Commit graph

11492 commits

Author SHA1 Message Date
Frederik Rietdijk
d20a59d2e5 Merge master into staging-next 2019-08-02 23:27:18 +02:00
WilliButz
1ce989cce6
nixos/prometheus-exporters: update documentation 2019-08-02 18:50:01 +02:00
WilliButz
29d765e250
nixos/prometheus-wireguard-exporter: use ExecStart instead of script 2019-08-02 18:50:01 +02:00
WilliButz
afd0dc17d6
nixos/prometheus-exporters: use DynamicUser by default
Only define seperate users and groups when necessary.
2019-08-02 18:50:01 +02:00
WilliButz
495222a840
nixos/prometheus-exporter: use separate user for each exporter
Stop using nobody/nogroup by default and use seperate users for each
exporter instead.
2019-08-02 18:49:56 +02:00
WilliButz
c221f9fdf2
Merge pull request #65751 from mayflower/pkgs/prometheus-postgres-exporter
prometheus-postgres-exporter: init at 0.5.1
2019-08-02 18:45:32 +02:00
Franz Pletz
e4c60a1e42
prometheus-postgres-exporter: init at 0.5.1 2019-08-02 15:59:29 +02:00
Frederik Rietdijk
6f723b9bad Merge master into staging-next 2019-08-02 09:18:37 +02:00
Peter Hoeg
f2639566b5
Merge pull request #30712 from peterhoeg/f/service
systemd user services shouldn't run as root and other "non-interactive" users
2019-08-02 11:58:27 +08:00
Robin Gloster
443b0f6332
Merge pull request #65566 from rasendubi/syncthing-group-fix
syncthing: create default group if not overridden
2019-08-01 23:17:37 +00:00
Robin Gloster
41dac4bf9f
Merge pull request #65582 from WilliButz/add-mailexporter
prometheus-mail-exporter: init at 2019-07-14, add module and test
2019-08-01 23:14:21 +00:00
Robin Gloster
19c737fd79
Merge pull request #65699 from jslight90/patch-5
nixos/gitlab: fix config initializer permissions
2019-08-01 23:08:39 +00:00
worldofpeace
64b4a24047 nixos/xdg/portal: set GTK_USE_PORTAL with lib.mkIf
If lib.optional is given a false value it will return an empty list.
Thusly the set-environment script can have

```
export GTK_USE_PORTAL=
```

This can rub certain bugs the wrong way #65679
so lets make sure this isn't set in the environment
at all.
2019-08-01 17:51:51 -04:00
Frederik Rietdijk
55e4555b77 Merge master into staging-next 2019-08-01 09:42:54 +02:00
Colin L Rice
d7aa6df31f nix-daemon: Fix builduser count to work when maxJobs is auto 2019-08-01 01:54:28 -04:00
Aaron Andersen
a1f738ba87
Merge pull request #62748 from aanderse/mediawiki
nixos/mediawiki: init service to replace httpd subservice
2019-07-31 22:12:23 -04:00
Artemis Tosini
42c3eefd77
nixos/xonsh: Use the package specified in the package option 2019-07-31 23:28:13 +00:00
Jeff Slight
7efcbead2c
nixos/gitlab: fix config initializer permissions 2019-07-31 14:55:08 -07:00
edef
4bcc6e11d3
Merge pull request #65227 from NixOS/openssh-known-hosts-ca
nixos/programs/ssh: allow specifying known host CAs
2019-07-31 12:08:58 +00:00
worldofpeace
bb4f61f73d
Merge pull request #64121 from tadeokondrak/nixos/programs/shell.nix/remove-gnu-specific-option
nixos/programs/shell.nix: don't use unnecessary GNU-specific option
2019-07-31 02:19:59 -04:00
worldofpeace
ea8fc75160
Merge pull request #64948 from ambrop72/videodrivers-radeon-alias
nixos/xserver: Make radeon in videoDrivers an alias for ati.
2019-07-31 02:13:24 -04:00
WilliButz
5818c73d95
nixos/prometheus-exporters: add mail exporter module 2019-07-30 19:24:26 +02:00
Joachim F
a7d71da84d
Merge pull request #65585 from delroth/hardened-pti
nixos/hardened: make pti=on overridable
2019-07-30 10:35:31 +00:00
Janne Heß
ae608faa85 nixos/xfs: Add xfs_repair to the initrd
Closes #8820
2019-07-30 09:28:34 +02:00
worldofpeace
7f2f31a812
Merge pull request #65449 from worldofpeace/disable-portals
nixos/xdg: disable portals (again, again)
2019-07-29 21:47:51 -04:00
worldofpeace
1b21c9db91 nixos/xdg: add gtkUsePortal option to portals
Prior to this change GTK_USE_PORTAL was unconditionally
set to "1". For this to not break things you have to have some
sort of portal implementation in extraPortals.

Setting GTK_USE_PORTAL in this manner is actually only useful
when using portals for applications outside flatpak. For example
people using non-flatpak Firefox who want native filechoosers.
It's also WIP for electron applications to support this.
2019-07-29 21:47:09 -04:00
Pierre Bourdon
67b7e70865
nixos/hardened: make pti=on overridable
Introduces a new security.forcePageTableIsolation option (default false
on !hardened, true on hardened) that forces pti=on.
2019-07-30 02:24:56 +02:00
Alexey Shmalko
e50539f7b5
syncthing: create default group if not overridden
The following configuration generates a systemd unit that doesn't
start.
```nix
{
  services.syncthing = {
    enable = true;
    user = "my-user";
  };
}
```

It fails with
```
systemd[1]: Started Syncthing service.
systemd[6745]: syncthing.service: Failed to determine group credentials: No such process
systemd[6745]: syncthing.service: Failed at step GROUP spawning /nix/store/n1ydz3i08nqp1ajc50ycy1zribmphqc9-syncthing-1.1.4-bin/bin/syncthing: No such process
systemd[1]: syncthing.service: Main process exited, code=exited, status=216/GROUP
systemd[1]: syncthing.service: Failed with result 'exit-code'.
```

This is due to the fact that `syncthing` group (default) is not
created if the user is overridden.

Add a separate check for setting up the default group, so that
user/group are created independently.
2019-07-29 21:56:12 +03:00
Jörg Thalheim
3b0f0741ea
Merge pull request #65335 from Baughn/wifi-crda
wifi: Include CRDA regulatory database
2019-07-29 07:02:22 +01:00
Svein Ove Aas
d28a8cc4af nixos/pantheon: Include CRDA regulatory database 2019-07-28 22:17:19 +01:00
Svein Ove Aas
186dd1ce58 nixos/gnome3: Include CRDA regulatory database 2019-07-28 22:17:10 +01:00
Svein Ove Aas
7ee6226bdd nixos/networkmanager: Include CRDA regulatory database 2019-07-28 22:10:28 +01:00
Svein Ove Aas
ac50d8e709 nixos/wpa_supplicant: Include CRDA regulatory database 2019-07-28 22:10:28 +01:00
Bas van Dijk
9ff408a2a4
Merge pull request #60500 from basvandijk/thanos-init
thanos: init at 0.6.0 & NixOS module
2019-07-28 19:14:55 +02:00
edef
9897956d36
Merge pull request #65485 from arcnmx/pr-taskserver-nixos
nixos/taskserver: crl file is optional
2019-07-28 13:02:05 +00:00
Bas van Dijk
0a59be7136 thanos: 0.5.0 -> 0.6.0 2019-07-28 13:28:27 +02:00
Bas van Dijk
dc69b3e6ad nixos/thanos: code style: don't use a space before a colon 2019-07-28 13:28:27 +02:00
Bas van Dijk
e32e0e6e02 nixos/thanos: assert that prometheus2 is running and has labels set 2019-07-28 13:28:27 +02:00
Bas van Dijk
13da811853 nixos/thanos: allow overriding arguments to the thanos subcommands 2019-07-28 13:28:27 +02:00
Bas van Dijk
2d0243c187 thanos: 0.4.0 -> 0.5.0-rc.0 2019-07-28 13:28:27 +02:00
Bas van Dijk
ebc65a5f21 nixos/thanos: add module for the thanos service 2019-07-28 13:28:27 +02:00
Frederik Rietdijk
cb3ce5d26d Merge master into staging-next 2019-07-28 12:11:37 +02:00
Frederik Rietdijk
cca5ee9c07 Merge staging-next into staging 2019-07-28 09:10:03 +02:00
arcnmx
c604b38791 nixos/taskserver: crl file is optional 2019-07-27 15:49:46 -07:00
Ashish SHUKLA
d3c2b992d4
sshguard: do not create ipset in post-start
Upstream switched to a different type of ipset table, whereas we
create ipset in post-start which overrides upstream, and renders
sshguard ineffective.

Remove ipset creation from post-start, and let it get automatically
by upstream script (sshg-fw-ipset) as part of startup
2019-07-27 10:59:50 +05:30
worldofpeace
1e4d9e08cd nixos/plasma5: enable xdg.portal 2019-07-26 22:36:32 -04:00
worldofpeace
16c6f169a2 nixos/gnome3: enable xdg.portal 2019-07-26 22:36:14 -04:00
worldofpeace
785158fd64 nixos/flatpak: require xdg.portal to be enabled 2019-07-26 22:35:50 -04:00
worldofpeace
c4d06eff3f nixos/xdg: disable portal (again) 2019-07-26 22:33:49 -04:00
Aaron Andersen
1ab91bee65
Merge pull request #65418 from mmahut/proxy_server
nixos/zabbixProxy: server is a mandatory parameter
2019-07-26 18:46:21 -04:00