movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-22 09:20:58 +03:00
Code Activity
436524 commits 217 branches 129 tags 8.4 GiB
Commit graph

23577 commits

Author SHA1 Message Date
Lin Jian
642323930e
nixos/systemd-boot: correctly find gen_number for specialisation 
Before this patch, the gen_number found by regex contains
"-specialisation-foo" if specialisation is used. As a result, applying
int() to gen_number raises ValueError, causing entries containing
a specialisation part not being removed.
 2022-10-07 19:28:43 +08:00
Christian Kögler
aff16d8bc8
Merge pull request #190052 from JasonWoof/acme-example 
nixos/doc: fix acme dns-01 example
 2022-10-07 12:53:15 +02:00
Alexander Bantyev
99cc02fe98
Merge pull request #193694 from cab404/fwupd-remote-list 
nixos.fwupd: add remote list option
 2022-10-07 14:23:19 +04:00
Mario Rodas
405db07799
Merge pull request #167047 from helsinki-systems/drop/postgresql10 
postgresql: remove 10.x
 2022-10-06 21:32:46 -05:00
Cole Mickens
3d5d6fc78c
nixos: luksroot: toString-ify keyFileSize usage 2022-10-06 15:06:50 -07:00
Edward Tjörnhammar
a72e138b78 nixos/jfs: correct broken toplevel reference 2022-10-06 19:26:13 +00:00
github-actions[bot]
0b4912d905
Merge staging-next into staging 2022-10-06 18:03:42 +00:00
github-actions[bot]
c5f0d725df
Merge master into staging-next 2022-10-06 18:03:10 +00:00
Naïm Favier
52c58c8bbe
nixos/network-interfaces: reflect negative settings of proxyARP 
Currently, setting `proxyARP` to true enables `proxy_arp`, but setting
it to false doesn't disable it. This is surprising and stateful.
 2022-10-06 16:46:17 +02:00
Robert Hensing
1ab9d1beb1 nixos/snipe-it: Refactor to use config.networking.fqdnOrHostName 2022-10-06 16:43:07 +02:00
Robert Hensing
ed5aa53f45 nixos/matamo: Refactor to use config.networking.fqdnOrHostName 2022-10-06 16:43:07 +02:00
Lucas Savva
49c0fd7d60 nixos/acme: Disable lego renew sleeping 
Lego has a built-in mechanism for sleeping for a random amount
of time before renewing a certificate. In our environment this
is not only unnecessary (as our systemd timer takes care of it)
but also unwanted since it slows down the execution of the
systemd service encompassing it, thus also slowing down the
start up of any services its depending on.

Also added FixedRandomDelay to the timer for more predictability.
 2022-10-06 10:30:24 -04:00
Lucas Savva
657ecbca0e nixos/acme: Make account creds check more robust 
Fixes #190493

Check if an actual key file exists. This does not
completely cover the work accountHash does to ensure
that a new account is registered when account
related options are changed.
 2022-10-06 10:30:24 -04:00
Lucas Savva
39796cad46 nixos/acme: Fix cert renewal with built in webserver 
Fixes #191794

Lego threw a permission denied error binding to port 80.
AmbientCapabilities with CAP_NET_BIND_SERVICE was required.
Also added a test for this.
 2022-10-06 10:30:24 -04:00
Robert Hensing
5699ff529a nixos/discourse: Refactor to use config.networking.fqdnOrHostName 2022-10-06 16:24:39 +02:00
Robert Hensing
c069475f82 nixos/bookstack: Refactor to use config.networking.fqdnOrHostName 2022-10-06 16:24:38 +02:00
Robert Hensing
12da62fef5 nixos/jitsi-videobridge: Refactor to use config.networking.fqdnOrHostName 2022-10-06 16:24:38 +02:00
Robert Hensing
06a1a29467 nixos/flannel: Refactor to use config.networking.fqdnOrHostName 2022-10-06 16:24:38 +02:00
Robert Hensing
185f12d96f nixos/smartd: Refactor to use config.networking.fqdnOrHostName 2022-10-06 16:24:34 +02:00
Robert Hensing
fec3f62d38 nixos/kubelet: Refactor to use config.networking.fqdnOrHostName 2022-10-06 16:24:31 +02:00
Robert Hensing
f43716f28e nixos: Add networking.fqdnOrHostName option, readOnly 2022-10-06 16:21:09 +02:00
pennae
3826e303c6 nixos/firefox-syncserver: remove extra add_header 
syncstorage-rs sets this header starting with 0.12.3.
 2022-10-06 14:48:53 +02:00
pennae
f97c9d60e4 nixos/firefox-syncserver: proxyPass singleNode to 127.0.0.1 
syncstorage-rs does not listen on ::1 unless explicitly configured.
 2022-10-06 14:48:53 +02:00
pennae
8dc30e9e98 nixos/firefox-syncserver: set default for oauth verifier threads 
the 0.12.1 update introduced a static thread pool for verifying oauth
tokens. set a reasonable default for self-hosted setups (10 threads).
 2022-10-06 14:48:53 +02:00
github-actions[bot]
7dc2d52e3b
Merge staging-next into staging 2022-10-06 12:02:07 +00:00
github-actions[bot]
8d6fbd7341
Merge master into staging-next 2022-10-06 12:01:31 +00:00
Maximilian Bosch
15914eba85
nixos/privacyidea: fix manual build 2022-10-06 13:50:31 +02:00
Maximilian Bosch
ecaf6aed02
nixos/privacyidea: add proper support for privacyidea-token-janitor 
`privacyidea-token-janitor`[1] is a tool which helps to automate
maintenance of tokens. This is helpful to identify e.g. orphaned tokens,
i.e. tokens of users that were removed or tokens that were unused for a
longer period of time and apply actions to them (e.g. `disable` or
`delete`).

This patch adds two new things:

* A wrapper for `privacyidea-token-janitor` to make sure it's executable
  from CLI. To achieve this, it does a `sudo(8)` into the
  `privacyidea`-user and sets up the environment to make sure the
  configuration file can be found. With that, administrators can
  directly invoke it from the CLI without additional steps.

* An optional service is added which performs automatic cleanups of
  orphaned and/or unassigned tokens. Yes, the tool can do way more
  stuff, but I figured it's reasonable to have an automatic way to clean
  up tokens of users who were removed from the PI instance. Additional
  automation steps should probably be implemented in additional
  services (and are perhaps too custom to add them to this module).

[1] https://privacyidea.readthedocs.io/en/v3.7/workflows_and_tools/tools/index.html
 2022-10-06 11:43:20 +02:00
Jörg Thalheim
988c9130e1
Merge pull request #193767 from winterqt/update-dendrite 
dendrite: 0.9.9 -> 0.10.1
 2022-10-06 09:28:32 +02:00
github-actions[bot]
0cb28ea28a
Merge staging-next into staging 2022-10-06 06:05:52 +00:00
github-actions[bot]
863df54d13
Merge master into staging-next 2022-10-06 06:05:17 +00:00
Stanisław Pitucha
4a6979d310
Merge pull request #194603 from phiadaarr/jitsiVideobridge 
jitsi-videobridge: fix link in docs
 2022-10-06 12:19:43 +11:00
github-actions[bot]
8a69058a29
Merge staging-next into staging 2022-10-05 18:08:07 +00:00
github-actions[bot]
939050602c
Merge master into staging-next 2022-10-05 18:07:32 +00:00
Ian McFarlane
49c4a6d602 nixos/getty: mkdefault for etc/issue 2022-10-05 12:46:23 -04:00
José Luis Lafuente
396f4f05b9
nixos/tmate-ssh-server: init module (#192270) 
* nixos/tmate-ssh-server: init module

Co-authored-by: Aaron Andersen <aaron@fosslib.net>
 2022-10-05 17:34:30 +01:00
Philipp Arras
1e430612dc jitsi-videobridge: fix link in docs 2022-10-05 18:11:57 +02:00
Zhaofeng Li
b9b454820a systemd/initrd: Add TPM modules into initrd 
This improves the out-of-box experience of TPM2 unlocking at a
small (50K) overhead.
 2022-10-05 08:22:53 -06:00
Zhaofeng Li
21bbef9548 nixos/luksroot: Reword message on FIDO2 support with systemd stage 1 2022-10-05 08:22:53 -06:00
Zhaofeng Li
19c34ac44b systemd/initrd: Add files required by TPM2 and FIDO2 support to the initramfs 2022-10-05 08:22:14 -06:00
Zhaofeng Li
570824e102 systemd: Wrap in LUKS2 tokens 
Update pkgs/os-specific/linux/systemd/default.nix

Co-authored-by: Janne Heß <janne@hess.ooo>
Co-authored-by: Ilan Joselevich <personal@ilanjoselevich.com>
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
 2022-10-05 08:22:14 -06:00
github-actions[bot]
855f2990f1
Merge staging-next into staging 2022-10-05 12:02:14 +00:00
github-actions[bot]
ebb7cf0268
Merge master into staging-next 2022-10-05 12:01:40 +00:00
Florian Klink
c1c406bc87
Merge pull request #191491 from oxalica/fix/systemd-initrd-modprobe 
nixos/systemd-stage-1: include modprobe confg in initrd
 2022-10-05 10:39:58 +02:00
Milan Hauth
a1e9f1e036 nixos/firewall: move rpfilter from raw to mangle 
fix wireguard (wg-quick)

netfilter packet flow:
raw.prerouting -> conntrack -> mangle.prerouting

rpfilter must be after conntrack
otherwise response packets are dropped
 2022-10-05 09:50:56 +02:00
github-actions[bot]
d426366b62
Merge staging-next into staging 2022-10-05 00:05:03 +00:00
Martin Weinelt
253ca4957d Merge remote-tracking branch 'origin/master' into staging-next 2022-10-05 00:44:16 +02:00
Florian Klink
72911a27bb
Merge pull request #193502 from phaer/systemd-portabled 
Support systemd-portabled
 2022-10-04 21:39:39 +02:00
superherointj
2e19f2fa53 maintainers: remove superherointj 2022-10-04 14:06:48 -03:00
Jan Tojnar
e14d1e1bc9
Merge pull request #192969 from jtojnar/extra-gsettings-strict 
GNOME/Cinnamon/Pantheon: Clean up GSettings overrides and make strict
 2022-10-04 00:59:08 +02:00