Janne Heß
be41b14875
Merge pull request #148695 from Mic92/nginx
...
nixos/nginx: fix mincore filtering
2022-01-31 14:33:45 +01:00
Sandro
78e2ef7e3d
Merge pull request #157351 from SuperSandro2000/SuperSandro2000-patch-1
2022-01-31 12:54:13 +01:00
Uri Baghin
f8f3b9103c
Merge pull request #157001 from 06kellyjac/opentelemetry-collector
...
opentelemetry-collector: 0.40.0 -> 0.43.1, opentelemetry-collector-contrib: init at 0.43.0
2022-01-31 21:36:33 +11:00
Michele Guerini Rocco
09e2956012
Merge pull request #155895 from rnhmjoj/pr-dhcpd-hard
...
nixos/dhcpd: switch to DynamicUser [v2]
2022-01-31 10:06:57 +01:00
Jörg Thalheim
fd382c011a
Merge branch 'master' into nginx
2022-01-31 05:44:42 +01:00
Jörg Thalheim
26ea046ed7
Update nixos/modules/services/web-servers/nginx/default.nix
2022-01-31 05:43:53 +01:00
Greizgh
4094fcb66f
seahub: init at 8.0.8
2022-01-30 20:45:56 +00:00
Michele Guerini Rocco
5af7724cbb
Merge pull request #154130 from rnhmjoj/fix-wpa
...
nixos/wireless: enable PMF by default
2022-01-30 19:35:25 +01:00
Guillaume Girol
0d5c5e46da
Merge pull request #157053 from lheckemann/systemd-optional-cryptsetup
...
nixos/systemd: only use cryptsetup units if systemd was built with it
2022-01-30 16:04:17 +00:00
ajs124
453a3baba2
Merge pull request #157347 from mweinelt/smartctl-exporter-capab-fix
...
nixos/smartctl-exporter: fix typo in rawio capab
2022-01-30 16:13:44 +01:00
Jess Schallenberg
0a16b05ea9
nixos/nftables: Allow use with iptables ( #121517 )
...
* nixos/nftables: Allow use with iptables
Since iptables and nftables do not actually conflict with each other, there's no real reason to artificially prevent people from combining them.
In fact, this practice is known to cause issues like #88643 , which is fixed by this commit.
2022-01-30 13:59:56 +01:00
Linus Heckemann
4b27d4f9f8
nixos/systemd: only use cryptsetup units if systemd was built with it
2022-01-30 12:00:37 +01:00
Sandro
b02446784d
enableRedistributableFirmware: only add rtw89-firmware when kernel older 5.16
2022-01-30 04:49:04 +01:00
Martin Weinelt
9d8a23f66e
nixos/smartctl-exporter: fix typo in rawio capab
2022-01-30 04:32:15 +01:00
Sandro
ff0dd3afe0
Merge pull request #153596 from illustris/elasticsearch
2022-01-30 01:23:58 +01:00
Janne Heß
5a17134ebd
Merge pull request #157320 from andersk/gnome-switch-fixed
...
nixos/gnome: Remove warning for fixed nixos-rebuild switch bug
2022-01-30 01:08:46 +01:00
Seong Yong-ju
4244235785
vimPlugins.onedark-nvim: etc
...
`vimPlugins.onedark-nvim` now refers to navarasu/onedark.nvim (formerly
refers to olimorris/onedarkpro.nvim).
2022-01-30 01:08:30 +01:00
Sandro
30396b78db
Merge pull request #157261 from LeSuisse/mysql57-5.7.37
2022-01-30 01:04:23 +01:00
Janne Heß
016e9e5a7f
Merge pull request #157310 from sternenseemann/nix-conf-validation-2.3
...
nixos/nix-daemon: fix config validation with 2.3
2022-01-29 23:33:18 +01:00
Anders Kaseorg
0ac96d7c53
nixos/gnome: Remove warning for fixed nixos-rebuild switch bug
...
https://github.com/NixOS/nixpkgs/issues/44344 was fixed years ago.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-01-29 14:16:20 -08:00
Niklas Hambüchen
13f5c4c45b
Merge pull request #156731 from Ma27/bump-plausible
...
plausible: 1.4.0 -> 1.4.3
2022-01-29 22:32:15 +01:00
sternenseemann
e3d8cc81b3
nixos/nix-daemon: fix config validation with 2.3
...
--option experimental-features is no understood by Nix 2.3.
2022-01-29 21:41:49 +01:00
Ingo Blechschmidt
92eb5bc48e
ethercalc: init at latest master (b19627)
2022-01-29 20:56:06 +01:00
pennae
0be46d0515
Merge pull request #151795 from pennae/dhcpcd
...
dhcpcd: fix !enablePrivSep build, nixos/dhcpcd: assert if dhcpcd would crash
2022-01-29 17:06:02 +00:00
Thomas Gerbet
55561105fa
mysql57: 5.7.27 -> 5.7.37
...
Changes:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-37.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-36.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-35.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-34.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-33.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-32.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-31.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-30.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-29.html
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-28.html
2022-01-29 11:04:47 +01:00
Bernardo Meurer
d3a2238308
Merge pull request #157185 from mohe2015/patch-1
...
nixos/nix-daemon: Fix misspelled old option name
2022-01-28 16:19:39 -08:00
pennae
6b8e88268e
Merge pull request #156213 from chkno/fix-install-tests
...
nixos/tests/install: Fix after sandboxed-docs change fc614c3
2022-01-29 00:15:53 +00:00
Maximilian Bosch
7b2f9d4732
Merge pull request #156315 from lheckemann/promtail-package
...
Promtail package
2022-01-28 23:41:48 +01:00
Moritz Hedtke
a26134ffd4
nixos/nix-daemon: Fix misspelled old option name
2022-01-28 20:32:19 +01:00
Martin Weinelt
9cc3612ac1
Merge pull request #156855 from B4dM4n/breitbandmessung-init
2022-01-28 20:10:48 +01:00
Jan Tojnar
17969a9b55
Merge pull request #156978 from rhendric/submit/gnome-2048
...
gnome-2048: init at 3.38.2
2022-01-28 16:33:44 +01:00
06kellyjac
f32263250b
opentelemetry-collector-contrib: init at 0.43.0
2022-01-28 12:52:58 +00:00
Sandro
46903948d2
Merge pull request #147189 from pasqui23/xxh
2022-01-28 11:40:03 +01:00
Martin Weinelt
268157dc83
nixos/nix-daemon: fix buildMachines eval
2022-01-28 02:00:25 +01:00
Wout Mertens
ecd6b2864c
Merge pull request #147557 from wmertens/nixos-ozone
...
wayland: enable ozone via $NIXOS_OZONE_WL
2022-01-27 23:46:27 +01:00
Thomas Gerbet
725d843cc8
flatpak: 1.12.2 -> 1.12.4
...
Fixes CVE-2021-43860 and CVE-2022-21682
Changes:
https://github.com/flatpak/flatpak/releases/tag/1.12.4
https://github.com/flatpak/flatpak/releases/tag/1.12.3
Security advisories:
https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j
https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx
2022-01-27 13:57:07 -08:00
Linus Heckemann
81cd4faec2
Merge pull request #156845 from mayflower/nextcloud-group
...
nextcloud: make home group-readable
2022-01-27 22:09:17 +01:00
Daniel Olsen
68e9cd0f7e
nixos/lib: Use SingleLineStr in systemd description
2022-01-27 12:56:36 -08:00
Ryan Hendrickson
617d557d3b
gnome-2048: init at 3.38.2
2022-01-27 15:40:02 -05:00
Jörg Thalheim
956dab36a3
nextcloud: use tmpfiles to create group-readable home
...
users.users.*.createHome makes home only owner-readable.
This breaks nginx reading static assets from nextcloud's home,
after a nixos-rebuild that did not restart nextcloud-setup.
Closes #112639
2022-01-27 19:13:50 +01:00
ajs124
47a2176ec8
Merge pull request #156998 from mweinelt/smartctl-exporter-fixups
...
prometheus.exporters.smartctl: fixes
2022-01-27 18:49:49 +01:00
Bernardo Meurer
5f9b470ff0
Merge pull request #154809 from helsinki-systems/feat/stc-proper-unit-file-parser
...
nixos/switch-to-configuration: Proper unit file parser and clean/fix lower part of the script
2022-01-27 09:35:34 -08:00
Martin Weinelt
12c26aca1f
prometheus.exporters.smartctl: Fix autodiscovery
...
When no devices are given the exporter tries to autodiscover available
disks. The previous DevicePolicy was however preventing the exporter
from accessing any device at all, since only explicitly mentioned ones
were allowed.
This commit adds an allow rule for several device classes that I could
find on my machines, that gets set when no devices are explicitly
configured.
There is an existing problem with nvme devices, that expose a character
device at `/dev/nvme0`, and a (namespaced) block device at
`/dev/nvme0n1`. The character device does not come with permissions that
we could give to the exporter without further impacting the hardening.
crw------- 1 root root 247, 0 27. Jan 03:10 /dev/nvme0
brw-rw---- 1 root disk 259, 0 27. Jan 03:10 /dev/nvme0n1
The autodiscovery only finds the character device, which the exporter
unfortunately does not have access to.
However a simple udev rule can be used to resolve this:
services.udev.extraRules = ''
SUBSYSTEM=="nvme", KERNEL=="nvme[0-9]*", GROUP="disk"
'';
Unfortunately I'm not fully aware of the security implications this
change carries and we should question upstream (systemd) why they did
not include such a rule.
The disk group has no members on any of my machines.
❯ getent group disk
disk❌ 6:
2022-01-27 17:33:27 +01:00
Daniel Olsen
5288bcab0a
nixos/mx-puppet-discord: Change systemd unit description to avoid newline
2022-01-27 16:49:40 +01:00
Robert Hensing
d0947df006
Merge pull request #156992 from hercules-ci/revert-153594-doc-optimization
...
Revert 153594 doc optimization
2022-01-27 15:46:36 +01:00
Fabian Möller
9ec1d80c55
nixos/tests/breitbandmessung: use virtualisation.resolution option
2022-01-27 14:39:02 +01:00
Martin Weinelt
f860b289d4
prometheus.exporters.smartctl: Allow RAWIO
...
This allows the exporter to perform SCSI commands and interact with hpsa
and cciss devices.
2022-01-27 13:49:25 +01:00
Fabian Möller
487aa0781d
breitbandmessung: init at 3.1.0
2022-01-27 13:45:51 +01:00
Janne Heß
1f3b1a9067
Merge pull request #139075 from polykernel/nix-structural-settings-patch-1
...
nixos/nix-daemon: use structural settings
2022-01-27 13:38:41 +01:00
Robert Hensing
6b9ef93b98
Revert "flake.nix: Set nixpkgs.config.path"
...
This reverts commit 0b222173db
.
2022-01-27 12:53:29 +01:00