05bdfd6f2f
Merge pull request #98973 from Ma27/bump-hydra
...
hydra-unstable: 2020-09-02 -> 2020-10-20
2020-10-22 12:01:13 +02:00
89351525fa
Merge pull request #101246 from rnhmjoj/vm-fix
...
nixos: fix qemu_test being used in normal VMs
2020-10-22 11:09:05 +02:00
9e8eaea484
nixos/sslh: fix usage of the now removed ssl probe ( #101087 )
...
and document
2020-10-21 21:34:35 +02:00
755ba171c7
nixos/display-managers: add sessionData.desktops to XDG_DATA_DIRS
...
Fixes #100108
Alternative to https://github.com/NixOS/nixpkgs/pull/100112 which doesn't break stuff.
2020-10-21 14:39:39 -04:00
1308817e05
nixos/hydra: remove hydra-migration upgrade path
...
This should NOT be backported to 20.09!
When 21.03 is released, the DB changes are about a year old and
operators had two release cycles for the upgrade. At this point it
should be fair to remove the compat layer to reduce the complexity of
the module itself.
2020-10-21 18:03:04 +02:00
bc2188b083
nixos: fix qemu_test being used in normal VMs
...
This is an attempt to fixup PR #49403 .
2020-10-21 16:38:04 +02:00
c821e0d4be
nixos/babeld: lock down service
...
→ Overall exposure level for babeld.service: 2.2 OK 🙂
2020-10-21 12:26:02 +02:00
f6cd17269e
Merge pull request #49403 from andir/qemu_test_reduce_closure
...
qemu_test: disable features that are not needed for tests (closure 641 -> 335.3M)
2020-10-21 00:41:01 +02:00
8875db4976
nixos/sshd: update kexAlgorithms, fix links
...
The `curve25519-sha256` key exchange method is defined in RFC 8731 that
is identical to curve25519-sha256@libssh.org . OpenSSH supports the
method since version 7.4, released on 2016-12-19. It is literally a
violation of the "both in Secure Secure Shell and Mozilla guidelines"
rule, but it provides essentially the same but a future-proof default.
Also, links to the Mozilla OpenSSH guidelines are updated to refer to
the current place.
Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
2020-10-21 07:39:50 +09:00
6e5ccaa34f
Merge pull request #100657 from flokli/network-manager-sstp
...
networkmanager-sstp: init at unstable-2020-04-20, bump sstp from 1.0.12 to 1.0.13
2020-10-21 00:33:13 +02:00
e992089137
nixos/no-x-libs: add networkmanager-sstp
2020-10-21 00:04:02 +02:00
72cd3086cc
networkmanager-sstp: init at unstable-2020-04-20
2020-10-21 00:02:18 +02:00
e25cd7827e
Merge pull request #98176 from minijackson/jellyfin-systemd-security
...
nixos/jellyfin: add some systemd security options
2020-10-20 16:44:32 -04:00
4e51247318
nixos/jellyfin: add some systemd security options
2020-10-20 21:09:28 +02:00
a2ee5cbb05
nixos/vagrant-virtualbox-image: init ( #101120 )
...
Co-authored-by: zimbatm <zimbatm@zimbatm.com>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-10-20 11:09:46 +02:00
1a9e02dec6
Merge pull request #100554 from dnr/feature/pamMount
...
nixos/pam_mount: add pamMount attribute to users
2020-10-20 10:40:12 +02:00
9e6bede5ab
nixos/initrd-network: fix /etc/resolv.conf when multiple dns servers from DHCP
...
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2020-10-19 21:32:58 -07:00
46bd18fff6
Merge pull request #99541 from acelpb/jenkins
...
nixos/jenkins: switch to openjdk11 as openjdk14 is not supported
2020-10-19 19:50:20 +02:00
8ed57ac916
nixos/tests: make sure we use the qemu_test package to provide the Guest Agent
...
This reduces the closure size for the minimal test by a lot since we no
longer have to build the regular QEMU for even the simplest test.
2020-10-19 18:03:01 +02:00
e127ba7873
nixos/qemu-guest-agent: make the QEMU guest agent package configurable
2020-10-19 17:58:10 +02:00
5265d49a36
Merge pull request #100892 from aanderse/pdns-recursor
...
nixos/pdns-recursor: use upstream systemd unit
2020-10-18 20:13:06 -04:00
5e67d80a8b
nixos/nvidia: fix optionals usage
2020-10-18 11:47:34 -07:00
2e67196d79
nixos/nvidia: decouple nvidia_x11.persistenced
2020-10-18 11:24:20 -07:00
4baba17252
Merge pull request #100708 from fooker/nginx-encoding
...
nixos/nginx: Do not remove headers while proxying
2020-10-18 15:52:50 +02:00
6c39180b37
nixos/pdns-recursor: declare module user as system user
2020-10-18 08:15:29 -04:00
1627bef9c1
nixos/pdns-recursor: use upstream systemd unit
2020-10-18 08:15:29 -04:00
7c676c6429
wshowkeys: init at 2019-09-26
2020-10-18 14:09:49 +02:00
2a58362f8f
Merge pull request #100213 from yanganto/hotfix-hime
...
hime: fix enable hime, remove hime-all package
2020-10-16 23:51:24 -05:00
52b903b3c4
hime: fix enable hime, remove hime-all package
...
- fix inputMethod.enable hime by adding module list
- rm hime-all package, because chewing, anthy modules does not work well
2020-10-17 10:48:31 +08:00
0da7593dce
nixos/chromium: update link in docs ( #93794 )
2020-10-16 23:04:06 +02:00
762ca640c4
nixos/nginx: Do not remove headers while proxying
...
Removing the `Accept-Encoding` header breaks applications which may
produce already compressed content.
Removing this header is staded in the nginx docs but is ment as an
example, not as an recomendation.
2020-10-16 12:50:52 +02:00
9d0d99f05b
Merge pull request #95746 from Mic92/cloud-init
...
cloud-init: 0.7.9 -> 20.2 (python3!)
2020-10-15 22:57:46 +02:00
7ce8117238
Merge pull request #100604 from helsinki-systems/fix/icingaweb2
...
nixos/icingaweb2: Fix php packages
2020-10-15 19:18:53 +02:00
e2da1219d4
nixos/icingaweb2: Fix php packages
2020-10-15 16:16:33 +02:00
17bcc043f0
nixos/vim: configurable vim package ( #100132 )
2020-10-15 10:55:16 +02:00
49a749c729
nixos/pam_mount: add pamMount attribute to users
...
This attribute is a generalized version of cryptHomeLuks for creating an
entry in /etc/security/pam_mount.conf.xml. It lets the configuration
control all the attributes of the <volume> entry, instead of just the
path. The default path remains the value of cryptHomeLuks, for
compatibility.
2020-10-14 22:55:55 -07:00
2a4607f442
Revert "nixos/display-managers: install sessionData.desktops"
...
This reverts commit 3cd2b59b8c
2020-10-15 07:32:08 +02:00
b3aed163d5
Merge pull request #99709 from NixOS/staging-next
...
Staging next
2020-10-14 21:10:31 +02:00
f8d78b9f67
confinement: fix assert for serviceConfig.ProtectSystem
...
serviceConfig.ProtectSystem is usually a string so if set, the assert
itself would error out leaving no useable trace:
# nixos-rebuild switch --show-trace
building Nix...
building the system configuration...
error: while evaluating the attribute 'config.system.build.toplevel' at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:293:5:
while evaluating 'foldr' at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:52:20, called from /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:128:12:
while evaluating 'fold'' at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:55:15, called from /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:59:8:
while evaluating anonymous function at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:121:50, called from undefined position:
while evaluating the attribute 'assertion' at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/security/systemd-confinement.nix:163:7:
value is a string while a Boolean was expected
Fix the check to give a sensible assert message instead; the attribute
should either be not set or false bool to pass.
Closes : #99000
2020-10-14 11:56:18 +02:00
cebf9198f3
treewide: De-inline uses of lib.boolToString
...
This commit should not change eval results
2020-10-14 01:46:17 +02:00
9e1943edc0
Merge master into staging-next
2020-10-13 19:34:34 +02:00
53f810cb4b
Merge pull request #100141 from xaverdh/xmonad-correct-path
...
xmonad: put the correct xmonad binary in PATH
2020-10-13 19:01:56 +02:00
99d5111246
nixos/tools: add desktopConfiguration option
...
We now have a GNOME ISO so it would be nice to seed that one
with configuration on how to enable it.
2020-10-12 22:03:16 -04:00
399a2ab954
Merge pull request #98917 from lovesegfault/klipper-init
...
klipper: init at 0.8.0
2020-10-13 00:20:24 +02:00
9b6fc07d15
Merge pull request #100060 from aanderse/dnsdist
...
nixos/dnsdist: use upstream systemd unit
2020-10-12 21:20:33 +02:00
7389407490
nixos/xmonad: add lassulus and xaverdh as maintainers
2020-10-12 21:00:43 +02:00
f4ff303c3b
nixos/dnsdist: use upstream systemd unit
2020-10-12 12:17:11 -04:00
206c668d7f
nixos/xmonad: improve module docs
2020-10-12 14:48:07 +02:00
948e05bb28
pam: add support for pam_gnupg
2020-10-12 13:29:40 +01:00
97eadef0c3
nixos/klipper: init
2020-10-11 15:55:50 -07:00
a6fec75d04
Merge pull request #93426 from helsinki-systems/feat/gitlab-pages
...
nixos/gitlab: Support pages
2020-10-11 23:50:19 +02:00
a1cb02148b
Merge pull request #99912 from m1cr0man/ocspfix
...
nixos/acme: Fix ocspMustStaple option and add test
2020-10-11 23:44:33 +02:00
8294af0284
nixos/avahi: fix nss module
...
mdns_minimal must be placed before resolve in nsswitch.conf
2020-10-11 20:15:13 +02:00
b2efedd5e5
nixos/xserver: fix xkbvalidate for cross compiling.
...
xserver uses the wrong version of xkbvalidate, the one from
buildPackages should be used or else the resulting xkbvalidate binary is
compiled for the target architecture.
2020-10-11 20:08:57 +02:00
8ebf265923
Merge pull request #86404 from nuxeh/nuxeh/domoticz-init-2020.2
...
domoticz: init at 2020.2
2020-10-11 05:59:28 -07:00
4a3fe8d306
nixos/domoticz: use DynamicUser and StateDirectory
2020-10-11 11:15:56 +01:00
2d6a694842
nixos/tools: add firefox to systemPackages example
...
This is in the graphical iso's.
2020-10-10 22:44:56 -04:00
3b20eb47f1
nixos/tools: don't call Plasma KDE
2020-10-10 22:44:56 -04:00
9f1a43cefa
nixos/tools: comment about libinput
2020-10-10 22:44:56 -04:00
12825bc21f
nixos/tools: don't mention pinentryFlavor
...
We don't need to actually set this as it find a good
default automatically. This could confuse the user into thinking they need
to set it themselves.
2020-10-10 22:44:55 -04:00
13b192749c
nixos/gnome3: don't install epiphany default
...
See https://github.com/NixOS/nixpkgs/issues/98819
2020-10-10 22:12:59 -04:00
aabcf2d8f5
Merge branch 'master' into staging-next
2020-10-11 00:27:21 +02:00
4a600af1b1
doc: Document a workaround for using an FQDN as hostname
...
Since #76542 this workaround is required to use a FQDN as hostname. See
#94011 and #94022 for the related discussion. Due to some
potential/unresolved issues (legacy software, backward compatibility,
etc.) we're documenting this workaround [0].
[0]: https://github.com/NixOS/nixpkgs/issues/94011#issuecomment-705952300
2020-10-10 10:48:54 -07:00
826ed96c10
nixos/networking: Switch to home.arpa as an example for the domain
...
The special-use domain "home.arpa." is designated for non-unique use in
residential home networks [0] and registered as such [1]. Therefore it
is more appropriate than "home." which could cause conflicts or result
in queries that leak out and reach the root name servers.
[0]: https://tools.ietf.org/html/rfc8375
[1]: https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
2020-10-10 17:41:42 +02:00
67eb45ddce
xmonad: put the correct xmonad binary in PATH
2020-10-10 13:20:04 +02:00
338b25697c
Merge branch 'master' into staging-next
...
Quite many rebuilds from master:
> Estimating rebuild amount by counting changed Hydra jobs.
> 3926 x86_64-darwin
> 4645 x86_64-linux
2020-10-10 11:32:10 +02:00
7a2eccfab0
Merge pull request #100112 from worldofpeace/fix-gnome-logout-multisession
...
nixos/display-managers: install sessionData.desktops
2020-10-09 19:31:05 -04:00
3cd2b59b8c
nixos/display-managers: install sessionData.desktops
...
Fixes https://github.com/NixOS/nixpkgs/issues/100108
2020-10-09 18:38:16 -04:00
f9bb39e294
nixos/pam: remove trailing whitespace
2020-10-09 18:31:20 +10:00
ec28e32c9e
Merge master into staging-next
2020-10-08 21:47:26 +02:00
8e628f8eea
nixos/pam: Add option to set pam-u2f appid ( #73591 )
2020-10-08 14:37:40 -04:00
a4cde0f969
nixos/mediatomb: fix doc errors
...
Follow-up to #93450 to fix the manual build.
2020-10-08 16:04:11 +02:00
19ac436cf5
Merge pull request #93450 from ardumont/gerbera-service
...
mediatomb: Improve service + add gerbera support and tests
2020-10-08 14:20:07 +02:00
3e3f81aeac
Merge pull request #99658 from Ma27/nextcloud-copy-fix
...
nixos/nextcloud: fix nginx config to allow copy/move-operations again
2020-10-08 09:35:32 +02:00
3248506a00
mediatomb/gerbera: Improve firewall rules and open firewall option
...
This changes the default behavior which opened by default the firewall rules.
The users now need to declare explicitely they want to open the firewall.
2020-10-08 08:59:49 +02:00
86e56d5322
mediatomb/gerbera: Add missing types to options
...
This also fixes some various small limitations:
- Drop unnecessary quoting
- Drop duplicated gerbera interface definition
- Fix configuration indentation
2020-10-08 08:59:48 +02:00
fcb38d6773
mediatomb/gerbera: Make the actual configuration generation lazy
...
Also use verbose flag in cli command to make the intent clearer.
2020-10-08 08:59:48 +02:00
de838249c7
mediatomb/gerbera: Introduce the mediaDirectories option
...
So users can declare their autoscan directories configuration from nix.
2020-10-08 08:59:48 +02:00
96d1844746
mediatomb/gerbera: Introduce the pcDirectoryHide option
2020-10-08 08:59:48 +02:00
1db9813dd3
mediatomb/gerbera: Make transcoding option lazy and runnable if activated
...
In the sense that the pkgs dependency will be pulled if the service is
transcoding enabled. Otherwise, the transcoding part is completely dropped from
the generated configuration.
2020-10-08 08:59:48 +02:00
3bb5cc6849
mediatomb: make service compatible with the gerbera fork
...
The duplication of the interface xml tag is needed for
the daemon to respect the setting.
2020-10-08 08:59:47 +02:00
d8d52410a7
Merge pull request #100053 from markuskowa/upd-snapper
...
nixos/snapper: 0.8.12 -> 0.8.14
2020-10-09 00:05:27 +02:00
6ee8491cb1
Merge pull request #99520 from endgame/ssm-agent-user-fix
...
ssm-agent: fix bad user declaration
2020-10-08 23:28:13 +02:00
90aa6c93e2
nixos/snapper: add snapperd dbus service
...
Since snapper 0.8.13 a systemd service is required for DBus activation.
2020-10-08 23:17:44 +02:00
00e3a3a855
Merge pull request #99601 from jtojnar/blackfire-agent
2020-10-07 19:02:11 +02:00
9cc924a12a
Merge pull request #99948 from jsimonetti/acme-dnsresolver
...
nixos/security/acme: Add DNS resolver option
2020-10-07 16:04:34 +02:00
8e2796d64a
Merge pull request #99934 from mayflower/murmur-env
...
nixos/murmur: add option `environmentFile` for injecting secrets
2020-10-07 13:56:32 +02:00
533560de5b
nixos/murmur: add option `environmentFile` for injecting secrets
...
Secrets are injected from the environment into the rendered
configuration before each startup using envsubst.
The test now makes use of this feature for the server password.
2020-10-07 13:35:50 +02:00
cc3ce9a13a
nixos/security/acme: Add DNS resolver option
...
When using the ACME DNS-01 challenge, there is a possibility of a
failure to resolve the challenge if the record is not propagated
fast enough. To circumvent this generic DNS problem, this adds
a setting to explicitly tell the ACME provider to use a certain DNS
resolver to lookup the challenge.
Signed-off-by: Jeroen Simonetti <jeroen@simonetti.nl>
2020-10-07 13:01:08 +02:00
420f89ceb2
Revert "apparmor: fix and improve the service"
...
This reverts commit fb6d63f3fdfixes #99236 : evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011
Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
2020-10-07 12:22:18 +02:00
0504b01100
Merge pull request #98107 from roberth/cassandra-add-extraEnvSh
...
nixos/cassandra: Add cfg.extraEnvSh
2020-10-07 11:28:39 +02:00
991a67d453
nixos/blackfire: init
2020-10-07 10:44:54 +02:00
41c0f49681
Merge pull request #99596 from Ma27/nextcloud20
...
nextcloud20: init
2020-10-07 08:10:38 +02:00
0d417929bf
ssm-agent: fix bad user declaration
2020-10-07 09:36:21 +10:00
1edd91ca09
nixos/acme: Fix ocspMustStaple option and add test
...
Some of the testing setup for OCSP checking was wrong and
has been fixed too.
2020-10-07 00:18:13 +01:00
9cbe30e129
nixos/nextcloud: `--database-pass` must not be empty for pgsql/mysql
...
This is a breaking change from `nextcloud20`. However, the affected test
is still passing with an unused database password and socket
authentication.
2020-10-06 20:22:48 +02:00
227ba90b28
nixos/nextcloud: update nginx config for `nextcloud20`
...
See #97666 for further context.
2020-10-06 20:22:47 +02:00
5f67a62d59
nixos/nextcloud: update upgrade-path for `nextcloud20`
...
Please note that this is only for 21.03 since `nextcloud19` is intended
to be the default for the already feature-frozen 20.09 (the bump itself
is supposed to get backported however).
2020-10-06 20:22:47 +02:00
f26d6639f2
Merge pull request #99693 from worldofpeace/spectacle-in-plasma5-default
...
nixos/plasma5: add spectacle default
2020-10-06 15:22:31 +02:00
afdeb406b0
nixos/gnome3: fixup unconditional code
2020-10-06 07:37:47 -04:00
Eelco Dolstra
Andreas Rammhold
symphorien
WORLDofPEACE
Maximilian Bosch
rnhmjoj
Martin Weinelt
Masanori Ogino
Florian Klink
Kevin Cox
Minijackson
Joseph D. Long
Jörg Thalheim
Marc 'risson' Schmitt
Aaron Andersen
Jonathan Ringer
Edmund Wu
Martin Weinelt
Michael Weiss
Mario Rodas
Antonio Yang
tnias
Dustin Frisch
ajs124
Janne Heß
Alvar
David Reiss
Jan Tojnar
Frederik Rietdijk
Dominique Martinet
Malte Brandy
Frederik Rietdijk
Lassulus
Michele Guerini Rocco
Dominik Xaver Hörl
Nick Hu
Bernardo Meurer
Ben Wolsieffer
Simon Pettersson
Ryan Mulligan
Michael Weiss
Vladimír Čunát
zowoq
Miles Breslin
Timo Kaufmann
Linus Heckemann
Antoine R. Dumont (@ardumont)
Edward Tjörnhammar
markuskowa
Silvan Mosberger
elseym
Jeroen Simonetti
Robert Hensing
Jack Kelly
Lucas Savva
adisbladis