Commit Graph

21240 Commits

Author SHA1 Message Date
Jan Tojnar
d1b77f990f Merge branch 'staging-next' into staging
Conflicts:
	pkgs/applications/networking/browsers/firefox/common.nix between f6c5761935 and a373324120.
2022-05-15 07:08:29 +02:00
Aaron Andersen
82716bddb5
Merge pull request #170079 from bb2020/mbpfan
nixos/mbpfan: minor changes
2022-05-14 22:13:05 -04:00
Eelco Dolstra
5ce31ec2fd
nix-fallback-paths.nix: Update to 2.8.1 2022-05-14 15:19:14 +02:00
github-actions[bot]
3328bc9666
Merge master into staging-next 2022-05-14 00:02:10 +00:00
Aidan Gauland
59244e07f0
nixos/nextcloud: Add option for max-age HSTS directive
* Add an option services.nextcloud.nginx.hstsMaxAge for setting the max-age
  directive of the Strict-Transport-Security HTTP header.

* Make the Strict-Transport-Security HTTP header in the Nginx virtualhost block
  dependant upon the option services.nextcloud.https instead of
  services.nextcloud.nginx.recommendedHttpHeaders, as this header makes no sense
  when not using HTTPS.  (Closes #169465)
2022-05-14 09:04:45 +12:00
adisbladis
fb222e0086
Merge pull request #172820 from alyssais/compressed-firmware
Compressed firmware
2022-05-14 02:38:48 +08:00
github-actions[bot]
fe71877bbd
Merge staging-next into staging 2022-05-13 18:03:04 +00:00
github-actions[bot]
bcb22e9a7b
Merge master into staging-next 2022-05-13 18:01:23 +00:00
Martin Weinelt
3607d087ec
Merge pull request #112682 from hax404/upterm 2022-05-13 18:24:54 +02:00
Georg Haas
18ffb9690c
nixos/uptermd: init 2022-05-13 17:44:44 +02:00
Alyssa Ross
8aa8e0ce7f
nixos/udev: compress all firmware if supported
This should be a significant disk space saving for most NixOS
installations.  This method is a bit more complicated than doing it in
the postInstall for the firmware derivations, but this way it's
automatic, so each firmware package doesn't have to separately
implement its compression.

Currently, only xz compression is supported, but it's likely that
future versions of Linux will additionally support zstd, so I've
written the code in such a way that it would be very easy to implement
zstd compression for those kernels when they arrive, falling back to
xz for older (current) kernels.

I chose the highest possible level of compression (xz -9) because even
at this level, decompression time is negligible.  Here's how long it took
to decompress every firmware file my laptop uses:

	i915/kbl_dmc_ver1_04.bin                  	2ms
	regulatory.db                             	4ms
	regulatory.db.p7s                         	3ms
	iwlwifi-7265D-29.ucode                    	62ms
	9d71-GOOGLE-EVEMAX-0-tplg.bin             	22ms
	intel/dsp_fw_kbl.bin                      	65ms
	dsp_lib_dsm_core_spt_release.bin          	6ms
	intel/ibt-hw-37.8.10-fw-22.50.19.14.f.bseq	7ms

And since booting NixOS is a parallel process, it's unlikely (but
difficult to measure) that the time to user interaction was held up at
all by most of these.

Fixes (partially?) #148197
2022-05-13 14:36:34 +00:00
Jelle Besseling
0f69a517a4 nixos/mastodon: use redis.servers 2022-05-13 15:39:44 +02:00
Maximilian Bosch
4d0e1bfb3a
Merge pull request #172381 from mayflower/atlassian-service-restart
nixos/{jira,crowd,confluence}: restart service on failure
2022-05-13 14:10:30 +02:00
github-actions[bot]
814126147f
Merge staging-next into staging 2022-05-13 12:02:03 +00:00
github-actions[bot]
477cc9463d
Merge master into staging-next 2022-05-13 12:01:27 +00:00
Mario Rodas
9457a82e42
Merge pull request #171459 from ivan/postgresql-is-14
nixos/postgresql: use postgres 14 for 22.05
2022-05-13 06:44:25 -05:00
Artturi
a0ed85ef29
Merge pull request #165876 from tpwrules/slim-eltorito
iso-image: slim down UEFI El Torito image
2022-05-13 14:30:38 +03:00
Linus Heckemann
a7ee915179
Merge pull request #172378 from Mindavi/hydra-updates-3
Hydra updates 3
2022-05-13 12:55:53 +02:00
Max Hausch
2802e8f05c
nixos/hedgedoc: Set StateDirectory to workDir and uploadsPath
This is needed to make uploading files possible in the hedgedoc ui.
2022-05-13 10:27:51 +02:00
github-actions[bot]
97ea1401a7
Merge master into staging-next 2022-05-13 00:03:00 +00:00
Silvan Mosberger
486992aca7
Merge pull request #160752 from svrana/desktop-manager-script-start
desktop manager script: start properly
2022-05-12 20:49:13 +02:00
Silvan Mosberger
fd50826952
Merge pull request #104457 from ju1m/public-inbox
Update public-inbox to 1.8.0 and add systemd services
2022-05-12 20:46:39 +02:00
github-actions[bot]
6b23d26afc
Merge master into staging-next 2022-05-12 18:02:25 +00:00
Alyssa Ross
85d792a928
nixos: don't put non-firmware in hardware.firmware
These two packages don't have a lib/firmware directory, so putting
them in hardware.firmware has no effect.  This will become a hard
error once firmware compression is implemented.

(In the case of Linux, the firmware was all moved to linux-firmware.)
2022-05-12 15:17:51 +00:00
Daniel Poelzleithner
64878e3a67 automysqlbackp: fix missing permissions for mysqldump
automysqldump passes the --events flag, but without the EVENTS permission a error occures:
> mysqldump: Couldn't execute 'show events': Access denied for user 'automysqlbackup'@'localhost' to database 'mysql' (1044)
2022-05-12 13:17:14 +02:00
ners
49945f07cc installation-cd: add more guest tools to graphical installation base 2022-05-12 09:36:49 +02:00
Julien Moutinho
c646d375d3 nixos/public-inbox: support enabling confinement
Add support for enabling confinement
but does not enable it by default yet
because so far no module within NixOS uses confinement
hence that would set a precedent.
2022-05-12 01:56:46 +02:00
Julien Moutinho
0e290442ba nixos/public-inbox: add tests 2022-05-12 01:56:16 +02:00
Julien Moutinho
8514800c42 nixos/public-inbox: init 2022-05-12 01:56:15 +02:00
Jan Tojnar
5af93e6908 Merge branch 'staging-next' into staging 2022-05-12 01:24:26 +02:00
Artturi
c7b10b6df9
Merge pull request #172131 from euank/ena-2.7.1
ena: 2.5.0 -> 2.7.1 & nixos/amazon-image: default to 5.15 kernel
2022-05-12 01:38:24 +03:00
github-actions[bot]
7dbfbc2e90
Merge staging-next into staging 2022-05-11 18:10:52 +00:00
Thiago Kenji Okada
eb6c3e1591
Merge pull request #171101 from NickCao/dendrite-bump
dendrite: 0.8.1 -> 0.8.4
2022-05-11 14:27:50 +01:00
Nick Cao
82f0b53588
dendrite: 0.8.1 -> 0.8.4 2022-05-11 18:40:05 +08:00
github-actions[bot]
2d62d4f8e6
Merge staging-next into staging 2022-05-11 06:02:11 +00:00
Rick van Schijndel
3a7f7c1153 hydra-unstable -> hydra_unstable 2022-05-10 23:32:02 +02:00
Martin Weinelt
fa7ce6bc7f
nixos/openssh: Add sntrup761x25519-sha512 kexAlgo
Introduced in OpenSSH 9.0 it became the part of the default kexAlgorithm
selection, visibile in sshd_config(5).

It is also enabled by default in the OpenSSH client, as can be seen from

$ ssh -Q KexAlgorithms

Also clarifies that we use the referenced documents as the lower bound,
given that they haven't been updated for 5-7y.
2022-05-10 23:20:54 +02:00
Maximilian Bosch
6f9099fa62
nixos/{jira,crowd,confluence}: restart service on failure
In case of unexpected failures of the services - such as an OOM - it
shouldn't be necessary for an administrator to restart the service by
hand (which is usually sufficient). Instead, this should happen
automatically.

Also, I decided to increase the interval between restart attempts from
100ms[1] to 10s for a small grace period as suggested by several online
resources[2][3].

[1] See `systemd.service(5)`
[2] https://it.megocollector.com/linux/create-systemd-services-for-atlassian-apps/
[3] https://anteru.net/blog/2017/jira-confluence-with-systemd-on-centos/
2022-05-10 22:31:22 +02:00
Rick van Schijndel
f433d91bb3 anbox: drop kernel modules package
All builds are broken:
- 4.14
- 4.19
- 5.4

https://hydra.nixos.org/eval/1761072?filter=anbox&compare=1760998&full=#tabs-still-fail

Let's just drop it.

This leaves the anbox module possibly in a broken-ish state,
but I'm not sure what to do about it.
2022-05-10 21:15:48 +02:00
github-actions[bot]
3a79190750
Merge staging-next into staging 2022-05-10 18:01:50 +00:00
Lara
9cb388739f nixos/snipe-it: init
Snipe-IT is a free open source IT asset/license management system

https://snipeitapp.com/
2022-05-10 16:57:21 +02:00
bb2020
8bdcffc4fe nixos/mbpfan: minor changes 2022-05-10 15:40:17 +03:00
github-actions[bot]
27575e98ee
Merge staging-next into staging 2022-05-09 12:08:45 +00:00
Klemens Nanni
199933efdf nixos/mandoc: Leave shell argument quoting to nix
Manually crafting a quoted string that otherwise lacks any safe-guards
looks odd.

Use `escapeShellArg` instead before prepending the path.
2022-05-09 10:48:54 +02:00
Janne Heß
e6fb1e63d1
Merge pull request #171650 from helsinki-systems/feat/config-systemd-package
treewide: pkgs.systemd -> config.systemd.package
2022-05-09 10:23:04 +02:00
Euan Kemp
35cfe2c29c nixos/amazon-image: default to 5.15 kernel
Previously, it was held back due to the ENA driver not building on the
current default (5.15). The previous commit bumps the ENA driver, which
allows 5.15 to work.
2022-05-08 21:13:50 -07:00
github-actions[bot]
31938a3f5c
Merge staging-next into staging 2022-05-09 00:03:28 +00:00
github-actions[bot]
f39e774f11
Merge master into staging-next 2022-05-09 00:02:27 +00:00
Sandro
8803756fd3
Merge pull request #172072 from ivan/tinc-unbreak
nixos/tinc: unbreak the service
2022-05-09 01:27:12 +02:00
Sandro
b196dea22d
Merge pull request #172080 from wentasah/usbrelay-1.0
usbrelay: 0.9 -> 1.0
2022-05-09 01:02:08 +02:00
Niklaus Giger
1d82f62aef
UHK-agent: Support for Ultimate Hacking Keyboard udev-rules and configuration application (#132420)
* maintainers: add ngiger

* uhk-agent: init at 1.5.17

* Apply suggestions from code review

* Update pkgs/os-specific/linux/uhk-agent/default.nix

* Apply suggestions from code review

* Update pkgs/os-specific/linux/uhk-agent/default.nix

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-05-08 22:40:52 +02:00
Michal Sojka
26ec7081d6 nixos/usbrelayd: set myself as module maintainer
I forgot setting that when creating the module.
2022-05-08 21:44:50 +02:00
Michal Sojka
3effbca0bc usbrelay: 0.9 -> 1.0 2022-05-08 21:16:32 +02:00
ajs124
e4a1b1aacd
Merge pull request #171588 from mweinelt/tools-userpkgs
nixos/tools: move firefox into user packages
2022-05-08 19:02:47 +01:00
github-actions[bot]
6ab1fe48df
Merge staging-next into staging 2022-05-08 18:01:43 +00:00
github-actions[bot]
e92815729d
Merge master into staging-next 2022-05-08 18:01:10 +00:00
Ivan Kozik
9db1d1782b nixos/tinc: unbreak the service
The user is actually tinc.${network}, as Mic92 points out in
https://github.com/NixOS/nixpkgs/pull/171703#discussion_r867506032

Sorry, I broke this in https://github.com/NixOS/nixpkgs/pull/171703 earlier.

coreutils 9.1 chown does not complain in this case with a valid dotted user.
2022-05-08 16:04:20 +00:00
Sandro
befb337461
Merge pull request #169216 from Shawn8901/fix_prometheus_config_generation
nixos/prometheus: use pkgs.formats.json.generate to write config file
2022-05-08 15:09:09 +02:00
github-actions[bot]
c5da241985
Merge staging-next into staging 2022-05-08 12:01:39 +00:00
github-actions[bot]
eaaed3f1d2
Merge master into staging-next 2022-05-08 12:01:07 +00:00
Artturi
3c8e6248cb
Merge pull request #172040 from K900/fix-installer-eval
installation-cd-base: fix eval
2022-05-08 13:50:10 +03:00
Robert Schütz
2ddfd7e81b nixos/borgmatic: use pkgs.formats.yaml 2022-05-08 01:08:28 -07:00
K900
e994576b0d installation-cd-base: fix eval 2022-05-08 11:08:10 +03:00
github-actions[bot]
d2d66da45b
Merge staging-next into staging 2022-05-07 18:01:36 +00:00
github-actions[bot]
84277e82a5
Merge master into staging-next 2022-05-07 18:01:03 +00:00
Rick van Schijndel
17c252aab1
Merge pull request #153940 from tomfitzhenry/phosh-service
nixos/phosh: add Phosh, the Phone Shell
2022-05-07 17:56:44 +02:00
Artturi
1d09b16b0c
Merge pull request #171709 from avdv/fix-illum-segfault-and-restart
illum: Prevent segfault when unplugging keyboards
2022-05-07 17:40:52 +03:00
github-actions[bot]
00e5877c2f
Merge staging-next into staging 2022-05-07 00:02:47 +00:00
github-actions[bot]
fa99b3742a
Merge master into staging-next 2022-05-07 00:02:09 +00:00
Sandro
72565373a4
Merge pull request #170912 from Baughn/master 2022-05-07 01:14:08 +02:00
Maximilian Bosch
f0bb39d4b7
Merge pull request #167327 from lheckemann/networkd-usedhcp
nixos/networkd: reimplement useDHCP in a sensible way
2022-05-07 00:05:44 +02:00
Sandro
398cf5bf2d
Merge pull request #164698 from illustris/proxmox-lxc 2022-05-06 23:35:13 +02:00
Sandro
d21ebc62bf
Merge pull request #170851 from danderson/danderson/ts-warn-rpf
nixos/tailscale: warn if strict reverse path filtering is in use.
2022-05-06 23:21:50 +02:00
Svein Ove Aas
dcade93a25 factorio: Add loadLatestSave 2022-05-06 17:50:35 +01:00
Maximilian Bosch
f4e5bd8064
nixos/nixos-generate-config: update comment for useDHCP 2022-05-06 16:56:47 +02:00
github-actions[bot]
ad713fb84e
Merge staging-next into staging 2022-05-06 12:02:39 +00:00
github-actions[bot]
6e0aca3c43
Merge master into staging-next 2022-05-06 12:02:02 +00:00
Janne Heß
764d77f4c3
Merge pull request #124261 from helsinki-systems/feat/state-version-default-warn
nixos/version: Warn about using the default of system.stateVersion
2022-05-06 13:20:43 +02:00
Yureka
96aaf29234
Revert "Merge pull request #164398 from NinjaTrappeur/nin/pleroma-wrappers"
This reverts commit 05417a66e7, reversing
changes made to 53e4f8d237.
2022-05-06 12:38:28 +02:00
github-actions[bot]
4c4d0d6bc3
Merge staging-next into staging 2022-05-06 06:02:20 +00:00
github-actions[bot]
ff5c4d3404
Merge master into staging-next 2022-05-06 06:01:36 +00:00
Rick van Schijndel
32bebf42ea
Merge pull request #171703 from ivan/chown-colon
treewide: chown user:group instead of user.group to fix warnings from coreutils 9.1
2022-05-06 07:20:40 +02:00
David Anderson
3fdac0f981 nixos/tailscale: warn if strict reverse path filtering is in use.
Tailscale uses policy routing to enable certain traffic to bypass
routes that lead into the Tailscale mesh. NixOS's reverse path
filtering setup doesn't understand the policy routing at play,
and so incorrectly interprets some of this traffic as spoofed.

Since this only breaks some features of Tailscale, merely warn
users about it, rather than make it a hard error.

Updates tailscale/tailscale#4432

Signed-off-by: David Anderson <dave@natulte.net>
2022-05-05 18:28:48 -07:00
Sandro
b9e7f61c72
Merge pull request #171747 from danderson/danderson/tailscale-getent
nixos/tailscale: add glibc to PATH.
2022-05-06 03:10:00 +02:00
Sandro
e5e30371bc
Merge pull request #170210 from danderson/danderson/restart-tailscaled
nixos/tailscale: use systemctl restart during activation.
2022-05-06 03:09:01 +02:00
Colin Arnott
ecd8d42397
nextcloud24: init at 24.0.0
Added Nextcloud 23 and set it as the default Nextcloud version for the
NixOS module. Added PHP 8.1 as an option for phpPackage and default for
Nextcloud ≥ 24.
2022-05-06 00:37:39 +00:00
David Anderson
67b1fac192 nixos/tailscale: add glibc to PATH.
For some features, tailscaled uses getent(1) to get the shell
of OS users. getent(1) is in the glibc derivation. Without this
derivation in the path, tailscale falls back to /bin/sh for all
users.

Signed-off-by: David Anderson <dave@natulte.net>
2022-05-05 17:09:27 -07:00
github-actions[bot]
4cab9aed76
Merge staging-next into staging 2022-05-06 00:02:53 +00:00
github-actions[bot]
b962dee3e7
Merge master into staging-next 2022-05-06 00:02:16 +00:00
Bernardo Meurer
323fb482fb
Merge pull request #171634 from luochen1990/patch-2
Fix wg-quick:  always generate postUp issue.
2022-05-05 15:05:19 -07:00
Ivan Kozik
59a76614f3 treewide: chown user:group instead of user.group to fix warnings from coreutils 9.1 2022-05-05 22:05:18 +00:00
Ivan Kozik
f18cc2cf02 nixos/security/wrappers: chown user:group instead of user.group to fix warnings from coreutils 9.1
activating the configuration...
setting up /etc...
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.messagebus’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
chown: warning: '.' should be ':': ‘root.root’
reloading user units for root...
2022-05-05 22:05:18 +00:00
Robert Schütz
ccf42c7987 nixos/home-assistant: fix openFirewall 2022-05-05 15:04:46 -07:00
Bernardo Meurer
c4ad7519ef
Merge pull request #170136 from helsinki-systems/feat/systemd-stage-1-plymouth
nixos/plymouth: Add systemd stage 1 support
2022-05-05 14:49:26 -07:00
Martin Weinelt
e237f3e459
Merge pull request #171716 from piegamesde/heisenbridge-module 2022-05-05 23:30:09 +02:00
piegames
6b1dcbb1db nixos/heisenbridge: Fix stupid typo 2022-05-05 23:26:01 +02:00
Sandro
836c52e625
Merge pull request #167208 from devplayer0/fix/missing-systemd-nspawn-options
nixos/systemd/nspawn: Add missing nspawn unit options
2022-05-05 22:58:59 +02:00
Claudio Bley
fd3d1a834b illum: Restart service on failure
If there is a fatal error and illum exits, it should be safe to restart it.
2022-05-05 22:31:56 +02:00
github-actions[bot]
aba90d9366
Merge master into staging-next 2022-05-05 18:05:32 +00:00
Janne Heß
57cd07f3a9
treewide: pkgs.systemd -> config.systemd.package
This ensures there is only one systemd package when e.g. testing the
next systemd version.
2022-05-05 20:00:31 +02:00