Commit graph

856 commits

Author SHA1 Message Date
Emily
d930466b77 nixos/initrd-ssh: switch from Dropbear to OpenSSH
Dropbear lags behind OpenSSH significantly in both support for modern
key formats like `ssh-ed25519`, let alone the recently-introduced
U2F/FIDO2-based `sk-ssh-ed25519@openssh.com` (as I found when I switched
my `authorizedKeys` over to it and promptly locked myself out of my
server's initrd SSH, breaking reboots), as well as security features
like multiprocess isolation. Using the same SSH daemon for stage-1 and
the main system ensures key formats will always remain compatible, as
well as more conveniently allowing the sharing of configuration and
host keys.

The main reason to use Dropbear over OpenSSH would be initrd space
concerns, but NixOS initrds are already large (17 MiB currently on my
server), and the size difference between the two isn't huge (the test's
initrd goes from 9.7 MiB to 12 MiB with this change). If the size is
still a problem, then it would be easy to shrink sshd down to a few
hundred kilobytes by using an initrd-specific build that uses musl and
disables things like Kerberos support.

This passes the test and works on my server, but more rigorous testing
and review from people who use initrd SSH would be appreciated!
2020-03-25 08:26:50 +00:00
Tor Hedin Brønner
038a8890a7
rl-2009: note gnome desktop upgrade 2020-03-24 07:11:17 +01:00
Aaron Andersen
6f0c1cdbd9 nixos/duosec: rename ikey option to integrationKey 2020-03-22 20:25:11 -04:00
Aaron Andersen
b9dca769f1 nixos/duosec: replace insecure skey option with secure secretKeyFile option 2020-03-22 20:23:55 -04:00
Florian Klink
d96bd3394b nixos/manual: fix build 2020-03-19 15:32:34 +01:00
Florian Klink
355c58e485 nixos/networkd: respect systemd.network.links also with disabled systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.

This was originally applied in 36ef112a47,
but was reverted due to 1115959a8d causing
evaluation errors on hydra.
2020-03-19 14:15:32 +01:00
Niklas Hambüchen
0908ec4952
Merge pull request #82665 from bhipple/doc/upower
doc: update 20.03 release notes regarding upower
2020-03-18 02:44:18 +01:00
goibhniu
5241e5a193
Merge pull request #79851 from mmilata/supybot-enhancements
nixos/supybot: switch to python3, enable systemd sandboxing, add option for installing plugins
2020-03-17 19:07:41 +00:00
davidak
dc434b0704 Doc: Fix typo 2020-03-17 13:26:55 +01:00
Benjamin Hipple
90c3fa478b doc: update 20.03 release notes regarding upower
UPower works just fine in 20.03, but only if the service is enabled.

Resolves #82529; see issue for details.
2020-03-16 20:08:35 -04:00
Maximilian Bosch
849e16888f
nixos/doc/matrix-synapse: refactor
* Linkify all service options used in the code-examples.
* Demonstrated the use of `riot-web.override {}`.
* Moved the example how to configure a postgresql-database for
  `matrix-synapse` to this document from the 20.03 release-notes.
2020-03-16 10:39:42 +01:00
Maximilian Bosch
8be61f7a36
matrix-synapse: 1.9.1 -> 1.11.1
https://github.com/matrix-org/synapse/releases/tag/v1.10.0
https://github.com/matrix-org/synapse/releases/tag/v1.10.1
https://github.com/matrix-org/synapse/releases/tag/v1.11.0
https://github.com/matrix-org/synapse/releases/tag/v1.11.1
2020-03-15 17:09:51 +01:00
Léo Gaspard
7566b4f924
Merge pull request #82614 from Ekleog/xfce4-remove-alias
xfce4-12: remove alias
2020-03-15 12:00:20 +01:00
Florian Klink
74f451b851
Merge pull request #82413 from aanderse/authorized-keys-command
nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options
2020-03-14 23:58:47 +01:00
Léo Gaspard
175f9ef4f8 xfce4-12: remove alias 2020-03-14 22:05:50 +01:00
Vladimír Čunát
0729b8c55e
Revert Merge #82310: nixos/systemd: apply .link
...even when networkd is disabled

This reverts commit ce78f3ac70, reversing
changes made to dc34da0755.

I'm sorry; Hydra has been unable to evaluate, always returning
> error: unexpected EOF reading a line
and I've been unable to reproduce the problem locally.  Bisecting
pointed to this merge, but I still can't see what exactly was wrong.
2020-03-13 22:05:33 +01:00
Maximilian Bosch
7e978ca324
nixos/manual: fix build 2020-03-13 02:04:26 +01:00
Aaron Andersen
dbe59eca84 nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options 2020-03-12 21:00:12 -04:00
Florian Klink
ce78f3ac70
Merge pull request #82310 from flokli/systemd-network-link-no-networkd
nixos/systemd: apply .link even when networkd is disabled
2020-03-12 15:47:59 -07:00
Elis Hirwing
a04010b64a
php: 7.3.15 -> 7.4.3 2020-03-11 20:20:22 +01:00
Florian Klink
36ef112a47 nixos/networkd: respect systemd.network.links also with disabled systemd-networkd
This mirrors the behaviour of systemd - It's udev that parses `.link`
files, not `systemd-networkd`.
2020-03-11 10:21:37 +01:00
Martin Milata
57f5fb62d4 nixos/supybot: enable systemd sandboxing options 2020-03-09 23:32:54 +01:00
Vladimír Čunát
1cf4fea33f
nixos/release-notes: fix a tiny typo 2020-03-05 14:03:27 +01:00
Maximilian Bosch
f4d71e2e73
nixos/release-notes: mention fix for predictable network-interfaces in initrd 2020-03-02 17:57:05 +01:00
Michele Guerini Rocco
d54f028941
Merge pull request #81473 from pacien/riot-no-phoning-home-release-notes-20-03
riot-web: mention incompatible config change in release notes
2020-03-02 03:13:39 +01:00
pacien
6d4fd13612 riot-web: mention incompatible config change in release notes
Mention the changes introduced in commit c9e5cca.

GitHub: closes #81416
2020-03-02 00:44:51 +01:00
Maximilian Bosch
e661d071f5
Merge pull request #80666 from netixx/grafana-phantomhs2-optional
grafana: made phantomjs2 optional
2020-02-25 22:49:51 +01:00
Maximilian Bosch
7458509972
nixos/manual: fix dates for support-plan of 20.09 2020-02-25 20:52:23 +01:00
Netix (Espinet François)
9f0014b6f2
grafana: made phantomjs2 optional
On servers especially, phantomjs2 pulls graphical dependencies which is unecessary.
This pathes enable the package to be linked/installed without
phantomjs2. Phantomjs2 is disabled by default since it has been deprecated in grafana https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/
2020-02-25 20:36:47 +01:00
Maximilian Bosch
c391343fcd
nixos/nixos-build-vms: switch to python test-driver
In 0945178b3c we decided that Perl-based
VM tests should be deprecated and will be removed between 20.03 and
20.09. So let's switch `nixos-build-vms(8)` to python as well (which is
entirely interactive, so other scripts won't break).

In my experience, the test-driver isn't used most of the time, so this
patch is mainly supposed to get rid of the (probably misleading)
deprecation warning when running `nixos-build-vms`. Apart from that, the
interface for python's test-driver is way nicer.
2020-02-15 19:35:17 +01:00
worldofpeace
be01f27adc rl-2009: typo 2020-02-10 14:23:00 -05:00
worldofpeace
2ba2b0cf23 20.09 is Nightingale 2020-02-10 14:14:18 -05:00
Silvan Mosberger
e3c5d299dc
Merge pull request #78373 from serokell/yorickvp/buildkites
nixos/buildkite-agents: support multiple buildkite agents
2020-02-10 14:39:40 +01:00
Yorick van Pelt
e242eccb0b
nixos/buildkite-agents: update release notes 2020-02-10 13:36:30 +01:00
aszlig
8754986076
nixos: Fix build of manual
XML error introduced with merge commit 4e0fea3fe2.

This was probably because of wrong conflict resolution, because the
actual change (d8e697b4fc) had the close
tag of the <para/> element, but the merge commit didn't.

Signed-off-by: aszlig <aszlig@nix.build>
2020-02-10 13:33:52 +01:00
Florian Klink
4e0fea3fe2 Merge pull request #77578 from m1cr0man/master
Replace simp-le with lego and support DNS-01 challenge
2020-02-10 11:47:30 +01:00
Maximilian Bosch
dd6a291e9f
gcc-snapshot: remove
Package is marked as broken for >2 years and used a fairly old
snapshot from the gcc7-branch, so I fairly doubt that this is
somewhere used (and is also pretty misleading as you don't expect a
random snapshot from gcc7 at `pkgs.gcc-snapshot`).
2020-02-09 22:46:29 +01:00
Lucas Savva
75fa8027eb
nixos/acme: Update release note, remove redundant requires
Merge remote-tracking branch 'remotes/upstream/master'
2020-02-09 16:31:07 +00:00
Lucas Savva
d8e697b4fc
nixos/acme: update release notes for 20.03 2020-02-09 15:59:03 +00:00
Symphorien Gibol
4600fe67c5 nixos/roundcube: add release notes for #77532 2020-02-05 12:00:00 +00:00
Maximilian Bosch
294f667121
sqldeveloper: {17.4.1.054.0712,18.2.0.183.1748} -> 19.4.0.354.1759
There are no new releases of sqldeveloper v17/v18 and I don't think that
we should keep obviously unmaintained software that interacts with
database systems.

I removed `sqldeveloper_18` and `pkgs.sqldeveloper` now points to
version 19.4. Unfortunately I had to drop darwin support as JavaFX is
required for 19.4 which is part of the `oraclejdk` which isn't packaged
for darwin yet.

For further information please refer to the release notes:

https://www.oracle.com/technetwork/developer-tools/sql-developer/downloads/sqldev-relnotes-194-5908846.html
2020-02-04 13:51:52 +01:00
Marek Mahut
2abe12a39a manual.release-notes: qesteidutil is deprecated 2020-02-03 11:22:19 +01:00
worldofpeace
915060d03f rl-2003: dnscrypt-proxy2 2020-02-02 11:11:27 -05:00
Maximilian Bosch
0c960262d1
oraclejdk8: document removals in the release notes 2020-02-02 12:11:50 +01:00
worldofpeace
22c56b847e
Merge pull request #79054 from worldofpeace/geary-module-note
rl-2003: add note about Geary module
2020-02-01 18:05:40 -05:00
worldofpeace
4200386fb6 rl-2003: add note about Geary module 2020-02-01 18:01:25 -05:00
Franz Pletz
e8b8e8c615
rspamd: 1.9.4 -> 2.2 2020-02-01 14:20:51 +01:00
Linus Heckemann
3af5a40fe2
Merge pull request #78843 from rnhmjoj/ipv6-privacy
nixos/networking-interfaces: change preferTempAddress to allow disabling temp addresses
2020-02-01 12:04:58 +01:00
rnhmjoj
0c19bfb8ac
nixos/docs: document preferTempAddress -> tempAddress change 2020-02-01 11:38:40 +01:00
Maximilian Bosch
7f49fa63ca
Merge pull request #75439 from Ma27/submodule-fixes-for-nixos-option
nixos/nixos-option: fix evaluator to render a full submodule entry
2020-02-01 10:00:59 +01:00
worldofpeace
51b95565a6
Merge pull request #78713 from vcunat/p/linux_5_4-default
linuxPackages: 4.19 -> 5.4
2020-01-31 14:32:10 -05:00
Vladimír Čunát
bba954f34e
nixos release notes: document linuxPackages update 2020-01-31 15:58:46 +01:00
Maximilian Bosch
f73d725967 llvm_{3,4}: re-add attributes with an error message about their removal
With this change, expressions relying on those old LLVM versions will
fail with a meaningful error message.
2020-01-30 18:39:42 -05:00
Alyssa Ross
6ea79d2707 nixos/doc: add Mailman release notes for 20.03 2020-01-30 23:14:45 +00:00
worldofpeace
1be8ee98f5 rl-2003: fix typo
networkd on your mind 😜
2020-01-30 05:50:03 -05:00
worldofpeace
c95612a5a2 nixos/display-managers/auto: remove
This module allows root autoLogin, so we would break that for users, but
they shouldn't be using it anyways. This gives the impression like auto
is some special display manager, when it's just lightdm and special pam
rules to allow root autoLogin. It was created for NixOS's testing
so I believe this is where it belongs.
2020-01-29 19:05:46 -05:00
Maximilian Bosch
dd583e7f12
nixos/release-notes: document gcc5 removal 2020-01-28 20:23:53 +01:00
Maximilian Bosch
69d127cc81
citrix_workspace_19_3_0: mark as unsupported
Will be unsupported within the lifespan of 20.03. Also there aren't any
known issues that require this version as workaround, so a removal
should be fairly safe.
2020-01-28 11:40:20 +01:00
Marek Mahut
a5798cf78e rl-2003.xml: adding note about FIDO2 luks 2020-01-22 08:38:16 +01:00
Florian Klink
eba10dcbcb
Merge pull request #77950 from flokli/buildkite-3
nixos/buildkite-agent: move to v3
2020-01-19 14:23:49 +01:00
worldofpeace
ffcfb80781
Merge pull request #77690 from gnidorah/way-cooler
way-cooler: Remove
2020-01-18 14:50:41 -05:00
Matthias Beyer
29bb16a9cd way-cooler: Remove
As of 2020-01-09, way-cooler is officially dead:

    http://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html

hence, remove the package and the module.

Signed-off-by: Matthias Beyer <mail@beyermatthias.de>

docs/release-notes: remove way-cooler

way-cooler: show warnings about removal

Apply suggestions from code review

Co-Authored-By: worldofpeace <worldofpeace@protonmail.ch>

way-cooler: add suggestion by @Infinisil
2020-01-18 18:25:01 +03:00
Florian Klink
b9182529b4 nixos/buildkite: add release notes 2020-01-17 23:11:26 +01:00
Silvan Mosberger
9d4b59b549
nixos/doc: Add incompatibility note for either submodule path
Co-Authored-By: Robert Hensing <roberth@users.noreply.github.com>
2020-01-09 16:47:53 +01:00
rnhmjoj
fa3919de5f
nixos/doc: document the loaOf type deprecation 2020-01-08 00:47:59 +01:00
Vladimír Čunát
c3d4998e41
Merge #75803: kresd service: unify listen declarations 2019-12-27 15:55:38 +01:00
Aaron Andersen
4d2dd15546
Merge pull request #73113 from aanderse/httpd-vhost
nixos/httpd: support overridable virtual hosts
2019-12-26 08:09:08 -05:00
Dima
2467edf80c nixos/manual: fixing links for awstats release note (#76500)
`linkend` attribute needs to point to an option.
2019-12-25 21:06:18 +02:00
Aaron Andersen
79215f0df1 nixos/httpd: limit serving web content to virtual hosts, convert virtualHosts option type from listOf to attrsOf, add ACME integration 2019-12-24 20:27:48 -05:00
Ben Harper
dade94cdb9 nixos/awstats: refactor module 2019-12-24 12:20:52 -05:00
Florian Klink
0a41dae98b
Merge pull request #56255 from Izorkin/nginx-temp1
nginx: do not run anything as root
2019-12-20 23:34:55 +01:00
rnhmjoj
9802bc5b32
docs/release-notes: fix indentation 2019-12-20 00:27:35 +01:00
rnhmjoj
bce1437493
docs/release-notes: document console related changes 2019-12-20 00:27:34 +01:00
Chuck
ed51fd0033 nixos/nixos-option: Convert --all into -r 2019-12-19 15:00:43 +01:00
Jan Tojnar
6be14ee97b
Merge pull request #53843 from hedning/session-default
nixos/displayManager: introduce defaultSession
2019-12-18 21:16:06 +01:00
Dustin Frisch
f886a14dbd
kresd: Unified listen declarations
Deperecates the interfaces option which was used to generate a host:port
list whereas the port was always hardcoded to 53. This unifies the
listen configuration for plain and TLS sockets and allows to specify a
port without an address for wildcard binds.
2019-12-17 12:44:24 +01:00
Danylo Hlynskyi
d206f2304f
nixos containers: disable NixOS manual in container config. (#75659)
This makes ~2.5x speed up of an empty container instantiate, hence reduces
rebuild time of system with many declarative containers.

Note that this doesn't affect production systems much, becaseu those most
likely already include `minimal.nix` profile.
2019-12-15 18:21:52 +02:00
Izorkin
2a413da57e nixos/nginx: do not run anything as root 2019-12-15 11:21:08 +03:00
Jan Tojnar
8dc5ff7dcf
nixos/displayManager: deprecate separate options for default wm/dm
The upstream session files display managers use have no concept of sessions being composed from
desktop manager and window manager. To be able to set upstream session files as default
session, we need a single option. Having two different ways to set default session would be confusing,
though, so we decided to deprecate the old method.

We also created separate script for each session, just like we already had a separate desktop
file for each one, and started using displayManager.sessionPackages mechanism to make the
session handling more uniform.
2019-12-15 04:16:20 +01:00
Frederik Rietdijk
dfdf1597a7 Merge master into staging-next 2019-12-13 11:43:39 +01:00
Frederik Rietdijk
f3618342ec Merge staging-next into staging 2019-12-10 19:01:27 +01:00
worldofpeace
efc1c027ad nixos/polkit: remove root from adminIdentities
Fixes https://github.com/NixOS/nixpkgs/issues/75075.

To summarize the report in the aforementioned issue, at a glance,
it's a different default than what upstream polkit has. Apparently
for 8+ years polkit defaults admin identities as members of
the wheel group [0]. This assumption would be appropriate on NixOS, where
every member of group 'wheel' is necessarily privileged.

[0]: 763faf434b
2019-12-09 19:11:09 -05:00
Renaud
f640cf49d1
rdf4store: remove pkg and service modules
(#74214)
2019-12-08 20:33:51 +01:00
Renaud
421e9248c1
doc/rl-2003: fix typo 2019-12-08 18:34:47 +01:00
Frederik Rietdijk
c9a19b5f7e Merge staging-next into staging 2019-12-05 10:19:54 +01:00
worldofpeace
b12aef05a4
Merge pull request #73968 from mat8913/upower-config-master
nixos/upower: Allow customization of UPower.conf
2019-12-05 05:25:00 +00:00
Matthew Harm Bekkema
aecfea098e nixos/upower: Allow customization of UPower.conf
Documentation of options and default values taken from the upstream
UPower.conf. The documentation was modified slightly to make more sense
when displayed on https://nixos.org/nixos/options.html.

A copy of upstream UPower.conf can be found here:
https://cgit.freedesktop.org/upower/tree/etc/UPower.conf?id=28bd86c181e2510ef6a1dc7cfa26f97803698a79
2019-12-04 12:26:30 +11:00
Jan Tojnar
77b605546c
Merge branch 'staging-next' into staging 2019-12-03 16:52:44 +01:00
Eelco Dolstra
946c5fb8f7
Tweag releaase notes 2019-12-03 15:09:55 +01:00
davidak
0ba3761ba8 nixos/version: PRETTY_NAME in /etc/os-release uses the release now instead of full version
to be more suitable for presentation to the user
2019-12-02 20:04:44 +01:00
Daniël de Kok
02553c114d rl-2003: mention the removal of dump1090's internal web server 2019-12-02 14:47:19 +01:00
Dima
c25d4abc21 release-notes: adding pango font loading deprecation 2019-12-02 02:32:05 +01:00
rnhmjoj
1598f3d257
nixos/bluetooth: don't install obex tools by default 2019-11-29 21:08:58 +01:00
Andreas Rammhold
059faab65a
Merge pull request #73803 from andir/buildRustCrate-lib-output
buildRustCrate: add lib output
2019-11-28 15:36:45 +01:00
talyz
86223aade7 rl-2003: Fix typo
Fix a typo introduced in a06529b7ad which prevents the manual from building.
2019-11-26 17:04:59 +01:00
Andreas Rammhold
1b748554d5
buildRustCrate: add lib output
This cuts down the dependency tree on some rust builds where a crate not
just exposes a binary but also a library. `$out/lib` contained a bunch
of extra support files that among other information carry linker flags
(including the full path to link-time dependencies). Worst case this led
to some binary outputs depending on the full build closure of rust
crates.

Moving all the `$out/lib` files to `$lib/lib` solves this nicely.

`lib` might be a bit weird here as they are most of the time just rlib
files (rust libraries). Those are essential only required during
compilation but they can also be shared objects (like with traditional
C-style packages). Which is why I went with `lib` for the new output.

One of the caveats we are running into here is that we do not (always)
know ahead of time of a crate produces just a library or just a binary.
Cargo allows for some ambiguity regarding whether or not a crate
provides one, two, … binaries and libraries as it's outputs. Ideally we
would be able to rely on the `crateType` entirely but so far that isn't
the case. More work on that area might show how difficult that actually
is.
2019-11-26 15:05:01 +01:00
Andreas Rammhold
a06529b7ad
nixos: default environment.homeBinInPath to false
This is a more sane default since we do not magically (without opt-in)
pull in binaries from `~/bin`. That is not really an expected behavior
for many users. Users that still want that behavior can now just flip
that switch.
2019-11-26 12:44:12 +01:00
Florian Klink
02f869ff30 osquery: remove
osquery was marked as broken since April.

If somebody steps up to fix it, we can always revive it from the
histroy, but there's not much value in shipping completely broken things
in current master.

cc @ma27
2019-11-24 22:38:07 +01:00
Florian Klink
c3e17efaab nixos/beegfs: remove module
packages are marked as broken for quite some time.
2019-11-24 17:33:51 +01:00
Jan Tojnar
77661f8cfd
nixos/plasma5: drop enableQt4Support option
Phonon no longer supports Qt4 so this is useless.
2019-11-22 09:01:05 +01:00