert Hensing
151c2f5a20
Merge pull request #131814 from blaggacao/fix-nix-daemon-registry-type-unspecified-error
nixos/nix-daemon: fix registry flake type
2021-08-01 22:43:34 +02:00
Aaron Andersen
4fad3a2b69
Merge pull request #131020 from Artturin/uptimed-fix
uptimed nixos/uptimed: switch to /var/lib/ and fix perms
2021-08-01 15:58:36 -04:00
Aaron Andersen
7841f5f4eb
Merge pull request #129861 from vs49688/giteafix
modules/gitea: use gitea to refresh hooks and keys
2021-08-01 15:57:11 -04:00
David Arnold
ecae25c3ef
nixos/nix-daemon: fix registry flake type
Before this commit, the `flake` option was typed with `types.unspecified`.

This type get's merged via [`mergeDefaultOption`](ebb592a04c/lib/options.nix (L119-L128)), which has a line
```nix
else if all isFunction list then x: mergeDefaultOption loc (map (f: f x) list)
```

`lib.isFunction` detects an attrs in the shape of `{__functor = ...}` as
a function and hence this line substitutes such attrs with a function
(f: f x).

If now, a flake input has a `__functor` as it's output, this will
coerce the once attrs to a function. This breaks a lot of things later
in the stack, for example a later `lib.filterAttrs seive <LAMBDA>` will
fail for obious reasons.

According to @infinisil, `types.unspecified` is due to deprecation. In
the meantime this PR provides a specific fix for the specific problem
discovered.
2021-08-01 14:56:13 -05:00
Luke Granger-Brown
b5fab53628 nixos/virtualbox-image: cast baseImageFreeSpace into str
This fixes an evaluation error that's blocking the nixos-unstable
channel (#132328).
2021-08-01 18:59:08 +00:00
Ankit Pandey
910f233fb7 captive-browser: fix empty string in interface args
Fixes nmcli being passed an empty string before the interface name,
which would stop captive-browser from starting up.
2021-08-01 13:46:57 -05:00
Benjamin Asbach
f22a7ae1a8
soapui: 5.5.0 -> 5.6.0 (#131307)
Co-authored-by: Benjamin Asbach <asbachb@users.noreply.github.com>
2021-08-01 20:11:12 +02:00
Maximilian Bosch
8c35a69a6e
nixos/captive-browser: fix startup
It seems as since Chromium 92, `chromium` crashes on startup if
`XDG_CONFIG_HOME` points to a read-only (store-)path.
2021-08-01 19:04:49 +02:00
Naïm Favier
12bbb0fd7b
nixos/syncthing: fix curl not retrying on network errors 2021-08-01 15:03:41 +02:00
Profpatsch
6376458424 sane: Add support for the unfree Fujitsu ScanSnap drivers
This adds the scanner files already linked from the
`etc/sane.d/epjitsu.conf` file, which are extracted from the Windows
drivers and mirrored on GitHub.

Being a Japanese hardware vendor, Fujitsu’s software release &
licensing methods are horrifying, but their scanners are some of the
best, so we should definitly have discoverable support for them, which
this patch hopefully adds.

Inspiration was taken from the following sources:
https://www.josharcher.uk/code/install-scansnap-s1300-drivers-linux/
https://ubuntuforums.org/archive/index.php/t-1461915.html
https://github.com/stevleibelt/scansnap-firmware
2021-08-01 13:45:46 +02:00
Jörg Thalheim
9254bf3607
Merge pull request #131312 from Lassulus/vbox-size
vbox-image: add new option to set free space in image
2021-08-01 10:07:35 +01:00
Ben Siraphob
44db812a14
Merge pull request #132257 from Zopieux/simple-mpv-webui
mpvScripts.simple-mpv-webui: 1.0.0 -> 2.1.0
2021-08-01 12:10:12 +07:00
Aaron Andersen
404cd360c2
Merge pull request #129468 from jwygoda/litestream-service
nixos/litestream: init
2021-07-31 22:58:48 -04:00
Aaron Andersen
099015b2ed
Merge pull request #116578 from MatthewCroughan/node-red-service
nixos/node-red: add module
2021-07-31 22:57:26 -04:00
Alexandre Macabies
c9e991bd64 mpvScripts.simple-mpv-webui: 1.0.0 -> 2.1.0
This also adds a test. The current packaged version (1.0.0) is broken,
it cannot find relevant files.
2021-08-01 00:47:55 +02:00
Guillaume Girol
0a505c3682
Merge pull request #128141 from milogert/tt-rss-2021-06-21
tt-rss: 2021-01-29 -> 2021-06-23 and modules/tt-rss: updated config.php creation
2021-07-31 15:36:23 +00:00
Guillaume Girol
256af6b742
nixos/tt-rss: fix eval 2021-07-31 15:19:00 +00:00
Jörg Thalheim
4dba1b99ec
Merge pull request #131102 from helsinki-systems/feat/rework-etc-2
nixos/etc: Replace make-etc.sh with nix and bash
2021-07-31 03:57:59 +01:00
Martin Weinelt
b3b187315b
Merge pull request #131885 from mweinelt/kea 2021-07-31 02:21:19 +02:00
Artturin
bd8eeec9c0 {uptimed,nixos/uptimed}: switch to /var/lib/ and fix perms 2021-07-31 01:05:44 +03:00
Janne Heß
eb7120dc79
nixos/etc: Replace make-etc.sh with nix and bash
The main goal of this commit is to replace the rather fragile passing of
multiple arrays which could break in cases like #130935.
While I could have just added proper shell escaping to the variables
being passed, I opted for the more painful approach of replacing the
fragile and somewhat strange construct with the 5 bash lists. While
there are currently no more problems present with the current approach
(at least none that I know of), the new approach seems more solid and
might get around problems that could arise in the future stemming from
either the multiple-lists situation or from the absence of proper shell
quoting all over the script.
2021-07-30 21:33:13 +02:00
Jarosław Wygoda
1dcfd1e329 nixos/litestream: init 2021-07-30 17:41:54 +02:00
Alexandre Iooss
534dbcb28f
nixos/nitter: init module and test 2021-07-30 15:19:49 +02:00
Martin Weinelt
3d43cf8f21
nixos/kea: fix config reload
Because the config file gets symlinked to /etc/kea to make reloads work
we need to add restart triggers for the actual symlink targets.
2021-07-30 03:25:11 +02:00
Martin Weinelt
d902365913
nixos/bird: fix bird/bird6 description 2021-07-30 03:13:50 +02:00
Peter Ferenczy
3936313b1f nixos/firewall: document log location
Motivated by not finding the firewall log messages for an annoyingly long time.
2021-07-29 18:43:50 +02:00
Pavol Rusnak
d2e468a571
nixos/version: make versions in /etc/os-release less verbose
Fixes #127654; also see details in there.
2021-07-29 17:26:31 +02:00
Alex Zero
bd14d73794
nixos/modules/virtualisation/containerd: do not wipe runtime directory on restart or stop 2021-07-29 16:17:40 +01:00
Maciej Krüger
a4ca45acd7
nginx: add listenAddresses
This allows the user to manually specify the addresses nginx shoud 
listen on, while still having the convinience to use the *SSL options 
and have the ports automatically applied
2021-07-29 16:33:10 +02:00
Lassulus
729042fae8
Merge pull request #131794 from ncfavier/syncthing-collapse-declarative
nixos/syncthing: move declarative options to the top level
2021-07-29 15:42:33 +02:00
Naïm Favier
f114215b14
nixos/syncthing: clean up option descriptions 2021-07-29 15:20:30 +02:00
Florian Klink
7293489288 nixos/systemd: provision a systemd-coredump user
systemd-coredump tries to drop privileges to a systemd-coredump user if
present (and falls back to the root user if it's not available).

Create that user, and recycle uid 151 for it. We don't really care about
the gid.

Fixes https://github.com/NixOS/nixpkgs/issues/120803.
2021-07-29 15:00:24 +02:00
Niklas Hambüchen
82272021e2
Merge pull request #128886 from scvalex/coredns-configurable-corefile
kubernetes.addons.dns: make corefile configurable
2021-07-29 14:31:19 +02:00
Linus Heckemann
a476da0690 release notes: add meshcentral 2021-07-29 11:42:43 +02:00
Linus Heckemann
a175be0e7e nixos/meshcentral: init module 2021-07-29 11:42:42 +02:00
Frederik Rietdijk
3888701716
Merge pull request #131345 from NixOS/staging-next
Staging next
2021-07-29 10:45:20 +02:00
Jacek Galowicz
fae7252ec5
Merge pull request #131754 from blaggacao/fix-testing-invalid-node-names
nixos/testing: fix invalid node names detection
2021-07-29 09:47:19 +02:00
Milo Gertjejansen
f3b660014d
Merge branch 'master' into tt-rss-2021-06-21 2021-07-28 21:06:44 -04:00
Milo Gertjejansen
7aa2bf302a Added more detail to changelog, updated permissions in directory, and changed restartTriggers 2021-07-28 20:53:38 -04:00
github-actions[bot]
4fc7a31edb
Merge master into staging-next 2021-07-29 00:01:33 +00:00
Johannes Arnold
39f65ee33d nixos/mlvwm: init at 0.9.3 2021-07-29 01:19:05 +02:00
Sandro
fb525f4486
Merge pull request #129749 from GovanifY/discord-service
nixos/mx-puppet-discord: add module
2021-07-28 21:59:30 +00:00
Gauvain 'GovanifY' Roussel-Tarbouriech
040129fa31
nixos/mx-puppet-discord: add module 2021-07-28 23:30:24 +02:00
Eelco Dolstra
512ee6db39
nix-fallback-paths.nix: Update to 2.3.15 2021-07-28 22:45:33 +02:00
David Arnold
dc060ff8b2
nixos/testing: fix invalid node names detection
the use of python further restricts possible RFC1035 host labels since
dash is not allowed for use in python identifiers.

The previous implementation of this check was flawed, since it did not
check the `hostName` value that is actually used to construe the
identifier, but the node name, which can be anything, e.g. just `machine`.

The previous implementation, by further restricting RFC1035 labels, only
for the sake of testing seems to be an unacceptable restriction and should
be addressed separately.
2021-07-28 15:37:57 -05:00
Robert Hensing
60e0f94d3a
Merge pull request #131760 from blaggacao/fix-installer-root-fs-type-override
nixos/installer: force root fs type
2021-07-28 22:24:04 +02:00
David Arnold
c219fdffad
nixos/installer: force root fs type
installer media can be used on top of existing host configs. In such
scenarions, root fs types will already be defined.

Before this change, this will inevitably lead to the following error:
```console
error: The option `fileSystems./.fsType' has conflicting definition values:
       - In `/nix/store/2nl5cl4mf6vnldpbxhrbzfh0n8rsv9fm-source/DevOS/os/hardware/common.nix': "ext4"
       - In `/nix/store/jbch90yqx6gg1h3fq30jjj2b6h6jfjgs-source/nixos/modules/installer/cd-dvd/iso-image.nix': "tmpfs"
```

With this patch, the installers will override those values according to
their own local requirement.

Use `mkOverride 60` so that conscientious overriding specially targeted
at the installer, e.g. with `mkForce` is still straight forward.
2021-07-28 15:05:25 -05:00
Alexandru Scvortov
ed62c1c663 kubernetes: make corefile configurable 2021-07-28 20:15:57 +01:00
github-actions[bot]
6fcda9f1ec
Merge master into staging-next 2021-07-28 18:01:16 +00:00
Franz Pletz
8f40f574f8
Merge pull request #131578 from mweinelt/influxdb-exporter
prometheus-influxdb-exporter: init at 0.8.0
2021-07-28 19:47:06 +02:00
SrTobi
eff8d3bdb1 nixos/grub: implements GRUB_SAVEDEFAULT feature
Grub will remember the configuration that was booted and
select it as default menu entry the next time (#108206).
2021-07-28 18:57:08 +02:00
matthewcroughan
b9c9d52aec nixos/node-red: add test 2021-07-28 17:32:45 +01:00
matthewcroughan
badbbb7e05 nixos/node-red: add module
Adds a basic nixos module/service for node-red based on nodePackages.node-red

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
Co-authored by: Adrian Parvin Ouano <adrianparvino@gmail.com>
Co-authored-by: Norbert Melzer <nmelzer@nobbz.dev>
2021-07-28 17:30:57 +01:00
github-actions[bot]
a1d3be1d42
Merge master into staging-next 2021-07-28 12:01:16 +00:00
Sandro
ebb592a04c
Merge pull request #131694 from scvalex/enable-kubernetes-passthru-tests
kubernetes: enable passthru tests
2021-07-28 11:14:35 +00:00
Alexandru Scvortov
b9acd426df kubernetes: add passthru tests
Also defensively quote a path and reformat a comment to trigger the
right review.
2021-07-28 11:27:22 +01:00
Naïm Favier
e9b01c5c8e
nixos/syncthing: move declarative options to the top level 2021-07-28 11:30:30 +02:00
Lassulus
a66d9f9b00
Merge pull request #131737 from ncfavier/syncthing-extraOptions
nixos/syncthing: add declarative.extraOptions
2021-07-28 11:12:29 +02:00
Naïm Favier
6416b3a941
nixos/syncthing: add declarative.extraOptions
Allows setting arbitrary config options through the REST API.

Also switches to the [new](https://docs.syncthing.net/rest/config.html)
config endpoints.
2021-07-28 10:56:06 +02:00
github-actions[bot]
86197a8023
Merge master into staging-next 2021-07-28 06:01:04 +00:00
Victor Freire
9ee8bd1889 vscode-extensions: uniform extension namingconvention 2021-07-28 12:01:53 +09:00
github-actions[bot]
db6a26db02
Merge master into staging-next 2021-07-27 18:01:01 +00:00
Guillaume Girol
407ef1dc6f
Merge pull request #121530 from symphorien/wifireg
nixos: add option to load wireless regulatory database as firmware
2021-07-27 16:43:57 +00:00
Niklas Hambüchen
fe5f3f65e2 manuals: Describe how to link NixOS tests from packages 2021-07-27 17:39:33 +02:00
ajs124
ce080720fb
Merge pull request #131587 from hyperfekt/systemd-pstore
nixos/filesystems: succeed mount-pstore.service without backend
2021-07-27 14:27:15 +02:00
github-actions[bot]
2692c2e427
Merge master into staging-next 2021-07-27 12:01:20 +00:00
Ben Siraphob
b63a54f81c
Merge pull request #110742 from siraben/deprecate-fold 2021-07-27 15:13:31 +07:00
hyperfekt
b3200bc922 nixos/filesystems: succeed mount-pstore.service without backend 2021-07-26 21:02:58 +00:00
Martin Weinelt
f77710c6ba nixos/tests/prometheus-exporters/influxdb: init 2021-07-26 16:00:01 +02:00
Martin Weinelt
46ea00da23 nixos/prometheus-influxdb-exporter: init 2021-07-26 16:00:01 +02:00
Frederik Rietdijk
18347a1caf Merge master into staging-next 2021-07-26 12:40:04 +02:00
Elis Hirwing
699ea65439
Merge pull request #131118 from etu/sanoid-syncoid-improvements
nixos/{syncoid,sanoid}: Improve ZFS permission delegation
2021-07-26 11:40:51 +02:00
Elis Hirwing
764e4acee1
nixos/tests/sanoid: Improve tests by checking that no permissions are left behind 2021-07-26 11:05:52 +02:00
Elis Hirwing
bd263441e2
nixos/rl-notes/21.11: Add note about remaining syncoid permissions 2021-07-26 11:05:48 +02:00
Elis Hirwing
a9d29a1d0d
nixos/syncoid: Drop ~[at]sync from the systemcallfilter to avoid coredumps 2021-07-26 11:05:45 +02:00
Elis Hirwing
ea9d5876a0
nixos/sanoid: Reformat file with nixpkgs-fmt 2021-07-26 11:05:37 +02:00
Elis Hirwing
fa58d89b24
nixos/syncoid: Reformat file with nixpkgs-fmt 2021-07-26 11:04:28 +02:00
Elis Hirwing
b9f98165ab
nixos/sanoid: Use a function to build allow/unallow commands 2021-07-26 11:03:35 +02:00
Elis Hirwing
ecd32b8104
nixos/syncoid: Build unallow commands as a post job to drop permissions 2021-07-26 11:02:13 +02:00
Frederik Rietdijk
62370fb59a Merge remote-tracking branch 'upstream/master' into staging-next 2021-07-26 09:19:44 +02:00
Milo Gertjejansen
b0b71138c8 Merge branch 'master' of https://github.com/NixOS/nixpkgs into tt-rss-2021-06-21 2021-07-25 16:02:48 -04:00
Milo Gertjejansen
70338c53c9 Added release notes and broke date apart 2021-07-25 15:40:33 -04:00
Michael Weiss
4ec2b24603
nixos/tests/chromium: Drop the workaround for Chrome GPU crashes
This regression was fixed by 51d83077ff.
2021-07-25 12:39:45 +02:00
Michael Weiss
7b3c054514
nixos/tests/chromium: Check the version and that it's an official build
This also prints and screenshots the output of chrome://version which
contains useful information.

Outputs (stable, beta, ungoogled, chrome-stable, chrome-beta, chrome-dev):
Chromium	92.0.4515.107 (Official Build) (64-bit)
Chromium        92.0.4515.107 (Official Build) (64-bit)
Chromium        91.0.4472.164 (Official Build, ungoogled-chromium) (64-bit)
Google Chrome   92.0.4515.107 (Official Build) (64-bit)
Google Chrome   92.0.4515.107 (Official Build) beta (64-bit)
Google Chrome   93.0.4577.8 (Official Build) dev (64-bit)
2021-07-25 12:35:21 +02:00
Luke Granger-Brown
a0b7bd69ac
Merge pull request #124431 from hyperfekt/systemd-pstore
nixos/filesystems: mount-pstore.service improvements
2021-07-25 10:33:39 +01:00
Elis Hirwing
bb35e7c404
nixos/sanoid: Extract datasets rather than pools
When making new snapshots we only need to delegate permissions to the
specific dataset rather than the entire pool.
2021-07-25 10:13:17 +02:00
Elis Hirwing
70862830f0
nixos/syncoid: Extract datasets rather than pools
When sending or receiving datasets with the old implementation it
wouldn't matter which dataset we were sending or receiving, we would
always delegate permissions to the entire pool.
2021-07-25 10:12:32 +02:00
github-actions[bot]
6a5e4f2c3d
Merge master into staging-next 2021-07-25 06:01:27 +00:00
Aaron Andersen
8813af6821
Merge pull request #128724 from fortuneteller2k/nixos/iwd
nixos/iwd: add settings option
2021-07-24 23:06:42 -04:00
github-actions[bot]
a37fbac53b
Merge master into staging-next 2021-07-25 00:01:35 +00:00
Elis Hirwing
6984e68c51
Merge pull request #98455 from ju1m/syncoid-split
nixos/syncoid: split in multiple systemd services and harden them
2021-07-24 22:08:42 +02:00
github-actions[bot]
859acbc1bc
Merge master into staging-next 2021-07-24 18:01:04 +00:00
Yuka
7d24d06c71
nixos/postgresql: use postgres 13 for 21.11 (#131018)
Co-authored-by: Kim Lindberger <kim.lindberger@gmail.com>
2021-07-24 19:12:08 +02:00
Julien Moutinho
d05a1ab1e4 nixos/syncoid: split in multiple systemd services 2021-07-24 11:26:28 +02:00
lassulus
a6700d75f3 vbox-image: add new option to set free space in image 2021-07-24 09:33:10 +02:00
davidak
aa8373ab1b nixos-icons: fix icons not installed when documentation disabled 2021-07-24 06:50:01 +02:00
github-actions[bot]
cb1426e30a
Merge staging-next into staging 2021-07-23 18:01:46 +00:00
Bernardo Meurer
f7e77f65ee
Merge pull request #131173 from zhaofengli/klipper-cfg-list
nixos/klipper: Allow lists as values for gcode_macro
2021-07-23 08:57:12 -07:00
Sandro
42c7bd28e3
Merge pull request #131215 from Ma27/bump-grocy
grocy: 3.0.1 -> 3.1.0
2021-07-23 17:53:35 +02:00
fortuneteller2k
6ea6734f71 nixos/iwd: add settings option 2021-07-23 23:06:15 +08:00
Benjamin Asbach
9fd41a9a5b
tuxguitar: 125945 (#131028)
* tuxguitar: Ensure that tuxguitar is launched with java 8 comtabilbe jre and libraries as greate java version is not supported

* tuxguitar: Added test to verify application starts without problems

* tuxguitar: 1.5.2 -> 1.5.4
2021-07-23 10:02:20 -04:00
github-actions[bot]
3bc17773a5
Merge staging-next into staging 2021-07-23 12:02:01 +00:00
Maximilian Bosch
ccd348f846
Merge pull request #129732 from nivadis/patch-2
nextcloud: remove expires header
2021-07-23 12:29:52 +02:00
Jörg Thalheim
e2561ba61f
Merge pull request #129408 from kurnevsky/swap-luks-discards
nixos/swap: allow luks discards if swap discards are enabled
2021-07-23 11:11:04 +01:00
Maximilian Bosch
07b51f58df
grocy: 3.0.1 -> 3.1.0
ChangeLog: https://github.com/grocy/grocy/releases/tag/v3.1.0
2021-07-23 11:45:31 +02:00
Michael Weiss
70d1af74df
Merge pull request #131190 from primeos/nixos-tests-chromium
chromium: Check the text rendering
2021-07-23 10:59:28 +02:00
Robert Hensing
98352288bd
Merge pull request #128032 from Artturin/add-swap-options
nixos/swap: add options option
2021-07-23 10:45:53 +02:00
Michael Weiss
11400dcd65
chromium: Check the text rendering
This should catch regressions like #131074 in the future. In that case a
glibc update caused a regression that caused most of the text to become
invisible (just not the "Web Store" we've already been checking for).
2021-07-23 10:15:25 +02:00
Michele Guerini Rocco
75c433e911
Merge pull request #125704 from zanculmarktum/fix/kbd-search-paths
kbd: update search-paths.patch
2021-07-23 08:14:53 +02:00
github-actions[bot]
efbc139f5d
Merge staging-next into staging 2021-07-23 06:01:46 +00:00
Zhaofeng Li
34d2b83291 nixos/klipper: Allow lists as values for gcode_macro 2021-07-22 22:01:44 -07:00
Samuel Dionne-Riel
3af210329f
Merge pull request #131151 from tomfitzhenry/patch-1
nixos/iio: mention iio-sensor-proxy in option description
2021-07-23 00:27:37 -04:00
Tom
5409235160 nixos/iio: mention iio-sensor-proxy in option description
In https://github.com/NixOS/nixpkgs/pull/131094 I mistakenly created a new NixOS module for iio-sensor-proxy because I did not know about `hardware.sensor.iio`.

To help people find `hardware.sensor.iio`, include the string "iio-sensor-proxy" in the description.

To search for an iio-sensor-proxy module, I tried in vain:
* `find -iname '*iio-sensor-proxy*'`
* https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&query=iio-sensor-proxy
    * This PR will ensure this search query finds `hardware.sensor.iio`
2021-07-23 11:10:30 +10:00
Florian Klink
013e089000
Merge pull request #130503 from flokli/nss-fix-ordering
nixos/systemd: fix NSS database ordering
2021-07-23 02:28:32 +02:00
github-actions[bot]
dda98f3673
Merge staging-next into staging 2021-07-23 00:01:58 +00:00
Martin Weinelt
b09661d41f
Merge pull request #129644 from NixOS/home-assistant 2021-07-23 01:16:55 +02:00
Martin Weinelt
a284c01d2a nixos/home-assistant: allow serial access for the zwave component 2021-07-23 00:27:16 +02:00
github-actions[bot]
0b0a8c7c9a
Merge staging-next into staging 2021-07-22 18:01:39 +00:00
Martin Weinelt
70774da509
Merge pull request #130853 from mweinelt/pppd 2021-07-22 20:00:00 +02:00
Sandro
ead8cf4fc9
Merge pull request #128841 from Artturin/udevil 2021-07-22 15:55:21 +02:00
Maximilian Bosch
15dab3835f
Merge pull request #128649 from nrdxp/fix-unstable-nix-zsh-completions
zsh: fix nixUnstable completions
2021-07-22 14:58:20 +02:00
github-actions[bot]
9f3ace4591
Merge staging-next into staging 2021-07-22 00:02:07 +00:00
Maximilian Bosch
65d60ae78b
Merge pull request #130062 from nh2/plausible-fix-shell-scripting-errors
nixos/plausible: Fix shell scripting errors, runtime fixes
2021-07-22 00:27:56 +02:00
Timothy DeHerrera
6dbf8c0409
zsh: include completions for nix-* commands 2021-07-21 15:55:25 -06:00
Timothy DeHerrera
9ad645dce8
zsh: format module with nixpkgs-fmt 2021-07-21 15:55:25 -06:00
Timothy DeHerrera
d687fe88fd
zsh: remove conflicting nixUnstable completions 2021-07-21 15:55:22 -06:00
Pavol Rusnak
f4860dc785
Merge pull request #130945 from mdlayher/mdl-corerad-docs
nixos/corerad: update link to reference configuration file
2021-07-21 23:12:47 +02:00
Andreas Rammhold
ef9be9288b
Merge pull request #124799 from rissson/nixos-unbound-fix-124780
nixos/unbound: fix define-tag option
2021-07-21 22:08:44 +02:00
Martin Weinelt
78b21f405c
Merge pull request #127461 from maxeaubrey/NetworkManager-1.32.0 2021-07-21 20:03:32 +02:00
Maxine Aubrey
ea125a5fd9
nixos/nftables: set nm's firewallBackend when on
when enabled, switch networkmanager's firewallBackend option to nftables
2021-07-21 19:27:30 +02:00
Martin Weinelt
ee26807e35
nixos/pppd: allow AF_NETLINK
The pppd daemon starting with version 2.4.9 uses rtnetlink to configure
the ipv6 peer address on the ppp interface. It therefore requires
allowing AF_NETLINK sockets.
2021-07-21 16:38:51 +02:00
Matt Layher
5c17e35a31
nixos/corerad: update link to reference configuration file
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2021-07-21 10:35:48 -04:00
Ben Siraphob
1308c47b1f
Merge pull request #130864 from pstn/mingw-64
mingw-64: 6.0.0 -> 9.0.0
2021-07-21 21:22:34 +07:00
Martin Weinelt
8abcc6ba09
nixos/pppd: replace CAP_SYS_ADMIN with CAP_BPF
The kernel before version 5.7 required CAP_SYS_ADMIN to conduct BPF
operations. After that a separate capability CAP_BPF was created, which
should be sufficient in this scenario and will further tighten the
sandbox around our pppd service.

Tested on my personal DSL line.
2021-07-21 15:20:47 +02:00
Michael Weiss
12e7ee0f31
Merge pull request #130877 from primeos/chromium
chromium: 91.0.4472.164 -> 92.0.4515.107
2021-07-21 11:38:02 +02:00
Michael Weiss
97570d30c7
chromium: 91.0.4472.164 -> 92.0.4515.107
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html

This update includes 35 security fixes.

CVEs:
CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568
CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573
CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577
CVE-2021-30578 CVE-2021-30579 CVE-2021-30580 CVE-2021-30581
CVE-2021-30582 CVE-2021-30583 CVE-2021-30584 CVE-2021-30585
CVE-2021-30586 CVE-2021-30587 CVE-2021-30588 CVE-2021-30589

Note: This won't be the smoothest update. Chromium seems to be fine but
requires gtk3 in $LD_LIBRARY_PATH to find libgtk-3.so.0 (otherwise it
crashes during startup) but Google Chrome fails to initialize
("GPU process exited unexpectedly: exit_code=132") and requires
"--use-gl=angle --use-angle=swiftshader" for hardware(?) acceleration
(which seems to work work fine and performant but SwiftShader should
actually use the CPU instead of the GPU).
2021-07-21 11:20:38 +02:00
Ryan Mulligan
b8d3210113
Merge pull request #130852 from seqizz/g_clipcat
nixos/clipcat: add user service module
2021-07-20 18:56:21 -07:00
Maxine Aubrey
aa7608d7de
nixos/networkmanager: add firewallBackend option 2021-07-21 00:16:34 +02:00
Philipp
c60a0b0447
mingw-64: 6.0.0 -> 9.0.0 2021-07-20 22:34:50 +02:00
Gürkan Gür
d3c568e16a nixos/clipcat: add user service module 2021-07-20 21:40:58 +02:00
github-actions[bot]
61eb7e2e9e
Merge master into staging-next 2021-07-20 18:01:04 +00:00
Artturin
c971de97c4 nixos/swap: add options option 2021-07-20 20:51:27 +03:00
Graham Christensen
da9f3c0598
Merge pull request #130291 from DeterminateSystems/buildkite-agent-metrics
buildkite-agent-metrics: init at 5.2.1, nixos/prometheus-buildkite-agent-exporter: init
2021-07-20 12:22:45 -04:00
Domen Kožar
314f595ab1
Merge pull request #130538 from Ma27/bump-nixstable
nixStable: 2.3.12 -> 2.3.14
2021-07-20 17:09:20 +02:00
Maximilian Bosch
e66237af15
nixStable: 2.3.12 -> 2.3.14
Changes: https://github.com/NixOS/nix/compare/2.3.12...2.3.14

Since this is a bugfix release that wasn't pushed to `nixpkgs`, I
decided to take care of it.

As it's usually done in `upload-release.pl`[1], I updated the
fallback-paths accordingly and used eval `1687468`[2] for this with Nix
2.3.14.

Also added a fallback-path for `aarch64-darwin` as Nix 2.3.14 seems to
support this now[3].

[1] https://github.com/NixOS/nix/blob/2.3-maintenance/maintainers/upload-release.pl
[2] https://hydra.nixos.org/eval/1687468
[3] 14262b86cc
2021-07-20 17:06:51 +02:00
Maximilian Bosch
72d1d4cb20
Merge pull request #130778 from mayflower/tigervnc-tests-and-no-proprietary-fonts
Tigervnc tests and no proprietary fonts
2021-07-20 17:00:09 +02:00
Ingo Blechschmidt
5143ab9f74 tigervnc, tightvnc: add basic tests
Co-Authored-By: Ingo Blechschmidt <iblech@web.de>
2021-07-20 15:22:31 +02:00
github-actions[bot]
3202dd166c
Merge master into staging-next 2021-07-20 12:02:05 +00:00
Sandro
bf93d660cc
Merge pull request #130288 from ju1m/sanoid
nixos/sanoid: fix submodule aliases
2021-07-20 10:21:51 +02:00
github-actions[bot]
680d6a235f
Merge master into staging-next 2021-07-20 06:01:02 +00:00
embr
8e6c4f9a2e nixos/cri-o: Remove unnecessary lib. qualifiers
We're already using `with lib` here, so we can just say `mkOption`, etc.
2021-07-20 15:35:45 +10:00
embr
1cf78b53af nixos/cri-o: Add RFC42 'settings' option 2021-07-20 15:35:45 +10:00
github-actions[bot]
fcf9b87af0
Merge master into staging-next 2021-07-20 00:01:47 +00:00
Pierre Bourdon
cbe99c7fac nixos/agetty: allow overriding the login program 2021-07-19 16:02:46 -07:00
Bernardo Meurer
eb5076a68e
Merge pull request #130616 from zhaofengli/klipper-tweaks
nixos/klipper: Tweaks
2021-07-19 14:46:30 -07:00
Azure Zanculmarktum
88fbddc149 nixos/tests: add kbd-update-search-paths-patch 2021-07-20 03:30:59 +07:00
github-actions[bot]
c0cb54f9ee
Merge master into staging-next 2021-07-19 18:01:10 +00:00
Cole Helbling
88fb6d25d8 nixos/prometheus-buildkite-agent-exporter: init 2021-07-19 08:35:58 -07:00
Jörg Thalheim
58128d690d
Merge pull request #130633 from zimbatm/k3s-configPath
nixos/k3s: add configPath option
2021-07-19 15:22:50 +01:00
Ben Siraphob
d53846e29e
Merge pull request #130583 from jvanbruegge/isabelle2021
Isabelle: 2020 -> 2021
2021-07-19 20:56:48 +07:00