dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
528,802 Commits 3 Branches 0 Tags 4.3 GiB
e712b6e81d
Commit Graph

26946 Commits

Author SHA1 Message Date
Majiir Paktu
e712b6e81d nixos/pam: generate apparmor includes from rules 
Removes redundant config from the module. Fixes a bug where some modules
(e.g. ussh) were added to apparmor even though they had no rules enabled.
 2023-10-10 21:11:35 -04:00
Majiir Paktu
43f7cb4a95 nixos/pam: add order comment to each rule line 2023-10-10 21:11:35 -04:00
Majiir Paktu
077cdcc7e9 nixos/pam: convert rules to attrs, add order field 
Makes it possible to override properties of a rule by name. Introduces
an 'order' field that can be overridden to change the sequence of rules.

For now, the order value for each built-in rule is derived from its
place in the hardcoded list of rules.
 2023-10-10 21:11:34 -04:00
Majiir Paktu
e86487e579 nixos/pam: remove empty text fields 2023-10-10 21:11:34 -04:00
Majiir Paktu
5b8439f966 nixos/pam: add settings option for common argument styles 
Adds easily overrideable settings for the most common PAM argument
styles. These are:

- Flag (e.g. "use_first_pass"): rendered for true boolean values. false
  values are ignored.

- Key-value (e.g. "action=validate"): rendered for non-null, non-boolean
  values.

Most PAM arguments can be configured this way. Others can still be
configured with the 'args' option.
 2023-10-10 21:11:34 -04:00
Majiir Paktu
6eea7fb194 nixos/pam: extract args field 
Module arguments have common escaping rules for all PAMs.
 2023-10-09 23:17:37 -04:00
Majiir Paktu
12a488e89c nixos/pam: extract modulePath field 2023-10-09 23:17:36 -04:00
Majiir Paktu
25bc21f19a nixos/pam: extract control field 2023-10-09 23:17:36 -04:00
Majiir Paktu
0563e0a379 nixos/pam: give each rule a name 
These names are internal identifiers. They will be used as keys so that
users can reconfigure rules by merging a rule config with the same name.
The name is arbitrary. The built-in rules are named after the PAM where
practical.
 2023-10-09 23:17:36 -04:00
Majiir Paktu
fbd7427b14 nixos/pam: define rules as submodules 
Allows us to decompose rules into multiple fields that we later format
as textual rules. Eventually allows users to override individual fields.
 2023-10-09 23:17:36 -04:00
Majiir Paktu
3c85d159f7 nixos/pam: automatically populate rule type 
Eliminates a redundancy between the 'rules' suboptions and the type
specified in each rule.

We eventually want to give each rule a name so that we can merge config
overrides. The PAM name is a natural choice for rule name, but a PAM is
often used in multiple rule types. Organizing rules by type and rule
name avoids name collisions.
 2023-10-09 23:17:15 -04:00
Majiir Paktu
d6bb805932 nixos/pam: extract header comments 
Unblocks converting the rules from one big string to a rich data
structure.
 2023-10-09 20:40:19 -04:00
Majiir Paktu
0f9d719d8a nixos/pam: split rule lists into individual rules 2023-09-24 18:37:10 -04:00
Majiir Paktu
dd458977a0 nixos/pam: clean up rules 
Makes the rules more uniform in structure and style. This makes it
easier to automate subsequent commits. No behavior changes.
 2023-09-24 18:37:10 -04:00
Artturi
713af20167
Merge pull request #241518 from Gerg-L/use-xdg-base-directories 2023-09-25 00:45:31 +03:00
Aaron Andersen
c51a273a92
Merge pull request #254370 from jakubgs/mtr-exporter/multi-job 
mtr-exporter: support specifying multiple jobs
 2023-09-24 11:39:23 -04:00
Ryan Lahfa
0fa52bd973
Merge pull request #257043 from Tom-Hubrecht/garage-envfile 2023-09-24 17:07:21 +02:00
Tom Hubrecht
2d38d9edc0 nixos/garage: Add an environmentFile option 
Since garage 0.8.2, garage accepts environment variables for passing secrets,
e.g. `GARAGE_RPC_SECRET` or `GARAGE_ADMIN_TOKEN`. The added `environmentFile`
allows those secrets to not be present in the nix store.
 2023-09-24 14:47:05 +02:00
Maximilian Bosch
9bd9e20e9a
Merge pull request #256090 from CRTified/sshd-validation-fix 
nixos/sshd: Specify connection parameters for configuration validation
 2023-09-24 14:12:46 +02:00
Aryeh Hillman
b6766564ed Update wg-quick.nix 
Update wg-quick.nix such that a search for `WireGuard` in the `NixOS Options` section of search.nixos.org brings up the convenient `networking.wg-quick.interfaces.wg0.configFile` option.
 2023-09-24 13:24:27 +02:00
Jakub Sokołowski
4e587ac821
mtr-exporter: support specifying multiple jobs 
This ability has been added in `0.3.0` release:
https://github.com/mgumz/mtr-exporter/releases/tag/0.3.0
https://github.com/NixOS/nixpkgs/pull/252667

To achieve this a config is generated and symlinked at `/etc/mtr-exporter.conf`.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
 2023-09-24 09:13:31 +02:00
Thiago Kenji Okada
a3a7520a2f
Merge pull request #119856 from ilian/oci-image 
oci-image: init scripts to build and upload image
 2023-09-23 21:09:07 +01:00
Martin Weinelt
1ff350f7b8
Merge pull request #81460 from vcunat/p/knot-nixConfig 
nixos/knot: allow full configuration by nix values
 2023-09-23 20:55:54 +02:00
Nick Cao
1fe305df27
Merge pull request #256906 from oddlama/fix-typesense-0.25.1 
nixos/typesense: disable MemoryDenyWriteExecute which is needed since 0.25.1
 2023-09-23 11:37:13 -04:00
Janne Heß
cc55ef9d55
Merge pull request #254993 from helsinki-systems/feat/stc-mount-improvements 
nixos/switch-to-configuration: Mount improvements and a lot more test cases
 2023-09-23 17:03:13 +02:00
oddlama
11d4f6e4a8
nixos/typesense: disable MemoryDenyWriteExecute which is needed since 0.25.1 
also adjust default state directory mode to allow typesense group
 2023-09-23 16:37:23 +02:00
Aaron Andersen
2af64a3d1d
Merge pull request #246173 from bb2020/mbpfan 
nixos/mbpfan: adjust defaults
 2023-09-23 09:41:11 -04:00
Nick Cao
4a5b19463a
Merge pull request #256762 from mweinelt/matrix-synapse-network-online 
nixos/matrix-synapse: wait for network-online.target
 2023-09-23 09:12:06 -04:00
Maciej Krüger
9a914a7c52
Merge pull request #256491 from mkg20001/mkg/sudo-rs-resolve 
nixos/{sudo,-rs}: revert sudo-rs, make own module
 2023-09-23 15:08:06 +02:00
digital
94e939985b
nixos/boot/rasbperrypi: add support for boot.initrd.secret with uboot (#240358) 
Co-authored-by: digital <didev@dinid.net>
 2023-09-23 14:32:09 +02:00
Vladimír Čunát
1869818c57
nixos/knot: add release notes and partial compatibility 2023-09-23 10:05:17 +02:00
Vladimír Čunát
ce85980e77
nixos/knot: also allow config by YAML file 2023-09-23 10:04:02 +02:00
Vladimír Čunát
7fb737dde6
nixos/knot: allow full configuration by nix values (RFC 42) 2023-09-23 10:04:02 +02:00
Artturi
87ee3c4fdf
Merge pull request #176886 from hyperfekt/nonderivation_fish-completion 2023-09-23 06:28:23 +03:00
Martin Weinelt
457d9bbc94
nixos/matrix-synapse: wait for network-online.target 
While network.target only guarantees that network devices have been
created the `network-online.target` allows delaying service startup
until after a configurable network state has been reached.

This should resolve spurious failures, e.g. when synapse tries to load
the discovery information for its OIDC provider from a remote host.
 2023-09-22 22:41:40 +02:00
Maciej Krüger
8e9b72be82
nixos/sudo-rs: add crossCompile 'fix' 
This is just a quick fix based on pname,
as I have no idea how to use slicing in the module

We should instead use slicing to get the package for the host
 2023-09-22 15:14:14 +02:00
Maciej Krüger
7c8b8bd3e4
nixos/sudo-rs: init 
adds a new sudo-rs module that contains sudo-rs changes removed from sudo module
 2023-09-22 15:14:13 +02:00
Maciej Krüger
57d41f9751
nixos/sudo: revert sudo-rs 922926cfbc (partial #253876) 
This reverts the module changes that were added
by the addition of sudo-rs (merge 922926cfbc) from the sudo module.

Individual commits reverted:
* 409d29ca73 2023-08-31 | [nicoo] nixos/sudo: Split up `configFile` into individual sections
* 454151375d 2023-09-04 | [nicoo] nixos/sudo: Don't include empty sections
* 8742134c80 2023-09-04 | [nicoo] nixos/sudo: Only keep SSH_AUTH_SOCK if used for authentication
* f5aadb56be 2023-09-07 | [nicoo] nixos/sudo: Refactor option definitions
* 8b9e867ac8 2023-09-07 | [nicoo] nixos/sudo: Refactor checks for Todd C. Miller's implemetation
* 3a95964fd5 2023-09-07 | [nicoo] nixos/sudo: Drop useless `lib.` qualifiers
* b1eab8ca53 2023-09-07 | [nicoo] nixos/sudo: Handle `root`'s default rule through `extraRules`
* 717e51a140 2023-09-07 | [nicoo] nixos/sudo: Make the default rules' options configurable
* c11da39117 2023-09-07 | [nicoo] nixos/sudo: Drop the sudoers comment for `extraRules`
* f0107b4f63 2023-09-07 | [nicoo] nixos/sudo: Check syntax using the configured package
* 914bf58369 2023-09-07 | [nicoo] nixos/{sudo, terminfo}: Adjust defaults for compatibility with `sudo-rs`
* f66eb0df3b 2023-09-07 | [nicoo] nixos/sudo: Only wrap `sudoedit` when using Miller's sudo
* d63eb55e81 2023-09-13 | [nicoo] nixos/sudo: Generate `sudo-i` PAM config for interactive use of `sudo-rs`
* d8d0b8019f 2023-09-13 | [nicoo] nixos/sudo: Add myself as maintainer (nbraud/nixos/sudo-rs)
 2023-09-22 15:13:56 +02:00
K900
daebf5c6e2
Merge pull request #254071 from alois31/plasma-setuid 
nixos/plasma5: remove pointless setuid wrappers
 2023-09-22 14:21:03 +03:00
Janne Heß
85c1c30fd9
nixos/switch-to-configuration: Never unmount / or /nix 
Also adds a huge test for fstab handling
 2023-09-22 10:26:10 +02:00
Thiago Kenji Okada
d5d4b08488 nixos/virtualisation: always use EFI for OCI 2023-09-21 22:57:39 +01:00
Thiago Kenji Okada
cd67657ae2 nixos/virtualisation: use systemd-networkd for OCI 2023-09-21 22:57:39 +01:00
Thiago Kenji Okada
5eae6db9e3 nixos/virtualisation: remove deprecated option from OCI common 2023-09-21 22:57:39 +01:00
Samuel Dionne-Riel
2eb41eb208 nixos/virtualization: Allow building EFI / A1 OCI images 
A couple notes:
---------------

Adding invalid `console=` parameters is not an issue. Any invalid
console is unused. The kernel will use the "rightmost" (last) valid
`console=` parameter as the default output. Thus the SBBR-mandated AMA0
on A1, and ttyS0 on x86_64 as documented by Oracle.

`nvme_core.shutdown_timeout=10` was added as it was written this way in
the A1 images. Unclear whether `nvme.shutdown_timeout=10` is wrong. At
worst this is a no-op.
 2023-09-21 22:57:38 +01:00
Samuel Dionne-Riel
d944fb4a19 nixos/virtualization: Allow building EFI OCI images 2023-09-21 22:57:38 +01:00
Samuel Dionne-Riel
9849ccb241 nixos: Add OCI image options 
Follows what amazon images does.
 2023-09-21 22:57:38 +01:00
Samuel Dionne-Riel
3a35abf169 nixos/oci-image: Minor cleanup 2023-09-21 22:15:22 +01:00
ilian
362d1d6218 oci-image: init scripts to build and upload image 
Add image configuration for Oracle Cloud Infrastructure and scripts to
build and upload the image as a Custom Image.
 2023-09-21 22:15:22 +01:00
Artturi
ff10769cc9
Merge pull request #165298 from danielfullmer/gdm-banner 2023-09-21 23:40:15 +03:00
Robert Gerus
294c4ec956 nixos/glasgow: init hardware module 2023-09-21 11:48:01 -05:00