Commit graph

13633 commits

Author SHA1 Message Date
bb010g
34dd64b0cc nixos/documentation: Allow specifying extraSources
Because there was absolutely no way of setting this without rewriting
parts of the module otherwise.
2020-03-20 19:05:32 -07:00
Aaron Andersen
3474b55614 nixos/mysql: fix service so it works with mysql80 package 2020-03-20 20:54:17 -04:00
volth
4d57e56b71
$toplevel/system: use kernel's architecture
`$toplevel/system` of a system closure with `x86_64` kernel and `i686` userland should contain "x86_64-linux".

If `$toplevel/system` contains "i686-linux", the closure will be run using `qemu-system-i386`, which is able to run `x86_64` kernel on most Intel CPU, but fails on AMD.

So this fix is for a rare case of `x86_64` kernel + `i686` userland + AMD CPU
2020-03-20 16:55:44 +00:00
Darius Jahandarie
5fa345922f nixos/supplicant: Don't *stop* supplicant on machine resume. Fixes #51582 2020-03-20 11:08:34 -04:00
Eelco Dolstra
a0a61c3e34 nixos-option: Disable on Nix >= 2.4 because it doesn't compile
This is needed when using the overlay from the Nix flake.
2020-03-20 14:52:22 +01:00
Jesper Geertsen Jonsson
02c2c864d1 resilio: fix a list being assigned to the option config.users.groups 2020-03-19 11:25:56 -05:00
Florian Klink
4e53f84c79 nixos/zerotierone: switch from manually generating the .link file to use the module
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.

With our module fixed, there's no need to manually manage the text file
anymore.

This was originally applied in 3d1079a20d,
but was reverted due to 1115959a8d causing
evaluation errors on hydra.
2020-03-19 14:16:26 +01:00
Florian Klink
355c58e485 nixos/networkd: respect systemd.network.links also with disabled systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.

This was originally applied in 36ef112a47,
but was reverted due to 1115959a8d causing
evaluation errors on hydra.
2020-03-19 14:15:32 +01:00
Izorkin
c75398b10a nixos/fail2ban: disable work fail2ban without firewall 2020-03-18 09:54:19 +03:00
Martin Baillie
6e055c9f4a tailscale: init at 0.96-33
Signed-off-by: Martin Baillie <martin@baillie.email>
2020-03-18 05:07:47 +00:00
Niklas Hambüchen
9d45737ae7
Merge pull request #82767 from thefloweringash/rpfilter-assertion-types
nixos/firewall: fix types in reverse path assertion
2020-03-18 04:11:01 +01:00
Andrew Childs
e110f5ecc1 nixos/firewall: fix types in reverse path assertion
Broken by 0f973e273c284a97a8dffeab7d9c0b09a88b7139 in #73533

The type of the checkReversePath option allows "strict" and "loose" as
well as boolean values.
2020-03-18 10:54:55 +09:00
Antoine Eiche
39621bb8de nixos/alertmanager: start after the network-online target
If the host network stack is slow to start, the alertmanager fails to
start with this error message:

    caller=main.go:256 msg="unable to initialize gossip mesh" err="create memberlist: Failed to get final advertise address: No private IP address found, and explicit IP not provided"

This bug can be reproduced by shutting down the network stack and
restarting the alertmanager.

Note I don't know why I didn't hit this issue with previous
alertmanager releases.
2020-03-17 22:18:20 +01:00
goibhniu
5241e5a193
Merge pull request #79851 from mmilata/supybot-enhancements
nixos/supybot: switch to python3, enable systemd sandboxing, add option for installing plugins
2020-03-17 19:07:41 +00:00
davidak
c7e4c3b5a3 nixos/phpfpm: add example to socket 2020-03-17 15:34:43 +01:00
Léo Gaspard
a0307bad46
Merge pull request #79120 from symphorien/iodine
Iodine: ipv6 support, updates, hardening, nixos test....
2020-03-16 23:42:12 +01:00
Matthew Bauer
67b0ddf3f3 Merge remote-tracking branch 'origin/staging' into mb-cross-fixes-march-2020 2020-03-16 14:34:03 -04:00
Danylo Hlynskyi
fab05f17d1
Merge pull request #80114 from rnhmjoj/initrd
nixos/boot: add option to disable initrd
2020-03-16 20:04:24 +02:00
danbst
a723672c20 doc/postgresql: apply xmlformat 2020-03-16 19:30:23 +02:00
danbst
759fd9b0b0 nixos/postgresql: add upgrade documentation 2020-03-16 19:30:23 +02:00
Maximilian Bosch
a2e06fc342
Merge pull request #80447 from Ma27/bump-matrix-synapse
matrix-synapse: 1.9.1 -> 1.11.1
2020-03-16 10:55:38 +01:00
Maximilian Bosch
849e16888f
nixos/doc/matrix-synapse: refactor
* Linkify all service options used in the code-examples.
* Demonstrated the use of `riot-web.override {}`.
* Moved the example how to configure a postgresql-database for
  `matrix-synapse` to this document from the 20.03 release-notes.
2020-03-16 10:39:42 +01:00
Pierre Bourdon
b8ef2285b5 nixos/stubby: set Type=notify on the systemd service
Fixes some dependency ordering problems at boot time with services that
require DNS. Without Type=notify these services might be started before
stubby was ready to accept DNS requests.
2020-03-16 10:10:45 +05:30
Maximilian Bosch
8be61f7a36
matrix-synapse: 1.9.1 -> 1.11.1
https://github.com/matrix-org/synapse/releases/tag/v1.10.0
https://github.com/matrix-org/synapse/releases/tag/v1.10.1
https://github.com/matrix-org/synapse/releases/tag/v1.11.0
https://github.com/matrix-org/synapse/releases/tag/v1.11.1
2020-03-15 17:09:51 +01:00
Silvan Mosberger
7c3f3e9c51
Merge pull request #72029 from lschuermann/tpm2-module
nixos/tpm2: init
2020-03-15 15:47:06 +01:00
Silvan Mosberger
779b7ff3d8
Merge pull request #80931 from LEXUGE/master
smartdns: init at 30
2020-03-15 15:36:05 +01:00
Leon Schuermann
156b879c2e nixos/tpm2: init
This commit adds udev rules, the userspace resource manager and
PKCS#11 module support.
2020-03-15 12:16:32 +01:00
volth
687aa06c70 nixos/scripted-networking: fix bridge setup when libvirtd uses socket activation 2020-03-15 11:29:14 +07:00
volth
d8664c78b1 libvirt: 6.0.0 -> 6.1.0, fix module 2020-03-15 11:29:04 +07:00
adisbladis
c00777042f
Merge pull request #82620 from aanderse/ssh-silent
nixos/ssh: silence ssh-keygen during configuration validation
2020-03-15 01:21:38 +00:00
Harry Ying
629d3bab18
nixos/smartdns: init first generation config 2020-03-15 08:53:20 +08:00
Aaron Andersen
f383fa344e nixos/sshd: only include AuthorizedKeysCommand and AuthorizedKeysCommandUser options if explicitly set 2020-03-14 19:50:11 -04:00
Aaron Andersen
f5951f520c nixos/ssh: silence ssh-keygen during configuration validation 2020-03-14 19:37:30 -04:00
Florian Klink
74f451b851
Merge pull request #82413 from aanderse/authorized-keys-command
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-14 23:58:47 +01:00
zimbatm
001be890f7 folding@home: 6.02 -> 7.5.1
The v7 series is very different.

This commit introduces the 3 packages: fahclient, fahcontrol and
fahviewer. It also rebuilds the NixOS module to map better with the new
client.
2020-03-14 13:01:26 -07:00
Jörg Thalheim
4a8a014be4
Merge pull request #82468 from Mic92/kvmgt
nixos/kvmgt: udev rules + fix module initialisation
2020-03-14 07:17:28 +00:00
Andrew Childs
01f03f30db nixos/prometheus: add checkConfig
Workaround for https://github.com/prometheus/prometheus/issues/5222
2020-03-14 04:40:55 +00:00
Andrew Childs
2c121f4215 nixos/firewall: fix inverted assertion for reverse path filtering
Previously the assertion passed if the kernel had support OR the
filter was *enabled*. In the case of a kernel without support, the
`checkReversePath` option defaulted to false, and then failed the
assertion.
2020-03-14 04:32:07 +00:00
Joachim Fasting
1b575dbd79 nixos/firejail: use local runCommand
Also:

- use `runtimeShell`; and
- remove unused `makeWrapper` input; and
- `exec()` to shed wrapping shell
2020-03-14 03:09:48 +00:00
Mario Rodas
ee599f376c
Merge pull request #71329 from tilpner/cadvisor-no-docker
nixos/cadvisor: don't enable docker
2020-03-13 20:35:46 -05:00
Vladimír Čunát
0729b8c55e
Revert Merge #82310: nixos/systemd: apply .link
...even when networkd is disabled

This reverts commit ce78f3ac70, reversing
changes made to dc34da0755.

I'm sorry; Hydra has been unable to evaluate, always returning
> error: unexpected EOF reading a line
and I've been unable to reproduce the problem locally.  Bisecting
pointed to this merge, but I still can't see what exactly was wrong.
2020-03-13 22:05:33 +01:00
Michele Guerini Rocco
7b15d6cee4
Merge pull request #81241 from thefloweringash/nesting-system
nixos/activation: propagate system to nested configurations
2020-03-13 09:58:10 +01:00
Jörg Thalheim
505d241ee3
nixos/kvmgt: add udev rules for unprivileged access 2020-03-13 07:04:26 +00:00
Jörg Thalheim
85aae79ca1
nixos/kvmgt: fix driver option
extraModprobeConfig could be applied too late i.e. if the driver has been
loaded in initrd, while the harddrive is still encrypted.
Using a kernelParams works in all cases however.
2020-03-13 07:03:45 +00:00
snicket2100
65abd808d5 firejail: system package on programs.firejail.enable
this way the man page etc. becomes available if we enable firejail with
`programs.firejail.enable = true`
2020-03-13 03:28:08 +00:00
Aaron Andersen
dbe59eca84 nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options 2020-03-12 21:00:12 -04:00
Florian Klink
ce78f3ac70
Merge pull request #82310 from flokli/systemd-network-link-no-networkd
nixos/systemd: apply .link even when networkd is disabled
2020-03-12 15:47:59 -07:00
Léo Gaspard
693d834c37
Merge pull request #76739 from symphorien/mail_plugins
nixos/dovecot: add an option to enable mail_plugins
2020-03-12 22:44:23 +01:00
Léo Gaspard
26b1ef1506
Merge pull request #80141 from symphorien/scrub
nixos/btrfs: make autoScrub not prevent shutdown or suspend
2020-03-12 22:39:34 +01:00
Markus Kowalewski
2c7f8d56dc
nixos/rxe: use iproute instead of rdma-core
The rdma-core packages dropped rxe_cfg in favour
of iproute's rdma utility (see https://github.com/linux-rdma/rdma-core/pull/678/files)
2020-03-12 22:32:44 +01:00
adisbladis
f3adcbd150
Merge pull request #82411 from adisbladis/ntpd-extraconfig
services.ntpd: Add extraConfig parameter
2020-03-12 16:37:25 +00:00
Silvan Mosberger
8f2109cda4
Merge pull request #81945 from Infinisil/hostFiles
Introduce `networking.hostFiles` option
2020-03-12 15:56:30 +01:00
adisbladis
63c35a9c28
services.ntpd: Add extraConfig parameter 2020-03-12 14:44:59 +00:00
Léo Gaspard
06bdfc5e32
Merge pull request #82185 from matt-snider/master
ankisyncd, nixos/ankisyncd: init at 2.1.0
2020-03-12 11:47:42 +01:00
lewo
cbb21b2a8a
Merge pull request #81214 from buckley310/updateDelay
NixOS/auto-upgrade: Add optional randomized delay
2020-03-12 09:06:32 +01:00
Graham Christensen
10f625b3d2
Merge pull request #81402 from mmilata/firejail-example
nixos/firejail: add example for wrappedBinaries
2020-03-11 20:28:35 -04:00
Jörg Thalheim
154f9e1bd9
Merge pull request #82340 from nyanloutre/vsftpd_pam_fix
nixos/vsftpd: fix missing default pam_service_name
2020-03-11 22:29:43 +00:00
Jörg Thalheim
9aa23e31b3
Merge pull request #80904 from talyz/haproxy-fixes
nixos/haproxy: Revive the haproxy user and group
2020-03-11 22:23:13 +00:00
Maximilian Bosch
b7cdb64ac2
treewide: remove myself from a few packages I don't use anymore 2020-03-11 22:29:30 +01:00
nyanloutre
7ab00c48d8
nixos/vsftpd: fix missing default pam_service_name
9458ec4 removed the ftp pam service which was used by default by vsftpd
2020-03-11 21:15:47 +01:00
Maximilian Bosch
f073b74c13
nixos/captive-browser: set chromium's data-dir to a XDG-compliant location
To quote the XDG specification:

     There is a single base directory relative to which user-specific
     data files should be written. This directory is defined by the\
     environment variable $XDG_DATA_HOME.

Rather than adding another directory to $HOME, I think that it's better
to follow this standard to avoid a cluttered home-dir.
2020-03-11 20:17:46 +01:00
talyz
bb7ad853fb nixos/haproxy: Revive the haproxy user and group
Running haproxy with "DynamicUser = true" doesn't really work, since
it prohibits specifying a TLS certificate bundle with limited
permissions. This revives the haproxy user and group, but makes them
dynamically allocated by NixOS, rather than statically allocated. It
also adds options to specify which user and group haproxy runs as.
2020-03-11 19:52:37 +01:00
Silvan Mosberger
fc2b132c94
Merge pull request #82326 from mmilata/rename-fix-module-path
nixos: fix module paths in rename.nix
2020-03-11 19:35:40 +01:00
Martin Milata
d08ede042b nixos: fix module paths in rename.nix 2020-03-11 15:59:22 +01:00
Florian Klink
3d1079a20d nixos/zerotierone: switch from manually generating the .link file to use the module
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.

With our module fixed, there's no need to manually manage the text file
anymore.
2020-03-11 10:21:37 +01:00
Florian Klink
36ef112a47 nixos/networkd: respect systemd.network.links also with disabled systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.
2020-03-11 10:21:37 +01:00
Edward Tjörnhammar
b155a62dad nixos/lightdm-tiny-greeter: init module 2020-03-11 08:12:35 +00:00
Jan Tojnar
6bba9428d9
Merge pull request #81431 from jtojnar/malcontent-0.6
malcontent: 0.4.0 → 0.6.0
2020-03-11 04:08:59 +01:00
Jan Tojnar
31dd8332bc
nixos/malcontent: init 2020-03-10 23:30:20 +01:00
Jesper Geertsen Jonsson
b42babd160 nixos/netdata: add module package option 2020-03-10 23:06:01 +01:00
Matt Snider
acba458b7e nixos/ankisyncd: init at 2.1.0 2020-03-10 22:45:33 +01:00
Aaron Andersen
641b94bdd0 nixos/mysql: add settings and configFile options 2020-03-10 15:15:11 -04:00
Linus Heckemann
dfc70d37f4
Merge pull request #82252 from mayflower/radius-http2
FreeRADIUS improvements
2020-03-10 16:01:46 +01:00
Linus Heckemann
065716ab95 nixos/freeradius: depend on network.target, not online 2020-03-10 15:54:29 +01:00
Linus Heckemann
0587329191 freeradius: make debug logging optional 2020-03-10 15:54:02 +01:00
adisbladis
6fcce60fd5
Merge pull request #82139 from adisbladis/switch-to-configuration-manual
switch-to-configuration: Add new option X-OnlyManualStart
2020-03-10 11:17:33 +00:00
Martin Milata
1affd47cc1 nixos/supybot: python3 switch, add plugin options
Python2 seems to be no longer supported by limnoria upstream.
2020-03-09 23:32:54 +01:00
Martin Milata
57f5fb62d4 nixos/supybot: enable systemd sandboxing options 2020-03-09 23:32:54 +01:00
Martin Milata
b150e08169 nixos/supybot: stateDir in /var/lib, use tmpfiles
Moving the stateDir is needed in order to use ProtectSystem=strict
systemd option.
2020-03-09 23:29:04 +01:00
adisbladis
db6c94304f
switch-to-configuration: Add new option X-OnlyManualStart
This is to facilitate units that should _only_ be manually started and
not activated when a configuration is switched to.

More specifically this is to be used by the new Nixops deploy-*
targets created in https://github.com/NixOS/nixops/pull/1245 that are
triggered by Nixops before/after switch-to-configuration is called.
2020-03-09 11:28:07 +00:00
zimbatm
cc90ececa7
environment.etc: fix typo 2020-03-09 12:01:41 +01:00
Florian Klink
dceec409cc nixos/cage: move ConditionPathExists to service config
It doesn't belong into [Service]:
> Unknown key name 'ConditionPathExists' in section 'Service', ignoring.
2020-03-09 00:47:49 +01:00
Dmitry Kalinkin
93745d243b
Merge pull request #79488 from danielfullmer/zoneminder-1.34.2
zoneminder: 1.32.3 -> 1.34.3
2020-03-07 13:25:17 -05:00
Daniel Fullmer
cb5da4eacb nixos/zoneminder: update on startup if needed 2020-03-07 12:59:39 -05:00
Silvan Mosberger
4f69262c19
Merge pull request #81369 from mweinelt/pr/acme-chmod
nixos/acme: apply chmod and ownership unconditionally
2020-03-07 03:24:46 +01:00
Silvan Mosberger
64ee425a01
nixos/cjdns: Fix connectTo example rendering 2020-03-07 02:01:41 +01:00
Silvan Mosberger
1906320e68
nixos/cjdns: Don't use IFD for extra hosts 2020-03-07 02:01:19 +01:00
Silvan Mosberger
ec6e4db6e4
nixos/networking: Add hostFiles option
When blocklists are built with a derivation, using extraHosts would
require IFD, since the result of the derivation needs to be converted to
a string again.

By introducing this option no IFD is needed for such use-cases, since
the fetched files can be assigned directly.
2020-03-07 01:53:31 +01:00
Lancelot SIX
74c0ce5376
Merge pull request #81907 from atlaua/lr/wg-typo
nixos/wireguard: Fix typo in error message
2020-03-06 22:43:32 +01:00
Luis Ressel
b19c485b22
nixos/wireguard: Fix typo in error message
generatePrivateKey -> generatePrivateKeyFile
2020-03-06 16:19:23 +01:00
Jörg Thalheim
391b7b31d8
Merge pull request #81891 from emilazy/nginx-use-mozilla-tls-config
nixos/nginx: use Mozilla Intermediate TLS configuration
2020-03-06 14:30:28 +00:00
Jörg Thalheim
87ae01e70b
Merge pull request #81752 from alexbakker/fix-55221
uwsgi: use pyhome instead of pythonpath for uwsgi vassals
2020-03-06 13:16:26 +00:00
Emily
4ed98d69ed nixos/nginx: use Mozilla Intermediate TLS configuration
The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate
is reliably kept up-to-date in terms of security and compatible with a
wide range of clients. They've probably had more care and thought put
into them than our defaults, and will be easier to keep updated in
the future.

The only removed (rather than changed) configuration option here is
ssl_ecdh_curve, per https://github.com/mozilla/server-side-tls/issues/189.

Resolves #80952.
2020-03-06 13:08:56 +00:00
Silvan Mosberger
dc70633913
Merge pull request #81774 from ju1m/shorewall_fix_RestartTriggers
shorewall: fix RestartTriggers
2020-03-06 11:58:35 +01:00
Martin Milata
421a18f42b nixos/prometheus-mikrotik-exporter: init 2020-03-06 10:39:05 +01:00
Matthew Bauer
1265615594 gtk-icon-cache: get native gtk3 for icon cache 2020-03-06 00:45:48 -05:00
Martin Milata
e7ed7901a8 nixos/prometheus-mail-exporter: misc fixes
- Fix misspelled option. mkRenamedOptionModule is not used because the
   option hasn't really worked before.
 - Add missing cfg.telemetryPath arg to ExecStart.
 - Fix mkdir invocation in test.
2020-03-06 01:44:05 +01:00
Martin Milata
3b5cf35e8b nixos/prometheus-mail-exporter: fix assertion
The assertion was printed when user explicitly defined only the
configFile option.
2020-03-06 01:44:05 +01:00
Martin Milata
2a080ac434 nixos/prometheus-snmp-exporter: fix assertion
The assertion was printed when user explicitly defined only the
configurationPath option.
2020-03-06 01:43:20 +01:00
Martin Milata
87f87fb3e9 nixos/prometheus-snmp-exporter: update log options
The allowed values have changed in bd3319d28c.

0.15:
      --log.level="info"        Only log messages with the given severity or above. Valid levels: [debug, info, warn, error, fatal]
      --log.format="logger:stderr"
                                Set the log target and format. Example: "logger:syslog?appname=bob&local=7" or "logger:stdout?json=true"

0.17:
      --log.level=info          Only log messages with the given severity or above. One of: [debug, info, warn, error]
      --log.format=logfmt       Output format of log messages. One of: [logfmt, json]
2020-03-06 01:43:20 +01:00
Martin Milata
0ac24ccf2a nixos/prometheus-*-exporter: escape shell args 2020-03-06 01:43:20 +01:00
Andrew Childs
ce416779bb nixos/activation: use eval-config's system argument for nesting
This avoids a possible surprise if the user is using `nixpkgs.system`
and `nesting.children`. `nesting.children` is expected to ignore all
parent configuration so we shouldn't propagate the user-facing option
`nixpkgs.system`. To avoid doing so, we introduce a new internal
option for holding the value passed to eval-config.nix, and use that
when recursing for nesting.
2020-03-05 20:28:31 +09:00
David Guibert
bbc2cd89ef users.groups.disnix instead of a list
related to #63103.
2020-03-05 09:08:40 +01:00
Julien Moutinho
47f27938e7 shorewall: fix RestartTriggers 2020-03-05 00:01:44 +01:00
Alexander Bakker
7bbf7fa693 uwsgi: use pyhome instead of pythonpath for uwsgi vassals 2020-03-04 20:20:32 +01:00
Silvan Mosberger
b38344b54c
Merge pull request #81708 from yegortimoshenko/acme-fullchain-force-symlink
nixos/acme: force symlink from fullchain.pem to cert.pem
2020-03-04 19:33:39 +01:00
Michele Guerini Rocco
481a4e938e
Merge pull request #81597 from thatsmydoing/multiport-nat
nixos/nat: fix multiple destination ports with loopback
2020-03-04 19:12:25 +01:00
Jörg Thalheim
bbbf224c7d
Merge pull request #81610 from Mic92/zfs
nixos/zfs: continue trimming also if one pool fails
2020-03-04 11:44:57 +00:00
Maximilian Bosch
7f9131f260
Merge pull request #81405 from NinjaTrappeur/nin-networkd-policy-rules
nixos/networkd: add RoutingPolicyRules-related options
2020-03-04 12:29:29 +01:00
Yegor Timoshenko
c32da2ed9c nixos/acme: force symlink from fullchain.pem to cert.pem
Co-authored-by: emily <vcs@emily.moe>
2020-03-04 12:52:12 +03:00
Thomas Dy
97a61c8903 nixos/nat: fix multiple destination ports with loopback 2020-03-04 18:11:31 +09:00
Sean Buckley
9d3aa711fe NixOS/auto-upgrade: refine option description 2020-03-03 22:14:31 -05:00
Florian Klink
407be0a577
Merge pull request #81327 from flokli/add-cage
nixos/cage: init
2020-03-03 12:04:33 -08:00
Robert Hensing
6734e58da3
Merge pull request #81292 from hercules-ci/fix-service-runner-quotes
nixos/service-runner.nix: Allow quotes in commands + test
2020-03-03 14:31:00 +01:00
Jörg Thalheim
8f543ed80d
nixos/zfs: continue trimming also if one pool fails
fixes https://github.com/NixOS/nixpkgs/issues/81602
2020-03-03 11:22:07 +00:00
Yegor Timoshenko
c16f2218da
Merge pull request #80900 from emilazy/acme-must-staple
nixos/acme: Must-Staple and extra flags
2020-03-03 03:57:40 +03:00
Yegor Timoshenko
31aefc74c5
Merge pull request #80856 from emilazy/adjust-acme
nixos/acme: adjust renewal timer options
2020-03-03 03:49:33 +03:00
Matthew Bauer
e0e4d591cc nixos/cage: init
Add a cage module to nixos. This can be used to make kiosk-style
systems that boot directly to a single application. The user (demo by
default) is automatically logged in by this service and the
program (xterm by default) is automatically started.

This is useful for some embedded, single-user systems where we want
automatic booting. To keep the system secure, the user should have
limited privileges.

Based on the service provided in the Cage wiki here:

https://github.com/Hjdskes/cage/wiki/Starting-Cage-on-boot-with-systemd

Co-Authored-By: Florian Klink <flokli@flokli.de>
2020-03-02 13:43:20 -08:00
WilliButz
eaef96093a
prometheus-nginx-exporter: 0.5.0 -> 0.6.0 (#81285)
* prometheus-nginx-exporter: 0.5.0 -> 0.6.0

* nixos/prometheus-nginx-exporter: update for 0.6.0

Added new option constLabels and updated virtualHost name in the
exporter's test.
2020-03-02 14:48:40 -05:00
Maximilian Bosch
70325e63d8
Merge pull request #79532 from NixOS/fix-predictable-ifnames-in-initrd
nixos/stage-1: fix predictable interface names in initrd
2020-03-02 17:14:06 +01:00
Andreas Rammhold
ca5048cba4
Merge pull request #79925 from mrkkrp/mk/add-nix-store-gcs-proxy-service
Add nix-store-gcs-proxy service
2020-03-02 16:04:16 +01:00
Mark Karpov
96b472e95d
module/nix-store-gcs-proxy: init 2020-03-02 16:01:14 +01:00
Félix Baylac-Jacqué
9897d83f58 nixos/networkd: test routingPolicyRules with a nixos vm test 2020-03-02 15:37:40 +01:00
Jörg Thalheim
2c5ffb5c7a
Merge pull request #81164 from Mic92/home-assistant
nixos/home-assistant: 0.104.3 -> 0.106.0
2020-03-02 10:55:35 +00:00
Benjamin Staffin
3a2790c342 services.mailman: RemainAfterExit so settings take effect properly
Prior to this fix, changes to certain settings would not be applied
automatically and users would have to know to manually restart the
affected service.  A prime example of this is
`services.mailman.hyperkitty.baseUrl`, or various things that affect
`mailman3/settings.py`
2020-03-02 02:25:20 +00:00
obadz
c31958449f
Merge pull request #77405 from danielfullmer/zerotier-mac-fix
nixos/zerotierone: prevent systemd from changing MAC address
2020-03-01 18:49:00 -07:00
Félix Baylac-Jacqué
611d765b76 nixos/networkd: Add the RoutingPolicyRule-related options 2020-03-01 14:52:36 -08:00
José Romildo Malaquias
74f5358f13
Merge pull request #66601 from eadwu/nvidia/prime-render-offload
nvidia: prime render offload
2020-03-01 14:28:57 -03:00
worldofpeace
0bbada3a07
Merge pull request #80451 from worldofpeace/pantheon-doc
nixos/pantheon: add docs
2020-03-01 16:56:55 +00:00
worldofpeace
21c971a732
Merge pull request #81118 from tilpner/gitdaemon-usercreation
nixos/git-daemon: only create git user if it will be used
2020-03-01 13:40:57 +00:00
Yegor Timoshenko
98cbc40570
Merge pull request #81371 from mweinelt/pr/acme-autostart
nixos/acme: renew after rebuild and on boot
2020-03-01 15:46:31 +03:00
Jörg Thalheim
1b92a08a71
Merge pull request #81297 from Mic92/sslh
nixos/sslh: don't run as nogroup
2020-03-01 12:18:09 +00:00
worldofpeace
e906014d4b
Merge pull request #80920 from worldofpeace/rngd-cleanup-shutdown
nixos/rngd: fix clean shutdown
2020-03-01 11:44:22 +00:00
Martin Weinelt
3575555fa8
nixos/acme: apply chmod and ownership unconditionally
Also separate directory and file permissions so the certificate files
don't end up with the executable bit.

Fixes #81335
2020-02-29 20:17:14 +01:00
Martin Milata
96e36bf1ba nixos/firejail: add example for wrappedBinaries 2020-02-29 19:06:28 +01:00
Emily
ffb7b984b2 nixos/acme: add extraLegoRenewFlags option 2020-02-29 16:44:04 +00:00
Emily
b522aeda5a nixos/acme: add ocspMustStaple option 2020-02-29 16:44:04 +00:00
Emily
7b14bbd734 nixos/acme: adjust renewal timer options
The current weekly setting causes every NixOS server to try to renew
its certificate at midnight on the dot on Monday. This contributes to
the general problem of periodic load spikes for Let's Encrypt; NixOS
is probably not a major contributor to that problem, but we can lead by
example by picking good defaults here.

The values here were chosen after consulting with @yuriks, an SRE at
Let's Encrypt:

* Randomize the time certificates are renewed within a 24 hour period.

* Check for renewal every 24 hours, to ensure the certificate is always
  renewed before an expiry notice is sent out.

* Increase the AccuracySec (thus lowering the accuracy(!)), so that
  systemd can coalesce the renewal with other timers being run.

  (You might be worried that this would defeat the purpose of the time
  skewing, but systemd is documented as avoiding this by picking a
  random time.)
2020-02-29 14:03:36 +00:00
Martin Weinelt
5ff9441471
nixos/acme: renew after rebuild and on boot
Fixes #81069
2020-02-29 14:40:34 +01:00
worldofpeace
3be04570e0 nixos/pantheon: add docs 2020-02-28 19:43:18 -05:00
Florian
519d4f8e33 airsonic: enable nginx.recommendedProxySettings with virtualHost
This fixes music playback when using the `services.airsonic.virtualHost`
option.
2020-02-28 19:38:58 +01:00
Sean Buckley
14a1aa4a3d
NixOS/auto-upgrade: fix wording
Co-Authored-By: Pascal Hertleif <killercup@gmail.com>
2020-02-28 12:03:41 -05:00
Jörg Thalheim
8b7f4fa8a6
nixos/buildkite-agents: don't run as nogroup 2020-02-28 15:34:37 +00:00
Jörg Thalheim
9218a58964
nixos/sslh: don't run as nogroup
See #55370
2020-02-28 15:32:36 +00:00
Jörg Thalheim
ee2ea82a68
nixos/home-assistant: make config deep mergeable
This make it possible to split the home-assistant configuration
across multiple files and nix will merge the option in an intuitive
way.
2020-02-28 15:32:03 +00:00
WilliButz
68410b08be
nixos/codimd: update useCDN default to false 2020-02-28 14:36:46 +01:00
Robert Hensing
43521ac965 nixos/service-runner.nix: Allow quotes in commands + test 2020-02-28 14:26:29 +01:00
Sean Buckley
b6cad64ef6 NixOS/auto-upgrade: Add optional randomized delay 2020-02-27 16:40:10 -05:00
worldofpeace
76f4f6b95d
Merge pull request #81087 from lovesegfault/tlp-1.3.1
tlp: 1.2.2 -> 1.3.1
2020-02-27 19:43:14 +00:00
Bernardo Meurer
ee7becd918
nixos/tlp: revamp 2020-02-27 09:58:51 -08:00
Thomas Tuegel
d3e3cc1225
nixos/plasma5: Fix activation script when XDG_CONFIG_HOME is unset
Fixes #80713
2020-02-27 09:48:58 -06:00
Andrew Childs
b83164a049 nixos/activation: propagate system to nested configurations
The current behavior lets `system` default to
`builtins.currentSystem`. The system value specified to
`eval-config.nix` has very low precedence, so this should compose
properly.

Fixes #80806
2020-02-27 23:57:44 +09:00
Daniel Schaefer
39ed5ff74c
Merge pull request #80329 from mmilata/hunspell-pathstolink
nixos: add /share/hunspell to environment.pathsToLink
2020-02-27 09:23:08 +01:00
Aaron Andersen
4d67db3101
Merge pull request #80849 from BBBSnowball/pull-load-imagick-once
nixos/nextcloud: avoid loading imagick extension more than once
2020-02-26 17:17:55 -05:00
Franz Pletz
2dff70f0f3
Merge pull request #80981 from bachp/nextcloud-x-frame-warning
nixos/nextcloud: prevent warning about missing X-Frame-Option
2020-02-26 17:37:38 +00:00
Vladimír Čunát
5f881209f9
nixos/kresd: never force extraFeatures = false
Fixes #81109.  Regressed in PR #78392 (26858063).
2020-02-26 15:10:53 +01:00
tilpner
6df119a6ec
nixos/git-daemon: only create git user if it will be used 2020-02-26 15:04:36 +01:00
Silvan Mosberger
5f37069888
Merge pull request #80861 from emilazy/acme-fullchain
nixos/acme: move the crt to fullchain.pem
2020-02-26 00:48:53 +01:00
Martin Milata
9b0a9577f7 nixos/parsoid: enable systemd sandboxing 2020-02-25 01:32:31 +01:00
Martin Milata
3b27f4d945 nixos/parsoid: fix package name
Original package was removed in 2b8cde0ce2.
2020-02-25 01:32:30 +01:00
Pascal Bach
119a7aae50 nixos/nextcloud: prevent warning about missing X-Frame-Option 2020-02-24 22:07:24 +01:00
Jörg Thalheim
ee08bd8dec
Merge pull request #80831 from Mic92/netdata
netdata: 1.19.0 -> 1.20.0
2020-02-24 17:24:19 +00:00
Jörg Thalheim
8cfd003295
stubby: configure cache directory
This is needed for local dnssec validation
2020-02-24 10:51:43 +00:00
Eelco Dolstra
21a3b141c3
nix-fallback-paths.nix: Fix x86_64-linux path
https://github.com/NixOS/nix/issues/3370
2020-02-24 10:16:26 +01:00
Silvan Mosberger
6d92e54174 nixos/transmission: Allow others to read the directory
Directory mode 755 is standard for running services. Without this,
downloadDirPermissions doesn't have any use since other users can't even
look inside the main transmission directory
2020-02-24 08:03:21 +01:00
worldofpeace
fa76150235 nixos/rngd: fix clean shutdown
It seems disabling DefaultDependencies
removes these implicit dependencies [0] that
we needed for shutdown to happen cleanly.

Fixes #80871

[0]: https://www.freedesktop.org/software/systemd/man/systemd.service.html#Default%20Dependencies
2020-02-23 18:53:52 -05:00
tobim
44a4a3839c
nixos/gdm: Fix pulseaudio tmpfiles structure (#80274)
* nixos/gdm: Fix pulseaudio tmpfiles structure

Fix the following startup failure of the sound service in the gdm
session that was introduced by #75893:
```
Feb 16 11:44:15 qp pulseaudio[1432]: W: [pulseaudio] core-util.c: Failed to open configuration file '/run/gdm/.config/pulse//daemon.conf': Not a directory
Feb 16 11:44:15 qp pulseaudio[1432]: W: [pulseaudio] daemon-conf.c: Failed to open configuration file: Not a directory
Feb 16 11:44:15 qp systemd[1380]: pulseaudio.service: Main process exited, code=exited, status=1/FAILURE
Feb 16 11:44:15 qp systemd[1380]: pulseaudio.service: Failed with result 'exit-code'.
Feb 16 11:44:15 qp systemd[1380]: Failed to start Sound Service.
```

Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-02-23 07:50:19 -05:00
worldofpeace
65bdc05ae8
Merge pull request #78935 from worldofpeace/update-gnome3-iso-expression
installation-cd-graphical-gnome: updates
2020-02-23 07:39:48 -05:00
worldofpeace
ad4565caa1 installation-cd-graphical-gnome: updates
Note we're not using wayland default in the graphical media because it
could cause headaches for Nvidia users. But the session is still available
if someone logs out.
2020-02-23 07:17:37 -05:00
Emily
8ecbd97f82 nixos/acme: move the crt to fullchain.pem
lego already bundles the chain with the certificate,[1] so the current
code, designed for simp_le, was resulting in duplicate certificate
chains, manifesting as "Chain issues: Incorrect order, Extra certs" on
the Qualys SSL Server Test.

cert.pem stays around as a symlink for backwards compatibility.

[1] 5cdc0002e9/acme/api/certificate.go (L40-L44)
2020-02-23 04:10:34 +00:00
worldofpeace
2442f99d40
Revert "Theming options for Gtk and Qt" 2020-02-22 20:42:27 -05:00
Benjamin Koch
db32158bbd nixos/nextcloud: avoid loading imagick extension more than once
This avoids the following error message:
  Module 'imagick' already loaded at Unknown#0
2020-02-23 00:40:49 +00:00
markuskowa
74dcd1c637
Merge pull request #80617 from ikervagyok/slurm
Slurm: improve RDMA capability
2020-02-22 17:33:47 +01:00
Yegor Timoshenko
ab88bb26d1
Merge pull request #80736 from mmahut/vboximg
nixos/virtualbox-image: add params
2020-02-22 17:35:05 +03:00
Michele Guerini Rocco
02bbaaddc8
Merge pull request #80758 from ikervagyok/wg
nixos/wireguard: fix wireguard service as well after it got upstreamed
2020-02-22 10:20:13 +01:00
Lengyel Balazs
50fb52d4e1 fix wireguard service as well after it got upstreamed. 2020-02-22 00:32:15 +01:00
Michele Guerini Rocco
802a528d38
Merge pull request #71079 from gnidorah/theming
Theming options for Gtk and Qt
2020-02-21 18:52:52 +01:00
gnidorah
956c60eda8 nixos/qt: support theming qt4 2020-02-21 18:57:56 +03:00
gnidorah
1bd7ea84ad nixos/qt5: rename to qt 2020-02-21 18:57:56 +03:00
gnidorah
379c3f685c nixos/qt5: extend qt5 theming support 2020-02-21 18:57:56 +03:00
gnidorah
23107a32c4 nixos/qt5: refactor to support more platform themes 2020-02-21 18:57:56 +03:00
gnidorah
193e2ed86e nixos/gtk: init 2020-02-21 18:57:56 +03:00
Marek Mahut
be255392dd nixos/virtualbox-image: add params 2020-02-21 16:53:32 +01:00
Silvan Mosberger
368d84aafa
Merge pull request #80526 from serokell/yorickvp/fix-bk-agent-hooks
nixos/buildkite-agents: fix hooksDir assertion
2020-02-21 12:00:05 +01:00
Lengyel Balázs
dc71384f67 SLURM/NixOS: increase ulimit for IB/RDMA 2020-02-21 11:32:16 +01:00
Jörg Thalheim
1ddb140d95
Merge pull request #53033 from netixx/openvswitch-improved-systemd
openvswitch: better integration with systemd
2020-02-21 08:24:49 +00:00
Jan Tojnar
c1b45ef401
Merge pull request #80456 from cole-h/fish
nixos/fish: fix completions patch
2020-02-20 07:43:25 +01:00
Edward Tjörnhammar
9bab9e2ec6
nixos/i2pd: address #63103
As a comment to 1d61efb7f1
Note that collect returns a list from a set
2020-02-19 13:15:28 +01:00
Yorick van Pelt
1b351f81f4
nixos/buildkite-agents: fix hooksDir assertion 2020-02-19 12:22:35 +01:00
Michele Guerini Rocco
d4c0e72071
Merge pull request #80504 from ben0x539/encrypted-devices-loa-warning
silence warning from #63103 in encrypted-devices.nix
2020-02-19 12:15:19 +01:00
Benjamin Herr
0f5acc5ebe silence warning from #63103 in encrypted-devices.nix 2020-02-18 20:58:40 -08:00
Eelco Dolstra
3c47f78e82
nix: 2.3.2 -> 2.3.3 2020-02-19 01:54:25 +01:00
worldofpeace
af73425b82 nixos/mate: debugging via environment variable 2020-02-18 16:34:26 -05:00
worldofpeace
b9db3f8ca0 nixos/mate: use upstream session 2020-02-18 16:30:09 -05:00
Thomas Tuegel
b3a47c62fb
Merge pull request #80448 from Mic92/zshenv
Revert "zsh: don't clobber the environment of non-login shells"
2020-02-18 11:48:39 -06:00
David Wood
60a3d9dd6b nixos/jirefeau: add services.jirafeau module
Signed-off-by: David Wood <david.wood@codeplay.com>
2020-02-18 09:37:44 -08:00
Cole Helbling
f518e280b1
nixos/fish: fix completions patch
Upstream decided to split the lines we were patching out, so the patch
would fail.
2020-02-18 08:58:11 -08:00
Jörg Thalheim
55819e6c86
Revert "zsh: don't clobber the environment of non-login shells"
This reverts commit 6a756af3e7.

Currently zshenv by default only set fpath and HELPDIR without exporting them.
A parent shell would also not set those variables usually as they are shell local.

It also sources a file called set-environment but this is protected by an
environment variable called __NIXOS_SET_ENVIRONMENT_DONE. Hence any modification
done by the parent shell should persist as long as __NIXOS_SET_ENVIRONMENT_DONE
is not unset.

This behavior deviates from what we do in bashrc and breaks common setups such
as tmux/mosh or screen.

Fixes #80437
2020-02-18 15:52:21 +00:00
José Romildo Malaquias
0bcd9a5262
Merge pull request #79939 from romildo/upd.mate
mate: update to version 1.24.0
2020-02-18 11:15:10 -03:00
Jörg Thalheim
7448211021
Merge pull request #80032 from Mic92/redis
nixos/redis: add requirePassFile option
2020-02-17 21:28:04 +00:00
Martin Milata
d85c885dc4 nixos: add /share/hunspell to environment.pathsToLink
So that applications can find hunspell dictionaries installed through
environment.systemPackages.
2020-02-17 03:35:06 +01:00
Silvan Mosberger
06d18a5737
Merge pull request #80204 from CRTified/fix/issue-76620
docker-containers: Move ExecStartPre/ExecStopPost to preStart/postStop
2020-02-16 21:24:05 +01:00
Julien Moutinho
f9be656873
shorewall: fix warnings due to types.loaOf being deprecated (#80154) 2020-02-16 12:53:49 +02:00
CRTified
c83cc9c364 nixos/docker-containers: Move ExecStartPre/ExecStopPost to preStart/postStop
This commit fixes #76620. It moves ExecStartPre and ExecStopPost to
preStart and postStop, as these options are composable. It thus allows
adding additional initialisation scripts or cleanup scripts to the systemd
unit of the docker container.
2020-02-15 23:16:43 +01:00
gtgteq
c359c6959a
nixos/postgresql: Change local auth method from ident to peer (#80179) 2020-02-15 23:55:35 +02:00
Benjamin Staffin
4c5ea02dc5
grub: Update extraConfig example text (#79406)
This expands the example to something one might actually want to use
to set up a serial console.
2020-02-15 16:45:47 -05:00
Eelco Dolstra
f0f040c3f7 nixos/modules/misc/version.nix: Don't parse .git
This leads to inconsistent results between local builds and
Hydra. Also Nix is not a general purpose language, we shouldn't be
parsing .git from inside Nix code.
2020-02-15 20:16:14 +01:00
Eelco Dolstra
a5f883e535 nixos/modules/installer/cd-dvd/channel.nix: Handle null config.system.nixos.revision 2020-02-15 20:16:14 +01:00
Maximilian Bosch
c391343fcd
nixos/nixos-build-vms: switch to python test-driver
In 0945178b3c we decided that Perl-based
VM tests should be deprecated and will be removed between 20.03 and
20.09. So let's switch `nixos-build-vms(8)` to python as well (which is
entirely interactive, so other scripts won't break).

In my experience, the test-driver isn't used most of the time, so this
patch is mainly supposed to get rid of the (probably misleading)
deprecation warning when running `nixos-build-vms`. Apart from that, the
interface for python's test-driver is way nicer.
2020-02-15 19:35:17 +01:00
Maximilian Bosch
6c63107872
nixos/manual: fix build 2020-02-15 19:18:06 +01:00
Jörg Thalheim
466c1df3e2
Merge pull request #79266 from Mic92/knot
nixos/knot: add keyFiles option
2020-02-15 11:15:03 +00:00
rnhmjoj
dea79b56f7
nixos/boot: add option to disable initrd 2020-02-15 12:13:33 +01:00
Atemu
08ac06edba
docker-containers: Add autoStart option (#76480)
This option allows the user to control whether or not the docker container is
automatically started on boot. The previous default behavior (true) is preserved
2020-02-15 00:57:31 +02:00
José Romildo Malaquias
ba42fef9a7 nixos/mate: add yelp to systemPackages
Without this the Contents item in the Help menu of applications fails
to launch.
2020-02-14 18:31:52 -03:00
Danylo Hlynskyi
5443eee47c
nixos/postgresql: support 0750 for data directory (#65245)
* nixos/postgresql: support 0750 for data directory

This is rework of part of https://github.com/NixOS/nixpkgs/pull/46670.
My usecase was to be able to inspect PG datadir as wheel user.

PG11 now allows starting server with 0750 mask for data dir.
`groupAccess = true` now does this automatically. The only thing you have to do
is to set group ownership.

For PG10 and below, I've described a hack how this can be done. Before this PR
hack was impossible. The hack isn't ideal, because there is short
period of time when dir mode is 0700, so I didn't want to make it official.

Test/example is present too.

* postgresql: allow changing initidb arguments via module system

Closes https://github.com/NixOS/nixpkgs/issues/18829

+ some cleanups

* addressed review comments and some fixes

* whoops

* change groupAccess to tristate, to not force `chmod` on dataDir.

Making mask either 0700 or 0750 is too restrictive..

* WIP

* let's not support group mode for versions pre-11.

The only fix is to change mode to 0700 before start, because otherwise postgresql
doesn't start, and error is non-obvious.
2020-02-14 20:51:20 +02:00
danbst
84535e0a47 let's not support group mode for versions pre-11.
The only fix is to change mode to 0700 before start, because otherwise postgresql
doesn't start, and error is non-obvious.
2020-02-14 19:16:34 +02:00
danbst
2c77c53487 Merge branch 'master' into postgresql_group 2020-02-14 19:00:52 +02:00
snicket2100
50a597cd7a
installation-cd-graphical-base.nix: adding git (#79098) 2020-02-14 18:52:18 +02:00
Symphorien Gibol
5359d90b15 nixos/btrfs: make autoScrub not prevent shutdown or suspend
Fixes: #79086 #79017
2020-02-14 12:00:00 +00:00
Michele Guerini Rocco
3d3392a492
Merge pull request #80090 from crabtw/master
nixos/pppd: fix build error
2020-02-14 10:50:47 +01:00
Michele Guerini Rocco
66b5b29977
Merge pull request #80076 from rnhmjoj/alsa
nixos/alsa: replace list by attrset in environment.etc
2020-02-14 09:40:41 +01:00
Jyun-Yan You
0f8d1ac47d nixos/pppd: fix build error 2020-02-14 12:51:50 +08:00
rnhmjoj
f01bcccd25
nixos/unclutter: fix remaining typo 2020-02-14 01:28:03 +01:00
rnhmjoj
2ad680ac73
nixos/alsa: replace list by attrset in environment.etc 2020-02-14 01:17:18 +01:00
Florian Klink
7564f4faf3
Merge pull request #78360 from serokell/mkaito/caddy-restart
nixos/caddy: resync with upstream unit file
2020-02-13 23:26:11 +01:00
Florian Klink
aaa1c7b28f
Merge pull request #79663 from primeos/brightnessctl-systemd-support
brightnessctl: Add systemd support
2020-02-13 23:14:20 +01:00
Symphorien Gibol
44fd320c0f nixos/iodine: protect passwordFiles with toString
It should prevent copying the files to a store path
2020-02-13 21:30:14 +01:00
Jörg Thalheim
9cfe5a7a54
nixos/redis: add requirePassFile option
Avoids having the password in the nix store.
2020-02-13 17:06:35 +00:00
Graham Christensen
ddd09101c5
Merge pull request #79967 from grahamc/nixos-enter-fd2
nixos-enter: redirect to fd2 instead of a file named /dev/stderr
2020-02-13 11:39:35 -05:00
Jörg Thalheim
b300ccd7f3
Merge pull request #79961 from dtzWill/update/iwd-1.5
ell,iwd: 0.28, 1.5, minor touchups, drop tmpfiles snippet
2020-02-13 10:53:51 +00:00
Michele Guerini Rocco
21b31c4e51
Merge pull request #79998 from rnhmjoj/urxvt-fix
rxvt-unicode: fix typo in aliases.nix
2020-02-13 11:04:56 +01:00
Marek Mahut
4011c2a2aa
Merge pull request #76481 from fare-patches/vesa
Deprecate the boot.vesa option
2020-02-13 09:47:54 +01:00
rnhmjoj
ceb35dac58
nixos/sway: use new package name for rxvt-unicode 2020-02-13 09:36:35 +01:00
rnhmjoj
9290e6e7ba
nixos/urxvtd: use new package name for rxvt-unicode 2020-02-13 09:33:58 +01:00
Ryan Mulligan
5a358eade8
Merge pull request #69125 from jslight90/mattermost-5.15
mattermost: 5.9.0 -> 5.15.0
2020-02-12 20:56:00 -08:00
Graham Christensen
2d42fc240c
nixos-enter: redirect to fd2 instead of a file named /dev/stderr
In some cases, /dev/stderr may not point to a sensible location. For
example, running nixos-enter inside a systemd unit where the unit's
StandardOutput and StandardError are set to be sockets. In these
cases, this line would fail.

Piping to fd2 directly works just as well, even under strange and
twisted executions.

Co-authored-by: Michael Bishop <michael.bishop@iohk.io>
2020-02-12 21:18:27 -05:00
Will Dietz
ac8a92543b
iwd: drop tmpfiles snippet, services use StateDirectory already
Originally added in [1], and iwd added StateDirectory to its services
in [2] -- 4 days later.

("StateDirectory wasn't used when tmpfile snippet was added to NixOS")
(nevermind git -> release delay)

[1] 6e54e9253a
[2] upstream iwd git rev: 71ae0bee9c6320dae0083ed8c1700bc8fff1defb
2020-02-12 19:29:28 -06:00
worldofpeace
2d3163260b
Merge pull request #79830 from ilya-fedin/fix-xdg-current-desktop
Add DesktopNames parameter to generated desktop session files
2020-02-12 13:34:48 -05:00
Florian Klink
b2c2eaea6d
Merge pull request #79862 from flokli/fix-run-keys
nixos/filesystems: don't chown /run/keys recursively
2020-02-12 17:52:23 +01:00
Jörg Thalheim
e2ef8b439f
knot: add keyFiles option
This useful to include tsig keys using nixops without adding those
world-readable to the nix store.
2020-02-12 16:36:42 +00:00
Jörg Thalheim
88029bce39
knot: drop dynamic user
This makes it hard to include secret files.
Also using tools like keymgr becomes harder.
2020-02-12 16:34:10 +00:00
Ilya Fedin
f7768c939a nixos/display-managers: Add DesktopNames parameter to generated desktop session files
Some display managers (e.g. SDDM) set the XDG_CURRENT_DESKTOP variable accroding to this parameter.
If this variable is not defined, there will be some problems (e.g. MATE doesn't have icons on the desktop).

Fixes https://github.com/NixOS/nixpkgs/issues/71427
2020-02-12 07:00:39 +04:00
Michele Guerini Rocco
48704fbd4f
Merge pull request #71302 from tokudan/encrypted-swap-entropy-fix
rngd: Start early during boot and encrypted swap entropy fix
2020-02-12 01:28:03 +01:00
Florian Klink
4c8bdd1c4f nixos/filesystems: don't chown /run/keys recursively
3c74e48d9c was a bit too much, it updated
permissions of all files recursively, causing files to be readable by
the group.

This isn't a problem immediately after bootup, but on a new activation,
as tmpfiles.d get restarted then, updating the permission bits of
now-existing files.

This updates the `Z` to be a `z` (the non-recursive variant), and adds a
`d` to ensure a directory is created (which should be covered by the
initrd shell script anyway)
2020-02-11 21:52:27 +01:00
Jörg Thalheim
92bede3102
nixos/zfs: populate PATH with needed programs for zed 2020-02-11 14:01:22 +00:00
Michael Weiss
5282bc9a74
nixos/brightnessctl: Remove the module
Due to the support of the systemd-logind API the udev rules aren't
required anymore which renders this module useless [0].
Note: brightnessctl should now require a working D-Bus setup and a valid
local logind session for this to work.

[0]: https://github.com/NixOS/nixpkgs/pull/79663
2020-02-10 23:18:20 +01:00
worldofpeace
09f7e376c2
Merge pull request #79416 from jtojnar/flatpak-1.6
flatpak: 1.4.2 → 1.6.1
2020-02-10 12:57:19 -05:00
Jan Tojnar
f1aa8416d7 xdg-desktop-portal: 1.4.2 → 1.6.0
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.6.0
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.4
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.3
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.2
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.1
* https://github.com/flatpak/xdg-desktop-portal/releases/tag/1.5.0
2020-02-10 12:55:25 -05:00
Michele Guerini Rocco
019b637fb1
Merge pull request #79747 from mmilata/fix-mangled-usernames
nixos: fix bunch of mangled usernames
2020-02-10 18:21:31 +01:00
Thomas Tuegel
fb098ea543
Merge pull request #79744 from ttuegel/bug--plasma-5.17-ports
nixos/plasma5: Port initial configurations from Plasma 5.16
2020-02-10 11:08:23 -06:00