tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-19 07:05:29 +01:00
Code Issues Packages Projects Releases Wiki Activity
793175 commits 211 branches 129 tags 11 GiB
Commit graph

37750 commits

Author SHA1 Message Date
Neyts Zupan 6aaeae81ae Take systemd configuration from upstream package instead of definiting 
them in the nixos module.
 2025-03-26 18:23:59 +00:00
nixpkgs-ci[bot] 759b761b0d
Merge staging-next into staging 2025-03-26 18:05:48 +00:00
Ilan Joselevich 34857ed13a
nixos/amazon-ec2-amis: remove (#392076) 2025-03-26 16:40:25 +00:00
Jonas Heinrich 5325034183
froide-govplan: init at 0-unstable-2025-01-27 (#349750) 2025-03-26 14:27:02 +01:00
MakiseKurisu 9b7d65ad87
nixos/incus: add AppArmor rules to allow access to Nix store 
Fix #350012
 2025-03-26 21:01:14 +08:00
nixpkgs-ci[bot] 5e06b173b0
Merge staging-next into staging 2025-03-26 12:06:44 +00:00
Arne Keller 98430f956c
pinchflat: init at 2025.3.17, nixos/pinchflat: init (#364135) 2025-03-26 11:06:02 +01:00
nixpkgs-ci[bot] 2275dd1468
Merge staging-next into staging 2025-03-26 06:05:35 +00:00
liberodark 63b416944c nixos/openrgb: fix issue for G502 2025-03-26 10:02:35 +05:30
nixpkgs-ci[bot] dc5152a1d3
Merge staging-next into staging 2025-03-26 00:15:56 +00:00
Marcel Novotny 2411e6eecd Added Allowners muc module to prosody and jitsi-meet 2025-03-25 23:17:58 +01:00
Felix Bühler fb0fb09b5c
nixos/caddy: validate at build-time (#377075) 2025-03-25 22:53:00 +01:00
Yt f2a90a4fed
ebusd: update to 24.1 and add new log facility option ("device") (#391842) 2025-03-25 17:36:31 -04:00
K900 aca918e668 Merge remote-tracking branch 'origin/staging-next' into staging 2025-03-25 21:06:52 +03:00
Arne Keller 657dd8d7cd
nixos/ipfs-cluster: init (#292290) 2025-03-25 18:53:02 +01:00
Felix Singer 3c341a1df3 nixos/redmine: Precompile assets during pre-start phase 
Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-03-25 16:59:54 +01:00
Felix Singer 4a803e9b26 redmine: 5.1.7 -> 6.0.4 
With release 6.0, the themes directory was moved to a different location
and thus the NixOS Redmine module needs to be adjusted. Assets seem to
be stored in public/assets now and so that needs to be handled by the
NixOS module as well.

[1] https://www.redmine.org/issues/41731

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-03-25 16:57:38 +01:00
Nathan Fish 950324a23e nixos/ipfs-cluster: init 
Co-authored-by: Sorki <srk@48.io>
 2025-03-25 16:34:16 +01:00
Wolfgang Walther 7277ebc2f9
Reapply "nixos/postgresql: add docs about procedural languages" 
This reverts commit a4006e4970.
 2025-03-25 15:00:50 +01:00
Wolfgang Walther a4006e4970
Revert "nixos/postgresql: add docs about procedural languages" 
This reverts commit 0bc099abd6.
 2025-03-25 14:58:02 +01:00
Dominique Martinet fb5e34fb39 nixos/cryptpad: fix service with nodejs 22.11 (for real) 
The previous fix had only been tested locally through a runtime edit of
the service, and the order in which @chown had been re-added was
different so commit cf498c1a61 ("nixos/cryptpad: fix service with
nodejs 22.11") did not actually fix the issue.

This properly orders @chown after @privileged so the rule is respected,
and also properly denies with EPERM instead of allowing the chown family
of syscalls: this will properly prevent seccomp from killing nodejs
while still disallowing fchown()

Fixes https://github.com/NixOS/nixpkgs/issues/370717
 2025-03-25 13:37:25 +00:00
Maximilian Bosch dad0bf139b
Merge: nixos/postgresql: add docs about procedural languages (#392399) 2025-03-25 13:00:09 +00:00
Maximilian Bosch 773094b49c
nixos/nextcloud: clarify support status of apps in the manual 
Realized that this is something, I discussed with Benedikt, but wasn't
written down somewhere.
 2025-03-25 12:41:30 +00:00
Maximilian Bosch d3110c9532
nextcloud: update maintainer information 
* Create a dedicated team. Before, information was inconsistent between
  e.g. tests and package, module had none at all.
* Add maintainership from us to all trivially packaged apps. This is
  only to make sure that we take care of them building and installing
  and that's about it.
 2025-03-25 12:41:18 +00:00
nixpkgs-ci[bot] 935906364c
Merge staging-next into staging 2025-03-25 12:06:47 +00:00
Maximilian Bosch 1fcfb2dcea
Merge: nixos/nextcloud: Also install when config.php exists but is empty (#391375) 2025-03-25 10:43:41 +00:00
uku b6ba4a499c
nixos/nitter: rename guestAccounts to sessionsFile 
for consistency with upstream, see
6fcd849eff
 2025-03-25 10:48:27 +01:00
misuzu f630533b4a
nixos/xpad-noone: init (#389752) 2025-03-25 11:29:52 +02:00
Kai 4867d68ec9
nixos/doc: include extensions in postgresql upgrade script 2025-03-25 07:59:01 +01:00
nixpkgs-ci[bot] f079e356d1
Merge staging-next into staging 2025-03-25 00:16:28 +00:00
Will Fancher c694997d9e
Revert "24.11 beta release" (#392904) 2025-03-24 19:47:16 -04:00
Will Fancher eefd9323ae Revert "24.11 beta release" 
This reverts commit f49e820fbc.

This should have only been on release-24.11, not master
 2025-03-24 19:39:13 -04:00
Ryan Hendrickson 4c2f564ef0 nixos/geoclue2: add options for static source 2025-03-24 19:15:47 -04:00
Tanya 5c72fd6842 nixos/bat: fix settings type handling 2025-03-25 01:21:00 +05:30
K900 f470616a7a
nixos/steam: allow overriding args passed to Steam in session (#382376) 2025-03-24 21:44:21 +03:00
Moraxyc 128bdeb3c5
nxios/cyrus-imap: fix cyrus-imap certs options 2025-03-24 21:57:25 +08:00
nixpkgs-ci[bot] d5f30d9d8a
Merge staging-next into staging 2025-03-24 12:07:10 +00:00
thiloho 6cc803093c
nixos/archtika: fix mkEnableOption naming 2025-03-24 11:45:34 +01:00
Djabx 09d3b7f834
nixos/snapper: add experimental support for bcachefs (#391885) 2025-03-24 16:04:06 +05:30
Luj e21904681e
nixos/systemd-boot: strip newline from machine-id (#375298) 2025-03-24 11:06:53 +01:00
Jonas Heinrich 46e424a858
nixos/dokuwiki: Remove unused enable option (#391057) 2025-03-24 10:30:51 +01:00
Robert Helgesson ee04cf23b6 nixos/grav: clean up PHP extensions 
Specifically, simply add the extensions that are not already part of
the default `enabled` set.
 2025-03-24 10:09:27 +01:00
Jonas Heinrich 82a382ed09
nixos/keycloak: add realmFiles option (#273833) 2025-03-24 09:35:04 +01:00
PAEPCKE, Michael 00a39d3964
blocky: add systemd hardening, add log, readjust startup targets 2025-03-24 06:11:33 +00:00
nixpkgs-ci[bot] 080d906664
Merge staging-next into staging 2025-03-24 06:05:33 +00:00
Adam C. Stephens f0b334dde5
nixos/hickory-dns: combine Hint and Forward zone types into one (#388980) 2025-03-23 22:32:51 -04:00
nixpkgs-ci[bot] b4d0fe2499
Merge staging-next into staging 2025-03-24 00:16:41 +00:00
Weijia Wang 367cbed935
nixos/kimai: ensure that our local.yaml is valid on init time (#371919) 2025-03-23 20:23:59 +01:00
Weijia Wang 86e6f70e1d
nixos/kimai: fix an error on first init after an upgrade (#371917) 2025-03-23 20:23:44 +01:00
K900 d9e165e9af
Revert "nixos/xrdp: use --replace-fail with substituteInPlace" 2025-03-23 21:58:08 +03:00
Pol Dellaiera 4ef28312db
Revert "nixos/syncthing: missing --fail to curl" (#392178) 2025-03-23 19:39:58 +01:00
Pol Dellaiera 7324582e6f
nixos/xrdp: use --replace-fail with substituteInPlace (#392206) 2025-03-23 19:38:42 +01:00
nixpkgs-ci[bot] f0313503cd
Merge staging-next into staging 2025-03-23 18:04:46 +00:00
Jonas Heinrich 4a8b7bb45d nixos/froide-govplan: init 2025-03-23 18:05:54 +01:00
Wolfgang Walther 0bc099abd6
nixos/postgresql: add docs about procedural languages 2025-03-23 15:07:43 +01:00
Wolfgang Walther 24775f6543
nixos/postgresql: fix reference to LLVM closure size 
In fact, the current difference is:
- 157M for postgresql to
- 756M for postgresql_jit

That's a difference of 589M.
 2025-03-23 15:07:39 +01:00
Wolfgang Walther 89b30e5b15
nixos/postgresql: fix spelling and grammar in docs 2025-03-23 15:07:36 +01:00
Jon Seager 7f27abf4a2
nixos/homepage-dashboard: restore strict shell checks 2025-03-23 13:16:24 +00:00
nixpkgs-ci[bot] ce179bc524
Merge staging-next into staging 2025-03-23 12:06:09 +00:00
Arne Keller b1efffe0b7
nixos/firefox: detail the format of preferences (#260204) 2025-03-23 12:53:14 +01:00
06kellyjac 130ed284d7 nixos/firefox: detail the format of preferences 2025-03-23 12:44:16 +01:00
Adam C. Stephens 451d610f37
nixos/kanidm: add extraJsonFile to BindReadOnlyPaths if set (#391044) 2025-03-23 07:04:15 -04:00
Jon Seager 737bf8c806
nixos/homepage-dashboard: minor refactor for readability 2025-03-23 09:40:05 +00:00
Jon Seager eb324777e9
nixos/homepage-dashboard: remove unmanaged config support 
This has been deprecated since before 24.05 was released
and displaying a warning.

This change means that only "managed", i.e.
Nix-native configurations are supported.
 2025-03-23 09:39:01 +00:00
Pol Dellaiera 9161bb9e0f
nixos/wlock: init (#390070) 2025-03-23 08:38:32 +01:00
Sandro Jäckel 72b9742768
nixos/nextcloud-notify_push: add nextcloud-setup 
without it notify might start to early and then fail 5 times before
nextcloud is even ready.
 2025-03-23 00:27:09 +01:00
hot burger 2dad835033 nextcloud-occ: work with sudo disabled 2025-03-22 15:11:17 -07:00
Sandro Jäckel 3d0f2b0606
nixos/xrdp: use --replace-fail with substituteInPlace 2025-03-22 22:29:55 +01:00
Bjørn Forsman d0e369e425 Revert "nixos/syncthing: missing --fail to curl" 
This reverts commit a8b8f8f8c7.

It introduced a failure in the syncthing service, where it hangs at the
curl step, repeatedly printing this:

  l3ijkvb20h5nnffg5q25i4nmcsbf7glx-merge-syncthing-config[1458]: curl: (22) The requested URL returned error: 404
  l3ijkvb20h5nnffg5q25i4nmcsbf7glx-merge-syncthing-config[1458]: curl: (22) The requested URL returned error: 404
  l3ijkvb20h5nnffg5q25i4nmcsbf7glx-merge-syncthing-config[1458]: curl: (22) The requested URL returned error: 404
  [...]

This is unfortunately not detected by `nix-build -A syncthing.tests`.

Ref https://github.com/NixOS/nixpkgs/pull/390742
 2025-03-22 20:05:16 +01:00
nixpkgs-ci[bot] a9379697ea
Merge staging-next into staging 2025-03-22 18:05:14 +00:00
Weijia Wang 7bce6fbf11
nixos/limine: Fix reading generations for primary profile and specialisations (#391210) 2025-03-22 18:23:02 +01:00
Vladimír Čunát 3fcae17eab
staging-next 2025-03-13 (#389579) 2025-03-22 17:39:24 +01:00
Pol Dellaiera 588f479f49
orthanc-framework: init at 1.12.6, orthanc-plugin-dicomweb: init at 1.18 (#391361) 2025-03-22 15:51:46 +01:00
Cosima Neidahl 2bf61528f1
lomiri.lomiri-polkit-agent: 0.1 -> 0.2 (#390248) 2025-03-22 15:10:33 +01:00
Arian van Putten 12c098f0ca nixos/amazon-ec2-amis: remove 2025-03-22 12:25:18 +00:00
nixpkgs-ci[bot] 3b3300fdd1
Merge staging-next into staging 2025-03-22 12:05:57 +00:00
nixpkgs-ci[bot] 7233659eaf
Merge master into staging-next 2025-03-22 12:05:30 +00:00
jopejoe1 e267d07816
nixos/shairport-sync: add freeform config (#363739) 2025-03-22 09:01:54 +01:00
nixpkgs-ci[bot] 56654a8868
Merge staging-next into staging 2025-03-22 06:05:08 +00:00
nixpkgs-ci[bot] ba561f878e
Merge master into staging-next 2025-03-22 06:04:41 +00:00
Austin Horstman 469f2ca232
clatd: 1.6 -> 2.1.0 (#390764) 2025-03-21 23:46:50 -05:00
nixpkgs-ci[bot] c060400edc
Merge staging-next into staging 2025-03-22 00:15:18 +00:00
nixpkgs-ci[bot] a053243735
Merge master into staging-next 2025-03-22 00:14:53 +00:00
Nick Cao d2fcc2fd84
python312Packages.rtslib: 2.2.0 -> 2.2.2 (#389871) 2025-03-21 18:40:32 -04:00
Sandro eb21063c25
streamcontroller: 1.5.0-beta.7 -> 1.5.0-beta.8 (#389259) 2025-03-21 21:23:58 +01:00
Scott Edlund 6970756fb6 nixos/homepage-dashboard: fix shellcheck SC2115 
Error if variable is null or unset.
 2025-03-21 19:07:50 +01:00
nixpkgs-ci[bot] 62ed49b3d0
Merge staging-next into staging 2025-03-21 18:05:33 +00:00
nixpkgs-ci[bot] f02955ed47
Merge master into staging-next 2025-03-21 18:04:59 +00:00
Kovacsics Robert 357a75fda7
xdg/portals/lxqt: Fix documentation string indent 
I just spotted this while browsing the code, but double checked and it
looks badly indented in the manpages and on the web too.
 2025-03-21 17:43:48 +00:00
Robert Hensing 202ac0e3d2
nixos: Cut off virtualisation.vmVariant.virtualisation.vmVariant (#390717) 2025-03-21 15:58:59 +00:00
Ulrik Strid eea56c4c08 streamcontroller module: Add kdotools when using plasma 
Update nixos/modules/programs/streamcontroller.nix

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2025-03-21 15:32:45 +01:00
Adam C. Stephens 12f83c72bc
nixos/incus ensure br_netfilter module is enabled (#391390) 2025-03-21 10:27:31 -04:00
provokateurin 34da0bd4fc
nixos/nextcloud: Also install when config.php exists but is empty 
Running any occ command will create an empty config file automatically: f85154f1e1/lib/base.php (L194-L196)
This causes the current check to never execute the installation, in case any occ command was run before it (which itself fails because Nextcloud is not installled yet).
So any services which don't properly depend on nextcloud-setup.service cause Nextcloud to never be installed.
 2025-03-21 14:51:30 +01:00
Rob Pilling 329fdc5763 ebusd: update to 24.1 and add new log facility option ("device") 2025-03-21 13:20:14 +00:00
Joel Koen e51ab12e17
nixos/geoclue2: set default location service to beaconDB 2025-03-21 22:43:25 +10:00
Sirio Balmelli 40567b6b8d
nixos/nebula: add DNS options 
Add the options:

- lighthouse.serve_dns
- lighthouse.dns.host
- lighthouse.dns.port

Improve systemd capabilities handling:

- do not give CAP_NET_ADMIN when tunnel interface is disabled
- give CAP_NET_BIND_SERVICE when DNS is enabled

Add self as maintainer: I'm using Nebula on NixOS in prod.

Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
 2025-03-21 13:21:45 +01:00
nixpkgs-ci[bot] 529326e679
Merge staging-next into staging 2025-03-21 12:06:31 +00:00
nixpkgs-ci[bot] 8fa05d5ca4
Merge master into staging-next 2025-03-21 12:05:59 +00:00
Arne Keller e000e1cbd4
nixos/tests/vdirsyncer: init (#271024) 2025-03-21 12:40:21 +01:00
Arian van Putten b684e9c6d6
fluent-bit: link against Nix dependencies, fix Darwin builds, and add NixOS module (#365493) 2025-03-21 11:39:18 +00:00
Arian van Putten e4684ee593
paretosecurity: 0.0.89 -> 0.0.91, nixos/paretosecurity: add trayIcon option (#391799) 2025-03-21 10:38:18 +00:00
Neyts Zupan 8dbf318cea paretosecurity: 0.0.89 -> 0.0.91,, nixos/paretosecurity: add trayIcon option 2025-03-21 10:15:25 +00:00
Jon Seager bfa9810ff7
nixos/scrutiny: use genJqSecretsReplacementSnippet (#320672) 2025-03-21 08:42:37 +00:00
Jared Baur 300efce181
nixos/clatd: allow AF_UNIX communication 
This is needed since clatd will use networkctl to attempt to obtain the
PLAT prefix, and networkctl uses UNIX domain sockets to communicate with
the systemd-networkd daemon over DBus.
 2025-03-21 01:12:13 -07:00
nixpkgs-ci[bot] fb67c77244
Merge staging-next into staging 2025-03-21 07:09:56 +00:00
K900 d5d2bf0bfd Merge remote-tracking branch 'origin/master' into staging-next 2025-03-21 09:13:10 +03:00
schnusch bc72dc08f2 nixos/vdirsyncer: only use ProtectHome=yes with DynamicUser=yes 
If a user is given it seems likely that their home directory is accessed.
 2025-03-21 01:51:20 +01:00
Will Fancher c983091366
nixos/sysusers: respect per user .enable (#388551) 2025-03-20 20:25:49 -04:00
Robert Hensing 9aab8b86c7 nixos: Cut off virtualisation.vmVariant.virtualisation.vmVariant 
This produced an unnecessarily infinitely deep config tree.

The "cut off" option can be written to, but not read from.
Being written to is important, because it allows users to
conveniently define vmVariant config without having to check
isVmVariant.

There's a small chance that someone *reads* from vmVariant config
in their normal config, and for them it will not be possible
to evaluate with `nixos-rebuild build-vm` anymore.

If this is a problem, we could perhaps make the vmVariant root
appear instead of the `throw` error.
This could also be done using mkOption apply.
 2025-03-20 22:30:12 +00:00
isabel 2c836c5054
nixos/sysusers: respect per user .enable 2025-03-20 20:43:00 +00:00
nixpkgs-ci[bot] 1cf5157bf0
Merge staging-next into staging 2025-03-20 18:05:48 +00:00
nixpkgs-ci[bot] 18471e1002
Merge master into staging-next 2025-03-20 18:05:19 +00:00
Kerstin aaf715153c
nixos/radicale: assertion so that users set settings.auth.type explictly (#391531) 2025-03-20 18:22:31 +01:00
Sandro 9f2544d0ea
nixos/wakapi: harden systemd service (#389534) 2025-03-20 17:48:34 +01:00
Moraxyc eca4c6ea19
nixos/scrutiny: use genJqSecretsReplacementSnippet 2025-03-20 22:27:06 +08:00
Kerstin 72cda846bf
nixos/mobilizon: create sitemap directory (#391389) 2025-03-20 14:35:36 +01:00
nixpkgs-ci[bot] a99aed50a5
Merge staging-next into staging 2025-03-20 12:10:38 +00:00
K900 3563a6096a Merge remote-tracking branch 'origin/master' into staging-next 2025-03-20 15:09:01 +03:00
Robert Rose cd10f9a874 nixos/keycloak: add realmFiles option 
Add an option to import Keycloak realms during
startup from exported realm files.
 2025-03-20 12:07:38 +01:00
Kerstin Humm c48d0033f7
nixos/radicale: assertion so that users set settings.auth.type explicitly 2025-03-20 11:15:20 +01:00
K900 85b2817da5 Merge remote-tracking branch 'origin/staging-next' into staging 2025-03-20 13:14:18 +03:00
n d6b565f277
nixos/yabar: update package option description 2025-03-20 14:39:01 +05:30
K900 6a900ee562 Merge remote-tracking branch 'origin/master' into staging-next 2025-03-20 09:08:18 +03:00
K900 b64ec1944e
nixos/fonts: ship fontconfig caches even for cross-compiled hosts (#391305) 2025-03-20 09:06:38 +03:00
nixpkgs-ci[bot] 47fbdfd4fc
Merge staging-next into staging 2025-03-20 00:16:05 +00:00
nixpkgs-ci[bot] 4733649a15
Merge master into staging-next 2025-03-20 00:15:20 +00:00
Jeremy Fleischman 9c02a1e422
services/cloudflare-dyndns: require that apiTokenFile be an api token 
Previously, this option was supposed to be a file of the form
`CLOUDFLARE_API_TOKEN=...`, which has a few problems:

- That's not an api token. It's an env file fit for passing to systemd's
  `EnvironmentFile` option. The user could typo the variable name, or
  intentionally/unintentionally include unrelated environment variables.
- It's not how secret files usually work in NixOS. Secret files are
  usually just the secret, and don't leak details about how the secret
  is passed to the service.
- This increases friction for people switching between cloudflare dyndns
  services, such as `services.cloudflare-dyndns` and
  `services.cfdyndns`, which both have a `apiToken` option, but (before
  this change) with different semantics.
 2025-03-19 18:19:29 -05:00
commiterate 3366b27e59 fluent-bit: link against Nix dependencies, fix Darwin builds, and add NixOS module 2025-03-19 18:48:46 -04:00
Angelo Bulfone 9ed29c65a4
nixos/limine: Fix reading generations and specialisations 
Previously, all generations for the primary system profile
read their data from the currently active one rather than
their own path, and specialisations in general all used
their parent bootspec rather than their own. This fixes both issues.

This commit still uses the parent path's build date for
specialisations, but this is more minor issue and the times
shouldn't be meaningfully different in most cases anyways.
 2025-03-19 15:19:41 -07:00
evplus c3f61d1cbd nixos/incus ensure br_netfilter module is enabled 2025-03-19 22:56:07 +01:00
Sandro Jäckel c317d5e222
nixos/mobilizon: create sitemap directory 
Mar 19 21:35:05 mobilizon mobilizon[1324]: 21:35:05.504 [info] {"args":{},"attempt":19,"duration":130905,"error":"** (File.Error) could not write to file \"/var/lib/mobilizon/sitemap/sitemap-00001.xml\": no such file or directory","event":"job:exception","id":178203,"max_attempts":20,"meta":{},"queue":"background","queue_time":510620016,"source":"oban","state":"failure","tags":[],"worker":"Mobilizon.Service.Workers.BuildSiteMap"}
 2025-03-19 22:52:48 +01:00
Will Fancher ecbf53f525
nixos/systemd: conditionally leave out some upstream units (#374214) 2025-03-19 16:58:14 -04:00
Will Fancher b15e9e7d3d
nixos/initrd: add extraFirmwarePaths option (#391166) 2025-03-19 16:51:26 -04:00
Pol Dellaiera eb0b7452d6 nixos/orthanc: minor cleanup 2025-03-19 21:20:06 +01:00
nixpkgs-ci[bot] 3a7baab73a
Merge staging-next into staging 2025-03-19 18:05:59 +00:00
nixpkgs-ci[bot] 9a9855f387
Merge master into staging-next 2025-03-19 18:05:30 +00:00
Sandro ddef00d3f0
nixos/zipline: improve systemd hardening (#387119) 2025-03-19 19:01:37 +01:00
Sandro 1289c91409
nixos/echoip: improve systemd hardening (#387466) 2025-03-19 19:00:27 +01:00
Sandro 86f44b004d
nixos/nixos-containers: user options take precedence over module ones (#388409) 2025-03-19 18:59:56 +01:00
Adam C. Stephens 476618066b
nixos/firezone: init module and packages (#374647) 2025-03-19 13:50:47 -04:00
Alexander Foremny 5c28518c4b nixos/modules/image: fix error message 
When a module is not found, it did not show the intended error message
`The module ... does not exist`, but rather `path ... does not exist`.
 2025-03-19 17:29:28 +00:00
Defelo ef19fcf725
nixos/zipline: improve systemd hardening 2025-03-19 18:16:01 +01:00
Silvan Mosberger 4f6e508a09
nixos/users-groups: Enforce ASCII usernames and fix repeated doubling of activation script runtime (#385904) 2025-03-19 17:33:49 +01:00
Jared Baur dad880d6bf
nixos/systemd: conditionally leave out some upstream units 
Some upstream systemd units are conditionally installed into the systemd
output, so we must make sure the feature that enables their installation
is enabled on our side prior to trying to use them.
 2025-03-19 08:14:48 -07:00
Matthias Beyer 2a725d40de
nixos/mautrix-telegram: switch to using static user for automated registration of appservice (#389679) 2025-03-19 15:38:57 +01:00
thefeiter f375a86fc1 nixos/mautrix-telegram: switch to using static user for automated registration of appservice 
Like for matrix-whatsapp use a static user so that the registration file can be automatically shared with synapse.
This also includes the registerToSynapse config option.
 2025-03-19 13:59:23 +01:00
Yt a72f22d0d8
Prefect init module (#386895) 2025-03-19 08:52:19 -04:00
nixpkgs-ci[bot] 08c1a45314
Merge staging-next into staging 2025-03-19 12:06:32 +00:00
nixpkgs-ci[bot] 77f0a726f9
Merge master into staging-next 2025-03-19 12:06:03 +00:00
WilliButz 41c7225648
podman: use serviceConfig.ExecStart instead of script (#390731) 2025-03-19 12:06:33 +01:00
WilliButz 6ba10ff228
docker: use serviceConfig.ExecStart instead of script (#390681) 2025-03-19 12:06:26 +01:00
WilliButz 4edfeafac4
initrd: implement panic-on-fail interpreterless (#390698) 2025-03-19 11:37:48 +01:00
Benedikt Ritter ef2bde5a13
docker: use serviceConfig.ExecStart instead of script 2025-03-19 11:12:59 +01:00
Benedikt Ritter ccdfb91b48
podman: use serviceConfig.ExecStart instead of script 2025-03-19 11:08:18 +01:00
Charlie Egan 20c9782e2f nixos/navidrome: Add environmentFile config option 
This is intended to be used to set secret environment variables for
navidrome, such as ListenBrainz/LastFM API keys.

Signed-off-by: Charlie Egan <charlieegan3@users.noreply.github.com>
 2025-03-19 09:51:42 +00:00
Benedikt Ritter deb045e057
initrd: implement panic-on-fail interpreterless 2025-03-19 10:23:46 +01:00
Colin 9435a2b422 nixos/fonts: ship fontconfig caches even for cross-compiled hosts 2025-03-19 07:53:24 +00:00
Jared Baur ea116654aa
nixos/initrd: add extraFirmwarePaths option 
(cherry picked from commit 488d4316b9e1510c9b4a2eeb8d7e2cc66839a1fc)
 2025-03-18 20:39:52 -07:00
nixpkgs-ci[bot] cd31c04e18
Merge staging-next into staging 2025-03-19 00:15:59 +00:00
nixpkgs-ci[bot] 1d4e3667f7
Merge master into staging-next 2025-03-19 00:15:26 +00:00
e1mo 100559d83c
nixos/dokuwiki: Remove unused enable option 
The option has been added in 50029ed89c
but never had any effect. As far as I could tell, it was only added for
backward compatibility. I think it's safe to remove this after 3+ years.

I opted for removal instead of implementing it since the module will
just do nothing if no site is configure, thus no enable / disable switch
is needed. Especially on a per-site level.
 2025-03-18 20:36:09 +01:00
oddlama f15f20aad7
nixos/kanidm: add extraJsonFile to BindReadOnlyPaths if set 2025-03-18 19:42:43 +01:00
Dawid Ciężarkiewicz 07a3793105 nixos/syncthing: make it easier to debug incorrect IDs 
In case of an incorrect ID, the behavior of this script
is quite tricky. See:

https://github.com/NixOS/nixpkgs/issues/326704#issuecomment-2730819822

for more info.
 2025-03-18 19:10:10 +01:00
Dawid Ciężarkiewicz a8b8f8f8c7 nixos/syncthing: missing --fail to curl 2025-03-18 19:10:10 +01:00
nixpkgs-ci[bot] e8240407b0
Merge staging-next into staging 2025-03-18 18:05:35 +00:00
nixpkgs-ci[bot] 0bb96173bd
Merge master into staging-next 2025-03-18 18:05:06 +00:00
Preston Pan 437ae0fb4e
nixos/ircd-hybrid: fix bug in which fails to substitute iproute2 (#390833) 2025-03-18 17:46:55 +01:00
Sandro 326cd70480
nixos/movim: improve systemd dependency directives (#388750) 2025-03-18 17:42:52 +01:00
nixpkgs-ci[bot] 078fa94031
Merge staging-next into staging 2025-03-18 12:06:38 +00:00
nixpkgs-ci[bot] 46b9032bb0
Merge master into staging-next 2025-03-18 12:06:05 +00:00
charludo 3e3b774732
nixos/pinchflat: init 2025-03-18 12:24:01 +01:00
Neyts Zupan 75773b77be paretosecurity: init at 0.0.86, nixos/paretosecurity: init 2025-03-18 11:09:14 +00:00
K900 dd102fa28d
nixos-generate-config: Fix unspecified root (#390892) 2025-03-18 12:02:33 +03:00
Will Fancher b82dbaf3ab nixos-generate-config: Fix unspecified root 2025-03-18 04:56:51 -04:00
nixpkgs-ci[bot] 63cf6695d5
Merge staging-next into staging 2025-03-18 06:05:46 +00:00
nixpkgs-ci[bot] 2341cd6a3a
Merge master into staging-next 2025-03-18 06:05:15 +00:00
Will Fancher 317736b155
nixos/iso-image: Consolidate ISOs Using Specialisations. (#355893) 2025-03-17 21:22:38 -04:00
nixpkgs-ci[bot] dbbed7e029
Merge staging-next into staging 2025-03-18 00:15:57 +00:00
nixpkgs-ci[bot] 14360cab01
Merge master into staging-next 2025-03-18 00:15:31 +00:00
programmerlexi 1a830fe9d9 nixos/limine: fix the install script 2025-03-18 01:06:55 +05:30
Rane 2cc1d33489
nixos/limine: cast partition index to string (#390732) 2025-03-18 01:01:15 +05:30
oddlama 6c888f4911
nixos/firezone: init modules 2025-03-17 20:21:00 +01:00
nixpkgs-ci[bot] dcc32e006f
Merge staging-next into staging 2025-03-17 18:05:40 +00:00
nixpkgs-ci[bot] f2e2b1814d
Merge master into staging-next 2025-03-17 18:05:11 +00:00
Arne Keller 65d532c9d9
nixos/jackett: fix hardening for custom dataDir (#390609) 2025-03-17 17:19:29 +01:00
John Ericson 9df17ad165
nixos/hydra: fix race condition in hydra-compress-logs (#390685) 2025-03-17 11:38:32 -04:00
Sandro b96c9e3a68
gokapi: init at 1.9.6 (#372911) 2025-03-17 16:12:38 +01:00
Sandro Jäckel 588f41bef0
nixos/hydra: fix race condition in hydra-compress-logs 
Source https://github.com/NixOS/hydra/pull/1450
 2025-03-17 15:41:00 +01:00
Sandro Jäckel 2581a40544
bird: change alias to throw to avoid confusion 2025-03-17 15:02:38 +01:00
nikstur 7872cf6917
nixos/perlless: only disable installer tools that introduce perl (#388564) 2025-03-17 14:01:20 +01:00
Will Fancher bbf66d50a2
Fix systemd-ssh changes (#390565) 2025-03-17 05:21:36 -04:00
FliegendeWurst 87d9195733 nixos/jackett: fix hardening for custom dataDir 2025-03-17 09:34:10 +01:00
Leona Maroni 50fc446be1
nixos/gitlab: convert gitlab-registry-cert.service to oneshot 
docker-registry.service has a `After` dependency on gitlab-registry-cert.
On the first start, docker-registry.service fails to start as it already
runs when gitlab-registry-cert.service starts up, and not when it finished.
 2025-03-17 09:19:23 +01:00
Will Fancher 4dcde98327 nixos/sshd: Fix socket activated SSH connections entering failed state. 
In afeb76d628, sshd.service and
sshd@.service were switched to Type=notify. This apparently works for
sshd.service, but not for sshd@.service. Given that the reason for
this working with sshd.service isn't exactly clear, let's revert it
for both of them for now, and revisit Type=notify later.
 2025-03-16 23:02:22 -04:00
nixpkgs-ci[bot] 75c8678243
Merge staging-next into staging 2025-03-17 00:16:57 +00:00
nixpkgs-ci[bot] 4761072df5
Merge master into staging-next 2025-03-17 00:16:22 +00:00
Pol Dellaiera c8a823d40b nixos/litellm: init 2025-03-16 20:49:22 +01:00
Pol Dellaiera 79e95661a6
orthanc: init at 1.12.6, nixos/orthanc: init (#385329) 2025-03-16 20:47:37 +01:00
Cryolitia PukNgae c33e419dd1
nixos/xpad-noone: init 2025-03-17 03:44:58 +08:00
nikstur 16c4ead8d7
zeekstd: init at 0.2.2 (#387636) 2025-03-16 19:17:30 +01:00
nixpkgs-ci[bot] 76fed55d6a
Merge staging-next into staging 2025-03-16 18:04:41 +00:00
nixpkgs-ci[bot] dbe56e9776
Merge master into staging-next 2025-03-16 18:04:12 +00:00
Robert Rose 119b75c310 nixos/repart: add zstd-seekable compression algorithm 
The seekable format splits compressed data into a series of independent
frames, each of which can be decompressed individually. This allows to
distribute images in smaller chunks and allows image downloads to be
paused and resumed later from the same point.

Seekable archives as a whole can be decompressed with any regular zstd
decompressor. However, partial decompression requires to know the
starting position of the desired frame, which can be extracted from a
skippable frame (aka seektable) that is appended to the compressed data.
 2025-03-16 18:32:56 +01:00
happysalada ef12e14cb7 nixos/prefect: init module 
prefect: add dburl to worker

prefect: use same state directory

prefect: fix worker environment

prefect: create user

prefect: use datadir for sqlite url

prefect: make datadir writable

prefect: don't protect home

prefect fix sqlite url

prefect: fix state directory

prefect: user should not be systemuser

prefect: set to normal user

add prefect to systempackages

try user with same name

prefect use prefect_home

do not set database url

revert to dynamic user

prefect: add tests

prefect: fix port to string
 2025-03-16 11:09:50 -04:00
Arne Keller d7a2a10a40
graylog-5_1: remove (#358780) 2025-03-16 15:45:23 +01:00
Darragh Elliott 46666bba62 gokapi: add module, test, release docs 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2025-03-16 14:41:28 +00:00
nixpkgs-ci[bot] 60173ed689
Merge staging-next into staging 2025-03-16 12:06:01 +00:00
nixpkgs-ci[bot] b2380f1687
Merge master into staging-next 2025-03-16 12:05:32 +00:00
Todd Brown b5c9cecbcc
nixos/docker: add auto prune randomizedDelaySec and persistent options (#301547) 
docker: add auto prune randomizedDelaySec and persistent options

Options mirror nix garbage collection
 2025-03-16 10:56:31 +01:00
FliegendeWurst 0867bf32d0 nixos/wlock: init 2025-03-16 10:52:21 +01:00
Pol Dellaiera ad9f51048b
nixos/flarum: restart on package update (#389453) 2025-03-16 07:28:51 +01:00
Will Fancher a2636dae46 iso-image: Combine GNOME and Plasma flavors 
This allows users to choose between the two during bootup rather than
at download time.
 2025-03-16 01:38:37 -04:00
Will Fancher 674a41e913 nixos-generate-config: Set linuxPackages_latest when ISO boots latest kernel 2025-03-16 01:38:37 -04:00
Will Fancher 6f1b070056 nixos-generate-config: Add config file 2025-03-16 01:38:37 -04:00
Will Fancher 0aad0248ce nixos/iso-image: Include latest kernel specialisation. 
Now that ISOs include the latest kernel as a specialisation, separate
ISOs for the new kernel are no longer necessary.
 2025-03-16 01:38:37 -04:00
Will Fancher f2204986a7 nixos/iso-image: Support specialisations. 2025-03-16 01:38:37 -04:00
Will Fancher 8eb8908837 nixos/iso-image: Move alternate boot options to submenus 
This will make more sense when specialisations are introduced in the
ISO boot menu

nixos/modules/installer/cd-dvd/iso-image.nix
 2025-03-16 01:38:37 -04:00
Will Fancher 3a2e8e97c3 nixos/iso-image: Disable plymouth along with display-manager.service 
GNOME in particular just breaks if plymouth isn't disabled, because
GDM takes on the role of quitting plymouth in a GNOME
configuration. But if we're disabling the DM, we should disable
plymouth too anyway.
 2025-03-16 01:03:25 -04:00
Will Fancher bef079a4b9 nixos/iso-image: Remove video= boot entries 
These seem largely redundant with the progress that desktop
environments have made since they were introduced.
 2025-03-16 01:03:21 -04:00
Philip Taron f4dd3ba6e0
systemd: make systemd-ssh-generator work (#372979) 2025-03-15 21:59:59 -07:00
Will Fancher da9a092c34 nixos/iso-image.nix: nixfmt 2025-03-16 00:23:46 -04:00
nixpkgs-ci[bot] c3b4c5315e
Merge master into staging-next 2025-03-16 00:16:49 +00:00
OPNA2608 9a4d3b36ea lomiri.lomiri-polkit-agent: 0.1 -> 0.2 2025-03-16 00:02:34 +01:00
Pol Dellaiera 933f835219 nixos/orthanc: init 2025-03-15 22:45:44 +01:00
Pol Dellaiera b29c5b7119
treewide: add documentation for nixos systemd units (#389283) 2025-03-15 21:30:08 +01:00
Arian van Putten 041912f739
nixos/ec2-data fix host fingerprint output to console (regression) (#390185) 2025-03-15 20:28:14 +00:00
jopejoe1 c38c901915 nixos/shairport-sync: use conf file instead of arguments 2025-03-15 21:07:35 +01:00
jopejoe1 9246d8f727 nixos/shairport-sync: add freeform config 2025-03-15 21:06:13 +01:00
Sandro ecb169f70c
nixos/minecraft-server: fix package example (#390188) 2025-03-15 20:49:20 +01:00
Marie Ramlow 0ea1aedc4d nixos/sshd: enable root ssh authorized_keys provisioning 
This enables provisioning of root ssh keys with systemd credentials
(e.g. passed in via smbios strings or kernel params)
 2025-03-15 20:15:44 +01:00
nixpkgs-ci[bot] e8a05cb8da
Merge master into staging-next 2025-03-15 18:04:06 +00:00
Sandro f961f717e7
nixos/minecraft-server: fix package example 2025-03-15 18:38:22 +01:00
Bruce Toll ae4750868c nixos/ec2-data fix host fingerprint output to console (regression) 
PR #322282 introduced a regression that causes the previous display of
the ssh host key fingerprints to get directed to the journal rather than
the console (as intended). Thus, the console only logs an empty set of
fingerprints:

    -----BEGIN SSH HOST KEY FINGERPRINTS-----
    -----END SSH HOST KEY FINGERPRINTS-----

The fix is to reorder the bash statement that invokes ssh-keygen so
that the ssh-keygen output is directed to /dev/console.
 2025-03-15 13:16:03 -04:00
Adam C. Stephens 4ee53e6544
nixos/open-webui: add additional systemd hardening (#377884) 2025-03-15 10:07:32 -04:00
nixpkgs-ci[bot] 890b967419
Merge master into staging-next 2025-03-15 12:05:14 +00:00
Pedro Alves 994c56c881 nixos/cloudflared: remove assertion for certificateFile 
While it is probably a mistake in configuration to have declarative
routes configured but no certificate file, it is not always necessary to
have a working set up, so the assertion was removed.

The documentation for the certificateFile setting was reworked to
describe this.
 2025-03-15 11:47:13 +00:00
Gaetan Lepage 6e79d0d383 targetcli: rename to targetcli-fb 2025-03-15 12:16:57 +01:00
Gaetan Lepage 68c06a055a python312Packages.rtslib: rename to rtslib-fb 2025-03-15 12:16:57 +01:00
Marcus Ramberg d07ebbab9b
nixos/k3s: add autoDeployCharts option and use systemd-tmpfiles for content activation (#374017) 2025-03-15 11:26:43 +01:00
jrdsgl 38590f303b
nixos/changedetection-io: fix typo (#383539) 
Update changedetection-io.nix

typo correction variables
 2025-03-15 10:59:05 +01:00
nixpkgs-ci[bot] e24f567a68
Merge master into staging-next 2025-03-15 09:53:30 +00:00
โทสฺตัล 521d3689fb nixos/movim: move phpExecutionUnit service in requires order 2025-03-15 16:25:53 +07:00
โทสฺตัล 02600c4ac5 nixos/movim: improve systemd dependency directives 2025-03-15 16:25:52 +07:00
Gaétan Lepage 4a7faaf2ae
uwsgi: remove python2 (#389865) 2025-03-15 10:22:15 +01:00
Ryan Hendrickson 0bb33117b2
nixos/pay-respects: fix "(eval):1: parse error near `alias'" (#385287) 2025-03-15 03:24:38 -04:00
nixpkgs-ci[bot] af561994f9
Merge master into staging-next 2025-03-15 00:14:59 +00:00
Benjamin Sparks f5e1d3bb02 nixos/uwsgi: remove support for python2 plugins 2025-03-15 00:16:01 +01:00
Arian van Putten c56cc16a63
nixos/systemd-repart: add support for repeating settings (#389826) 2025-03-14 22:19:19 +00:00
jopejoe1 dca7e827b3
nixos: Replace custom cfg format handling with pkgs.formats (#314933) 2025-03-14 21:08:14 +01:00
jopejoe1 97f8e4ee02
akkoma-*: migrate to pkgs/by-name (#389844) 2025-03-14 20:15:33 +01:00
Marie Ramlow 342c4f300b nixos/{renovate, libvirtd}: fix typo 2025-03-15 00:30:21 +05:30
Florent Charpentier 631bed6ed9 nixos/systemd-repart: add support for repeating settings 
fix https://github.com/NixOS/nixpkgs/issues/389478
 2025-03-14 19:43:28 +01:00
nixpkgs-ci[bot] 9d724cbb40
Merge master into staging-next 2025-03-14 18:04:58 +00:00
Marie Ramlow afeb76d628 nixos/sshd: always ship a sshd@.service unit for systemd-ssh-generator(1) 2025-03-14 18:34:50 +01:00
Marie Ramlow 63842ed333 nixos/sshd: move key generation into its own systemd unit 2025-03-14 18:34:50 +01:00
Marie Ramlow aab69d7f19 nixos/systemd: include sshd in PATH if openssh is enabled 
This enables systemd-ssh-generator to find the sshd binary.
 2025-03-14 18:34:50 +01:00
Marie Ramlow 5e43294735 nixos/ssh: include systemd-ssh-proxy config 2025-03-14 18:26:43 +01:00
Mikael Voss 6a55cc63f3
akkoma-emoji.blobs_gg: move to top‐level & migrate to pkgs/by-name 2025-03-14 15:13:10 +01:00
Mikael Voss 4c17535c7b
akkoma-frontends.admin-fe: rename to akkoma-admin-fe & migrate to pkgs/by-name 2025-03-14 14:55:23 +01:00
Mikael Voss 30cbef7dc9
akkoma-fe: migrate to pkgs/by-name 2025-03-14 14:48:19 +01:00
Austin Horstman 14ee3b00fe
nixos/slskd: remove useless inotify watches (#389586) 2025-03-14 08:11:31 -05:00
nixpkgs-ci[bot] d77c26326c
Merge master into staging-next 2025-03-14 12:05:44 +00:00
Sophie Taylor 4582e7ed83
nixos/kanidm: fix build error from typo (#389686) 2025-03-14 12:16:31 +01:00
K900 7d36ee97e6 Merge remote-tracking branch 'origin/master' into staging-next 2025-03-14 09:56:27 +03:00
Sandro e867100280
mastodon: 4.3.4 -> 4.3.6 (#388668) 2025-03-14 01:32:44 +01:00
K900 179281edd7
nixos/pipewire: support system wide pipewire-pulse service (#389565) 2025-03-13 20:54:40 +03:00
misuzu 05b496433a nixos/pipewire: support system wide pipewire-pulse service 2025-03-13 19:37:45 +02:00
misilelab cbd562ee42 bash: allow setting lsColorsFile to null 
Signed-off-by: misilelab <misileminecord@gmail.com>
 2025-03-13 22:41:44 +05:30
Sandro Jäckel 232e7b6df0
nixos/vaultwarden: relax hardening when using sendmail 2025-03-13 17:59:55 +01:00
Kerstin Humm c06efc8927
nixos/mastodon: some formatting 2025-03-13 16:51:55 +01:00
isabel c7968cf140
nixos/wakapi: harden systemd service 
when using `systemd-analyze security wakapi.service` we went from a 5.9
to a 3.
 2025-03-13 15:30:32 +00:00
polyfloyd 682a80bf1f bash: Make it possible to set alternative LS_COLORS 2025-03-13 20:56:41 +05:30
Robert Hensing bc54b597c5
nix-builder-vm: disable auto-optimise-store (#389439) 2025-03-13 15:24:03 +00:00
K900 656e50abce
mesa: more cleanups (#387292) 2025-03-13 16:55:54 +03:00
nixpkgs-ci[bot] 6e0bdfa0ce
Merge staging-next into staging 2025-03-13 12:06:57 +00:00
Luka Blašković 4fb937aabc
nats: fix infinite recursion when validating config (#389440) 2025-03-13 04:17:06 -07:00
ppom 5611f102a2 nixos/slskd: remove useless inotify watches 
Closes #389397
 2025-03-13 12:00:00 +01:00
Gaétan Lepage 9e889113ef
bundler: 2.5.22 -> 2.6.2 (#377415) 2025-03-13 10:35:46 +01:00
nixpkgs-ci[bot] 16ae74dc7d
Merge staging-next into staging 2025-03-13 09:24:36 +00:00
Florian Agbuya 8125e281fd nixos/flarum: restart on package update 
Ensures the Flarum service automatically restarts when its package is updated, preventing stale instances from running after upgrades.
 2025-03-13 17:16:34 +08:00
Pol Dellaiera 3bd304a863
nixos/searx: add option for favicons settings (#389428) 2025-03-13 09:18:43 +01:00
xanderio 6607cf789e
nixos/librenms: regenerate caches after every package change (#388914) 2025-03-13 08:39:42 +01:00
Michael Hoang c0e0720c74 nix-builder-vm: disable auto-optimise-store 
This option is associated with corruption[1, 2] and is disabled by
default in Nix as it can cause significant slowdowns[3].

[1]: https://github.com/NixOS/nix/issues/7273
[2]: https://github.com/LnL7/nix-darwin/pull/1152
[3]: https://github.com/NixOS/nix/issues/462#issuecomment-378189808
 2025-03-13 16:02:29 +09:00
GiggleSquid 461be7d8c8
nixos/searx: add configuration for favicons settings 
see searxng docs: https://docs.searxng.org/admin/searx.favicons.html
 2025-03-13 03:58:21 +00:00
nixpkgs-ci[bot] 3aa6cc457e
Merge staging-next into staging 2025-03-12 18:05:25 +00:00
h7x4 ce52fcd4eb
nixos/direnv: add xonsh integration (#383435) 2025-03-12 18:53:07 +01:00
Felix Singer 4d8d5f5782 nixos/libjaylink: init module 
By enabling this module, the jlink system group is created and udev
rules from the libjaylink package are enabled. Read-/Write access is
granted to the members of the jlink group and to seat sessions.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-03-12 18:42:28 +01:00
h7x4 ab0564bd10
treewide: add documentation for nixos systemd units 2025-03-12 18:00:38 +01:00
h7x4 6dd3e6958d
nixos/heimdal: extend nixos test, fix multitarget principals in acls (#389033) 2025-03-12 17:16:34 +01:00
nixpkgs-ci[bot] a604523918
Merge staging-next into staging 2025-03-12 15:18:56 +00:00
Florian Klink ae90832756
nixos/alloy: automaticlly include all .alloy files in reload trigger (#388634) 2025-03-12 17:17:58 +02:00
Florian Klink a8dc55f40b
nixos/logind: add "sleep" option to logindHandlerType (#388792) 2025-03-12 17:17:00 +02:00
Michele Guerini Rocco 0364c3a2c3
Fix up PR #388789 (#389213) 2025-03-12 16:12:35 +01:00
Sandro Jäckel 1eecf7cc06
haka: remove 2025-03-12 16:04:54 +01:00
Jacek Galowicz b20413d443
nixos/testing: Fix graphical tty output (#387836) 2025-03-12 07:21:32 -07:00
K900 0b87ccc8d6
nixos/hostapd: fix hostapd_cli (#389181) 2025-03-12 17:01:26 +03:00
K900 49db95baf5 Merge remote-tracking branch 'origin/staging-next' into staging 2025-03-12 16:27:55 +03:00
h7x4 2c3adc5fc6
nixos/kanidm: add extraJsonFile option (#376490) 2025-03-12 13:15:36 +01:00
rnhmjoj a2e29f2fe3
nixos/startx: fix error if generateScript == false 2025-03-12 13:05:53 +01:00
K900 6eb7fc1303
nixos/akkoma: remove IFD (#382944) 2025-03-12 14:49:01 +03:00
K900 0463010189 nixos/hostapd: fix hostapd_cli 2025-03-12 13:22:28 +03:00
h7x4 5418ecc5af
nixos/heimdal: add documentation to systemd units 2025-03-12 09:14:14 +01:00
h7x4 c4a5ef0c4a
nixos/heimdal: correctly handle multitarget principals 2025-03-12 09:14:14 +01:00
Pol Dellaiera 75cd88fa9b
nixos/light: add minBrightness option (#386182) 2025-03-12 06:33:29 +01:00
nixpkgs-ci[bot] 457b7b76da
Merge staging-next into staging 2025-03-12 00:15:15 +00:00
Pol Dellaiera 598e3abada
nixos/outline: remove non-existent systemd option (#388886) 2025-03-11 22:50:50 +01:00
Chris Moultrie 2a574e25f1
navidrome: create music folder with systemd.tmpfiles 2025-03-11 15:41:17 -04:00
K900 5da892d21c mesa: output cleanup, part 2 
- build with out-of-tree libgbm
- $drivers -> $out, since $out is basically empty now
 2025-03-11 22:16:23 +03:00
nixpkgs-ci[bot] 1030c7b8e8
Merge staging-next into staging 2025-03-11 17:37:05 +00:00
nixpkgs-ci[bot] 9a807b1916
Merge master into staging-next 2025-03-11 17:36:38 +00:00
Maximilian Bosch 25310642c6
Merge: nixos/postgresql: allow customisations of SystemCallFilter (#386345) 2025-03-11 17:11:28 +01:00
h7x4 405054ead6
nixos/kerberos_server: add the "get-keys" ACL permission (#337306) 2025-03-11 14:51:02 +01:00
Pol Dellaiera c39e50acb0
nixos/limine: init module (#386368) 2025-03-11 14:09:50 +01:00
DSeeLP 65bc040a6f nixos/hickory-dns: combine Hint and Forward zone types into one 
In 0.25.0-alpha.5 the Hint and Forward zone types where combined into External
 2025-03-11 14:03:01 +01:00
nixpkgs-ci[bot] a6ffc120d2
Merge staging-next into staging 2025-03-11 12:06:37 +00:00
nixpkgs-ci[bot] f6e560e4b0
Merge master into staging-next 2025-03-11 12:06:05 +00:00
rnhmjoj 967a4ba52b nixos/xss-lock: remove startx warning 
This warning is based on a misconception: xss-lock, as most user
services, just require access to the shell environment variables,
which for `startx` have to be imported manually.
 2025-03-11 11:05:24 +01:00
rnhmjoj e1c3082085 nixos/startx: try to improve UX 
There are some common pitfalls and no documentation around how to write
the .xinitrc to correctly start the window manager, the systemd
graphical session and, ideally, cleaning up afterwards.

To improve the user experience around startx this change:

1. Adds two options to generate a sane default script and extend
   it declaratively from NixOS.

2. Adds assertions to graphical-session.target so that it will fail
   clearly and immediately when users writing their own script forget to
   import the necessary environment variables.
 2025-03-11 11:05:24 +01:00
Sefa Eyeoglu 7252fbc580
evremap: Fix key type regex (#388802) 2025-03-11 10:57:32 +01:00
Jennifer Graul 232494bd5c
nixos/librenms: regenerate caches after every package change 
The LibreNMS cache may contain paths to the old package and may break
when the old package is removed. So it is not enough to clear the cache
only on version updates, as the package will also change when build
inputs change.

This commit updates the setup script to regenerate the cache on every
package change. In addition, it now only performs migrations when the
package version has changed, since the migrations only change on version
updates and don't need to be applied on every package change.
 2025-03-11 08:48:54 +01:00
Izorkin 6f9f983368 dovecot: remove option modules 2025-03-11 10:17:21 +03:00
nixpkgs-ci[bot] 3e526dc6a5
Merge staging-next into staging 2025-03-11 06:12:30 +00:00
nixpkgs-ci[bot] 7ab9f25c4a
Merge master into staging-next 2025-03-11 06:05:04 +00:00
MakiseKurisu 72ffdcd4a6
nixos/nvidia: update description of BusIds for caveats 2025-03-11 13:41:34 +08:00
MakiseKurisu 0645e675ef
nixos/nvidia: update busIDType to correctly handle PCI bus domain 
There are real devices with 32-bit domain ID 0x10000, which needs 10 digits to represent at the worst case (0xffffffff): open-mpi/hwloc#354

Current test will deny those devices since the field was expecting a Bus ID, which is only 8-bit wide.

Format: https://gitlab.freedesktop.org/xorg/xserver/-/blob/master/hw/xfree86/common/xf86pciBus.c#L263

Fixes: ce2e4707b7
 2025-03-11 13:36:15 +08:00
โทสฺตัล 5b820b674a nixos/movim: fix minification options & document them 
Removes the packages since this can be overridden with
services.movim.package.
 2025-03-11 11:36:22 +07:00
Talya Connor 9173c89764 nixos/outline: remove non-existent systemd option 
Maybe PrivateHome once existed? It doesn't now, though, and this is the
only instance of it in all of nixpkgs!

    Mar 11 15:18:28 kala systemd[1]: /etc/systemd/system/outline.service:46: Unknown key 'PrivateHome' in section [Service], ignoring.
 2025-03-11 15:26:30 +11:00
NovaViper 841c9ff665
qt: add "kde6" to qt.platformTheme 
Related issue: #260696
- Adds KDE Plasma 6 support, which fixes various issues with setting the
QT platform theme on the desktop environment
 2025-03-10 20:26:45 -05:00
nixpkgs-ci[bot] 3a782776bf
Merge staging-next into staging 2025-03-11 00:15:42 +00:00
nixpkgs-ci[bot] 97bfcc4bcd
Merge master into staging-next 2025-03-11 00:15:17 +00:00
Bryan Bennett 60cf5c7188 evremap: Fix key type regex 2025-03-10 16:33:38 -04:00
Pol Dellaiera 07d4d9259d
nixos/oci-containers: add autoRemoveOnStop option (#387051) 2025-03-10 20:32:42 +01:00
Will Fancher 85c607e61f
nixos/boot/systemd: enable tracefs (#388751) 2025-03-10 15:19:11 -04:00
SebastianStork e0258ad135
nixos/logind: add "sleep" option to logindHandlerType 
The "systemctl sleep" command was added in systemd v256.
 2025-03-10 19:44:27 +01:00
Emma Miler 542a053b32 nixos/oci-containers: add autoRemoveOnStop option 
Adds the autoRemoveOnStop option to allow stopped or killed containers to stay around after stop. Default behaviour remains the same.
 2025-03-10 19:35:47 +01:00
Sandro bcfa2a020c
nixos/postgresql: fix merging of shared_preload_libraries option (#388754) 2025-03-10 19:32:38 +01:00
nixpkgs-ci[bot] 3948c1ab72
Merge staging-next into staging 2025-03-10 17:25:02 +00:00
nixpkgs-ci[bot] 848c59f4f2
Merge master into staging-next 2025-03-10 17:24:31 +00:00
Arne Keller e518fa2340
nixos/services.mysql: fix wait for galera cluster sync to be done (#381333) 2025-03-10 18:22:47 +01:00
Maximilian Bosch 8bf1e138bc
nixos/postgresql: fix merging of shared_preload_libraries option 
Closes #386804

The issue with coercing to `types.str` is that it's not mergeable, so
any declarations will result in an eval error like this:

    error: The option `interactive.nodes.tmp.services.postgresql.settings.shared_preload_libraries' has conflicting definition values:
    - In `/home/ma27/Projects/nixpkgs-hack/tmp.nix@node-tmp': "foo"
    - In `/home/ma27/Projects/nixpkgs-hack/tmp.nix@node-tmp': "bar2"
    Use `lib.mkForce value` or `lib.mkDefault value` to change the priority on any of these definitions.

Using a mergeable type (`types.comma`, i.e. a string, where all declarations
get joined with a comma as delimiter) fixes the problem.
 2025-03-10 18:07:44 +01:00
John Titor f597c68e7b
nixos/boot/systemd: enable tracefs 
tracefs is a special-purpose filesystem in Linux used for tracing filesystem and kernel operations.

This was added to the kernel back in 2015 to replace debugfs. For security reasons, some system do not mount debugfs at all. Tracefs reduces the attack surface by allowing to trace without mounting debugfs. Additionally it provides features not supported by debugfs (such as calls for mkdir and rmdir

Debian and Arch Linux both enable this by default.
RHEL 8 and later, they enable tracefs by default.

Signed-off-by: John Titor <50095635+JohnRTitor@users.noreply.github.com>
 2025-03-10 22:27:41 +05:30
Martin Weinelt b38edf3f69
Merge remote-tracking branch 'origin/master' into staging-next 2025-03-10 17:42:12 +01:00
Austin Horstman caff0370c6
nixos/movim: fix package reference (#388728) 2025-03-10 11:07:28 -05:00
Sandro 74ee058fc3
nixos/sudo-rs: align sudo and sudo-rs config (#386423) 2025-03-10 16:51:43 +01:00
โทสฺตัล bc27f99008 nixos/movim: add overridden package to ð environment (inc. symlinks) 2025-03-10 22:51:02 +07:00
Austin Horstman c021204af6
{movim,nixos/movim}: fix database options (#388428) 2025-03-10 10:27:59 -05:00
Jörg Thalheim 611bfa1dd4
make nix.settings.system-features default mergeable again (#383052) 2025-03-10 13:09:49 +01:00
nixpkgs-ci[bot] aaf5a9e6a6
Merge staging-next into staging 2025-03-10 12:06:31 +00:00
nixpkgs-ci[bot] 7ca362baba
Merge master into staging-next 2025-03-10 12:06:00 +00:00
Gaétan Lepage ff2d12d11d
nixos/cloudflared: add option for cert.pem and use dynamic user (#383499) 2025-03-10 11:15:06 +01:00
Patrick 1cdca46944
nixos/homebox: update default for 0.18.0 2025-03-10 11:07:47 +01:00
Alexander Sieg 6fdc890e79
nixos/alloy: automaticlly include all .alloy files in reload trigger 2025-03-10 10:13:59 +01:00
Arne Keller 9b62d5e280
nixos/zwave-js-ui: Add chown to allowed syscalls (#380999) 2025-03-10 08:47:46 +01:00
Philip Taron 711bf412a3
make-initrd: use closureInfo again (#372931) 2025-03-09 18:48:12 -07:00
nixpkgs-ci[bot] 996f219f1e
Merge master into staging-next 2025-03-10 00:13:24 +00:00
isabel adcdeadefd
nixos/perlless: only disable installer tools that introduce perl 2025-03-09 23:24:20 +00:00
Martin Weinelt e5d70cfec2
nixos/matter-server: fix permission denied error in 7.0.1 (#384651) 2025-03-09 21:32:31 +01:00
Mathieu Fenniak 801eacddcc replace multiple optional w/ one optionals 
import optionals
 2025-03-09 12:56:06 -06:00
nixpkgs-ci[bot] 5397043aaf
Merge master into staging-next 2025-03-09 18:03:47 +00:00
Sandro bb3577f6b3
nixos/xonsh: add bash completions support (#386311) 2025-03-09 16:02:49 +01:00
Donovan Glover 011cc1ed74
nixos/phosh: enable services.graphical-desktop (#354465) 2025-03-09 14:47:33 +00:00
Dominik Xaver Hörl 9270d7cbb6 nixos/installation-device: add jq.all to extraDependencies 
As discovered in https://github.com/NixOS/nixpkgs/pull/372931, we need the dev output of jq for closureInfo. We opt to add the whole thing.
 2025-03-09 14:20:48 +01:00
โทสฺตัล 076fdda013 {movim,nixos/movim}: fix database options 
Wrong casing, doesn’t work with those not creating a local database, &
has a bug with implementation on how it should be overriding the
database support to the movim package.
 2025-03-09 20:13:13 +07:00
nixpkgs-ci[bot] fd2aa7b174
Merge master into staging-next 2025-03-09 12:04:44 +00:00
Kevin Boulain c2d4e8f4cb nixos/nixos-containers: user options take precedence over module ones 
I think this is the norm in NixOS modules. This allows to start a
container with '--volatile=overlay --link-journal=host' in order to
persist logs across runs of a container running with a temporary root.
While '--ephemeral' omits '--link-journal=try-guest', it's not possible
to run an ephemeral container when linking the journal:
https://github.com/systemd/systemd/issues/1666
 2025-03-09 11:08:56 +01:00
Aleksana b930f88a3a
regreet: set right data dir (NixOS#377585) (#383764) 2025-03-09 17:42:44 +08:00
Franz Pletz 7978d240c2
nixos/iosched: exclude loop devices by default; mention in release notes (#385106) 2025-03-09 09:38:05 +01:00
nixpkgs-ci[bot] 4f58dec3fd
Merge master into staging-next 2025-03-09 06:04:26 +00:00
Florian Klink 9004cb4a05
nixos/h2o: add simple listen.host setting, add example (#386318) 2025-03-09 11:32:06 +07:00
โทสฺตัล 1e3e30d566 nixos/h2o: clarify/format some docs to point to upstream config 2025-03-09 11:03:48 +07:00
nixpkgs-ci[bot] a77f267067
Merge master into staging-next 2025-03-09 00:13:41 +00:00
Sandro 90c9004407
hylafaxplus: 7.0.9 -> 7.0.10, misc improvements (also module) (#376418) 2025-03-08 22:39:47 +01:00
Mikael Voss 54bd09a515
nixos/iosched: exclude loop devices by default 2025-03-08 21:56:51 +01:00
Sandro 63e31591f2
nixos/matrix-alertmanager: set NODE_ENV to production, fix shellcheck when it is enabled (#388000) 2025-03-08 21:54:58 +01:00
nixpkgs-ci[bot] 7f25f5fed5
Merge master into staging-next 2025-03-08 18:03:50 +00:00
Leona Maroni 810f3b88e4
nixos/synapse-auto-compressor: init (#383168) 2025-03-08 16:55:06 +01:00
Matt Leon b4f4971b6a
nixos/matter-server: fix permission denied error in initialization with v7.0.1 
Signed-off-by: Matt Leon <ml@mattleon.com>
 2025-03-08 09:34:46 -05:00
Yt b97d92aaef
nixos/cloudflare-dyndns: fix missing home error (#386211) 2025-03-08 09:15:24 -05:00
Aleksana 7791660b3f
nixos/nextcloud: update nextcloud version in example (#387933) 2025-03-08 20:26:35 +08:00
nixpkgs-ci[bot] c5874d172c
Merge master into staging-next 2025-03-08 12:04:23 +00:00
Donovan Glover 9ac142b30c
feedbackd: 0.4.1 -> 0.7.0 (#385050) 2025-03-08 10:57:13 +00:00
Maximilian Bosch 6fe52c5dae
Merge: nixos/nextcloud: fix shellcheck after #367433 (#387913) 2025-03-08 11:32:05 +01:00
n e43340da27
nixos/emacs: improve description of services.emacs.enable (#387966) 
Remove `, whatever its value.` because it makes the sentence confusing.
 2025-03-08 17:04:05 +08:00
shelvacu 1a4575f9db
nixos/modules: Add security.pki.caBundle option and make all services use it for CA bundles (#352244) 
Previously some modules used `config.environment.etc."ssl/certs/ca-certificates.crt".source`, some used `"/etc/ssl/certs/ca-certificates.crt"`, and some used `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"`. These were all bad in one way or another:

- `config.environment.etc."ssl/certs/ca-certificates.crt".source` relies on `source` being set; if `text` is set instead this breaks, introducing a weird undocumented requirement
- `"/etc/ssl/certs/ca-certificates.crt"` is probably okay but very un-nix. It's a magic string, and the path doesn't change when the file changes (and so you can't trigger service reloads, for example, when the contents change in a new system activation)
- `"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"` silently doesn't include the options from `security.pki`

Co-authored-by: Shelvacu <git@shelvacu.com>
 2025-03-08 08:41:08 +00:00
nixpkgs-ci[bot] 9c19764eb8
Merge master into staging-next 2025-03-08 06:04:30 +00:00
Connor Baker 871cda0b06
testers.shellcheck: refactor, update docs, and simplify tests (#385940) 2025-03-07 20:53:33 -08:00
Connor Baker cd7df192e3 treewide: add name argument to calls to testers.shellcheck 2025-03-08 00:15:22 +00:00
Sandro Jäckel 2dc0f36390
nixos/matrix-alertmanager: fix shellcheck when it is enabled 2025-03-07 22:40:24 +01:00
K900 1118da9af8 Merge remote-tracking branch 'origin/master' into staging-next 2025-03-08 00:22:54 +03:00
Philip Taron f041d52e7b
nixos/users-groups: Add assert on null shells (#279431) 2025-03-07 12:54:52 -08:00
Victor B. bb9f3ae6ed
tp-auto-kbbl: enable upower service 2025-03-07 20:41:16 +01:00
Sandro Jäckel 95fa8bfc70
nixos/matrix-alertmanager: set NODE_ENV to production 2025-03-07 20:39:50 +01:00
Sandro 48ecb73067
netbox_4_2: init (#376100) 2025-03-07 20:31:48 +01:00
Sandro ea79d17e5b
nixos/nextcloud: update nextcloud version in example 2025-03-07 20:20:39 +01:00
Sandro 07c24fffa3
nixos/matrix-alertmanager: init module (#378966) 2025-03-07 19:59:46 +01:00
jan 5deeee393a nixos/wireshark: usbmon permissions 
Add an usbmon.enable option (default false) for setting permissions for
capturing USB traffic.
Add a dumpcap.enable option (default true) for setting permissions for
capturing network traffic.
fixes #375657
 2025-03-07 19:34:27 +01:00
K900 12f1739811 Merge remote-tracking branch 'origin/master' into staging-next 2025-03-07 20:56:35 +03:00
misuzu f3b9f47891
nixos/umurmur: init (#387580) 2025-03-07 17:46:10 +02:00
Sandro Jäckel 98b175f44a
nixos/nextcloud: fix shellcheck after #367433 2025-03-07 14:41:02 +01:00
K900 7f555db5e5 Merge remote-tracking branch 'origin/master' into staging-next 2025-03-07 13:54:59 +03:00
Martin Weinelt e61a020108
evcc: add envsubst secret support (#387829) 2025-03-07 11:47:52 +01:00
Maximilian Bosch 6c4f93e113
Merge: nixos/nextcloud: use LoadCredential to read secrets (#367433) 2025-03-07 10:58:29 +01:00
Frédéric Christ 459ddaec26 nixos/testing: Fix graphical tty output 
Prior to this commit, the graphical output of an application
running during the boot process was only redirected to the serial
console. Therefore, testing those applications inside the driver (eg.
using `enableOCR = true` was not possible by default.

Limiting the consoles to only the `qemuSerialDevice` has originally been
introduced with fb9f5e4a03 to fix journal
output after the activation of both consoles have been introduced with
d4468bedb5.

However limiting the consoles to only `qemuSerialDevice`this is no longer
necessary since 6aba98aefd makes sure the
journal is always forwarded to the serial console used by the testing
driver.

This is a follow-up on https://github.com/NixOS/nixpkgs/pull/339730
 2025-03-07 10:09:23 +01:00
Martin Weinelt 067732921f
nixos/evcc: support passing secrets with envsubst 
and apply some newer best practices.
 2025-03-07 10:08:55 +01:00
3JlOy_PYCCKUI 095da00b2d nixos/umurmur: init 2025-03-07 12:07:53 +03:00
Florian Klink 92d11f06d5
nixos/movim: run nixfmt-rfc-style (#387633) 2025-03-07 15:18:51 +07:00
โทสฺตัล 43c1654cae nixos/movim: run nixfmt on module 
This 711-line file was expanded into 817-line file by nixfmt.
Readability was hurt as now I can’t see as much in my editor at a time;
this directly makes editing & reviewing slower as reading is harder. I
am upset about this change.
 2025-03-07 14:53:05 +07:00
nixpkgs-ci[bot] 39279939ad
Merge master into staging-next 2025-03-07 00:15:06 +00:00
Nick Cao f0f00d4c14
nixos/dendrite: rename settings.sync_api.search.enable option to sett… (#386393) 2025-03-06 17:12:52 -05:00
Dionysis Grigoropoulos ce90b7889c
nixos/matrix-alertmanager: init module 2025-03-07 00:04:17 +02:00
nixpkgs-ci[bot] 98419f2ac1
Merge master into staging-next 2025-03-06 18:04:30 +00:00
Philip Taron 9ab61b2537
nixos/doc: convert links to manpages (#383975) 2025-03-06 09:37:51 -08:00
7c6f434c fe36c0e045
Squid: 6.13 -> 7.0.1 (#384972) 2025-03-06 17:17:08 +00:00
Izorkin a6a9bb9725 dovecot: remove hard coding path to module dir 2025-03-06 19:47:04 +03:00
K900 c63e1d1daf nixos/pipewire: remove client-rt.conf support 2025-03-06 16:56:39 +03:00
Joshua Kobschätzki 019f100d17 squid: add inverse test 2025-03-06 11:36:17 +01:00
Izorkin 01e8036a98
logrotate: allow access to unix socket 2025-03-06 10:41:49 +03:00
programmerlexi 12779dc091
nixos/limine: init module 
Co-Authored-By: Gabriel Waksmundzki <czapek1337@gmail.com>
 2025-03-06 08:05:08 +01:00
6543 e00090dddf services.mysql: make sql statements consistent uppercase 2025-03-06 07:03:49 +01:00
6543 534f90a262 services.mysql: on create initial databases add savety statement 'IF NOT EXISTS' for edgecases 2025-03-06 07:03:49 +01:00
6543 41ec4243d1 services.mysql: wait for galera cluster sync to be done 2025-03-06 07:03:49 +01:00
Defelo eccf638822
nixos/echoip: improve systemd hardening 2025-03-06 02:01:23 +01:00
Jeremiah 1e0217b0c5
nixos/soft-serve: restart trigger added (#384829) 
Previously changing configuration did not apply to the running service
requiring it to be restarted manually. This fixes that issue.
 2025-03-05 12:54:04 -05:00
Sandro 5ca7fffe87
nezha: 0.20.3 -> 1.9.5; nezha-agent: 0.20.5 -> 1.9.2; nixos/nezha-agent: refactor (#361515) 2025-03-05 17:38:42 +01:00
Maximilian Bosch 432d274c81
nixos/nextcloud-notify_push: use RestartMode=direct 
`nextcloud-notify_push.service` requires
`nextcloud-notify_push-setup.service`. If the latter fails (e.g. because
of Nextcloud not being there yet), the push service would also fail with
result 'dependency'.

RestartMode=direct doesn't put a unit into failed state IF it's about to
be restarted again. That way, `nextcloud-notify_push` will await several
restart attempts. Only if the unit fails due to a rate-limit (i.e. too
many restarts), the push service will also fail.

If the startup is still too slow, it may make sense for administrators to
configure higher intervals between the start attempts with RestartSec.
 2025-03-05 17:27:04 +01:00
Donovan Glover 4a0ff69422
nixos/restic: unlock database before doing pruning (#387116) 2025-03-05 16:00:48 +00:00
Sandro d52a42c0c1
part-db: init at 1.14.5 (#365249) 2025-03-05 15:31:27 +01:00
Luflosi d3d77fbad0
feedbackd: 0.4.1 -> 0.7.0 
https://source.puri.sm/Librem5/feedbackd/-/releases/v0.5.0
https://source.puri.sm/Librem5/feedbackd/-/releases/v0.6.0
https://source.puri.sm/Librem5/feedbackd/-/releases/v0.7.0

Release v0.5.0 mentions a new systemd unit "fbd-alert-slider" but I did not attempt to make it work as I don't have such a device.
 2025-03-05 14:49:09 +01:00
Pedro Alves 4f644e0b31 nixos/cloudflared: add option for cert.pem and use dynamic user 
Make the cloudflared tunnel service use systemd credentials and dynamic
users, removing the services.cloudflared.user and .group option.

Also add an option to provide the cert.pem file, without which tunnels
defined declaratively would not work.

Additionally, add an assertion checking that the certificate file is
provided if there are declarative routes defined.
 2025-03-05 13:33:04 +00:00
Cosima Neidahl 6abd862418
miriway: 24.11.1 -> 25.02 (#385391) 2025-03-05 12:59:48 +01:00
Nico Felbinger c456896108
nixos/part-db: init module 
Co-authored-by: Sandro <7258858+supersandro2000@users.noreply.github.com>
Co-authored-by: Tert0 <62036464+tert0@users.noreply.github.com>
 2025-03-05 12:56:25 +01:00
Martin Weinelt 4ffa25f041
frigate: 0.14.1 -> 0.15.0 (#386266) 2025-03-05 12:52:36 +01:00
Jonas Heinrich 370bcffd35
nixos/networkd-dispatcher: added missing enum value "enslaved" to option "onState" (#382574) 2025-03-05 10:52:31 +01:00
Sefa Eyeoglu 9ebdac572e
monado: set VIT_SYSTEM_LIBRARY_PATH so that libbasalt.so can be found (#387175) 2025-03-05 08:44:10 +01:00
34j 783dff1c6f monado: set VIT_SYSTEM_LIBRARY_PATH so that libbasalt.so can be found 2025-03-05 13:39:01 +09:00
Jakob Klepp 7bffbf3c4c
nixos/nats: add option validateConfig (#387048) 
As discussed in the comments of https://github.com/NixOS/nixpkgs/pull/322035
and in the issue https://github.com/NixOS/nixpkgs/issues/333119
config validation fails at build time when the config
references files unavailable during build time

nixos/nats: nixfmt 'nixos/modules/services/networking/nats.nix'
 2025-03-04 17:51:09 -08:00
Sandro 4f7fc6dfdf
nixos/glitchtip: init module (#386013) 2025-03-05 01:23:43 +01:00
Defelo 5da710d274
nixos/glitchtip: init module 
Co-authored-by: soyouzpanda <soyouzpanda@soyouzpanda.fr>
Co-authored-by: Nico Felbinger <nico@felbinger.eu>
 2025-03-05 00:24:50 +01:00
Sandro Jäckel 138abab480
nixos/restic: unlock database before doing pruning 
This is safe to do because only stale locks are removed.
See https://github.com/restic/restic/issues/2736 and https://github.com/restic/restic/blob/master/internal/restic/lock.go
By default only locks older than 30 minutes or when the pid is no longer
found on the same machine, are removed. Locks are refreshed every 5
minutes when doing operations.
 2025-03-04 22:54:42 +01:00
Sandro Jäckel 7c9c342419
nixos/restic: suggest to cleanup cache 2025-03-04 22:54:34 +01:00
Masum Reza d38624ef95
hddfancontrol: 1.5.1->2.0.1 (#387029) 2025-03-05 01:57:54 +05:30
Philip Wilk 6a791193b6
nixos/hddfancontrol: support v2 argument format 2025-03-04 20:12:26 +00:00
Sandro 4f8cf45715
nixos/inadyn: fix defaultText (#384773) 2025-03-04 19:02:20 +01:00
Sandro e73ecef3d2
nixos/nvidia: add a read only enabled option (#386728) 2025-03-04 18:59:04 +01:00
Thomas Gerbet ee2c1b8352
nixos/osquery: fix database_path + logger_path opts per systemd docs (#370003) 2025-03-04 14:51:12 +01:00
Moraxyc 1235bed1b5
nixos/nezha-agent: refactor 2025-03-04 18:08:04 +08:00
bstanderline d784db18f2 nixos/osquery: set default database_path and logger_path 2025-03-04 09:43:07 +00:00
xanderio 8bc3ee6396
dependency-track: stop bundling frontend in jar (#386408) 2025-03-04 09:39:44 +01:00
Martin Weinelt 5c3df8025f
frigate: 0.14.1 -> 0.15.0 
https://github.com/blakeblackshear/frigate/releases/tag/v0.15.0
 2025-03-04 08:02:02 +01:00
Glib Shpychka 5e2119f033
nixos/wyoming-piper: Remove range validation for numerical options (#384315) 
Remove range validation for numerical options
 2025-03-04 07:43:39 +01:00
Chris Dombroski 63157e34d8 nixos/zwave-js-ui: Add chown to allowed syscalls 
Closes: #379850
 2025-03-03 21:34:09 -05:00
Felix Buehler 63b6df42de nixos/caddy: validate at build-time 2025-03-03 21:33:45 +01:00
Felix Buehler 1ef1bcec09 nixos/caddy: use lib.getExe 2025-03-03 21:33:44 +01:00
Joshua Kobschätzki 3403819b4d netbox_4_2: init 
Co-authored-by: SuperSandro2000 <sandro.jaeckel@gmail.com>
 2025-03-03 21:24:13 +01:00
Sandro Jäckel 7d99d5d3f4
nixos/nvidia: add a read only enabled option 
similar to the one from zfs
 2025-03-03 14:20:15 +01:00
Sefa Eyeoglu dd82cce766
nixos/tandoor-recipes: fix default user and group creation 
Signed-off-by: Sefa Eyeoglu <contact@scrumplex.net>
 2025-03-03 10:04:50 +01:00
Technosophist c063a28835 nixos/tlp: fix NetworkManager RDW dispatcher script location (again) 
As a result of #350268, the tlp NetworkManager dispatch script no longer worked.  It creates a broken
link to `/usr/lib/NetworkManager/dispatcher.d/99tlp-rdw-nm`.

This removes the `/usr/` prefix so the script is pointing to the right file.
 2025-03-02 16:54:42 -05:00
r-vdp 4e17c9546f
nixos/sudo-rs: align sudo and sudo-rs config 
Since the latest release, sudo-rs supports all what we need
 2025-03-02 17:42:18 +01:00
Alexander Sieg 8af0a5abfd dependency-track: don't bundle frontend in jar 
Bundling the frontend in the jar is deprecated by upstream and causes
the frontend from being serve after weeks of runtime.
 2025-03-02 16:50:01 +01:00
transcaffeine 0b483037f7
nixos/synapse-auto-compressor: init 2025-03-02 15:59:42 +01:00
Nick Cao e7348801ed
nixos/dendrite: rename settings.sync_api.search.enable option to settings.sync_api.search.enabled 2025-03-02 09:46:56 -05:00
Maximilian Bosch 6e87867ee3
nixos/postgresql: allow customisations of SystemCallFilter 
Closes #385603

The problem described is that `wal-g` requires syscalls from `@resources`.
However, we don't have support for it in the module now and I don't
think it's reasonable to only support hardening adjustments for things
support by this module. Also, list is a bad datatype here since it
doesn't allow the level of customizations we need.

This is only for the syscall filterset since it's the option that's hard
to customize otherwise. For downstream configs, it's recommended to
adjust the hardening as needed in other cases.

Hence I decided to implement `services.postgresql.systemCallFilter` with
the following semantics:

* `systemCallFilter."~@resources" = true` adds `~@resources` to the
  filterset.

* Setting this to `false` (e.g. in a downstream configuration using
  `wal-g`) removes the entry `~@resources` from the filterset. In this
  case it's sufficient since `@system-service` implies `@resources` and
  the `~@resources` declaration after that discards that.

  I decided to not implement logic about negations in here, but to keep
  it rather simple by only allowing to set/unset entries.

As described in `systemd.exec(5)`, the ordering matters: e.g.
`@system-service` implies `@resources`, but `~@resources` _after_ that
reverts that. By default, the ordering of the keys is as follows:

* syscall groups (starting with `@`) come at first.
* negations of syscall groups (starting with `~@`) come after that.
* anything else at the end.

If further ordering is needed, it can be done like this:

```
{
  services.postgresql.systemCallFilter."~@resources" = {
    enable = true; # whether or not it's part of the final SystemCallFilter
    priority = 23; # ordering priority in the filterset.
  };
}
```

The lower the priority, the higher up the entry will be in the final
filterset.
 2025-03-02 11:20:18 +01:00
โทสฺตัล 28aa290145 nixos/h2o: add access to listen.host 2025-03-02 15:57:09 +07:00
โทสฺตัล dcee208a31 nixos/h2o: provide a settings example 2025-03-02 15:57:09 +07:00
K900 ed22fbec72
pgscv: init package + module (#386064) 2025-03-02 08:39:56 +03:00
K900 80b437dfa7 nixos/pgscv: init 2025-03-02 08:39:29 +03:00
SamLukeYes 04a0fa83b6
nixos/xonsh: add bash completions support 2025-03-02 12:31:56 +08:00
Jappie3 16cdde8008
nixos/kanidm: add extraJsonFile option to allow provisioning from a json file 2025-03-01 23:12:29 +01:00
happysalada 4fac925299 nixos/cloudflare-dyndns: fix missing home error 2025-03-01 16:03:52 -05:00
Hugo Cartigny (BlueskyFR) f7548cccda nixos/light: add minBrightness option 
Make the minimum brightness level configurable instead of using an arbitrary value of 0.1.
 2025-03-01 20:33:31 +01:00
Faye Duxovni 87806c913c
nixos/syncthing: prevent enabling overrideFolders and autoAcceptFolders simultaneously (#321872) 
* syncthing: prevent enabling overrideFolders and autoAcceptFolders simultaneously

* Fix href in services.syncthing.overrideFolders default text
 2025-03-01 14:36:50 +01:00
Maximilian Bosch 2cf427c045
Merge: nextcloud31: init at 31.0.0 (#385060) 2025-03-01 13:47:45 +01:00
Kamillaova a1226737a4
nixos/postfixadmin: use config.services.postgresql.settings.port instead of old ...postgresql.port 2025-03-01 15:09:35 +03:00
Kamillaova bab7f1e99e
nixos/postfixadmin: add set -o pipefail for postfixadmin-postgres script 2025-03-01 15:09:34 +03:00
Kamillaova 2de264f209
nixos/postfixadmin: refactor 2025-03-01 15:09:13 +03:00
Kamillaova c0c3fa6a78
nixos/postfixadmin: format with nixfmt-rfc-style 2025-03-01 15:08:14 +03:00
Maximilian Bosch 303bd80713
Merge: nixos/nginx: add locations."name".uwsgiPass option and use it (#346776) 2025-03-01 12:34:20 +01:00
Maximilian Bosch be4fd8fdf2
nixos/nextcloud: update docs 
* Update related packages for pkg option.
* Add release notes.
 2025-03-01 11:58:54 +01:00
Bruno BELANYI 0c4bc741cf
nixos/radarr,lidarr,readarr,whisparr,prowlarr: add settings option (#384052) 2025-03-01 09:10:11 +00:00
Silvan Mosberger b602f86829 nixos/users-groups: Catch invalid usernames early 
Prevents running into the problem from the parent commit in the first
place.
 2025-02-28 22:33:55 +01:00
Silvan Mosberger 8181d2a7c1 nixos/user-groups: Don't double-UTF8-encode subUidMapFile 
Because with it only being single-UTF8-decoded, this lead to the file
~doubling in size whenever it contained any non-ascii characters!
 2025-02-28 21:55:12 +01:00
Samuel Dionne-Riel 6ec6eae586
Revert "nixos/grub: generate BLS entries" 2025-02-28 14:30:10 -05:00
Michele Guerini Rocco 6bf084c4ea
nixos/grub: generate BLS entries (#95901) 2025-02-28 15:12:36 +01:00
zowoq 31782c65e2
rasdaemon: 0.8.0 -> 0.8.2 (#369375) 2025-02-28 21:47:15 +10:00
Bruno BELANYI e44a5f7f21
tandoor_recipes: use static user and group instead of DynamicUser (#382858) 2025-02-28 10:11:21 +00:00
Matei Dibu f91b6f3581 nixos/rasdaemon: add package option 2025-02-28 11:46:35 +02:00
rnhmjoj 435a72e469
nixos/grub: generate BLS entries 2025-02-28 09:51:20 +01:00
Pol Dellaiera 56e88da108
rebuilderd: init at 0.22.1 (#343334) 2025-02-28 09:14:08 +01:00
Sandro 32d2826f35
nixos/archtika: init at 1.0.1 (#365218) 2025-02-27 23:56:06 +01:00
Sandro d1c535f62a
nixos/user-groups: add a toggle for user account creation (#358646) 2025-02-27 23:47:20 +01:00
Sandro 511e62f5ec
nixos/soju: add option to overwrite generated configFile (#340583) 2025-02-27 23:34:58 +01:00
Sandro 291fe081dc
netclient: add network-online dependency to get rid of warning (#371276) 2025-02-27 23:28:17 +01:00
Sandro Jäckel 36a3c6c11d
nixos/paperless: move paperless-manage to proper systemPackage 2025-02-27 21:47:35 +01:00
Pol Dellaiera 2c8bdd00fd nixos/rebuilderd: init 2025-02-27 21:18:46 +01:00
Maximilian Bosch 659f9ea390
Merge: nixos/oci-containers: support rootless containers & healthchecks (#368565) 2025-02-27 19:59:34 +01:00
Sandro fd256f27b0
poppler-utils: rename from poppler_utils (#385503) 2025-02-27 19:35:38 +01:00
Michele Guerini Rocco af8642b189
nixos/hostapd: add passwordFile to structured SAE entries (#365727) 2025-02-27 13:51:23 +01:00
Maximilian Bosch 7d443d378b
nixos/oci-containers: support rootless containers & healthchecks 
Closes #259770
Closes #207050

The motivation for the former is to not execute the container as root,
so you don't have to `sudo -i` to perform podman management tasks.

The idea behind healthchecks is to be able to keep the unit in the
activating state until the container is healthy, only then then unit is
marked as active.

The following changes were necessary:

* Move the ctr-id into `/run/${containerName}` to make podman can
  actually write to it since it's now in its RuntimeDirectory.

* Make `sdnotify` option configurable (`healthy` for healthchecks that
  must pass, default remains `conmon`).

* Set Delegate=yes for `sdnotify=healthy` to make sure a rootless
  container can actually talk to sd_notify[1].

* Add a warning that lingering must be enabled to have a `systemd --user`
  instance running which is required for the cgroup support to work
  properly.

* Added a testcase for rootless containers with both conmon and
  healthchecks.

[1] https://github.com/containers/podman/discussions/20573#discussioncomment-7612481
 2025-02-27 11:08:33 +01:00
Aaron Jheng a2f3625d99
poppler-utils: rename from poppler_utils 2025-02-27 16:56:01 +08:00
Stefan Mielke c442a189e7 nixos/mysql-backup: fix error when db name contains a dot 2025-02-27 01:06:04 +01:00