gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
874,514 Commits 9 Branches 0 Tags
0e9e2df87d2c6f45f4a46c4f26f53b51abe35b46
Commit Graph

3111 Commits

Author SHA1 Message Date
Felix Singer
79ab4bb47b nixos/redmine: Enable MountAPIVFS hardening in service config 
This setting is already implied by others, but add it for completeness
as well. For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#MountAPIVFS=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 16:16:27 +02:00
Felix Singer
21f827065b nixos/redmine: Enable PrivateUsers hardening in service config 
For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#PrivateUsers=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 16:16:27 +02:00
Felix Singer
a799bd0e3d nixos/redmine: Set ProtectProc to invisible 
For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ProtectProc=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-07 16:16:26 +02:00
Thomas Gerbet
f0335d8ede nixos/redmine: Set ProtectControlGroups to strict (#448634) 2025-10-07 06:20:44 +00:00
Wolfgang Walther
91a8fee3aa treewide: remove redundant parentheses 
Auto-fixed by nixf-diagnose.
 2025-10-05 10:52:03 +02:00
Wolfgang Walther
c283f32d29 treewide: remove unused with 
Auto-fixed by nixf-diagnose.
 2025-10-05 10:50:41 +02:00
Wolfgang Walther
90e7159c55 treewide: remove unused rec 
Auto-fix by nixf-diagnose.
 2025-10-05 10:49:12 +02:00
Felix Singer
4fb64fb8a1 nixos/redmine: Set ProtectControlGroups to strict 
For documentation see
https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#ProtectControlGroups=

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-10-04 23:15:45 +02:00
Bart Brouns
d1a084e777 nixos/ringboard: add user service module 2025-10-01 15:59:28 +02:00
Masum Reza
9e538263a0 sssd: fix tests issues (#446589) 2025-09-29 14:35:47 +00:00
xanderio
61dfdcf015 nixos/gitlab: add proxyWebsockets as recommended nginx setting (#431884) 2025-09-29 09:02:01 +00:00
liberodark
979a95c40a sssd: fix tests issues 2025-09-28 10:42:56 +02:00
Felix Singer
b19c6d9645 nixos/redmine: Set ProtectSystem to strict 
Make the whole file system read-only except the directories related to
Redmine, like the state directory. The runtime directory is already
excluded by configuring it with the option `RuntimeDirectory`.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-09-25 16:00:26 +02:00
Felix Singer
31f095fa1a nixos/redmine: Set up runtime directory by using RuntimeDirectory option 
Instead of letting systemd tmpfiles set up the runtime directory, use
the option `RuntimeDirectory` from the systemd service config since the
configured path stays read-writable when ProtectSystem is set to
`strict`. This is equal to adding the path to ReadWritePaths.

Signed-off-by: Felix Singer <felixsinger@posteo.net>
 2025-09-25 15:58:31 +02:00
jopejoe1
2032412fdb various: use more accurate int types (#445244) 2025-09-22 21:50:55 +00:00
h7x4
2fb06be29f nixos/gitlab: use types.port 2025-09-22 16:46:44 +02:00
h7x4
adccbd9442 nixos/cpuminer-cryptonight: use more accurate int types 2025-09-22 16:36:17 +02:00
h7x4
bda8f77974 nixos/rshim: use more accurate int types 2025-09-22 16:36:16 +02:00
h7x4
5bd07053b4 nixos/gotenberg: use more accurate int types 2025-09-22 16:36:16 +02:00
h7x4
1cd9d47415 nixos/homepage-dashboard: use types.port 2025-09-22 16:33:01 +02:00
h7x4
5137d1adae nixos/taskserver: use types.port 2025-09-22 16:33:00 +02:00
h7x4
4ba3f60b8a various: use mkPackageOption 2025-09-22 02:46:54 +02:00
Thiago Kenji Okada
5bdecea140 nixos/ollama: add network-online.target to ollama-model-loader.service 
This should avoid the service failing to start after switching to a new
configuration because the network service was restarted.
 2025-09-16 10:17:14 +01:00
xgroleau
810154770f nixos/ntfy: add environmentFile option for secrets 2025-09-08 23:08:44 +02:00
Haylin Moore
cf540f8c98 treewide/nixos: move number typed port options to types.port 2025-09-08 15:27:19 +02:00
h7x4
e3a7138a82 nixos/gitea: enable hardware watchdog 2025-09-05 15:46:04 +02:00
h7x4
3322199983 nixos/gitea: use systemd service type notify 2025-09-05 15:46:04 +02:00
Sandro
e2adef4c23 nixos/paperless: add missing default to domain (#439217) 2025-09-03 11:33:30 +02:00
Aaron Andersen
70320e3e8f nixos/zookeeper: replace outdated log4j with logback.xml (#434309) 2025-09-02 11:14:45 -04:00
Sandro Jäckel
e97d6a77e1 nixos/paperless: add missing default to domain 2025-09-02 13:43:20 +02:00
lassulus
71acfb3caf spoolman: init service (#435272) 2025-09-02 12:01:19 +01:00
MayNiklas
a949c93c68 spoolman: add doc for env variables 2025-09-01 22:19:40 +02:00
Sandro
dc85fea675 angrr: init at 0.1.1 (#439121) 2025-09-01 17:53:41 +02:00
Felix Bargfeldt
46f48b2322 nixos/radicle: add httpd.aliases option (#438689) 2025-09-01 16:46:58 +02:00
Lin Yinfeng
1b0478e165 angrr: init at 0.1.1 
Also add a nixos module and a nixos test.
 2025-09-01 22:17:22 +08:00
Sandro
b62d48b281 nixos/paperless: add configureNginx option (#385637) 2025-08-31 21:05:16 +02:00
M0ustach3
ad0a9957f5 nixos/memos: init module 2025-08-31 12:34:20 +02:00
Defelo
8b4862c608 nixos/radicle: add httpd.aliases option 2025-08-30 20:15:07 +02:00
Niklas
9d46cdc9f3 Merge branch 'master' into init-spoolman-service 2025-08-27 09:23:47 +02:00
Sandro Jäckel
cb12d15124 nixos/gotenberg: allow another syscall which caused a coredump while doing further testing 2025-08-26 18:01:29 +02:00
Sandro Jäckel
53fb369dfa nixos/paperless: update link 2025-08-26 17:19:38 +02:00
Sandro Jäckel
9f09125d21 nixos/gotenberg: fix typos 2025-08-26 17:19:38 +02:00
Sandro Jäckel
e5143301e2 nixos/gotenberg: fix starting chromium 
[Tue Aug 26 16:12:02 2025] audit: type=1326 audit(1756217587.085:126): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=3124193 comm="chromium" exe="/nix/store/xrjg398ps4mkbpsz66kpjgqfzfjpm2cr-chromium-unwrapped-139.0.7258.127/libexec/chromium/chromium" sig=31 arch=c000003e syscall=330 compat=0 ip=0x7f001d2c4afb code=0x80000000
 2025-08-26 16:31:36 +02:00
Sandro Jäckel
4de77741a5 nixos/paperless: add configureNginx option 2025-08-26 01:29:16 +02:00
Sandro
86eba14c1a homepage-dashboard: 1.3.2 -> 1.4.6 (#430906) 2025-08-26 01:02:04 +02:00
dish
970dcca69c treewide: Fix links in module documentation 2025-08-25 12:55:11 -04:00
Sandro
41f8354555 paperless-ngx: 2.17.1 -> 2.18.1 (#434598) 2025-08-22 15:15:59 +02:00
Sandro Jäckel
06db824d91 paperless-ngx: 2.17.1 -> 2.18.1 
Changelog: https://github.com/paperless-ngx/paperless-ngx/releases/tag/v2.18.0
Changelog: https://github.com/paperless-ngx/paperless-ngx/releases/tag/v2.18.1
 2025-08-22 15:11:21 +02:00
MayNiklas
977c55de24 spoolman: init service 2025-08-20 22:39:14 +02:00
Pol Dellaiera
bc36d3ac43 maintainers: drop drupol 2025-08-20 17:54:38 +02:00