0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-19 00:20:32 +03:00
Commit graph

34842 commits

Author SHA1 Message Date
Pyrox
9f1c273c01 nixos/forgejo: replace GITEA_ prefix in env with FORGEJO_
Since https://codeberg.org/forgejo/forgejo/issues/497 has been resolved,
these can now be `FORGEJO_` prefixed instead of `GITEA_`.

Co-Authored-By: Emily <git@emilylange.de>
(cherry picked from commit 665063ca71)
2024-12-12 22:38:58 +00:00
Maximilian Bosch
cfd92cfb75 nixos/doc: document how to allow-list tablespaces
It was brought up that the restricted file-system access breaks
tablespaces[1]. I'd argue that this is the desired behavior, the whole
point of the hardening is the lock the service down and I don't consider
tablespaces common enough to elevate privileges again. Especially since
the workaround is trivial as shown in the diff.

For completeness sake, this adds the necessary `ReadWritePaths` change
to the postgresql section of the manual.

This also adds a small correction about the state of
`ensurePermissions`.

[1] https://github.com/NixOS/nixpkgs/pull/344925#issuecomment-2521188907

(cherry picked from commit 51a6938a44)
2024-12-12 15:43:42 +00:00
Jenny
780d66f5ca
[Backport release-24.11] nixos/librenms: order librenms-setup after network.target (#364209) 2024-12-12 11:18:39 +01:00
nix-backports[bot]
66cfe56827
[Backport release-24.11] nixos/rtkit: mention pipewire in docstring (#364332)
nixos/rtkit: mention pipewire in docstring

I don't know the reason for rtkit only getting enabled by
hardware.pulseaudio.enable and not services.pipewire.enable, as they
both use it to get real-time priority, but we can at least help users by
mentioning pipewire in the rtkit option.

(cherry picked from commit 886de305c8)

Co-authored-by: Bjørn Forsman <bjorn.forsman@gmail.com>
2024-12-12 00:54:46 -05:00
Wolfgang Walther
64ad3ae2ba
[24.11] Fix cupsd ShellCheck issues (#363968) 2024-12-11 22:05:23 +01:00
phaer
4b72061083 system/activation: mention deps attr in activationScripts example
As it helps making deps easier to discover - as we don't currently
render submodule options in the module correctly - and is arguably
more technical correct: When using nixos-install to install nixos
into a chroot in i.e. /mnt, there's no gurantee that /mnt/dev exists
before the specialfs phase ran.

(cherry picked from commit df8e6f7487)
2024-12-11 18:01:49 +00:00
misuzu
ecfbc4b7cf
[Backport release-24.11] nixos/ebusd: fix device access (#364192) 2024-12-11 19:57:12 +02:00
Marcel
2e61864ce1 nixos/librenms: order librenms-setup after network.target
librenms-setup requires database access; when deploying databases externally, networking is required.

(cherry picked from commit 8153ad4458)
2024-12-11 12:15:03 +00:00
Jenny
475602eb3e
[Backport release-24.11] nixos/librenms: enableLocalBilling + memory limit for cronjobs (#363655) 2024-12-11 12:16:15 +01:00
Moritz Vogel
1ed38edcc3 nixos/ebusd: fix device access
(cherry picked from commit 0c1feac497)
2024-12-11 11:24:48 +01:00
Wolfgang Walther
4672405f71
[Backport release-24.11] datadog-agent: 7.50.3 -> 7.56.2 (#362994) 2024-12-10 22:36:28 +01:00
Silvan Mosberger
d9d87c5196 treewide: format all inactive Nix files
After final improvements to the official formatter implementation,
this commit now performs the first treewide reformat of Nix files using it.
This is part of the implementation of RFC 166.

Only "inactive" files are reformatted, meaning only files that
aren't being touched by any PR with activity in the past 2 months.
This is to avoid conflicts for PRs that might soon be merged.
Later we can do a full treewide reformat to get the rest,
which should not cause as many conflicts.

A CI check has already been running for some time to ensure that new and
already-formatted files are formatted, so the files being reformatted here
should also stay formatted.

This commit was automatically created and can be verified using

    nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \
      --argstr baseRev 0128fbb0a5
    result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:29:24 +01:00
nix-backports[bot]
72ae55e493
[Backport release-24.11] peertube: 6.0.4 -> 6.3.3 (#363680)
peertube: 6.0.4 -> 6.3.3 (#358194)

(cherry picked from commit 0c053dfc7c)

Co-authored-by: liberodark <liberodark@gmail.com>
2024-12-10 17:41:30 +01:00
Victor Engmark
092063e155 nixos/cupsd: Fix permissions on shared directories
`/var/cache`, `/var/lib`, and `/var/spool` all have 0755 permissions by
default, so should probably be created as such in this script.

See #357447 for discussion.

(cherry picked from commit 7389d32232)
2024-12-10 15:58:58 +00:00
Victor Engmark
70d961e65d nixos/printing: fix ShellCheck issues
ShellCheck reports the following:

> SC2174 (warning): When used with -p, -m only applies to the deepest
> directory.

Avoid this warning by splitting `mkdir -m MODE -p DIR` into
`(umask MASK && mkdir -p DIR)`.

(cherry picked from commit bfe7bb410f)
2024-12-10 15:58:58 +00:00
Sandro
a312bd6032
[Backport release-24.11] nixos/mailman: increase uwsgi buffer size (#363760) 2024-12-10 15:50:35 +01:00
Wolfgang Walther
e0795ed832
[Backport release-24.11] nixos/qgroundcontrol: fix qgroundcontrol module (#363467) 2024-12-10 09:21:13 +01:00
Yureka
9ac83bcd08 nixos/mailman: increase uwsgi buffer size
otherwise results in 502 bad gateway errors with some clients (which send a lot of cookies?)

Change-Id: I9aadedb7acde0388f060dbb82ccd8788f41ff0e6
(cherry picked from commit 4d8e8de0d9)
2024-12-09 23:51:50 +00:00
Wolfgang Walther
ecb3d3a311
[Backport release-24.11] nixos/github-runner: use bashInteractive instead of bash (#362312) 2024-12-09 22:01:56 +01:00
Jennifer Graul
98a8a38def nixos/librenms: add netali to maintainers
(cherry picked from commit 7e2f76a187)
2024-12-09 17:40:15 +00:00
Jennifer Graul
4a3dacc509 nixos/librenms: fix links in docs
(cherry picked from commit 4bac8c5de5)
2024-12-09 17:40:15 +00:00
Jennifer Graul
fa0a8b5536 nixos/librenms: add enableLocalBilling option
(cherry picked from commit c59a8279ae)
2024-12-09 17:40:15 +00:00
Jennifer Graul
a5fa0a2eac nixos/librenms: add default php_memory_limit and use it in cronjobs
(cherry picked from commit c0efae7559)
2024-12-09 17:40:15 +00:00
Nick Cao
8ac152b72c
[Backport release-24.11] nixos/networking-interfaces-scripted: use read -r (#363481) 2024-12-09 09:08:21 -05:00
Masum Reza
d107d7116d
[Backport release-24.11] scx.full: 1.0.6 -> 1.0.7; nixos/scx: add new schedulers (#363322) 2024-12-09 18:21:07 +05:30
Sandro Jäckel
9e66870626 nixos/nginx: don't disable IPC
This also disables the memfd_create syscall which is required for
certain regex's when using pcre2.

see https://github.com/NixOS/nixpkgs/pull/355989#issuecomment-2506841275

(cherry picked from commit 996f9e4f28)
2024-12-09 10:48:18 +00:00
Tomodachi94
dde4c077d2 nixos/networking-interfaces-scripted: use read -r
...instead of plain read, which can cause issues.

See SC2162:
https://www.shellcheck.net/wiki/SC2162

(cherry picked from commit 2e98ec0e0e)
2024-12-09 07:07:15 +00:00
Gavin John
68255b4a43 nixos/qgroundcontrol: Add cfg.package option
(cherry picked from commit 765c9bf44e)
2024-12-09 05:47:59 +00:00
Aleksana
536a38d1b8
[Backport release-24.11] wivrn: 0.19 -> 0.22 (#363114) 2024-12-09 10:54:29 +08:00
nix-backports[bot]
4dbea6e2d4
[Backport release-24.11] nixos/seafile: fix systemd option capitalization for RandomizedDelaySec (#363366) 2024-12-08 16:37:53 -05:00
John Titor
901bfe3b1f nixos/scx: add new schedulers
(cherry picked from commit b4aacf5ab5)
2024-12-08 18:34:01 +00:00
PassiveLemon
3d679090d0 nixos/wivrn: add server flags option and refactor type check
(cherry picked from commit 7a625d3ccf)
2024-12-08 08:24:53 +00:00
Mel Bourgeois
a6141a01ab
nixos/datadog-agent: migrate deprecated config & set bin option
(cherry picked from commit bbcd0f3052)
2024-12-07 18:37:24 -06:00
Alex Martens
4e163b67e8 nixos/github-runners: remove newam from maintainers
(cherry picked from commit 69fd74d8fe)
2024-12-07 17:03:36 +00:00
Andrew Childs
837a4c79f4 nixos/hostapd: remove HT40- from default capabilities
The current default configuration, automatic channel selection with
the HT40- capability, is explicitly disallowed by an assertion in this
module.

This is a result of recent change to default to automatic channel
selection in 1047f0a6bf.

(cherry picked from commit 8a97d662dd)
2024-12-07 06:57:24 +00:00
Weijia Wang
62279c8a81
[Backport release-24.11] nixos/activation, switch-to-configuration-ng, doc: improve NIXOS_LUSTRATE installation experience (#360807) 2024-12-06 17:33:30 +01:00
Dave Aitken
1eac1a4432 nixos/github-runner: use bashInteractive instead of bash (#339875)
Some github actions that use `bash` expect interactive features to be available. One such action is the [use-nix-shell](https://github.com/rrbutani/use-nix-shell-action) action. I couldn't find a way to override this even with `cfg.extraPackages`, due to the way the path is ordered.

(cherry picked from commit 8c39875ae3)
2024-12-06 05:41:54 +00:00
Ryan Yin
cfcb289f48 nixos/victoriametrics: the prometheusConfig option isn't null by default 2024-12-06 10:32:29 +08:00
Maximilian Bosch
4ebbbeeebb
Merge: [Backport release-24.11] nixos/pgbouncer: rework RFC42 integration (#358344) 2024-12-05 11:02:41 +01:00
Nathan Henrie
59211dc6df nixos/espanso: remove unused wayland option
This option is unused in the module.

As discussed in https://github.com/NixOS/nixpkgs/pull/317457 and
https://github.com/NixOS/nixpkgs/pull/285138#discussion_r1478367044
users should just set the `package` option.

(cherry picked from commit 526239b118)
2024-12-04 21:08:07 +00:00
Wolfgang Walther
608816582e
[Backport release-24.11] nixos/monado: add forceDefaultRuntime option (#358702) 2024-12-04 20:24:41 +01:00
stanleyj-edsn
994b5f499d nixos/exwm: remove option enableDefaultConfig
The default configuration was removed from upstream, see https://github.com/emacs-exwm/exwm/issues/57

Fix: #319541
Co-authored-by: Lin Jian <me@linj.tech>
(cherry picked from commit c82bf95274)
2024-12-04 19:08:02 +00:00
stanleyj-edsn
feed52b608 nixos/exwm: rename emacsWithPackages
Fix error: 'emacsWithPackages' has been renamed to/replaced by 'emacs.pkgs.withPackages'

Fix: #361706
(cherry picked from commit 0f64286316)
2024-12-04 19:08:01 +00:00
w
def5b738ed nixos/invoiceplane: fix sites option description (#316699)
(cherry picked from commit b66069df87)
2024-12-04 14:48:13 +00:00
Martin Weinelt
fcd0b7f91e
[Backport release-24.11] nixos/knot: add missing CLIs to wrapper (#361436) 2024-12-04 01:34:12 +01:00
Franz Pletz
5a1659c0ef nixos/fireqos: modernize
(cherry picked from commit c91e47f589)
2024-12-03 20:13:03 +00:00
budimanjojo
243c725b8c nixos/fireqos: fix service not being enabled
Signed-off-by: budimanjojo <budimanjojo@gmail.com>
(cherry picked from commit 7ed1bb9467)
2024-12-03 20:13:03 +00:00
Molly Miller
9fd387bebb nixos/frr: make runtime directory world-readable
FRR intends for non-root users to connect to the VTY sockets if they
are members of the frrvty group, however this is not possible if
non-root/non-frr users cannot access the runtime directory. The
sockets used by the FRR daemons for internal IPC are also created in
the runtime directory, however these are created with appropriately
restrictive permissions to prevent interference.

(cherry picked from commit f014b0d415)
2024-12-03 15:35:31 +00:00
Alexander Sieg
1945b44dab nixos/knot: add missing CLIs to wrapper
(cherry picked from commit 46402be060)
2024-12-03 12:40:35 +00:00
Bruno BELANYI
a65508ca52 nixos/localtimed: fix 'geoclue2Package' doc
(cherry picked from commit 35435a647a)
2024-12-03 08:34:56 +00:00