tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-11 10:16:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
812566 commits 197 branches 129 tags 14 GiB
Commit graph

38339 commits

Author SHA1 Message Date
Maximilian Bosch e3f9723c15
Merge: [Backport release-25.05] Fix: Correct podman systemd service name (#432866) 2025-08-25 12:27:48 +02:00
Wolfgang Walther 44d6b48a5f postgresql.tests.postgresql.postgresql-backup-all: fix random dump 
The new `\restrict` migitation creates random keys in the dump file by
default, which breaks a before/after test for the backup module. By
making the restrict key reproducible, the test passes again.

(cherry picked from commit 87e1134406)
 2025-08-24 09:09:39 +00:00
Adam C. Stephens e6ad556248
[Backport release-25.05] nixos/vector: add graceful shutdown limit option; nixos/vector: add option to disable the configuration validation (#428623) 2025-08-22 14:34:15 -04:00
Brendan Taylor 55ce6a8344 nixos/borgmatic: do not use pg_dumpall when a format is set (#413251) 
(cherry picked from commit d0be8ff242)
 2025-08-21 18:09:04 +02:00
Jonas Heinrich a0c2500457 nixos/invoiceplane: Update patch 
(cherry picked from commit aa06ffc4c3)
 2025-08-20 14:49:48 +00:00
Minijackson 7255ed8f2c nixos/sssd: add upstream hardening options in sssd-kcm.service 
(cherry picked from commit 4e40f1c79e)
 2025-08-18 07:44:31 +00:00
Minijackson dcd993f7af nixos/sssd: add upstream directives in sssd.service 
Changed the service type from forking to notify,
which should gives a better indication of when the service is ready.

Changed the preStart into an ExecStart,
in order for upstream's NotifyAccess=main to work.

Added Restart=on-abnormal for better service stability.

(cherry picked from commit 9867229696)
 2025-08-18 07:44:31 +00:00
frantathefranta 361f6a6354
nixos/conman: init module 
Adding a service for the conman package

Changes to conman service as per review

(cherry picked from commit 8b97231460)
 2025-08-15 18:22:31 -04:00
Defelo 5e0dafbe09 zipline: 4.2.1 -> 4.2.3 
Changelog: https://github.com/diced/zipline/releases/tag/v4.2.2
Diff: https://github.com/diced/zipline/compare/v4.2.1...v4.2.2

Changelog: https://github.com/diced/zipline/releases/tag/v4.2.3
Diff: https://github.com/diced/zipline/compare/v4.2.2...v4.2.3
(cherry picked from commit ed4ce19544)
 2025-08-15 10:55:14 +00:00
Wolfgang Walther 0f9967d795
[Backport release-25.05] nixos/freshrss: fix loading extensions' static content (#431314) 2025-08-13 20:26:43 +00:00
Yethal 8409a094b3 virtualisation/oci-containers: fix podman systemd service name 
(cherry picked from commit 68710f4064)
 2025-08-11 16:39:49 +00:00
Wolfgang Walther a55f91168b
[Backport release-25.05] nixos/garage: set LimitNOFILE (#429643) 2025-08-09 17:14:04 +00:00
Wolfgang Walther 9e0d46b18f
[Backport release-25.05] peertube: remove spawn (#427195) 2025-08-09 16:59:42 +00:00
Wolfgang Walther 311b0326e6
[Backport release-25.05] nixos/iio: add package option (#427218) 2025-08-09 16:58:37 +00:00
Seth Flynn 722bf47885
[Backport release-25.05] tuned: init at 2.25.1 (#430398) 2025-08-07 09:30:36 -04:00
liberodark e728d7ae4b nixos/ntpd-rs: hardening 
(cherry picked from commit a9cd681b8d)
 2025-08-07 16:20:54 +05:30
Seth Flynn 6dacbe7880
nixos/tuned: enable upower with tuned-ppd 
Fixes: #431105
(cherry picked from commit 8f2a71ff49)
 2025-08-06 20:21:50 -04:00
Matt Christ 4714abbe16
nixos/freshrss: fix loading extensions' static content 
Before this change, the THIRDPARTY_EXTENSIONS_PATH would end up with a
double-slash in the path, which was breaking FreshRSS's is_valid_path
detection.

(cherry picked from commit 637fc36529)
 2025-08-06 20:18:21 -04:00
Amadej Kastelic afc5524721
nixos/cjdns: update for cjdns 22.1 compatibility 
(cherry picked from commit 7476494b3b)
 2025-08-03 15:43:34 +02:00
Seth Flynn 2514f13aa6
nixos/tuned: init 
(cherry picked from commit 3eeb7ad06a)
 2025-08-02 10:57:37 -04:00
Aleksana eb3085f230
[25.05] Backport nixos/kanidm: accept originUrls following rfc8252 (#429527) 2025-08-02 22:14:05 +08:00
André Silva 64058315d1
[Backport release-25.05] nixos/qbittorrent: init (#429630) 2025-08-01 12:46:13 +01:00
Jhonas Wernery 4b555c184b nixos/garage: set LimitNOFILE (#429633) 
Upstream uses 42000, see:
https://garagehq.deuxfleurs.fr/documentation/cookbook/systemd/

(cherry picked from commit 92b504d2ff)
 2025-07-30 16:55:57 +00:00
bas 13df1220cc nixos/qbittorrent: add maintainer undefined-landmark 
As discussed in PR #287923. The author agreed to add me as a maintainer
to the module after merging.

(cherry picked from commit 380cd5924b)
 2025-07-30 17:07:14 +02:00
nuko 3849dd705e nixos/qbittorrent: init service module 
nixos/qbittorrent: add default serverConfig & fix test

Migrate to runTest

Replace lib.optional with lib.optionals

nixos/qbittorrent: update release notes to 2511

(cherry picked from commit 84d174e312)
 2025-07-30 17:04:45 +02:00
Martin Weinelt a10ae85d3a nixos/tlsrpt: configure explicit http_script 
Make sure we get curl into the system, since when the tlsrpt rua is an
HTTP URL we need to be able to deliver to that.

(cherry picked from commit e030814446)
 2025-07-30 13:36:27 +00:00
Marc Plano-Lesay 4fd3a59d8a
nixos/kanidm: accept originUrls following rfc8252 (#428204) 
(cherry picked from commit 0d25584641)
 2025-07-30 15:06:11 +10:00
Will Fancher 67a2f9968f
[Backport release-25.05] nixos/systemd: fix run0 failing to run commands (#429202) 2025-07-29 23:33:42 -04:00
Thomas Gerbet 33cb0b9a21 sudo: 1.9.17p1 -> 1.9.17p2 
Changes:
https://www.sudo.ws/releases/stable/#1.9.17p2
(cherry picked from commit a3a0962f23)
 2025-07-29 21:43:27 +00:00
Defelo 17847f675a
nixos/go-httpbin: init module 
(cherry picked from commit 224dc30d39)
 2025-07-29 20:04:55 +05:30
Jason Yundt d5378cec85 nixos/systemd: fix run0 failing to run commands 
Fixes #361592.

I was able to test this change by doing the following:

1. Create a file named “test-systemd-run0.nix” that contains this Nix
expression:

    let
      nixpkgs = /path/to/nixpkgs;
      pkgs = import nixpkgs { };
    in
    pkgs.testers.runNixOSTest {
      name = "test-systemd-run0";
      nodes.machine = {
        security.polkit.enable = true;
      };
      testScript = ''
        start_all()
        machine.succeed("run0 env")
      '';
    }

2. Replace “/path/to/nixpkgs” with the actual path to an actual copy of
Nixpkgs.

3. Run the integration test by running this command:

    nix-build <path to test-systemd-run0.nix>

(cherry picked from commit d54262911c)
 2025-07-28 21:59:21 +00:00
Martin Weinelt 007eb35d91 nixos/tlsrpt: fix permissions to execute postdrop 
Calling to sendmail without AF_NETLINK causes:

> sendmail: fatal: inet_addr_local[getifaddrs]: getifaddrs: Address family not supported by protocol

and without AF_INET/AF_INET6:

> sendmail: warning: inet_protocols: disabling IPv6 name/address support: Address family not supported by protocol
> sendmail: warning: inet_protocols: disabling IPv4 name/address support: Address family not supported by protocol

Move the configurePostfix option one level up, since it now also
reconfigures the reportd systemd unit.

(cherry picked from commit b438f32b2a)
 2025-07-28 14:16:59 +00:00
Martin Weinelt c3246b01ba nixos/tlsrpt: fix restart trigger 
Triggering on a symlink target does not work.

(cherry picked from commit c3c5a3bfd0)
 2025-07-28 14:16:59 +00:00
Martin Weinelt 6a90d84e44 nixos/tlsrpt: fix default postfix sendmail path 
It is not in the PATH for the reportd, since it is a SUID wrapper.

(cherry picked from commit 1f9431801f)
 2025-07-28 14:16:59 +00:00
Martin Weinelt 89b59646e8
[Backport release-25.05] postfix-tlspol: 1.8.9 -> 1.8.12 (#428692) 2025-07-27 15:01:43 +02:00
NullCube ebb3620e76 installer/nixos-generate-config: remove broadcom_sta 
Resolves the installer failing on devices that include this hardware, as
broadcom_sta was marked as insecure due to being unmaintained and having
active CVE's.

This commit be reverted when/if the installer has a mechanism for allowing
insecure packages.

(cherry picked from commit 9c9f467d49)
 2025-07-27 04:36:21 +00:00
Martin Weinelt 3856b699f3
postfix-tlspol: adopt package and module 
(cherry picked from commit e6445e42fa)
 2025-07-26 16:25:15 -04:00
Martin Weinelt c50fcdd313
nixos/postfix-tlspol: only preset dns resolver with useLocalResolver 
This is the best indicator we have about whether to use a local resolver.

In the meantime I'm lobbying upstream to read /etc/resolv.conf.

(cherry picked from commit b201963951)
 2025-07-26 16:25:15 -04:00
weriomat 11f226d19d
nixos/vector: add option to disable the configuration validation 
Currently, during built time the configuration gets checked by vector.
This can be a problem if [environment
variables](https://vector.dev/docs/reference/environment_variables/) are
interpolated into the configuration. In this case the validation can be
disabled. This came up in trying to find a solution for
[#377889](https://github.com/NixOS/nixpkgs/issues/377889).

(cherry picked from commit 6b4ce1ee23)
 2025-07-26 17:30:29 +02:00
Nick Ionata e6279c5e35
nixos/vector: add graceful shutdown limit option 
This adds a NixOS module option to configure the Vector cli option
`--graceful-shutdown-limit-secs`,
https://vector.dev/docs/reference/cli/#vector_graceful_shutdown_limit_secs.

(cherry picked from commit 25a40ead28)
 2025-07-26 17:30:12 +02:00
Martin Weinelt d3b13a2850 nixos/frigate: don't clear model cache 
Upstream stores the model cache in the config directory, which is
unnecessarily messy. The cache directory is still the correct place for
these, since they can be pruned and redownloaded, we just don't want it
to happen on every restart.

Fixes: #427714
(cherry picked from commit cb4fd4e3ca)
 2025-07-25 16:42:12 +00:00
diniamo 8fa81f2c6c nixos/grafana: add openFirewall option 
(cherry picked from commit 5bb944c6f5)
 2025-07-25 16:14:53 +00:00
Martin Weinelt 268ecc7bb2
kea: 2.6.2 -> 2.6.3 
https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt

https://kb.isc.org/docs/cve-2025-32801
https://kb.isc.org/docs/cve-2025-32802
https://kb.isc.org/docs/cve-2025-32803

Fixes: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803

(cherry picked from commit fde8885198)
 2025-07-25 17:33:14 +02:00
Wolfgang Walther aefcb0d50d
treewide: run nixfmt 1.0.0 2025-07-24 14:58:18 +02:00
Wolfgang Walther a46262ae77
treewide: run treefmt with mdcr/nixfmt 2025-07-24 14:58:15 +02:00
Wolfgang Walther ad1379b5e0
treewide: fix syntax errors in nix code blocks 
Fixes all code blocks with "nix" language in markdown files for syntax
errors to be able to run nixfmt in the next step.

(cherry picked from commit 6c47e7d5da)
 2025-07-24 14:46:05 +02:00
Martin Weinelt 8fc5cfb293 nixos/tlsrpt: fix permissions for postfix 
Same as with other services giving postfix access, this needs to happen
for the postfix user. Adding supplementary group permissions to the
systemd unit does not propagate to child processes that ultimately call
the unix domain socket.

(cherry picked from commit e48d12554c)
 2025-07-24 01:09:37 +00:00
kiara 9748878fa6 nixos/woodpecker: fix documentation links (#427705) 
(cherry picked from commit 103ee4e1cf)
 2025-07-23 10:34:03 +00:00
Jörg Thalheim 1357ee16cb nixos/iio: add package option 
this helps with overriding the iio package in situations where overlays
are ignored i.e. when the nixpkgs.pkgs option is used for performance.

In particular we want this for
https://github.com/FrameworkComputer/linux-docs/blob/main/framework12/nixOS.md#framework-12-nixos-tweaks

(cherry picked from commit 8489ccc731)
 2025-07-21 18:43:20 +00:00
Kermina Awad b61c9eb6c1 nixos/plasma6: fix autorotation when IIO module is enabled 
Plasma 6 requires the `qtsensors` package to be installed in order
for autorotation to work correctly. Simply enabling the IIO module
is not sufficient, although it's also required. Both are required
for autorotation to work correctly.

(cherry picked from commit 864ffcd1e1)
 2025-07-21 18:43:12 +00:00
Connor Baker 4fd1cfd4c7 nixos/nix-required-mounts: add driverLink symlink target to NVIDIA defaults 
Signed-off-by: Connor Baker <ConnorBaker01@gmail.com>
(cherry picked from commit 0b47ed1b35)
 2025-07-21 17:16:44 +00:00
liberodark 04f62c8c0a peertube: remove spawn 
(cherry picked from commit 1c1d6a725a)
 2025-07-21 16:48:32 +00:00
Maximilian Bosch cccca5d65f
Merge: [Backport release-25.05] matrix-synapse: 1.133.0 -> 1.134.0 (#426340) 2025-07-19 11:04:37 +02:00
phaer f1ddf462ce virtualisation/disk-image: fix image.extension 
(cherry picked from commit b033e0c4b6)
 2025-07-18 18:35:44 +00:00
phaer 3b593dd755 sd-image: Fix image.filePath directory prefix 
(cherry picked from commit 037a064feb)
 2025-07-18 18:35:44 +00:00
Felix Bargfeldt b26179213a
[25.05] nixos/chhoto-url: init module (#426376) 2025-07-18 17:30:17 +02:00
Rafael Fernández López c9f2d52ace nixos/nvidia-container-toolkit: fix tests 
(cherry picked from commit d287c86c08)
 2025-07-18 13:32:52 +00:00
Defelo 6642acbb21
nixos/chhoto-url: init module 
(cherry picked from commit 55e6f26bff)
 2025-07-18 15:18:38 +02:00
transcaffeine de4f57e7bd matrix-synapse: 1.133.0 -> 1.134.0 
Release notes: https://github.com/element-hq/synapse/releases/tag/v1.134.0
Full changelog: https://github.com/element-hq/synapse/compare/v1.133.0...v1.134.0

(cherry picked from commit d3bc50865f)
 2025-07-18 10:47:48 +00:00
Wolfgang Walther 3b2cd78737
[Backport release-25.05] limine: 9.4.0 -> 9.5.0, limine-install: fix profile enumeration (#425326) 2025-07-17 10:48:33 +00:00
Wolfgang Walther 5ca0104067
[Backport release-25.05] nixos/anubis: Apply some more hardening settings (#425135) 2025-07-17 10:44:53 +00:00
Jonas Heinrich 75e2580ed3
[Backport release-25.05] froide-govplan: 0-unstable-2025-01-27 -> 0-unstable-2025-06-25 (#425325) 2025-07-16 10:28:36 +02:00
Wolfgang Walther 10db57b501
[Backport release-25.05] nixos/fcitx5: fix ignoreUserConfig being ignored in some cases (#422688) 2025-07-15 15:58:19 +00:00
Aleksana 7853a4874e
[Backport release-25.05] nixos/k3s: fix typo (#424619) 2025-07-15 22:30:53 +08:00
sanana 5fc31ce1b8 limine-install: fix profile enumeration 
Fixes #425158.

(cherry picked from commit 6baed48380)
 2025-07-15 08:22:02 +00:00
Jonas Heinrich fed81c9355 nixos/froide-govplan: Increase startup timeout 
(cherry picked from commit d6e3516544)
 2025-07-15 10:17:34 +02:00
Jonas Heinrich ab6ae92101 nixos/froide-govplan: Fix PYTHONPATH 
(cherry picked from commit cd85e93ff7)
 2025-07-15 10:16:47 +02:00
Felix Singer 7c832ecc1c nixos/anubis: Apply some more hardening settings 
Signed-off-by: Felix Singer <felixsinger@posteo.net>
(cherry picked from commit 959c8e9311)
 2025-07-14 16:20:21 +00:00
Benedikt Peetz 67c932004a nixos/invidious-router: Add systemd dependency on network-online.target 
Otherwise, the systemd service will reliably fail on a clean boot, as
invidious-router needs a set-up network connection before starting.

(cherry picked from commit fab364e89b)
 2025-07-14 08:11:27 +00:00
Jost Alemann a91f59ad63 nixos/k3s: fix typo 
(cherry picked from commit 3086227f72)
 2025-07-12 14:46:24 +00:00
Jared Baur 1be849b881 nixos/nvidia-container-toolkit: add extraArgs option 
(cherry picked from commit 73b4810ff3)
 2025-07-11 00:06:48 +00:00
liberodark c41140025f nixos/peertube: fix crash when import video 
(cherry picked from commit 481a3f2549)
 2025-07-10 08:01:20 +00:00
Martin Weinelt 1c9bc79b61 nixos/postfix-tlspol: fix default settings and config reload 
Reloading was insufficient for changing the dns resolver address, so we
make config changes a restart trigger instead.

(cherry picked from commit e57363be15)
 2025-07-10 00:09:39 +00:00
Wolfgang Walther 993ef0a5c5
[Backport release-25.05] nixos/amdgpu: add overdrive and ppfeaturemask option (#423337) 2025-07-09 16:34:50 +00:00
Masum Reza 561ddf49c6
nixos/amdgpu: add overdrive and ppfeaturemask option 
- `programs.corectrl.gpuOverclock.enable` -> `hardware.amdgpu.overdrive.enable`
- `programs.corectrl.gpuOverclock.ppfeaturemask` -> `hardware.amdgpu.overdrive.ppfeaturemask`
- `programs.tuxclocker.enableAMD` -> `hardware.amdgpu.overdrive.enable`

(cherry picked from commit c9f192da92)
 2025-07-09 12:20:24 -04:00
Maximilian Bosch c03e1f27aa
Merge: [Backport release-25.05] nixos/nextcloud: add assertion explaining to set dbtype (#422645) 2025-07-08 16:37:08 +02:00
Wolfgang Walther 9a4b3f880e
[Backport release-25.05] nixos/nextcloud: document nextcloud-occ command (#422741) 2025-07-08 09:30:29 +00:00
Morgan Jones 8c14393fb2
[Backport release-25.05] util-linux, kubernetes, k3s: drop util-linux.withPatches (#422587) 2025-07-06 16:26:11 -07:00
provokateurin 1c87566236 nixos/searx: move network.target from wantedBy to after 
In 623664e84f this part was refactored,
however network.target does not make sense in wantedBy and must be part of after.

(cherry picked from commit bcc1b762e9)
 2025-07-06 15:01:32 +00:00
Maximilian Bosch f147221e21 nixos/nextcloud: document nextcloud-occ command 
It's not clear how to use this command in other systemd units, this
section gives a recommendation.

I realized that there's no explicit mention of `nextcloud-occ` in the
first place, so I wrote some introductory sentences as well.

(cherry picked from commit 5a6f0a43ae)
 2025-07-05 16:46:23 +00:00
Taliyah Webb 696c2bd228 nixos/fcitx5: fix ignoreUserConfig being ignored in some cases 
(cherry picked from commit 93b72119d8)
 2025-07-05 11:02:22 +00:00
Dominique Martinet f015b0cc5a nixos/nextcloud: add assertion explaining to set dbtype 
Since 25.05 dbtype no longer defaults to sqlite and this yields an error
that is understandable enough but not easy to properly address.

Add an assert that is more explicit.

Before:
```
       error: The option `nodes.nextcloud.services.nextcloud.config.dbtype' was accessed but has no value defined. Try setting the option.
```

After:
```
       error:
       Failed assertions:
       - `services.nextcloud.config.dbtype` must be set explicitly (pgsql, mysql, or sqlite)

       Before 25.05, it used to default to sqlite but that is not recommended by upstream.
       Either set it to sqlite as it used to be, or convert to another type as described
       in the official db conversion page:
       https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/db_conversion.html
```

Link: https://github.com/NixOS/nixpkgs/pull/369242#issuecomment-3036296243
(cherry picked from commit 78a20758e0)
 2025-07-05 08:00:57 +00:00
Morgan Jones adf964c0de kubernetes: use util-linuxMinimal instead of util-linux.withPatches 
This, and commits to k3s and util-linux close #409339.
The util-linux.withPatches API was a temporary hack for the 25.05
release to fix Kubernetes, and is going away.

While we're at it, we should use util-linuxMinimal because we do not
need things such as systemd support for kubelet initialization.

(cherry picked from commit 949e299d24)
 2025-07-05 02:24:36 +00:00
Maximilian Bosch fda50d6f3a nixos/postgresql: add section about pg_config 
See https://discourse.nixos.org/t/i-cannot-for-the-life-of-me-find-the-package-that-has-pg-config/66244/4

I decided against doing this in its own nixpkgs manual: the line
to draw is quite blurry already (e.g. we have documented our package
removal policy in here as well) and having to check two manuals for a
single subsystem feels pretty annoying to me.

The relevant part - where to find pg_config - is written at the top. I
decided to give a bit more context about the way our packaging works
since I realized a few times now that I don't remember all the details
about the problems we had in the past and having to look up individual
commit messages for that isn't very productive.

(cherry picked from commit e031c5ff6b)
 2025-07-03 17:44:10 +00:00
Wolfgang Walther aabee91c79
[Backport release-25.05] seafile: remove myself from maintainers (#421604) 2025-07-02 11:50:23 +00:00
Jörg Thalheim bb2e250b76
[Backport release-25.05] nixVersions.nix: 2.28.3 -> 2.28.4, 2.29.0 -> 2.29.1, 2.24.14 -> 2.24.15 (#420262) 2025-07-01 23:35:43 +02:00
Greizgh 0d428dab44 seafile: remove myself from maintainers 
I do not use seafile anymore and won't spend energy working on it.

(cherry picked from commit fd3d596a1c)
 2025-07-01 20:14:59 +00:00
Peter Marshall 96f0f8b632 nixos/systemd-stage-1: follow systemd /run propagation 
We currently bypass systemd's switch-root logic by premounting
/sysroot/run. Make sure to propagate its sub-mounts with the recursive
flag, in accordance with the default switch-root logic.

This is required for creds at /run/credentials to survive the transition
from initrd -> host.

(cherry picked from commit 7d36daa76a)
 2025-07-01 21:04:10 +03:00
Bogdan-Cristian Tătăroiu 35b1c349e3 nixos/systemd-initrd: Fix fsck.xfs failing due to missing sh 
When running with a xfs root partition and using systemd for stage 1
initrd, I noticed in journalctl that fsck.xfs always failed to execute.

The issue is that it is trying to use the below sh interpreter:

`#!/nix/store/xy4jjgw87sbgwylm5kn047d9gkbhsr9x-bash-5.2p37/bin/sh -f`

but the file does not exist in the initrd image.

/nix/store/xy4jjgw87sbgwylm5kn047d9gkbhsr9x-bash-5.2p37/bin/**bash**
exists since it gets pulled in by some package, but the rest of the
directory is not being pulled in.

boot/systemd/initrd.nix mentions that xfs_progs references the sh
interpreter and seems to explicitly try to address this by adding
${pkgs.bash}/bin to storePaths, but that's the wrong bash package.

Update the `storePaths` value to pull in `pkgs.bashNonInteractive`
rather than `pkgs.bash`.

(cherry picked from commit 3332613add)
 2025-07-01 15:57:07 +00:00
HE7086 e20c1021e3 nixos/prometheus-wireguard-exporter: add support for new flags 
(cherry picked from commit ab2dc5c3f9)
 2025-07-01 10:18:38 +00:00
Wolfgang Walther 06d883d093
[Backport release-25.05] nixos/prometheus-wireguard-exporter: Add a new option to export wireguard_latest_handshake_delay_seconds. (#421205) 2025-06-30 11:28:23 +00:00
Gautier DI FOLCO fa64557806 nixos/prometheus.alertmanagerIrcRelay: fix network-online.target ordering but not depending warning 
(cherry picked from commit c689716d48)
 2025-06-30 10:27:03 +00:00
Jeevan Shikaram 13877297e7 nixos/prometheus-wireguard-exporter: Add a new option to export wireguard_latest_handshake_delay_seconds. 
(cherry picked from commit b10dabd009)
 2025-06-30 10:25:58 +00:00
Martin Weinelt 5a50dd291e
nixos/postfix-tlspol: fix config reload 
Since we only pass a symlink to ExecStart we need to pass the backing
file as a reload trigger.

(cherry picked from commit 7874cc6005)
 2025-06-29 00:29:45 +02:00
Martin Weinelt d12dc3121b
nixos/postfix-tlspol: migrate to static user/group 
This fixes postfix' membership in the postfix-tlspol group, since
memberships in a dynamically allocated group don't seem to work out.

Additionally this fixes a typo in the systemd hardening and the test now
prints the results of systemd-analyze security.

(cherry picked from commit df0eb78b31)
 2025-06-29 00:29:44 +02:00
Martin Weinelt 7d4cbd07d8
nixos/postfix-tlspol: fix postfix integration 
Fixes the group membership for postfix processes in the postfix-tlspol
group.

Makes the postfix.service start up after postfix-tlspol.service, because
it depends on it for the TLS policy lookups.

(cherry picked from commit 64e7fad038)
 2025-06-29 00:29:44 +02:00
Ryan Yin 7787565509
nixos/minio: add ryan4yin as a maintainer 
(cherry picked from commit aa9343b00e)
 2025-06-28 10:29:49 -04:00
Ryan Yin 530ef91d55
nixos/yazi: add ryan4yin as a maintainer 
(cherry picked from commit 77e9e764be)
 2025-06-28 10:29:49 -04:00
Wolfgang Walther 238c8f0f62
[25.05] nixos/chrysalis: init module (#413361) 2025-06-27 19:36:53 +00:00
Wolfgang Walther 0c6f155d56
[release-25.05] xen: 4.19.1 -> 4.19.2 (#406036) 2025-06-27 19:35:47 +00:00
Maximilian Bosch d213728990
Merge: [25.05] nixos/nextcloud: sync nginx config with upstream (#420235) 2025-06-27 15:56:43 +02:00
Connor Baker a553bb2f16
[Backport release-25.05] nixos/hardware/nvidia: add prime.offload.offloadCmdMainProgram (#416844) 2025-06-26 14:54:12 -07:00
qubitnano 3a69ec5f15 nixos/bcachefs: include poly1305 and chacha20 kernel modules for kernel < 6.15 
Kernel 6.16-rc1 removed the poly1305 algorithm in
ceef731b0e22df80a13d67773ae9afd55a971f9e

bcachefs switched to the kernel libraries for poly1305 and chacha20 in
6.15 in 4bf4b5046de0ef7f9dc50f3a9ef8a6dcda178a6d

(cherry picked from commit f9bd91aa07)
 2025-06-27 03:16:55 +05:30
Wolfgang Walther 9c6636ec49
[Backport release-25.05] nixos/systemd-initrd: honor the enable option in contents (#412109) 2025-06-26 20:19:14 +00:00
Wolfgang Walther 877e737d95
[Backport release-25.05] nixos/nvidia-container-toolkit: allow to provide CSV files (#411763) 2025-06-26 20:17:56 +00:00
Wolfgang Walther 2b56e28dd4
[Backport release-25.05] nixos/fish: allow disabling completion generation (#418614) 2025-06-26 18:03:26 +00:00
Jörg Thalheim 04f21fbb01
nixVersions.nix: 2.28.3 -> 2.28.4 
(cherry picked from commit 28e4681066)
 2025-06-26 10:26:03 -04:00
teutat3s 51c458590c
nixos/nextcloud: sync nginx config with upstream 
Upstream changes were checked by checking out the stable31 branch of the
https://github.com/nextcloud/documentation and comparing:

git diff c1c9b0a072537544769fdd6062989a631d4fb17c admin_manual/installation/nginx-root.conf.sample

Notably, this adds the text/javascript and application/wasm mime types to the list of
gzip'ed mime types, which improves nextcloud loading in our testing.

Also adds webp support.

(cherry picked from commit 0c7a8d5255)
 2025-06-26 15:09:48 +02:00
Sandro ffdcefdde9
[Backport release-25.05] nixos/waydroid: allow override waydroid, adopt (#419563) 2025-06-25 15:21:44 +02:00
r-vdp 54f759989d nixos/systemd-oomd: use the correct name for the top-level user slice 
`user-.slice` does not seem to exist, and the config we generate for it is
rejected by systemd (see `systemctl status user-.slice`).
I suppose that what was really intended here, was to configure
`user.slice`, which is the one that is documented in `man systemd.special`.

Reported-by: Ian Sollars <Ian.Sollars@brussels.msf.org>
(cherry picked from commit c28b3143da)
 2025-06-24 21:07:45 +00:00
Fernando Rodrigues 54dadb2a62
nixos/xen: dehardcode the .pad section from the UKI builder 
Upstream, intentionally or not, no longer appends the EFI image
with a .pad section for us to hook the rest of the UKI to. This
simply dehardcodes .pad from the awk script, instead using the
very last section in the binary. (Currently .reloc)

Co-authored-by: Yaroslav Bolyukin <iam@lach.pw>
Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
 2025-06-24 11:13:02 -03:00
wxt 39d00bd276 nixos/waydroid: allow override waydroid 
(cherry picked from commit ee0937ff0d)
 2025-06-24 13:37:31 +00:00
eljamm b4a3d1df40 nixos/omnom: fix module 
(cherry picked from commit 19c1b4250c)
 2025-06-23 20:49:10 +02:00
Thomas BESSOU c1ebdb5dd8 nixos/i3: fix i3lock default enable-ing 
Prior to this commit, i3lock was enabled by default in a way that doesn't work as of 317c972e8a (diff-aef862f6fd2c25092a3f17f974d8757285bf7baff6b80822cd142b7de1903ccfR451-R454)
Users attempting to use i3lock with this default setup would get locked out of their system.

This fixes it by enabling i3lock via its `programs` option instead of specifying the package directly.

Discussion over at https://github.com/NixOS/nixpkgs/issues/401891#issuecomment-2963378189

(cherry picked from commit e82c7e5b83)
 2025-06-23 13:20:59 +00:00
Wolfgang Walther e5cb9a5ba4 nixos/immich: fix postgresql.package regression 
`config.services.postgresql.package` is now only available when the
PostgreSQL module is actually enabled. If we're not using the local
database, we'll need to fallback to the latest postgresql version, since
we don't know about the remote version.

(cherry picked from commit 62d2b6d593)
 2025-06-22 14:43:55 +00:00
Wolfgang Walther 25e4fe68b1 nixos/roundcube: fix postgresql.package regression 
`config.services.postgresql.package` is now only available when the
PostgreSQL module is actually enabled. If we're not using the local
database, we'll need to fallback to the latest postgresql version, since
we don't know about the remote version.

(cherry picked from commit e780b064a8)
 2025-06-22 14:43:55 +00:00
Wolfgang Walther ea6f7c1587 nixos/libeufin: fix postgresql.package regression 
`config.services.postgresql.package` is now only available when the
PostgreSQL module is actually enabled. If we're not using the local
database, we'll need to fallback to the latest postgresql version, since
we don't know about the remote version.

(cherry picked from commit da3beb2a08)
 2025-06-22 14:43:55 +00:00
Jakob Kukla 9478be0f88 nixos/atticd: fix user and group documentation mixup 
(cherry picked from commit db7efc1412)
 2025-06-21 20:32:57 +00:00
Pratham Patel d2672b8b54 nixos/cosmic-greeter: initialize COSMIC session properly with autologin 
Until now, the `cosmic-session` binary was directly invoked when
autologin was enabled. When a user logs in normally, the COSMIC greeter
performs some initialisation. That is done by the greeter running the
`start-cosmic` script shipping with the `cosmic-session` package.

This `start-cosmic` script is responsible for exporting the environment
variables for the user's graphical session and then it starts a session
of COSMIC.

So, when autologin is enabled, instead of executing the `cosmic-session`
binary, we will run the `start-cosmic` script to match user session
initialisation as closely as possible with a "normal" session.

However, there still are some missing pieces to the puzzle. Most notable
one of them is that the desktop portal keeps crashing with a
"ParserError" in context to the locale. I have not dived into this
puzzle piece yet.

```
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.351100Z  INFO launch_pad: starting process ' WAYLAND_DISPLAY=wayland-1 XDG_SESSION_TYPE=wayland WAYLAND_SOCKET=79 PORTAL_WAYLAND_SOCKET=57 /nix/store/0d2a9m7n8bji1q8vrmabj380mwzlvd35-xdg-desktop-portal-cosmic-1.0.0-alpha.7/libexec/xdg-desktop-portal-cosmic '
May 30 09:32:26 aatman cosmic-session[1221]: starting process ' WAYLAND_DISPLAY=wayland-1 XDG_SESSION_TYPE=wayland WAYLAND_SOCKET=79 PORTAL_WAYLAND_SOCKET=57 /nix/store/0d2a9m7n8bji1q8vrmabj380mwzlvd35-xdg-desktop-portal-cosmic-1.0.0-alpha.7/libexec/xdg-desktop-portal-cosmic '
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.419931Z  WARN xdg-desktop-portal-cosmic: cosmic_session: [2025-05-30T04:02:26Z ERROR i18n_embed::requester] Unable to parse your locale: ParserError(InvalidLanguage)
May 30 09:32:26 aatman cosmic-session[1221]: [2025-05-30T04:02:26Z ERROR cosmic_settings_subscriptions::upower::kbdbacklight] Error listening to KbdBacklight: org.freedesktop.DBus.Error.UnknownMethod: Object does not exist at path “/org/freedesktop/UPower/KbdBacklight”
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.795301Z  WARN cosmic-osd: cosmic_session: [2025-05-30T04:02:26Z ERROR cosmic_settings_subscriptions::upower::kbdbacklight] Error listening to KbdBacklight: org.freedesktop.DBus.Error.UnknownMethod: Object does not exist at path “/org/freedesktop/UPower/KbdBacklight”
May 30 09:32:26 aatman cosmic-session[1221]: Failed to watch theme org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.GeoClue2 was not provided by any .service files
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.807276Z  WARN cosmic-settings-daemon: cosmic_session: Failed to watch theme org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.GeoClue2 was not provided by any .service files
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.818729Z  WARN xdg-desktop-portal-cosmic: cosmic_session:
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.818739Z  WARN xdg-desktop-portal-cosmic: cosmic_session: thread 'main' panicked at src/wayland/mod.rs:243:78:
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.818748Z  WARN xdg-desktop-portal-cosmic: cosmic_session: called `Result::unwrap()` on an `Err` value: NotPresent
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.818792Z  WARN xdg-desktop-portal-cosmic: cosmic_session: stack backtrace:
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.830400Z  WARN xdg-desktop-portal-cosmic: cosmic_session:    0:     0x56531e8a3e40 - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::h9edbd6e38a8b0805
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.830424Z  WARN xdg-desktop-portal-cosmic: cosmic_session:    1:     0x56531dd73043 - core::fmt::write::h7b1248e5e0c79c78
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.830499Z  WARN xdg-desktop-portal-cosmic: cosmic_session:    2:     0x56531e86c0f3 - std::io::Write::write_fmt::h5e301665499081bf
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.831166Z  WARN xdg-desktop-portal-cosmic: cosmic_session:    3:     0x56531e8a3ce3 - std::sys::backtrace::BacktraceLock::print::h4a386d2ef944f43e
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.831187Z  WARN xdg-desktop-portal-cosmic: cosmic_session:    4:     0x56531e89ea7a - std::panicking::default_hook::{{closure}}::h61b7aa0fc15f236b
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.831825Z  WARN xdg-desktop-portal-cosmic: cosmic_session:    5:     0x56531e89e986 - std::panicking::default_hook::h2d21379b0b23a14f
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.832324Z  WARN xdg-desktop-portal-cosmic: cosmic_session:    6:     0x56531e89ef8f - std::panicking::rust_panic_with_hook::h100726ba9570b85a
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.832346Z  WARN xdg-desktop-portal-cosmic: cosmic_session:    7:     0x56531e8a442a - std::panicking::begin_panic_handler::{{closure}}::h141712493bfacf0c
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.832762Z  WARN xdg-desktop-portal-cosmic: cosmic_session:    8:     0x56531e8a4049 - std::sys::backtrace::__rust_end_short_backtrace::h891003731531c924
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.833229Z  WARN xdg-desktop-portal-cosmic: cosmic_session:    9:     0x56531e89eb1d - rust_begin_unwind
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.834168Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   10:     0x56531dc22850 - core::panicking::panic_fmt::h1df68d570cb2382b
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.834420Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   11:     0x56531dc22f86 - core::result::unwrap_failed::h846e3c141fa2fc46
May 30 09:32:26 aatman cosmic-session[1221]:   12:     0x56531ef28d26 - xdg_desktop_portal_cosmic::wayland::WaylandHelper:🆕:h48f2051b910dbe32
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.835752Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   12:     0x56531ef28d26 - xdg_desktop_portal_cosmic::wayland::WaylandHelper:🆕:h48f2051b910dbe32
May 30 09:32:26 aatman cosmic-session[1221]:   13:     0x56531f156919 - <xdg_desktop_portal_cosmic::app::CosmicPortal as cosmic::app::Application>::init::had2439c596d5d3ad
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.836584Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   13:     0x56531f156919 - <xdg_desktop_portal_cosmic::app::CosmicPortal as cosmic::app::Application>::init::had2439c596d5d3ad
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.836608Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   14:     0x56531f0efc8a - cosmic::app::cosmic::Cosmic<T>::init::h237ea438ab62a4a6
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.837122Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   15:     0x56531f2343fc - <cosmic::executor::single::Executor as iced_futures::executor::Executor>::enter::hb58da647315361c8
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.837736Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   16:     0x56531f27721b - iced_winit::program::run::hf8da91cb177f3cdc
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.837766Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   17:     0x56531ef9367c - iced::program::Program::run_with::h07cb6de026d46c3f
May 30 09:32:26 aatman cosmic-session[1221]:   19:     0x56531f1568af - xdg_desktop_portal_cosmic::app::run::h7170177d90ae0389
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.838448Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   18:     0x56531ef6742e - cosmic::app::run::hd504699db0c811e4
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.838459Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   19:     0x56531f1568af - xdg_desktop_portal_cosmic::app::run::h7170177d90ae0389
May 30 09:32:26 aatman cosmic-session[1221]:   20:     0x56531efd2d97 - xdg_desktop_portal_cosmic::main::{{closure}}::hc5e7222eb3d3d40e
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.839054Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   20:     0x56531efd2d97 - xdg_desktop_portal_cosmic::main::{{closure}}::hc5e7222eb3d3d40e
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.839445Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   21:     0x56531f2f35c8 - tokio::runtime::scheduler::current_thread::Context::enter::hd6c32d98c7a2c763
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.839471Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   22:     0x56531eee89f5 - tokio::runtime::context::scoped::Scoped<T>::set::hbeefc0e3683e97df
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.840043Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   23:     0x56531f2f20d1 - tokio::runtime::scheduler::current_thread::CurrentThread::block_on::h62fe74dc45c2b83b
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.840971Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   24:     0x56531f224371 - tokio::runtime::runtime::Runtime::block_on::hfa5a1859076bed6c
May 30 09:32:26 aatman cosmic-session[1221]:   25:     0x56531efd2a49 - xdg_desktop_portal_cosmic::main::h37b3a492c461a668
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.841689Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   25:     0x56531efd2a49 - xdg_desktop_portal_cosmic::main::h37b3a492c461a668
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.841783Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   26:     0x56531f15e686 - std::sys::backtrace::__rust_begin_short_backtrace::h4a22c4aac199bf89
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.841946Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   27:     0x56531f20de35 - std::rt::lang_start::{{closure}}::hd13242c87ee797d9
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.842593Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   28:     0x56531e87a336 - std::rt::lang_start_internal::he3cad277a2bdfe30
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.843329Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   29:     0x56531efd2ecc - main
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.844213Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   30:     0x7ff514e2a47e - __libc_start_call_main
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.844326Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   31:     0x7ff514e2a539 - __libc_start_main_impl
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.844695Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   32:     0x56531dc9b795 - _start
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.844761Z  WARN xdg-desktop-portal-cosmic: cosmic_session:   33:                0x0 - <unknown>
May 30 09:32:26 aatman cosmic-session[1221]: process ' WAYLAND_DISPLAY=wayland-1 XDG_SESSION_TYPE=wayland WAYLAND_SOCKET=79 PORTAL_WAYLAND_SOCKET=57 /nix/store/0d2a9m7n8bji1q8vrmabj380mwzlvd35-xdg-desktop-portal-cosmic-1.0.0-alpha.7/libexec/xdg-desktop-portal-cosmic ' failed with code 101
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.855339Z ERROR launch_pad: process ' WAYLAND_DISPLAY=wayland-1 XDG_SESSION_TYPE=wayland WAYLAND_SOCKET=79 PORTAL_WAYLAND_SOCKET=57 /nix/store/0d2a9m7n8bji1q8vrmabj380mwzlvd35-xdg-desktop-portal-cosmic-1.0.0-alpha.7/libexec/xdg-desktop-portal-cosmic ' failed with code 101
May 30 09:32:26 aatman cosmic-session[1221]: /nix/store/0d2a9m7n8bji1q8vrmabj380mwzlvd35-xdg-desktop-portal-cosmic-1.0.0-alpha.7/libexec/xdg-desktop-portal-cosmic exited with error 101
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.855496Z ERROR cosmic_session: /nix/store/0d2a9m7n8bji1q8vrmabj380mwzlvd35-xdg-desktop-portal-cosmic-1.0.0-alpha.7/libexec/xdg-desktop-portal-cosmic exited with error 101
May 30 09:32:26 aatman cosmic-session[1221]: sleeping for 3ms before restarting process /nix/store/0d2a9m7n8bji1q8vrmabj380mwzlvd35-xdg-desktop-portal-cosmic-1.0.0-alpha.7/libexec/xdg-desktop-portal-cosmic (restart 0)
May 30 09:32:26 aatman cosmic-session[1221]: 2025-05-30T04:02:26.855749Z  INFO launch_pad: sleeping for 3ms before restarting process /nix/store/0d2a9m7n8bji1q8vrmabj380mwzlvd35-xdg-desktop-portal-cosmic-1.0.0-alpha.7/libexec/xdg-desktop-portal-cosmic (restart 0
```

(cherry picked from commit e3f752e29d)
 2025-06-21 12:17:35 +02:00
Sizhe Zhao b41bf4567a nixos/profiles/minimal: don't generate fish completions 
(cherry picked from commit dbf39b7ddb)
 2025-06-21 03:51:26 +00:00
Sizhe Zhao c567580239 nixos/fish: allow disabling completion generation 
(cherry picked from commit 3045cecacf)
 2025-06-21 03:51:26 +00:00
Kerstin Humm 2f8de667c1 nixos/mastodon: make robust for cases where postgresql isn't enabled on the host 
E.g. when a remote PostgreSQL database is used

Apparently you can't access the services.postgresql.package value
anymore if postgresql isn't enabled?

(cherry picked from commit ed0af3bf25)
 2025-06-20 19:29:35 +00:00
Adam C. Stephens bc07d2f145
[Backport release-25.05] nixos/incus: fix AppArmor issue (#417791) 2025-06-20 11:06:44 -04:00
Martin Weinelt b6f372e59a
[Backport release-25.05] tlsrpt-reporter: init at 0.5.0 (#418442) 2025-06-20 15:41:23 +02:00
Martin Weinelt 335a3bd10b nixos/tlsrpt: init 
(cherry picked from commit 863d3a151d)
 2025-06-20 15:20:02 +02:00
Martin Weinelt 7dbf3f27ef nixos/postfix-tlspol: init 
MTA-STS and DANE/TLSA resolver and TLS policy socketmap server for
Postfix.

(cherry picked from commit 7c0f92f70b)
 2025-06-20 15:01:56 +02:00
ActuallyRuben d643bc40c3 nixos/mongodb: fix initialScript when no initialRootPasswordFile is set 
(cherry picked from commit 3400dbdfcd)
 2025-06-20 12:09:24 +00:00
cinereal 81e640171d pay-respects: properly end line, fixing error --set: command not found on AI integration 
(cherry picked from commit cc345fe2f2)
 2025-06-18 13:31:21 +00:00
MakiseKurisu ff08d75496 nixos/incus: update AppArmor profile for new versions 
(cherry picked from commit dd5faa98ae)
 2025-06-18 09:51:21 +00:00
Luj 427febc454
[Backport release-25.05] readeck: 0.18.2 -> 0.19.2 (#415897) 2025-06-17 14:53:00 +02:00
Maximilian Bosch 7af24ae020 nixos/postgresql: doc review 
Co-authored-by: Wolfgang Walther <walther@technowledgy.de>
(cherry picked from commit 2a6405fb15)
 2025-06-17 10:30:31 +00:00
Maximilian Bosch e3fabc9360 nixos/postgresql: fix docs on default package 
Closes #416595

(cherry picked from commit e6cc23ba3f)
 2025-06-17 10:30:31 +00:00
taku0 df57a86fe9
[Backport release-25.05] firefox-beta-bin, firefox-devedition-bin: remove (#416894) 2025-06-16 13:49:24 +09:00
Aleksana b3f237655d
[Backport release-25.05] nixos/qtile: fix 'package' option (#416480) 2025-06-15 19:27:11 +08:00
taku0 9c0693aa2e firefox-beta-bin, firefox-devedition-bin: remove 
(cherry picked from commit e048bd23c4)
 2025-06-15 07:26:13 +00:00
Peder Bergebakken Sundt 076da97cf1 nixos/hardware/nvidia: add prime.offload.offloadCmdMainProgram 
prime-run is the default name on arch linux. This allows me and some others I found on github to slim their config.

(cherry picked from commit 340cd4a445)
 2025-06-15 01:56:25 +00:00
Felix Bargfeldt af54544dfb
[25.05] nixos/kanidm: merge recursively with extraJsonFile, Fix bind paths (#415078) 2025-06-14 20:07:40 +02:00
Toma 00aa46e274
[release-25.05] nekoray: fix TUN functionality (#416172) 2025-06-13 17:51:57 +02:00
misuzu 00cbf506f0 nixos/qtile: fix 'package' option 
(cherry picked from commit d06d1cae5a)
 2025-06-13 15:40:45 +00:00
rewine 37acbc4b0a nixos/modules: drop yabar 
(cherry picked from commit 8376979439)
 2025-06-13 10:36:08 +00:00
aleksana 63bf2a80b5 nixos/nekoray: init module 2025-06-12 23:14:45 +08:00
Adrien Faure 22fe709ac0 nixos/documentation: add option to disable redirects 
Related to issue #https://github.com/NixOS/nixpkgs/issues/412451

(cherry picked from commit aeedfab1bf)
 2025-06-12 15:29:46 +02:00
linsui d50977688f nixos/readeck: add back MemoryDenyWriteExecute 
SQLite driver is reverted to its CGO version so this can be enabled

(cherry picked from commit 17f95268f3)
 2025-06-11 17:02:18 +00:00
Defelo 881a31616e nixos/olivetin: use yq-go to merge config files 
(cherry picked from commit f71748184c)
 2025-06-08 21:42:06 +00:00
Ilan Joselevich 52831b648c
nixos/kanidm: merge recursively with extraJsonFile 
Previously, if you set group memberships in both locations, they will
get replaced by the ones in extraJsonFile, which is unexpected as it
kicks users from the group. Now the state files get merged recursively,
including the arrays.

(cherry picked from commit 3b6b50dfad)
 2025-06-08 19:48:37 +02:00
Flakebi 481131b7f4
nixos/kanidm: Fix bind paths 
1. We bound the directory of certificates, this lead to forced read-only
   binds of these directories, even if they should have been bound
   read-write for other files in there. Looking at the history, there
   seems to be no compelling reason for this, so switch to binding
   the files directly.
2. `/run/kanidmd` is configured as `RuntimeDirectory` so bound
   automatically and we don’t need to specify it explicitly.

(cherry picked from commit c4f052c08a)
 2025-06-08 19:39:21 +02:00
oddlama 7ce5e5aa0f
nixos/kanidm: add option and tests for imperative group management 
(cherry picked from commit 5f833b1008)
 2025-06-08 18:31:00 +02:00
Peter Lehmann fce8cd453a nixos/pdns-recursor: reload service on config change 
(cherry picked from commit c586196e17)
 2025-06-07 21:40:26 +00:00
Katalin Rebhan 2f534ed8ea nixos/users-groups: allow changing default home directory 
(cherry picked from commit 6f7d7cf76f)
 2025-06-07 18:31:59 +00:00
Rory& 297dbf2ae4 nixos/draupnir: init 
Co-authored-by: emilylange <git@emilylange.de>
Co-authored-by: Martin Weinelt <hexa@darmstadt.ccc.de>
Co-authored-by: teutat3s <10206665+teutat3s@users.noreply.github.com>

(cherry picked from commit 4b153aad5d)
 2025-06-06 21:07:19 +02:00