Commit graph

25202 commits

Author SHA1 Message Date
Michael Weiss
297cb6514f
Merge pull request #153741 from primeos/nixos-tests-tinywl
nixos/tests/tinywl: init
2022-01-14 23:45:54 +01:00
lassulus
6b55249a5d nixos/tests/ergochat: init 2022-01-14 23:33:23 +01:00
lassulus
eaf8890a6c nixos/ergochat: init 2022-01-14 23:33:23 +01:00
Andreas Rammhold
4369bebd9a
nixos/tests: remove broken prosody-mysql test
The test has been broken for some time and the test errors are
non-obvious. None of the current maintainers know how to fix it so it is
better to get rid of it then to keep a continously failing test.
2022-01-14 22:26:16 +01:00
Robert Hensing
8a552994d8 nixos/build-vm.nix: Fix docs eval
Quick fix. Might be possible to provide `extendModules`?
2022-01-14 19:17:11 +01:00
Robert Hensing
2bf5958169
Merge pull request #151082 from hercules-ci/nixos-cleanup-vmWithBootLoader
nixos: turn vmWithBootLoader into option (`nixos-rebuild build-vm`)
2022-01-14 18:49:27 +01:00
CRTified
cbbabaddf9 nixos/adguardhome: Fix #154775 by checking for settings 2022-01-14 01:54:41 +01:00
piegames
d9172e7a1a fixup! nixos/heisenbridge: Improve hardening 2022-01-13 23:33:23 +01:00
Jörg Thalheim
dfdf225a98
Merge pull request #154550 from veehaitch/sgx-compat-udev
nixos/intel-sgx: add option for Intel SGX DCAP compatibility
2022-01-13 14:55:08 +00:00
piegames
4b165e7675 nixos/heisenbridge: Fix/improve enable option description
See https://github.com/NixOS/nixpkgs/pull/154831#discussion_r783858597 for context
2022-01-13 13:28:31 +01:00
piegames
854a65fd47 nixos/heisenbridge: Improve hardening
Systemd score is "1.6 OK 🙂"
2022-01-13 13:28:03 +01:00
adisbladis
4271f3728e
Merge pull request #154831 from adisbladis/heisenbridge-modules-list
nixos/heisenbridge: Add to modules-list.nix
2022-01-13 23:21:53 +12:00
Michele Guerini Rocco
d516b7f14f
Merge pull request #154538 from rnhmjoj/pr-mpd-units
nixos/mpd: use upstream units
2022-01-13 10:33:58 +01:00
Daniel Thwaites
7dc24c0923
nixos/starship: use expect for testing
Accidentally reverted this while fixing merge conflicts on #149423.
2022-01-13 07:56:52 +00:00
pennae
466cb747c8
Merge pull request #150408 from Enzime/systemd-boot-extra-entries
nixos/systemd-boot: Add `extraEntries` and `extraFiles` options
2022-01-13 07:15:05 +00:00
adisbladis
72908cb5a8 services.heisenbridge: Don't use lt/gt signs in mkEnableOption
It breaks the XML manual generation.
2022-01-13 13:38:24 +12:00
adisbladis
191ba295e6 nixos/heisenbridge: Add to modules-list.nix
It seems to have been forgotten in #142758.
2022-01-13 13:30:41 +12:00
zowoq
9917a5cf11 nixos/tests/systemd-networkd-vrf: move disabled check inline 2022-01-13 09:21:38 +10:00
0x4A6F
1e0d877e1d
Merge pull request #151946 from mweinelt/frr
frr: init at 8.1; libyang: init at 2.0.112
2022-01-12 20:51:12 +01:00
Daniel Thwaites
f366ae6429
nixos/starship: add a test 2022-01-12 15:47:15 +00:00
Daniel Thwaites
3f1ef8fe14
nixos/starship: init 2022-01-12 15:47:08 +00:00
adisbladis
02d732d2e4
Merge pull request #154742 from 06kellyjac/docbookrx
docbookrx: drop
2022-01-13 02:20:53 +12:00
Alyssa Ross
5c8ddfd0b5 nixos/stage-1: update udev.log_level name in docs
I was confused why I couldn't find a mention of udev.log_priority in
systemd-udevd.service(8).  It turns out that it was renamed[1] to
udev.log_level.  The old name is still accepted, but it'll avoid
further confusion if we use the new name in our documentation.

[1]: 64a3494c3d
2022-01-12 14:04:14 +00:00
Jonas Heinrich
ef0de7ccb5
nixos/wordpress: Ensure no passwordFile if local db deployment (#148613) 2022-01-12 21:50:19 +09:00
06kellyjac
7148ebef25 docbookrx: drop 2022-01-12 12:04:44 +00:00
Nikolay Amiantov
d042d834af
Merge pull request #153986 from abbradar/prosody-filer
prosody-filer: init at unstable-2021-05-24
2022-01-12 13:18:25 +03:00
Wout Mertens
700fc8e628
Merge pull request #147248 from misuzu/netdata-config
nixos/netdata: add configDir option
2022-01-12 09:43:34 +02:00
pennae
b458e5133f
Merge pull request #146937 from amarshall/pam-apparmor-fix
nixos/pam: Fix apparmor syntax error
2022-01-12 06:31:35 +00:00
Lassulus
b0b40f863b
Merge pull request #152770 from aij/hackrf
nixos/hardware/hackrf: new module
2022-01-11 22:27:48 +01:00
Jörg Thalheim
578d4984fe
Merge pull request #154307 from sagikazarmark/vmware-guest-add-mptspi-module
nixos/vmware-guest: add mptspi kernel module to initrd
2022-01-11 21:24:13 +00:00
Kim Lindberger
bd20b7f07f
Merge pull request #152766 from ejpcmac/fix-elasticsearch-service
nixos/elasticsearch: fix postStart to allow non-localhost listenAddress
2022-01-11 22:16:16 +01:00
Alyssa Ross
262447705c nixos/ssh: add programs.ssh.knownHostsFiles option
The programs.ssh.knownHosts.*.publicKeyFile is broken, because it's
scoped to a set of host names, but to insert those host names on each
line of the file we'd have to parse out blank lines and comments, so
only the first line works.  It would be much easier all round if users
just provided known hosts files in the normal format, and we pointed
ssh directly to them.  This way, it would be possible to have multiple
keys for a single host (which is extremely common due to multiple
algorithms being commonplace).

We add an option for this instead of relying on extraConfig, because
we need to make sure /etc/ssh/ssh_known_hosts is always included to
ensure programs.ssh.knownHosts keeps working.
/etc/ssh/ssh_known_hosts2 is another OpenSSH default that seems a bit
weird, but there's no real reason to change that so we'll leave it.
2022-01-11 20:02:26 +00:00
Florian Klink
2d9eea6d76
Merge pull request #154320 from abbradar/nscd-unit
nscd service: fix ordering and start automatically
2022-01-11 18:47:40 +01:00
Nikolay Amiantov
8956803ade prosody-filer service: init
Add user and group, as files stored are persistent and to be accessed by nginx or other web server.
2022-01-11 20:09:36 +03:00
Nikolay Amiantov
5a38ceb6a7
Merge pull request #154013 from abbradar/baget
BaGet package and service
2022-01-11 20:06:53 +03:00
Gabriel Ebner
b57d7dc58f
Merge pull request #153449 from Mic92/opensmtpd-extras
opensmtpd-extras: drop python2 option
2022-01-11 17:57:39 +01:00
Nikolay Amiantov
74a88c4961 baget service: init 2022-01-11 19:54:54 +03:00
Martin Weinelt
f0f67400bc
Merge pull request #153942 from winterqt/acme-web-server-ownership-assertions 2022-01-11 15:03:43 +01:00
Vincent Haupert
b88ddadf8b nixos/intel-sgx: add option for Intel SGX DCAP compatibility
The Intel SGX DCAP driver makes the SGX application enclave device and
the SGX provisioning enclave available below the path `/dev/sgx/`. Since
Linux 5.11, a derivation of the DCAP driver is part of the kernel and
available through the X86_SGX config option; NixOS enables this option
by default.

In contrast to the out-of-tree DCAP driver, the in-tree SGX driver uses
a flat hierarchy for the SGX devices resulting in the paths
`/dev/sgx_enclave` for the application enclave device and
`/dev/sgx_provison` for the provisioning enclave device.

As of this commit, even the latest version of the Intel SGX PSW
libraries still tries to open the (legacy) DCAP paths only. This means
that SGX software currently cannot find the required SGX devices even if
the system actually supports SGX through the in-tree driver. Intel wants
to change this behavior in an upcoming release of intel/linux-sgx.

Having said that, SGX software assuming the SGX devices below
`/dev/sgx/` will prevail. Therefore, this commit introduces the NixOS
configuration option `hardware.cpu.intel.sgx.enableDcapCompat` which
creates the necessary symlinks to support existing SGX software. The
option defaults to true as it is currently the only way to support SGX
software. Also, enabling the SGX AESM service enables the option.

The permissions of the devices `/dev/sgx_enclave` and
`/dev/sgx_provison` remain the same, i.e., are not affected regardless
of having the new option enabled or not.
2022-01-11 14:02:16 +01:00
Aaron Andersen
ee7e31edb4
Merge pull request #153825 from ymatsiuk/ymatsiuk/teleport-module-test-init
nixos/teleport: init + tests
2022-01-11 07:29:22 -05:00
rnhmjoj
746e627b40
nixos/mpd: use upstream units 2022-01-11 13:09:15 +01:00
Vladimír Čunát
ddc24ff270
Merge #153610: nixos/kresd: fix IPv6 scope syntax 2022-01-11 12:55:47 +01:00
Yurii Matsiuk
0806c2602a
Update nixos/modules/services/networking/teleport.nix
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>
2022-01-11 10:39:00 +01:00
Yurii Matsiuk
47dc5bf2b9
nixos/teleport: add release notes 2022-01-11 10:11:17 +01:00
Yurii Matsiuk
77b442226d
nixos/tests/teleport: init 2022-01-11 10:11:17 +01:00
Yurii Matsiuk
d811a6ea73
nixos/teleport: init 2022-01-11 10:11:17 +01:00
misuzu
768d0d6098 nixos/netdata: expose /etc/netdata 2022-01-10 23:56:57 +02:00
misuzu
9e6145c73b nixos/netdata: add configDir option
This option makes the complete netdata configuration directory available for
modification. The default configuration is merged with changes
defined in the configDir option.

Co-authored-by: Michael Raitza <spacefrogg-github@meterriblecrew.net>
2022-01-10 23:56:53 +02:00
wchresta
205b0f2c5e Idris2: Refactor default.nix
We take the idris2 projects version of the derivation. Originally,
Idris2 did not maintain their own nix derivation, so we created our
own. Now they maintain their own derivation, so we should try to
keep ours as close to theirs.

This change comes with the following differences:
* support files are in its own output, instead of packaged with idris2
  - This makes it necessary to provide --package for contrib and network
    !!! This is a breaking change !!!
* IDIRS2_PREFIX is set to ~/.idris2 instead of pointing to nix-store
  - This makes --install work as expected for the user
* Properly set IDRIS2_PACKAGE_PATH
* non-linux platform uses chez-racket instead of chez
2022-01-10 22:01:42 +01:00
Nikolay Amiantov
b451eca621 nscd service: fix ordering and start automatically
During working on #150837 I discovered that `google-oslogin` test
started failing, and so did some of my development machines. Turns out
it was because nscd doesn't start by default; rather it's wanted by
NSS lookup targets, which are not always fired up.

To quote from section on systemd.special(7) on `nss-user-lookup.target`:

> All services which provide parts of the user/group database should be
> ordered before this target, and pull it in.

Following this advice and comparing our unit to official `sssd.service`
unit (which is a similar service), we now pull NSS lookup targets from
the service, while starting it with `multi-user.target`.
2022-01-10 22:45:12 +03:00
Mark Sagi-Kazar
06771b90b2
nixos/vmware-guest: add mptspi kernel module to initrd
Required by VMware Fusion

See details in nix-community/nixos-generators#132

Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com>
2022-01-10 17:06:02 +01:00
Bernardo Meurer
d72a2e7baf
firmwareLinuxNonfree -> linux-firmware
This renames our `firmwareLinuxNonfree` package to `linux-firmware`.
There is prior art for this in multiple other distros[1][2][3].

Besides making the package more discoverable by those searching for the
usual name, this also brings it in-line with the `kebab-case` we
normally see in `nixpkgs` pnames, and removes the `Nonfree` information
from the name, which I consider redundant given it's present in
`meta.license`.

The corresponding alias has been added, so this shouldn't break
anything.

[1]: https://archlinux.org/packages/core/any/linux-firmware/
[2]: https://src.fedoraproject.org/rpms/linux-firmware
[3]: https://packages.gentoo.org/packages/sys-kernel/linux-firmware
2022-01-10 12:28:03 -03:00
Martin Weinelt
c61a33bc8b
Merge pull request #129559 from fortuneteller2k/thelounge 2022-01-10 11:46:46 +01:00
Aaron Andersen
03c291e6a3
Merge pull request #153987 from jakubgs/init/mtr-exporter
mtr-exporter: init at 0.1.0 (3ce854a5)
2022-01-09 22:34:30 -05:00
fortuneteller2k
38e1dbd942 nixos/thelounge: private -> public
Co-authored-by: Winter <78392041+winterqt@users.noreply.github.com>
2022-01-10 11:28:41 +08:00
legendofmiracles
d9b2a764b0
Merge pull request #148541 from legendofmiracles/final-asf 2022-01-09 20:45:13 -06:00
legendofmiracles
7d1d2fe2f8
ArchiSteamFarm: 5.2.0.10 -> 5.2.1.5; ASF-ui: update 2022-01-09 20:26:03 -06:00
Jörg Thalheim
6a7bafcb0f
Merge pull request #154204 from zhaofengli/riscv-qemu-serial
lib/qemu-common: Add serial device name for RISC-V
2022-01-10 00:33:20 +00:00
Martin Weinelt
24999924b4
Merge pull request #153038 from winterqt/thelounge-plugins 2022-01-10 00:59:33 +01:00
Zhaofeng Li
9e97ef794a lib/qemu-common: Add serial device name for RISC-V 2022-01-09 15:29:52 -08:00
Sandro
8928525bd8
Merge pull request #154124 from Mic92/ddclient 2022-01-09 21:43:19 +01:00
Sandro
a85f163c46
Merge pull request #103946 from lopsided98/sshd-trigger-limit 2022-01-09 21:37:28 +01:00
Winter
0028d75b1c nixos/thelounge: add winter to maintainers 2022-01-09 13:12:41 -05:00
Winter
fe20f479e9 nixos/thelounge: add plugins option 2022-01-09 13:12:41 -05:00
Jan Tojnar
67879a9353
Merge pull request #153398 from jtojnar/tracker-subcommands
nixos/tracker: Define env var so it can find miners’ subcommands
2022-01-09 16:09:35 +01:00
Jakub Sokołowski
7d988867ff
mtr-exporter: init at 0.1.0 (3ce854a5)
This is a useful utility for monitoring network performance over time
using a combination of MTR and Prometheus. Also adding a service definition.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-01-09 13:57:06 +01:00
Jörg Thalheim
51967ca77a nixos/ddclient: better default for nsupdate 2022-01-09 13:38:41 +01:00
Jörg Thalheim
2febc7dd79 nixos/ddclient: don't store config world-readable 2022-01-09 11:30:40 +01:00
Vladimír Čunát
d856f24d3c
Merge #151019: amdgpu-pro: 17.40 -> 21.30 2022-01-09 11:27:18 +01:00
Nikolay Amiantov
e8daaa85d4
Merge pull request #153589 from abbradar/uwsgi-fixes
uWSGI configuration generation fixes
2022-01-09 09:49:05 +03:00
Nikolay Amiantov
f2c5970a76 users-groups service: add autoSubUidGidRange option
Previously we allocated subuids automatically for all normal users.
Make this explicitly configurable, so that one can use this for system
users too (or explicitly disable for normal users). Also don't allocate
automatically by default if a user already has ranges specified statically.
2022-01-09 09:43:55 +03:00
Martin Weinelt
6008460c04
nixos/frr: add to release notes 2022-01-09 04:13:42 +01:00
Frank Doepper
33911b092d
nixos/tests/frr: init
Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
2022-01-09 04:12:55 +01:00
Frank Doepper
0098575c86
nixos/frr: init
- old quagga service and test adapted to frr

Co-Authored-By: Martin Weinelt <hexa@darmstadt.ccc.de>
2022-01-09 04:12:55 +01:00
Sandro
8aeafc25c9
Merge pull request #154054 from SuperSandro2000/prometheus-bearer-token 2022-01-09 01:48:43 +01:00
Ben Wolsieffer
f5e0f2932e sshd: disable trigger limit for systemd socket
When startWhenNeeded is enabled, a brute force attack on sshd will cause
systemd to shut down the socket, locking out all SSH access to the machine.
Setting TriggerLimitIntervalSec to 0 disables this behavior.
2022-01-08 19:48:37 -05:00
github-actions[bot]
3ce63131a1
Merge master into staging-next 2022-01-09 00:01:57 +00:00
Sandro Jäckel
39ce4ddd85
nixos/prometheus: fix usage of bearer_token 2022-01-08 22:56:51 +01:00
Winter
b52607f43b nixos/acme: ensure web servers using certs can access them 2022-01-08 15:05:34 -05:00
Robert Hensing
32356ce11b
Merge pull request #153867 from astro/stunnel
stunnel: allow servers to connect to other hosts
2022-01-08 20:49:48 +01:00
Robert Hensing
f80f85f228
Merge pull request #154015 from pennae/fix-docs-cross
nixos/documentation: fix docs cross build
2022-01-08 20:44:05 +01:00
Robert Hensing
d75b85c5dc
Merge pull request #147690 from pasqui23/hosts
concatTextFile: init
2022-01-08 20:40:31 +01:00
Florian Klink
982de405d7
Merge pull request #153901 from flokli/sniproxy-logdir
nixos/sniproxy: remove unused logDir option
2022-01-08 20:07:57 +01:00
github-actions[bot]
b40a01817b
Merge master into staging-next 2022-01-08 18:01:00 +00:00
Jacek Galowicz
048fd95f10
Merge pull request #146905 from Synthetica9/failure_mode
nixos/test-driver: add polling_condition
2022-01-08 18:28:25 +01:00
pennae
9d3ba92d63 nixos/documentation: fix docs cross build
a few things should've used buildPackages/nativeBuildInputs to not not require
the host architecture for building docs. tested by building aarch64-linux docs
on x86_64-linux, and the result looks good.
2022-01-08 16:03:23 +01:00
Dmitry Kalinkin
477540469e
Merge branch 'master' into staging-next
Conflicts:
	pkgs/development/python-modules/gradient-utils/default.nix
	pkgs/development/python-modules/gradient/default.nix
2022-01-08 02:39:35 -05:00
Thomas Dy
97864e984d nixos/kubernetes: actually set containerd to use systemd cgroups
The correct configuration is listed in the kubernetes documentation
https://kubernetes.io/docs/setup/production-environment/container-runtimes/#containerd-systemd

The correct option can also be seen in `containerd config default`
2022-01-08 17:29:32 +10:00
pennae
2d356a1969 nixos/kubernetes: move all k8s docs out of the sandbox
otherwise the manual won't build.

ideally they'll move back into the sandbox at some point, but we're
obviously not qualified to put them there.
2022-01-08 17:13:27 +10:00
pennae
635376d3af Revert "nixos/kubernetes: make lib option internal and readonly"
This reverts commit 7e28421e17.
2022-01-08 17:13:27 +10:00
Jan Tojnar
283c47bc45
Merge pull request #150548 from K900/wireplumber
wireplumber: init, add NixOS module
2022-01-08 06:11:59 +01:00
Jan Tojnar
0c4ccc29ce
Merge pull request #153840 from bobby285271/gsd
nixos/gnome-settings-daemon: pick up correct .wants directories
2022-01-08 06:07:14 +01:00
Bobby Rong
84ad67f7c6
nixos/gnome-settings-daemon: pick up correct .wants directories
In https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/merge_requests/153
the user target names for GSD components has been renamed for example
from `gsd-a11y-settings.target` to `org.gnome.SettingsDaemon.A11ySettings.target`,
and nowadays `gsd-*.target` are just symbolic links of `/dev/null` and will be
removed in the future.

At the same time, as mentioned in d27212d466,
we are adding `systemd.user.targets.<name>.wants` stuff here only because
systemd.packages doesn't pick the .wants directories. Nowadays those GSD components
are managed in `/etc/systemd/user/gnome-session@gnome.target.d/gnome.session.conf`
so it should be safe to remove them.

In this commit we also try to pick up those new .wants directories, see also
https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/blob/41.0/plugins/meson.build#L57

Result of `cd /nix/store/iqzy2a6wn9bq9hqx7pqx0a153s5xlnwp-gnome-settings-daemon-41.0; find | grep wants`:

```
./share/systemd/user/gnome-session-x11-services-ready.target.wants
./share/systemd/user/gnome-session-x11-services-ready.target.wants/org.gnome.SettingsDaemon.XSettings.service
./share/systemd/user/gnome-session-x11-services.target.wants
./share/systemd/user/gnome-session-x11-services.target.wants/org.gnome.SettingsDaemon.XSettings.service
```

Result of `cd /nix/store/armzljlnsvc1gn0nq0bncb9lf8fy32zy-gnome-settings-daemon-3.34.0; find | grep wants`:

```
./lib/systemd/user/gnome-session-initialized.target.wants
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-a11y-settings.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-color.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-datetime.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-power.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-housekeeping.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-keyboard.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-media-keys.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-screensaver-proxy.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-sharing.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-sound.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-smartcard.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-wacom.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-print-notifications.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-rfkill.target
./lib/systemd/user/gnome-session-initialized.target.wants/gsd-wwan.target
./lib/systemd/user/gnome-session-x11-services.target.wants
./lib/systemd/user/gnome-session-x11-services.target.wants/gsd-xsettings.target
```
2022-01-08 10:19:02 +08:00
Florian Klink
6a75955c21 nixos/sniproxy: remove unused logDir option
This never configured where SNI should log to, as it's up to the user to
provide the full sniproxy config (which can be configured to log to a
file).

This option only produced a ExecStartPre script that created the folder.

Let's use LogsDirectory to create it. In case users want to use another
directory for logs, they can override LogsDirectory or set their own
ExecStartPre script.
2022-01-07 22:40:12 +01:00
Maciej Krüger
801d832872
Merge pull request #125451 from zhaofengli/qemu-riscv64-sd-image 2022-01-07 22:14:05 +01:00
Jonathan Ringer
86f9a32c4c
Merge remote-tracking branch 'origin/master' into staging-next
Conflicts:
	pkgs/development/python-modules/hydra/default.nix
2022-01-07 10:31:29 -08:00
Astro
422c5a5db5 stunnel: allow servers to connect to other hosts 2022-01-07 17:54:01 +01:00
Patrick Hilhorst
0c3f1cf420
Merge pull request #153273 from Synthetica9/passthru-driverInteractive 2022-01-07 16:04:43 +01:00
K900
4909a15582 nixos/wireplumber: init
This is extremely basic for now, but we can add more stuff later
2022-01-07 17:34:28 +03:00
Aaron Andersen
2e95239bd1
Merge pull request #153729 from aanderse/nixos/caddy
nixos/caddy: add globalConfig option
2022-01-07 08:35:07 -05:00