Commit Graph

36610 Commits

Author SHA1 Message Date
Yureka
b0206f9bf9 nixos/sudo: enable by default
The default was accidentally changed to false in #262790
2023-11-10 03:30:39 +01:00
Will Fancher
c20ad5d379
Merge pull request #266369 from SuperSandro2000/systemd-unit-empty-lines
systemd-lib: cleanup empty lines in unit files
2023-11-09 16:49:11 -05:00
Arnout Engelen
97b0ae26f7
doc: avoid 'simply' (#266434)
While the word 'simply' is usually added to encourage readers, it often has the
opposite effect and may even appear condescending, especially when the reader
runs into trouble trying to apply the suggestions from the documentation. It is
almost always an improvement to simply drop the word from the sentence.

(there are more possible improvements like this, we can apply those in separate
PRs)
2023-11-09 21:48:05 +01:00
Pierre Bourdon
b75b355b50
Merge pull request #262790 from nbraud/nixos/sudo
nixos/sudo: bring in line with release notes
2023-11-09 16:53:02 +01:00
Bernardo Meurer
22e859ae44
Merge pull request #266264 from hercules-ci/nix-stable-2.18
nix: 2.17.1 -> 2.18.1
2023-11-09 12:39:44 -03:00
Thiago Kenji Okada
da8c62363e
Merge pull request #266310 from Atry/patch-4
azure-agent: add dependencies for its extensions
2023-11-09 09:52:10 +00:00
Will Fancher
2f73652c34
Merge pull request #240651 from accelbread/postresumecommands
nixos/boot: add postResumeCommands option
2023-11-09 04:22:05 -05:00
Sandro Jäckel
ae0bbc00e8
systemd-lib: cleanup empty lines in unit files 2023-11-09 02:08:57 +01:00
Robert Hensing
6381cc0525 nix: 2.17.1 -> 2.18.1 2023-11-08 23:19:33 +01:00
Yang, Bo
b5c2407d56 nixos/doc: release notes for virtualisation.googleComputeImage.efi 2023-11-08 21:05:21 +01:00
Yang, Bo
1ce985242c google-compute-image: support NVMe and UEFI 2023-11-08 21:05:21 +01:00
nicoo
b942382216 nixos/sudo: refactor processing of cfg.extraRules 2023-11-08 19:41:39 +00:00
nicoo
1852b67bc6 nixos/sudo: Make the default rules' options configurable 2023-11-08 19:41:39 +00:00
nicoo
93011e31bd nixos/sudo: Handle root's default rule through extraRules
This makes things more uniform; moreover, users can now inject rules before this.
2023-11-08 19:41:39 +00:00
nicoo
097115485a nixos/terminfo: Simplify sudo-related option 2023-11-08 19:41:38 +00:00
nicoo
77ed368b20 nixos/sudo: Refactor option definitions 2023-11-08 19:41:38 +00:00
nicoo
19e1420e13 nixos/sudo: Move support for pam_ssh_agent_auth(8) to PAM's NixOS module 2023-11-08 19:41:37 +00:00
Felix Bühler
7aaa664cc2
Merge pull request #263054 from uninsane/pr-trust-dns-0.24.0
trust-dns: 0.23.0 -> 0.24.0
2023-11-08 19:35:23 +01:00
Yang, Bo
c4086e5ce9 azure-agent: add dependencies for its extensions
waagent's extension `Microsoft.OSTCExtensions.VMAccessForLinux` requires Python, otherwise it would be failed to install with the following error message in `/var/log/waagent.log`:

```
No Python interpreter found on the box
```

waagent's extension `Microsoft.CPlat.Core.RunCommandLinux` needs lsof, otherwise it would produce the following error message in `/var/log/waagent.log`:

```
/var/lib/waagent/Microsoft.Azure.Extensions.CustomScript-2.1.10/bin/custom-script-shim: line 60: lsof: command not found
```
2023-11-08 17:54:08 +00:00
Caleb
c4d3afef06
wyoming-faster-whisper fix CUDA devices not being detected. (#266167)
This change enables CUDA support by allowing access to /dev/nvidia0.
2023-11-08 13:34:26 +01:00
Ryan Lahfa
bc2b72df73
Merge pull request #264234 from guiguid/guiguid-patch-netdata-systemd-journal
netdata: 1.43.0 -> 1.43.2 and add systemd-journal plugin
2023-11-08 13:30:43 +01:00
K900
63fe80d8d5
Merge pull request #266093 from K900/pipe-systemd-cat
treewide: replace `<command> | systemd-cat` with `systemd-cat <command>`
2023-11-08 11:28:44 +03:00
Will Fancher
eaad9ece24
Merge pull request #266116 from ElvishJerricco/sd-s1-user-shells-fix-warning
nixos/initrd-ssh: Only warn about shell when using systemd initrd
2023-11-07 21:25:21 -05:00
Rodrigo Gryzinski
23a5f1f80d nixos/wireguard: add wireguard to default kernel modules
Previously the module was only dynamically loaded on service startup,
this is needed in case security.lockKernelModules is enabled.
2023-11-07 22:02:51 -03:00
Robert Hensing
87391b681f
Merge pull request #265836 from hercules-ci/nixosTests-no-surprises
nixos/testing/nodes: Do allow aliases
2023-11-08 00:55:32 +01:00
Artturi
c1cfba583d
Merge pull request #260050 from 6t8k/nixos-test-openssh-wait-for-sshd 2023-11-08 01:00:37 +02:00
Artturi
d24da52844
Merge pull request #265764 from amjoseph-nixpkgs/pr/pythonForBuild 2023-11-08 00:13:25 +02:00
Weijia Wang
1dab6eb2ea nixosTests.shattered-pixel-dungeon: use wait_for_text 2023-11-07 19:33:16 +00:00
Will Fancher
03f089e11d nixos/initrd-ssh: Only warn about shell when using systemd initrd 2023-11-07 13:28:31 -05:00
emilylange
03e7a22654 nixosTests.gitea: remove emilylange from maintainers
I no longer contribute to this test nor do I plan to do so in the
future.
My contributions moved to nixosTests.forgejo, after we (nixpkgs) decided
to split the gitea and forgejo nixpkgs modules.
2023-11-07 19:10:56 +01:00
K900
9843bbbeee treewide: replace <command> | systemd-cat with systemd-cat <command>
The former swallows exit codes, the latter doesn't.
2023-11-07 21:08:23 +03:00
Ryan Lahfa
0cd6f66fb7
Merge pull request #247376 from RageKnify/fix/smartd-mail 2023-11-07 18:00:56 +01:00
K900
68b237a102
Merge pull request #265818 from K900/vaultwarden-1.30.0
Vaultwarden 1.30.0
2023-11-07 20:00:18 +03:00
Kerstin Humm
39f6f3e96a nixos/mobilizon: fix integration test by using postgresql_14 2023-11-07 16:29:40 +00:00
K900
7d4e359579 nixos/tests/vaultwarden: fix database creation 2023-11-07 18:30:16 +03:00
Atemu
8a8a2a1071
Merge pull request #262565 from Atemu/nixos/firmware-mkEnableOption
nixos/hardware: use mkEnableOption
2023-11-07 15:59:03 +01:00
Maximilian Bosch
0597d1d179 nixos/journald: add storage option
While this can be added via `services.journald.extraConfig`, this option
provides proper type-checking and other modules can determine
where journal data is stored. This is relevant when using e.g. promtail
to send logs to Loki and it should read from `/run/log/journal` if
volatile storage is used.
2023-11-07 14:06:27 +01:00
Florian Brandes
2ed7a5ab59 nixos/virtualization: fix shellcheck login
fixes https://www.shellcheck.net/wiki/SC2002

Signed-off-by: Florian Brandes <florian.brandes@posteo.de>
2023-11-07 13:40:42 +01:00
Janik
22aa256c6c
Merge pull request #264882 from robryk/resticfix
nixos/restic: fix #264696 and add a regression test
2023-11-07 09:46:55 +01:00
Samuel Cormier-Iijima
61bdb29a05
nixos/lib/make-btrfs-fs: Use fakeroot and faketime (#265686) 2023-11-07 02:17:38 +02:00
Jörg Thalheim
a7c984b7a2 nixos/mediawiki: pin php to 8.1 2023-11-06 22:52:42 +01:00
Jörg Thalheim
915ad8a77b nixos/mediawiki: fix rewrites for static ressources and rest API 2023-11-06 22:52:42 +01:00
Martin Weinelt
a3708ce91c
Merge pull request #230380 from graham33/feature/zwave-js-server_module
zwave-js: module init, zwave-js-server: init at 1.33.0
2023-11-06 20:24:56 +01:00
Archit Gupta
2a4b82c461 nixos/boot: add postResumeCommands option
Adds a postResumeCommands option to the initramfs to allow inserting
code to execute after the device has attempted to resume, and before
filesystems are mounted. This allows to inject code for operations like
wiping the rootfs on boot; if those were instead put in
postDeviceCommands, on a hibernated device, they would execute before
the device resumes from hibernation.
2023-11-06 09:50:11 -08:00
Colin
83bf3ed892 trust-dns: 0.23.0 -> 0.24.0
upstream is in the process of renaming to `hickory-dns`.
a consequence of this is that the main binary has been renamed from
`trust-dns` to `hickory-dns` and the repository has been moved (though
for the time being the old repo is still usable on account that it
redirects to the new one).
see: <https://bluejekyll.github.io/blog/posts/announcing-hickory-dns/>
2023-11-06 15:38:23 +00:00
Alyssa Ross
d9105c28c8 nixos/stage-1: create initramfs /lib at build time
Modules built in to the kernel can attempt to load firmware before
init is started.  To guarantee the firmware is accessible to them
where they expect, /lib has to exist in the initramfs — it can't be
created later by init, because by that point the module may already
have tried and given up.
2023-11-06 14:35:34 +01:00
Alyssa Ross
8ab2f09522 nixos/qemu-vm: fix infinite recursion
The virtualisation.directBoot.initrd option was added for netboot
images, but the assertion to check directBoot enabled if it was used
caused an infinite recursion if it was.  Minimal reproduction:

	import nixos/tests/make-test-python.nix ({ pkgs, ... }: {
	  name = "";

	  nodes = {
	    machine = { config, ...}: {
	      imports = [ nixos/modules/installer/netboot/netboot-minimal.nix ];

	      virtualisation.directBoot = {
	        enable = true;
	        initrd = "${config.system.build.netbootRamdisk}/${config.system.boot.loader.initrdFile}";
	      };
	    };
	  };
	  testScript = "";
	}) {}

The fix is to swap the two conditions, so that cfg.directBoot.enable
is checked first, and the initrd comparision will be short circuited.

This wasn't noticed during review because in earlier versions of the
virtualisation.directBoot patch, the assertion was accidentally in the
conditional above, so wasn't evaluated unless port forwarding was in
use.
2023-11-06 13:49:31 +01:00
nicoo
89fd59c12a nixos/vagrant-guest: Set security.sudo-rs.wheelNeedsPassword too 2023-11-06 12:39:04 +01:00
Robert Hensing
ae5cb919f5 nixos/testing/nodes: Do allow aliases
Aliases exist for a reason. Sure it is nice to make sure that
some aliases aren't used within Nixpkgs, but this creates two problems
which are far worse than your failing to meet your neatness compulsions.

- Users encounter missing attributes, https://github.com/NixOS/nixpkgs/issues/264577
  wasting their time, stalling their progress, and even occupying others
  time that would be better spent on fixing *real* issues.

- Hydra doesn't treat evaluation errors seriously enough, with the
  effect that actual relevant test failures are masked by evaluation
  failures such as those caused by this no aliases business.

- We don't even have the infrastructure to get rid of aliases, because
  all warnings in package attributes are disallowed by Nixpkgs CI
  tooling, last I checked.

Before re-disabling this, make sure that

- An actually helpful deprecation process is in place.

- Aliases are still allowed when `nixos-lib.runTests` and
  `pkgs.testers.runNixOSTest` are invoked by external projects.
  For instance, `all-tests.nix` could provide such an
  override (e.g. with `newScope`).
2023-11-06 12:30:28 +01:00
Michele Guerini Rocco
8beca974f9
Merge pull request #263138 from tomfitzhenry/hostapd-optional-managementframeprotection
nixos/hostapd: remove managementFrameProtection in favour of clearer default
2023-11-06 11:17:07 +01:00