b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
397236 commits 2 branches 0 tags 3.3 GiB
Commit graph

28349 commits

Author SHA1 Message Date
github-actions[bot] 1071ab374f
Merge master into staging-next 2022-07-26 18:01:32 +00:00
Sandro 7206899cbf
nixos/i18n: add en_US.UTF-8 to default locales 
Closes #182798
 2022-07-26 14:50:02 +02:00
github-actions[bot] 8aaeccd647
Merge master into staging-next 2022-07-26 06:02:16 +00:00
Bernardo Meurer 1cfb6dab0f
Merge pull request #182789 from talyz/sshd-dont-delete-symlinks 
sshd: Don't remove symlinks to host key files
 2022-07-25 21:51:46 -07:00
Bjørn Forsman 9b6965dcfc nixos: add lighttpd test 2022-07-26 04:45:03 +02:00
Jared Baur 777e914c20 nixos/systemd.network: Add RequiredFamilyForOnline to linkConfig 
While writing a configuration, I found a usage for this field and
noticed it was missing when building the configuration.
 2022-07-26 04:11:33 +02:00
Stig 550aaf8c96
Merge pull request #182379 from stigtsp/fix/pam-u2f-cue 
nixos/security/pam: fix u2f options leakage
 2022-07-26 03:19:01 +02:00
github-actions[bot] 19fd1d7e90
Merge master into staging-next 2022-07-26 00:02:26 +00:00
ajs124 66e9ea4827
Merge pull request #180008 from Luflosi/skip-fsck-for-bind-mount 2022-07-25 23:56:12 +02:00
Winter c4665307de
Merge pull request #180148 from Luflosi/nginx-fix-listenAddresses-example 
nixos/nginx: fix broken listenAddresses example
 2022-07-25 17:47:00 -04:00
Guillaume Girol 063996d291
Merge pull request #182233 from symphorien/doc-iso-branch 
nixos/doc: don't advise to build master
 2022-07-25 20:48:49 +00:00
github-actions[bot] db04e3c143
Merge master into staging-next 2022-07-25 18:01:19 +00:00
Lin Jian b6617bb594
nixos/kanata: init 2022-07-26 00:06:48 +08:00
Kevin Cox 6efae3d6a9
Merge pull request #118093 from stuebinm/nextcloud-secrets 
nixos/nextcloud: add extraOptions and secretFile options
 2022-07-25 11:29:11 -04:00
github-actions[bot] ded08eff9c
Merge master into staging-next 2022-07-25 12:01:46 +00:00
Guillaume Girol 5eb63756ca rephrase nixos installation doc 
systemd-boot is not the only option, even though it "just works" better.
 2022-07-25 12:00:00 +00:00
Maximilian Bosch f923f5b9aa
Merge pull request #182456 from mayflower/crowd-secrets 
nixos/crowd: store openid password securely
 2022-07-25 12:02:57 +02:00
github-actions[bot] e706db2a81
Merge master into staging-next 2022-07-25 00:02:44 +00:00
Mario Rodas f97827178e
Merge pull request #181021 from melvyn2/patch-1 
Add `bash` to netdata service path
 2022-07-24 16:12:07 -05:00
Vladimír Čunát 687d59d7e6
Merge branch 'master' into staging-next 2022-07-24 22:27:27 +02:00
Sandro 8f89704410
Merge pull request #182648 from SuperSandro2000/hedgedoc-module 
nixos/hedgedoc: improve ldap settings
 2022-07-24 16:33:11 +02:00
github-actions[bot] 21a6aafb7d
Merge master into staging-next 2022-07-24 12:01:21 +00:00
pennae ff56c775c8
Merge pull request #182098 from pennae/option-doc-md 
convert some varlists in option docs to MD
 2022-07-24 13:14:40 +02:00
pennae 5bf55a4ad5 nixos/virtualization: invariant option docs MD conversions 2022-07-24 13:01:47 +02:00
pennae b115622f4b nixos/tasks: invariant option docs MD conversions 2022-07-24 13:01:47 +02:00
pennae 860a0449ce nixos/system: invariant option docs MD conversions 2022-07-24 13:01:47 +02:00
pennae cbc44d68a7 nixos/security: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae da37ca6760 nixos/programs: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae 4f91838584 nixos/misc: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae 4ba72f8615 nixos/installer: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae 77d56dfc22 nixos/i18n: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae 4dd84a34db nixos/hardware: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
pennae 8a79dfd94a nixos/config: invariant option docs MD conversions 2022-07-24 13:01:18 +02:00
Michael Weiss a4c8c46831
Merge pull request #182508 from primeos/signal-desktop 
nixos/tests/signal-desktop: Fix the sqlite3 part of the test (regressed)
 2022-07-24 12:27:38 +02:00
Felix Buehler 17e93b090e services.murmur: add openFirewall option 2022-07-24 10:32:37 +02:00
Vladimír Čunát 4ba8bc7d40
Merge branch 'master' into staging-next 2022-07-24 09:44:09 +02:00
Sandro Jäckel 98f180b0e3
nixos/hedgedoc: set good default for ldap.tlsca 2022-07-24 04:08:18 +02:00
Sandro Jäckel 1a7f6b4070
nixos/hedgedoc: do not require to set searchAttributes when ldap login is used 2022-07-24 04:08:18 +02:00
kilianar 2133278f96 nixosTests.podgrab: fix failing test 
defaultPort and customPort aren't python variables causing the test to
fail. We instead use the nix variables with string interpolation.
 2022-07-23 17:19:01 +02:00
github-actions[bot] 6629a2339e
Merge master into staging-next 2022-07-23 12:01:31 +00:00
Bjørn Forsman 65399c4742 nixos/syncthing: don't leak the secret API key in process listings 2022-07-23 13:59:11 +02:00
Bjørn Forsman 16108ff74a nixos/jenkins-job-builder: set serviceConfig.Type = "oneshot" 
This change allows detecting configuration errors during
switch-to-configuration instead of them being reported asynchronously
*after* switch-to-configuration has exited.

(And update the NixOS test accordingly.)
 2022-07-23 13:30:53 +02:00
Nick Cao f1a08f54f0
nixos/mautrix-telegram: add lottieconverter to path 2022-07-23 16:43:39 +08:00
github-actions[bot] 1ce437589a
Merge master into staging-next 2022-07-23 06:01:20 +00:00
Bernardo Meurer 836af9c15e nixos/hqplayerd: allow GPU acceleration 2022-07-22 21:21:46 -07:00
Bernardo Meurer d66f766cac nixos/roon-server: fix openFirewall 2022-07-22 21:20:50 -07:00
Dan Callaghan 133ebbe46a
nixos/sssd: add an option to enable KCM support 2022-07-23 10:14:09 +10:00
Shamrock Lee c25543b554 wineWowPackages: default mainProgram to "wine64" 2022-07-22 22:45:44 +00:00
Michael Weiss 59de06d093
nixos/tests/signal-desktop: Fix the sqlite3 part of the test (regressed) 
Due to recent changes (likely a sqlite3 update) the sqlite3 meta-command
did suddenly succeed while sqlite3 is still unable to read the still
encrypted database. It just prints the following output and doesn't
seem to try to open/read the DB (which would fail):
```
main: /home/alice/.config/Signal/sql/db.sqlite r/w
```

We can simply fix this "regression" by instructing sqlite3 to list the tables
in the database (which fails because it cannot read the encrypted DB):
```
machine: must fail: su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables'
machine # [   47.036720] su[1178]: Successful su for alice by root
machine # [   47.041049] su[1178]: pam_unix(su:session): session opened for user alice(uid=1000) by (uid=0)
machine # Error: file is not a database
machine # [   47.116070] su[1178]: pam_unix(su:session): session closed for user alice
(finished: must fail: su - alice -c 'sqlite3 ~/.config/Signal/sql/db.sqlite .tables', in 0.12 seconds)
```

Fix #181463.
 2022-07-22 23:42:55 +02:00
Artturin 6789222b1c Merge branch 'master' into staging-next 2022-07-22 18:23:16 +03:00
Jörg Thalheim 8807057296 nixos/openldap: drop myself as maintainer 2022-07-22 16:54:13 +02:00
Sandro 8455ba6d64
Merge pull request #181258 from SuperSandro2000/onlyoffice 2022-07-22 16:28:13 +02:00
Martin Weinelt b5e4c14806 Merge remote-tracking branch 'origin/master' into staging-next 2022-07-22 14:56:01 +02:00
pennae e4d4b3cd64
Merge pull request #182441 from leungbk/lemmy-whitespace 
services/web-apps/lemmy.nix: Remove space that causes a type error
 2022-07-22 14:30:23 +02:00
Maximilian Bosch 200ce70e63
Merge pull request #180603 from m-bdf/substitute-nix-instantiate 
nixos-generate-config: substitute nix-instantiate
 2022-07-22 14:22:52 +02:00
Maximilian Bosch 779853b52b
Merge pull request #182413 from NetaliDev/pam-mount-fix-refactor 
nixos/pam: refactor pam_mount unmounting fix
 2022-07-22 14:05:44 +02:00
github-actions[bot] a3ba713cd4
Merge master into staging-next 2022-07-22 12:01:35 +00:00
Maximilian Bosch ee2413c326
nixos/crowd: store openid password securely 2022-07-22 13:13:12 +02:00
Maximilian Bosch 1f6910b7dd
Merge pull request #182267 from mayflower/confluence-secrets 
nixos/confluence: store crowd SSO password securely
 2022-07-22 13:12:17 +02:00
Maximilian Bosch 85231bbd6e
Merge pull request #182261 from mayflower/mailman-rest-api-pass-file 
nixos/mailman: don't leak MAILMAN_REST_API_PASS into the store
 2022-07-22 13:11:37 +02:00
Ilan Joselevich d0617a58e2
services/web-apps/lemmy.nix: Remove space that causes a type error 2022-07-22 01:19:28 -07:00
Florian Klink 7c119675a3
Merge pull request #179002 from klemensn/move-passwdEntry-type 
move passwdEntry type
 2022-07-22 14:16:57 +07:00
Netali 93132dc09c
nixos/pam: refactor pam_mount unmounting fix 2022-07-22 04:17:14 +02:00
github-actions[bot] d44e369b44
Merge master into staging-next 2022-07-22 00:02:40 +00:00
Martin Weinelt fa8de76521
Revert "openldap: load client config from /etc, not the nix store" 2022-07-22 00:29:21 +02:00
Martin Weinelt b435482234
Merge pull request #182080 from danc86/openldap-sysconfdir 2022-07-22 00:28:49 +02:00
Stig Palmquist d07f3037e2
nixos/security/pam: fix u2f options leakage 
Fix bug where pam_u2f options would be partially included in other pam.d
files if the module was enable for specific services, resulting in
broken configuration.
 2022-07-21 23:14:09 +02:00
Sandro 98b4daa994
Merge pull request #181881 from SuperSandro2000/searx 2022-07-21 22:39:48 +02:00
Sandro f7f8721b1e
Merge pull request #162689 from astro/glusterfs 
nixos/glusterfs: exclude hook "S10selinux-label-brick.sh"
 2022-07-21 22:15:00 +02:00
Lassulus bcd7e09db0
Merge pull request #182204 from helsinki-systems/upd/vdo 
(k)vdo: 8.1.1.360 -> 8.2.0.2
 2022-07-21 21:46:27 +02:00
Sofi e2b34f0f11
nixos/minecraft-server: let server shutdown cleanly (#182149) 2022-07-21 15:05:43 -04:00
github-actions[bot] a92f7ed60a
Merge staging-next into staging 2022-07-21 18:02:00 +00:00
talyz ddf8182d5b
sshd: Don't remove symlinks to host key files 
If a host key file is a symlink pointing to an as of yet non-existent
file, we don't want to remove it, but instead follow the symlink and
create the file at that location.

See https://github.com/nix-community/impermanence/issues/101 for more
information on the issue the original behavior creates.
 2022-07-21 19:15:04 +02:00
Timothy DeHerrera e8c3d13d00
Merge pull request #181674 from nrdxp/nvidia-udev 
nvidia: improve robustness of udev rules
 2022-07-21 09:00:47 -07:00
Jacek Galowicz 8429701cbf
Merge pull request #182324 from snpschaaf/testdriver-vde-hub-mode 
use vde switch in hubmode by default
 2022-07-21 17:48:15 +02:00
Philippe Schaaf 5ae6580474 add hub mode comment 
Signed-off-by: Philippe Schaaf <philippe.schaaf@secunet.com>
 2022-07-21 16:34:09 +02:00
Philippe Schaaf df52d556bb wip: add vlan-ping test 
Signed-off-by: Philippe Schaaf <philippe.schaaf@secunet.com>
 2022-07-21 16:19:20 +02:00
Vincent Haupert 539b61ea37 nixos/github-runner: fix capset syscall filtering 
capset(2) is a single system call, not a set of multiple system calls.
 2022-07-21 16:08:15 +02:00
Philippe Schaaf f6a290932e use vde switch in hubmode by default 
Within a dual VM test-setup a strange behaviour was observed.
The two VMs are connected via one vde_switch instance
(instancevirtualisation.vlans = [ 1 ]; IMO a bad attribute name for
switch instances, has nothing to do with VLANs in sense of 802.1Q).

A ping on the base interface (eth1) works, but not on VLAN
subinterfaces (vlan1@eth1). A tcpdump of eth1 includes the ARP requests
tagged with the subinterfaces VLAN ID, but responses seems not to pass
the vde_switch. This works fine if performed on the base interface.

Putting the vde_switch in hub mode results in flooding
traffic to all vde_switch ports. This results in a expected behaviour
and a ping on a VLAN subinterface works as expected.

Signed-off-by: Philippe Schaaf <philippe.schaaf@secunet.com>
 2022-07-21 11:38:03 +02:00
github-actions[bot] f09c360345
Merge staging-next into staging 2022-07-21 00:03:40 +00:00
Maximilian Bosch 258060c37d
nixos/confluence: store crowd SSO password securely 
Basically the same as the JIRA change[1], but I figured that we can
actually implement that in a backwards compatible manner.

[1] https://github.com/NixOS/nixpkgs/pull/181715
 2022-07-20 23:11:53 +02:00
Maximilian Bosch db9937b578
nixos/mailman: don't leak MAILMAN_REST_API_PASS into the store 2022-07-20 22:23:54 +02:00
Maximilian Bosch 501bbad4ce
Merge pull request #182104 from mayflower/mail-exporter-secrets 
nixos/prometheus-mail-exporter: support storing `passphrase` outside of the store, use umask when using envsubst
 2022-07-20 20:42:14 +02:00
Maximilian Bosch 92bd77e85e
nixos/prometheus-mail-exporter: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch 590e60d124
nixos/mxisd: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch 81add6600c
nixos/privacyidea-ldap-proxy: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
ajs124 c386f8658b (k)vdo: 8.1.1.360 -> 8.2.0.2 2022-07-20 15:00:53 +02:00
Guillaume Girol b996269988 nixos/doc: don't advise to build master 2022-07-20 12:00:00 +00:00
github-actions[bot] 9c32c81a99
Merge staging-next into staging 2022-07-20 06:02:01 +00:00
Winter fa9030465e
Merge pull request #182126 from pbsds/polaris-os-24 
nixos/tests/polaris: fix type check fail
 2022-07-20 00:24:05 -04:00
Peder Bergebakken Sundt b81c81be13 nixos/tests/polaris: fix type check fail 
This test was introduced in a PR predating typechecking, but got merged afterwards.
 2022-07-19 21:12:14 +02:00
github-actions[bot] 49299f66ad
Merge staging-next into staging 2022-07-19 18:02:05 +00:00
kilianar a3c5c5eec4 nixosTests.airsonic: fix failure (type error) 
airsonic_is_up should return a bool, but machine.succeed returns a
string causing testScriptWithTypes to fail. This is fixed by executing
the cmd with machine.execute and checking the status code.
 2022-07-19 19:05:20 +02:00
Maximilian Bosch 39c0694709
nixos/prometheus-mail-exporter: support storing passphrase outside of the store 2022-07-19 17:32:08 +02:00
pennae 7388711363 nixos/resolved: convert option docs to MD 2022-07-19 16:23:57 +02:00
pennae 3fdde45825 nixos/oci-containers: convert option docs to MD 
no changes to the manpages, no rendering changes to the html manual
 2022-07-19 16:23:57 +02:00
pennae 875acd1c2b nixos/qt5: convert option docs to MD 
changing a varlist to an md list changes the rendering slightly.
 2022-07-19 16:23:56 +02:00
Dan Callaghan be2175dc94
openldap: load client config from /etc, not the nix store 
We want Openldap clients to load /etc/ldap.conf at runtime, not
${pkgs.openldap}/etc/ldap.conf which is always a sample config.

Pass sysconfdir=/etc at compile time, so that /etc/krb5.conf is embedded
in the library as the path of its config file.

Pass sysconfdir=${out}/etc at install time, so that the sample configs
and schema files are correctly included in the build output.

This hack works because the Makefiles are not smart enough to notice
that the sysconfdir variable has changed across invocations -- because
nobody ever writes their Makefiles to be that smart. :-)

Fixes #181937.
 2022-07-19 22:32:45 +10:00
github-actions[bot] f0d5e4f5ad
Merge staging-next into staging 2022-07-19 12:02:34 +00:00
github-actions[bot] cfe78489c9
Merge master into staging-next 2022-07-19 12:01:43 +00:00