summary refs log tree commit diff
path: root/nixos
AgeCommit message (Collapse)AuthorFilesLines
2021-05-31nixos/release-notes: Initial grooming of release notesJonathan Ringer1-2/+71
(cherry picked from commit f15d286aaca6f7bd9f246c72978992ea8bb73e63)
2021-05-31nixos/doc/releases: update stable release info to 21.05Jonathan Ringer2-9/+9
(cherry picked from commit 545ba18df2ca2077d6c1a69e02648ad88dd5d968)
2021-05-31nixos/acme: don't use --reuse-keyVincent Bernat2-1/+11
Reusing the same private/public key on renewal has two issues: - some providers don't accept to sign the same public key again (Buypass Go SSL) - keeping the same private key forever partly defeats the purpose of renewing the certificate often Therefore, let's remove this option. People wanting to keep the same key can set extraLegoRenewFlags to `[ --reuse-key ]` to keep the previous behavior. Alternatively, we could put this as an option whose default value is true. (cherry picked from commit 632c8e1d54e299f656aa677f25552e1127f12849)
2021-05-30Update nixos/modules/virtualisation/libvirtd.nixJanne Heß1-1/+1
Co-authored-by: Martin Weinelt <mweinelt@users.noreply.github.com> (cherry picked from commit 964fc7cfef94bd598d816979a4ca1a42d9753d23)
2021-05-30nixos/libvirtd: Take ethertypes from iptables-nftables-compatJanne Heß1-1/+1
iptables is currently defined in `all-packages.nix` to be iptables-compat. That package does however not contain `ethertypes`. Only `iptables-nftables-compat` contains this file so the symlink dangles. (cherry picked from commit 2eeecef3fc70e35b2f4c6d8424e4c726c140e330)
2021-05-29nixos/wordpress: regenerate secret keys if misspelled key name is foundMartin Weinelt1-1/+3
A secret key generated by the nixos module was misspelled, which could possibly impact the security of session cookies. To recover from this situation we will wipe all security keys that were previously generated by the NixOS module, when the misspelled one is found. This will result in all session cookies being invalidated. This is confirmed by the wordpress documentation: > You can change these at any point in time to invalidate all existing > cookies. This does mean that all users will have to login again. https://wordpress.org/support/article/editing-wp-config-php/#security-keys Meanwhile this issue shouldn't be too grave, since the salting function of wordpress will rely on the concatenation of both the user-provided and automatically generated values, that are stored in the database. > Secret keys are located in two places: in the database and in the > wp-config.php file. The secret key in the database is randomly > generated and will be appended to the secret keys in wp-config.php. https://developer.wordpress.org/reference/functions/wp_salt/ Fixes: 2adb03fdaea6186299c6ff578bb6814d8f3bb30b ("nixos/wordpress: generate secrets locally") Reported-by: Moritz Hedtke <Moritz.Hedtke@t-online.de> (cherry picked from commit 724ed08df02546fea2ab38613d615dd47461528c)
2021-05-28nixos/discourse: Assert deployed PostgreSQL versiontalyz2-0/+24
Assert that the PostgreSQL version being deployed is the one used upstream. Allow the user to override this assertion, since it's not always possible or preferable to use the recommended one. (cherry picked from commit 544adbfcab2e92c2fe5774cae67f2edf165eb97e)
2021-05-28discourse: 2.6.5 -> 2.7.0talyz1-4/+15
(cherry picked from commit 42b8e7685d5fe5280f8f6101a6d19016b92f3a5c)
2021-05-28rl-2105: mention linux_latest and potential zfs issuesDominik Xaver Hörl1-0/+1
(cherry picked from commit 7953b6e532be68c76e0e02bf6c83ff9350ad529e)
2021-05-28nixos/wireguard: Remove .path systemd unit for privkey. Fixes #123203Niklas Hambüchen1-14/+0
As per `man systemd.path`: > When a service unit triggered by a path unit terminates > (regardless whether it exited successfully or failed), > monitored paths are checked immediately again, > **and the service accordingly restarted instantly**. Thus the existence of the path unit made it impossible to stop the wireguard service using e.g. systemctl stop wireguard-wg0.service Systemd path units are not intended for program inputs such as private key files. This commit simply removes this usage; the private key is still generated by the `generateKeyServiceUnit`. (cherry picked from commit d344dccf3dc592242f11ef993acb9ecee8d84796)
2021-05-28nixos/bitwarden_rs: fix startup on 32 thread machinesIvan Kozik1-1/+0
LimitNPROC=64 is too low for bitwarden_rs to start on a 32 thread machine. Remove the limit. This fixes: ``` bitwarden_rs[38701]: /--------------------------------------------------------------------\ bitwarden_rs[38701]: | Starting Bitwarden_RS | bitwarden_rs[38701]: |--------------------------------------------------------------------| bitwarden_rs[38701]: | This is an *unofficial* Bitwarden implementation, DO NOT use the | bitwarden_rs[38701]: | official channels to report bugs/features, regardless of client. | bitwarden_rs[38701]: | Send usage/configuration questions or feature requests to: | bitwarden_rs[38701]: | https://bitwardenrs.discourse.group/ | bitwarden_rs[38701]: | Report suspected bugs/issues in the software itself at: | bitwarden_rs[38701]: | https://github.com/dani-garcia/bitwarden_rs/issues/new | bitwarden_rs[38701]: \--------------------------------------------------------------------/ bitwarden_rs[38701]: [INFO] No .env file found. bitwarden_rs[38701]: [2021-05-24 03:34:41.121][bitwarden_rs::api::core::sends][INFO] Initiating send deletion bitwarden_rs[38701]: [2021-05-24 03:34:41.122][start][INFO] Rocket has launched from http://127.0.0.1:8222 bitwarden_rs[38701]: [2021-05-24 03:34:41.126][panic][ERROR] thread 'unnamed' panicked at 'failed to spawn thread: Os { code: 11, kind: WouldBlock, message: "Resource temporarily unavailable" }': /build/rustc-1.52.1-src/library/std/src/thread/mod.rs:620 bitwarden_rs[38701]: 0: bitwarden_rs::init_logging::{{closure}} bitwarden_rs[38701]: 1: std::panicking::rust_panic_with_hook bitwarden_rs[38701]: 2: std::panicking::begin_panic_handler::{{closure}} bitwarden_rs[38701]: 3: std::sys_common::backtrace::__rust_end_short_backtrace bitwarden_rs[38701]: 4: rust_begin_unwind bitwarden_rs[38701]: 5: core::panicking::panic_fmt bitwarden_rs[38701]: 6: core::result::unwrap_failed bitwarden_rs[38701]: 7: hyper::server::listener::spawn_with bitwarden_rs[38701]: 8: hyper::server::listener::ListenerPool<A>::accept bitwarden_rs[38701]: 9: std::sys_common::backtrace::__rust_begin_short_backtrace bitwarden_rs[38701]: 10: core::ops::function::FnOnce::call_once{{vtable.shim}} bitwarden_rs[38701]: 11: std::sys::unix::thread::Thread::new::thread_start bitwarden_rs[38701]: 12: start_thread bitwarden_rs[38701]: 13: __GI___clone bitwarden_rs[38701]: [2021-05-24 03:34:41.126][panic][ERROR] thread 'main' panicked at 'internal error: entered unreachable code: the call to `handle_threads` should block on success': /build/bitwarden_rs-1.20.0-vendor.tar.gz/rocket/src/rocket.rs:751 bitwarden_rs[38701]: 0: bitwarden_rs::init_logging::{{closure}} bitwarden_rs[38701]: 1: std::panicking::rust_panic_with_hook bitwarden_rs[38701]: 2: std::panicking::begin_panic_handler::{{closure}} bitwarden_rs[38701]: 3: std::sys_common::backtrace::__rust_end_short_backtrace bitwarden_rs[38701]: 4: rust_begin_unwind bitwarden_rs[38701]: 5: core::panicking::panic_fmt bitwarden_rs[38701]: 6: rocket::rocket::Rocket::launch bitwarden_rs[38701]: 7: bitwarden_rs::main bitwarden_rs[38701]: 8: std::sys_common::backtrace::__rust_begin_short_backtrace bitwarden_rs[38701]: 9: std::rt::lang_start::{{closure}} bitwarden_rs[38701]: 10: std::rt::lang_start_internal bitwarden_rs[38701]: 11: main ``` (cherry picked from commit d95960e2755c1c2a8913cc27d0daada84c0c560c)
2021-05-28mediatomb/gerbera: Add release note information for 21.03Antoine R. Dumont (@ardumont)1-0/+41
Note that it made into 2 entries, one about new options in the first section. Another in the breaking compatibility section due to the openFirewall option which changes the behavior. Co-authored-by: schmittlauch <t.schmittlauch+nixos@orlives.de> (cherry picked from commit 93a80a4390499b4204cf6836bcc6cab5debecccb)
2021-05-27nixos/tests/{sway,cagebreak}: Disable on aarch64-linuxMichael Weiss1-2/+2
The tests timeout on AArch64 (e.g. [0] and [1]), likely because the QEMU option "-vga virtio" isn't supported there (unfortunately I currently lack access to an AArch64 system with NixOS to investigate). This also affects the test for Cage but that one is already limited to x86_64-linux. [0]: https://hydra.nixos.org/build/144148809 [1]: https://hydra.nixos.org/build/144103034 (cherry picked from commit abb9ea73f7b2bd8d0862be47a0a1010d7644136b)
2021-05-27nixos/dendrite: remove (#124524)Michael Lingelbach4-282/+0
* The options tlsKey and tlsCert require being accessible by DynamicUser at runtime, which currently requires copying the files into the matrix service state directory. Fixing this might require breaking changes. Thus the module should not be included in a stable release.
2021-05-27Merge pull request #124509 from dotlambda/backport-124391Sandro1-0/+2
2021-05-26nixos/release-notes: fix `slaptest` command for openldap sectionMaximilian Bosch1-1/+1
When running - as suggested - `slaptest -f slapd.conf $TMPDIR` I get the following result: [root@ldap:/tmp/tmp.De46ABIbFf]# slaptest -f /nix/store/lks3ihydj40ff6yqvz0k33ycrc9vbyry-slapd.conf $TMPDIR usage: slaptest [-v] [-d debuglevel] [-f configfile] [-F configdir] [-o <name>[=<value>]] [-n databasenumber] [-u] [-Q] [root@ldap:/tmp/tmp.De46ABIbFf]# echo $? 1 Adding a `-F` option fixes the issue. (cherry picked from commit b5a12b4b61fca35c7ca94de0338a7e16841888f4)
2021-05-26nixos/kresd: tell resolveconf to use local resolverSandro Jäckel1-0/+2
(cherry picked from commit 140828ce3843444a8536db884147ed5c4b941259)
2021-05-25nixos/manual: document how to install over a serial portTom Fitzhenry1-0/+6
https://github.com/NixOS/nixpkgs/issues/58198 (cherry picked from commit 81e04717e8f30496ec9ec9edb6b0588deca41ee2)
2021-05-24Revert "nixos/nix-daemon: fix sandbox-paths option"regnat1-7/+1
This reverts commit aeeee447bcc181d57a19d348f857326f4e1959fe. (cherry picked from commit 113823669b9b71fff84bc592d1fd6022635c28eb) Signed-off-by: Domen Kožar <domen@dev.si>
2021-05-23Merge pull request #123902 from hyperfekt/mount-pstore-quietGuillaume Girol1-0/+1
nixos/filesystems: condition mount-pstore.service on unmounted /sys/fs/pstore (cherry picked from commit d7555732bc8bb8a2acb50fd4ecba96c825b4f21e) Reason: activation throws an error from failing to start the unit
2021-05-22Revert "nixos/doc: add md-to-db.sh, convert "Building Your Own NixOS CD" to ↵Jonathan Ringer6-89/+34
CommonMark" This reverts commit 6c14851943fe55da9df88a502d1e1fe2271d9666.
2021-05-22Revert "nixos/doc: convert "Contributing to this manual" to CommonMark"Jonathan Ringer5-38/+24
This reverts commit 7501467903faa3de62f6a45d5ee2fda35154b8a2.
2021-05-22Revert "nixos/doc: add 21.11 release notes stub"Jonathan Ringer3-21/+0
This reverts commit 6543c61311c0397775253dd3d7f1f41154fc6189.
2021-05-22Merge remote-tracking branch 'origin/master' into backport-staging-nextJonathan Ringer15-59/+161
Forgot to merge staging-next into master before branching off. This is meant to include the additional stabilization changes.
2021-05-22Merge remote-tracking branch 'origin/master' into staging-nextJonathan Ringer25-89/+360
Conflicts: pkgs/tools/networking/xh/default.nix
2021-05-22nixos/doc: add 21.11 release notes stubRyan Mulligan3-0/+21
2021-05-22nixos/doc: convert "Contributing to this manual" to CommonMarkRyan Mulligan5-24/+38
Also updates it to mention running md-to-db.sh.
2021-05-22nixos/doc: add md-to-db.sh, convert "Building Your Own NixOS CD" to CommonMarkRyan Mulligan6-34/+89
2021-05-2221.05 beta release 21.05-betaJonathan Ringer2-2/+2
2021-05-23Merge pull request #121626 from mweinelt/botamusiqueMartin Weinelt4-0/+163
2021-05-23nixos/tests/botamusique: initMartin Weinelt2-0/+48
2021-05-23nixos/botamusique: initMartin Weinelt2-0/+115
2021-05-23Merge pull request #124073 from mkg20001/cinnamonpolkitJan Tojnar1-0/+3
nixos/cinnamon: add polkit_gnome to fix #124062
2021-05-23Merge pull request #124056 from mkg20001/cinnamonlocaleJan Tojnar1-0/+1
nixos/cinnamon: add cinnamon-translations to systemPackages
2021-05-22nixos/cinnamon: add cinnamon-translations to systemPackagesMaciej Krüger1-0/+1
This allows other cinnamon applications to use the locales Without this the cinnamon UI is not properly translated
2021-05-22nixos/cinnamon: add polkit_gnome to fix #124062Maciej Krüger1-0/+3
2021-05-22Merge pull request #122203 from mohe2015/imperative-nixos-container-timeoutMaximilian Bosch1-1/+1
nixos-containers: Increase startup timeout for imperative containers
2021-05-22Merge pull request #123941 from mweinelt/matrix-synapseMaximilian Bosch1-6/+11
nixos/matrix-synapse: protect created files
2021-05-22nixos/matrix-synapse: protect created filesMartin Weinelt1-6/+11
Enforce UMask on the systemd unit to restrict the permissions of files created. Especially the homeserver signing key should not be world readable, and media is served through synapse itself, so no other user needs access to these files. Use a prestart chmod to fixup the permissions on the signing key.
2021-05-22Merge pull request #104420 from danielfullmer/syncoid-perm-fixSandro2-23/+31
2021-05-22maintainers: rename metadark -> kira-bruneau (#124035)Kira Bruneau2-2/+2
2021-05-22Merge pull request #123211 from mdevlamynck/pipewire-plasma-paDomen Kožar1-0/+1
nixos/plasma5: also add plasma-pa when using pipewire with pulseaudio support
2021-05-22Merge master into staging-nextgithub-actions[bot]2-3/+8
2021-05-22nixos/spacenavd: run as user servicesohalt1-2/+1
2021-05-22Merge pull request #123970 from kisik21/nix-fix-sandbox-pathsDomen Kožar1-1/+7
nixos/nix-daemon: fix sandbox-paths option
2021-05-22nixos/nix-daemon: fix sandbox-paths optionVika1-1/+7
In newer versions of Nix (at least on 2.4pre20201102_550e11f) the `extra-` prefix for config options received a special meaning and the option `extra-sandbox-paths` isn't recognized anymore. This commit fixes it. It doesn't cause a behavior change when using older versions of Nix but does cause an extra newline to appear in the config, thus changing the hash.
2021-05-22Merge master into staging-nextgithub-actions[bot]10-47/+216
2021-05-21docs/release-notes: mention ati_drivers_x11 removalJonathan Ringer1-0/+6
2021-05-21nixos/video: remove obsolete ati modulesJonathan Ringer3-43/+1
2021-05-21release notes: Mention automated gnomeExtensionsJan Tojnar1-0/+5
https://github.com/NixOS/nixpkgs/pull/118232
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-06 16:24:54 +0000