gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
291,152 Commits 9 Branches 0 Tags
dbf91bc2f12e80dd1933261e049b801d1a626a4e
Commit Graph

17192 Commits

Author SHA1 Message Date
talyz
dbf91bc2f1 nixos/keycloak: keycloak.database* -> keycloak.database.* 
Move all database options to their own group / attribute. This makes
the configuration clearer and brings it in line with most other modern
modules.
 2021-05-21 13:09:32 +02:00
talyz
83e406e97a nixos/keycloak: frontendUrl always needs to be suffixed with / 
In some places, Keycloak expects the frontendUrl to end with `/`, so
let's make sure it always does.
 2021-05-21 13:09:25 +02:00
talyz
58614f8416 nixos/keycloak: Add myself to maintainers 2021-05-21 13:09:19 +02:00
talyz
d748c86389 nixos/keycloak: Improve readablility by putting executables in PATH 2021-05-21 13:09:14 +02:00
talyz
8309368e4c nixos/keycloak: Set umask before copying sensitive files 
`install` copies the files before setting their mode, so there could
be a breif window where the secrets are readable by other users
without a strict umask.
 2021-05-21 13:09:09 +02:00
talyz
c2bebf4ee2 nixos/keycloak: Improve bash error handling 2021-05-21 13:09:03 +02:00
talyz
d6727d28e1 nixos/keycloak: Set the postgresql database password securely 
Feeding `psql` the password on the command line leaks it through the
`psql` process' `/proc/<pid>/cmdline` file. Using `echo` to put the
command in a file and then feeding `psql` the file should work around
this, since `echo` is a bash builtin and thus shouldn't spawn a new
process.
 2021-05-21 13:08:53 +02:00
Thiago Kenji Okada
c96586d63f nixos/noisetorch: init 
NoiseTorch needs setcap set to 'cap_sys_resource=+ep' to work correctly
accordingly to the README.md:

https://github.com/lawl/NoiseTorch#download--install

So this PR adds it.
 2021-05-20 14:15:20 -07:00
legendofmiracles
af0a54285e nixos/terraria: open ports in the firewall 2021-05-20 12:11:08 -07:00
Guillaume Girol
0d5fa1cff3 Merge pull request #120622 from symphorien/duplicity-master 
nixos/duplicity: enable to prevent backup from growing infinitely
 2021-05-20 19:00:59 +00:00
Jonas Chevalier
30c021fa15 Merge pull request #123744 from hercules-ci/init-ghostunnel 
ghostunnel: init
 2021-05-20 20:58:41 +02:00
Emery Hemingway
520b4a8496 nixos: convert netatalk to settings-style configuration 
Also, set StateDirectory in systemd.….serviceConfig.
 2021-05-20 17:39:28 +02:00
Robert Hensing
dc9cb63de4 nixos/ghostunnel: init 2021-05-20 10:41:52 +02:00
Christoph Hrdinka
57acb6f9f7 Merge pull request #123598 from pschyska/master 
nixos/nsd: make nsd-checkconf work when configuration contains keys (#118140)
 2021-05-20 10:41:30 +02:00
Maximilian Bosch
3f3cec6d9e clickhouse: 20.11.4.13-stable -> 21.3.11.5-lts 
Failing Hydra build: https://hydra.nixos.org/build/143269865
ZHF #122042
 2021-05-19 14:08:46 -07:00
Gabriel Gonzalez
8e9d803bac Fix description for services.kubernetes.addonManager.enable (#71448) 
`mkEnableOption` already prefixes the description with
"Whether to enable"
 2021-05-19 13:49:27 -07:00
Paul Schyska
69202853ea nixos/nsd: make nsd-checkconf work when configuration contains keys 2021-05-19 18:21:10 +02:00
Martin Weinelt
446c97f96f Merge pull request #123355 from Ma27/bump-matrix-synapse 2021-05-19 18:12:14 +02:00
Jan Tojnar
a858f1a90d Merge pull request #123507 from jtojnar/no-flatpak-guipkgs 
nixos/flatpak: Remove `guiPackages` internal option
 2021-05-19 16:33:56 +02:00
Guillaume Girol
41c7fa448f nixos/duplicity: add options to exercise all possible verbs 
except restore ;)
 2021-05-19 12:00:00 +00:00
Michele Guerini Rocco
376eabdac3 Merge pull request #123254 from rnhmjoj/ipsec 
libreswan: 3.2 -> 4.4
 2021-05-19 13:36:04 +02:00
talyz
380b52c737 nixos/keycloak: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:28 +02:00
talyz
88b76d5ef9 nixos/mpd: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead.
 2021-05-19 09:32:22 +02:00
talyz
3a29b7bf5b nixos/mpdscribble: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:17 +02:00
talyz
7842e89bfc nixos/gitlab: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:12 +02:00
talyz
38398fade1 nixos/discourse: Use replace-secret to avoid leaking secrets 
Using `replace-literal` to insert secrets leaks the secrets through
the `replace-literal` process' `/proc/<pid>/cmdline`
file. `replace-secret` solves this by reading the secret straight from
the file instead, which also simplifies the code a bit.
 2021-05-19 09:32:06 +02:00
Jörg Thalheim
5b4915fb7a Merge pull request #110927 from Izorkin/fix-qemu-ga 
nixos/qemu-guest-agent: fix start service
 2021-05-19 05:42:06 +01:00
Aaron Andersen
58ddbfa71d Merge pull request #118395 from jwygoda/grafana-google-oauth2 
grafana: add google oauth2 config
 2021-05-18 23:11:24 -04:00
Martin Weinelt
a8f71f069f Merge pull request #123006 from mweinelt/postgresqlbackup-startat 
nixos/postgresqlBackup: allow defining multiple times to start at
 2021-05-19 01:54:38 +02:00
Martin Weinelt
4c798857e2 Merge pull request #100274 from hax404/prometheus-xmpp-alerts 2021-05-19 01:36:28 +02:00
Georg Haas
03c092579a prometheus-xmpp-alerts: apply RFC 42 2021-05-19 01:08:38 +02:00
Pamplemousse
037e51702e nixos/services/foldingathome: Add an option to set the "nice level" (#122864) 
Signed-off-by: Pamplemousse <xav.maso@gmail.com>
 2021-05-18 18:44:52 +02:00
Maciej Krüger
7458dcd956 Merge pull request #75242 from mkg20001/cjdns-fix 
services.cjdns: add missing, optional login & peerName attribute
 2021-05-18 18:22:29 +02:00
Robert Schütz
d189df235a Merge pull request #122241 from dotlambda/znc-harden 
nixos/znc: harden systemd unit
 2021-05-18 17:44:14 +02:00
Maciej Krüger
7409f9bab3 services.cjdns: add missing, optional login & peerName attribute 2021-05-18 17:39:04 +02:00
Ashlynn Anderson
903665f31c nixos/self-deploy: init (#120940) 
Add `self-deploy` service to facilitate continuous deployment of NixOS
configuration from a git repository.
 2021-05-18 08:29:37 -07:00
Maciej Krüger
362ca08510 Merge pull request #123448 from mweinelt/phosh-pam 
nixos/phosh: Fix PAM configuration
 2021-05-18 17:26:21 +02:00
Martin Weinelt
ec9cfba2d3 nixos/phosh: Fix unrestricted login because of insecure PAM config 
The PAM config deployed would not check anything meaningful. Remove it
and rely on the defaults in the security.pam module to fix login with
arbitrary credentials.

Resolves: #123435
 2021-05-18 16:39:03 +02:00
Jan Tojnar
1b1faeb2db Merge pull request #86288 from worldofpeace/gnome-doc 
nixos/gnome3: add docs
 2021-05-18 14:19:33 +02:00
Jan Tojnar
ed47351533 nixos/flatpak: Remove guiPackages internal option 
It was basically just a `environment.systemPackages` synonym,
only GNOME used it, and it was stretching the responsibilities
of the flatpak module too far.

It also makes it cleaner to avoid installing the program
using GNOME module’s `excludePackages` option.

Partially reverts: https://github.com/NixOS/nixpkgs/pull/101516
Fixes: https://github.com/NixOS/nixpkgs/issues/110310
 2021-05-18 14:06:23 +02:00
Michael Raskin
02ba3238d2 Merge pull request #123053 from pschyska/master 
atop, netatop, nixos/atop: improve packaging and options
 2021-05-18 10:54:13 +00:00
rnhmjoj
1a4db01c84 nixos/libreswan: update for version 4.x 
- Use upstream unit files
- Remove deprecated config options
- Add option to disable redirects
- Add option to configure policies
 2021-05-18 08:13:36 +02:00
Vincent Haupert
faeb9e3233 nixos/networkd: add missing [DHCPServer] options 
`systemd.network.networks.*.dhcpServerConfig` did not accept all of
the options which are valid for networkd's [DHCPServer] section. See
systemd.network(5) of systemd 247 for details.
 2021-05-17 18:30:37 +02:00
ajs124
e2cf342ba9 nixos/security/apparmor: utillinux -> util-linux 2021-05-17 17:14:08 +02:00
Robert Schütz
a22ebb6d6d Merge pull request #123017 from DavHau/davhau-scikitlearn 
python3Packages.scikitlearn: rename to scikit-learn
 2021-05-17 15:13:33 +02:00
ajs124
8e78793029 nixos/tasks/filesystems: utillinux -> util-linux 2021-05-17 14:47:57 +02:00
Maximilian Bosch
2addab5fd6 nixos/matrix-synapse: room_invite_state_types was deprecated and room_prejoin_state is used now 
See https://github.com/matrix-org/synapse/blob/release-v1.34.0/UPGRADE.rst#upgrading-to-v1340
 2021-05-17 13:45:28 +02:00
Jörg Thalheim
b900661f6e Merge pull request #122825 from Izorkin/update-duplicates-systemcallfilters 
treewide: remove duplicates SystemCallFilters
 2021-05-17 12:06:06 +01:00
DavHau
cd8f3e6c44 python3Packages.scikitlearn: rename to scikit-learn 2021-05-17 17:41:36 +07:00
Eelco Dolstra
c3b27282d7 Merge pull request #123272 from kini/nixos/security.pki/pems-without-final-newline 
nixos/security.pki: handle PEMs w/o a final newline
 2021-05-17 11:14:03 +02:00