Commit graph

15002 commits

Author SHA1 Message Date
Jeroen Simonetti
cc3ce9a13a nixos/security/acme: Add DNS resolver option
When using the ACME DNS-01 challenge, there is a possibility of a
failure to resolve the challenge if the record is not propagated
fast enough. To circumvent this generic DNS problem, this adds
a setting to explicitly tell the ACME provider to use a certain DNS
resolver to lookup the challenge.

Signed-off-by: Jeroen Simonetti <jeroen@simonetti.nl>
2020-10-07 13:01:08 +02:00
Vladimír Čunát
420f89ceb2
Revert "apparmor: fix and improve the service"
This reverts commit fb6d63f3fd.

I really hope this finally fixes #99236: evaluation on Hydra.
This time I really did check basically the same commit on Hydra:
https://hydra.nixos.org/eval/1618011

Right now I don't have energy to find what exactly is wrong in the
commit, and it doesn't seem important in comparison to nixos-unstable
channel being stuck on a commit over one week old.
2020-10-07 12:22:18 +02:00
Robert Hensing
0504b01100
Merge pull request #98107 from roberth/cassandra-add-extraEnvSh
nixos/cassandra: Add cfg.extraEnvSh
2020-10-07 11:28:39 +02:00
Linus Heckemann
41c0f49681
Merge pull request #99596 from Ma27/nextcloud20
nextcloud20: init
2020-10-07 08:10:38 +02:00
Maximilian Bosch
9cbe30e129
nixos/nextcloud: --database-pass must not be empty for pgsql/mysql
This is a breaking change from `nextcloud20`. However, the affected test
is still passing with an unused database password and socket
authentication.
2020-10-06 20:22:48 +02:00
Maximilian Bosch
227ba90b28
nixos/nextcloud: update nginx config for nextcloud20
See #97666 for further context.
2020-10-06 20:22:47 +02:00
Maximilian Bosch
5f67a62d59
nixos/nextcloud: update upgrade-path for nextcloud20
Please note that this is only for 21.03 since `nextcloud19` is intended
to be the default for the already feature-frozen 20.09 (the bump itself
is supposed to get backported however).
2020-10-06 20:22:47 +02:00
Andreas Rammhold
2c0ee52d91
nixos/security/acme: order after nss-lookup.target
This should hopefully solve races with DNS servers (such as unbound)
during the activation of a new generation. Previously unbound could
still be unavailable and thus the acme script would fail.
2020-10-06 22:52:55 +02:00
WORLDofPEACE
d83e5a1ff6
Merge pull request #99697 from worldofpeace/rt-sched-optional-and-off-by-default
nixos/gnome3: add realtime-scheduling option
2020-10-06 16:30:27 -04:00
adisbladis
f26d6639f2
Merge pull request #99693 from worldofpeace/spectacle-in-plasma5-default
nixos/plasma5: add spectacle default
2020-10-06 15:22:31 +02:00
WORLDofPEACE
afdeb406b0 nixos/gnome3: fixup unconditional code 2020-10-06 07:37:47 -04:00
WORLDofPEACE
656cd70ea8 nixos/gnome3: add realtime-scheduling option
This adds an option services.gnome3.experimental-features.realtime-scheduling
See this comment for the motivation [0].
Having gnome-shell launched with capability seemed harmless at first,
but it caused these issues [1] [2] for people who aren't even using
the feature. It makes more sense to make this optional.

[0]: https://github.com/NixOS/nixpkgs/issues/90201#issuecomment-683304279
[1]: https://github.com/NixOS/nixpkgs/issues/90201
[2]: https://github.com/NixOS/nixpkgs/issues/86730
2020-10-06 01:58:51 -04:00
WORLDofPEACE
55bc3e44b7 nixos/plasma5: add spectacle default
Fixes https://github.com/NixOS/nixpkgs/issues/99680.

In the future I think it would be nice if plasma5 could assume
an approach for an interface we have in the gnome3 module [0].
Notably being able to exclude packages with an option from
the default environment and having a default environment that
is useful to the average user. See [1], currently plasma5 defaults
are very "hard core hacker" with the most bare bones setup.

[0]: https://github.com/NixOS/nixpkgs/issues/67310
[1]: https://github.com/NixOS/nixpkgs/issues/67310#issuecomment-524649585
2020-10-06 01:25:22 -04:00
WORLDofPEACE
89281dd1df
Merge pull request #98510 from mvnetbiz/gnome3-excludepackages
nixos/gnome3: don't enable modules for excludePackages
2020-10-06 01:19:04 -04:00
WORLDofPEACE
0d47426f37
Merge pull request #99615 from andir/use-configured-nix-for-installer
nixos/installer: use the configured nix package for nixos-install
2020-10-05 21:00:29 -04:00
Andreas Rammhold
544059b01f
nixos/installer: drop the extra nixUnstable in nixos-install
The only nix version available in the installer should be the version
configure in the module system. If someone needs `nixUnstable` in their
`nixos-install` they should probably set the module option and not just
add it to the closure.
2020-10-06 01:11:09 +02:00
Léo Gaspard
e0c48efc17
matrix-synapse module: fix documentation and add release notes (#99564) 2020-10-05 23:35:28 +02:00
Michele Guerini Rocco
04670f8b3d
Merge pull request #96697 from hir12111/fix-font-dir
fontdir: Consider scalable fonts in index fonts.dir
2020-10-05 21:20:06 +02:00
WORLDofPEACE
fd74ab37b0
Merge pull request #99493 from cole-h/nixos-install-add-store
nixos-install: use mountpoint as store
2020-10-05 14:13:29 -04:00
Tim Steinbach
9646ae97c8
pam: Fix interaction with samba
9544c6078e / #96672 removed the samba option
`syncPasswordsByPam`.
Need to remove this option from the pam module, otherwise it will cause build errors
2020-10-05 09:13:16 -04:00
Aaron Andersen
dedd67610a
Merge pull request #99251 from xfix/remove-unnecessary-sendmail-configuration
nixos/httpd: remove unnecessary sendmail configuration
2020-10-05 08:59:42 -04:00
Maximilian Bosch
71098fba81
nextcloud20: init 2020-10-04 21:55:58 +02:00
Emilio Perez
52f028f2d9 nixos/xwayland: add new module and allow configuring a default font path
- Add option `programs.xwayland.defaultFontPath`
- Modify sway to enable Xwayland
2020-10-04 14:56:30 +01:00
Emilio Perez
f41f53dc49 nixos/fontdir: add option to decompress fonts
This will let Xwayland use the global font folder as font path
2020-10-04 14:56:30 +01:00
Emilio Perez
c99bd9bedf nixos/fontdir: add group of options for fontDir
Renaming enableFontDir to fontDir.enable
2020-10-04 14:56:29 +01:00
rnhmjoj
eda7e23ea4 nixos/fontdir: add the directory to the xserver font paths 2020-10-04 14:56:29 +01:00
rnhmjoj
1fdd3921a2 nixos/xserver: add option to configure the "Files" section 2020-10-04 14:56:29 +01:00
Emilio Perez
a5c0ba4004 nixos/fontdir: use regexp to find font files 2020-10-04 14:56:29 +01:00
Emilio Perez
a5618e6187 nixos/fontdir: gather more font formats
- Fix wrong order in which font indexes are created
mkfontdir requires the file fonts.scale to consider scalable fonts,
thus, mkfontscale should be run before

- Search more font formats, in particular, bit-mapped formats
2020-10-04 14:56:29 +01:00
Mario Rodas
e940c41a9c
Merge pull request #98163 from yanganto/hime
hime: init at unstable-2020-06-27
2020-10-04 08:13:21 -05:00
Maximilian Bosch
08cc63b20b
Merge pull request #97666 from Ma27/nextcloud-nginx
nixos/nextcloud: fix `nginx`-config for Nextcloud 19 and older
2020-10-04 13:51:52 +02:00
Doron Behar
9544c6078e
Merge pull request #96672 from doronbehar/module/samba
nixos/samba: remove upstream deprecated syncPasswordsByPam option
2020-10-04 11:29:56 +03:00
Martin Weinelt
23c1374bd7
Merge pull request #90067 from mmilata/sympa-6.2.56
nixos/sympa: fix PATH_INFO splitting for sympa-6.2.56
2020-10-04 04:33:41 +02:00
Cole Helbling
3bbe4c322a
nixos-install: use mountpoint as store
Otherwise, it's possible building a flake may cause the live CD to run
out of memory.
2020-10-03 10:09:20 -07:00
Antonio Yang
0c138794af input methods: add hime 2020-10-03 22:27:22 +08:00
Gabriel Ebner
f26dcb4850
Merge pull request #93201 from symphorien/dovecot-namespace-mailbox
nixos/dovecot: configure mailboxes for all processes
2020-10-03 14:46:40 +02:00
Jonas Meurer
07988a0f88
nixos/moodle: add missing PHP module (#99163) 2020-10-03 11:41:56 +02:00
Eelco Dolstra
b551f06097 nixos-generate-config: Add missing newline 2020-10-03 10:48:39 +02:00
Anderson Torres
26108ada86
Merge pull request #99371 from zowoq/rm-caddy1
caddy1: remove
2020-10-02 20:49:50 -03:00
Florian Klink
93178d471e
Merge pull request #99329 from 0x4A6F/master-networking-hostname
nixos: Conform with RFC 1123 in networking.hostName
2020-10-02 22:01:51 +02:00
WORLDofPEACE
bd52e7f8d3
Merge pull request #99039 from worldofpeace/dnscrypt-proxy2-harden
nixos/dnscrypt-proxy2: harden and improve service
2020-10-02 11:48:58 -04:00
zowoq
8f74e9e905 nixos/caddy: remove caddy1 2020-10-02 23:50:59 +10:00
Maximilian Bosch
8626701b2d
Merge pull request #99256 from Ma27/sudo-pkg-option
nixos/sudo: add `package` option
2020-10-02 12:35:58 +02:00
Andreas Rammhold
66c3ba64b8
Merge pull request #99340 from andir/nftables-fix-iptables-conflict-errormsg
nftables: Warn about correct firewall setting
2020-10-02 11:13:26 +02:00
Konrad Borowski
6fc06a1d3d nixos/phpfpm: remove unnecessary sendmail configuration 2020-10-02 09:11:14 +02:00
Klemens Nanni
fb13347d2a nixos/plasma5: Enable browser integration
This option is not documented anywhere and while it may be set
in configuration.nix to enable integration, having it on by
default when using both plasma and firefox is a great convenience;
just like all other desktop environments do it already.
2020-10-02 13:07:09 +08:00
WORLDofPEACE
332dcda646
Merge pull request #98996 from NixOS/worldofpeace-patch-1
nixos/dnscrypt-proxy2: version the example file
2020-10-02 00:32:45 -04:00
Matt Votava
bc970e94e7 nixos/gnome3: don't enable modules for excludePackages 2020-10-02 00:24:24 -04:00
WORLDofPEACE
6e7e633a54 nixos/dnscrypt-proxy2: harden and improve service 2020-10-02 00:00:22 -04:00
Klemens Nanni
e438d4a04f
nftables: Warn about correct firewall setting
services.networking.firewall might have existed during import of this
module in 2016, but it is unknown as of today.

Point to the proper boolean knob to avoid confusion.
2020-10-02 00:25:57 +02:00