Commit graph

2942 commits

Author SHA1 Message Date
Janne Heß
fa3c756621
Merge pull request #157329 from helsinki-systems/feat/nixos-reload-triggers
nixos/systemd: Implement reload triggers
2022-02-11 23:59:26 +01:00
Dominique Martinet
61c70dbc97 logrotate: default to enable if any rule is active 2022-02-11 21:07:37 +09:00
Jonathan Ringer
12fd8a77e1
Merge remote-tracking branch 'origin/master' into staging-next
Conflicts:
	pkgs/top-level/aliases.nix
2022-02-10 09:21:09 -08:00
Luna Nova
91c7b73707
nixos/input-remapper: add release note 2022-02-10 08:55:23 -08:00
Artturi
d1ced017c0
Merge pull request #146642 from Artturin/nixosgenerateconfig2 2022-02-10 17:12:16 +02:00
Michael Reilly
787219edaf nixos/modules/misc/wordlist: init
Addresses #16545.  Allows for user defined environment variables that
hold paths to wordlists.  This is to allow for easy access to wordlists
for users and scripts, (in other distributions a convenient wordlist is
typically found in /usr/share/dict/words or similar).  The default
wordlist is the one found in scowl, for no other reason than that's the
one that was mentioned in the linked issue.

It is possible to specify multiple environment variables as well.  This
is for users who need multiple wordlists (such as multilingual users).
2022-02-09 14:52:12 -05:00
Janne Heß
8d925cc8db
nixos/doc: Document the activation script
This may be helpful to new module developers, curious users, and people
who just need a reference without having to look at the implementation
2022-02-09 20:44:28 +01:00
Artturin
b4adac9ba9 nixos/nixos-generate-config: move dhcpConfig from configuration.nix to hardware-configuration.nix 2022-02-09 19:35:19 +02:00
Janne Heß
b5b3ee4f78
nixos/systemd: Add reloadTriggers to services 2022-02-09 15:14:37 +01:00
Jonathan Ringer
5df08e00cd
Merge remote-tracking branch 'origin/master' into staging-next
Conflicts:
	pkgs/development/python-modules/opensimplex/default.nix
	pkgs/development/python-modules/pygame-gui/default.nix
	pkgs/top-level/aliases.nix
	pkgs/top-level/python-aliases.nix
2022-02-08 21:19:24 -08:00
sternenseemann
8c27f7a2bd haskellPackages.ghcWithPackages: throw on old override interface
Adding a fake override function via passthru will at least give users of
the old override interface a more helpful error message. Additionally we
also document the changes in the changelog.
2022-02-08 13:28:30 +01:00
zowoq
5e7ec2c9ad nixos/doc/2205: add note for go_1_17 vendorSha256 2022-02-07 18:59:53 -08:00
06kellyjac
0a6d22c6c3 nixos/agate: init 2022-02-07 16:03:44 +00:00
github-actions[bot]
4e2cf99754
Merge master into staging-next 2022-02-07 12:01:12 +00:00
markuskowa
768dd74738
Merge pull request #140891 from markuskowa/os-moosefs
nixos: init moosefs module and test
2022-02-07 10:48:33 +01:00
Vladimír Čunát
3dfddd89c6
Merge branch 'master' into staging-next
Trivial conflict in pkgs/top-level/aliases.nix
2022-02-06 10:29:49 +01:00
davidak
a57a774cfa
Merge pull request #157314 from onny/passwordsafe
gnome-passwordsafe: rename to gnome-secrets, 5.1 -> 6.1
2022-02-05 21:55:38 +01:00
Jonas Heinrich
61b6ed869a gnome-passwordsafe: rename to gnome-secrets, 5.0->6.1 2022-02-04 15:14:19 +01:00
Markus Kowalewski
d86fef1a57
nixos/doc: add moosefs module to release notes 2022-02-03 12:33:44 +01:00
Dmitry Kalinkin
3087088c41
Merge branch 'staging-next' into staging
Conflicts:
	pkgs/top-level/aliases.nix
	pkgs/top-level/python-aliases.nix
2022-02-01 21:37:39 -05:00
Martin Weinelt
778d148959
Merge pull request #155061 from piegamesde/gnome 2022-02-01 20:53:10 +01:00
github-actions[bot]
e977885cba
Merge staging-next into staging 2022-02-01 18:05:39 +00:00
Maciej Krüger
8bb7bec755
Merge pull request #141122 from Luflosi/add-apfs-nixos-module 2022-02-01 17:29:10 +01:00
github-actions[bot]
aee8ca6639
Merge staging-next into staging 2022-02-01 00:02:21 +00:00
pennae
7325eb455b
Merge pull request #157046 from kradalby/add-headscale-module
Add headscale module
2022-01-31 23:53:18 +00:00
Kristoffer Dalby
00db4205fb nixos/headscale: Add headscale service module 2022-01-31 22:02:56 +00:00
Guillaume Girol
1df9e95ed7 nixos/miniflux: no cleartext password in the store 2022-01-31 21:31:28 +01:00
github-actions[bot]
87efa4e516
Merge staging-next into staging 2022-01-31 12:01:50 +00:00
Uri Baghin
f8f3b9103c
Merge pull request #157001 from 06kellyjac/opentelemetry-collector
opentelemetry-collector: 0.40.0 -> 0.43.1, opentelemetry-collector-contrib: init at 0.43.0
2022-01-31 21:36:33 +11:00
Michele Guerini Rocco
09e2956012
Merge pull request #155895 from rnhmjoj/pr-dhcpd-hard
nixos/dhcpd: switch to DynamicUser [v2]
2022-01-31 10:06:57 +01:00
github-actions[bot]
ce60c22080
Merge staging-next into staging 2022-01-30 06:01:52 +00:00
Seong Yong-ju
4244235785 vimPlugins.onedark-nvim: etc
`vimPlugins.onedark-nvim` now refers to navarasu/onedark.nvim (formerly
refers to olimorris/onedarkpro.nvim).
2022-01-30 01:08:30 +01:00
github-actions[bot]
0b0b544416
Merge staging-next into staging 2022-01-30 00:02:26 +00:00
Ingo Blechschmidt
92eb5bc48e ethercalc: init at latest master (b19627) 2022-01-29 20:56:06 +01:00
piegames
405b157aaa nixos/modules/programs/spacefm: remove gksu dependency 2022-01-29 18:09:15 +01:00
piegames
5ffbf9ed81 tilp2: drop
While tilp2's libglade dependency is optional, it still has a hard dependency
on it via gfm
2022-01-29 18:08:52 +01:00
Jan Tojnar
2da5ce4ab3 Merge branch 'staging-next' into staging
; Conflicts:
;	pkgs/development/python-modules/fakeredis/default.nix
2022-01-28 14:05:11 +01:00
06kellyjac
f32263250b opentelemetry-collector-contrib: init at 0.43.0 2022-01-28 12:52:58 +00:00
Wout Mertens
ecd6b2864c
Merge pull request #147557 from wmertens/nixos-ozone
wayland: enable ozone via $NIXOS_OZONE_WL
2022-01-27 23:46:27 +01:00
Bernardo Meurer
5f9b470ff0
Merge pull request #154809 from helsinki-systems/feat/stc-proper-unit-file-parser
nixos/switch-to-configuration: Proper unit file parser and clean/fix lower part of the script
2022-01-27 09:35:34 -08:00
Luflosi
26a695399a
nixos/apfs: init
Add the final missing pieces for full APFS support.
2022-01-27 15:18:45 +01:00
Wout Mertens
b2eb5f62a7 wayland: enable ozone via $NIXOS_OZONE_WL
Chrome, Chromium, VSCode, Slack, Signal, Discord, element-desktop,
schildichat.

For the latter two, the feature flag useWayland was removed and a
wrapper script was provided.
2022-01-27 09:46:36 +01:00
Dmitry Kalinkin
0693fd77f7
Merge branch 'staging-next' into staging
Conflicts:
	nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
	nixos/doc/manual/release-notes/rl-2205.section.md
	pkgs/development/python-modules/aioesphomeapi/default.nix
	pkgs/development/python-modules/mat2/default.nix
	pkgs/development/python-modules/pydevccu/default.nix
	pkgs/development/python-modules/pywlroots/default.nix
	pkgs/development/python-modules/rokuecp/default.nix
2022-01-27 00:54:10 -05:00
polykernel
4a9d9928dc nixos/nix-daemon: use structural settings
The `nix.*` options, apart from options for setting up the
daemon itself, currently provide a lot of setting mappings
for the Nix daemon configuration. The scope of the mapping yields
convience, but the line where an option is considered essential
is blurry. For instance, the `extra-sandbox-paths` mapping is
provided without its primary consumer, and the corresponding
`sandbox-paths` option is also not mapped.

The current system increases the maintenance burden as maintainers have to
closely follow upstream changes. In this case, there are two state versions
of Nix which have to be maintained collectively, with different options
avaliable.

This commit aims to following the standard outlined in RFC 42[1] to
implement a structural setting pattern. The Nix configuration is encoded
at its core as key-value pairs which maps nicely to attribute sets, making
it feasible to express in the Nix language itself. Some existing options are
kept such as `buildMachines` and `registry` which present a simplified interface
to managing the respective settings. The interface is exposed as `nix.settings`.

Legacy configurations are mapped to their corresponding options under `nix.settings`
for backwards compatibility.

Various options settings in other nixos modules and relevant tests have been
updated to use structural setting for consistency.

The generation and validation of the configration file has been modified to
use `writeTextFile` instead of `runCommand` for clarity. Note that validation
is now mandatory as strict checking of options has been pushed down to the
derivation level due to freeformType consuming unmatched options. Furthermore,
validation can not occur when cross-compiling due to current limitations.

A new option `publicHostKey` was added to the `buildMachines`
submodule corresponding to the base64 encoded public host key settings
exposed in the builder syntax. The build machine generation was subsequently
rewritten to use `concatStringsSep` for better performance by grouping
concatenations.

[1] - https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md
2022-01-26 21:04:50 -05:00
Martin Weinelt
a813be071c
nixos/polkit: don't enable by default
SUID wrappers really shouldn't be enabled by default, unless a consumer
relies on them. So in my opinion this falls upon the desktop
environments if needed or a user to explicltly enable this if wanted.

Most desktop environments and services like CUPS already enable polkit
by default, that should really be sufficient.
2022-01-27 01:45:44 +01:00
Patrick Hilhorst
2774f31f40
Merge pull request #156697 from marijanp/fix-146169 2022-01-26 20:24:57 +01:00
Marijan Petričević
d590556d5c update docs 2022-01-26 10:46:46 +01:00
Jeremy Kolb
7be304a543 nixos/programs/tmux: specify wanted plugins
Currently it's rather difficult to install tmux plugins. The process involves two steps:
  1. Specify the correct `pkg.tmuxPlugins` package in `environment.systemPackages`
  2. Adding to the configuration file to instantiate the plugin.

This commit allows the user to specify a list of plugins under `programs.tmux.plugins`.

Update nixos/modules/programs/tmux.nix

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-01-25 17:12:44 -05:00
Martin Weinelt
48f17360d9 Merge remote-tracking branch 'origin/master' into staging-next 2022-01-25 15:53:19 +01:00
Robert Hensing
8919495cac
Merge pull request #156503 from hercules-ci/nixos-add-system.build-options
nixos: Add `system.build.`{`toplevel`,`installBootLoader`}, improve error message
2022-01-25 14:13:24 +01:00
Jonathan Ringer
e379e3d4bb
Merge remote-tracking branch 'origin/staging-next' into staging
Conflicts:
	pkgs/development/python-modules/googleapis-common-protos/default.nix
2022-01-24 23:49:19 -08:00
github-actions[bot]
bbbd0a92af
Merge master into staging-next 2022-01-25 00:02:13 +00:00
Luflosi
1c58cdbeed
nixos/modprobe: add boot.initrd.extraModprobeConfig option
This option behaves exactly like `boot.extraModprobeConfig`, except that it also includes the generated modprobe.d file in the initrd.
Many years ago, someone tried to include the normal modprobe.d/nixos.conf file generated by `boot.extraModprobeConfig` in the initrd: 0aa2c1dc46. This file contains a reference to a directory with firmware files inside. Including firmware in the initrd made it too big, so the commit was reverted again in 4a4c051a95.
The `boot.extraModprobeConfig` option not changing the initrd caused me much confusion because I tried to set the maximum cache size for ZFS and it didn't work.
Closes https://github.com/NixOS/nixpkgs/issues/25456.
2022-01-24 22:56:14 +01:00
github-actions[bot]
a45818989a
Merge master into staging-next 2022-01-24 18:01:03 +00:00
Alyssa Ross
1a60dd2adc
Merge remote-tracking branch 'nixpkgs/staging-next' into staging
Conflicts:
	pkgs/development/python-modules/cupy/default.nix
	pkgs/development/python-modules/staticjinja/default.nix
2022-01-24 15:39:34 +00:00
Robert Hensing
48dbe26229 nixos/doc: Document types.unique 2022-01-24 16:31:59 +01:00
pennae
865a9ed3f5
Merge pull request #155669 from schuelermine/patch-mkPackageOption
lib/options: Add mkPackageOption
2022-01-24 13:35:32 +00:00
github-actions[bot]
6fee71d339
Merge master into staging-next 2022-01-24 12:01:16 +00:00
Jonas Chevalier
e7dbfd7ece
terraform.withPlugins: clean and remove 0.12 support (#155477)
Now that the terraform 0.12 compatibility is not needed anymore, the
`terraform.withPlugins` and `terraform-providers.mkProvider`
implementations can be simplified.

Instead of building a bunch of bin wrappers on instantiation, the
providers are now stored in
`$out/libexec/terraform-providers/<registry>/<owner>/<name>/<version>/<os>_<arch>/terraform-provider-<name>_v<version>`
and then a simple `buildEnv` can be used to merge them.

This breaks back-compat so it's not possible to mix-and-match with
previous versions of nixpkgs. In exchange, it now becomes possible to
use the providers from
[nixpkgs-terraform-providers-bin](https://github.com/numtide/nixpkgs-terraform-providers-bin)
directly.
2022-01-24 12:53:05 +01:00
Anselm Schüler
c008b3d100 nixos/docs/option-declarations: Document mkEnableOption and mkPackageOption
This is a squashed commit. These are the original commit messages:

lib/option: Improve comment

better comment

Update documentation

Updated nixos/doc/manual/development/options-declarations.md with info on mkEnableOption and mkPackageOption.
Updated the comment on mkEnableOption in lib/options.nix

remove trailing whitespace

nixos/doc/option-declarations: Update IDs & formatting

nixos/docs/option-declarations: Escape angle brackets

Build DB from MD

(Amended) Fix typo
Co-authored-by: pennae <82953136+pennae@users.noreply.github.com>

(Amended) Build DB from MD (again)
2022-01-23 19:44:21 +01:00
github-actions[bot]
93a9821309
Merge master into staging-next 2022-01-23 18:01:11 +00:00
Jonas Heinrich
c95e816c65
nixos/wordpress: Drop old deprecated interface (#152674) 2022-01-23 23:17:01 +09:00
github-actions[bot]
0c2dd9248c
Merge staging-next into staging 2022-01-23 00:02:27 +00:00
github-actions[bot]
429249f120
Merge master into staging-next 2022-01-23 00:01:54 +00:00
ajs124
5833536257 mariadb: mention multiple release support in release notes 2022-01-22 02:28:55 +01:00
github-actions[bot]
d9c65c9d83
Merge staging-next into staging 2022-01-22 00:02:24 +00:00
github-actions[bot]
1ca0ba653f
Merge master into staging-next 2022-01-22 00:01:46 +00:00
pennae
ce49a1d98c
Merge pull request #155517 from Radvendii/knownHosts
programs.ssh.knownHosts.<name>.hostNames -> extraHostNames
2022-01-21 23:24:05 +00:00
github-actions[bot]
233e4a0c95
Merge staging-next into staging 2022-01-21 00:03:13 +00:00
github-actions[bot]
fc3ddb8979
Merge master into staging-next 2022-01-21 00:01:42 +00:00
Luflosi
ca58bd0a50
nixos/networkd: Add routes from interfaces to [Route] section of .network file
Closes https://github.com/NixOS/nixpkgs/pull/93635.
2022-01-20 20:14:55 +01:00
github-actions[bot]
aeb6db8171
Merge staging-next into staging 2022-01-20 18:01:55 +00:00
github-actions[bot]
ce88a19065
Merge master into staging-next 2022-01-20 18:01:19 +00:00
rnhmjoj
79b4b7eaa1
docs/release-notes: document dhcpd hardening 2022-01-20 15:54:38 +01:00
Janne Heß
96d36b0c2e
nixos/switch-to-configuration: Proper unit file parser
This replaces the naive K=V unit parser with a proper INI parser from a
library and adds proper support for override files. Also adds a bunch of
comments about parsing, I hope this makes it easier to understand and
maintain in the future.

There are multiple reasons to do so, the first one is just general
correctness with is nice imo. But to get to more serious reasons (I
didn't put in all that effort for nothing) is that this is the first
step torwards more clever restart/reload handling. By using a library
like Data::Compare a future PR could replace the current way of
fingerprinting units (which is to compare store paths) by comparing the
hashes. This is more precise because units won't get restarted because
the order of the options change, comments are added, some dependency of
writeText changes, .... Also this allows us to add a feature like
`X-Reload-Triggers` so the unit can either be reloaded when these change
or restarted when everything else changes, giving module authors the
ability to have their services reloaded without having to fear that
updates are not applied because the service doesn't get restarted.
Another reason why this feature is nice is that now that the unit files
are parsed correctly (and values are just extracted from one section),
potential future rewrites can just rely on some INI library without
having to implement their own weird parser that is compatible with this
script.

This also comes with a new subroutine to handle systemd booleans because
I thought the current way of handling it was just ugly. This also allows
overriding values this script reads in an override file.

Apart from making this script more compatible with the world around it,
this also fixes two issues I saw bugging exactly 0 (zero) people. First
is that this script now supports multiple override files, also ones that
are not called override.conf and the second one is that `1` and `on` are
treated as bools by systemd but were previously not parsed as such by
switch-to-configuration.
2022-01-20 15:10:23 +01:00
Jonas Heinrich
80475b46f5
nixos/invoiceplane: init module and package at 1.5.11 (#146909) 2022-01-20 22:45:35 +09:00
Jan Tojnar
a3a525b7b5
Merge pull request #155414 from jwygoda/fcc-unlock
modemmanager: 1.18.2 -> 1.18.4
2022-01-20 08:14:14 +01:00
Jarosław Wygoda
8e49e6168a modemmanager: 1.18.2 -> 1.18.4
Since release 1.18.4, the ModemManager daemon no longer automatically
performs the FCC unlock procedure by default. The user must, under their
own responsibility, enable the automatic FCC unlock as shipped by
ModemManager.
2022-01-19 23:06:11 +01:00
pennae
989fd06cb8 nixos/ssh: add release notes for extraHostNames option 2022-01-19 17:21:11 +01:00
github-actions[bot]
0fdca24272
Merge master into staging-next 2022-01-19 00:01:38 +00:00
sternenseemann
48965506a1 lib/asserts: use throw to display message for assertMsg
`assert` has the annoying property that it dumps a lot of code at the
user without the built in capability to display a nicer message. We have
worked around this using `assertMsg` which would *additionally* display
a nice message. We can do even better: By using `throw` we can make
evaluation fail before assert draws its conclusions and prevent it from
displaying the code making up the assert condition, so we get the nicer
message of `throw` and the syntactical convenience of `assert`.

Before:

    nix-repl> python.override { reproducibleBuild = true; stripBytecode = false; }
    trace: Deterministic builds require stripping bytecode.
    error: assertion (((lib).assertMsg  (reproducibleBuild -> stripBytecode))  "Deterministic builds require stripping bytecode.") failed at /home/lukas/src/nix/nixpkgs/pkgs/development/interpreters/python/cpython/2.7/default.nix:45:1

After:

    nix-repl> python.override { reproducibleBuild = true; stripBytecode = false; }
    error: Deterministic builds require stripping bytecode.
2022-01-19 00:50:06 +01:00
Robert Hensing
ef6f8783ea nixos/doc/rl-2205.section.md: Hint to avoid merge conflicts 2022-01-18 23:40:28 +01:00
bb2020
272fc86d2c nixos/mbpfan: convert to structural settings 2022-01-18 21:31:33 +03:00
github-actions[bot]
1b0315af15
Merge master into staging-next 2022-01-18 18:01:04 +00:00
pennae
21115ea8f9
Merge pull request #155041 from tokudan/ssh-rename-optionCRA
openssh: Rename option, old option is deprecated upstream
2022-01-18 16:07:20 +00:00
talyz
07b64a2ad7
nixos/bookstack: Add option config to replace extraConfig
The `extraConfig` parameter only handles text - it doesn't support
arbitrary secrets and, with the way it's processed in the setup
script, it's very easy to accidentally unescape the echoed string and
run shell commands / feed garbage to bash.

To fix this, implement a new option, `config`, which instead takes a
typed attribute set, generates the `.env` file in nix and does
arbitrary secret replacement. This option is then used to provide the
configuration for all other options which change the `.env` file.
2022-01-18 15:16:23 +01:00
talyz
e7fa7fdffc
nixos/bookstack: Clear the cache more reliably
When upgrading bookstack, if something in the cache conflicts with the
new installation, the artisan commands might fail. To solve this, make
the cache lifetime bound to the setup service. This also removes the
`cacheDir` option, since the path is now handled automatically by
systemd.
2022-01-18 15:16:04 +01:00
Daniel Frank
d851c11a9f
openssh: add release-notes entry for services.openssh.{challengeResponseAuthentication -> kbdInteractiveAuthentication} 2022-01-18 14:01:20 +01:00
Franz Pletz
76aa0af628
Merge branch 'master' into mattermost-6.3 2022-01-18 13:23:38 +01:00
github-actions[bot]
b456d67c98
Merge master into staging-next 2022-01-18 00:01:41 +00:00
Bernardo Meurer
eaf7be02b9
Merge pull request #150859 from helsinki-systems/feat/redo-restart-by-activation-script 2022-01-17 21:11:09 +00:00
Janne Heß
2cf157c781
nixos/switch-to-configuration: Rework activation script restarts
This removes `/run/nixos/activation-reload-list` (which we will need in
the future when reworking the reload logic) and makes
`/run/nixos/activation-restart-list` honor `restartIfChanged` and
`reloadIfChanged`. This way activation scripts don't have to bother with
choosing between reloading and restarting.
2022-01-17 17:57:23 +01:00
Frederik Rietdijk
4d125692e5 Merge master into staging-next 2022-01-17 16:10:06 +01:00
Spencer Janssen
ed5883c1b6 zrepl: 0.4.0 -> 0.5.0 2022-01-17 15:35:45 +01:00
github-actions[bot]
0eee7ee8c8
Merge master into staging-next 2022-01-17 12:01:25 +00:00
Timo Kaufmann
e3b041ac07
Merge pull request #145767 from midchildan/fix/noto-cjk
noto-fonts-cjk: add missing serif font
2022-01-17 11:23:40 +01:00
github-actions[bot]
f0a71fe6f3
Merge master into staging-next 2022-01-17 06:01:22 +00:00
Morgan Jones
9db1fb4772 nixos/mattermost: update release notes 2022-01-16 22:34:37 -07:00
Ben Darwin
43047ec128
nixos/rstudio-server: add to 22.05 release notes 2022-01-17 10:26:24 +11:00
midchildan
bd8132ac62
noto-fonts-cjk: add missing serif font
Fixes #99940
2022-01-17 02:04:02 +09:00
github-actions[bot]
122cae786e
Merge master into staging-next 2022-01-16 06:01:16 +00:00
Martin Weinelt
369db3b2f3
mailpile, nixos/mailpile: drop
Still actively developed and yet stuck on python2. Also marked as
vulnerable and their issue tracker contains yet another security issue
reported in 2021/10 that the upstream hasn't acknowledged yet.

Mind blown.

Closes: #135543, #97274, #97275
2022-01-16 02:36:20 +01:00
Anderson Torres
ce6fd0d857
Merge pull request #154051 from starcraft66/polymc
polymc: init at 1.0.4

polymc substitutes multimc.
2022-01-15 22:18:26 -03:00
Bernardo Meurer
4fa2647449
Merge pull request #154994 from mweinelt/kernel-disable-unpriv-ebpf
linux: enable BPF_UNPRIV_DEFAULT_OFF on 5.10 and later
2022-01-16 00:46:51 +00:00
Tristan Gosselin-Hane
155f315319 multimc: document replacement 2022-01-15 18:09:27 -05:00
Martin Weinelt
3ee206291a
linux: enable BPF_UNPRIV_DEFAULT_OFF between 5.10 and 5.15
Disable unprivileged access to BPF syscalls to prevent denial of service
and privilege escalation via

a) potential speculative execution side-channel-attacks on unmitigated
hardware[0]

or

b) unvalidated memory access in ringbuffer helper functions[1].

Fixes: CVE-2021-4204, CVE-2022-23222

[0] https://ebpf.io/summit-2021-slides/eBPF_Summit_2021-Keynote-Daniel_Borkmann-BPF_and_Spectre.pdf
[1] https://www.openwall.com/lists/oss-security/2022/01/13/1
2022-01-15 23:44:19 +01:00
github-actions[bot]
ed9751296d
Merge master into staging-next 2022-01-15 18:01:07 +00:00
Jonas Heinrich
75d417c267
nixos/dokuwiki: Drop deprecated old interface (#152676) 2022-01-16 02:38:20 +09:00
Jörg Thalheim
e91ed60026
Merge pull request #154805 from Lassulus/ergochat
ergochat: init at 2.9.1 (+ module/test)
2022-01-15 12:15:46 +00:00
github-actions[bot]
6d8719a23d
Merge master into staging-next 2022-01-15 12:01:13 +00:00
0x4A6F
3cbdd13b11
Merge pull request #151364 from matthiasbeyer/add-timetagger
Add timetagger
2022-01-15 09:52:21 +01:00
Matthias Beyer
65aaf4e22d Add timetagger to release notes
Why the f*** would anyone ever add generated stuff to a git repository,
where the sources for the generated stuff AND the scripts to generate
them are in the repository?

Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
2022-01-15 09:08:52 +01:00
lassulus
eaf8890a6c nixos/ergochat: init 2022-01-14 23:33:23 +01:00
github-actions[bot]
d5e672b839
Merge master into staging-next 2022-01-14 18:01:18 +00:00
Robert Hensing
2bf5958169
Merge pull request #151082 from hercules-ci/nixos-cleanup-vmWithBootLoader
nixos: turn vmWithBootLoader into option (`nixos-rebuild build-vm`)
2022-01-14 18:49:27 +01:00
github-actions[bot]
a8b75d6f2f
Merge master into staging-next 2022-01-13 00:01:59 +00:00
0x4A6F
1e0d877e1d
Merge pull request #151946 from mweinelt/frr
frr: init at 8.1; libyang: init at 2.0.112
2022-01-12 20:51:12 +01:00
github-actions[bot]
7def368b6f
Merge master into staging-next 2022-01-12 18:01:16 +00:00
Daniel Thwaites
3f1ef8fe14
nixos/starship: init 2022-01-12 15:47:08 +00:00
adisbladis
02d732d2e4
Merge pull request #154742 from 06kellyjac/docbookrx
docbookrx: drop
2022-01-13 02:20:53 +12:00
06kellyjac
7148ebef25 docbookrx: drop 2022-01-12 12:04:44 +00:00
github-actions[bot]
9b5359861c
Merge master into staging-next 2022-01-12 12:01:06 +00:00
Winter
c772c572cf nixos/doc: fix mention of reading test logs 2022-01-11 20:43:08 -05:00
github-actions[bot]
e8dc263ca3
Merge staging-next into staging 2022-01-11 18:01:57 +00:00
Nikolay Amiantov
8956803ade prosody-filer service: init
Add user and group, as files stored are persistent and to be accessed by nginx or other web server.
2022-01-11 20:09:36 +03:00
Nikolay Amiantov
5a38ceb6a7
Merge pull request #154013 from abbradar/baget
BaGet package and service
2022-01-11 20:06:53 +03:00
Gabriel Ebner
b57d7dc58f
Merge pull request #153449 from Mic92/opensmtpd-extras
opensmtpd-extras: drop python2 option
2022-01-11 17:57:39 +01:00
Nikolay Amiantov
74a88c4961 baget service: init 2022-01-11 19:54:54 +03:00
Alyssa Ross
d77022e114
Merge remote-tracking branch 'nixpkgs/staging-next' into staging
Conflicts:
	nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
	nixos/doc/manual/release-notes/rl-2205.section.md
2022-01-11 16:35:43 +00:00
Aaron Andersen
ee7e31edb4
Merge pull request #153825 from ymatsiuk/ymatsiuk/teleport-module-test-init
nixos/teleport: init + tests
2022-01-11 07:29:22 -05:00
Yurii Matsiuk
47dc5bf2b9
nixos/teleport: add release notes 2022-01-11 10:11:17 +01:00
wchresta
205b0f2c5e Idris2: Refactor default.nix
We take the idris2 projects version of the derivation. Originally,
Idris2 did not maintain their own nix derivation, so we created our
own. Now they maintain their own derivation, so we should try to
keep ours as close to theirs.

This change comes with the following differences:
* support files are in its own output, instead of packaged with idris2
  - This makes it necessary to provide --package for contrib and network
    !!! This is a breaking change !!!
* IDIRS2_PREFIX is set to ~/.idris2 instead of pointing to nix-store
  - This makes --install work as expected for the user
* Properly set IDRIS2_PACKAGE_PATH
* non-linux platform uses chez-racket instead of chez
2022-01-10 22:01:42 +01:00
Jan Tojnar
3dba2db347 Merge branch 'staging-next' into staging
; Conflicts:
;	nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
;	nixos/doc/manual/release-notes/rl-2205.section.md
2022-01-10 19:27:28 +01:00
Bernardo Meurer
d72a2e7baf
firmwareLinuxNonfree -> linux-firmware
This renames our `firmwareLinuxNonfree` package to `linux-firmware`.
There is prior art for this in multiple other distros[1][2][3].

Besides making the package more discoverable by those searching for the
usual name, this also brings it in-line with the `kebab-case` we
normally see in `nixpkgs` pnames, and removes the `Nonfree` information
from the name, which I consider redundant given it's present in
`meta.license`.

The corresponding alias has been added, so this shouldn't break
anything.

[1]: https://archlinux.org/packages/core/any/linux-firmware/
[2]: https://src.fedoraproject.org/rpms/linux-firmware
[3]: https://packages.gentoo.org/packages/sys-kernel/linux-firmware
2022-01-10 12:28:03 -03:00
Martin Weinelt
c61a33bc8b
Merge pull request #129559 from fortuneteller2k/thelounge 2022-01-10 11:46:46 +01:00
github-actions[bot]
0f8ce42c1f
Merge staging-next into staging 2022-01-10 06:01:45 +00:00
Aaron Andersen
03c291e6a3
Merge pull request #153987 from jakubgs/init/mtr-exporter
mtr-exporter: init at 0.1.0 (3ce854a5)
2022-01-09 22:34:30 -05:00
fortuneteller2k
38e1dbd942 nixos/thelounge: private -> public
Co-authored-by: Winter <78392041+winterqt@users.noreply.github.com>
2022-01-10 11:28:41 +08:00
legendofmiracles
d9b2a764b0
Merge pull request #148541 from legendofmiracles/final-asf 2022-01-09 20:45:13 -06:00
Jan Tojnar
f7aa55946b Merge branch 'staging-next' into staging
; Conflicts:
;	nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
;	nixos/doc/manual/release-notes/rl-2205.section.md
;	pkgs/build-support/libredirect/default.nix
2022-01-10 01:26:05 +01:00
Martin Weinelt
24999924b4
Merge pull request #153038 from winterqt/thelounge-plugins 2022-01-10 00:59:33 +01:00
Winter
fe20f479e9 nixos/thelounge: add plugins option 2022-01-09 13:12:41 -05:00
Jakub Sokołowski
7d988867ff
mtr-exporter: init at 0.1.0 (3ce854a5)
This is a useful utility for monitoring network performance over time
using a combination of MTR and Prometheus. Also adding a service definition.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-01-09 13:57:06 +01:00
Nikolay Amiantov
f2c5970a76 users-groups service: add autoSubUidGidRange option
Previously we allocated subuids automatically for all normal users.
Make this explicitly configurable, so that one can use this for system
users too (or explicitly disable for normal users). Also don't allocate
automatically by default if a user already has ranges specified statically.
2022-01-09 09:43:55 +03:00
Martin Weinelt
6008460c04
nixos/frr: add to release notes 2022-01-09 04:13:42 +01:00
Robert Hensing
f80f85f228
Merge pull request #154015 from pennae/fix-docs-cross
nixos/documentation: fix docs cross build
2022-01-08 20:44:05 +01:00
Jacek Galowicz
048fd95f10
Merge pull request #146905 from Synthetica9/failure_mode
nixos/test-driver: add polling_condition
2022-01-08 18:28:25 +01:00
pennae
9d3ba92d63 nixos/documentation: fix docs cross build
a few things should've used buildPackages/nativeBuildInputs to not not require
the host architecture for building docs. tested by building aarch64-linux docs
on x86_64-linux, and the result looks good.
2022-01-08 16:03:23 +01:00
Jonathan Ringer
172bcecd6b
Merge remote-tracking branch 'origin/staging-next' into staging 2022-01-07 10:32:13 -08:00
Patrick Hilhorst
0c3f1cf420
Merge pull request #153273 from Synthetica9/passthru-driverInteractive 2022-01-07 16:04:43 +01:00