sohalt
f1669775bc
nixos/headscale: do not run gin webframework in debug mode
2022-06-07 23:22:05 +02:00
sohalt
18c899d963
nixos/headscale: only set oidc secret if not null
2022-06-07 23:21:13 +02:00
Rick van Schijndel
3037752d1d
Merge pull request #175961 from helsinki-systems/rem/broken
...
remove some packages marked broken for over 1.5 years
2022-06-06 20:44:39 +02:00
Sebastien Bourdeauducq
6cecab9cd8
hydra: create runcommand-logs directory
2022-06-06 11:36:58 -07:00
Sandro
d8fad83d2c
Merge pull request #176133 from SuperSandro2000/asf-2
2022-06-06 14:34:44 +02:00
Emery Hemingway
2d012163f2
nixos/uhub: fix plugins, set CAP_NET_BIND_SERVICE
...
Fix generation of the plugins configuration and allow binding to
"privileged" ports.
2022-06-05 13:58:26 -05:00
Guillaume Girol
7548b71138
Merge pull request #171778 from zhaofengli/infnoise-0.3.2
...
infnoise: unstable-2019-08-12 -> 0.3.2, nixos/infnoise: init
2022-06-05 17:30:34 +00:00
Anders Kaseorg
b362ef4eff
pipewire: Never set an empty LD_LIBRARY_PATH
...
An empty LD_LIBRARY_PATH may confuse some applications into appending
:, creating an empty segment that insecurely refers to the current
directory, not the absence of directories.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-06-05 13:34:35 +02:00
Wout Mertens
949e1e5277
Merge pull request #176075 from NixOS/netdata-poststart
...
netdata: started when service can be pinged
2022-06-05 13:10:37 +02:00
pennae
4a9708930d
Merge pull request #176116 from pennae/unifi-remove-deprecated
...
nixos/unifi: change deprecated default for openFirewall
2022-06-04 20:52:34 +00:00
lom
0df7cba1b0
nixos/asf: ipcPasswordFile use nullOr
2022-06-04 12:00:45 -06:00
Sandro Jäckel
032f15e566
nixos/asf: add me as maintainer
2022-06-03 18:52:48 +02:00
Sandro Jäckel
d8cd684b62
nixos/asf: restart when self restarting
2022-06-03 18:52:47 +02:00
Sandro Jäckel
4de6a81193
nixos/asf: fix state directory permissions, for real
2022-06-03 18:52:47 +02:00
Sandro Jäckel
28379c3a51
Revert "nixos/asf: set restrictive home permissions"
...
This reverts commit 16f28933e7
2022-06-03 18:52:46 +02:00
Thiago Kenji Okada
44b5c8b6a7
Merge pull request #175965 from otavio/topic/nixos-restic
...
Add new restic options for NixOS module
2022-06-03 16:19:55 +01:00
Otavio Salvador
d9e3b1fafe
nixos/restic: add backup{Prepare,Cleanup}Command options
...
The backupPrepareCommand and backupCleanupCommand options offer a way to
run a script to prepare for backup and then cleanup it once finish.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-06-03 11:22:22 -03:00
Otavio Salvador
deae887c5a
nixos/restic: add new repositoryFile option
...
Allow providing the repository as a file, useful when we don't want it
being stored in the Git repository as plain text.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-06-03 11:21:37 -03:00
pennae
e21c4d67d5
nixos/unifi: change deprecated default for openFirewall
...
this was deprecated 6 months ago in unstable for removal in 22.11,
so now seems like a good point to change the default.
2022-06-03 15:59:41 +02:00
Sandro
c09782950f
Merge pull request #176030 from SuperSandro2000/asf
2022-06-03 12:12:23 +02:00
Sandro Jäckel
e438fad5e9
nixos/asf: format
2022-06-03 11:41:40 +02:00
Sandro Jäckel
17ec7e4401
nixos/asf: remove subdirectories from bot config
2022-06-03 11:41:38 +02:00
Sandro Jäckel
16f28933e7
nixos/asf: set restrictive home permissions
2022-06-03 11:41:37 +02:00
Sandro Jäckel
48b21f661c
nixos/asf: add ipcPasswordFile option, only delete bot configs when managed by nixos, make preStart clearer
2022-06-03 11:41:36 +02:00
Wout Mertens
7f025e2b34
netdata: started when service can be pinged
2022-06-03 10:45:27 +02:00
Otavio Salvador
082a4184ec
nixos/restic: reformat
...
Apply nixpkgs-fmt on file prior doing changes.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2022-06-02 16:48:43 -03:00
Rick van Schijndel
d93d4a5820
Merge pull request #175872 from uninsane/colinsane/phosh-phoc-scale
...
phosh: allow fractional scaling
2022-06-02 20:54:41 +02:00
Lassulus
8cea5e2fa1
Merge pull request #173664 from Izorkin/peertube-redis-server
...
nixos/peertube: use redis.servers
2022-06-02 20:26:29 +02:00
ajs124
5bb61d6a25
syslogng_incubator: remove after being marked broken for over 18 months
...
It was marked in commit 6d797c8462
2022-06-02 18:03:52 +02:00
colin
1d0649f929
phosh: restrict the scale config value to strictly positive values or null
2022-06-02 01:46:08 -07:00
colin
cabf369f83
phosh: allow fractional scaling
2022-06-01 15:44:12 -07:00
Bernardo Meurer
ffae8569b0
nixos/localtimed: hopefully fix geoclue
2022-06-01 13:20:16 -07:00
Martin Weinelt
5a188dfbca
Merge pull request #175729 from DeterminateSystems/jellyfin-fix
2022-06-01 17:19:49 +02:00
Linus Heckemann
7eab23d517
jellyfin: fix permissions on state directory
...
Previously, all configuration and state data was accessible to all
users on the system running jellyfin. This included user passwords in
the Jellyfin database, as well as credentials for LDAP if configured.
The exact set of accessible data depends on system configuration.
Thanks to Sofie Finnes Øvrelid for reporting this issue.
Fixes: CVE-2022-32198
Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
2022-06-01 12:31:23 +02:00
Aaron Andersen
18a07645e5
Merge pull request #174959 from MoritzBoehme/openconnect-auto-start
...
nixos/openconnect: add autoStart option
2022-05-31 23:05:25 -04:00
Martin Weinelt
02e44ee3be
Merge pull request #174804 from dotlambda/prometheus-dmarc-exporter-no-poetry2nix
2022-06-01 01:46:30 +02:00
Robert Schütz
aff15c41fc
dmarc-metrics-exporter: rename from prometheus-dmarc-exporter
...
Also stop using poetry2nix.
2022-05-31 23:25:18 +00:00
Sandro
8d8e031d25
Merge pull request #133771 from erdnaxe/libreddit_fix
...
nixos/libreddit: service hardening and test
2022-05-31 21:53:51 +02:00
Maximilian Bosch
185ee01e80
Merge pull request #173273 from kfollesdal/grafana-azuread
...
nixos/grafana: add new options to grafana module
2022-05-31 19:24:33 +02:00
markuskowa
412168b4ae
Merge pull request #175316 from markuskowa/upd-slurm
...
slurm: 21.08.8.2 -> 22.05.0.1
2022-05-30 21:18:28 +02:00
ajs124
30186896ee
nixos/nginx: fix SystemCallFilter for openresty
2022-05-30 11:58:28 +02:00
linj
37792e5766
nixos/dendrite: add an option loadCredential
...
systemd-247 provides a mechanism called LoadCredential for secrets and
it is better than environment file. See the section of Environment=
in the manual of systemd.exec for more information.
Some options in config.yaml need values to be strings, which currently
can be used with environmentFile but not loadCredential. But it's
possible to use loadCredential for those options, e.g. we can
substitute their values in ExecStart, but not in ExecStartPre due to
[1].
[1]: https://github.com/systemd/systemd/issues/19604
2022-05-29 13:34:14 -07:00
Markus Kowalewski
b6020f42a5
nixos/slurm: update systemd service for slurmd
...
Adjust according to upstream recommendation
2022-05-29 17:17:01 +02:00
Jörg Thalheim
d32a2bf207
nixos/mimir: also expose mimirtool to users
2022-05-29 03:49:17 -04:00
Jörg Thalheim
6497902407
nixos/mimir: set workingdirectory
...
Mimir writes files relatative to its working directory.
With this option less files have to be configured.
2022-05-29 03:49:17 -04:00
Aleksandar Topuzović
fd86efb8c2
nixos/nextcloud: Fix broken config file
2022-05-28 19:14:12 +01:00
Zhaofeng Li
6c4bfe583c
nixos/infnoise: init
2022-05-27 15:18:43 -07:00
Moritz Böhme
106bfcaf8a
nixos/openconnect: add autoStart option
2022-05-27 17:41:03 +02:00
Sandro
23ec1c06c0
Merge pull request #173126 from NULLx76/update-hedgedoc-module
...
nixos/hedgedoc: fix and add config options
2022-05-27 16:03:22 +02:00
Maximilian Bosch
57a8966d03
Merge pull request #171227 from aidalgol/nextcloud-setup-script-fix
...
nixos/nextcloud: Fix broken error suppression in setup script
2022-05-27 13:23:10 +02:00
