Commit Graph

22607 Commits

Author SHA1 Message Date
Jan Tojnar
0e989a5bd9 gnome.nautilus: 43.alpha → 43.beta
https://gitlab.gnome.org/GNOME/nautilus/-/compare/43.alpha...43.beta

Also change the environment variable name to prevent crashes when running in an old environment.

Changelog-Reviewed-By: Jan Tojnar <jtojnar@gmail.com>
2022-10-11 18:52:15 +02:00
Jan Tojnar
50c6895e77 gnome-browser-connector: 10.1 → 42.0
https://discourse.gnome.org/t/split-and-rename-of-chrome-gnome-shell/11075
815ec9e1af...v42.0

- Renamed and split into a separate repo from the extensions.
- CMake build replaced with Meson (jq also not needed)
- requests Python module not needed since updates are now solely handled by GNOME Shell itself

Also

- Corrected license
- Cleaned up the module
- Replaced PYTHONPATH in a wrapper by Python environment

Changelog-Reviewed-By: Jan Tojnar <jtojnar@gmail.com>
2022-10-11 18:52:12 +02:00
Martin Weinelt
cf7f4393f3
Merge pull request #193494 from NixOS/staging-next 2022-10-11 01:12:59 +02:00
Sandro
e7625f9130
Merge pull request #195418 from Baitinq/description_in_gitolite_module 2022-10-11 00:51:48 +02:00
Adam Joseph
4cdda329f0 nixos/modules/profiles/base.nix: omit zfs if unavailable
The `boot.zfs.enabled` option is marked `readOnly`, so this is the only way to
successfully build a NixOS installer image for platforms that zfs does not build
for.

Co-authored-by: Alyssa Ross <hi@alyssa.is>
2022-10-10 22:41:57 +00:00
Baitinq
01faaeb4bd
nixos/gitolite: add 'description' module option
This option allows for the customization of the description of the
created gitolite user.

An example of this being useful is for the integration of gitolite with
cgit, which itself uses the gitolite user's description as the author of
the git repo displayed in its generated site.
2022-10-10 23:14:46 +02:00
Martin Weinelt
294201004f Merge remote-tracking branch 'origin/master' into staging-next 2022-10-10 21:45:18 +02:00
Bernardo Meurer
6f004b7ed5
Merge pull request #195377 from ngkz/fork/ssh-askpass-wayland 2022-10-10 12:36:00 -03:00
Bernardo Meurer
499748bc04
Merge pull request #195003 from veehaitch/fix-github-runner-first-start 2022-10-10 12:35:24 -03:00
Kazutoshi Noguchi
67246fbffa nixos/ssh: pass WAYLAND_DISPLAY to ssh-askpass 2022-10-11 00:15:49 +09:00
Bernardo Meurer
ed22079db4
Merge pull request #195141 from zhaofengli/vbox-headless-wrappers 2022-10-10 11:45:40 -03:00
github-actions[bot]
265121ef54
Merge master into staging-next 2022-10-10 12:01:42 +00:00
Cabia Rangris
c9e1ec215b
Merge pull request #195324 from zhaofengli/fwupd-config-merging
nixos/fwupd: Fix configuration file merging
2022-10-10 14:11:53 +04:00
Zhaofeng Li
bbbda58c4e nixos/fwupd: Fix configuration file merging 2022-10-10 00:01:32 -06:00
github-actions[bot]
44f6a02f39
Merge master into staging-next 2022-10-09 18:01:35 +00:00
Sandro
f5802f496d
Merge pull request #187026 from azahi/endlessh-go 2022-10-09 16:50:02 +02:00
github-actions[bot]
8972888c55
Merge master into staging-next 2022-10-09 12:01:31 +00:00
Franz Pletz
8a86d9d4aa
Merge pull request #195190 from Ma27/coturn-replace-secret
nixos/coturn: refactor secret injection
2022-10-09 13:48:49 +02:00
Maximilian Bosch
4ece171482
Merge pull request #194738 from mayflower/pi-tokenjanitor
nixos/privacyidea: add proper support for `privacyidea-token-janitor`
2022-10-09 09:50:20 +02:00
Maximilian Bosch
4fd75277dd
nixos/coturn: refactor secret injection
The original implementation had a few issues:

* The secret was briefly leaked since it is part of the cmdline for
  `sed(1)` and on Linux `cmdline` is world-readable.
* If the secret would contain either a `,` or a `"` it would mess with
  the `sed(1)` expression itself unless you apply messy escape hacks.

To circumvent all of that, I decided to use `replace-secret` which
allows you to replace a string inside a file (in this case
`#static-auth-secret#`) with the contents of a file, i.e.
`cfg.static-auth-secret-file` without any of these issues.
2022-10-09 09:31:48 +02:00
talyz
fae653deb4 nixos/gitlab: Configure ActionCable
ActionCable is used to provide realtime updates in a few places,
mainly the issue sidebar.
2022-10-09 08:12:19 +02:00
talyz
9b3ff51c77 nixos/gitlab: Set a more appropriate type for extraConfig 2022-10-09 08:12:19 +02:00
talyz
58158100f7 nixos/gitlab: Make sure docker-registry starts after cert generation 2022-10-09 08:12:19 +02:00
talyz
8e8253ddb4 nixos/gitlab: Create registry state path 2022-10-09 08:12:19 +02:00
talyz
3dedfb3fa0 nixos/gitlab: Connect to redis through a unix socket by default
This gives us slightly higher security as you have to be in the gitlab
group to connect, and possibly a (very small) performance benefit as
well.
2022-10-09 08:12:19 +02:00
talyz
843082eb3a nixos/gitlab: Add findutils to runtime dependencies
Needed for the gitlab:cleanup:orphan_job_artifact_files rake task.
2022-10-09 08:12:19 +02:00
talyz
bee6e1dafa nixos/gitlab: Deduplicate runtime dependency listing 2022-10-09 08:12:19 +02:00
talyz
0211edd1ff nixos/gitlab: Add workhorse.config option 2022-10-09 08:12:19 +02:00
github-actions[bot]
130aa9ca68
Merge master into staging-next 2022-10-09 00:03:29 +00:00
Zhaofeng Li
6ed7e545ec nixos/virtualbox-host: Fix hardening with headless vbox
Fixes #157157.
2022-10-08 15:41:59 -06:00
Jörg Thalheim
b4bb571fa0 iwd: remove myself as maintainer 2022-10-08 16:50:37 +02:00
Vladimír Čunát
6565abc264
Merge branch 'master' into staging-next 2022-10-08 10:20:07 +02:00
Vincent Haupert
941c79b620 nixos/github-runner: fix bugs related to InaccessiblePaths=
This commit fixes two bugs:

1) When starting a github-runner for the very first time, the
   unconfigure script did not copy the `tokenFile` to the state
   directory. This case just was not handled so far. As a result, the
   runner could not configure. The unit did, however, fail even before
   as the state token file is configured as inaccessible for the service
   through `InaccessiblePaths=`. As the given path did not exist in the
   described case, setting up the unit's namespacing failed.

2) Similarly, the `tokenFile` is also marked as not accessible to the
   service user. There are, however, cases where other namespacing
   options make the files inaccessible even before `InaccessiblePaths=`
   kicks in; thus, they appear as non existing and cause the namespacing
   to fail yet again. Prefixing the entry with a `-` causes Systemd to
   ignore the entry if it cannot find it. This is the behavior we want.

I also took fixing those bugs as a chance to refactor the unconfigure
script to make it easier to follow.
2022-10-08 01:32:55 +02:00
Nick Cao
309ea5a1af nixos/udev: allow marking firmware as not compressible 2022-10-07 19:40:58 +00:00
Christian Kögler
aff16d8bc8
Merge pull request #190052 from JasonWoof/acme-example
nixos/doc: fix acme dns-01 example
2022-10-07 12:53:15 +02:00
Alexander Bantyev
99cc02fe98
Merge pull request #193694 from cab404/fwupd-remote-list
nixos.fwupd: add remote list option
2022-10-07 14:23:19 +04:00
Edward Tjörnhammar
a72e138b78 nixos/jfs: correct broken toplevel reference 2022-10-06 19:26:13 +00:00
github-actions[bot]
c5f0d725df
Merge master into staging-next 2022-10-06 18:03:10 +00:00
Lucas Savva
49c0fd7d60 nixos/acme: Disable lego renew sleeping
Lego has a built-in mechanism for sleeping for a random amount
of time before renewing a certificate. In our environment this
is not only unnecessary (as our systemd timer takes care of it)
but also unwanted since it slows down the execution of the
systemd service encompassing it, thus also slowing down the
start up of any services its depending on.

Also added FixedRandomDelay to the timer for more predictability.
2022-10-06 10:30:24 -04:00
Lucas Savva
657ecbca0e nixos/acme: Make account creds check more robust
Fixes #190493

Check if an actual key file exists. This does not
completely cover the work accountHash does to ensure
that a new account is registered when account
related options are changed.
2022-10-06 10:30:24 -04:00
Lucas Savva
39796cad46 nixos/acme: Fix cert renewal with built in webserver
Fixes #191794

Lego threw a permission denied error binding to port 80.
AmbientCapabilities with CAP_NET_BIND_SERVICE was required.
Also added a test for this.
2022-10-06 10:30:24 -04:00
pennae
3826e303c6 nixos/firefox-syncserver: remove extra add_header
syncstorage-rs sets this header starting with 0.12.3.
2022-10-06 14:48:53 +02:00
pennae
f97c9d60e4 nixos/firefox-syncserver: proxyPass singleNode to 127.0.0.1
syncstorage-rs does not listen on ::1 unless explicitly configured.
2022-10-06 14:48:53 +02:00
pennae
8dc30e9e98 nixos/firefox-syncserver: set default for oauth verifier threads
the 0.12.1 update introduced a static thread pool for verifying oauth
tokens. set a reasonable default for self-hosted setups (10 threads).
2022-10-06 14:48:53 +02:00
github-actions[bot]
8d6fbd7341
Merge master into staging-next 2022-10-06 12:01:31 +00:00
Maximilian Bosch
15914eba85
nixos/privacyidea: fix manual build 2022-10-06 13:50:31 +02:00
Maximilian Bosch
ecaf6aed02
nixos/privacyidea: add proper support for privacyidea-token-janitor
`privacyidea-token-janitor`[1] is a tool which helps to automate
maintenance of tokens. This is helpful to identify e.g. orphaned tokens,
i.e. tokens of users that were removed or tokens that were unused for a
longer period of time and apply actions to them (e.g. `disable` or
`delete`).

This patch adds two new things:

* A wrapper for `privacyidea-token-janitor` to make sure it's executable
  from CLI. To achieve this, it does a `sudo(8)` into the
  `privacyidea`-user and sets up the environment to make sure the
  configuration file can be found. With that, administrators can
  directly invoke it from the CLI without additional steps.

* An optional service is added which performs automatic cleanups of
  orphaned and/or unassigned tokens. Yes, the tool can do way more
  stuff, but I figured it's reasonable to have an automatic way to clean
  up tokens of users who were removed from the PI instance. Additional
  automation steps should probably be implemented in additional
  services (and are perhaps too custom to add them to this module).

[1] https://privacyidea.readthedocs.io/en/v3.7/workflows_and_tools/tools/index.html
2022-10-06 11:43:20 +02:00
Jörg Thalheim
988c9130e1
Merge pull request #193767 from winterqt/update-dendrite
dendrite: 0.9.9 -> 0.10.1
2022-10-06 09:28:32 +02:00
github-actions[bot]
863df54d13
Merge master into staging-next 2022-10-06 06:05:17 +00:00
Stanisław Pitucha
4a6979d310
Merge pull request #194603 from phiadaarr/jitsiVideobridge
jitsi-videobridge: fix link in docs
2022-10-06 12:19:43 +11:00