Commit graph

21400 commits

Author SHA1 Message Date
Robert Hensing
4433ba90aa
Merge pull request #121927 from rissson/nixos-unbound-fix-top-level-include
nixos/unbound: allow list of strings in top-level settings option type
2021-05-08 22:00:57 +02:00
Marc 'risson' Schmitt
0340cd2abe
nixos/unbound: allow list of strings in top-level settings option type
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2021-05-08 19:55:17 +02:00
divanorama
b7dea9e494 nixosTests.systemd-confinement: fix script format
https://hydra.nixos.org/build/142591177/nixlog/30

ZHF: #122042
2021-05-08 10:05:15 -07:00
Aaron Andersen
9254b82706
Merge pull request #121746 from j0hax/monero-options
nixos/monero: add dataDir option
2021-05-08 11:43:49 -04:00
Robert Hensing
3cfb002b07
Merge pull request #122192 from roberth/docker-tools-stimulate-testing
dockerTools testing update
2021-05-08 15:53:17 +02:00
Robert Hensing
4035049af3 nixos/tests/docker-tools*: remove useless formatter 2021-05-08 15:03:20 +02:00
Robert Hensing
a67c97a5eb nixos/tests/docker-tools*: Add myself as maintainer where missing
I should have done this when I became maintainer for dockerTools,
but it's the PR reviews that matter.
2021-05-08 15:00:19 +02:00
Vladimír Čunát
080cd658ca
Merge #121780: treewide meta.maintainers tweaks 2021-05-08 10:47:08 +02:00
Gemini Lasswell
28f51d7757 nixos/yggdrasil: set directory permissions before writing keys
Remove the opportunity for someone to read the keys in between when
they are written and when the chmod is done.  Addresses #121293.
2021-05-08 09:49:19 +02:00
Jan Tojnar
468cb5980b gnome: rename from gnome3
Since GNOME version is now 40, it no longer makes sense to use the old attribute name.
2021-05-08 09:47:42 +02:00
Silvan Mosberger
08d94fd2b0
Merge pull request #114374 from oxalica/lib/platform-support-check
lib.meta: introduce `availableOn` to check package availability on given platform
2021-05-08 03:54:36 +02:00
Johannes Arnold
c0853b6e2c nixos/monero: use isSystemUser = true 2021-05-08 02:13:25 +02:00
Michele Guerini Rocco
4e4869b92b
Merge pull request #114745 from rnhmjoj/brltty
brltty: 6.1 -> 6.3; nixos/brltty: use upstream units
2021-05-07 23:35:57 +02:00
Domen Kožar
8ecb0344a0
Merge pull request #121720 from samueldr/feature/arm-stage-1-modules
installer images: Add available modules to stage-1 on ARM platforms
2021-05-07 22:01:09 +02:00
Evils
5ae90276c3 nixos/fancontrol: clean up module
set a group and user for the service
remove default null config
  it's required, now it throws an error pointing to the option

set myself (module author) as maintainer
2021-05-07 11:46:40 -07:00
Evils
3d043c6939 nixosTests.fancontrol: fix test
and set myself (module author) as maintainer
2021-05-07 11:46:40 -07:00
Robin Gloster
29e92116d1
Merge pull request #118037 from mayflower/privacy-extensions-configurable
nixos/network: allow configuring tempaddr for undeclared interfaces
2021-05-07 13:01:29 -05:00
ajs124
cd609e7a1c
Merge pull request #117094 from helsinki-systems/drop/spidermonkey_1_8_5
spidermonkey_1_8_5: drop
2021-05-07 18:55:49 +02:00
Robert Hensing
316b82563a
Merge pull request #121702 from hercules-ci/nixos-hercules-ci-agent-update
nixos/hercules-ci-agent: updates
2021-05-07 15:48:33 +02:00
Vladimír Čunát
9f054b5e1a
treewide: remove worldofpeace from meta.maintainers
(It was requested by them.)
I left one case due to fetching from their personal repo:
pkgs/desktops/pantheon/desktop/extra-elementary-contracts/default.nix
2021-05-07 15:36:40 +02:00
Linus Heckemann
47828e7dc0 nixos/manual: document IPv6 Privacy Extensions options 2021-05-07 13:55:11 +02:00
Jan Tojnar
9468b07326
Merge branch 'gnome-40' 2021-05-07 12:12:40 +02:00
Robert Hensing
0633b6aa74
Merge pull request #121870 from Pacman99/pass-specialargs
lib/modules: pass specialArgs to modules
2021-05-07 01:54:48 +02:00
Pacman99
87c659ab94 nixos/top-level: specialArgs to specialisations 2021-05-06 16:04:08 -07:00
Sander van der Burg
77295e7e6b nixos/disnix: configure the remote client by default, if multi-user mode has been enabled 2021-05-06 19:33:02 +02:00
Martin Weinelt
6a09bc4405
Merge pull request #121865 from mweinelt/home-assistant 2021-05-06 18:05:00 +02:00
Martin Weinelt
24adc01e2e
nixos/home-assistant: allow netlink sockets and /proc/net inspection
Since v2021.5.0 home-assistant uses the ifaddr library in the zeroconf
component to enumerate network interfaces via netlink. Since discovery
is all over the place lets allow AF_NETLINK unconditionally.

It also relies on pyroute2 now, which additionally tries to access files
in /proc/net, so we relax ProtectProc a bit by default as well.

This leaves us with these options unsecured:

✗ PrivateNetwork=                                             Service has access to the host's network                                                                 0.5
✗ RestrictAddressFamilies=~AF_(INET|INET6)                    Service may allocate Internet sockets                                                                    0.3
✗ DeviceAllow=                                                Service has a device ACL with some special devices                                                       0.1
✗ IPAddressDeny=                                              Service does not define an IP address allow list                                                         0.2
✗ PrivateDevices=                                             Service potentially has access to hardware devices                                                       0.2
✗ PrivateUsers=                                               Service has access to other users                                                                        0.2
✗ SystemCallFilter=~@resources                                System call allow list defined for service, and @resources is included (e.g. ioprio_set is allowed)      0.2
✗ RestrictAddressFamilies=~AF_NETLINK                         Service may allocate netlink sockets                                                                     0.1
✗ RootDirectory=/RootImage=                                   Service runs within the host's root directory                                                            0.1
✗ SupplementaryGroups=                                        Service runs with supplementary groups                                                                   0.1
✗ RestrictAddressFamilies=~AF_UNIX                            Service may allocate local sockets                                                                       0.1
✗ ProcSubset=                                                 Service has full access to non-process /proc files (/proc subset=)                                       0.1

→ Overall exposure level for home-assistant.service: 1.6 OK 🙂
2021-05-06 16:55:53 +02:00
Jörg Thalheim
4e783a4cb7
Merge pull request #121724 from Izorkin/update-netdata
netdata: 1.29.3 -> 1.30.1
2021-05-06 14:58:33 +01:00
Maximilian Bosch
a50b9e6c23
Merge pull request #113716 from Ma27/wpa_multiple
wpa_supplicant: allow both imperative and declarative networks
2021-05-06 11:01:35 +02:00
Simon Thoby
1bdda029cd nixos/services/torrent/transmission.nix: add a missing apparmor rule
libbrotli wasn't listed as a dependency for the AppArmor profile of the transmission-daemon binary.
As a result, transmission wouldn't run and would fail, logging this audit message to dmesg:
audit[11595]: AVC apparmor=DENIED operation=open profile=/nix/store/08i1rmakmnpwyxpvp0sfc5hcm106am7w-transmission-3.00/bin/transmission-daemon name=/proc/11595/environ pid=11595 comm=transmission-da requested_mask=r denied_mask=r fsuid=70 ouid=70
2021-05-05 22:47:52 +02:00
Jan Tojnar
878abc6488
nixos/gnome3: Install GNOME Tour
It will be run after startup.
2021-05-05 22:43:02 +02:00
Jan Tojnar
316928e8c1
nixos/gnome3: Enable power-profiles-daemon
GNOME 40 added support for it in Control Center.
2021-05-05 22:43:01 +02:00
Jan Tojnar
49ae2e4c26
gnome3.gnome-getting-started-docs: drop
It has been retired

https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/353
2021-05-05 22:43:01 +02:00
Jan Tojnar
913123f3b1
rl-2105: Mention GNOME 40 2021-05-05 22:42:58 +02:00
Jan Tojnar
d2e141e412
gnome3.gdm: 3.38.2.1 → 40.0 2021-05-05 22:42:32 +02:00
Jan Tojnar
941b15b003
librsvg: register installed tests 2021-05-05 22:20:22 +02:00
Izorkin
53651179b9
nixos/netdata: update capabilities 2021-05-05 20:46:07 +03:00
Michael Weiss
ff5fdec093
Merge pull request #121437 from primeos/nixos-tests-sway
nixos/tests/sway: init
2021-05-05 13:52:51 +02:00
Robert Hensing
ce93c98ce2
Merge pull request #99132 from Infinisil/recursive-type-deprecation
Recursive type deprecation
2021-05-05 11:13:37 +02:00
Ben Siraphob
a913f3ff49 nixos/tests/wmderland: remove stdenv.lib 2021-05-05 01:43:05 -04:00
Silvan Mosberger
0a377f11a5 nixos/treewide: Remove usages of deprecated types.string 2021-05-05 03:31:41 +02:00
Samuel Dionne-Riel
1cb977c858 sd-image: Rely on profiles/all-hardware.nix
This ensures that SD images and UEFI installers don't drift in
compatibility with regards to early initrd.
2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
cb9b46a3cd profiles/all-hardware.nix: Add vc4 for broadcom hardware
Namely, early KMS on raspberry pi
2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
f5b7687d26 profiles/all-hardware.nix: Share some config for all ARM 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
14ac6de024 profiles/all-hardware.nix: Fix for arvmv7l-linux 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
82625705c6 profiles/all-hardware.nix: Add analogix-dp
While it's being brought in implicitly by the other analogix driver,
let's be explicit, in case things change.
2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
9fa3e2c2a3 profiles/all-hardware.nix: Add regulator needed for rockchip
But not exclusive to rockchip
2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
535d463cf9 profiles/all-hardware.nix: Add rockchip modules 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
70205bd13c profiles/all-hardware.nix: Add support for Raspberry Pi 4 USB 2021-05-04 19:42:13 -04:00
Samuel Dionne-Riel
a846d19831 profiles/all-hardware.nix: Add power regulator modules
This is used on some allwinner platforms, and is a weak dependency for
USB to work.
2021-05-04 19:42:12 -04:00