dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
398,017 Commits 3 Branches 0 Tags 4.3 GiB
93c57a9884
Commit Graph

13729 Commits

Author SHA1 Message Date
Florian Klink
7df5b81fc3 nixos/grafana-agent: ensure defaults are merged 
Move the defaults to the `config` section of the module, and apply them
with mkDefault.

That way the defaults are merged with user-provided config, and are
merged without having to use lib.mkForce.
 2022-07-29 13:23:12 +07:00
AndersonTorres
bef8e4df1d fvwm3: nixos module 2022-07-28 22:28:41 -03:00
AndersonTorres
2617a00699 fvwm: rename nixos module to fvwm2 2022-07-28 22:28:39 -03:00
github-actions[bot]
6a1cd17d72
Merge staging-next into staging 2022-07-28 18:01:55 +00:00
misuzu
9b1db3db0e nixos/gitlab-runner: undeprecate configFile option 2022-07-28 17:16:55 +02:00
misuzu
b4028126f1 nixos/gitlab-runner: add settings option 2022-07-28 17:16:55 +02:00
github-actions[bot]
437247fc43
Merge staging-next into staging 2022-07-28 12:02:23 +00:00
Sandro
b5b9c81496
Merge pull request #177573 from asbachb/bugfix/gitea/175967 2022-07-28 13:55:11 +02:00
Bernardo Meurer
2d070e3213
Merge pull request #182535 from lovesegfault/roon-hqplayerd-fixes 
nixos/{roon,hqplayerd}: small fixes
 2022-07-28 00:27:15 -07:00
github-actions[bot]
c5298a170d
Merge staging-next into staging 2022-07-27 18:02:13 +00:00
Alan Strohm
81cd3e229c
nixos/restic: add 'backups.package' option to override the restic package (#183028) 2022-07-27 13:47:41 -04:00
Bobby Rong
36d7b18e75
Merge pull request #162980 from NickCao/mautrix-telegram-nixos 
nixos/mautrix-telegram: add lottieconverter to path
 2022-07-27 20:39:08 +08:00
github-actions[bot]
54f2dacce1
Merge staging-next into staging 2022-07-27 00:03:09 +00:00
Rick van Schijndel
9e9f6fc1c3
Merge pull request #152065 from chkno/stunnel-extraConfig 
nixos/stunnel: Make free-form
 2022-07-26 23:24:31 +02:00
github-actions[bot]
52e7c12c41
Merge staging-next into staging 2022-07-26 06:02:58 +00:00
Bernardo Meurer
1cfb6dab0f
Merge pull request #182789 from talyz/sshd-dont-delete-symlinks 
sshd: Don't remove symlinks to host key files
 2022-07-25 21:51:46 -07:00
github-actions[bot]
4defba0df7
Merge staging-next into staging 2022-07-26 00:03:07 +00:00
Winter
c4665307de
Merge pull request #180148 from Luflosi/nginx-fix-listenAddresses-example 
nixos/nginx: fix broken listenAddresses example
 2022-07-25 17:47:00 -04:00
github-actions[bot]
2aa98a3fe0
Merge staging-next into staging 2022-07-25 18:02:05 +00:00
Lin Jian
b6617bb594
nixos/kanata: init 2022-07-26 00:06:48 +08:00
Kevin Cox
6efae3d6a9
Merge pull request #118093 from stuebinm/nextcloud-secrets 
nixos/nextcloud: add extraOptions and secretFile options
 2022-07-25 11:29:11 -04:00
github-actions[bot]
d31202e8c3
Merge staging-next into staging 2022-07-25 12:02:27 +00:00
Maximilian Bosch
f923f5b9aa
Merge pull request #182456 from mayflower/crowd-secrets 
nixos/crowd: store openid password securely
 2022-07-25 12:02:57 +02:00
github-actions[bot]
a5a3f67b15
Merge staging-next into staging 2022-07-25 00:03:30 +00:00
Mario Rodas
f97827178e
Merge pull request #181021 from melvyn2/patch-1 
Add `bash` to netdata service path
 2022-07-24 16:12:07 -05:00
Sandro
87c66cbb56
nixos/hydra: fix runuser in init 2022-07-24 18:05:10 +02:00
Sandro
8f89704410
Merge pull request #182648 from SuperSandro2000/hedgedoc-module 
nixos/hedgedoc: improve ldap settings
 2022-07-24 16:33:11 +02:00
github-actions[bot]
4a6e124c33
Merge staging-next into staging 2022-07-24 12:02:06 +00:00
Felix Buehler
17e93b090e services.murmur: add openFirewall option 2022-07-24 10:32:37 +02:00
Sandro Jäckel
98f180b0e3
nixos/hedgedoc: set good default for ldap.tlsca 2022-07-24 04:08:18 +02:00
Sandro Jäckel
1a7f6b4070
nixos/hedgedoc: do not require to set searchAttributes when ldap login is used 2022-07-24 04:08:18 +02:00
github-actions[bot]
b38a1818bc
Merge staging-next into staging 2022-07-23 12:02:12 +00:00
Bjørn Forsman
65399c4742 nixos/syncthing: don't leak the secret API key in process listings 2022-07-23 13:59:11 +02:00
Bjørn Forsman
16108ff74a nixos/jenkins-job-builder: set serviceConfig.Type = "oneshot" 
This change allows detecting configuration errors during
switch-to-configuration instead of them being reported asynchronously
*after* switch-to-configuration has exited.

(And update the NixOS test accordingly.)
 2022-07-23 13:30:53 +02:00
Nick Cao
f1a08f54f0
nixos/mautrix-telegram: add lottieconverter to path 2022-07-23 16:43:39 +08:00
Bernardo Meurer
836af9c15e nixos/hqplayerd: allow GPU acceleration 2022-07-22 21:21:46 -07:00
Bernardo Meurer
d66f766cac nixos/roon-server: fix openFirewall 2022-07-22 21:20:50 -07:00
Dan Callaghan
133ebbe46a
nixos/sssd: add an option to enable KCM support 2022-07-23 10:14:09 +10:00
github-actions[bot]
b4832bac52
Merge staging-next into staging 2022-07-22 15:34:59 +00:00
Jörg Thalheim
8807057296 nixos/openldap: drop myself as maintainer 2022-07-22 16:54:13 +02:00
Sandro
8455ba6d64
Merge pull request #181258 from SuperSandro2000/onlyoffice 2022-07-22 16:28:13 +02:00
pennae
e4d4b3cd64
Merge pull request #182441 from leungbk/lemmy-whitespace 
services/web-apps/lemmy.nix: Remove space that causes a type error
 2022-07-22 14:30:23 +02:00
github-actions[bot]
dec2508b80
Merge staging-next into staging 2022-07-22 12:02:21 +00:00
Maximilian Bosch
ee2413c326
nixos/crowd: store openid password securely 2022-07-22 13:13:12 +02:00
Maximilian Bosch
1f6910b7dd
Merge pull request #182267 from mayflower/confluence-secrets 
nixos/confluence: store crowd SSO password securely
 2022-07-22 13:12:17 +02:00
Maximilian Bosch
85231bbd6e
Merge pull request #182261 from mayflower/mailman-rest-api-pass-file 
nixos/mailman: don't leak MAILMAN_REST_API_PASS into the store
 2022-07-22 13:11:37 +02:00
Ilan Joselevich
d0617a58e2
services/web-apps/lemmy.nix: Remove space that causes a type error 2022-07-22 01:19:28 -07:00
github-actions[bot]
df9f22a8b8
Merge staging-next into staging 2022-07-22 00:03:25 +00:00
Martin Weinelt
457d109dcd
Merge pull request #179597 from Mic92/openldap-path 
[staging] openldap: remove deprecated options, improve encapsulation
 2022-07-22 00:26:32 +02:00
Sandro
98b4daa994
Merge pull request #181881 from SuperSandro2000/searx 2022-07-21 22:39:48 +02:00
Sandro
f7f8721b1e
Merge pull request #162689 from astro/glusterfs 
nixos/glusterfs: exclude hook "S10selinux-label-brick.sh"
 2022-07-21 22:15:00 +02:00
Sofi
e2b34f0f11
nixos/minecraft-server: let server shutdown cleanly (#182149) 2022-07-21 15:05:43 -04:00
talyz
ddf8182d5b
sshd: Don't remove symlinks to host key files 
If a host key file is a symlink pointing to an as of yet non-existent
file, we don't want to remove it, but instead follow the symlink and
create the file at that location.

See https://github.com/nix-community/impermanence/issues/101 for more
information on the issue the original behavior creates.
 2022-07-21 19:15:04 +02:00
Vincent Haupert
539b61ea37 nixos/github-runner: fix capset syscall filtering 
capset(2) is a single system call, not a set of multiple system calls.
 2022-07-21 16:08:15 +02:00
Maximilian Bosch
258060c37d
nixos/confluence: store crowd SSO password securely 
Basically the same as the JIRA change[1], but I figured that we can
actually implement that in a backwards compatible manner.

[1] https://github.com/NixOS/nixpkgs/pull/181715
 2022-07-20 23:11:53 +02:00
Maximilian Bosch
db9937b578
nixos/mailman: don't leak MAILMAN_REST_API_PASS into the store 2022-07-20 22:23:54 +02:00
Maximilian Bosch
501bbad4ce
Merge pull request #182104 from mayflower/mail-exporter-secrets 
nixos/prometheus-mail-exporter: support storing `passphrase` outside of the store, use umask when using envsubst
 2022-07-20 20:42:14 +02:00
Maximilian Bosch
92bd77e85e
nixos/prometheus-mail-exporter: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch
590e60d124
nixos/mxisd: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch
81add6600c
nixos/privacyidea-ldap-proxy: umask to avoid accidental world-readability 2022-07-20 20:29:38 +02:00
Maximilian Bosch
39c0694709
nixos/prometheus-mail-exporter: support storing passphrase outside of the store 2022-07-19 17:32:08 +02:00
github-actions[bot]
cfe78489c9
Merge master into staging-next 2022-07-19 12:01:43 +00:00
Sandro
bca69a4037
Merge pull request #181867 from newAM/github-runner 
nixos/github-runner: fix systemd defaults for common workflows
 2022-07-19 12:56:17 +02:00
Euan Kemp
f158ac45ef nixos/k3s: use default cgroup-driver again 
Setting `cgroup-driver=systemd` was originally necessary to match with
docker, else the kubelet would not start (#111835)

However, since then, docker support has been dropped from k3s (#177790).
As such, this option is much less necessary.

More importantly, it now seems to be actively causing issues. Due to an
upstream k3s bug, it's resulting in the kubelet and containerd having
different cgroup drivers, which seems to result in some difficult to
debug failure modes.

See
https://github.com/NixOS/nixpkgs/issues/181790#issuecomment-1188840862
for a description of this problem.

Removing this flag entirely seems reasonable to me, and it results in
k3s working again on my machine.
 2022-07-19 02:52:12 -07:00
Wei Tang
b0a0087d53
nixos/flannel: upgrade to etcdv3 (#180315) 2022-07-19 16:09:42 +10:00
github-actions[bot]
305e8cb7b8
Merge master into staging-next 2022-07-19 06:03:02 +00:00
Wout Mertens
3ee8d4c909
netdata module: fix ExecStartPost (#181976) 2022-07-19 06:19:18 +02:00
github-actions[bot]
d64d75f2f3
Merge master into staging-next 2022-07-19 00:02:21 +00:00
Joachim F
0640ef2ccc
Merge pull request #180231 from dfithian/heartbeat 
heartbeat service: specify package
 2022-07-18 20:56:08 +02:00
Dan Fithian
49a5377557 heartbeat service: specify package 
Other elastic services can specify the package. Now we can also do it for heartbeat.
 2022-07-18 14:39:22 -04:00
github-actions[bot]
83702a6ef7
Merge master into staging-next 2022-07-18 18:01:14 +00:00
oaksoaj
fc9e22fca1 yggdrasil: add group option back and remove systemd User= directive 
The group configuration parameter allow to share access to yggdrasil
control socket with the users in the system. In the version we propose,
it is null by default so that only root can access the control socket,
but let user create their own group if they need.

Remove User= durective in systemd unit. Should a user with the specified
name already exist in the system, it would be used silently instead of a
dynamic user which could be a security concern.
 2022-07-18 12:56:59 -05:00
oaksoaj
080774e28f yggdrasil: reenable DynamicUser 
Since version 0.4 Yggdrasil works again using systemd's DynamicUser option.
This patch reenables it to improve security.

We tested this with both persistent and non-persistent keys. Everything
seems to work fine.
 2022-07-18 12:56:59 -05:00
Maximilian Bosch
179688c7c8
Merge pull request #181377 from mayflower/mxisd-secrets 
nixos/mxisd: allow passing secrets
 2022-07-18 15:10:49 +02:00
Maximilian Bosch
8b72dae17b
Merge pull request #181528 from Ma27/privacyidea-ldap-proxy-secrets 
nixos/privacyidea: better secret-handling ldap-proxy & RFC42-style settings for ldap-proxy
 2022-07-18 14:19:47 +02:00
github-actions[bot]
71fe747e70
Merge master into staging-next 2022-07-18 12:01:55 +00:00
Maximilian Bosch
949c334ea9
nixos/privacyidea-ldap-proxy: use list for EnvironmentFile for mergeability 2022-07-18 13:58:08 +02:00
Maximilian Bosch
dab3ae9d8b
Merge pull request #181715 from mayflower/jira-secret-opts 
nixos/atlassian-jira: allow to store SSO password for crowd outside of the Nix store
 2022-07-18 13:53:42 +02:00
Jörg Thalheim
9a020f31aa
Merge pull request #175439 from Mic92/jellyfin 
nixos/jellyfin: better defaults for hardware acceleration
 2022-07-18 12:51:54 +01:00
Maximilian Bosch
c2c82fbe43
nixos/mxisd: use a list for env file for mergeability 2022-07-18 13:47:09 +02:00
Vladimír Čunát
250922fd1e
Merge branch 'master' into staging-next 2022-07-18 08:29:53 +02:00
Alex Martens
c34749dd63 nixos/github-runner: fix systemd defaults for common workflows 2022-07-17 22:02:57 -07:00
Sandro Jäckel
3920bb41f2
nixos/searx: improve searxng compatibility 2022-07-17 21:45:30 +02:00
Sandro
0890c4aef1
Merge pull request #168879 from aidalgol/pass-secret-service-systemd-unit 2022-07-17 16:45:27 +02:00
Bjørn Forsman
0080a93cdf nixos/jenkins-job-builder: create secret file with umask 0077 
IOW, don't make it world readable.
 2022-07-17 15:24:48 +02:00
Sandro Jäckel
5e297d07aa
nixos/onlyoffice: init 2022-07-16 23:32:07 +02:00
Vladimír Čunát
0879ac5da6
Merge branch 'master' into staging-next 2022-07-16 20:07:05 +02:00
Maximilian Bosch
4adf26f018
nixos/privacyidea-ldap-proxy: always run envsubst 
Otherwise the file doesn't exist at the expected location.
 2022-07-16 14:00:46 +02:00
Kim Lindberger
d012de5b1d
Merge pull request #181401 from yayayayaka/gitlab-bump-git-to-2.35.4 
nixos/gitlab: Bump git to 2.35.4
 2022-07-16 13:37:16 +02:00
Maximilian Bosch
765cc35042
nixos/atlassian-jira: allow to store SSO password for crowd outside of the Nix store 
The option `services.jira.sso.applicationPassword` has been replaced by
`applicationPasswordFile` that needs to be readable by the `jira`-user
or group.

The new `crowd.properties` is created on startup in `~jira` and the
secret is injected into it using `replace-secret`.
 2022-07-16 13:01:29 +02:00
Bjørn Forsman
50eaf82b6f nixos/jenkins-job-builder: fix jenkins authentication 
The current authentication code is broken against newer jenkins:

  jenkins-job-builder-start[1257]: Asking Jenkins to reload config
  jenkins-start[789]: 2022-07-12 14:34:31.148+0000 [id=17]        WARNING hudson.security.csrf.CrumbFilter#doFilter: Found invalid crumb 31e96e52938b51f099a61df9505a4427cb9dca7e35192216755659032a4151df. If you are calling this URL with a script, please use the API Token instead. More information: https://www.jenkins.io/redirect/crumb-cannot-be-used-for-script
  jenkins-start[789]: 2022-07-12 14:34:31.160+0000 [id=17]        WARNING hudson.security.csrf.CrumbFilter#doFilter: No valid crumb was included in request for /reload by admin. Returning 403.
  jenkins-job-builder-start[1357]: curl: (22) The requested URL returned error: 403

Fix it by using `jenkins-cli` instead of messing with `curl`.

This rewrite also prevents leaking the password in process listings. (We
could probably do it without `replace-secret`, assuming `printf` is a
shell built-in, but this implementation should be safe even with shells
not having a built-in `printf`.)

Ref https://github.com/NixOS/nixpkgs/issues/156400.
 2022-07-16 12:30:41 +02:00
github-actions[bot]
fa96a4fa79
Merge master into staging-next 2022-07-16 00:02:26 +00:00
Sandro
2d0f98389f
Merge pull request #175738 from SuperSamus/plasma 2022-07-16 00:56:08 +02:00
Aaron Andersen
9b01242132
Merge pull request #131261 from bb2020/dlna 
nixos/minidlna: convert to structural settings
 2022-07-15 21:28:19 +02:00
github-actions[bot]
9f53d5cc15
Merge master into staging-next 2022-07-15 18:01:23 +00:00
Sandro
8e45a79ab1
Merge pull request #181579 from NixOS/netdata-module-startpost 
netdata: fix post start for module
 2022-07-15 16:20:55 +02:00
Sandro
475b23340b
Merge pull request #181410 from lilyinstarlight/fix/greetd-default-user 
nixos/greetd: fix minor typo for default user
 2022-07-15 16:12:09 +02:00
github-actions[bot]
a4622e8226
Merge master into staging-next 2022-07-15 12:01:15 +00:00
Wout Mertens
7f55ee3a53
netdata: fix post start for module 2022-07-15 09:57:13 +02:00
zowoq
e2659eea36 nixos/kubernetes: use copyToRoot instead of deprecated contents 2022-07-15 10:23:06 +10:00