Commit graph

31993 commits

Author SHA1 Message Date
Linus Heckemann eb45cd5108 nixos/top-level: add includeBuildDependencies option
This option allows adding the build closure of the system to its
runtime closure, enabling fully-offline rebuilds (as long as no new
packages are added).
2023-03-14 11:55:13 +01:00
Jon Seager cad6488509
nixos/multipass: typo s/SyslogIdentifer/SyslogIdentifier/ 2023-02-28 10:45:38 +00:00
zowoq 2ab049a5c7 nixos/tests/podman: add zfs to rootful test 2023-02-28 18:08:29 +10:00
zowoq 48642c634e podman: remove wrapper
trying to get all of the podman functionality to work with the wrapper
 is becoming more complicated with each release, it isn't sustainable

removing the wrapper does mean that using extraPackages will need to build from source

- remove unnecessary serviceConfig overrides

- set HELPER_BINARIES_DIR to libexec/podman

- use install.bin target on linux for podman/tmpfiles
  - also installs quadlet/rootlessport in libexec

- symlink binaries from helpersBin into HELPER_BINARIES_DIR

- remove unnecessary rootlessport output

- remove unnecessary substituteInPlace
2023-02-28 18:08:29 +10:00
zowoq ce07d44ca9 Revert "nixos/release: disable nfs3.simple"
This reverts commit 6a28e4887c.
2023-02-28 10:30:28 +10:00
zowoq ae671e1b91 Revert "nixos/release: disable nfs3.simple"
This reverts commit 5682853027.
2023-02-28 10:30:28 +10:00
Luke Granger-Brown 997d8d5870
Merge pull request #218618 from dali99/headscale-openid
nixos/headscale: update oidc options
2023-02-28 00:21:04 +00:00
Robert Schütz be55739ebb
Merge pull request #218025 from MrFreezeex/protonbridge-update
protonmail-bridge: 2.3.0 -> 3.0.18
2023-02-27 14:57:12 -08:00
Will Fancher ace4d26ccc
Merge pull request #217887 from lilyinstarlight/fix/allow-overriding-systemd-initrd-bins
nixos/systemd-initrd: allow overriding initrdBin with extraBin
2023-02-27 17:43:30 -05:00
Robert Scott 3a3d4c8bd2
Merge pull request #217902 from LeSuisse/haproxy-CVE-2023-25725
haproxy: 2.7.2 -> 2.7.3
2023-02-27 21:39:38 +00:00
Stefan Frijters 2af041ab44 nixos/gitlab-runner: do not pull in Docker if gitlab-runner-clear-docker-cache is disabled
Only create the service if the option is enabled and if any docker executors exist.
2023-02-27 22:24:14 +01:00
Robert Hensing 692a1033ff
Merge pull request #218365 from winterqt/revert-static-gid-migration
Revert systemd-coredump and polkit static GIDs
2023-02-27 20:16:57 +01:00
Eelco Dolstra 056b679c35 nix-fallback-paths.nix: Update to 2.13.3 2023-02-27 10:40:18 -08:00
Luke Granger-Brown f43347d8a3
Merge pull request #214346 from SFrijters/postfix-ipv4
nixos/postfix: restrict inet_protocols to ipv4 when ipv6 is disabled
2023-02-27 18:24:53 +00:00
Cabia Rangris f8b026c478
Merge pull request #218637 from Luflosi/klipper-fix-typo
nixos/klipper: fix assert message to match actual assertion
2023-02-27 21:17:18 +04:00
Thomas Gerbet 43e79015bf nixos/tests/haproxy: stop using nixos/profiles/minimal
The defaults conflicts with the defaults of `services.httpd`:
```
error: The option `nodes.machine.services.logrotate.enable' has conflicting definition values:
       - In `/home/thomas/Workspace/Packaging/nixpkgs/nixos/modules/profiles/minimal.nix': false
       - In `/home/thomas/Workspace/Packaging/nixpkgs/nixos/modules/services/web-servers/apache-httpd/default.nix': true
       Use `lib.mkForce value` or `lib.mkDefault value` to change the priority on any of these definitions.
(use '--show-trace' to show detailed location information)
```

`nixos/profile/minimal` is not used in the majority of the tests and it does not
seem to have a specific reason to use it for the HAProxy test.
2023-02-27 17:56:56 +01:00
Soner Sayakci ff7dfcba57 nixos/opensearch: fix opensearch startup 2023-02-27 16:07:12 +00:00
Luflosi 2378d1a214
nixos/klipper: fix assert message to match actual assertion
This error was introduced in 849c40b5f5.
2023-02-27 17:04:48 +01:00
Daniel Olsen ea31ef91af nixos/headscale: update oidc options 2023-02-27 15:17:16 +01:00
Riley c713217380
nixos/k3s: add environmentFile as an option
* k3s: add environmentFile option

Enabling to include secrets through configuration such as 'sops'

* Update nixos/doc/manual/release-notes/rl-2305.section.md

Co-authored-by: Jairo Llopis <973709+yajo@users.noreply.github.com>
2023-02-27 08:15:25 -03:00
Nick Cao 50302bbfc7
Merge pull request #218386 from dotlambda/txredisapi-python3
nixos/tests/txredisapi: stop using python38
2023-02-27 14:47:25 +08:00
schnusch bbc988ba00 nixos/matrix-synapse: fix .well-known delegation of federated traffic
Synapse is reverse-proxied on ${fqdn} not ${config.networking.domain} and
the .well-known delegation info must point to the domain on which synapse
is hosted, see https://matrix-org.github.io/synapse/latest/delegate.html
2023-02-27 02:02:35 +01:00
Robert Schütz 9e1d4dff3e nixos/openvpn: use writeShellScript
Previously the upScript would fail with

    Syntax error: "(" unexpected (expecting "done")

on line 7 if /bin/sh is not bash.
2023-02-26 10:12:28 -08:00
Aaron Andersen d8c0a9204a
Merge pull request #217834 from yaxitech/gh-runner-workdir-clean
nixos/github-runners: clean `workDir` as root
2023-02-26 08:05:05 -05:00
Vladimír Čunát 30e272bc04
Merge #216499: staging-next 2023-02-15 2023-02-26 10:11:50 +01:00
happysalada 8872f52732 qdrant: service module init 2023-02-26 01:33:15 -05:00
github-actions[bot] 399e2c78d4
Merge master into staging-next 2023-02-26 06:01:09 +00:00
Robert Schütz 9a8272bd01 nixos/tests/txredisapi: stop using python38 2023-02-25 21:32:15 -08:00
Winter ee6517a915 Revert "nixos/polkit: guard static gid for polkituser behind state version"
This reverts commit 2265160fc0 and
e56db577a1.

Ideally, we shouldn't cause friction for users that bump `stateVersion`,
and I'd consider having to switch and/or manually hardcode a UID/GID
to supress the warning friction. I think it'd be more beneficial to, in
this rare case of an ID being missed, just let it be until more
discussion happens surrounding this overall issue.

See https://github.com/NixOS/nixpkgs/pull/217785 for more context.
2023-02-25 22:32:16 -05:00
Winter 15f1369b95 Revert "nixos/systemd-coredump: guard static gid for systemd-coredump behind state version"
This reverts commits f5483464d5 and
6b9583e5e1.

Ideally, we shouldn't cause friction for users that bump `stateVersion`,
and I'd consider having to switch and/or manually hardcode a UID/GID
to supress the warning friction. I think it'd be more beneficial to, in
this rare case of an ID being missed, just let it be until more
discussion happens surrounding this overall issue.

See https://github.com/NixOS/nixpkgs/pull/217785 for more context.
2023-02-25 22:31:56 -05:00
Anselm Schüler 9769e90233 lib/options: Add more options to mkPackageOption 2023-02-26 03:00:22 +01:00
Nick Cao e0bf055d99
Merge pull request #217785 from NickCao/ugid
nixos/{polkit,systemd-coredump}: guard static gid behind state version
2023-02-26 09:44:56 +08:00
github-actions[bot] 348549a031
Merge master into staging-next 2023-02-26 00:02:44 +00:00
Lily Foster c56e5ef801 nixos/users-groups: update option description to clarify initial* option precedence 2023-02-25 14:27:35 -05:00
Lily Foster 5508000ddf nixos/tests/shadow: ensure hashedPassword takes precedence over initialHashedPassword 2023-02-25 14:27:35 -05:00
Lily Foster bfa0bff644 nixos/update-users-groups: let hashedPassword take precedence over initialHashedPassword
Without this change, users that have both `initialHashedPassword` and
`hashedPassword` set will have `initialHashedPassword` take precedence,
but only for the first time `/etc/passwd` is generated. After that,
`hashedPassword` takes precedence. This is surprising behavior as it
would generally be expected for `hashedPassword` to win if both are set.

This wouldn't be a noticeable problem (and an assert could just be made
instead) if the users-groups module did not default the
`root.intialHashedPassword` value to `!`, to prevent login by default.
That means that users who set `root.hashedPassword` and use an ephemeral
rootfs (i.e. `/etc/passwd` is created every boot) are not able to log in
to the root account by default, unless they switch to a new generation
during the same boot (i.e. `/etc/passwd` already exists and
`hashedPassword` is used instead of `initialHashedPassword`) or they set
`root.initialHashedPassword = null` (which is unintuitive and seems
redundant).
2023-02-25 14:27:35 -05:00
pennae 5dce130d1c nixos/tests/unifi: inherit allowUnfree into test node
mongodb is unfree, so the test won't run without this. we already allow
unfree to grab the unifi packages, so it's not even a big change.
2023-02-25 19:12:08 +01:00
Florian Klink 4ed9534f12
Merge pull request #217942 from lilyinstarlight/fix/nixos-test-systemd-initrd-shutdown
nixos/tests/systemd-shutdown: ensure systemd-initrd variant actually enables it
2023-02-25 19:02:53 +01:00
github-actions[bot] 52a11b56f9
Merge master into staging-next 2023-02-25 18:01:03 +00:00
Benjamin Asbach 546f356db6 remove myself as maintainer for now as I switched to another distro 2023-02-25 18:56:02 +01:00
github-actions[bot] ffa8788cc6
Merge master into staging-next 2023-02-25 06:01:20 +00:00
Nick Cao eb03dde70d
Merge pull request #217890 from IndeedNotJames/nixos-tests-gitea
nixos/tests/gitea: open up test for forgejo
2023-02-25 09:55:43 +08:00
Arthur Outhenin-Chalandre 47782b16c5
protonmail-bridge: 2.3.0 -> 3.0.18
Update protonmail-bridge to v3. This also rename the CLI executable from
protonmail-bridge to bridge to be more in line with upstream naming.

Co-authored-by: James Landrein <github@j4m3s.eu>
Signed-off-by: Arthur Outhenin-Chalandre <arthur.outhenin-chalandre@proton.ch>
2023-02-25 01:41:39 +01:00
github-actions[bot] 78fc07ec20
Merge master into staging-next 2023-02-25 00:02:47 +00:00
superherointj 371c7b8239
Merge pull request #217718 from Kiskae/nvidia/unbreak-6.2
linuxPackages_6_2.nvidia_x11: disable ibt
2023-02-24 17:46:26 -03:00
github-actions[bot] 2384cd723b
Merge master into staging-next 2023-02-24 12:01:20 +00:00
Sandro 83b8193be9
Merge pull request #201780 from helsinki-systems/init/nextcloud-notify-push
nextcloud-notify-push: init at 0.5.0
2023-02-24 12:10:02 +01:00
IndeedNotJames 1b304e1dbc
forgejo: use existing nixos/tests/gitea as test
forgejo is a soft-fork of gitea and gitea's existing tests work great
with forgejo.
At least for now, as this could change, though somewhat unlikely.
2023-02-24 02:59:30 +01:00
IndeedNotJames 889eb7a315
nixos/tests/gitea: add indeednotjames as maintainer
Mostly, because I (@IndeedNotJames) made a slight change to those tests and intend on
extending them in the future.
2023-02-24 02:59:30 +01:00
IndeedNotJames 7d05a6a910
nixos/tests/gitea: make gitea package configurable
This allows the same tests to be used for forgejo, a soft-fork of
gitea, which currently does not have any tests.
2023-02-24 02:59:30 +01:00