Commit Graph

19520 Commits

Author SHA1 Message Date
Jules Aguillon
df590070b0 types.singleLineStr: strings that don't contain '\n'
Add a new type, inheriting 'types.str' but checking whether the value
doesn't contain any newline characters.

The motivation comes from a problem with the
'users.users.${u}.openssh.authorizedKeys' option.
It is easy to unintentionally insert a newline character at the end of a
string, or even in the middle, for example:

    restricted_ssh_keys = command: keys:
      let
        prefix = ''
          command="${command}",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding
        '';
      in map (key: "${prefix} ${key}") keys;

The 'prefix' string ends with a newline, which ends up in the middle of
a key entry after a few manipulations.

This is problematic because the key file is built by concatenating all
the keys with 'concatStringsSep "\n"', with result in two entries for
the faulty key:

    ''
      command="...",options...
      MY_KEY
    ''

This is hard to debug and might be dangerous. This is now caught at
build time.
2022-01-18 22:06:34 +01:00
Robert Hensing
265fe132e6
Merge pull request #153620 from pennae/fix-installer-tests
nixos-install: copy channels before system eval
2022-01-06 11:34:55 +01:00
Martin Weinelt
9b708d814b
Merge pull request #153625 from Mic92/tinc 2022-01-06 00:42:57 +01:00
Jörg Thalheim
989238ec03
Merge pull request #153426 from 4z3/systemwide-pipewire
nixos/pipewire: add systemWide option
2022-01-05 21:33:07 +00:00
José Romildo Malaquias
75e9b9b058
Merge pull request #153472 from romildo/upd.ecrire
enlightenment.ecrire: init at 0.2.0
2022-01-05 16:00:50 -03:00
Wael Nasreddine
1a4a216bf5
onlykey: set the group correctly in the udev rule (#153618) 2022-01-05 10:29:37 -08:00
Jörg Thalheim
db2953eb19 nixos/tinc: add mic92 maintainer 2022-01-05 19:29:01 +01:00
pennae
3ad8f52de0 nixos-install: copy channels before system eval
since fc614c37c6 nixos needs access to its
own path (<nixpkgs/nixos>) to evaluate a system with documentation.
since documentation is enabled by default almost all systems need such
access, including the installer tests. nixos-install however does not
ensure that a channel exists in the target store before evaluating the
system in that store, which can lead to `path is not valid` errors.
2022-01-05 18:38:49 +01:00
kraem
893ffee286
Revert "nixos/documentation: avoid copying nixpkgs subpaths"
builtins.storePath is not allowed in pure evaluation mode

This reverts commit 1511e72b75.
2022-01-05 12:36:54 +01:00
Aaron Andersen
6b1102d94b
Merge pull request #152029 from CRTified/adguard-settings
nixos/adguardhome: Add settings option
2022-01-04 19:19:18 -05:00
Robert Hensing
70d27303da
Merge pull request #149532 from pennae/split-docs-build
nixos/*: split docs build
2022-01-04 22:33:23 +01:00
Jan Tojnar
dafaecb3b9 nixos/gvfs: fix libmtp udev package path for realz
bin is the primary output so the previous attempt at fixing this
(2d7fc66c79)
was a no-op.
2022-01-04 19:22:05 +01:00
tv
7678a5848c nixos/pipewire: add systemWide option 2022-01-04 16:07:07 +01:00
José Romildo
676ffe1f39 nixos/enlightenment: add ecrire to system packages 2022-01-04 09:52:56 -03:00
Jörg Thalheim
0432195a4b
Merge pull request #153314 from Mic92/prometheus
prometheus: add authorization section
2022-01-04 08:34:51 +00:00
Aaron Andersen
3440425750
Merge pull request #152455 from erdnaxe/minecraft_hardening
nixos/minecraft-server: systemd unit hardening
2022-01-03 12:24:05 -05:00
Aaron Andersen
bf607abf73
Merge pull request #152223 from ju1m/logrotate
nixos/logrotate: enable multiple paths per entry
2022-01-03 12:11:12 -05:00
piegames
ae040631c9
Merge pull request #142758: Add Heisenbridge module 2022-01-03 18:05:55 +01:00
piegames
4d69ad4b1f nixos/heisenbridge: Init 2022-01-03 15:40:40 +01:00
Philipp
3d47865f7f nixos/matrix-conduit: init 2022-01-03 15:36:56 +01:00
Jörg Thalheim
fd0a6311a7 prometheus: add authorization section 2022-01-03 12:04:08 +01:00
Robert Schütz
c020d0af17
Merge pull request #153151 from mweinelt/python2-removals
Remove applications that depend on python2Packages
2022-01-03 09:43:43 +00:00
Aneesh Agrawal
8729e8e261 nixos/restic-rest-server: Autocreate empty .htpasswd if needed for service boot
When `privateRepos = true`, the service will not start if the `.htpasswd` does not exist.
Use `systemd-tmpfiles` to autocreate an (empty) file to ensure the service can boot
before actual `htpasswd` contents are registered.

This is safe as restic-rest-server will deny all entry if the file is empty.
2022-01-02 21:13:07 -05:00
Naïm Favier
ec150abd1a
Revert "nixos/nginx: disable rejectSSL activation when https is disabled"
This reverts commit 2f66ac01e9.
2022-01-02 21:01:29 +01:00
pennae
1511e72b75 nixos/documentation: avoid copying nixpkgs subpaths
the docs build should work well even when called from a git checkout of
nixpkgs, but should avoid as much work as possible in all cases.
if pkgs.path is already a store path we can avoid copying parts of it
into the docs build sandbox by wrapping pkgs.path in builtins.storePath
2022-01-02 19:46:13 +01:00
pennae
50954ad1c5 nixos/make-options-doc: treat missing descriptions as errors by default
this partially solves the problem of "missing description" warnings of the
options doc build being lost by nix build, at the cost of failing builds that
previously ran. an option to disable this behaviour is provided.
2022-01-02 19:46:13 +01:00
pennae
1301bdb185 nixos/make-options-doc: turn relatedPackages into links
link to search.nixos.org instead of pulling package metadata out of pkgs. this
lets us cache docs of a few more modules and provides easier access to package
info from the HTML manual, but makes the manpage slightly less useful since
package description are no longer rendered.
2022-01-02 19:46:13 +01:00
pennae
fc614c37c6 nixos/documentation: split options doc build
most modules can be evaluated for their documentation in a very
restricted environment that doesn't include all of nixpkgs. this
evaluation can then be cached and reused for subsequent builds, merging
only documentation that has changed into the cached set. since nixos
ships with a large number of modules of which only a few are used in any
given config this can save evaluation a huge percentage of nixos
options available in any given config.

in tests of this caching, despite having to copy most of nixos/, saves
about 80% of the time needed to build the system manual, or about two
second on the machine used for testing. build time for a full system
config shrank from 9.4s to 7.4s, while turning documentation off
entirely shortened the build to 7.1s.
2022-01-02 19:46:13 +01:00
Aaron Andersen
1b4bdf523a
Merge pull request #146795 from Madouura/dev/tetrd
tetrd: init at 1.0.4
2022-01-02 11:53:03 -05:00
Sandro
46056f6c36
Merge pull request #122460 from ju1m/croc 2022-01-02 15:56:58 +01:00
Martin Weinelt
15f577daaa
couchpotato, nixos/couchpotato: remove
Using python2 and abadoned upstream in 2020, last release in 2015.
2022-01-02 13:38:11 +01:00
Renaud
0f47e95588
Merge pull request #153036 from aidalgol/firejail.wrappedBinaries-clarification
firejail: clarify wrappedBinaries option description
2022-01-02 11:06:17 +01:00
Bobby Rong
b38cf64f82
Merge pull request #152140 from yesbox/i2pd
nixos/i2pd: add module package option
2022-01-02 09:00:35 +08:00
Martin Weinelt
b8149a7f04
Merge pull request #152907 from dotlambda/python2-remove 2022-01-02 01:33:57 +01:00
Madoura
e16074e889
nixos/tetrd: init 2022-01-01 17:43:37 -06:00
Jesper Geertsen Jonsson
9268da6b04 nixos/i2pd: add module package option 2022-01-01 23:16:40 +01:00
Aaron Andersen
34c283deda
Merge pull request #150846 from onny/maddy
nixos/maddy: Better description, user and group handling
2022-01-01 15:05:42 -05:00
Guillaume Girol
fdc3784828
Merge pull request #148637 from hexagonal-sun/network/gre-tap-tun
nixos/network: add gre virtual interfaces
2022-01-01 17:04:29 +00:00
José Romildo
a31ae59bb2 lumina.lumina: lumina-checkpass is postponned by upstream 2022-01-01 10:12:31 -03:00
Aidan Gauland
82dd41e74d firejail: clarify wrappedBinaries option description
I had trouble getting programs.firejail.wrappedBinaries to have any effect on my
system (#152852), because I did not realise that "put[ting] the actual
application binary in the global environment" included adding the program
package to environment.systemPackages, and I thought that the package must be
present for this option to take effect.  I have added a clarifying parenthetical
statement explicitly mentioning environment.systemPackages in this caveat.
2022-01-01 18:13:21 +13:00
Morgan Jones
38ee2de29d nixos/mattermost: update service for 6.0+ 2021-12-31 23:49:00 -05:00
Morgan Jones
c37cb3b243 nixos/mattermost: silence startup warnings from chmod/chown; improve API 2021-12-31 23:49:00 -05:00
Morgan Jones
7cf6855c7f nixos/mattermost: Simplify plugin derivation build, improve startup perf 2021-12-31 23:49:00 -05:00
Morgan Jones
73fc80e0d7 nixos/mattermost: Support declarative Mattermost plugins 2021-12-31 23:49:00 -05:00
Morgan Jones
174b340406 nixos/mattermost: add preferNixConfig option and tests
One use case for Mattermost configuration is doing a "mostly
mutable" configuration where NixOS module options take priority
over Mattermost's config JSON.

Add a preferNixConfig option that prefers configured Nix options
over what's configured in Mattermost config if mutableConfig is set.

Remove the reliance on readFile (it's flake incompatible) and use
jq instead.

Merge Mattermost configs together on Mattermost startup, depending
on configured module options.

Write tests for mutable, mostly mutable, and immutable configurations.
2021-12-31 23:49:00 -05:00
Martin Weinelt
5ecf13007d
nixos/mwlib: remove
Built upon python2 only dependencies that were marked broken since 2019.
2022-01-01 02:09:11 +01:00
Robert Schütz
f8b4cf08fe
syncserver, nixos/syncserver: remove
They have been broken for multiple releases.
2022-01-01 02:09:10 +01:00
Robert Schütz
a859ef91f0
trac, nixos/trac: remove
They have been broken for multiple releases.
2022-01-01 02:09:09 +01:00
Martin Weinelt
5dd90167ce nixos/moinmoin, nixos/tests/moinmoin, python2Packages.moinmoin: remove
Stuck on python2 and the NixOS test has been failing for 6 months.
2021-12-31 16:39:24 -08:00
Michele Guerini Rocco
59bfda7248
Merge pull request #152594 from ju1m/apparmor
security/wrappers: remove C compiler from the nixos/security.wrappers…
2021-12-31 15:09:52 +01:00