Commit graph

2220 commits

Author SHA1 Message Date
Maximilian Bosch
1652bbcfc3
Merge pull request #188174 from yayayayaka/matrix-synapse-systemd-hardening
nixos/matrix-synapse: Harden systemd serivce
2022-08-26 10:10:04 +02:00
Jonas Heinrich
21ba29f226
Merge pull request #181338 from thyol/diamond
diamond: 0.8.36 -> 2.0.15
2022-08-25 15:25:03 +02:00
Yaya
0c5fbf9c08 nixos/matrix-synapse: Harden systemd serivce
This commit introduces hardening options to the `matrix-synapse`
systemd service.
2022-08-25 08:58:22 +00:00
Janne Heß
0b3e7f063c
boostrap fetchurl: Add SRI support 2022-08-24 09:55:45 +02:00
misuzu
5fcdceb0b2 nixos/netbird: init 2022-08-22 16:37:43 +03:00
Alexander Bantyev
629ec1b38a
Merge pull request #161805 from yrd/outline
outline: init at 0.65.2
2022-08-22 14:45:12 +04:00
Bobby Rong
29cb1c877c
Merge pull request #184409 from water-sucks/lightdm-slick-greeter
lightdm-slick-greeter: init at 1.5.9
2022-08-20 09:28:52 +08:00
Linus Heckemann
d167d23b40
Merge pull request #176780 from linj-fork/emacs-native-comp
emacs: enable native-comp
2022-08-19 12:04:51 +02:00
Gauvain 'GovanifY' Roussel-Tarbouriech
6c55578c7e nixos/komga: add module 2022-08-18 22:52:27 -04:00
Bobby Rong
038d91ed41 rl-2211: mention blueman & slick-greeter switch 2022-08-18 23:01:43 +08:00
ckie
30ad2e1c12
Merge pull request #162484 from jappeace/keter-module
nixos/keter: init at 2.0.1
2022-08-18 15:44:05 +03:00
Lin Jian
51bd7cf0d0
emacs: enable native-comp 2022-08-18 20:38:37 +08:00
Jappie Klooster
a4d72ad628
nixos/keter: init
Enable keter module

Keter is an apploader which:
1. has the old app running on a port.
2. loads a new one, and wait for that to complete
3. switches the old with the new one once the new one finished loading.

It supports more functionality but this use case
is the primary one being used by supercede.

Adds keter as a module to nixos.
Currently keter is unusable with nix,
because it relies on bundeling of a tar and uploading that to a specific folder.
These expressions automate these devops tasks,
with especially nixops in mind.
This will work with versions above 1.8

The test seems to work.
This uses a new version of keter which has good
support for status code on error pages.
We're using this config at production at supercede
so it should be fine.

Squash log:
==========

mention keter in changelog

Update generated release notes

Always restart keter on failure

This is a little bit of extra stability in case keter crashes.
Which can happen under extreme conditions (DoS attacks).

Update nixos/doc/manual/release-notes/rl-2205.section.md

Co-authored-by: ckie <25263210+ckiee@users.noreply.github.com>

Update nixos/modules/module-list.nix

Co-authored-by: ckie <25263210+ckiee@users.noreply.github.com>

Remove sanitization

don't put domain in as a string

Update nixos/tests/keter.nix

Co-authored-by: ckie <25263210+ckiee@users.noreply.github.com>

add jappie as module maintainer

Use type path instead of two seperate options

Fix generated docs

added test machinery to figure out why it's failing

Fix the test, use console output

run nixpkgs-fmt on all modules

Inline config file.

This get's rid of a lot of inderection as well.

Run nix format

remove comment

simplify executable for test

delete config file

add config for keter root

Remove after redis clause

set keter root by default to /var/lib/keter

Update nixos/modules/services/web-servers/keter/default.nix

Co-authored-by: ckie <25263210+ckiee@users.noreply.github.com>

Update nixos/modules/services/web-servers/keter/default.nix

Co-authored-by: ckie <25263210+ckiee@users.noreply.github.com>

Update nixos/modules/services/web-servers/keter/default.nix

Co-authored-by: ckie <25263210+ckiee@users.noreply.github.com>

fix nit

add newlines

add default text and move description in a long description

Delete rather obvious comment

fix release db thing

remove longDescription and put it in a comment instead

change description of mkEnalbeOption

explain what keter does by using the hackage synopsis

set domain to keterDomain and same for executable

move comment to where it's happening

fix type error

add formatting better comment

try add seperate user for keter

Revert "try add seperate user for keter"

This reverts commit d3522d36c96117335bfa072e6f453406c244e940.

Doing this breaks the setup

set default to avoid needing cap_net_bind_service

remove weird comment

use example fields

eleborated on process leakage

Update nixos/modules/services/web-servers/keter/default.nix

Co-authored-by: ckie <25263210+ckiee@users.noreply.github.com>

run nixpkgs-fmt

update docs

Fix formatting, set keter package by default

format our little nixexpr

replace '' -> " where possible

drop indent for multiline string

make description much shorter

regen docs database
2022-08-18 15:29:47 +03:00
Yannik Rödel
9898e975af outline: init at 0.65.2 2022-08-17 16:30:16 +02:00
Paul-Henri Froidmont
d2ce318bd4 nixos/patroni: init 2022-08-16 18:57:15 +02:00
Maxine Aubrey
b474599529
nomad: default to nomad_1_3, add to release notes 2022-08-16 01:12:41 +02:00
Vincent Haupert
006d9d2dfb release-notes: add github-runner support for PAT and ephemeral 2022-08-15 13:13:58 -04:00
Winter
dbd18a63a7 fetchgit: allow disabling cone mode for sparse checkouts, fix test 2022-08-14 23:03:07 +02:00
Kerstin Humm
5f2ae2e43f neo4j: add release notes about version bump 2022-08-12 15:45:48 -07:00
Martin Weinelt
a58668f0a0
Merge pull request #176835 from pennae/syncserver 2022-08-12 01:33:26 +02:00
pennae
bd1978e911 nixos/firefox-syncserver: init 2022-08-12 00:45:25 +02:00
ajs124
f763710065 nixos/udisks2: don't enable by default
This was enabled by default in 18a7ce76fc
with the reason that it would be "useful regardless of the desktop
environment.", which I'm not arguing against.

The reason why this should not be enabled by default is that there are a
lot of systems that NixOS runs on that are not desktop systems.
Users on such systems most likely do not want or need this feature and
could even consider this an antifeature.
Furthermore, it is surprising to them to find out that they have this
enabled on their systems.
They might be even more surprised to find that they have polkit enabled
by default, which was a default that was flipped in
a813be071c. For some discussion as to why
see https://github.com/NixOS/nixpkgs/pull/156858.

Evidently, this default is not only surprising to users, but also module
developers, as most if not all modules for desktop environments already
explicity set services.udisks2.enable = true; which they don't need to
right now.
2022-08-11 02:47:34 +02:00
Sergei Trofimovich
5ad2e70f95
Merge pull request #181079 from profianinc/init/nixos/amd-sev
nixos/amd.sev: init
2022-08-10 23:32:39 +01:00
illustris
3e212a42d7 nixos/hbase: update release notes 2022-08-07 21:21:45 +02:00
Bobby Rong
9c16fe5b87
Merge #181918: Cinnamon 5.4
https://www.linuxmint.com/rel_vanessa_cinnamon_whatsnew.php
2022-08-07 10:07:01 +08:00
Bobby Rong
041b684369
rl-2211: mention cinnamon update 2022-08-03 20:47:07 +08:00
Franz Pletz
72d98311e9
virtlyst: remove 2022-08-03 13:53:13 +02:00
Winter
468c10d8e0
Merge pull request #183039 from jansol/master 2022-08-01 18:17:39 -04:00
Jan Solanti
34a04025cf xow: remove
Upstream project has been deprecated in favour of the 'xone' kernel
mode driver.
2022-08-02 00:50:32 +03:00
Thomas Gerbet
595932cd2b cosign: 1.9.0 -> 1.10.0
`cosigned` is no more part of the cosign repository and it has been moved
into a `sigstore/policy-controller` repository. A new package should probably
be created to replace it.

https://github.com/sigstore/cosign/releases/tag/v1.10.0
2022-08-01 16:26:26 +02:00
Roman Volosatovs
191f777c4a
nixos/amd.sev: init
Signed-off-by: Roman Volosatovs <roman@profian.com>
Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
2022-07-25 18:13:52 +02:00
Lin Jian
b6617bb594
nixos/kanata: init 2022-07-26 00:06:48 +08:00
Shamrock Lee
c25543b554 wineWowPackages: default mainProgram to "wine64" 2022-07-22 22:45:44 +00:00
Sandro
0890c4aef1
Merge pull request #168879 from aidalgol/pass-secret-service-systemd-unit 2022-07-17 16:45:27 +02:00
thyol
bb3ed09b06 diamond: add release notes 2022-07-13 12:33:33 +02:00
Aidan Gauland
d9119dbbdf
pass-secret-service: unstable-2020-04-12 -> unstable-2022-03-21
* Update to the latest upstream version of pass-secret-service that includes
  systemd service files.
* Add patch to fix use of a function that has been removed from the Python
  Cryptography library in NixOS 22.05
* Install systemd service files in the Nix package.
* Add NixOS test to ensure the D-Bus API activates the service unit.
* Add myself as a maintainer to the package and NixOS test.
* Use checkTarget instead of equivalent custom checkPhase.
2022-07-12 07:33:26 +12:00
Martin Weinelt
0044b4fa22
Merge pull request #180950 from alyssais/graphite 2022-07-10 17:22:45 +02:00
K900
d2b579b23e
Merge pull request #178254 from K900/update-tempo
tempo: 1.1.0 -> 1.4.1, add NixOS module
2022-07-10 14:01:30 +03:00
Alyssa Ross
1f18d44106
python3.pkgs.graphite_api: remove
Due to lack of maintenance.  It doesn't build, the last upstream
commit was in 2017, and last significant change in Nixpkgs was in
2018.
2022-07-10 09:46:20 +00:00
Alyssa Ross
9f2c91667d
python3.pkgs.influxgraph: remove
Due to lack of maintenance.  Last upstream commit was in 2018, and
graphite_api doesn't build, is also unmaintained upstream, and will
also be removed.
2022-07-10 09:46:18 +00:00
Alyssa Ross
ada1d87767
python3.pkgs.graphite_beacon: remove
Due to lack of maintenance.  It is not compatible with the default
Python version (due to the tornado 5) dependency, and doesn't look
like it will be any time soon.
2022-07-10 09:17:23 +00:00
K900
03dd01dd2f nixos: add module for tempo
It's very barebones but should be OK for now.
2022-07-08 21:33:17 +03:00
Robert Hensing
613e768608
Merge pull request #179801 from hercules-ci/fix-footgun-dockerTools-buildImage-contents
dockerTools.buildImage: Add copyToRoot to replace contents, explain usage
2022-07-07 09:51:41 +02:00
Robert Hensing
e007eb480c dockerTools.buildImage: Add copyToRoot to replace contents, explain usage 2022-07-06 07:30:24 +02:00
Kevin Cox
568d2e77f4
nixos.redis: Fix disabling of RDB persistence.
I was under the impression that setting `services.redis.servers.<name>.save = []` would disable RDB persistence as no schedule would mean no persistence. However since the code did not handle this case specially it actually results in no `save` setting being written and the internal Redis default is used.

This patch handles the empty case to disable RDB persistence.

Disabling RDB persistence is useful in a number of scenarios:

1. Using Redis in a pure-cache mode where persistence is not desired.
2. When using the (generally superior) AOF persistence mode this file is never read so there is little point to writing it.
3. When saving is handled manually

For more information see https://redis.io/docs/manual/persistence/

This is a breaking change as the user may have been relying on `[]` using Redis defaults. However I believe that updating the behaviour for the next release is beneficial as IMHO it is less surprising and does what the user would expect. I have added release notes to warn about this change.
2022-07-05 07:37:38 -04:00
Ryan Burns
3854cf7eeb
Merge pull request #173127 from aidalgol/teensy-udev-rules
teensy-udev-rules: init at version 2022-05-15
2022-07-03 14:05:07 -07:00
José Romildo Malaquias
f72be3af76
Merge pull request #179220 from romildo/fix.xfconf
nixos/xfconf: init
2022-06-30 07:39:27 -03:00
Aidan Gauland
0cb24e2d32
teensy-udev-rules: init at version 2022-05-15
Add udev rules for the Teensy family of microcontrollers so that they can be
flashed as non-root users.
2022-06-29 11:45:50 +12:00
Florian Klink
4c6b6482f9
Merge pull request #178841 from Madouura/dev/zfs
release-notes: move zfs update from 22.11 to 22.05
2022-06-27 10:12:02 +07:00
Kevin Cox
3f13b3fb7e
Merge pull request #179194 from gravndal/supportedLocales
nixos/i18n: include locales from extraLocaleSettings in supportedLocales
2022-06-26 18:03:55 -04:00