MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 07:46:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
219546 commits 269 branches 124 tags 6.2 GiB
Commit graph

13518 commits

Author SHA1 Message Date
Izorkin
c75398b10a nixos/fail2ban: disable work fail2ban without firewall 2020-03-18 09:54:19 +03:00
Martin Baillie
6e055c9f4a tailscale: init at 0.96-33 
Signed-off-by: Martin Baillie <martin@baillie.email>
 2020-03-18 05:07:47 +00:00
Niklas Hambüchen
9d45737ae7
Merge pull request #82767 from thefloweringash/rpfilter-assertion-types 
nixos/firewall: fix types in reverse path assertion
 2020-03-18 04:11:01 +01:00
Andrew Childs
e110f5ecc1 nixos/firewall: fix types in reverse path assertion 
Broken by 0f973e273c in #73533

The type of the checkReversePath option allows "strict" and "loose" as
well as boolean values.
 2020-03-18 10:54:55 +09:00
Antoine Eiche
39621bb8de nixos/alertmanager: start after the network-online target 
If the host network stack is slow to start, the alertmanager fails to
start with this error message:

    caller=main.go:256 msg="unable to initialize gossip mesh" err="create memberlist: Failed to get final advertise address: No private IP address found, and explicit IP not provided"

This bug can be reproduced by shutting down the network stack and
restarting the alertmanager.

Note I don't know why I didn't hit this issue with previous
alertmanager releases.
 2020-03-17 22:18:20 +01:00
goibhniu
5241e5a193
Merge pull request #79851 from mmilata/supybot-enhancements 
nixos/supybot: switch to python3, enable systemd sandboxing, add option for installing plugins
 2020-03-17 19:07:41 +00:00
davidak
c7e4c3b5a3 nixos/phpfpm: add example to socket 2020-03-17 15:34:43 +01:00
Léo Gaspard
a0307bad46
Merge pull request #79120 from symphorien/iodine 
Iodine: ipv6 support, updates, hardening, nixos test....
 2020-03-16 23:42:12 +01:00
Danylo Hlynskyi
fab05f17d1
Merge pull request #80114 from rnhmjoj/initrd 
nixos/boot: add option to disable initrd
 2020-03-16 20:04:24 +02:00
danbst
a723672c20 doc/postgresql: apply xmlformat 2020-03-16 19:30:23 +02:00
danbst
759fd9b0b0 nixos/postgresql: add upgrade documentation 2020-03-16 19:30:23 +02:00
Maximilian Bosch
a2e06fc342
Merge pull request #80447 from Ma27/bump-matrix-synapse 
matrix-synapse: 1.9.1 -> 1.11.1
 2020-03-16 10:55:38 +01:00
Maximilian Bosch
849e16888f
nixos/doc/matrix-synapse: refactor 
* Linkify all service options used in the code-examples.
* Demonstrated the use of `riot-web.override {}`.
* Moved the example how to configure a postgresql-database for
  `matrix-synapse` to this document from the 20.03 release-notes.
 2020-03-16 10:39:42 +01:00
Pierre Bourdon
b8ef2285b5 nixos/stubby: set Type=notify on the systemd service 
Fixes some dependency ordering problems at boot time with services that
require DNS. Without Type=notify these services might be started before
stubby was ready to accept DNS requests.
 2020-03-16 10:10:45 +05:30
Maximilian Bosch
8be61f7a36
matrix-synapse: 1.9.1 -> 1.11.1 
https://github.com/matrix-org/synapse/releases/tag/v1.10.0
https://github.com/matrix-org/synapse/releases/tag/v1.10.1
https://github.com/matrix-org/synapse/releases/tag/v1.11.0
https://github.com/matrix-org/synapse/releases/tag/v1.11.1
 2020-03-15 17:09:51 +01:00
Silvan Mosberger
7c3f3e9c51
Merge pull request #72029 from lschuermann/tpm2-module 
nixos/tpm2: init
 2020-03-15 15:47:06 +01:00
Silvan Mosberger
779b7ff3d8
Merge pull request #80931 from LEXUGE/master 
smartdns: init at 30
 2020-03-15 15:36:05 +01:00
Leon Schuermann
156b879c2e nixos/tpm2: init 
This commit adds udev rules, the userspace resource manager and
PKCS#11 module support.
 2020-03-15 12:16:32 +01:00
volth
687aa06c70 nixos/scripted-networking: fix bridge setup when libvirtd uses socket activation 2020-03-15 11:29:14 +07:00
volth
d8664c78b1 libvirt: 6.0.0 -> 6.1.0, fix module 2020-03-15 11:29:04 +07:00
adisbladis
c00777042f
Merge pull request #82620 from aanderse/ssh-silent 
nixos/ssh: silence ssh-keygen during configuration validation
 2020-03-15 01:21:38 +00:00
Harry Ying
629d3bab18
nixos/smartdns: init first generation config 2020-03-15 08:53:20 +08:00
Aaron Andersen
f383fa344e nixos/sshd: only include AuthorizedKeysCommand and AuthorizedKeysCommandUser options if explicitly set 2020-03-14 19:50:11 -04:00
Aaron Andersen
f5951f520c nixos/ssh: silence ssh-keygen during configuration validation 2020-03-14 19:37:30 -04:00
Florian Klink
74f451b851
Merge pull request #82413 from aanderse/authorized-keys-command 
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
 2020-03-14 23:58:47 +01:00
zimbatm
001be890f7 folding@home: 6.02 -> 7.5.1 
The v7 series is very different.

This commit introduces the 3 packages: fahclient, fahcontrol and
fahviewer. It also rebuilds the NixOS module to map better with the new
client.
 2020-03-14 13:01:26 -07:00
Jörg Thalheim
4a8a014be4
Merge pull request #82468 from Mic92/kvmgt 
nixos/kvmgt: udev rules + fix module initialisation
 2020-03-14 07:17:28 +00:00
Andrew Childs
01f03f30db nixos/prometheus: add checkConfig 
Workaround for https://github.com/prometheus/prometheus/issues/5222
 2020-03-14 04:40:55 +00:00
Andrew Childs
2c121f4215 nixos/firewall: fix inverted assertion for reverse path filtering 
Previously the assertion passed if the kernel had support OR the
filter was *enabled*. In the case of a kernel without support, the
`checkReversePath` option defaulted to false, and then failed the
assertion.
 2020-03-14 04:32:07 +00:00
Joachim Fasting
1b575dbd79 nixos/firejail: use local runCommand 
Also:

- use `runtimeShell`; and
- remove unused `makeWrapper` input; and
- `exec()` to shed wrapping shell
 2020-03-14 03:09:48 +00:00
Mario Rodas
ee599f376c
Merge pull request #71329 from tilpner/cadvisor-no-docker 
nixos/cadvisor: don't enable docker
 2020-03-13 20:35:46 -05:00
Vladimír Čunát
0729b8c55e
Revert Merge #82310: nixos/systemd: apply .link 
...even when networkd is disabled

This reverts commit ce78f3ac70, reversing
changes made to dc34da0755.

I'm sorry; Hydra has been unable to evaluate, always returning
> error: unexpected EOF reading a line
and I've been unable to reproduce the problem locally.  Bisecting
pointed to this merge, but I still can't see what exactly was wrong.
 2020-03-13 22:05:33 +01:00
Michele Guerini Rocco
7b15d6cee4
Merge pull request #81241 from thefloweringash/nesting-system 
nixos/activation: propagate system to nested configurations
 2020-03-13 09:58:10 +01:00
Jörg Thalheim
505d241ee3
nixos/kvmgt: add udev rules for unprivileged access 2020-03-13 07:04:26 +00:00
Jörg Thalheim
85aae79ca1
nixos/kvmgt: fix driver option 
extraModprobeConfig could be applied too late i.e. if the driver has been
loaded in initrd, while the harddrive is still encrypted.
Using a kernelParams works in all cases however.
 2020-03-13 07:03:45 +00:00
snicket2100
65abd808d5 firejail: system package on programs.firejail.enable 
this way the man page etc. becomes available if we enable firejail with
`programs.firejail.enable = true`
 2020-03-13 03:28:08 +00:00
Aaron Andersen
dbe59eca84 nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options 2020-03-12 21:00:12 -04:00
Florian Klink
ce78f3ac70
Merge pull request #82310 from flokli/systemd-network-link-no-networkd 
nixos/systemd: apply .link even when networkd is disabled
 2020-03-12 15:47:59 -07:00
Léo Gaspard
693d834c37
Merge pull request #76739 from symphorien/mail_plugins 
nixos/dovecot: add an option to enable mail_plugins
 2020-03-12 22:44:23 +01:00
Léo Gaspard
26b1ef1506
Merge pull request #80141 from symphorien/scrub 
nixos/btrfs: make autoScrub not prevent shutdown or suspend
 2020-03-12 22:39:34 +01:00
adisbladis
f3adcbd150
Merge pull request #82411 from adisbladis/ntpd-extraconfig 
services.ntpd: Add extraConfig parameter
 2020-03-12 16:37:25 +00:00
Silvan Mosberger
8f2109cda4
Merge pull request #81945 from Infinisil/hostFiles 
Introduce `networking.hostFiles` option
 2020-03-12 15:56:30 +01:00
adisbladis
63c35a9c28
services.ntpd: Add extraConfig parameter 2020-03-12 14:44:59 +00:00
Léo Gaspard
06bdfc5e32
Merge pull request #82185 from matt-snider/master 
ankisyncd, nixos/ankisyncd: init at 2.1.0
 2020-03-12 11:47:42 +01:00
lewo
cbb21b2a8a
Merge pull request #81214 from buckley310/updateDelay 
NixOS/auto-upgrade: Add optional randomized delay
 2020-03-12 09:06:32 +01:00
Graham Christensen
10f625b3d2
Merge pull request #81402 from mmilata/firejail-example 
nixos/firejail: add example for wrappedBinaries
 2020-03-11 20:28:35 -04:00
Jörg Thalheim
154f9e1bd9
Merge pull request #82340 from nyanloutre/vsftpd_pam_fix 
nixos/vsftpd: fix missing default pam_service_name
 2020-03-11 22:29:43 +00:00
Jörg Thalheim
9aa23e31b3
Merge pull request #80904 from talyz/haproxy-fixes 
nixos/haproxy: Revive the haproxy user and group
 2020-03-11 22:23:13 +00:00
Maximilian Bosch
b7cdb64ac2
treewide: remove myself from a few packages I don't use anymore 2020-03-11 22:29:30 +01:00
nyanloutre
7ab00c48d8
nixos/vsftpd: fix missing default pam_service_name 
9458ec4 removed the ftp pam service which was used by default by vsftpd
 2020-03-11 21:15:47 +01:00
talyz
bb7ad853fb nixos/haproxy: Revive the haproxy user and group 
Running haproxy with "DynamicUser = true" doesn't really work, since
it prohibits specifying a TLS certificate bundle with limited
permissions. This revives the haproxy user and group, but makes them
dynamically allocated by NixOS, rather than statically allocated. It
also adds options to specify which user and group haproxy runs as.
 2020-03-11 19:52:37 +01:00
Silvan Mosberger
fc2b132c94
Merge pull request #82326 from mmilata/rename-fix-module-path 
nixos: fix module paths in rename.nix
 2020-03-11 19:35:40 +01:00
Martin Milata
d08ede042b nixos: fix module paths in rename.nix 2020-03-11 15:59:22 +01:00
Florian Klink
3d1079a20d nixos/zerotierone: switch from manually generating the .link file to use the module 
Previously, systemd.network.links was only respected with networkd
enabled, but it's really udev taking care of links, no matter if
networkd is enabled or not.

With our module fixed, there's no need to manually manage the text file
anymore.
 2020-03-11 10:21:37 +01:00
Florian Klink
36ef112a47 nixos/networkd: respect systemd.network.links also with disabled systemd-networkd 
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.
 2020-03-11 10:21:37 +01:00
Edward Tjörnhammar
b155a62dad nixos/lightdm-tiny-greeter: init module 2020-03-11 08:12:35 +00:00
Jan Tojnar
6bba9428d9
Merge pull request #81431 from jtojnar/malcontent-0.6 
malcontent: 0.4.0 → 0.6.0
 2020-03-11 04:08:59 +01:00
Jan Tojnar
31dd8332bc
nixos/malcontent: init 2020-03-10 23:30:20 +01:00
Jesper Geertsen Jonsson
b42babd160 nixos/netdata: add module package option 2020-03-10 23:06:01 +01:00
Matt Snider
acba458b7e nixos/ankisyncd: init at 2.1.0 2020-03-10 22:45:33 +01:00
Aaron Andersen
641b94bdd0 nixos/mysql: add settings and configFile options 2020-03-10 15:15:11 -04:00
Linus Heckemann
dfc70d37f4
Merge pull request #82252 from mayflower/radius-http2 
FreeRADIUS improvements
 2020-03-10 16:01:46 +01:00
Linus Heckemann
065716ab95 nixos/freeradius: depend on network.target, not online 2020-03-10 15:54:29 +01:00
Linus Heckemann
0587329191 freeradius: make debug logging optional 2020-03-10 15:54:02 +01:00
adisbladis
6fcce60fd5
Merge pull request #82139 from adisbladis/switch-to-configuration-manual 
switch-to-configuration: Add new option X-OnlyManualStart
 2020-03-10 11:17:33 +00:00
Martin Milata
1affd47cc1 nixos/supybot: python3 switch, add plugin options 
Python2 seems to be no longer supported by limnoria upstream.
 2020-03-09 23:32:54 +01:00
Martin Milata
57f5fb62d4 nixos/supybot: enable systemd sandboxing options 2020-03-09 23:32:54 +01:00
Martin Milata
b150e08169 nixos/supybot: stateDir in /var/lib, use tmpfiles 
Moving the stateDir is needed in order to use ProtectSystem=strict
systemd option.
 2020-03-09 23:29:04 +01:00
adisbladis
db6c94304f
switch-to-configuration: Add new option X-OnlyManualStart 
This is to facilitate units that should _only_ be manually started and
not activated when a configuration is switched to.

More specifically this is to be used by the new Nixops deploy-*
targets created in https://github.com/NixOS/nixops/pull/1245 that are
triggered by Nixops before/after switch-to-configuration is called.
 2020-03-09 11:28:07 +00:00
zimbatm
cc90ececa7
environment.etc: fix typo 2020-03-09 12:01:41 +01:00
Florian Klink
dceec409cc nixos/cage: move ConditionPathExists to service config 
It doesn't belong into [Service]:
> Unknown key name 'ConditionPathExists' in section 'Service', ignoring.
 2020-03-09 00:47:49 +01:00
Dmitry Kalinkin
93745d243b
Merge pull request #79488 from danielfullmer/zoneminder-1.34.2 
zoneminder: 1.32.3 -> 1.34.3
 2020-03-07 13:25:17 -05:00
Daniel Fullmer
cb5da4eacb nixos/zoneminder: update on startup if needed 2020-03-07 12:59:39 -05:00
Silvan Mosberger
4f69262c19
Merge pull request #81369 from mweinelt/pr/acme-chmod 
nixos/acme: apply chmod and ownership unconditionally
 2020-03-07 03:24:46 +01:00
Silvan Mosberger
64ee425a01
nixos/cjdns: Fix connectTo example rendering 2020-03-07 02:01:41 +01:00
Silvan Mosberger
1906320e68
nixos/cjdns: Don't use IFD for extra hosts 2020-03-07 02:01:19 +01:00
Silvan Mosberger
ec6e4db6e4
nixos/networking: Add hostFiles option 
When blocklists are built with a derivation, using extraHosts would
require IFD, since the result of the derivation needs to be converted to
a string again.

By introducing this option no IFD is needed for such use-cases, since
the fetched files can be assigned directly.
 2020-03-07 01:53:31 +01:00
Lancelot SIX
74c0ce5376
Merge pull request #81907 from atlaua/lr/wg-typo 
nixos/wireguard: Fix typo in error message
 2020-03-06 22:43:32 +01:00
Luis Ressel
b19c485b22
nixos/wireguard: Fix typo in error message 
generatePrivateKey -> generatePrivateKeyFile
 2020-03-06 16:19:23 +01:00
Jörg Thalheim
391b7b31d8
Merge pull request #81891 from emilazy/nginx-use-mozilla-tls-config 
nixos/nginx: use Mozilla Intermediate TLS configuration
 2020-03-06 14:30:28 +00:00
Jörg Thalheim
87ae01e70b
Merge pull request #81752 from alexbakker/fix-55221 
uwsgi: use pyhome instead of pythonpath for uwsgi vassals
 2020-03-06 13:16:26 +00:00
Emily
4ed98d69ed nixos/nginx: use Mozilla Intermediate TLS configuration 
The configuration at https://ssl-config.mozilla.org/#server=nginx&config=intermediate
is reliably kept up-to-date in terms of security and compatible with a
wide range of clients. They've probably had more care and thought put
into them than our defaults, and will be easier to keep updated in
the future.

The only removed (rather than changed) configuration option here is
ssl_ecdh_curve, per https://github.com/mozilla/server-side-tls/issues/189.

Resolves #80952.
 2020-03-06 13:08:56 +00:00
Silvan Mosberger
dc70633913
Merge pull request #81774 from ju1m/shorewall_fix_RestartTriggers 
shorewall: fix RestartTriggers
 2020-03-06 11:58:35 +01:00
Martin Milata
421a18f42b nixos/prometheus-mikrotik-exporter: init 2020-03-06 10:39:05 +01:00
Martin Milata
e7ed7901a8 nixos/prometheus-mail-exporter: misc fixes 
- Fix misspelled option. mkRenamedOptionModule is not used because the
   option hasn't really worked before.
 - Add missing cfg.telemetryPath arg to ExecStart.
 - Fix mkdir invocation in test.
 2020-03-06 01:44:05 +01:00
Martin Milata
3b5cf35e8b nixos/prometheus-mail-exporter: fix assertion 
The assertion was printed when user explicitly defined only the
configFile option.
 2020-03-06 01:44:05 +01:00
Martin Milata
2a080ac434 nixos/prometheus-snmp-exporter: fix assertion 
The assertion was printed when user explicitly defined only the
configurationPath option.
 2020-03-06 01:43:20 +01:00
Martin Milata
87f87fb3e9 nixos/prometheus-snmp-exporter: update log options 
The allowed values have changed in bd3319d28c.

0.15:
      --log.level="info"        Only log messages with the given severity or above. Valid levels: [debug, info, warn, error, fatal]
      --log.format="logger:stderr"
                                Set the log target and format. Example: "logger:syslog?appname=bob&local=7" or "logger:stdout?json=true"

0.17:
      --log.level=info          Only log messages with the given severity or above. One of: [debug, info, warn, error]
      --log.format=logfmt       Output format of log messages. One of: [logfmt, json]
 2020-03-06 01:43:20 +01:00
Martin Milata
0ac24ccf2a nixos/prometheus-*-exporter: escape shell args 2020-03-06 01:43:20 +01:00
Andrew Childs
ce416779bb nixos/activation: use eval-config's system argument for nesting 
This avoids a possible surprise if the user is using `nixpkgs.system`
and `nesting.children`. `nesting.children` is expected to ignore all
parent configuration so we shouldn't propagate the user-facing option
`nixpkgs.system`. To avoid doing so, we introduce a new internal
option for holding the value passed to eval-config.nix, and use that
when recursing for nesting.
 2020-03-05 20:28:31 +09:00
David Guibert
bbc2cd89ef users.groups.disnix instead of a list 
related to #63103.
 2020-03-05 09:08:40 +01:00
Julien Moutinho
47f27938e7 shorewall: fix RestartTriggers 2020-03-05 00:01:44 +01:00
Alexander Bakker
7bbf7fa693 uwsgi: use pyhome instead of pythonpath for uwsgi vassals 2020-03-04 20:20:32 +01:00
Silvan Mosberger
b38344b54c
Merge pull request #81708 from yegortimoshenko/acme-fullchain-force-symlink 
nixos/acme: force symlink from fullchain.pem to cert.pem
 2020-03-04 19:33:39 +01:00
Michele Guerini Rocco
481a4e938e
Merge pull request #81597 from thatsmydoing/multiport-nat 
nixos/nat: fix multiple destination ports with loopback
 2020-03-04 19:12:25 +01:00
Jörg Thalheim
bbbf224c7d
Merge pull request #81610 from Mic92/zfs 
nixos/zfs: continue trimming also if one pool fails
 2020-03-04 11:44:57 +00:00
Maximilian Bosch
7f9131f260
Merge pull request #81405 from NinjaTrappeur/nin-networkd-policy-rules 
nixos/networkd: add RoutingPolicyRules-related options
 2020-03-04 12:29:29 +01:00
Yegor Timoshenko
c32da2ed9c nixos/acme: force symlink from fullchain.pem to cert.pem 
Co-authored-by: emily <vcs@emily.moe>
 2020-03-04 12:52:12 +03:00
Thomas Dy
97a61c8903 nixos/nat: fix multiple destination ports with loopback 2020-03-04 18:11:31 +09:00
Sean Buckley
9d3aa711fe NixOS/auto-upgrade: refine option description 2020-03-03 22:14:31 -05:00
Florian Klink
407be0a577
Merge pull request #81327 from flokli/add-cage 
nixos/cage: init
 2020-03-03 12:04:33 -08:00
Robert Hensing
6734e58da3
Merge pull request #81292 from hercules-ci/fix-service-runner-quotes 
nixos/service-runner.nix: Allow quotes in commands + test
 2020-03-03 14:31:00 +01:00
Jörg Thalheim
8f543ed80d
nixos/zfs: continue trimming also if one pool fails 
fixes https://github.com/NixOS/nixpkgs/issues/81602
 2020-03-03 11:22:07 +00:00
Yegor Timoshenko
c16f2218da
Merge pull request #80900 from emilazy/acme-must-staple 
nixos/acme: Must-Staple and extra flags
 2020-03-03 03:57:40 +03:00
Yegor Timoshenko
31aefc74c5
Merge pull request #80856 from emilazy/adjust-acme 
nixos/acme: adjust renewal timer options
 2020-03-03 03:49:33 +03:00
Matthew Bauer
e0e4d591cc nixos/cage: init 
Add a cage module to nixos. This can be used to make kiosk-style
systems that boot directly to a single application. The user (demo by
default) is automatically logged in by this service and the
program (xterm by default) is automatically started.

This is useful for some embedded, single-user systems where we want
automatic booting. To keep the system secure, the user should have
limited privileges.

Based on the service provided in the Cage wiki here:

https://github.com/Hjdskes/cage/wiki/Starting-Cage-on-boot-with-systemd

Co-Authored-By: Florian Klink <flokli@flokli.de>
 2020-03-02 13:43:20 -08:00
WilliButz
eaef96093a
prometheus-nginx-exporter: 0.5.0 -> 0.6.0 (#81285) 
* prometheus-nginx-exporter: 0.5.0 -> 0.6.0

* nixos/prometheus-nginx-exporter: update for 0.6.0

Added new option constLabels and updated virtualHost name in the
exporter's test.
 2020-03-02 14:48:40 -05:00
Maximilian Bosch
70325e63d8
Merge pull request #79532 from NixOS/fix-predictable-ifnames-in-initrd 
nixos/stage-1: fix predictable interface names in initrd
 2020-03-02 17:14:06 +01:00
Andreas Rammhold
ca5048cba4
Merge pull request #79925 from mrkkrp/mk/add-nix-store-gcs-proxy-service 
Add nix-store-gcs-proxy service
 2020-03-02 16:04:16 +01:00
Mark Karpov
96b472e95d
module/nix-store-gcs-proxy: init 2020-03-02 16:01:14 +01:00
Félix Baylac-Jacqué
9897d83f58 nixos/networkd: test routingPolicyRules with a nixos vm test 2020-03-02 15:37:40 +01:00
Jörg Thalheim
2c5ffb5c7a
Merge pull request #81164 from Mic92/home-assistant 
nixos/home-assistant: 0.104.3 -> 0.106.0
 2020-03-02 10:55:35 +00:00
Benjamin Staffin
3a2790c342 services.mailman: RemainAfterExit so settings take effect properly 
Prior to this fix, changes to certain settings would not be applied
automatically and users would have to know to manually restart the
affected service.  A prime example of this is
`services.mailman.hyperkitty.baseUrl`, or various things that affect
`mailman3/settings.py`
 2020-03-02 02:25:20 +00:00
obadz
c31958449f
Merge pull request #77405 from danielfullmer/zerotier-mac-fix 
nixos/zerotierone: prevent systemd from changing MAC address
 2020-03-01 18:49:00 -07:00
Félix Baylac-Jacqué
611d765b76 nixos/networkd: Add the RoutingPolicyRule-related options 2020-03-01 14:52:36 -08:00
José Romildo Malaquias
74f5358f13
Merge pull request #66601 from eadwu/nvidia/prime-render-offload 
nvidia: prime render offload
 2020-03-01 14:28:57 -03:00
worldofpeace
0bbada3a07
Merge pull request #80451 from worldofpeace/pantheon-doc 
nixos/pantheon: add docs
 2020-03-01 16:56:55 +00:00
worldofpeace
21c971a732
Merge pull request #81118 from tilpner/gitdaemon-usercreation 
nixos/git-daemon: only create git user if it will be used
 2020-03-01 13:40:57 +00:00
Yegor Timoshenko
98cbc40570
Merge pull request #81371 from mweinelt/pr/acme-autostart 
nixos/acme: renew after rebuild and on boot
 2020-03-01 15:46:31 +03:00
Jörg Thalheim
1b92a08a71
Merge pull request #81297 from Mic92/sslh 
nixos/sslh: don't run as nogroup
 2020-03-01 12:18:09 +00:00
worldofpeace
e906014d4b
Merge pull request #80920 from worldofpeace/rngd-cleanup-shutdown 
nixos/rngd: fix clean shutdown
 2020-03-01 11:44:22 +00:00
Martin Weinelt
3575555fa8
nixos/acme: apply chmod and ownership unconditionally 
Also separate directory and file permissions so the certificate files
don't end up with the executable bit.

Fixes #81335
 2020-02-29 20:17:14 +01:00
Martin Milata
96e36bf1ba nixos/firejail: add example for wrappedBinaries 2020-02-29 19:06:28 +01:00
Emily
ffb7b984b2 nixos/acme: add extraLegoRenewFlags option 2020-02-29 16:44:04 +00:00
Emily
b522aeda5a nixos/acme: add ocspMustStaple option 2020-02-29 16:44:04 +00:00
Emily
7b14bbd734 nixos/acme: adjust renewal timer options 
The current weekly setting causes every NixOS server to try to renew
its certificate at midnight on the dot on Monday. This contributes to
the general problem of periodic load spikes for Let's Encrypt; NixOS
is probably not a major contributor to that problem, but we can lead by
example by picking good defaults here.

The values here were chosen after consulting with @yuriks, an SRE at
Let's Encrypt:

* Randomize the time certificates are renewed within a 24 hour period.

* Check for renewal every 24 hours, to ensure the certificate is always
  renewed before an expiry notice is sent out.

* Increase the AccuracySec (thus lowering the accuracy(!)), so that
  systemd can coalesce the renewal with other timers being run.

  (You might be worried that this would defeat the purpose of the time
  skewing, but systemd is documented as avoiding this by picking a
  random time.)
 2020-02-29 14:03:36 +00:00
Martin Weinelt
5ff9441471
nixos/acme: renew after rebuild and on boot 
Fixes #81069
 2020-02-29 14:40:34 +01:00
worldofpeace
3be04570e0 nixos/pantheon: add docs 2020-02-28 19:43:18 -05:00
Sean Buckley
14a1aa4a3d
NixOS/auto-upgrade: fix wording 
Co-Authored-By: Pascal Hertleif <killercup@gmail.com>
 2020-02-28 12:03:41 -05:00
Jörg Thalheim
8b7f4fa8a6
nixos/buildkite-agents: don't run as nogroup 2020-02-28 15:34:37 +00:00
Jörg Thalheim
9218a58964
nixos/sslh: don't run as nogroup 
See #55370
 2020-02-28 15:32:36 +00:00
Jörg Thalheim
ee2ea82a68
nixos/home-assistant: make config deep mergeable 
This make it possible to split the home-assistant configuration
across multiple files and nix will merge the option in an intuitive
way.
 2020-02-28 15:32:03 +00:00
WilliButz
68410b08be
nixos/codimd: update useCDN default to false 2020-02-28 14:36:46 +01:00
Robert Hensing
43521ac965 nixos/service-runner.nix: Allow quotes in commands + test 2020-02-28 14:26:29 +01:00
Sean Buckley
b6cad64ef6 NixOS/auto-upgrade: Add optional randomized delay 2020-02-27 16:40:10 -05:00
worldofpeace
76f4f6b95d
Merge pull request #81087 from lovesegfault/tlp-1.3.1 
tlp: 1.2.2 -> 1.3.1
 2020-02-27 19:43:14 +00:00
Bernardo Meurer
ee7becd918
nixos/tlp: revamp 2020-02-27 09:58:51 -08:00
Thomas Tuegel
d3e3cc1225
nixos/plasma5: Fix activation script when XDG_CONFIG_HOME is unset 
Fixes #80713
 2020-02-27 09:48:58 -06:00
Andrew Childs
b83164a049 nixos/activation: propagate system to nested configurations 
The current behavior lets `system` default to
`builtins.currentSystem`. The system value specified to
`eval-config.nix` has very low precedence, so this should compose
properly.

Fixes #80806
 2020-02-27 23:57:44 +09:00
Daniel Schaefer
39ed5ff74c
Merge pull request #80329 from mmilata/hunspell-pathstolink 
nixos: add /share/hunspell to environment.pathsToLink
 2020-02-27 09:23:08 +01:00
Aaron Andersen
4d67db3101
Merge pull request #80849 from BBBSnowball/pull-load-imagick-once 
nixos/nextcloud: avoid loading imagick extension more than once
 2020-02-26 17:17:55 -05:00
Franz Pletz
2dff70f0f3
Merge pull request #80981 from bachp/nextcloud-x-frame-warning 
nixos/nextcloud: prevent warning about missing X-Frame-Option
 2020-02-26 17:37:38 +00:00
Vladimír Čunát
5f881209f9
nixos/kresd: never force extraFeatures = false 
Fixes #81109.  Regressed in PR #78392 (26858063).
 2020-02-26 15:10:53 +01:00
tilpner
6df119a6ec
nixos/git-daemon: only create git user if it will be used 2020-02-26 15:04:36 +01:00
Silvan Mosberger
5f37069888
Merge pull request #80861 from emilazy/acme-fullchain 
nixos/acme: move the crt to fullchain.pem
 2020-02-26 00:48:53 +01:00
Martin Milata
9b0a9577f7 nixos/parsoid: enable systemd sandboxing 2020-02-25 01:32:31 +01:00
Martin Milata
3b27f4d945 nixos/parsoid: fix package name 
Original package was removed in 2b8cde0ce2.
 2020-02-25 01:32:30 +01:00
Pascal Bach
119a7aae50 nixos/nextcloud: prevent warning about missing X-Frame-Option 2020-02-24 22:07:24 +01:00
Jörg Thalheim
ee08bd8dec
Merge pull request #80831 from Mic92/netdata 
netdata: 1.19.0 -> 1.20.0
 2020-02-24 17:24:19 +00:00
Jörg Thalheim
8cfd003295
stubby: configure cache directory 
This is needed for local dnssec validation
 2020-02-24 10:51:43 +00:00