b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
292283 commits 2 branches 0 tags 3.3 GiB
Commit graph

21774 commits

Author SHA1 Message Date
github-actions[bot] 901fb5e64e
Merge master into staging-next 2021-05-22 00:56:03 +00:00
Jonathan Ringer 5b61edfe47 docs/release-notes: mention ati_drivers_x11 removal 2021-05-21 16:16:48 -07:00
Jonathan Ringer ced04640c7 nixos/video: remove obsolete ati modules 2021-05-21 16:16:48 -07:00
Jan Tojnar a420acab1e
release notes: Mention automated gnomeExtensions 
https://github.com/NixOS/nixpkgs/pull/118232
 2021-05-21 23:53:16 +02:00
Martin Weinelt 71fb79ee6b
Merge pull request #123828 from Lassulus/solanum2 
nixos/solanum: init
 2021-05-21 23:23:01 +02:00
Maximilian Bosch a2379c69a4
Merge pull request #122833 from helsinki-systems/feat/prometheus-metric-relabel 
nixos/prometheus: Add support for metric relabeling
 2021-05-21 23:13:41 +02:00
lassulus 48c16e48aa nixos/solanum: init 2021-05-21 23:06:38 +02:00
Maximilian Bosch 5dbd28d754
Merge pull request #123009 from deviant/fix-mailman-doc-links 
nixos/mailman: fix documentation option links
 2021-05-21 22:00:47 +02:00
Jacek Galowicz 5d05391846
Merge pull request #123823 from misuzu/test-driver-usb-boot-speedup 
nixos/test-driver: use usb-ehci controller instead of piix3-usb-uhci
 2021-05-21 20:47:47 +02:00
Jonathan Ringer 5cd5b9b97f
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
 pkgs/development/tools/kubie/default.nix
 2021-05-21 10:39:34 -07:00
eyJhb 6000f420e8
nixos/znc: fixed chown not working after hardening (#123883) 2021-05-21 19:07:53 +02:00
hyperfekt ef991f9b8b nixos/filesystems: condition mount-pstore.service on unmounted /sys/fs/pstore 
For unknown reasons, switching to a system that first introduces this
service has it fail with /sys/fs/pstore already having been mounted.
 2021-05-21 17:49:23 +02:00
Elis Hirwing e9cca93bf9
Merge pull request #121778 from talyz/keycloak-security 
nixos/keycloak: Security fixes + misc
 2021-05-21 16:55:26 +02:00
Kerstin Humm 224df6940f nixos/mastodon: use rails command instead of rake 
Co-Authored-By: Izorkin <izorkin@elven.pw>
 2021-05-21 15:04:12 +02:00
github-actions[bot] 929b12e7b5
Merge master into staging-next 2021-05-21 12:28:43 +00:00
ajs124 c455f3ccaf
Merge pull request #123084 from Yarny0/hylafax 
hylafaxplus & nixos/hylafax: small improvements
 2021-05-21 14:20:57 +02:00
talyz 2d8a870813
keycloak.tests: Test HTTPS support 2021-05-21 13:09:43 +02:00
talyz ba00b0946e
nixos/keycloak: Split certificatePrivateKeyBundle into two options 
Instead of requiring the user to bundle the certificate and private
key into a single file, provide separate options for them. This is
more in line with most other modules.
 2021-05-21 13:09:38 +02:00
talyz dbf91bc2f1
nixos/keycloak: keycloak.database* -> keycloak.database.* 
Move all database options to their own group / attribute. This makes
the configuration clearer and brings it in line with most other modern
modules.
 2021-05-21 13:09:32 +02:00
talyz 83e406e97a
nixos/keycloak: frontendUrl always needs to be suffixed with / 
In some places, Keycloak expects the frontendUrl to end with `/`, so
let's make sure it always does.
 2021-05-21 13:09:25 +02:00
talyz 58614f8416
nixos/keycloak: Add myself to maintainers 2021-05-21 13:09:19 +02:00
talyz d748c86389
nixos/keycloak: Improve readablility by putting executables in PATH 2021-05-21 13:09:14 +02:00
talyz 8309368e4c
nixos/keycloak: Set umask before copying sensitive files 
`install` copies the files before setting their mode, so there could
be a breif window where the secrets are readable by other users
without a strict umask.
 2021-05-21 13:09:09 +02:00
talyz c2bebf4ee2
nixos/keycloak: Improve bash error handling 2021-05-21 13:09:03 +02:00
talyz d6727d28e1
nixos/keycloak: Set the postgresql database password securely 
Feeding `psql` the password on the command line leaks it through the
`psql` process' `/proc/<pid>/cmdline` file. Using `echo` to put the
command in a file and then feeding `psql` the file should work around
this, since `echo` is a bash builtin and thus shouldn't spawn a new
process.
 2021-05-21 13:08:53 +02:00
Jonathan Ringer 6b15fdce86
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
 pkgs/shells/ion/default.nix
 pkgs/tools/misc/cicero-tui/default.nix
 2021-05-20 22:11:42 -07:00
Thiago Kenji Okada c96586d63f nixos/noisetorch: init 
NoiseTorch needs setcap set to 'cap_sys_resource=+ep' to work correctly
accordingly to the README.md:

https://github.com/lawl/NoiseTorch#download--install

So this PR adds it.
 2021-05-20 14:15:20 -07:00
misuzu b2319b086c nixos/test-driver: use usb-ehci controller instead of piix3-usb-uhci 
On my system this change offers ~5X speed up of
nixosTests.boot.biosUsb and nixosTests.boot.uefiUsb tests.
 2021-05-20 22:33:08 +03:00
legendofmiracles af0a54285e nixos/terraria: open ports in the firewall 2021-05-20 12:11:08 -07:00
Guillaume Girol 0d5fa1cff3
Merge pull request #120622 from symphorien/duplicity-master 
nixos/duplicity: enable to prevent backup from growing infinitely
 2021-05-20 19:00:59 +00:00
Jonas Chevalier 30c021fa15
Merge pull request #123744 from hercules-ci/init-ghostunnel 
ghostunnel: init
 2021-05-20 20:58:41 +02:00
Jonathan Ringer 14f3686af1
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  pkgs/applications/terminal-emulators/alacritty/default.nix
  pkgs/servers/clickhouse/default.nix
 2021-05-20 09:12:42 -07:00
Emery Hemingway 520b4a8496 nixos: convert netatalk to settings-style configuration 
Also, set StateDirectory in systemd.….serviceConfig.
 2021-05-20 17:39:28 +02:00
Robert Hensing a37d157601
Merge pull request #123052 from xoe-labs/da-test-vm-innteractive-log-switch 
nixos/testing: add interactive serial stdout logs switch and dim them
 2021-05-20 15:32:54 +02:00
Robert Hensing dc9cb63de4 nixos/ghostunnel: init 2021-05-20 10:41:52 +02:00
Christoph Hrdinka 57acb6f9f7
Merge pull request #123598 from pschyska/master 
nixos/nsd: make nsd-checkconf work when configuration contains keys (#118140)
 2021-05-20 10:41:30 +02:00
Robert Hensing 76a7840f5f
Merge pull request #117275 from hercules-ci/nixosTest-remove-nixpkgs-commit-hash 
nixosTest: Make system.nixos.revision constant
 2021-05-20 10:40:59 +02:00
Maximilian Bosch 3f3cec6d9e clickhouse: 20.11.4.13-stable -> 21.3.11.5-lts 
Failing Hydra build: https://hydra.nixos.org/build/143269865
ZHF #122042
 2021-05-19 14:08:46 -07:00
Gabriel Gonzalez 8e9d803bac
Fix description for services.kubernetes.addonManager.enable (#71448) 
`mkEnableOption` already prefixes the description with
"Whether to enable"
 2021-05-19 13:49:27 -07:00
Sebastian Neubauer 68c618cba3
opensmtpd-filter-rspamd: init at 0.1.7 (#122823) 2021-05-19 22:37:49 +02:00
github-actions[bot] 8a5e4be6b6
Merge master into staging-next 2021-05-19 18:34:10 +00:00
Tim Van Baak 420b0fa378 nixos/nebula: Add release notes 2021-05-19 10:55:41 -07:00
Jonathan Ringer c1f8a15dac
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  nixos/doc/manual/release-notes/rl-2105.xml
  pkgs/tools/security/sequoia/default.nix
 2021-05-19 10:39:54 -07:00
Paul Schyska 69202853ea
nixos/nsd: make nsd-checkconf work when configuration contains keys 2021-05-19 18:21:10 +02:00
Martin Weinelt 446c97f96f
Merge pull request #123355 from Ma27/bump-matrix-synapse 2021-05-19 18:12:14 +02:00
Robert Hensing 74bf82a202
Merge pull request #122784 from hercules-ci/nixpkgs-init-nixos-install-tools 
nixos-install-tools: init
 2021-05-19 17:45:43 +02:00
Jan Tojnar a858f1a90d
Merge pull request #123507 from jtojnar/no-flatpak-guipkgs 
nixos/flatpak: Remove `guiPackages` internal option
 2021-05-19 16:33:56 +02:00
Michael Weiss c21dd33953
Merge pull request #123609 from berbiche/cagebreak-use-waylands-utils-in-test 
nixos/tests/cagebreak: use wayland-info instead of wallutils
 2021-05-19 14:50:55 +02:00
Guillaume Girol 41c7fa448f nixos/duplicity: add options to exercise all possible verbs 
except restore ;)
 2021-05-19 12:00:00 +00:00
Michele Guerini Rocco 376eabdac3
Merge pull request #123254 from rnhmjoj/ipsec 
libreswan: 3.2 -> 4.4
 2021-05-19 13:36:04 +02:00
talyz 380b52c737
nixos/keycloak: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:28 +02:00
talyz 88b76d5ef9
nixos/mpd: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead.
 2021-05-19 09:32:22 +02:00
talyz 3a29b7bf5b
nixos/mpdscribble: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:17 +02:00
talyz 7842e89bfc
nixos/gitlab: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:12 +02:00
talyz 38398fade1
nixos/discourse: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:06 +02:00
Jörg Thalheim 5b4915fb7a
Merge pull request #110927 from Izorkin/fix-qemu-ga 
nixos/qemu-guest-agent: fix start service
 2021-05-19 05:42:06 +01:00
Aaron Andersen 58ddbfa71d
Merge pull request #118395 from jwygoda/grafana-google-oauth2 
grafana: add google oauth2 config
 2021-05-18 23:11:24 -04:00
Nicolas Berbiche 5e2cedfae3
nixos/tests/cagebreak: use wayland-info instead of wallutils 
wayland-info from wayland-utils is already used in other Wayland
tests whereas wallutils' wayinfo is not.
 2021-05-18 22:02:24 -04:00
github-actions[bot] 7000ae2b9a
Merge master into staging-next 2021-05-19 00:55:36 +00:00
Martin Weinelt a8f71f069f
Merge pull request #123006 from mweinelt/postgresqlbackup-startat 
nixos/postgresqlBackup: allow defining multiple times to start at
 2021-05-19 01:54:38 +02:00
Martin Weinelt 4c798857e2
Merge pull request #100274 from hax404/prometheus-xmpp-alerts 2021-05-19 01:36:28 +02:00
Georg Haas 03c092579a
prometheus-xmpp-alerts: apply RFC 42 2021-05-19 01:08:38 +02:00
superherointj 4e3060d488 libvirtd: fix ovmf for aarch64 2021-05-18 17:27:37 -03:00
Jonathan Ringer ca46ad3762
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  pkgs/tools/package-management/cargo-release/default.nix
 2021-05-18 11:03:38 -07:00
Pamplemousse 037e51702e
nixos/services/foldingathome: Add an option to set the "nice level" (#122864) 
Signed-off-by: Pamplemousse <xav.maso@gmail.com>
 2021-05-18 18:44:52 +02:00
Maciej Krüger 7458dcd956
Merge pull request #75242 from mkg20001/cjdns-fix 
services.cjdns: add missing, optional login & peerName attribute
 2021-05-18 18:22:29 +02:00
Jonathan Ringer f7a112f6c4
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
  pkgs/applications/graphics/emulsion/default.nix
  pkgs/development/tools/misc/texlab/default.nix
  pkgs/development/tools/rust/bindgen/default.nix
  pkgs/development/tools/rust/cargo-udeps/default.nix
  pkgs/misc/emulators/ruffle/default.nix
  pkgs/tools/misc/code-minimap/default.nix
 2021-05-18 08:57:16 -07:00
Robert Schütz d189df235a
Merge pull request #122241 from dotlambda/znc-harden 
nixos/znc: harden systemd unit
 2021-05-18 17:44:14 +02:00
Maciej Krüger 7409f9bab3
services.cjdns: add missing, optional login & peerName attribute 2021-05-18 17:39:04 +02:00
Ashlynn Anderson 903665f31c
nixos/self-deploy: init (#120940) 
Add `self-deploy` service to facilitate continuous deployment of NixOS
configuration from a git repository.
 2021-05-18 08:29:37 -07:00
Maciej Krüger 362ca08510
Merge pull request #123448 from mweinelt/phosh-pam 
nixos/phosh: Fix PAM configuration
 2021-05-18 17:26:21 +02:00
Martin Weinelt ec9cfba2d3
nixos/phosh: Fix unrestricted login because of insecure PAM config 
The PAM config deployed would not check anything meaningful. Remove it
and rely on the defaults in the security.pam module to fix login with
arbitrary credentials.

Resolves: #123435
 2021-05-18 16:39:03 +02:00
Michael Weiss 1b114586e8
Merge pull request #123381 from primeos/nixos-tests-cagebreak 
nixos/tests/cagebreak: Fix the test
 2021-05-18 16:01:37 +02:00
Jan Tojnar 1b1faeb2db
Merge pull request #86288 from worldofpeace/gnome-doc 
nixos/gnome3: add docs
 2021-05-18 14:19:33 +02:00
Jan Tojnar ed47351533
nixos/flatpak: Remove guiPackages internal option 
It was basically just a `environment.systemPackages` synonym,
only GNOME used it, and it was stretching the responsibilities
of the flatpak module too far.

It also makes it cleaner to avoid installing the program
using GNOME module’s `excludePackages` option.

Partially reverts: https://github.com/NixOS/nixpkgs/pull/101516
Fixes: https://github.com/NixOS/nixpkgs/issues/110310
 2021-05-18 14:06:23 +02:00
Michael Raskin 02ba3238d2
Merge pull request #123053 from pschyska/master 
atop, netatop, nixos/atop: improve packaging and options
 2021-05-18 10:54:13 +00:00
rnhmjoj 0de7e41520
docs/release-notes: mention libreswan update 2021-05-18 08:13:37 +02:00
rnhmjoj 3a46314455
nixos/tests/libreswan: add test 2021-05-18 08:13:36 +02:00
rnhmjoj 1a4db01c84
nixos/libreswan: update for version 4.x 
- Use upstream unit files
- Remove deprecated config options
- Add option to disable redirects
- Add option to configure policies
 2021-05-18 08:13:36 +02:00
Sandro 9dba669e8a
Merge pull request #123385 from veehaitch/systemd-dhcpserver-options 
nixos/networkd: add missing [DHCPServer] options
 2021-05-18 01:53:39 +02:00
Vladimír Čunát b09fc82382
nixos/release-combined: fix a test name 
Broken by 513143fe4 and breaking evaluation of trunk-combined jobset.
 2021-05-17 22:52:28 +02:00
Sandro 4fc08dd955
Merge pull request #121500 from servalcatty/v2ray 
v2ray: 4.37.3 -> 4.38.3
 2021-05-17 19:18:56 +02:00
Michael Weiss f691e6c074
nixos/tests/cagebreak: Simplify the startup 2021-05-17 18:41:27 +02:00
Michael Weiss 81b2ce96c6
nixos/tests/cagebreak: Fix the test 
Starting Cagebreak as X11 client doesn't work anymore as wlroots 0.13
started to require the DRI3 extension which isn't supported by LLVMpipe:
machine # [   13.508284] xsession[938]: 00:00:00.003 [ERROR] [backend/x11/backend.c:433] X11 does not support DRI3 extension
machine # [   13.666989] show_signal_msg: 62 callbacks suppressed
machine # [   13.666993] .cagebreak-wrap[938]: segfault at 8 ip 0000000000408574 sp 00007ffef76f2440 error 4 in .cagebreak-wrapped[407000+d000]
machine # [   13.670483] Code: f4 ff ff 4c 8b 84 24 70 01 00 00 8d 45 01 48 89 c5 49 8b 3c c0 48 85 ff 75 e4 4c 89 c7 e8 84 f4 ff ff 48 8b bc 24 18 01 00 00 <48> 8b 47 08 4c 8d 6f d8 48 8d 68 d8 48 39 df 75 0e eb 36 66 0f 1f
machine # [   13.518274] xsession[938]: 00:00:00.006 [ERROR] [../cagebreak.c:313] Unable to create the wlroots backend

The test broke after updating Cagebreak in #121652 (bf8679ba94).

XWayland still fails for unknown reasons:
Modifiers specified, but DRI is too old
libEGL warning: DRI2: failed to create dri screen
libEGL warning: NEEDS EXTENSION: falling back to kms_swrast
glamor: No eglstream capable devices found
glamor: 'wl_drm' not supported
Missing Wayland requirements for glamor GBM backend
Missing Wayland requirements for glamor EGLStream backend
Failed to initialize glamor, falling back to sw
00:00:03.534 [ERROR] [xwayland/server.c:252] waitpid for Xwayland fork
failed: No child processes
(EE) failed to write to XWayland fd: Broken pipe
/nix/store/kcm3x8695fgycf31grzl9fy5gggwpram-xterm-367/bin/xterm: Xt
error: Can't open display: :0

The fallback to software rendering is to be expected but it looks like
XWayland is crashing with "failed to write to XWayland fd: Broken pipe".
 2021-05-17 18:41:12 +02:00
Vincent Haupert faeb9e3233
nixos/networkd: add missing [DHCPServer] options 
`systemd.network.networks.*.dhcpServerConfig` did not accept all of
the options which are valid for networkd's [DHCPServer] section. See
systemd.network(5) of systemd 247 for details.
 2021-05-17 18:30:37 +02:00
Martin Weinelt 213e488192
Merge pull request #123375 from helsinki-systems/apparmor_utillinux 
nixos/security/apparmor: utillinux -> util-linux
 2021-05-17 17:30:38 +02:00
ajs124 e2cf342ba9 nixos/security/apparmor: utillinux -> util-linux 2021-05-17 17:14:08 +02:00
Michael Weiss aa2537b554
Merge pull request #122926 from primeos/signal-desktop-fix-db-encryption 
signal-desktop: Fix the database encryption by preloading SQLCipher
 2021-05-17 16:06:52 +02:00
Jonathan Ringer c227fb4b17
Merge remote-tracking branch 'origin/master' into staging-next 
Conflicts:
	pkgs/development/tools/rust/cargo-cache/default.nix
	pkgs/development/tools/rust/cargo-embed/default.nix
	pkgs/development/tools/rust/cargo-flash/default.nix
	pkgs/servers/nosql/influxdb2/default.nix
 2021-05-17 07:01:38 -07:00
Robert Schütz a22ebb6d6d
Merge pull request #123017 from DavHau/davhau-scikitlearn 
python3Packages.scikitlearn: rename to scikit-learn
 2021-05-17 15:13:33 +02:00
ajs124 8e78793029 nixos/tasks/filesystems: utillinux -> util-linux 2021-05-17 14:47:57 +02:00
Maximilian Bosch 2addab5fd6
nixos/matrix-synapse: room_invite_state_types was deprecated and room_prejoin_state is used now 
See https://github.com/matrix-org/synapse/blob/release-v1.34.0/UPGRADE.rst#upgrading-to-v1340
 2021-05-17 13:45:28 +02:00
Jörg Thalheim b900661f6e
Merge pull request #122825 from Izorkin/update-duplicates-systemcallfilters 
treewide: remove duplicates SystemCallFilters
 2021-05-17 12:06:06 +01:00
DavHau cd8f3e6c44 python3Packages.scikitlearn: rename to scikit-learn 2021-05-17 17:41:36 +07:00
Eelco Dolstra c3b27282d7
Merge pull request #123272 from kini/nixos/security.pki/pems-without-final-newline 
nixos/security.pki: handle PEMs w/o a final newline
 2021-05-17 11:14:03 +02:00
Richard Marko 16b0f07890 nixos/nginx: fix comment about acme postRun not running as root 
As of 67a5d66 this is no longer true, since acme postRun runs as root.
The idea of the service is good so reword a comment a bit.
 2021-05-17 18:03:04 +09:00
Richard Marko 7423afb5e4 nixos/molly-brown: fix description of certPath 
`allowKeysForGroup` is no longer available so this drops

```
security.acme.certs."example.com".allowKeysForGroup = true;
```

line. `SupplementaryGroups` should be enough for
allowing access to certificates.
 2021-05-17 18:03:04 +09:00
Richard Marko 29158fc0ac nixos/postgresql: fix description of ensureUsers.ensurePermissions 
`attrName` and `attrValue` are now in correct order.
 2021-05-17 18:03:04 +09:00
Jan Tojnar 354e005d6c nixos/dconf: fix d-bus activation 
dconf now supports autostarting the d-bus service using systemd's d-bus activation.

2781a86848

On NixOS, that requires making systemd aware of the package.

Fixes: https://github.com/NixOS/nixpkgs/issues/123265
 2021-05-17 09:46:07 +02:00
Evils 7641769055 nixos/fancontrol: back to running as root 
regular users don't have write access to /sys/devices
  which is where the kernel endpoints are to control fan speed
 2021-05-17 00:00:01 -07:00