dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
702,961 Commits 3 Branches 0 Tags 4.3 GiB
5bfad8d9f6
Commit Graph

21459 Commits

Author SHA1 Message Date
Peder Bergebakken Sundt
465201822e
nixos/mihomo: fix option type and test (#345891) 2024-10-19 06:58:41 +02:00
github-actions[bot]
d0c2de8c22
Merge master into staging-next 2024-10-19 00:14:00 +00:00
Maximilian Bosch
c5b89642bf
Merge: nixos/nextcloud: fix shellcheck findings with enableStrictShellChecks enabled (#349558) 2024-10-18 23:57:53 +02:00
Sandro
f0bc4f6bbf
nixos-firewall-tool: add nftables support (#324615) 2024-10-18 23:57:39 +02:00
nicoo
6c62fbf539 nixos/sshd: warn if no authorized keys, and no authentication method other than pubkeys, were configured 2024-10-18 20:23:02 +00:00
nicoo
1f08575e3a nixos/sshd: Disable authorizedKeysInHomedir if stateVersion >= 24.11 
Co-authored-by: Valentin Gagarin <valentin@gagarin.work>
 2024-10-18 20:21:12 +00:00
Stanisław Pitucha
87c458e3ce
nixos/go-camo: fix shellcheck findings with enableStrictShellChecks enabled (#349557) 2024-10-19 06:22:18 +11:00
jmir1
858b5c6762 nixos/ddclient: Fix ip command with usev4 and usev6 2024-10-18 20:32:16 +02:00
Sandro
d72c0ce546
nixos/nextcloud-notify_push: fix connecting to mysql via socket (#348114) 2024-10-18 20:25:32 +02:00
Gary Guo
cabbab19e2
nixos-firewall-tool: add nftables support 
Co-authored-by: Rvfg <i@rvf6.com>
 2024-10-18 20:16:27 +02:00
github-actions[bot]
2c176e14b1
Merge master into staging-next 2024-10-18 18:04:25 +00:00
K900
e1bc488872
nixos/plasma6: fix shellcheck findings with enableStrictShellChecks e… (#349580) 2024-10-18 20:09:15 +03:00
Christina Sørensen
d218858bb1
nixos/wakapi: add database options; gate db creation behind database.createLocally (#341176) 2024-10-18 18:04:46 +02:00
Sandro Jäckel
fc31cfea42
nixos/plasma6: fix shellcheck findings with enableStrictShellChecks enabled 2024-10-18 17:29:23 +02:00
Sandro Jäckel
c4a7c0fae5
nixos/paperless: fix shellcheck findings with enableStrictShellChecks enabled 2024-10-18 17:28:03 +02:00
github-actions[bot]
a9f08a2b87
Merge master into staging-next 2024-10-18 12:05:39 +00:00
Atemu
dddcb35140
nixos/jupyter: set user primary group (#349415) 2024-10-18 12:05:43 +02:00
r-vdp
c9160efd81
nixos/kmonad: init 2024-10-18 11:47:26 +02:00
Rasmus Précenth
00e1112f9b
nixos/docker-registry: fix extraConfig docs 
Co-authored-by: teutat3s <10206665+teutat3s@users.noreply.github.com>
 2024-10-18 11:45:18 +02:00
Vladimír Čunát
a8f84a9dff
nixos/kresd: add link to upstream doc (#311915) 2024-10-18 10:22:18 +02:00
Atemu
267847014a
nixos/immich: do not set services.redis.servers.immich.user (#345126) 2024-10-18 10:19:46 +02:00
github-actions[bot]
275a4ece4b
Merge master into staging-next 2024-10-18 00:14:07 +00:00
Jack Wilsdon
df03b32278 nixos/jupyter: set user primary group 2024-10-17 23:44:53 +01:00
David McFarland
cd286b21e4
resolvconf: use correct output files when used with dnsmasq (#349320) 2024-10-17 16:44:18 -03:00
github-actions[bot]
7c78a608b4
Merge master into staging-next 2024-10-17 18:04:30 +00:00
David McFarland
403604ca66 resolvconf: use correct output files when used with dnsmasq 2024-10-17 14:20:57 -03:00
scrufulufugus
969102bd11 system76-scheduler: migrate to pkgs/by-name format 2024-10-17 18:22:34 +02:00
scrufulufugus
1d4df7adcc system76-scheduler: Move out of kernel category 
system76-scheduler: add alias at old location
 2024-10-17 18:22:34 +02:00
Brendan Taylor
04e39de6eb nixos/immich: do not set services.redis.servers.immich.user 
the redis module expects a user and group to exist with this name.
previously if there was no group with the same name as
`services.immich.user` the immich redis server would fail to start.

instead we can use the redis module's default behaviour: it will
create a user & group named "redis-immich".
 2024-10-17 07:19:02 -06:00
github-actions[bot]
8ba820d7db
Merge master into staging-next 2024-10-17 12:05:34 +00:00
Atemu
644c36174b
nixos/redis: add option services.redis.servers.*.group (#345327) 2024-10-17 10:39:48 +02:00
Leona Maroni
edd292c18b
nixos/dokuwiki,nixos/wordpress,nixos/invoiceplane: Remove deprecated isCoercibleToString (#292801) 2024-10-17 09:32:14 +02:00
github-actions[bot]
2d65a9d98d
Merge master into staging-next 2024-10-17 00:14:14 +00:00
Felix Bühler
cc42a1be7b
nixos/services.mysql: remove with lib; (#338048) 2024-10-16 21:38:48 +02:00
Robert Schütz
a9dee7c45b
immich: 1.117.0 -> 1.118.1 (#348890) 2024-10-16 12:31:58 -07:00
github-actions[bot]
775bea0160
Merge master into staging-next 2024-10-16 18:04:52 +00:00
Robert Schütz
e3152f80bf nixos/immich: change default port to 2283 
This was always upstream's default but they also change the internal
port, i.e. behind the reverse proxy, to 2283 in
https://github.com/immich-app/immich/pull/13185.
 2024-10-16 10:30:34 -07:00
Adam Stephens
bece21421b
nixos/atticd: wants network-online.target 
fixes:

trace: evaluation warning: atticd.service is ordered after 'network-online.target' but doesn't depend on it
 2024-10-16 12:36:19 -04:00
github-actions[bot]
d64350d170
Merge master into staging-next 2024-10-16 16:35:34 +00:00
nikstur
e81710fa8b
nixos/userborn: fix username typo (#346773) 2024-10-16 17:00:39 +02:00
github-actions[bot]
05ae933cd6
Merge master into staging-next 2024-10-16 12:05:34 +00:00
Aaron Andersen
2ab323a087
nixos/github-runners: Make 'enable' functional (#342996) 2024-10-16 10:18:14 +02:00
github-actions[bot]
0c3802422c
Merge master into staging-next 2024-10-16 06:04:54 +00:00
K900
70cc7b62f2
nixos/murmur: Set UMask to 027 (#348652) 2024-10-16 05:16:09 +03:00
github-actions[bot]
961e42940f
Merge master into staging-next 2024-10-16 00:14:08 +00:00
Robert Schütz
fb2d897809
nixos/headscale: don't set deprecated options in config (#347991) 2024-10-15 16:22:18 -07:00
Felix Bühler
e544a67eba
nixos/freshrss: fix phpfpm.pool (#347324) 2024-10-15 22:39:24 +02:00
Azat Bahawi
e2337957df
nixos/zapret: init (#347805) 2024-10-15 20:37:40 +00:00
Dmitry Voronin
5a5c04d1ea
nixos/zapret: init 2024-10-15 21:51:53 +03:00
Peder Bergebakken Sundt
13bf1d6259
nixos/resilio: add package option (#346427) 2024-10-15 20:38:41 +02:00
Martin Weinelt
72dd22a02d
nixos/coturn: reindent, unclutter 
Make the module slightly easier to browse.
 2024-10-15 18:31:52 +02:00
Martin Weinelt
6d9089c67d
nixos/coturn: set up sandboxing 2024-10-15 18:31:52 +02:00
Vladimír Čunát
8810e738c8
GNOME: 46 → 47 (#333911) 2024-10-15 18:07:04 +02:00
Felix Singer
13f6e2d85f nixos/murmur: Set UMask to 027 
Group only needs limited access, while other users don't need access at
all. So set the UMask to 027.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2024-10-15 02:43:42 +02:00
Maximilian Bosch
0f1e2a1cd8
nixos/postgresql: MemoryDenyWriteExecute must be off when doing JIT 
The test breaks like this otherwise:

    machine # WARNING:  error during JITing: Permission denied
    machine # [   14.012280] postgres[913]: [913] WARNING:  error during JITing: Permission denied
    machine # ERROR:  failed to look up symbol "evalexpr_0_1": Failed to materialize symbols: { (main, { evalexpr_0_1, evalexpr_0_0 }) }
 2024-10-14 23:57:39 +02:00
Someone
a9b63f037b
nvidia-container-toolkit: add "nvidia" to services.xserver.videoDrivers (#344174) 2024-10-14 19:58:35 +00:00
Sandro Jäckel
db12279890
nixos/go-camo: fix shellcheck findings with enableStrictShellChecks enabled 2024-10-14 18:21:30 +02:00
Sandro Jäckel
1ada7c1d36
nixos/nextcloud: fix shellcheck findings with enableStrictShellChecks enabled 2024-10-14 18:20:25 +02:00
Michele Guerini Rocco
35618d0b14
nixos/dhcpcd: fix race between namespace setup and resolvconf (#348305) 2024-10-14 15:44:32 +02:00
Adam C. Stephens
86420f4ee8
nixos/atticd: init module (#347749) 2024-10-14 09:33:35 -04:00
Bobby Rong
a506339b29
nixos/localsearch, nixos/tinysparql: Remove some empty lines 
As requested by Sandro.
 2024-10-14 20:54:19 +08:00
Bobby Rong
09918511b8
xdg-user-dirs-gtk: init at 0.11 
https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1625#note_2234235
 2024-10-14 20:54:17 +08:00
Bobby Rong
8a8d0974b8
nixos/localsearch: Format with nixfmt 
As requested by CI.
 2024-10-14 20:54:11 +08:00
Bobby Rong
c0a9799ad1
tinysparql: Renamed from tracker 
The project renamed in 3.8.

This commit is done by hand.
 2024-10-14 20:54:11 +08:00
Bobby Rong
bd9782dc89
localsearch: Renamed from tracker-miners 
The project renamed in 3.8.

This commit is done by hand.
 2024-10-14 20:54:11 +08:00
Bobby Rong
f65d304316
nixos/tinysparql: Format with nixfmt 
As requested by CI.
 2024-10-14 20:54:09 +08:00
Bobby Rong
6bfd9413a7
nixos/localsearch: Renamed from tracker-miners module 
The project was renamed.
 2024-10-14 20:54:09 +08:00
Bobby Rong
faf647b799
nixos/tinysparql: Renamed from tracker module 
The project was renamed.
 2024-10-14 20:54:09 +08:00
Bobby Rong
f65fd4b0dd
nixos/tracker: Remove subcommandPackages option 
The TRACKER_CLI_SUBCOMMANDS_DIR env is superseded by TRACKER_CLI_DIR env in
d14c3bb0af

The TRACKER_CLI_DIR env is then removed in
3a86e86c9d
with the commit message "we do no longer expect this CLI to be extended by external
projects".

Also tracker-miners (localsearch) now provides its own cli tool:
a8989f4378
 2024-10-14 20:54:09 +08:00
Martin Weinelt
f4226b78df
knot-dns: 3.4.0 -> 3.4.1 (#348476) 2024-10-14 14:20:26 +02:00
Richard Steinmetz
b9ca8498aa nixos/nextcloud-notify_push: fix connecting to mysql via socket 2024-10-14 13:30:05 +02:00
Vladimír Čunát
46954f61c6
nixos/knotd: extend SystemCallFilter 
It was breaking knot-dns.tests.knot
New knotd uses fchown to cover cases where user changes during startup.
In typical Linux cases the user is kept the same and there are
capabilities instead, but the syscall still happens and got caught here.
 2024-10-14 10:26:46 +02:00
Markus Kowalewski
812640f38a
nixos/saunafs: add module + test (#347337) 2024-10-14 09:24:51 +02:00
rnhmjoj
52e2e7027d
dhcpcd: fix race between namespace setup and resolvconf 
systemd requires paths in `ReadWritePaths=` to exist before setting up
the service sandbox, so dhcpcd should be ordered after resolvconf.
Making resolvconf a oneshot service ensure `After=resolvconf.service`
works correctly.
 2024-10-14 08:02:46 +02:00
Daniel Olsen
0ac0623e15 mjolnir: 1.6.5 -> 1.8.3 2024-10-14 07:43:39 +02:00
Pol Dellaiera
56cbea0d2e
snapweb: init at 0.8.0 (#347536) 2024-10-14 07:14:23 +02:00
Felix Buehler
de810c5163 nixos/freshrss: update de parameters 2024-10-13 23:07:46 +02:00
Bjørn Forsman
21529d1813 nixos/ups: shutdown UPS at host shutdown 
Implement the missing bit of the NUT shutdown design[1]. This ensures
that machines come back up automatically after a power outage. (Without
this change they will only come back up if the UPS completely empties
its battery.)

[1] https://networkupstools.org/docs/user-manual.chunked/Configuration_notes.html#Shutdown_design
 2024-10-13 17:55:52 +02:00
Bjørn Forsman
3b781a1e72 nixos/ups: document default upsmon MONITOR value 2024-10-13 17:55:52 +02:00
Bjørn Forsman
2b90f4cdb3 nixos/ups: sort settings attributes 
They're listed twice (documentation and implementation) and this change
makes it easier to compare the attrsets.
 2024-10-13 17:55:52 +02:00
Adam Stephens
8d4f3f2b3e
nixos/atticd: init module 
Copied from 1b29816235/nixos/atticd.nix and modified
 2024-10-13 08:23:34 -04:00
rnhmjoj
565f972ded
nixos/getty: add option to autologin once per boot, take 2 
Another attempt to bring ae48df3e while avoiding the Nix symlink bug[1].
I guess the bug was triggered by the sbin -> bin symlink in util-linux.

[1]: https://github.com/NixOS/nix/issues/9579
 2024-10-13 12:45:15 +02:00
Robert Schütz
cc4d29d353 nixos/headscale: assert that dns.base_domain is set when using MagicDNS 2024-10-12 18:28:17 -07:00
K900
001fb496bf Merge remote-tracking branch 'origin/master' into staging-next 2024-10-12 21:08:11 +03:00
Kerstin
35c52ab030
mastodon: 4.2.13 -> 4.3.0 (#337545) 2024-10-12 19:37:08 +02:00
Markus Kowalewski
d22d60f3ac
nixos/saunafs: add module + test 2024-10-12 19:13:00 +02:00
Maximilian Bosch
f840d87a6e
Merge: nixos/nginx: expand proxyResolveWhileRunning's description (#347164) 2024-10-12 17:14:43 +02:00
Cosima Neidahl
e58a261efb
lomiri.*: Updates (#341377) 2024-10-12 16:49:25 +02:00
github-actions[bot]
4433a315bd
Merge master into staging-next 2024-10-12 12:05:08 +00:00
Florian Klink
237016d023
gogs: remove (#348053) 2024-10-12 13:13:13 +03:00
Ramses
b1e4854ecb
nixos/automatic-timezoned: set time.timeZone to null to avoid silent overriding (#347217) 2024-10-12 11:12:27 +02:00
Pol Dellaiera
afd96bad04
Bump and fix nextjs-ollama-llm-ui (#347856) 2024-10-12 10:42:53 +02:00
Maximilian Bosch
875f00ed40
gogs: remove 
Upstream development has stalled and several critical vulnerabilities
that weren't addressed within a year[1][2].

Back then it was fair to mark it as insecure, but given nothing has
happened since, it's time to remove it.

[1] https://forgejo.org/2023-11-release-v1-20-5-1/
[2] https://github.com/gogs/gogs/issues/7777
 2024-10-12 10:36:06 +02:00
Robert Schütz
0673e98248 nixos/headscale: update option descriptions 2024-10-11 20:17:15 -07:00
Robert Schütz
dfb0f00fc9 nixos/headscale: don't set deprecated options in config 
We cannot use `mkRenamedOptionModule` or `mkRemovedOptionModule` inside
a freeform option. Thus we have to manually assert these deprecated
options aren't used rather than aliasing them to their replacement.
 2024-10-11 20:05:29 -07:00
github-actions[bot]
4f2eec3440
Merge master into staging-next 2024-10-12 00:13:45 +00:00
Robert Schütz
d4ae06c73b nixos/headscale: assert that server_url does not contain base_domain 2024-10-11 13:29:04 -07:00
Bruno Bigras
986d7cad0d
wakapi: set StateDirectory (#347431) 2024-10-11 14:48:16 -04:00
github-actions[bot]
b415f9c282
Merge master into staging-next 2024-10-11 18:04:32 +00:00
Florian Klink
7ba149e9d1
nixos/gerrit: Apply initial hardening using the systemd unit (#347661) 2024-10-11 15:16:09 +03:00
Peder Bergebakken Sundt
233d422887 nixos/tailscale: document tailscale-autoconnect 2024-10-11 10:59:49 +02:00
Kranium Gikos Mendoza
f385d942e1 nextjs-ollama-llm-ui: fix nextjs cache dir (#344316) 2024-10-11 17:35:37 +11:00
github-actions[bot]
e26f69eb82
Merge master into staging-next 2024-10-11 06:04:46 +00:00
OPNA2608
6037708c33 lomiri.lomiri-content-hub: Rename from lomiri.content-hub, 1.1.1 -> 2.0.0 2024-10-11 05:17:29 +02:00
oddlama
ae5481883d
nixos/stalwart-mail: fix issue where webadmin interface disappears after some time 2024-10-11 02:30:58 +02:00
github-actions[bot]
aa2334f4a8
Merge master into staging-next 2024-10-11 00:14:02 +00:00
Ayman Bagabas
762a9d42a1
bazarr: allow overriding package in module 2024-10-10 17:23:51 -04:00
h7x4
e49f3574ab
nixos/fedimintd: make nginx url forwarding path configurable (#347604) 2024-10-10 21:14:20 +02:00
Sebastián Zavala Villagómez
8a277a6abf nixos/automatic-timezoned: set time.timeZone to null to avoid silent overriding 
Currently if a timezone was selected explicitly, the service will
silently override the value, essentially ignoring what is meant to be a
a deliberate choice of option. This may cause confusion as to why the
option is not doing anything when this service is enabled, particularly
in more complex set-ups after some time.

This will simply make the choice deliberate from the user's part, either
by having to remove the option or lowering its priority as a recognition
that it may be ignored.

This change was inspired by the `services.tzupdate` module, which does
the same.

[1]: <https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/tzupdate.nix#L24>
 2024-10-10 14:33:12 -04:00
Izorkin
36a83a3bf1
mastodon: 4.2.13 -> 4.3.0 
Changelog:
https://github.com/mastodon/mastodon/releases/tag/v4.3.0
 2024-10-10 16:58:54 +02:00
github-actions[bot]
a5883bc172
Merge master into staging-next 2024-10-10 12:05:39 +00:00
Franz Pletz
af7b205640
nixos/localtimed: set time.timeZone to null to avoid silent overriding (#347221) 2024-10-10 13:44:36 +02:00
Franz Pletz
1479e0c4de
nixos/frr: refactor (#327099) 2024-10-10 12:55:34 +02:00
Pol Dellaiera
a72a8bcfb3
treewide: fix typo chown -> chmod (#347678) 2024-10-10 10:55:34 +02:00
K900
40dd5a1087 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-10 10:49:47 +03:00
r-vdp
9f1d2e97af
nixos/shorewall: Fix typo, chown -> chmod 2024-10-10 09:02:58 +02:00
Masum Reza
83965777ed
nixos/hypridle: make hypridle start with graphical-session.target (#347662) 2024-10-10 12:14:27 +05:30
Felix Singer
3d30811d4e nixos/gerrit: Apply initial hardening using the systemd unit 
These options are a good start for sandboxing the service. It's planned
to set `ProtectSystem` to `strict` instead of `full`, but that requires
specific directories to be configured as writable. It's also planned to
filter system calls. However, that requires more testing but it
shouldn't prevent us from applying these options for now and add others
later.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2024-10-10 07:12:28 +02:00
John Titor
5eee20f731
nixos/hypridle: make hypridle start with graphical-session.target 
If we don't add the dependency explicitly, the service won't be pulled in
at runtime. Link: https://github.com/NixOS/nixpkgs/pull/340874#issuecomment-2365302744

Closes: https://github.com/NixOS/nixpkgs/issues/347651
 2024-10-10 10:32:48 +05:30
github-actions[bot]
1404154595
Merge master into staging-next 2024-10-10 00:14:06 +00:00
Aaron Andersen
50a0ea2eb6
nixos/redmine: Apply initial hardening using the systemd unit (#346554) 2024-10-09 18:47:58 -04:00
Dawid Ciężarkiewicz
570454c295
nixos/fedimintd: make nginx url forwarding path configurable 
Some users would like to customize it.

Also, in current versions of fedimint p2p port in the URL
must be set, due to some bug, so update the example value
to reflect that.
 2024-10-09 14:28:51 -07:00
Frank Doepper
ecdfb14ef9 nixos/frr: refactor 
- use upstream service and scripts
- switch to integrated-vtysh-config, abandon per-daemon config
- use always daemon names in options (e.g. ospf -> ospfd)
- zebra, mgmtd and staticd are always enabled
- abandon vtyListenAddress, vtyListenPort options; use
  just "extraOptions" or "options" instead, respectively
- extend test to test staticd
- update release-notes
- pkgs.servers.frr: fix sbindir and remove FHS PATH
- introduce services.frr.openFilesLimit option
 2024-10-09 22:49:50 +02:00
Robert Schütz
db4fd8f4e3
nodePackages.npm: drop (#346536) 2024-10-09 12:01:42 -07:00
ettom
4a9538bdbf nixos/snapserver: default http.docRoot to snapweb 2024-10-09 21:45:45 +03:00
K900
0717a4da77 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-09 21:08:25 +03:00
Franz Pletz
ca912828ba
nixos/dhcpcd: allow jemalloc and mimalloc memory allocators (#346938) 2024-10-09 17:27:26 +02:00
Matthew Croughan
4eb19953b6
node-red: move from nodePackages (#347018) 2024-10-09 16:11:38 +01:00
Franz Pletz
689b9903ac
nixos/tailscale-derper: init (#306533) 2024-10-09 17:05:01 +02:00
Franz Pletz
ae4102c9f3
headscale (module and package): 0.22.3 -> 0.23.0 (#340054) 2024-10-09 17:01:18 +02:00
Bruno Bigras
90f457d197 wakapi: set StateDirectory 
fix #347393
 2024-10-09 02:54:57 -04:00
Felix Buehler
6290926fed nixos/freshrss: fix phpfpm.pool 2024-10-08 20:23:52 +02:00
K900
956f9243c0 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-08 21:15:13 +03:00
Robert Schütz
b129e21ffd node-red: move from nodePackages 2024-10-08 08:29:56 -07:00
Enno Richter
1c01774e61 nixos/oauth2-proxy: fix display-htpasswd-form flag name 2024-10-08 16:25:00 +02:00
K900
bf21badcac nixos/plasma6: adjust for portal config changes 2024-10-08 15:31:24 +03:00
Sandro Jäckel
a155c718d3
nixos/nginx: expand proxyResolveWhileRunning's description 2024-10-08 13:36:13 +02:00
Izorkin
c3e32a04ae
nixos/dhcpcd: allow jemalloc and mimalloc memory allocators 2024-10-08 14:12:27 +03:00
Victor Engmark
7d3b47a0fa
nginx: Create cryptographically secure htpasswd file 
Requires the `htpasswd` command available from `pkgs.apacheHttpd`.
 2024-10-08 23:14:26 +13:00
Victor Engmark
fef047eba5
nginx: Use placeholders which play nicely with Bash 
`<` and `>` are redirection operators.
 2024-10-08 23:09:47 +13:00
Florian Klink
146e83d76b
dhcpcd: enable sandboxing options (#208780) 2024-10-08 13:09:11 +03:00
e1mo
4f899ed44d
nixos/dokuwiki,nixos/wordpress,nixos/invoiceplane: Remove deprecated isCoercibleToString 
Close #292788
 2024-10-08 11:53:03 +02:00
Sebastián Zavala Villagómez
1c5727cdf7 nixos/localtimed: set time.timeZone to null to avoid silent overriding 
Currently if a timezone was selected explicitly, the service will
silently override the value, essentially ignoring what is meant to be a
a deliberate choice of option. This may cause confusion as to why the
option is not doing anything when this service is enabled, particularly
in more complex set-ups after some time.

This will simply make the choice deliberate from the user's part, either
by having to remove the option or lowering its priority as a recognition
that it may be ignored.

This change was inspired by the `services.tzupdate` module, which does
the same.

[1]: <https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/tzupdate.nix#L24>
 2024-10-07 23:40:49 -04:00
Emily
df769e85f3 Merge master into staging-next 2024-10-08 01:23:55 +01:00
Thomas Gerbet
16caf1231b cups-filters: remove support for legacy CUPS browsing and for LDAP 
Fixes CVE-2024-47176 and CVE-2024-47850. NixOS is not affected by these security issues by
default because we do not ship the default configuration file so it fallbacks to `BrowseRemoteProtocols dnssd`.

631/udp is removed from the open firewall ports, it was by the CUPS
browsing protocol.
 2024-10-07 22:28:12 +02:00
K900
0846895fc6 Merge remote-tracking branch 'origin/master' into staging-next 2024-10-07 21:08:55 +03:00
Sandro
0538ecd092
rss-bridge: Remove pkg patch, adapt nixos service (#331295) 2024-10-07 18:57:22 +02:00
github-actions[bot]
b33aedbb4d
Merge master into staging-next 2024-10-07 12:05:43 +00:00
Cosima Neidahl
a825406b15
lomiri.lomiri: Replace NIXOS_XKB_LAYOUTS envvar with file (#345288) 2024-10-07 09:33:40 +02:00
github-actions[bot]
5fa43e7396
Merge master into staging-next 2024-10-07 06:05:15 +00:00
Emily
1a53b400e5
mongodb: mongodb-5_0 -> mongodb-7_0; mongodb-5_0: drop; unifi: unifi7 -> unifi8; unifi{7,-video}: drop (#345625) 2024-10-07 01:38:54 +01:00
github-actions[bot]
ab0e8e5be7
Merge master into staging-next 2024-10-07 00:14:55 +00:00
Emily
b0395df085 unifi7: drop 2024-10-06 22:47:41 +01:00
Dionysis Grigoropoulos
8e9ae86774
tailscaled: Add option to disable Taildrop 2024-10-07 00:22:59 +03:00
Izorkin
611b1d53b7
dhcpcd: enable sandboxing options 2024-10-06 23:46:18 +03:00
Kevin Cox
fb9b5c806b
mautrix-meta: drop maintainership Rutherther (#346916) 2024-10-06 14:45:10 -04:00
Kevin Cox
b8fc5855fb
nixos.mautrix-meta: Update config to 0.4 format (#343606) 2024-10-06 14:44:41 -04:00
Rutherther
379ca4e67f mautrix-meta: drop maintainership Rutherther 2024-10-06 20:33:42 +02:00
Bjørn Forsman
40bfbe3226 nixos/scrutiny: wait until ready 
Add postStart code that waits until Scrutiny has opened its port. This
fixes a race condition against scrutiny-collector, which can start (and
fail) before scrutiny is ready.
 2024-10-06 20:07:45 +02:00
github-actions[bot]
7ab01e096c
Merge master into staging-next 2024-10-06 18:03:58 +00:00
Maximilian Bosch
5ee80e8120
Merge: nixos/nginx: remove shortand from defaultText (#346767) 2024-10-06 17:13:51 +02:00
Sandro
020c26717f
nixos/quorum: fix geth args, fix test (#341181) 2024-10-06 14:06:31 +02:00
github-actions[bot]
5c3e5ec59f
Merge master into staging-next 2024-10-06 12:05:15 +00:00
Sandro
00461d0fcb
nixos/nginx: fix double slash in example (#346774) 2024-10-06 13:58:54 +02:00
Sandro Jäckel
dd7ef21afc
nixos/nginx: fix double slash in example 2024-10-06 03:45:51 +02:00
Aaron Andersen
38a589083e
nixos/userborn: fix username typo 2024-10-05 21:40:09 -04:00
Sandro
b64b2d25c2
nixos/nginx: remove shortand from defaultText 2024-10-06 03:19:07 +02:00
github-actions[bot]
ff851b037d
Merge master into staging-next 2024-10-06 00:15:37 +00:00
Nick Cao
9e012ecbf2
nixos/sing-box: generate config file into RuntimeDirectory 2024-10-05 18:18:23 -04:00
Nick Cao
5f821de20c
keycloak: 25.0.6 -> 26.0.0 (#346439) 2024-10-05 18:14:45 -04:00
Felix Singer
0f599d1e68 nixos/redmine: Apply initial hardening using the systemd unit 
These options are a good start for sandboxing the service. It's planned
to set `ProtectSystem` to `strict` instead of `full`, but that requires
specific directories to be configured as writable. It's also planned to
filter system calls. However, that requires more testing but it
shouldn't prevent us from applying these options for now and add others
later.

In my tests, Redmine only bound to an IPv4 address and Unix socket,
which is why I restricted the address families to these both.

The command `systemd-analyze security redmine.service` reports an
overall exposure level of 2.9 with this patch.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2024-10-05 22:13:37 +02:00
h7x4
25f2846361
nixos/bind: set type of zones.*.extraConfig to lines (#346424) 2024-10-05 21:07:26 +02:00
Robert Schütz
506df4e38e nodePackages.npm: drop 2024-10-05 11:23:49 -07:00
Nick Cao
6069dde181
nixos/keycloak: make initialAdminPassword optional 2024-10-05 08:37:41 -04:00
github-actions[bot]
94cb2166da
Merge master into staging-next 2024-10-05 12:05:30 +00:00
r-vdp
94532d1530 nixos/syncthing: remove syncthing-resume service 
It was removed upstream in https://github.com/syncthing/syncthing/pull/9611
and the stub generated by nixos now prints an error in the logs due to
it not having a ExecStart line.
 2024-10-05 12:55:39 +02:00
github-actions[bot]
13400dc754
Merge master into staging-next 2024-10-05 06:04:21 +00:00
Brendan Taylor
cb31bd4755 nixos/redis: add option services.redis.servers.*.group 
previously if you set the "user" option and did not create a group
account with the same name the module would create a service that would
fail to start.

with this change:
- the module is more explicit about this behaviour
- you can configure the group directly, so that you're not forced to a
  particular user/group structure
- you can read the group name used by the redis service. this is useful
  for giving other services permission to use the redis socket.
 2024-10-04 21:12:38 -06:00
Bobby Rong
f594475564
nixos/xfce: Fix ambiguous with (#346528) 2024-10-05 09:03:18 +08:00
Sandro Jäckel
9b996f7396
nixos/xfce: Fix ambiguous with 
Pull request 345352 introduces `pkgs.exo`, don't pick up that package.
 2024-10-05 08:43:24 +08:00
Nick Cao
0cdc3e2a0b
nixos/keycloak: drop removed proxy option 
Reference: https://www.keycloak.org/docs/latest/upgrading/index.html#proxy-option-removed
 2024-10-04 20:20:46 -04:00
github-actions[bot]
e9c8665026
Merge master into staging-next 2024-10-05 00:14:01 +00:00
Nick Cao
16cd47369f
nixos/keycloak: KEYCLOAK_ADMIN{,PASSWORD} -> KC_BOOTSTRAP_ADMIN_{USERNAME,PASSWORD} 
Reference: https://www.keycloak.org/docs/latest/upgrading/index.html#admin-bootstrapping-and-recovery
 2024-10-04 20:08:06 -04:00
Nick Cao
d2ec2d3c29
nixos/keycloak: link $out/lib to KC_HOME_DIR to fix loading optimized app image 
Reference: https://www.keycloak.org/docs/latest/upgrading/index.html#additional-validations-on-the-optimized-startup-option
 2024-10-04 20:06:08 -04:00
Aaron Andersen
913a23b5e2
nixos/redmine: Allow specifying an IP address Redmine should bind to (#345617) 2024-10-04 18:18:45 -04:00
Anthony Roussel
17fd7e3eea
nixos/gns3-server: fix ubridge support (#303442) 2024-10-04 22:16:13 +02:00
github-actions[bot]
fb53f9f64b
Merge master into staging-next 2024-10-04 18:04:31 +00:00
Peder Bergebakken Sundt
986e6d4e3d
tsm-client: 8.1.23.0 -> 8.1.24.0 (#345039) 2024-10-04 18:25:37 +02:00
K900
d5f1752ca9
xdg-desktop-portal-gtk: Enable all default portals unconditionally (#345979) 2024-10-04 18:29:33 +03:00
Peder Bergebakken Sundt
f0ad87bdd7 nixos/resilio: add package option 2024-10-04 15:13:04 +02:00
Mynacol
aa0fc3e8b8 rss-bridge: Remove pkg patch, adapt nixos service 
The rss-bridge service changes introduced in f2201789fe
resp. https://github.com/NixOS/nixpkgs/pull/223148 removes the need for
the package patch. This commit removes the patch to ease updating and
maintenance.
Relevant service functionality was also removed (e.g. the setting of
RSSBRIDGE_DATA).

The explicit definition of FileCache.path so users can easily see its
default value and change it, requires to use a freeformType to let users
freely add potentially upcoming config options. This type is restricted
to ini types (although we coerce them to environment variables).
This however makes the list of enabled_bridges impossible. That was
fixed by explicitly introducing this option with a type allowing lists.
The default value however should be unset, which is expressed as `null`,
which further spurred a change in the environment variable generation to
ignore null values (instead of coercing them to an empty string).

A breaking change note was added to highlight this change. A check that
warns users of the not-application of their existing config file is
not easily possible, as people could have only added or changed the
config.ini.php file on the file system without changing a nix variable.
 2024-10-04 14:58:15 +02:00
Felix Stupp
6de4d04fdb
nixos/bind: set type of zones.*.extraConfig to lines 
allowing multiple definitions of that option to be merged, because:
- their order should be irrelevant
- it might make sense to declare multiples of them at different locations
 2024-10-04 14:49:12 +02:00
github-actions[bot]
5942e21e4e
Merge master into staging-next 2024-10-04 12:05:36 +00:00
h7x4
d783411040
nixos: improve systemd slice names (#345990) 2024-10-04 12:08:36 +02:00
Pol Dellaiera
2199b69a7a
nixos/privatebin: init module & privatebin: init at 1.7.4 (#344014) 2024-10-04 09:51:40 +02:00
Paul Meyer
3e9b0cdf35
go_1_21/buildGo121Module: remove (#344622) 2024-10-04 08:29:15 +02:00
github-actions[bot]
61f961f1f6
Merge master into staging-next 2024-10-04 06:04:48 +00:00
Sandro
e00cc9f2fa
openwebrx: remove alias alsaUtils -> alsa-utils (#346259) 2024-10-04 02:21:40 +02:00
github-actions[bot]
579054c806
Merge master into staging-next 2024-10-04 00:14:14 +00:00
Astro
48b4aa8eae openwebrx: s/alsaUtils/alsa-utils/ 
allows running with allowAliases = false
 2024-10-03 23:53:56 +02:00