jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
255,841 Commits 266 Branches 122 Tags 5.3 GiB
a87ab948d2
Commit Graph

15419 Commits

Author SHA1 Message Date
Doron Behar
77e081bb2b nixos/sddm: Use libsForQt514.sddm if needed (for lxqt) 
Currently lxqt is a desktop environment that's compiled against qt514.
To avoid possible issues (#101369), we (hopefully) use the same qt
version as the desktop environment at hand. LXQT should move to qt515,
and for the long term the correct qt version should be inherited by the
sddm module.
 2020-10-30 20:37:59 +02:00
Doron Behar
e681f442c9 nixos/plasma: Fix attribute path to kinit 2020-10-30 20:37:58 +02:00
Graham Christensen
c851030763
amazon-image: random.trust_cpu=on to cut 10s from boot 
Ubuntu and other distros already have this set via kernel config.
 2020-10-30 13:45:19 -04:00
Graham Christensen
ece5c0f304
stage-1: modprobe ext{2,3,4} before resizing 
I noticed booting a system with an ext4 root which expanded to 5T took
quite a long time (12 minutes in some cases, 43(!) in others.)

I changed stage-1 to run `resize2fs -d 62` for extra debug output and
timing information. It revealed the adjust_superblock step taking
almost all of the time:

    [Fri Oct 30 11:10:15 UTC 2020] zero_high_bits_in_metadata: Memory used: 132k/0k (63k/70k), time:  0.00/ 0.00/ 0.00
    [Fri Oct 30 11:21:09 UTC 2020] adjust_superblock: Memory used: 396k/4556k (295k/102k), time: 654.21/ 0.59/ 5.13

but when I ran resize2fs on a disk with the identical content growing
to the identical target size, it would only take about 30 seconds. I
looked at what happened between those two steps in the fast case with
strace and found:

```
   235	getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=1795}, ru_stime={tv_sec=0, tv_usec=3590}, ...}) = 0
   236	write(1, "zero_high_bits_in_metadata: Memo"..., 84zero_high_bits_in_metadata: Memory used: 132k/0k (72k/61k), time:  0.00/ 0.00/ 0.00
   237	) = 84
   238	gettimeofday({tv_sec=1604061278, tv_usec=480147}, NULL) = 0
   239	getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=1802}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
   240	gettimeofday({tv_sec=1604061278, tv_usec=480192}, NULL) = 0
   241	mmap(NULL, 2564096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa3c7355000
   242	access("/sys/fs/ext4/features/lazy_itable_init", F_OK) = 0
   243	brk(0xf85000)                           = 0xf85000
   244	brk(0xfa6000)                           = 0xfa6000
   245	gettimeofday({tv_sec=1604061278, tv_usec=538828}, NULL) = 0
   246	getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=58720}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
   247	write(1, "adjust_superblock: Memory used: "..., 79adjust_superblock: Memory used: 396k/2504k (305k/92k), time:  0.06/ 0.06/ 0.00
   248	) = 79
   249	gettimeofday({tv_sec=1604061278, tv_usec=539119}, NULL) = 0
   250	getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=58812}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
   251	gettimeofday({tv_sec=1604061279, tv_usec=939}, NULL) = 0
   252	getrusage(RUSAGE_SELF, {ru_utime={tv_sec=0, tv_usec=520411}, ru_stime={tv_sec=0, tv_usec=3603}, ...}) = 0
   253	write(1, "fix_uninit_block_bitmaps 2: Memo"..., 88fix_uninit_block_bitmaps 2: Memory used: 396k/2504k (305k/92k), time:  0.46/ 0.46/ 0.00
   254	) = 88
```

In particular the access to /sys/fs seemed interesting. Looking
at the source of resize2fs:

```
[root@ip-172-31-22-182:~/e2fsprogs-1.45.5]# rg -B2 -A1 /sys/fs/ext4/features/lazy_itable_init .
./resize/resize2fs.c
923-	if (getenv("RESIZE2FS_FORCE_LAZY_ITABLE_INIT") ||
924-	    (!getenv("RESIZE2FS_FORCE_ITABLE_INIT") &&
925:	     access("/sys/fs/ext4/features/lazy_itable_init", F_OK) == 0))
926-		lazy_itable_init = 1;
```

I confirmed /sys is mounted, and then found a bug suggesting the
ext4 module is maybe not loaded:
https://bugzilla.redhat.com/show_bug.cgi?id=1071909

My home server doesn't have ext4 loaded and had 3T to play with, so
I tried (and succeeded with) replicating the issue locally:

```
[root@kif:/scratch]# lsmod | grep -i ext

[root@kif:/scratch]# zfs create -V 3G rpool/scratch/ext4

[root@kif:/scratch]# time mkfs.ext4 /dev/zvol/rpool/scratch/ext4
mke2fs 1.45.5 (07-Jan-2020)
Discarding device blocks: done
Creating filesystem with 786432 4k blocks and 196608 inodes
Filesystem UUID: 560a4a8f-93dc-40cc-97a5-f10049bf801f
Superblock backups stored on blocks:
	32768, 98304, 163840, 229376, 294912

Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done

real	0m2.261s
user	0m0.000s
sys	0m0.025s

[root@kif:/scratch]# zfs set volsize=3T rpool/scratch/ext4

[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4
resize2fs 1.45.5 (07-Jan-2020)
fs has 11 inodes, 1 groups required.
fs requires 16390 data blocks.
With 1 group(s), we have 22234 blocks available.
Last group's overhead is 10534
Need 16390 data blocks in last group
Final size of last group is 26924
Estimated blocks needed: 26924
Extents safety margin: 49
Resizing the filesystem on /dev/zvol/rpool/scratch/ext4 to 805306368 (4k) blocks.
read_bitmaps: Memory used: 132k/0k (63k/70k), time:  0.00/ 0.00/ 0.00
read_bitmaps: I/O read: 1MB, write: 0MB, rate: 3802.28MB/s
fix_uninit_block_bitmaps 1: Memory used: 132k/0k (63k/70k), time:  0.00/ 0.00/ 0.00
resize_group_descriptors: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
move_bg_metadata: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
zero_high_bits_in_metadata: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
```

here it got stuck for quite some time ... straceing this 20 minutes in revealed this in a tight loop:

```
getuid()                                = 0
geteuid()                               = 0
getgid()                                = 0
getegid()                               = 0
prctl(PR_GET_DUMPABLE)                  = 1 (SUID_DUMP_USER)
fallocate(3, FALLOC_FL_ZERO_RANGE, 2222649901056, 2097152) = 0
fsync(3)                                = 0
```

it finally ended 43(!) minutes later:

```
adjust_superblock: Memory used: 264k/3592k (210k/55k), time: 2554.03/ 0.16/15.07
fix_uninit_block_bitmaps 2: Memory used: 264k/3592k (210k/55k), time:  0.16/ 0.16/ 0.00
blocks_to_move: Memory used: 264k/3592k (211k/54k), time:  0.00/ 0.00/ 0.00
Number of free blocks: 755396/780023556, Needed: 0
block_mover: Memory used: 264k/3592k (216k/49k), time:  0.05/ 0.01/ 0.00
block_mover: I/O read: 1MB, write: 0MB, rate: 18.68MB/s
inode_scan_and_fix: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00
inode_ref_fix: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00
move_itables: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00
calculate_summary_stats: Memory used: 264k/3592k (216k/49k), time: 16.35/16.35/ 0.00
fix_resize_inode: Memory used: 264k/3592k (222k/43k), time:  0.04/ 0.00/ 0.00
fix_resize_inode: I/O read: 1MB, write: 0MB, rate: 22.80MB/s
fix_sb_journal_backup: Memory used: 264k/3592k (222k/43k), time:  0.00/ 0.00/ 0.00
overall resize2fs: Memory used: 264k/3592k (222k/43k), time: 2570.90/16.68/15.07
overall resize2fs: I/O read: 1MB, write: 1MB, rate: 0.00MB/s
The filesystem on /dev/zvol/rpool/scratch/ext4 is now 805306368 (4k) blocks long.

real	43m1.943s
user	0m16.761s
sys	0m15.069s
```

I then cleaned up and recreated the zvol, loaded the ext4 module, created the ext4 fs,
resized the volume, and resize2fs'd and it went quite quickly:

```
[root@kif:/scratch]# zfs destroy rpool/scratch/ext4

[root@kif:/scratch]# zfs create -V 3G rpool/scratch/ext4

[root@kif:/scratch]# modprobe ext4

[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4

[root@kif:/scratch]# time mkfs.ext4 /dev/zvol/rpool/scratch/ext4
mke2fs 1.45.5 (07-Jan-2020)
Discarding device blocks: done
Creating filesystem with 786432 4k blocks and 196608 inodes
Filesystem UUID: 5b415f2f-a8c4-4ba0-ac1d-78860de77610
Superblock backups stored on blocks:
	32768, 98304, 163840, 229376, 294912

Allocating group tables: done
Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done

real	0m1.013s
user	0m0.001s
sys	0m0.023s

[root@kif:/scratch]# zfs set volsize=3T rpool/scratch/ext4

[root@kif:/scratch]# time resize2fs -d 62 /dev/zvol/rpool/scratch/ext4
resize2fs 1.45.5 (07-Jan-2020)
fs has 11 inodes, 1 groups required.
fs requires 16390 data blocks.
With 1 group(s), we have 22234 blocks available.
Last group's overhead is 10534
Need 16390 data blocks in last group
Final size of last group is 26924
Estimated blocks needed: 26924
Extents safety margin: 49
Resizing the filesystem on /dev/zvol/rpool/scratch/ext4 to 805306368 (4k) blocks.
read_bitmaps: Memory used: 132k/0k (63k/70k), time:  0.00/ 0.00/ 0.00
read_bitmaps: I/O read: 1MB, write: 0MB, rate: 3389.83MB/s
fix_uninit_block_bitmaps 1: Memory used: 132k/0k (63k/70k), time:  0.00/ 0.00/ 0.00
resize_group_descriptors: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
move_bg_metadata: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
zero_high_bits_in_metadata: Memory used: 132k/0k (68k/65k), time:  0.00/ 0.00/ 0.00
adjust_superblock: Memory used: 264k/1540k (210k/55k), time:  0.02/ 0.02/ 0.00
fix_uninit_block_bitmaps 2: Memory used: 264k/1540k (210k/55k), time:  0.15/ 0.15/ 0.00
blocks_to_move: Memory used: 264k/1540k (211k/54k), time:  0.00/ 0.00/ 0.00
Number of free blocks: 755396/780023556, Needed: 0
block_mover: Memory used: 264k/3592k (216k/49k), time:  0.01/ 0.01/ 0.00
block_mover: I/O read: 1MB, write: 0MB, rate: 157.11MB/s
inode_scan_and_fix: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00
inode_ref_fix: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00
move_itables: Memory used: 264k/3592k (216k/49k), time:  0.00/ 0.00/ 0.00

calculate_summary_stats: Memory used: 264k/3592k (216k/49k), time: 16.20/16.20/ 0.00
fix_resize_inode: Memory used: 264k/3592k (222k/43k), time:  0.00/ 0.00/ 0.00
fix_resize_inode: I/O read: 1MB, write: 0MB, rate: 5319.15MB/s
fix_sb_journal_backup: Memory used: 264k/3592k (222k/43k), time:  0.00/ 0.00/ 0.00
overall resize2fs: Memory used: 264k/3592k (222k/43k), time: 16.45/16.38/ 0.00
overall resize2fs: I/O read: 1MB, write: 1MB, rate: 0.06MB/s
The filesystem on /dev/zvol/rpool/scratch/ext4 is now 805306368 (4k) blocks long.

real	0m17.908s
user	0m16.386s
sys	0m0.079s
```

Success!
 2020-10-30 12:18:23 -04:00
Graham Christensen
a179781696
stage-1: add datestamps to logs 
When the stage-1 logs get imported in to the journal, they all get
loaded with the same timestamp. This makes it difficult to identify
what might be taking a long time in early boot.
 2020-10-30 12:16:35 -04:00
Timo Kaufmann
83f48e8348
Merge pull request #95011 from Atemu/undervolt-pl 
undervolt: expose power limits as Nixopts
 2020-10-30 09:32:50 +01:00
Michele Guerini Rocco
1102a46ffe
Merge pull request #101724 from pickfire/patch-3 
fontdir: add ttc to font regex
 2020-10-30 08:41:34 +01:00
Benjamin Hipple
e00752079e
Merge pull request #102018 from 1000101/blockbook-frontend 
blockbook-frontend: fix&update extraConfig example
 2020-10-29 22:30:07 -04:00
Florian Klink
b8d59e93c8 nixos/networkd: allow RouteMetric= in [DHCPv6] section 2020-10-29 19:47:42 +01:00
talyz
89e83833af
nixos/keycloak: Add support for MySQL and external DBs with SSL 
- Add support for using MySQL as an option to PostgreSQL.
- Enable connecting to external DBs with SSL
- Add a database port config option
 2020-10-29 12:47:10 +01:00
talyz
c6e4388449
nixos/keycloak: Add documentation 2020-10-29 12:08:01 +01:00
talyz
fe5a16aee6
nixos/keycloak: Document internal functions 2020-10-29 12:07:55 +01:00
1000101
4b8611c959 blockbook-frontend: fix&update extraConfig example 2020-10-29 11:41:41 +01:00
Philipp
fc856b89e5
nixos/murmur: add murmur group, don't run as nogroup 
fixes #101980
 2020-10-29 10:32:04 +01:00
Martin Weinelt
55746e0a4b
Merge pull request #98187 from mweinelt/nixos/babeld 
nixos/babeld: lock down service
 2020-10-29 01:24:11 +01:00
Minijackson
3fce272478 nixos/shiori: harden service with systemd 2020-10-28 20:46:30 +01:00
Thomas Depierre
63caecee7d riak-cs: delete 2020-10-28 19:31:33 +01:00
Vladimír Čunát
0b32140b34
Merge branch 'staging-next' into staging 2020-10-28 18:48:56 +01:00
Linus Heckemann
2b06415ca1
Merge pull request #101370 from m1cr0man/ssl-test-certs 
nixos/acme: Permissions and tests fixes
 2020-10-28 17:21:57 +01:00
Andreas Rammhold
db0fe5c3eb
Merge branch master into staging to fix eval error 
This fixes the eval error of the small (and "big"?) NixOS test set that
was fixed in 1088f05 & eba8f542.
 2020-10-28 03:03:27 +01:00
davidak
4166a767de doc: improve 20.09 release notes 2020-10-27 21:11:22 +01:00
talyz
513599a6d7
nixos/keycloak: Init 2020-10-27 19:01:26 +01:00
AmineChikhaoui
8cae6703ef
ec2-amis: add stable NixOS 20.09 AMIs 
Fixes #101694
 2020-10-27 08:52:15 -04:00
Ryan Mulligan
178d373a8a
Merge pull request #83687 from primeos/wshowkeys 
wshowkeys: init at 2020-03-29
 2020-10-26 18:55:16 -07:00
WORLDofPEACE
ace69f768b Revert "nixos/pantheon: install nixos wallpaper" 
This reverts commit 5100e4f250833d42dffd9c55e3fda82303b606fd.

Fixes https://github.com/NixOS/nixpkgs/issues/100293
Though it's only a workaround for now.
See https://github.com/elementary/switchboard-plug-pantheon-shell/issues/246#issuecomment-716713218
We trigger the broken scenario where we have two subdirectories. Reverting
that commit undoes this.
 2020-10-26 13:45:19 -04:00
Nick Hu
921287e7f0
Merge pull request #97726 from NickHu/pam_gnupg 
pam: add support for pam_gnupg
 2020-10-26 15:27:13 +00:00
Andreas Rammhold
1088f05940
Merge pull request #101598 from andir/nixos-build-vms-qemu 
nixos/tests: follow-up to the closure reduction PR
 2020-10-26 14:19:45 +01:00
rnhmjoj
bc35565463 nixos/activation-script: make scripts well-typed 2020-10-26 13:33:12 +01:00
rnhmjoj
9e04bba0af nixos/dnscrypt-wrapper: fix key rotation script 
Fix an error in the validation code when the public key is in a
nonstandard location. The check command fails and the key is
incorrectly assumed to be expiring.
 2020-10-26 13:07:49 +01:00
Jörg Thalheim
dfaa313d43
Merge pull request #101737 from aneeshusa/nginx-allow-unsetting-ssl_ciphers 
nixos/nginx: Allow unsetting ssl_ciphers
 2020-10-26 06:41:19 +01:00
Aneesh Agrawal
924035bb97 nixos/nginx: Allow unsetting ssl_ciphers 
When using the Modern config from the Mozilla SSL config generator,
the `ssl_ciphers` parameter does not need to be set
as only TLSv1.3 is permitted and all of its ciphers are reasonable.
 2020-10-26 00:35:29 -04:00
Jörg Thalheim
b7a2a5f967
nixos/nextcloud: fix several php endpoints 2020-10-26 05:06:43 +01:00
Klemens Nanni
0b8a6e787c
nixos/avahi: Enable IPv6 by default 
Treat it the same as IPv4 (I'm tempted to disable IPv4 by default);
this is the only option I still need to set manually to enjoy IPv6-only
networks including printer discovery!
 2020-10-26 04:06:26 +01:00
Ivan Tham
f6136d06ff
fontdir: add ttc to font regex 
.ttc fonts are used by noto-fonts-cjk
 2020-10-26 10:45:22 +08:00
Klemens Nanni
3216b85713 nixos/system-path: Add mkpasswd(1) 
Generating password hashes, e.g. when adding new users to the system
configuration, should work out-of-the-box and offline.
 2020-10-26 03:40:11 +01:00
WORLDofPEACE
4d71306596
Merge pull request #101516 from worldofpeace/gnome-polishing 
GNOME polishing from Q.A findings
 2020-10-25 18:41:34 -04:00
Andreas Rammhold
d4fb7daafd
nixos-build-vms: use the driverInteractive attribute instead 
This reverts commit aab534b894c60e69199aba4cc57b8b3f8fd1a8c2 & uses the
driverInteractive attribute for the test driver instead.

This has the same effect but removes the extra module in the
nixos-build-vms code.
 2020-10-25 20:14:53 +01:00
Maximilian Bosch
a3041ab124
Merge pull request #101645 from andir/qemu-tests-fixup 
nixos/tests: only apply qemu parameters if the options are defined
 2020-10-25 19:25:50 +01:00
Benjamin Hipple
f98312fcb5
Merge pull request #79759 from lopsided98/syncoid-no-root 
nixos/syncoid: automatically setup privilege delegation
 2020-10-25 10:40:33 -04:00
Andreas Rammhold
f4d7493162
nixos/tests: only apply qemu parameters if the options are defined 
This fixes an eval error that occurred on hydra with the small channel
and the `nixos.tests.boot.biosCdrom.x86_64-linux` attribute:

> $ nix-instantiate nixos/release-small.nix -A nixos.tests.boot.biosCdrom.x86_64-linux
> warning: unknown setting 'experimental-features'
> error: The option `virtualisation.qemu' does not exist. Definition values:
> - In `/home/andi/dev/nixos/nixpkgs/nixos/modules/testing/test-instrumentation.nix':
>     {
>       consoles = [ ];
>       package = {
> 	_type = "override";
> 	content = <derivation /nix/store/q72h2cdcb9zjgiay5gdgzwddjkbjr7xq-qemu-host-cpu-only-for-vm-tests-5.1.0.drv>;
>     ...
> (use '--show-trace' to show detailed location information)

In bc2188b we changed test test-instrumentation to also set the QEMU
package that is being used. That change unfortunately caused us to
always assing values to the virtualisation.qemu.package option even when
the option is not defined. The original code was explicitly testing for
the consoles case but the then newly extended version did not adjust the
check as the intention was probably not clear.

With this commit we are always ensuring the entire virtualisation.qemu
section exists and can thus drop the individual tests for each of the
sections since the QEMU module always defines both the package and the
consoles option when it's root is defined..
 2020-10-25 13:42:01 +01:00
Felix Tenley
542f75079b nixos/mosquitto: add passwordFile and hashedPasswordFile options 2020-10-25 10:53:38 +01:00
Vladimír Čunát
2f6b00b15e
Merge branch 'staging-next' into staging 2020-10-25 09:47:04 +01:00
Gabriel Ebner
a8a018ddc0
Merge pull request #101409 from rycee/dbus-warning 2020-10-25 09:16:28 +01:00
Aaron Andersen
a160fa008d
Merge pull request #100063 from aanderse/nixos/powerdns 
nixos/powerdns: use upstream systemd unit
 2020-10-24 18:47:43 -04:00
Andreas Rammhold
250fb4611f
Merge pull request #100456 from maralorn/boolToString 
treewide: De-inline uses of lib.boolToString
 2020-10-25 00:45:11 +02:00
Robert Helgesson
94819fdb5f
nixos/dbus: re-add a dummy socketActivated option 
If set, then issue a warning instead of an error as previously.
 2020-10-24 23:01:00 +02:00
Aaron Andersen
4f5d3794d3 nixos/powerdns: use upstream systemd unit 2020-10-24 16:40:20 -04:00
WORLDofPEACE
6bc94d149b
Merge pull request #101563 from worldofpeace/fix-pantheon-greeter-brightness 
nixos/lightdm: make lightdm user shell bash
 2020-10-24 11:56:34 -04:00
WORLDofPEACE
ef803ab1bb
Merge pull request #100199 from worldofpeace/seeded-config 
nixos/tools: add desktopConfiguration option (to seed configuration into configuration.nix)
 2020-10-24 11:35:33 -04:00
WORLDofPEACE
c134f6443a nixos/lightdm: make lightdm user shell bash 
In https://github.com/NixOS/nixpkgs/issues/100119 pantheon's greeter
has g-s-d running which allows brightness controls via pkexec.
This is changed in newer versions of g-s-d (pantheon uses a fork currently),
but whenever brightness is changed with a shell of `shadow` we get
```
Oct 10 23:51:44 kirXps pkexec[18722]: lightdm: Executing command [USER=root] [TTY=unknown] [CWD=/var/lib/lightdm] [COMMAND=/run/current-system/sw/bin/elementary-settings-daemon/gsd-backlight-helper /sys/devices/pci0000:00/0000:00:02.0/drm/card0/card0-eDP-1/intel_backlight 65587]
```

I'm not sure this should be strictly needed, so we should try to
revert later on when pantheon's g-s-d is updated.
 2020-10-24 11:28:18 -04:00
WORLDofPEACE
39d1599767 installation-cd-graphical-gnome: add firefox to favorite-apps 2020-10-24 11:14:44 -04:00
WORLDofPEACE
7df6af303e nixos/gnome3: add gnome-calendar to favorites 2020-10-24 11:14:41 -04:00
WORLDofPEACE
9cee7772e6 nixos/gnome3: add favoriteAppsOverride option 
Rather messy and only needed for the installation cd, so it's
an internal option.
 2020-10-24 11:14:22 -04:00
WORLDofPEACE
d89deddd5d nixos/flatpak: introduce guiPackages 
This adds basically an indirection to systemPackages
to automatically install an interface for flatpak for their respective
environments. e.g if I enable pantheon and flatpak you'll get appcenter,
and on gnome you'll see gnome-software.

https://github.com/NixOS/nixpkgs/issues/99648#issuecomment-706691174
 2020-10-24 11:14:02 -04:00
WORLDofPEACE
b1587f9e19 nixos/gnome3: don't ship gnome-software 
This serves no purpose without flatpak https://github.com/NixOS/nixpkgs/issues/99648#issuecomment-706691174
 2020-10-24 11:14:01 -04:00
Maximilian Bosch
48612c79b1
Merge pull request #101473 from Ma27/nixos-build-vms-qemu 
nixos/nixos-build-vms: use `pkgs.qemu` for virtualisation
 2020-10-24 14:43:52 +02:00
WORLDofPEACE
70dc25abd9 nixos/gnome3: don't put epiphany in favorite apps 2020-10-23 20:20:07 -04:00
Jan Tojnar
61afd7f80e
tracker_2: drop 
It does not seem to work and only semi-broken apps like Books and Documents depend on it.
 2020-10-24 01:18:49 +02:00
Jan Tojnar
4dd2437068
gnome-photos: use Tracker 3 2020-10-24 01:18:48 +02:00
Jan Tojnar
20e21721c8
gnome3: do not use alias for gnome-photos 2020-10-24 01:18:48 +02:00
Jan Tojnar
87e3d553cf
gnome-photos: 3.37.2 → 3.38.0 
https://ftp.gnome.org/pub/GNOME/sources/gnome-photos/3.37/gnome-photos-3.37.91.news
https://ftp.gnome.org/pub/GNOME/sources/gnome-photos/3.37/gnome-photos-3.37.91.1.news
https://ftp.gnome.org/pub/GNOME/sources/gnome-photos/3.38/gnome-photos-3.38.0.news
 2020-10-24 01:18:48 +02:00
Jan Tojnar
ea1923841a
nixos/gnome3: re-add tracker 2 dbus services 
They are still needed by Photos, Books and Documents.
 2020-10-24 01:18:48 +02:00
Jan Tojnar
d1eeb643e2
gnome3.mutter: 3.38.0 → 3.38.1 
https://ftp.gnome.org/pub/GNOME/sources/mutter/3.38/mutter-3.38.1.news

It requires some udev rules on some devices.
 2020-10-24 01:18:01 +02:00
WORLDofPEACE
e1317b8b7b
nixos/telepathy: add sessionPath 2020-10-24 01:17:29 +02:00
WORLDofPEACE
9c9e519318
nixos/gnome3: add core-developer-tools 
See these issues/PRs in gnome-build-meta:
https://gitlab.gnome.org/GNOME/gnome-build-meta/-/merge_requests/588
https://gitlab.gnome.org/GNOME/gnome-build-meta/-/issues/143

I'm unsure if devhelp gets API docs in a straightforward way in NixOS.
 2020-10-24 01:17:29 +02:00
WORLDofPEACE
11d6c2fb35
nixos/gnome3: long lists 2020-10-24 01:17:28 +02:00
WORLDofPEACE
cd48c50e35
nixos/gnome3: update links 2020-10-24 01:17:28 +02:00
WORLDofPEACE
0b767c8b3d
nixos/gnome3: add gnome-connections to core-utilities 
When we redid the default apps we didn't add gnome-boxes for
rdp/vnc. (plus it doesn't really work well in nixos). With gnome-connections
we can now have this functionality, as file sharing is a default function
in g-c-c Sharing.
 2020-10-24 01:17:27 +02:00
Piotr Bogdan
f1f85419d2
nixos/gdm: add gdm to systemd.packages 
GDM now provides gnome-session@gnome-login.target.d/session.conf though I'm not even sure if it's needed.
 2020-10-24 01:15:14 +02:00
Doron Behar
c90450014f
Merge pull request #101480 from Flakebi/salt 2020-10-24 01:31:41 +03:00
Jan Tojnar
3a73543401
Merge pull request #93725 from nglen/pipewire 2020-10-24 00:05:33 +02:00
WilliButz
993437d0d6
Merge pull request #96511 from Zopieux/rtl_433_prom 
Add rtl_433 Prometheus exporter
 2020-10-23 23:24:38 +02:00
Nathaniel Glen
57510bf522 pipewire: cleanup path testing 2020-10-23 16:35:48 -04:00
Alexandre Macabies
121bc17ab9 nixos/prometheus-rtl_433-exporter: new module 2020-10-23 20:33:42 +02:00
Nathaniel Glen
f6745d06f5 nixos/pipewire: cleanup module 2020-10-23 13:51:41 -04:00
Flakebi
e0ea4826f4
salt: remove aneeshusa and add Flakebi as maintainer 2020-10-23 19:48:48 +02:00
WORLDofPEACE
b44e32988c
Merge pull request #101274 from worldofpeace/gnome-logout-button 
nixos/display-managers: add sessionData.desktops to XDG_DATA_DIRS
 2020-10-23 11:46:46 -04:00
Maximilian Bosch
aab534b894
nixos/nixos-build-vms: use pkgs.qemu for virtualisation 
When I test a change e.g. in the module system manually, I usually use
`nixos-build-vms(8)` which also gives me a QEMU window where I can play
around in the freshly built VM.

It seems as this has changed recently when the default package for
non-interactive VM tests using the same framework was switched to
`pkgs.qemu_test` to reduce the closure size. While this is a reasonable
decision for our CI tests, I think that you really want a QEMU window of
the VM by default when using `nixos-build-vms(8)`.

[1] bc2188b083dfbbe749a221023e2960b60d4c8951
 2020-10-23 17:37:57 +02:00
Anton Plotnikov
1321ae850c
fido2luks: 0.2.3 -> 0.2.15 
Also remove interactive flag from initrd, because of broken io.
 2020-10-23 11:03:31 +03:00
Joe Edmonds
1d420c8115
nixos/ssmtp: minor typo fix 2020-10-22 09:34:21 -07:00
Lucas Savva
89d134b3fd
nixos/acme: Use more secure chmods 
Previous settings would make files executable in
the certs directories.
 2020-10-22 14:04:31 +01:00
Eelco Dolstra
d28565a1c6
nix: 2.3.7 -> 2.3.8 2020-10-22 14:47:55 +02:00
Maximilian Bosch
98170761a8
Merge pull request #101222 from omasanori/ssh-kex 
nixos/sshd: update kexAlgorithms, fix links
 2020-10-22 13:27:47 +02:00
Eelco Dolstra
05bdfd6f2f
Merge pull request #98973 from Ma27/bump-hydra 
hydra-unstable: 2020-09-02 -> 2020-10-20
 2020-10-22 12:01:13 +02:00
Andreas Rammhold
89351525fa
Merge pull request #101246 from rnhmjoj/vm-fix 
nixos: fix qemu_test being used in normal VMs
 2020-10-22 11:09:05 +02:00
symphorien
9e8eaea484
nixos/sslh: fix usage of the now removed ssl probe (#101087) 
and document
 2020-10-21 21:34:35 +02:00
WORLDofPEACE
755ba171c7 nixos/display-managers: add sessionData.desktops to XDG_DATA_DIRS 
Fixes #100108

Alternative to https://github.com/NixOS/nixpkgs/pull/100112 which doesn't break stuff.
 2020-10-21 14:39:39 -04:00
Maximilian Bosch
1308817e05
nixos/hydra: remove hydra-migration upgrade path 
This should NOT be backported to 20.09!

When 21.03 is released, the DB changes are about a year old and
operators had two release cycles for the upgrade. At this point it
should be fair to remove the compat layer to reduce the complexity of
the module itself.
 2020-10-21 18:03:04 +02:00
rnhmjoj
bc2188b083
nixos: fix qemu_test being used in normal VMs 
This is an attempt to fixup PR #49403.
 2020-10-21 16:38:04 +02:00
Izorkin
d59bfded58
nixos/dhcpcd: if disabled IPv6 don't solicit or accept IPv6 2020-10-21 14:56:08 +03:00
Martin Weinelt
c821e0d4be nixos/babeld: lock down service 
→ Overall exposure level for babeld.service: 2.2 OK 🙂
 2020-10-21 12:26:02 +02:00
Justin Lovinger
1168e13bb0 nixos/nfs: add idmapd.settings option 
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
 2020-10-20 22:10:02 -04:00
Andreas Rammhold
f6cd17269e
Merge pull request #49403 from andir/qemu_test_reduce_closure 
qemu_test: disable features that are not needed for tests (closure 641 -> 335.3M)
 2020-10-21 00:41:01 +02:00
Masanori Ogino
8875db4976 nixos/sshd: update kexAlgorithms, fix links 
The `curve25519-sha256` key exchange method is defined in RFC 8731 that
is identical to curve25519-sha256@libssh.org. OpenSSH supports the
method since version 7.4, released on 2016-12-19. It is literally a
violation of the "both in Secure Secure Shell and Mozilla guidelines"
rule, but it provides essentially the same but a future-proof default.

Also, links to the Mozilla OpenSSH guidelines are updated to refer to
the current place.

Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
 2020-10-21 07:39:50 +09:00
Florian Klink
6e5ccaa34f
Merge pull request #100657 from flokli/network-manager-sstp 
networkmanager-sstp: init at unstable-2020-04-20, bump sstp from 1.0.12 to 1.0.13
 2020-10-21 00:33:13 +02:00
Florian Klink
e992089137 nixos/no-x-libs: add networkmanager-sstp 2020-10-21 00:04:02 +02:00
Florian Klink
72cd3086cc networkmanager-sstp: init at unstable-2020-04-20 2020-10-21 00:02:18 +02:00
Kevin Cox
e25cd7827e
Merge pull request #98176 from minijackson/jellyfin-systemd-security 
nixos/jellyfin: add some systemd security options
 2020-10-20 16:44:32 -04:00
Minijackson
4e51247318
nixos/jellyfin: add some systemd security options 2020-10-20 21:09:28 +02:00
midchildan
e2a3a02b9b
epgstation: 1.7.4 -> 1.7.5 2020-10-21 00:05:48 +09:00
midchildan
323b47d96e
epgstation: add updateScript 2020-10-20 23:18:03 +09:00
Joseph D. Long
a2ee5cbb05
nixos/vagrant-virtualbox-image: init (#101120) 
Co-authored-by: zimbatm <zimbatm@zimbatm.com>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2020-10-20 11:09:46 +02:00
Jörg Thalheim
1a9e02dec6
Merge pull request #100554 from dnr/feature/pamMount 
nixos/pam_mount: add pamMount attribute to users
 2020-10-20 10:40:12 +02:00
Marc 'risson' Schmitt
9e6bede5ab nixos/initrd-network: fix /etc/resolv.conf when multiple dns servers from DHCP 
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
 2020-10-19 21:32:58 -07:00
Jörg Thalheim
46bd18fff6
Merge pull request #99541 from acelpb/jenkins 
nixos/jenkins: switch to openjdk11 as openjdk14 is not supported
 2020-10-19 19:50:20 +02:00
Andreas Rammhold
8ed57ac916
nixos/tests: make sure we use the qemu_test package to provide the Guest Agent 
This reduces the closure size for the minimal test by a lot since we no
longer have to build the regular QEMU for even the simplest test.
 2020-10-19 18:03:01 +02:00
Andreas Rammhold
e127ba7873
nixos/qemu-guest-agent: make the QEMU guest agent package configurable 2020-10-19 17:58:10 +02:00
V
580f0faa75 nixos/caddy: remove services.caddy.agree 
This option is no longer referenced anywhere as of #99371.
 2020-10-19 14:29:48 +02:00
Aaron Andersen
5265d49a36
Merge pull request #100892 from aanderse/pdns-recursor 
nixos/pdns-recursor: use upstream systemd unit
 2020-10-18 20:13:06 -04:00
Jonathan Ringer
5e67d80a8b nixos/nvidia: fix optionals usage 2020-10-18 11:47:34 -07:00
Edmund Wu
2e67196d79 nixos/nvidia: decouple nvidia_x11.persistenced 2020-10-18 11:24:20 -07:00
Martin Weinelt
4baba17252
Merge pull request #100708 from fooker/nginx-encoding 
nixos/nginx: Do not remove headers while proxying
 2020-10-18 15:52:50 +02:00
Aaron Andersen
6c39180b37 nixos/pdns-recursor: declare module user as system user 2020-10-18 08:15:29 -04:00
Aaron Andersen
1627bef9c1 nixos/pdns-recursor: use upstream systemd unit 2020-10-18 08:15:29 -04:00
Michael Weiss
7c676c6429
wshowkeys: init at 2019-09-26 2020-10-18 14:09:49 +02:00
Mario Rodas
2a58362f8f
Merge pull request #100213 from yanganto/hotfix-hime 
hime: fix enable hime, remove hime-all package
 2020-10-16 23:51:24 -05:00
Antonio Yang
52b903b3c4 hime: fix enable hime, remove hime-all package 
- fix inputMethod.enable hime by adding module list
- rm hime-all package, because chewing, anthy modules does not work well
 2020-10-17 10:48:31 +08:00
tnias
0da7593dce
nixos/chromium: update link in docs (#93794) 2020-10-16 23:04:06 +02:00
Dustin Frisch
762ca640c4
nixos/nginx: Do not remove headers while proxying 
Removing the `Accept-Encoding` header breaks applications which may
produce already compressed content.

Removing this header is staded in the nginx docs but is ment as an
example, not as an recomendation.
 2020-10-16 12:50:52 +02:00
Florian Klink
9d0d99f05b
Merge pull request #95746 from Mic92/cloud-init 
cloud-init: 0.7.9 -> 20.2 (python3!)
 2020-10-15 22:57:46 +02:00
ajs124
7ce8117238
Merge pull request #100604 from helsinki-systems/fix/icingaweb2 
nixos/icingaweb2: Fix php packages
 2020-10-15 19:18:53 +02:00
Janne Heß
e2da1219d4
nixos/icingaweb2: Fix php packages 2020-10-15 16:16:33 +02:00
Alvar
17bcc043f0
nixos/vim: configurable vim package (#100132) 2020-10-15 10:55:16 +02:00
David Reiss
49a749c729 nixos/pam_mount: add pamMount attribute to users 
This attribute is a generalized version of cryptHomeLuks for creating an
entry in /etc/security/pam_mount.conf.xml. It lets the configuration
control all the attributes of the <volume> entry, instead of just the
path. The default path remains the value of cryptHomeLuks, for
compatibility.
 2020-10-14 22:55:55 -07:00
Jan Tojnar
2a4607f442
Revert "nixos/display-managers: install sessionData.desktops" 
This reverts commit 3cd2b59b8c261e927977b99c382a2c3067449883.

It created infinite recursion when using LXQt, since lxqt module
uses `config.system.path` in `services.xserver.desktopManager.session`.
`config.system.path` is a `buildEnv` that depends on `environment.systemPackages`.
 2020-10-15 07:32:08 +02:00
Frederik Rietdijk
b3aed163d5
Merge pull request #99709 from NixOS/staging-next 
Staging next
 2020-10-14 21:10:31 +02:00
Dominique Martinet
f8d78b9f67
confinement: fix assert for serviceConfig.ProtectSystem 
serviceConfig.ProtectSystem is usually a string so if set, the assert
itself would error out leaving no useable trace:

  # nixos-rebuild switch --show-trace
  building Nix...
  building the system configuration...
  error: while evaluating the attribute 'config.system.build.toplevel' at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:293:5:
  while evaluating 'foldr' at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:52:20, called from /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:128:12:
  while evaluating 'fold'' at /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:55:15, called from /nix/var/nix/profiles/per-user/root/channels/nixos/lib/lists.nix:59:8:
  while evaluating anonymous function at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/system/activation/top-level.nix:121:50, called from undefined position:
  while evaluating the attribute 'assertion' at /nix/var/nix/profiles/per-user/root/channels/nixos/nixos/modules/security/systemd-confinement.nix:163:7:
  value is a string while a Boolean was expected

Fix the check to give a sensible assert message instead; the attribute
should either be not set or false bool to pass.

Closes: #99000
 2020-10-14 11:56:18 +02:00
Malte Brandy
cebf9198f3
treewide: De-inline uses of lib.boolToString 
This commit should not change eval results
 2020-10-14 01:46:17 +02:00
Frederik Rietdijk
9e1943edc0 Merge master into staging-next 2020-10-13 19:34:34 +02:00
Lassulus
53f810cb4b
Merge pull request #100141 from xaverdh/xmonad-correct-path 
xmonad: put the correct xmonad binary in PATH
 2020-10-13 19:01:56 +02:00
WORLDofPEACE
99d5111246 nixos/tools: add desktopConfiguration option 
We now have a GNOME ISO so it would be nice to seed that one
with configuration on how to enable it.
 2020-10-12 22:03:16 -04:00
Florian Klink
399a2ab954
Merge pull request #98917 from lovesegfault/klipper-init 
klipper: init at 0.8.0
 2020-10-13 00:20:24 +02:00
Michele Guerini Rocco
9b6fc07d15
Merge pull request #100060 from aanderse/dnsdist 
nixos/dnsdist: use upstream systemd unit
 2020-10-12 21:20:33 +02:00
Dominik Xaver Hörl
7389407490 nixos/xmonad: add lassulus and xaverdh as maintainers 2020-10-12 21:00:43 +02:00
Aaron Andersen
f4ff303c3b nixos/dnsdist: use upstream systemd unit 2020-10-12 12:17:11 -04:00
Dominik Xaver Hörl
206c668d7f nixos/xmonad: improve module docs 2020-10-12 14:48:07 +02:00
Nick Hu
948e05bb28
pam: add support for pam_gnupg 2020-10-12 13:29:40 +01:00
Bernardo Meurer
97eadef0c3
nixos/klipper: init 2020-10-11 15:55:50 -07:00
Florian Klink
a6fec75d04
Merge pull request #93426 from helsinki-systems/feat/gitlab-pages 
nixos/gitlab: Support pages
 2020-10-11 23:50:19 +02:00
Florian Klink
a1cb02148b
Merge pull request #99912 from m1cr0man/ocspfix 
nixos/acme: Fix ocspMustStaple option and add test
 2020-10-11 23:44:33 +02:00
Ben Wolsieffer
8294af0284 nixos/avahi: fix nss module 
mdns_minimal must be placed before resolve in nsswitch.conf
 2020-10-11 20:15:13 +02:00
Simon Pettersson
b2efedd5e5 nixos/xserver: fix xkbvalidate for cross compiling. 
xserver uses the wrong version of xkbvalidate, the one from
buildPackages should be used or else the resulting xkbvalidate binary is
compiled for the target architecture.
 2020-10-11 20:08:57 +02:00
Ryan Mulligan
8ebf265923
Merge pull request #86404 from nuxeh/nuxeh/domoticz-init-2020.2 
domoticz: init at 2020.2
 2020-10-11 05:59:28 -07:00
Ryan Mulligan
4a3fe8d306 nixos/domoticz: use DynamicUser and StateDirectory 2020-10-11 11:15:56 +01:00
WORLDofPEACE
2d6a694842 nixos/tools: add firefox to systemPackages example 
This is in the graphical iso's.
 2020-10-10 22:44:56 -04:00
WORLDofPEACE
3b20eb47f1 nixos/tools: don't call Plasma KDE 2020-10-10 22:44:56 -04:00
WORLDofPEACE
9f1a43cefa nixos/tools: comment about libinput 2020-10-10 22:44:56 -04:00
WORLDofPEACE
12825bc21f nixos/tools: don't mention pinentryFlavor 
We don't need to actually set this as it find a good
default automatically. This could confuse the user into thinking they need
to set it themselves.
 2020-10-10 22:44:55 -04:00
WORLDofPEACE
13b192749c nixos/gnome3: don't install epiphany default 
See https://github.com/NixOS/nixpkgs/issues/98819
 2020-10-10 22:12:59 -04:00
Jan Tojnar
aabcf2d8f5
Merge branch 'master' into staging-next 2020-10-11 00:27:21 +02:00
Michael Weiss
4a600af1b1 doc: Document a workaround for using an FQDN as hostname 
Since #76542 this workaround is required to use a FQDN as hostname. See
#94011 and #94022 for the related discussion. Due to some
potential/unresolved issues (legacy software, backward compatibility,
etc.) we're documenting this workaround [0].

[0]: https://github.com/NixOS/nixpkgs/issues/94011#issuecomment-705952300
 2020-10-10 10:48:54 -07:00
Michael Weiss
826ed96c10
nixos/networking: Switch to home.arpa as an example for the domain 
The special-use domain "home.arpa." is designated for non-unique use in
residential home networks [0] and registered as such [1]. Therefore it
is more appropriate than "home." which could cause conflicts or result
in queries that leak out and reach the root name servers.

[0]: https://tools.ietf.org/html/rfc8375
[1]: https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml
 2020-10-10 17:41:42 +02:00
Dominik Xaver Hörl
67eb45ddce xmonad: put the correct xmonad binary in PATH 2020-10-10 13:20:04 +02:00
Vladimír Čunát
338b25697c
Merge branch 'master' into staging-next 
Quite many rebuilds from master:
> Estimating rebuild amount by counting changed Hydra jobs.
>    3926 x86_64-darwin
>    4645 x86_64-linux
 2020-10-10 11:32:10 +02:00
Dominik Xaver Hörl
bb61cce82a nixos-install: pass through impure flag 2020-10-10 10:05:15 +02:00
WORLDofPEACE
7a2eccfab0
Merge pull request #100112 from worldofpeace/fix-gnome-logout-multisession 
nixos/display-managers: install sessionData.desktops
 2020-10-09 19:31:05 -04:00
WORLDofPEACE
3cd2b59b8c nixos/display-managers: install sessionData.desktops 
Fixes https://github.com/NixOS/nixpkgs/issues/100108
 2020-10-09 18:38:16 -04:00
zowoq
f9bb39e294 nixos/pam: remove trailing whitespace 2020-10-09 18:31:20 +10:00
Frederik Rietdijk
ec28e32c9e Merge master into staging-next 2020-10-08 21:47:26 +02:00
Miles Breslin
8e628f8eea
nixos/pam: Add option to set pam-u2f appid (#73591) 2020-10-08 14:37:40 -04:00
Timo Kaufmann
a4cde0f969 nixos/mediatomb: fix doc errors 
Follow-up to #93450 to fix the manual build.
 2020-10-08 16:04:11 +02:00
Timo Kaufmann
19ac436cf5
Merge pull request #93450 from ardumont/gerbera-service 
mediatomb: Improve service + add gerbera support and tests
 2020-10-08 14:20:07 +02:00
Linus Heckemann
3e3f81aeac
Merge pull request #99658 from Ma27/nextcloud-copy-fix 
nixos/nextcloud: fix nginx config to allow copy/move-operations again
 2020-10-08 09:35:32 +02:00
Antoine R. Dumont (@ardumont)
3248506a00
mediatomb/gerbera: Improve firewall rules and open firewall option 
This changes the default behavior which opened by default the firewall rules.
The users now need to declare explicitely they want to open the firewall.
 2020-10-08 08:59:49 +02:00
Antoine R. Dumont (@ardumont)
86e56d5322
mediatomb/gerbera: Add missing types to options 
This also fixes some various small limitations:
- Drop unnecessary quoting
- Drop duplicated gerbera interface definition
- Fix configuration indentation
 2020-10-08 08:59:48 +02:00
Antoine R. Dumont (@ardumont)
fcb38d6773
mediatomb/gerbera: Make the actual configuration generation lazy 
Also use verbose flag in cli command to make the intent clearer.
 2020-10-08 08:59:48 +02:00
Antoine R. Dumont (@ardumont)
de838249c7
mediatomb/gerbera: Introduce the mediaDirectories option 
So users can declare their autoscan directories configuration from nix.
 2020-10-08 08:59:48 +02:00
Antoine R. Dumont (@ardumont)
96d1844746
mediatomb/gerbera: Introduce the pcDirectoryHide option 2020-10-08 08:59:48 +02:00
Antoine R. Dumont (@ardumont)
1db9813dd3
mediatomb/gerbera: Make transcoding option lazy and runnable if activated 
In the sense that the pkgs dependency will be pulled if the service is
transcoding enabled. Otherwise, the transcoding part is completely dropped from
the generated configuration.
 2020-10-08 08:59:48 +02:00
Edward Tjörnhammar
3bb5cc6849
mediatomb: make service compatible with the gerbera fork 
The duplication of the interface xml tag is needed for
the daemon to respect the setting.
 2020-10-08 08:59:47 +02:00
markuskowa
d8d52410a7
Merge pull request #100053 from markuskowa/upd-snapper 
nixos/snapper: 0.8.12 -> 0.8.14
 2020-10-09 00:05:27 +02:00
Silvan Mosberger
6ee8491cb1
Merge pull request #99520 from endgame/ssm-agent-user-fix 
ssm-agent: fix bad user declaration
 2020-10-08 23:28:13 +02:00
Markus Kowalewski
90aa6c93e2
nixos/snapper: add snapperd dbus service 
Since snapper 0.8.13 a systemd service is required for DBus activation.
 2020-10-08 23:17:44 +02:00
Jan Tojnar
00e3a3a855
Merge pull request #99601 from jtojnar/blackfire-agent 2020-10-07 19:02:11 +02:00
Andreas Rammhold
9cc924a12a
Merge pull request #99948 from jsimonetti/acme-dnsresolver 
nixos/security/acme: Add DNS resolver option
 2020-10-07 16:04:34 +02:00
Linus Heckemann
8e2796d64a
Merge pull request #99934 from mayflower/murmur-env 
nixos/murmur: add option `environmentFile` for injecting secrets
 2020-10-07 13:56:32 +02:00
elseym
533560de5b
nixos/murmur: add option environmentFile for injecting secrets 
Secrets are injected from the environment into the rendered
configuration before each startup using envsubst.
The test now makes use of this feature for the server password.
 2020-10-07 13:35:50 +02:00
Jeroen Simonetti
cc3ce9a13a nixos/security/acme: Add DNS resolver option 
When using the ACME DNS-01 challenge, there is a possibility of a
failure to resolve the challenge if the record is not propagated
fast enough. To circumvent this generic DNS problem, this adds
a setting to explicitly tell the ACME provider to use a certain DNS
resolver to lookup the challenge.

Signed-off-by: Jeroen Simonetti <jeroen@simonetti.nl>
 2020-10-07 13:01:08 +02:00
Vladimír Čunát
420f89ceb2
Revert "apparmor: fix and improve the service" 
This reverts commit fb6d63f3fdd95a5468d43a0693c8ca7c1894363f.

I really hope this finally fixes #99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011

Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
 2020-10-07 12:22:18 +02:00
Robert Hensing
0504b01100
Merge pull request #98107 from roberth/cassandra-add-extraEnvSh 
nixos/cassandra: Add cfg.extraEnvSh
 2020-10-07 11:28:39 +02:00
Jan Tojnar
991a67d453
nixos/blackfire: init 2020-10-07 10:44:54 +02:00
Linus Heckemann
41c0f49681
Merge pull request #99596 from Ma27/nextcloud20 
nextcloud20: init
 2020-10-07 08:10:38 +02:00
Jack Kelly
0d417929bf ssm-agent: fix bad user declaration 2020-10-07 09:36:21 +10:00
Lucas Savva
1edd91ca09
nixos/acme: Fix ocspMustStaple option and add test 
Some of the testing setup for OCSP checking was wrong and
has been fixed too.
 2020-10-07 00:18:13 +01:00
Maximilian Bosch
9cbe30e129
nixos/nextcloud: --database-pass must not be empty for pgsql/mysql 
This is a breaking change from `nextcloud20`. However, the affected test
is still passing with an unused database password and socket
authentication.
 2020-10-06 20:22:48 +02:00
Maximilian Bosch
227ba90b28
nixos/nextcloud: update nginx config for nextcloud20 
See #97666 for further context.
 2020-10-06 20:22:47 +02:00
Maximilian Bosch
5f67a62d59
nixos/nextcloud: update upgrade-path for nextcloud20 
Please note that this is only for 21.03 since `nextcloud19` is intended
to be the default for the already feature-frozen 20.09 (the bump itself
is supposed to get backported however).
 2020-10-06 20:22:47 +02:00
adisbladis
f26d6639f2
Merge pull request #99693 from worldofpeace/spectacle-in-plasma5-default 
nixos/plasma5: add spectacle default
 2020-10-06 15:22:31 +02:00
WORLDofPEACE
afdeb406b0 nixos/gnome3: fixup unconditional code 2020-10-06 07:37:47 -04:00
Frederik Rietdijk
692d219a93 Merge staging-next into staging 2020-10-06 10:25:58 +02:00
WORLDofPEACE
55bc3e44b7 nixos/plasma5: add spectacle default 
Fixes https://github.com/NixOS/nixpkgs/issues/99680.

In the future I think it would be nice if plasma5 could assume
an approach for an interface we have in the gnome3 module [0].
Notably being able to exclude packages with an option from
the default environment and having a default environment that
is useful to the average user. See [1], currently plasma5 defaults
are very "hard core hacker" with the most bare bones setup.

[0]: https://github.com/NixOS/nixpkgs/issues/67310
[1]: https://github.com/NixOS/nixpkgs/issues/67310#issuecomment-524649585
 2020-10-06 01:25:22 -04:00
WORLDofPEACE
89281dd1df
Merge pull request #98510 from mvnetbiz/gnome3-excludepackages 
nixos/gnome3: don't enable modules for excludePackages
 2020-10-06 01:19:04 -04:00
Andreas Rammhold
2c0ee52d91
nixos/security/acme: order after nss-lookup.target 
This should hopefully solve races with DNS servers (such as unbound)
during the activation of a new generation. Previously unbound could
still be unavailable and thus the acme script would fail.
 2020-10-06 22:52:55 +02:00
WORLDofPEACE
d83e5a1ff6
Merge pull request #99697 from worldofpeace/rt-sched-optional-and-off-by-default 
nixos/gnome3: add realtime-scheduling option
 2020-10-06 16:30:27 -04:00
WORLDofPEACE
656cd70ea8 nixos/gnome3: add realtime-scheduling option 
This adds an option services.gnome3.experimental-features.realtime-scheduling
See this comment for the motivation [0].
Having gnome-shell launched with capability seemed harmless at first,
but it caused these issues [1] [2] for people who aren't even using
the feature. It makes more sense to make this optional.

[0]: https://github.com/NixOS/nixpkgs/issues/90201#issuecomment-683304279
[1]: https://github.com/NixOS/nixpkgs/issues/90201
[2]: https://github.com/NixOS/nixpkgs/issues/86730
 2020-10-06 01:58:51 -04:00
WORLDofPEACE
0d47426f37
Merge pull request #99615 from andir/use-configured-nix-for-installer 
nixos/installer: use the configured nix package for nixos-install
 2020-10-05 21:00:29 -04:00
Andreas Rammhold
544059b01f
nixos/installer: drop the extra nixUnstable in nixos-install 
The only nix version available in the installer should be the version
configure in the module system. If someone needs `nixUnstable` in their
`nixos-install` they should probably set the module option and not just
add it to the closure.
 2020-10-06 01:11:09 +02:00
Léo Gaspard
e0c48efc17
matrix-synapse module: fix documentation and add release notes (#99564) 2020-10-05 23:35:28 +02:00
Maximilian Bosch
609c4f497d
nixos/nextcloud: fix nginx config to allow copy/move-operations again 2020-10-05 22:25:30 +02:00
Michele Guerini Rocco
04670f8b3d
Merge pull request #96697 from hir12111/fix-font-dir 
fontdir: Consider scalable fonts in index fonts.dir
 2020-10-05 21:20:06 +02:00
WORLDofPEACE
fd74ab37b0
Merge pull request #99493 from cole-h/nixos-install-add-store 
nixos-install: use mountpoint as store
 2020-10-05 14:13:29 -04:00
Tim Steinbach
9646ae97c8
pam: Fix interaction with samba 
9544c6078e12aacaf17abc9a13e740658b17e747 / #96672 removed the samba option
`syncPasswordsByPam`.
Need to remove this option from the pam module, otherwise it will cause build errors
 2020-10-05 09:13:16 -04:00
Andreas Rammhold
2d92e695ba
Merge pull request #97989 from flokli/systemd-246.5 
systemd: 246.4 -> 246.6
 2020-10-05 15:02:39 +02:00
Aaron Andersen
dedd67610a
Merge pull request #99251 from xfix/remove-unnecessary-sendmail-configuration 
nixos/httpd: remove unnecessary sendmail configuration
 2020-10-05 08:59:42 -04:00
Maximilian Bosch
71098fba81
nextcloud20: init 2020-10-04 21:55:58 +02:00
Emilio Perez
52f028f2d9 nixos/xwayland: add new module and allow configuring a default font path 
- Add option `programs.xwayland.defaultFontPath`
- Modify sway to enable Xwayland
 2020-10-04 14:56:30 +01:00
Emilio Perez
f41f53dc49 nixos/fontdir: add option to decompress fonts 
This will let Xwayland use the global font folder as font path
 2020-10-04 14:56:30 +01:00
Emilio Perez
c99bd9bedf nixos/fontdir: add group of options for fontDir 
Renaming enableFontDir to fontDir.enable
 2020-10-04 14:56:29 +01:00
rnhmjoj
eda7e23ea4 nixos/fontdir: add the directory to the xserver font paths 2020-10-04 14:56:29 +01:00
rnhmjoj
1fdd3921a2 nixos/xserver: add option to configure the "Files" section 2020-10-04 14:56:29 +01:00
Emilio Perez
a5c0ba4004 nixos/fontdir: use regexp to find font files 2020-10-04 14:56:29 +01:00
Emilio Perez
a5618e6187 nixos/fontdir: gather more font formats 
- Fix wrong order in which font indexes are created
mkfontdir requires the file fonts.scale to consider scalable fonts,
thus, mkfontscale should be run before

- Search more font formats, in particular, bit-mapped formats
 2020-10-04 14:56:29 +01:00
Mario Rodas
e940c41a9c
Merge pull request #98163 from yanganto/hime 
hime: init at unstable-2020-06-27
 2020-10-04 08:13:21 -05:00
Maximilian Bosch
08cc63b20b
Merge pull request #97666 from Ma27/nextcloud-nginx 
nixos/nextcloud: fix `nginx`-config for Nextcloud 19 and older
 2020-10-04 13:51:52 +02:00
Augustin Borsu
685ae84cb0 nixos/jenkins: switch to openjdk11 as openjdk14 is not supported 2020-10-04 11:45:02 +02:00
Doron Behar
9544c6078e
Merge pull request #96672 from doronbehar/module/samba 
nixos/samba: remove upstream deprecated syncPasswordsByPam option
 2020-10-04 11:29:56 +03:00
Martin Weinelt
23c1374bd7
Merge pull request #90067 from mmilata/sympa-6.2.56 
nixos/sympa: fix PATH_INFO splitting for sympa-6.2.56
 2020-10-04 04:33:41 +02:00
Cole Helbling
3bbe4c322a
nixos-install: use mountpoint as store 
Otherwise, it's possible building a flake may cause the live CD to run
out of memory.
 2020-10-03 10:09:20 -07:00
Antonio Yang
0c138794af input methods: add hime 2020-10-03 22:27:22 +08:00
Gabriel Ebner
f26dcb4850
Merge pull request #93201 from symphorien/dovecot-namespace-mailbox 
nixos/dovecot: configure mailboxes for all processes
 2020-10-03 14:46:40 +02:00
Jonas Meurer
07988a0f88
nixos/moodle: add missing PHP module (#99163) 2020-10-03 11:41:56 +02:00
Eelco Dolstra
b551f06097 nixos-generate-config: Add missing newline 2020-10-03 10:48:39 +02:00
Anderson Torres
26108ada86
Merge pull request #99371 from zowoq/rm-caddy1 
caddy1: remove
 2020-10-02 20:49:50 -03:00
Florian Klink
93178d471e
Merge pull request #99329 from 0x4A6F/master-networking-hostname 
nixos: Conform with RFC 1123 in networking.hostName
 2020-10-02 22:01:51 +02:00
WORLDofPEACE
bd52e7f8d3
Merge pull request #99039 from worldofpeace/dnscrypt-proxy2-harden 
nixos/dnscrypt-proxy2: harden and improve service
 2020-10-02 11:48:58 -04:00
zowoq
8f74e9e905 nixos/caddy: remove caddy1 2020-10-02 23:50:59 +10:00
Maximilian Bosch
8626701b2d
Merge pull request #99256 from Ma27/sudo-pkg-option 
nixos/sudo: add `package` option
 2020-10-02 12:35:58 +02:00
Andreas Rammhold
66c3ba64b8
Merge pull request #99340 from andir/nftables-fix-iptables-conflict-errormsg 
nftables: Warn about correct firewall setting
 2020-10-02 11:13:26 +02:00
Konrad Borowski
6fc06a1d3d nixos/phpfpm: remove unnecessary sendmail configuration 2020-10-02 09:11:14 +02:00
Klemens Nanni
fb13347d2a nixos/plasma5: Enable browser integration 
This option is not documented anywhere and while it may be set
in configuration.nix to enable integration, having it on by
default when using both plasma and firefox is a great convenience;
just like all other desktop environments do it already.
 2020-10-02 13:07:09 +08:00
WORLDofPEACE
332dcda646
Merge pull request #98996 from NixOS/worldofpeace-patch-1 
nixos/dnscrypt-proxy2: version the example file
 2020-10-02 00:32:45 -04:00
Matt Votava
bc970e94e7 nixos/gnome3: don't enable modules for excludePackages 2020-10-02 00:24:24 -04:00
WORLDofPEACE
6e7e633a54 nixos/dnscrypt-proxy2: harden and improve service 2020-10-02 00:00:22 -04:00
Klemens Nanni
e438d4a04f
nftables: Warn about correct firewall setting 
services.networking.firewall might have existed during import of this
module in 2016, but it is unknown as of today.

Point to the proper boolean knob to avoid confusion.
 2020-10-02 00:25:57 +02:00
0x4A6F
c232d4b587
nixos: Conform with RFC 1123 in networking.hostName 
Conform to RFC 1123 [0], specifically to "2.1 Host Names and Numbers",
which allow starting host name with alphanumerical instead of alphabetical characters.
RFC 1123 updates RFC 952 [1], which is referenced in "man 5 hosts".

[0]: https://tools.ietf.org/html/rfc1123
[1]: https://tools.ietf.org/html/rfc952
 2020-10-01 22:06:00 +00:00
Maximilian Bosch
d2dc0ae203
nixos/sudo: add package option 
The `package`-option is always useful if modifying a package in an
overlay would mean that a lot of other packages need to be rebuilt as
well.

In case of `sudo` this is actually the case: when having an override for
it (e.g. for `withInsults = true;`), you'd have to rebuild e.g. `zfs`
and `grub` although that's not strictly needed.
 2020-10-01 13:00:52 +02:00
Konrad Borowski
05eb3496e6 nixos/httpd: remove unnecessary sendmail configuration 
PHP now uses system-sendmail without special configuration.
 2020-10-01 12:05:08 +02:00
Sumner Evans
8c72cf16fa
nixos/redshift: add executable option 
Added ability to configure the executable that the redshift service
uses.
 2020-09-30 17:00:38 -06:00
Alexandre Macabies
b9750a9b57 nixos/hardware/rtl-sdr: new module 
This is a very thin module to ensure "plugdev" user exists and some udev
rules are enabled, a prerequisite for using rtl-sdr.
 2020-09-30 20:39:58 +02:00
Jonathan Ringer
46e27bcb16 nixos/tests: fix x11 tests 2020-09-30 09:09:56 -07:00
Johan Thomsen
8f5949fd46 nixos/initrd-ssh: set more defensive pemissions on sshd test key 
It looks like the test sshd key can never be used, because of too open
permissions. My guess is that the current test script works fine once
the user defined ssh-key has been copied into initrd.

At "nixos-install" however, the user specified host key is not present
in initrd yet and validation fails.

fixes #91486
 2020-09-30 15:47:49 +02:00
Maximilian Bosch
6148b0e59f
Merge pull request #99079 from mayflower/openvpn-exporter-upstream 
nixos/prometheus-exporters/openvpn: init
 2020-09-30 15:37:03 +02:00
Linus Heckemann
a560936cab nixos/prometheus-exporters/openvpn: init 
Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
Co-Authored-By: Robin Gloster <mail@glob.in>
 2020-09-29 10:53:04 +02:00
Linus Heckemann
2c1e72ee6a prometheus exporters: always set user and group 
systemd.exec(5) on DynamicUser:
> If a statically allocated user or group of the configured name
> already exists, it is used and no dynamic user/group is allocated.

Using DynamicUser while still setting a group name can be
useful for granting access to resources that can otherwise only be
accessed with entirely static IDs.
 2020-09-29 10:53:04 +02:00
Emery Hemingway
e7d0500cb3 nixos/rsyncd: convert module to an INI generator 2020-09-29 08:07:53 +02:00
WORLDofPEACE
4065a45638
Merge pull request #99038 from worldofpeace/nixos-rebuild-impure 
nixos-rebuild: add impure
 2020-09-28 22:23:30 -04:00
Jan Tojnar
32b4375f10
Merge branch 'staging-next' into staging 2020-09-29 00:12:29 +02:00
WORLDofPEACE
1343164249 nixos-rebuild: add impure 2020-09-28 17:24:37 -04:00
Andreas Rammhold
9630d5c07f
nixos/security/wrapper: ensure the tmpfs is not world writeable 
The /run/wrapper directory is a tmpfs. Unfortunately, it's mounted with
its root directory has the standard (for tmpfs) mode: 1777 (world writeable,
sticky -- the standard mode of shared temporary directories). This means that
every user can create new files and subdirectories there, but can't
move/delete/rename files that belong to other users.
 2020-09-28 22:55:20 +02:00
Matthieu Coudron
cd7db06935
programs.neovim: fix documentation (#99023) 
brackets broke doc generation on master
 2020-09-28 22:42:18 +02:00