| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |\
| |
| | |
nixos/syncthing.nix: Sandbox the systemd service.
|
| | |
| |
| |
| | |
Using systemd sandboxing features to harden the syncthing service.
|
| |\ \
| | |
| | | |
systemd-networkd: add configuration for XFRM interfaces
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* nixos/buildkite: drop user option
This reverts 8c6b1c3eaaa8b555bddaced3ab6f02695bef1541.
Turns out, buildkite-agent has logic to write .ssh/known_hosts files and
only really works when $HOME and the user homedir are in sync.
On top of that, we provision ssh keys in /var/lib/buildkite-agent, which
doesn't work if that other users' homedir points elsewhere (we can cheat
by setting $HOME, but then getent and $HOME provide conflicting
results).
So after all, it's better to only run the system-wide buildkite agent as
the "buildkite-agent" user only - if one wants to run buildkite as
different users, systemd user services might be a better fit.
* nixosTests.buildkite-agent: add node with separate user and no ssh key
|
| | | |
| | |
| | |
| | |
| | | |
* properly expand the command using arrays instead of strings
* also handle sudo on the localhost
|
| | | |
| | |
| | |
| | |
| | | |
was broken by 4371ecb8a61f672b3bbf82fca32efbb418a3730f due to the
switch to buildGoModule
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There is no need to stop/start the unit when the machine is online or
offline.
This should fix the shutdown locking issues.
nixos zerotier: sometimes it doesn't shutdown
|
| |\ \ \
| | | |
| | | | |
unit: 1.13.0 -> 1.14.0
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
nixos/multitouch: remove (properly known as mtrack)
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
On numerous occasions I have seen users mistake this
module as libinput because it being called "multitouch"
and them being unaware that the actually module they want
is libinput. They then run into several decrepit bugs due
to the completely out-of-date nature of the underlying package.
The underlying package hasn't been changed to an up-to-date
fork in a period of 8 years. I don't consider this to be production quality.
However, I'm not opposed for the module being readded to NixOS
with new packaging, and a better name.
|
| |\ \ \ \ \
| |_|_|_|/
|/| | | | |
nixos/traceroute: init
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
nixos/buildkite: add option to configure user, add nix-required packages to runtime, add test
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
When only cloning public repos, or when the ssh key is provided by
different means, we don't need to manage it here.
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
These are required for nix to do builtins.fetchTarball and
builtins.fetchGit, so most likely we want them to be around.
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This allows buildkite-agent to run as another user.
It'll still run builds from /var/lib/buildkite-agent and setup things in
there.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Some things were provided by default, some by systemd unit and some
were just miraculously working. This turns them into explicit
dependencies of the package itself, making everything properly
overrideable.
+ providing glibcLocales fixes elixir compile warnings
+ providing systemd dependency allows rabbit to use systemctl for unit
activation check instead of falling back to sleep. This was seen as
a warning during startup.
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
test-driver.py: Share the shared dir between VMs
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The docstring says it uses a directory shared among all vms, although
that doesn't seem necessary for the functionality. However, it does need
to be consistent between the guest and host.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This changes the python test driver to match the behavior of the perl
test driver. I.e. the directory mounted into /tmp/shared should be the
same for all machines.
This probably fixes many tests, but I found this while investigating
failures in nixos/tests/ceph-multi-node.nix.
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
nixos/tests/certmgr: Fix file permissions
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This test has been broken since 2a413da57efc4, which stopped running the
nginx master process as root.
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
nixos/buildkite-agent: move to v3
|
| | | | | | | | | |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This is called tags in the buildkite 3.
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This gets passed to BUILDKITE_SHELL, which will specify the shell being
used to executes script in.
Defaults to `${pkgs.bash}/bin/bash -e -c`, matching how buildkite
behaves on other distros.
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This improves behaviour when the service is being stopped.
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
We were currently just using pkgs.buildkite-agent, no matter what was
configured in services.buildkite-agent.package
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
optional.
SSH public keys aren't needed to clone private repos, and if we only
need to configure a single attribute, there's no need for the "openssh"
attrset anymore.
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nixos/unclutter: fix old typo
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
nixos/doc: suggest checking options for declarative package mgmt
|
| | | |_|_|/ / / / /
| |/| | | | | | |
| | | | | | | | |
| | | | | | | | | |
Some programs might not work without systemd services registered or do not work at full capacity without NixOS module.
|
| |\ \ \ \ \ \ \ \ \
| |_|_|_|_|_|/ / /
|/| | | | | | | | |
gdm: refactor to properly handle wayland sessions
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This actually gets added via xdg.portal having gnome-shell.
However, that could change and it still for sure should be here.
|
| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| |/ / / / / / / /
|/| | | | | | | | |
way-cooler: Remove
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
As of 2020-01-09, way-cooler is officially dead:
http://way-cooler.org/blog/2020/01/09/way-cooler-post-mortem.html
hence, remove the package and the module.
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
docs/release-notes: remove way-cooler
way-cooler: show warnings about removal
Apply suggestions from code review
Co-Authored-By: worldofpeace <worldofpeace@protonmail.ch>
way-cooler: add suggestion by @Infinisil
|
| |\ \ \ \ \ \ \ \ \
| |_|_|_|/ / / / /
|/| | | | | | | | |
nixos/systemd-lib: don't fail on systemd.packages duplicates
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
In some cases like we've noticed in https://github.com/NixOS/nixpkgs/issues/76169,
having duplicate packages in systemd.packages like
```
systemd.packages = [ gnome-shell gnome-shell gnome-session ];
```
breaks.
Here we use an associative array to ensure no
duplicate paths when we symlink all the units listed
in systemd.packages.
|
| |\ \ \ \ \ \ \ \ \
| |_|_|_|/ / / / /
|/| | | | | | | | |
nixos/test: added verbose output for failed tests
|
| | | |_|_|_|_|_|/
| |/| | | | | | |
|
| | | | | | | | | |
|
| | |_|_|_|_|/ /
|/| | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
This creates setcap wrappers for oping and noping to allow unprivileged
users to use those as well.
|