Commit graph

18673 commits

Author SHA1 Message Date
talyz
84839b395f nixos/qemu-vm: Allow building a Nix store image instead of using 9p
Add the `useNixStoreImage` option, allowing a disk image with the
necessary contents from the Nix store to be built using
make-disk-image.nix. The image will be mounted at `/nix/store` and
acts as a drop-in replacement for the usual 9p mounting of the host's
Nix store.

This removes the performance penalty of 9p, drastically improving
execution speed of applications which do lots of reads from the Nix
store. The caveats are increased disk space usage and image build
time.
2021-10-28 12:55:01 +02:00
Bobby Rong
8e440f1776
Merge pull request #142810 from bobby285271/pantheon
Pantheon updates 2021-10-25, 2021-10-26
2021-10-28 08:16:34 +08:00
Guillaume Girol
6faa5581fd
Merge pull request #113198 from Izorkin/update-mastodon-mail
nixos/mastodon: fix send e-mail notifications
2021-10-27 18:20:18 +00:00
Maximilian Bosch
55e25f7840
Merge pull request #142800 from Ma27/drop-nextcloud-20
nextcloud20: drop
2021-10-27 13:11:06 +02:00
Maximilian Bosch
04fdff2517
nixos/nextcloud: drop obsolete assertion 2021-10-27 12:54:04 +02:00
Peter Hoeg
22a500a3f8 pam_mount: do not re-prompt for password
nixos-rebuild test causes pam_mount to prompt for a password when running with
an encrypted home:

building '/nix/store/p6bflh7n5zy2dql8l45mix9qnzq65hbk-nixos-system-mildred-18.09.git.98592c5da79M.drv'...
activating the configuration...
setting up /etc...
reenter password for pam_mount:
(mount.c:68): Messages from underlying mount program:
(mount.c:72): crypt_activate_by_passphrase: File exists
(pam_mount.c:522): mount of /dev/mapper/vg0-lv_home_peter failed
kbuildsycoca5 running...

This change makes pam_mount not prompt. It still tries to remount (and fails in
the process) but that message can be ignored.

Fixes: #44586
2021-10-27 08:53:15 +08:00
eyjhb
75d64a336b nixos/restic: rename s3CredentialsFile to environmentFile
This is done as the s3CredentialsFile specifies the environmentFile
for the systemd service, which can be used for more than just s3.

Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2021-10-26 14:01:32 -07:00
Wei Tang
7c7cd951c5
nixos/step-ca: fix comment typo 2021-10-26 20:47:30 +02:00
Sandro
89a27a2e6f
Merge pull request #119719 from greizgh/seafile 2021-10-26 19:07:00 +02:00
Izorkin
1d948428c8
nixos/mastodon: fix send e-mail notifications 2021-10-26 10:59:39 +03:00
Vladimír Čunát
1f89685452
Merge #142864: nixos/gnome: fix an alias reference 2021-10-26 08:35:22 +02:00
Cleeyv
29f4cb4b0a nixos/jibri: add nixos test 2021-10-25 20:46:24 -04:00
Cleeyv
917c5fae70 nixos/jibri: fix & docs for enable not via meet 2021-10-25 20:46:24 -04:00
Cleeyv
57bd54d28b nixos/jibri: add finalize script option 2021-10-25 20:46:24 -04:00
Cleeyv
3473cff4b0 nixos/jibri: init at 8.0-93-g51fe7a2
This module was written by @puckipedia for nixcon-video-infra 2020.
Minor changes made by @cleeyv for compat with existing jibri package.
Co-authored-by: Puck Meerburg <puck@puck.moe>
2021-10-25 20:46:24 -04:00
Cleeyv
ff8ed90033 nixos/jitsi-meet: add jibri.enable
This option enables a jibri service on the same host that is running
jitsi-meet. It was written, along with the jibri module, by @puckipedia
for nixcon-video-infra 2020.
Co-authored-by: Puck Meerburg <puck@puck.moe>
2021-10-25 20:46:24 -04:00
Bobby Rong
4780b6df1a
pantheon.elementary-settings-daemon: 1.0.0 -> 1.1.0 2021-10-26 08:42:26 +08:00
Bobby Rong
e26214dd6c
xdg-desktop-portal-pantheon: init at 1.0.0 2021-10-26 08:35:22 +08:00
Martin Weinelt
1c20719373
Merge pull request #139311 from NinjaTrappeur/nin-acme-fix-webroot 2021-10-25 20:27:29 +02:00
Jonathan Ringer
569633e41c
nixos/gnome: remove alias reference to source-sans-pro 2021-10-25 08:28:23 -07:00
Florian Klink
81715a5da0
Merge pull request #142570 from flokli/add-missing-cryptsetup-targets
nixos/systemd: add remote-cryptsetup.target
2021-10-25 12:51:27 +02:00
Vladimír Čunát
b0d5803400
Merge #142786: plasma5: fix eval without aliases 2021-10-25 11:50:44 +02:00
illustris
91bb2b7016 nixos/hadoop: fix yarn, add more service configuration options 2021-10-25 16:30:19 +09:00
Izorkin
4c092350ed nixos/peertube: init service
Co-authored-by: Moritz Hedtke <Moritz.Hedtke@t-online.de>
Co-authored-by: Steven Roose <steven@stevenroose.org>
Co-authored-by: Matthias Beyer <mail@beyermatthias.de>
Co-authored-by: Ismaël Bouya <ismael.bouya@normalesup.org>
2021-10-25 13:12:30 +09:00
Maximilian Bosch
e1e15974f8
nextcloud20: drop
The version 20 of Nextcloud will be EOLed by the end of this month[1].

Since the recommended default (that didn't raise an eval-warning) on
21.05 was Nextcloud 21, this shouldn't affect too many people.

In order to ensure that nobody does a (not working) upgrade across
several major-versions of Nextcloud, I replaced the derivation of
`nextcloud20` with a `throw` that provides instructions how to proceed.

The only case that I consider "risky" is a setup upgraded from 21.05 (or
older) with a `system.stateVersion` <21.11 and with
`services.nextcloud.package` not explicitly declared in its config. To
avoid that, I also left the `else-if` for `stateVersion < 21.03` which
now sets `services.nextcloud.package` to `pkgs.nextcloud20` and thus
leads to an eval-error. This condition can be removed
as soon as 21.05 is EOL because then it's safe to assume that only
21.11. is used as stable release where no Nextcloud <=20 exists that can
lead to such an issue.

It can't be removed earlier because then every `system.stateVersion <
21.11` would lead to `nextcloud21` which is a problem if `nextcloud19`
is still used.

[1] https://docs.nextcloud.com/server/20/admin_manual/release_schedule.html
2021-10-25 01:34:47 +02:00
ajs124
76a77c0bfb plasma5: fix evaluation with aliases disabled and thunderbolt enabled 2021-10-24 23:10:52 +02:00
Bruno Bigras
69b01e3a22
Merge pull request #141408 from bbigras/openresty-lua
nixos/nginx: disable MemoryDenyWriteExecute for pkgs.openresty
2021-10-24 17:39:27 +00:00
Sandro
062469fd09
Merge pull request #140309 from OPNA2608/init/gkraken/21.11 2021-10-24 18:28:57 +02:00
Sebastian
dc0769c63c
nixos/bookstack: fix error message output (#142729) 2021-10-24 18:13:54 +08:00
Alexandre Iooss
8d559672be
nixos/grafana: fix systemd unit
Remove MemoryDenyWriteExecute hardening as it breaks image rendering
plugin. Add CAP_NET_BIND_SERVICE to bind to low ports when needed.
Remove PrivateUsers and ProcSubset as upstream choose to remove it.

Upstream changes: <https://github.com/grafana/grafana/pull/40219>,
<https://github.com/grafana/grafana/pull/40178>,
<https://github.com/grafana/grafana/pull/40339> and
<https://github.com/grafana/grafana/pull/40815>.
2021-10-23 14:33:31 +02:00
Greizgh
7b7f3dfbe4
nixos/seafile: init service 2021-10-23 11:39:08 +02:00
Artturi
dfad31d753
Merge pull request #142273 from ju1m/display-managers 2021-10-23 03:58:21 +03:00
pennae
1fa5e13f30 nixos/borgbackup: allow dump scripts as stdin inputs
borg is able to process stdin during backups when backing up the special path -,
which can be very useful for backing up things that can be streamed (eg database
dumps, zfs snapshots).
2021-10-22 16:31:50 -04:00
pennae
56d0b5cd6a nixos/mosquitto: rewrite the module
mosquitto needs a lot of attention concerning its config because it doesn't
parse it very well, often ignoring trailing parts of lines, duplicated config
keys, or just looking back way further in the file to associated config keys
with previously defined items than might be expected.

this replaces the mosquitto module completely. we now have a hierarchical config
that flattens out to the mosquitto format (hopefully) without introducing spooky
action at a distance.
2021-10-22 16:06:55 -04:00
Michele Guerini Rocco
b1df6feb1a
Merge pull request #142272 from ju1m/console
nixos/console: fix cross-compiling
2021-10-22 19:02:25 +02:00
davidak
6adc2ce335
Merge pull request #142455 from bobby285271/fileroller
pantheon.file-roller: init
2021-10-22 16:21:45 +02:00
Florian Klink
0084c41abf nixos/systemd: add remote-cryptsetup.target
/etc/crypttab can contain the _netdev option, which adds crypto devices
to the remote-cryptsetup.target.

remote-cryptsetup.target has a dependency on cryptsetup-pre.target. So
let's add both of them.

Currently, one needs to manually ssh in and invoke `systemctl start
systemd-cryptsetup@<name>.service` to unlock volumes.

After this change, systemd will properly add it to the target, and
assuming remote-cryptsetup.target is pulled in somewhere, you can simply
pass the passphrase by invoking `systemd-tty-ask-password-agent` after
ssh-ing in, without having to manually start these services.

Whether remote-cryptsetup.target should be added to multi-user.target
(as it is on other distros) is part of another discussion - right now
the following snippet will do:

```
systemd.targets.multi-user.wants = [ "remote-cryptsetup.target" ];
```
2021-10-22 15:47:21 +02:00
Peter Hoeg
d2ed9e4f96 nixos/plasma5: add thunderbolt package if configured 2021-10-22 10:46:16 +08:00
Peter Hoeg
f1a82a2182 nixos/plasma5: make running with systemd configurable 2021-10-22 10:46:16 +08:00
Bobby Rong
73487dee85
nixos/pantheon: prefer pantheon.file-roller 2021-10-22 10:26:27 +08:00
Bobby Rong
d34be69054
nixos/file-roller: add option for specify package 2021-10-22 10:26:27 +08:00
Sandro
4663d3f99f
Merge pull request #142360 from romildo/upd.lumina 2021-10-21 23:45:29 +02:00
Jakub Sokołowski
72d16ac9b5 transmission: add extraFlags configuration option
Makes service more customizeable and makes debuggingin easier through
the use of flags like `--log-debug` or `--dump-settings`.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-10-21 23:36:06 +02:00
Sandro
5d74ff4206
Merge pull request #141443 from jtojnar/blackfire-2 2021-10-21 20:22:09 +02:00
Jan Tojnar
25450f2b29 blackfire: 1.49.4 → 2.5.1
https://blackfire.io/docs/up-and-running/agent-upgrade
2021-10-21 17:40:19 +02:00
Ninjatrappeur
670c69cb9b
Merge pull request #96655 from ju1m/transmission 2021-10-21 12:15:05 +02:00
Julien Moutinho
2ef7fec214 nixos/systemd-lib: fix cross-compiling 2021-10-21 03:55:36 +02:00
ajs124
c57f96274f
Merge pull request #141487 from helsinki-systems/feat/nixos-install-variable
nixos/nixos-enter: Add IN_NIXOS_ENTER variable
2021-10-21 02:07:41 +02:00
Martin Weinelt
5adcd46bc0
Merge pull request #142109 from mweinelt/prometheus-node-exporter
nixos/prometheus: add hardening exceptions to node-exporter
2021-10-21 01:15:35 +02:00
Maximilian Bosch
3d1350d3f9
Merge pull request #142148 from Ma27/bump-roundcube
roundcube: 1.4.11 -> 1.5.0
2021-10-20 23:47:57 +02:00