Commit graph

50 commits

Author SHA1 Message Date
adisbladis
68ee2396f6
Merge pull request #86488 from cole-h/doas
nixos/doas: init
2020-05-10 10:33:29 +02:00
Michele Guerini Rocco
dc9c88a451
Merge pull request #86678 from rnhmjoj/picom
nixos/picom: cleanup
2020-05-06 10:27:16 +02:00
Cole Helbling
f798f07619
rl-2009: document new module security.doas 2020-05-05 20:07:41 -07:00
Frederik Rietdijk
9875bbae75 Merge master into staging-next 2020-05-05 19:51:09 +02:00
adisbladis
2f7747526c
nixos/docker-containers: Rename to virtualisation.oci-containers.containers.
And allow the runtime to be configurable via the
`virtualisation.oci-containers.backend` option.

Valid choices are "podman" and "docker".
2020-05-04 13:47:25 +01:00
rnhmjoj
027d4e639a
nixos/picom: document breaking change in release notes 2020-05-04 08:58:09 +02:00
Frederik Rietdijk
afb1041148 Merge master into staging-next 2020-05-02 09:39:00 +02:00
Florian Klink
0a98d10850
Merge pull request #82026 from andir/systemd-update-networkd-options
nixos/networkd: update configuration options
2020-05-01 13:49:24 +02:00
Andreas Rammhold
819e8bb35f
nixos/networkd: rename the networkd dhcpConfig option to dhcpV4Config
This follows upstreams change in documentation. While the `[DHCP]`
section might still work it is undocumented and we should probably not
be using it anymore. Users can just upgrade to the new option without
much hassle.

I had to create a bit of custom module deprecation code since the usual
approach doesn't support wildcards in the path.
2020-05-01 13:33:54 +02:00
Andreas Rammhold
7b78f0f098
nixos/networkd: remove CriticalConnection= fields in favor of KeepConnection
Systemd upstream has deprecated CriticalConnection with v244 in favor of
KeepConnection as that seems to be more flexible:

  The CriticalConnection= setting in .network files is now deprecated,
  and replaced by a new KeepConfiguration= setting which allows more
  detailed configuration of the IP configuration to keep in place.
2020-05-01 13:33:53 +02:00
Frederik Rietdijk
484ee79050 Merge staging-next into staging 2020-05-01 08:57:10 +02:00
Elis Hirwing
27b9b7b3af
Merge pull request #85026 from talyz/php_buildenv_override
php.buildEnv: Make the exported php package overridable, improve handling of currently enabled extensions, etc
2020-04-29 19:57:37 +02:00
Jan Tojnar
2874eebfd2
Merge branch 'staging-next' into staging 2020-04-29 08:35:47 +02:00
Eelco Dolstra
4426104c8c
Merge pull request #85711 from worldofpeace/gnome-iso
nixos/release: add GNOME ISO
2020-04-28 21:03:03 +02:00
zowoq
3f17518490 buildGoPackage: use $out instead of $bin 2020-04-28 20:30:23 +10:00
talyz
72636bc2f6
php: Get rid of all config.php parameters
Since all options controlled by the config.php parameters can now be
overridden directly, there's no reason to keep them around.
2020-04-26 16:43:23 +02:00
talyz
2ba7926959
php.buildEnv: Provide a list of currently enabled extensions
Rework withExtensions / buildEnv to handle currently enabled
extensions better and make them compatible with override. They now
accept a function with the named arguments enabled and all, where
enabled is a list of currently enabled extensions and all is the set
of all extensions. This gives us several nice properties:

 - You always get the right version of the list of currently enabled
   extensions

 - Invocations chain

 - It works well with overridden PHP packages - you always get the
   correct versions of extensions

As a contrived example of what's possible, you can add ImageMagick,
then override the version and disable fpm, then disable cgi, and
lastly remove the zip extension like this:

{ pkgs ? (import <nixpkgs>) {} }:
with pkgs;

let
  phpWithImagick = php74.withExtensions ({ all, enabled }: enabled ++ [ all.imagick ]);

  phpWithImagickWithoutFpm743 = phpWithImagick.override {
    version = "7.4.3";
    sha256 = "wVF7pJV4+y3MZMc6Ptx21PxQfEp6xjmYFYTMfTtMbRQ=";
    fpmSupport = false;
  };

  phpWithImagickWithoutFpmZip743 = phpWithImagickWithoutFpm743.withExtensions (
    { enabled, all }:
      lib.filter (e: e != all.zip) enabled);

  phpWithImagickWithoutFpmZipCgi743 = phpWithImagickWithoutFpmZip743.override {
    cgiSupport = false;
  };
in
  phpWithImagickWithoutFpmZipCgi743
2020-04-26 16:43:05 +02:00
Aaron Andersen
16ab83760f
Merge pull request #85043 from aanderse/httpd-2020
nixos/httpd: modernize module standards
2020-04-25 20:04:05 -04:00
zowoq
b464d76126 nixos/cri-o: share registries with nixos/containers 2020-04-24 20:53:36 +10:00
Aaron Andersen
7bc9f24fb6 nixos/httpd: update release notes 2020-04-21 20:34:55 -04:00
adisbladis
2d91da909e
Merge pull request #85604 from adisbladis/podman-module
nixos/virtualisation.podman: Init module
2020-04-21 23:48:48 +02:00
worldofpeace
873f20f63e rl-2009: GNOME ISO 2020-04-21 15:46:20 -04:00
worldofpeace
37e146c255 nixos/manual: fix build 2020-04-21 15:43:20 -04:00
Niklas Hambüchen
d16d34732c journald service: Increase default rate limit 1000 -> 10000.
Follows the upstream change of this default:

https://github.com/systemd/systemd/pull/8660
2020-04-21 18:29:03 +02:00
adisbladis
b512a788a4
nixos/virtualisation.podman: Init module 2020-04-21 10:03:18 +01:00
Edmund Wu
4727e95eb6
manual/rl-2009.xml: fix build (#85478)
16a4332d60 (diff-43de86228df91216c5cfc9446cb041feL249)
2020-04-18 07:51:06 +02:00
Milan Pässler
16a4332d60 nixos/deluge: support 2.x 2020-04-18 02:00:04 +02:00
Graham Christensen
ec2d28e323
specialisation: replace nesting with named configurations
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-04-12 08:12:50 -04:00
devhell
beae5a9caf manual/rl-2009.xml: Fix literal closing tag
Cc: @flokli
2020-04-08 17:14:06 +01:00
Florian Klink
d0dd8e6cca notmuch: make emacs a separate output
This puts all emacs-related binaries and code to a separate output,
removing emacs from the runtime closure of neomutt.
2020-04-07 22:02:48 +02:00
Michael Weiss
bce93ec4c6
gollum: 4.1.4 -> 5.0.1
Some changes might require manual migration steps:
"Due to changes to the way in which Gollum handles filenames, you may
have to change some links in your wiki when migrating from gollum 4.x.
See the release notes [0] for more details. You may find the
bin/gollum-migrate-tags script helpful to accomplish this. Also see the
--lenient-tag-lookup option for making tag lookup backwards compatible
with 4.x, though note that this will decrease performance on large wikis
with many tags." (source: [1])

[0]: https://github.com/gollum/gollum/wiki/5.0-release-notes
[1]: https://github.com/gollum/gollum/blob/v5.0.0/HISTORY.md
2020-04-06 18:09:35 +02:00
Elis Hirwing
3b6539896b
Merge pull request #83896 from etu/slim-down-default-php-v3
PHP: Make the default package more sane [v3]
2020-04-05 20:00:03 +02:00
talyz
4ff523f691
php: Simplify php-packages import, rename exts -> extensions 2020-04-05 16:45:41 +02:00
Elis Hirwing
a2099156ec
php: split php.packages to php.packages and php.extensions
So now we have only packages for human interaction in php.packages and
only extensions in php.extensions. With this php.packages.exts have
been merged into the same attribute set as all the other extensions to
make it flat and nice.

The nextcloud module have been updated to reflect this change as well
as the documentation.
2020-04-05 16:45:17 +02:00
Elis Hirwing
a4bc30c802
docs/rl: Update release log to match the updates to the default attributes 2020-04-05 16:45:11 +02:00
Elis Hirwing
cdad5f9134
php: Add release log entry for the php changes 2020-03-29 11:07:50 +02:00
Frederik Rietdijk
a36be028f5 Merge staging-next into staging 2020-03-28 21:15:15 +01:00
Emily
d930466b77 nixos/initrd-ssh: switch from Dropbear to OpenSSH
Dropbear lags behind OpenSSH significantly in both support for modern
key formats like `ssh-ed25519`, let alone the recently-introduced
U2F/FIDO2-based `sk-ssh-ed25519@openssh.com` (as I found when I switched
my `authorizedKeys` over to it and promptly locked myself out of my
server's initrd SSH, breaking reboots), as well as security features
like multiprocess isolation. Using the same SSH daemon for stage-1 and
the main system ensures key formats will always remain compatible, as
well as more conveniently allowing the sharing of configuration and
host keys.

The main reason to use Dropbear over OpenSSH would be initrd space
concerns, but NixOS initrds are already large (17 MiB currently on my
server), and the size difference between the two isn't huge (the test's
initrd goes from 9.7 MiB to 12 MiB with this change). If the size is
still a problem, then it would be easy to shrink sshd down to a few
hundred kilobytes by using an initrd-specific build that uses musl and
disables things like Kerberos support.

This passes the test and works on my server, but more rigorous testing
and review from people who use initrd SSH would be appreciated!
2020-03-25 08:26:50 +00:00
Tor Hedin Brønner
038a8890a7
rl-2009: note gnome desktop upgrade 2020-03-24 07:11:17 +01:00
Aaron Andersen
6f0c1cdbd9 nixos/duosec: rename ikey option to integrationKey 2020-03-22 20:25:11 -04:00
Aaron Andersen
b9dca769f1 nixos/duosec: replace insecure skey option with secure secretKeyFile option 2020-03-22 20:23:55 -04:00
goibhniu
5241e5a193
Merge pull request #79851 from mmilata/supybot-enhancements
nixos/supybot: switch to python3, enable systemd sandboxing, add option for installing plugins
2020-03-17 19:07:41 +00:00
Aaron Andersen
dbe59eca84 nixos/sshd: add authorizedKeysCommand and authorizedKeysCommandUser options 2020-03-12 21:00:12 -04:00
Elis Hirwing
a04010b64a
php: 7.3.15 -> 7.4.3 2020-03-11 20:20:22 +01:00
Martin Milata
57f5fb62d4 nixos/supybot: enable systemd sandboxing options 2020-03-09 23:32:54 +01:00
Maximilian Bosch
e661d071f5
Merge pull request #80666 from netixx/grafana-phantomhs2-optional
grafana: made phantomjs2 optional
2020-02-25 22:49:51 +01:00
Maximilian Bosch
7458509972
nixos/manual: fix dates for support-plan of 20.09 2020-02-25 20:52:23 +01:00
Netix (Espinet François)
9f0014b6f2
grafana: made phantomjs2 optional
On servers especially, phantomjs2 pulls graphical dependencies which is unecessary.
This pathes enable the package to be linked/installed without
phantomjs2. Phantomjs2 is disabled by default since it has been deprecated in grafana https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/
2020-02-25 20:36:47 +01:00
worldofpeace
be01f27adc rl-2009: typo 2020-02-10 14:23:00 -05:00
worldofpeace
2ba2b0cf23 20.09 is Nightingale 2020-02-10 14:14:18 -05:00