cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
291463 commits 1 branch 0 tags 3.7 GiB
Commit graph

17222 commits

Author SHA1 Message Date
Jan Tojnar
141e85cc69
Merge pull request #124056 from mkg20001/cinnamonlocale 
nixos/cinnamon: add cinnamon-translations to systemPackages
 2021-05-23 00:21:11 +02:00
Maciej Krüger
eca2b05354
nixos/cinnamon: add cinnamon-translations to systemPackages 
This allows other cinnamon applications to use the locales

Without this the cinnamon UI is not properly translated
 2021-05-22 23:59:33 +02:00
Maximilian Bosch
9cab80ce4d
Merge pull request #122203 from mohe2015/imperative-nixos-container-timeout 
nixos-containers: Increase startup timeout for imperative containers
 2021-05-22 23:04:12 +02:00
Maximilian Bosch
278bcdce1f
Merge pull request #123941 from mweinelt/matrix-synapse 
nixos/matrix-synapse: protect created files
 2021-05-22 22:20:16 +02:00
Martin Weinelt
79e675444c
nixos/matrix-synapse: protect created files 
Enforce UMask on the systemd unit to restrict the permissions of files
created. Especially the homeserver signing key should not be world
readable, and media is served through synapse itself, so no other user
needs access to these files.

Use a prestart chmod to fixup the permissions on the signing key.
 2021-05-22 20:30:49 +02:00
Sandro
7be85b5090
Merge pull request #104420 from danielfullmer/syncoid-perm-fix 2021-05-22 17:57:56 +02:00
Kira Bruneau
cd4780fab4
maintainers: rename metadark -> kira-bruneau (#124035) 2021-05-22 16:47:40 +02:00
Domen Kožar
fdd42cb68c
Merge pull request #123211 from mdevlamynck/pipewire-plasma-pa 
nixos/plasma5: also add plasma-pa when using pipewire with pulseaudio support
 2021-05-22 15:20:50 +02:00
sohalt
be01cb8b97 nixos/spacenavd: run as user service 2021-05-22 12:48:12 +02:00
Domen Kožar
3a28f72e7b
Merge pull request #123970 from kisik21/nix-fix-sandbox-paths 
nixos/nix-daemon: fix sandbox-paths option
 2021-05-22 12:05:11 +02:00
Vika
aeeee447bc
nixos/nix-daemon: fix sandbox-paths option 
In newer versions of Nix (at least on 2.4pre20201102_550e11f) the
`extra-` prefix for config options received a special meaning and the
option `extra-sandbox-paths` isn't recognized anymore. This commit fixes
it.

It doesn't cause a behavior change when using older versions of Nix but
does cause an extra newline to appear in the config, thus changing the
hash.
 2021-05-22 05:14:56 +00:00
Jonathan Ringer
ced04640c7 nixos/video: remove obsolete ati modules 2021-05-21 16:16:48 -07:00
Martin Weinelt
71fb79ee6b
Merge pull request #123828 from Lassulus/solanum2 
nixos/solanum: init
 2021-05-21 23:23:01 +02:00
Maximilian Bosch
a2379c69a4
Merge pull request #122833 from helsinki-systems/feat/prometheus-metric-relabel 
nixos/prometheus: Add support for metric relabeling
 2021-05-21 23:13:41 +02:00
lassulus
48c16e48aa nixos/solanum: init 2021-05-21 23:06:38 +02:00
Maximilian Bosch
5dbd28d754
Merge pull request #123009 from deviant/fix-mailman-doc-links 
nixos/mailman: fix documentation option links
 2021-05-21 22:00:47 +02:00
eyJhb
6000f420e8
nixos/znc: fixed chown not working after hardening (#123883) 2021-05-21 19:07:53 +02:00
Elis Hirwing
e9cca93bf9
Merge pull request #121778 from talyz/keycloak-security 
nixos/keycloak: Security fixes + misc
 2021-05-21 16:55:26 +02:00
Kerstin Humm
224df6940f nixos/mastodon: use rails command instead of rake 
Co-Authored-By: Izorkin <izorkin@elven.pw>
 2021-05-21 15:04:12 +02:00
ajs124
c455f3ccaf
Merge pull request #123084 from Yarny0/hylafax 
hylafaxplus & nixos/hylafax: small improvements
 2021-05-21 14:20:57 +02:00
talyz
ba00b0946e
nixos/keycloak: Split certificatePrivateKeyBundle into two options 
Instead of requiring the user to bundle the certificate and private
key into a single file, provide separate options for them. This is
more in line with most other modules.
 2021-05-21 13:09:38 +02:00
talyz
dbf91bc2f1
nixos/keycloak: keycloak.database* -> keycloak.database.* 
Move all database options to their own group / attribute. This makes
the configuration clearer and brings it in line with most other modern
modules.
 2021-05-21 13:09:32 +02:00
talyz
83e406e97a
nixos/keycloak: frontendUrl always needs to be suffixed with / 
In some places, Keycloak expects the frontendUrl to end with `/`, so
let's make sure it always does.
 2021-05-21 13:09:25 +02:00
talyz
58614f8416
nixos/keycloak: Add myself to maintainers 2021-05-21 13:09:19 +02:00
talyz
d748c86389
nixos/keycloak: Improve readablility by putting executables in PATH 2021-05-21 13:09:14 +02:00
talyz
8309368e4c
nixos/keycloak: Set umask before copying sensitive files 
`install` copies the files before setting their mode, so there could
be a breif window where the secrets are readable by other users
without a strict umask.
 2021-05-21 13:09:09 +02:00
talyz
c2bebf4ee2
nixos/keycloak: Improve bash error handling 2021-05-21 13:09:03 +02:00
talyz
d6727d28e1
nixos/keycloak: Set the postgresql database password securely 
Feeding `psql` the password on the command line leaks it through the
`psql` process' `/proc/<pid>/cmdline` file. Using `echo` to put the
command in a file and then feeding `psql` the file should work around
this, since `echo` is a bash builtin and thus shouldn't spawn a new
process.
 2021-05-21 13:08:53 +02:00
Thiago Kenji Okada
c96586d63f nixos/noisetorch: init 
NoiseTorch needs setcap set to 'cap_sys_resource=+ep' to work correctly
accordingly to the README.md:

https://github.com/lawl/NoiseTorch#download--install

So this PR adds it.
 2021-05-20 14:15:20 -07:00
legendofmiracles
af0a54285e nixos/terraria: open ports in the firewall 2021-05-20 12:11:08 -07:00
Guillaume Girol
0d5fa1cff3
Merge pull request #120622 from symphorien/duplicity-master 
nixos/duplicity: enable to prevent backup from growing infinitely
 2021-05-20 19:00:59 +00:00
Jonas Chevalier
30c021fa15
Merge pull request #123744 from hercules-ci/init-ghostunnel 
ghostunnel: init
 2021-05-20 20:58:41 +02:00
Emery Hemingway
520b4a8496 nixos: convert netatalk to settings-style configuration 
Also, set StateDirectory in systemd.….serviceConfig.
 2021-05-20 17:39:28 +02:00
Robert Hensing
dc9cb63de4 nixos/ghostunnel: init 2021-05-20 10:41:52 +02:00
Christoph Hrdinka
57acb6f9f7
Merge pull request #123598 from pschyska/master 
nixos/nsd: make nsd-checkconf work when configuration contains keys (#118140)
 2021-05-20 10:41:30 +02:00
Maximilian Bosch
3f3cec6d9e clickhouse: 20.11.4.13-stable -> 21.3.11.5-lts 
Failing Hydra build: https://hydra.nixos.org/build/143269865
ZHF #122042
 2021-05-19 14:08:46 -07:00
Gabriel Gonzalez
8e9d803bac
Fix description for services.kubernetes.addonManager.enable (#71448) 
`mkEnableOption` already prefixes the description with
"Whether to enable"
 2021-05-19 13:49:27 -07:00
Paul Schyska
69202853ea
nixos/nsd: make nsd-checkconf work when configuration contains keys 2021-05-19 18:21:10 +02:00
Martin Weinelt
446c97f96f
Merge pull request #123355 from Ma27/bump-matrix-synapse 2021-05-19 18:12:14 +02:00
Jan Tojnar
a858f1a90d
Merge pull request #123507 from jtojnar/no-flatpak-guipkgs 
nixos/flatpak: Remove `guiPackages` internal option
 2021-05-19 16:33:56 +02:00
Guillaume Girol
41c7fa448f nixos/duplicity: add options to exercise all possible verbs 
except restore ;)
 2021-05-19 12:00:00 +00:00
Michele Guerini Rocco
376eabdac3
Merge pull request #123254 from rnhmjoj/ipsec 
libreswan: 3.2 -> 4.4
 2021-05-19 13:36:04 +02:00
talyz
380b52c737
nixos/keycloak: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:28 +02:00
talyz
88b76d5ef9
nixos/mpd: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead.
 2021-05-19 09:32:22 +02:00
talyz
3a29b7bf5b
nixos/mpdscribble: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:17 +02:00
talyz
7842e89bfc
nixos/gitlab: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:12 +02:00
talyz
38398fade1
nixos/discourse: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:06 +02:00
Jörg Thalheim
5b4915fb7a
Merge pull request #110927 from Izorkin/fix-qemu-ga 
nixos/qemu-guest-agent: fix start service
 2021-05-19 05:42:06 +01:00
Aaron Andersen
58ddbfa71d
Merge pull request #118395 from jwygoda/grafana-google-oauth2 
grafana: add google oauth2 config
 2021-05-18 23:11:24 -04:00
Martin Weinelt
a8f71f069f
Merge pull request #123006 from mweinelt/postgresqlbackup-startat 
nixos/postgresqlBackup: allow defining multiple times to start at
 2021-05-19 01:54:38 +02:00