| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
nixos/amazon-init.nix: add git/tar/gz, fix AMI configuration
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
nixos/unit: fix attrs
|
| | | | |
|
| |/ /
| |
| |
| | |
This makes the error message greppable.
|
| |\ \
| |/
|/| |
sway: 1.2 -> 1.4, wlroots: 0.8.1 -> 0.10.0
|
| | |
| |
| |
| |
| | |
The default changed in Sway 1.3 from rxvt_unicode to alacritty. For
backward compatibility we'll install both terminal emulators by default.
|
| |\ \
| | |
| | | |
nixos/docs: Fix nixos-install --system command
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
virtualization/amazon-init: log multiple nix channels, fix nix path.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The missing `\n` in the printf format string prevented multiple channels from
being logged.
The missing `nixpkgs=` in the `NIX_PATH` prevented `nixos-rebuild` from working
if the system configuration has any reference to `nixpkgs`.
Additionally:
* Use process substitution instead of piping printf to avoid creating a subshell.
* Set an empty `IFS` to avoid word splitting.
* Add the `-r` flag to `read` to avoid mangling backslashes.
|
| |\ \ \ \
| | | | |
| | | | | |
nixos/roundcube: security improvements
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
fixes this warning:
WARNING: Mimetype to file extension mapping doesn't work properly!
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The php installer creates a random one, but we bypass it, so we have
to create one ourselves.
This should be backward compatible as encryption is used for session
cookies only: users at the time of the upgrade will be logged out but
nothing more.
https://github.com/roundcube/roundcubemail/blob/259b7fa0650fea9320b38cb17c4e80497acae7a3/config/config.inc.php.sample#L73
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If the database is local, use postgres peer authentication.
Otherwise, use a password file.
Leave database initialisation to postgresql.ensure*.
Leave /var/lib/roundcube creation to systemd.
Run php upgrade script as unpriviledged user.
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
nixos/syncthing.nix: Sandbox the systemd service.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Using systemd sandboxing features to harden the syncthing service.
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
systemd-networkd: add configuration for XFRM interfaces
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* nixos/buildkite: drop user option
This reverts 8c6b1c3eaaa8b555bddaced3ab6f02695bef1541.
Turns out, buildkite-agent has logic to write .ssh/known_hosts files and
only really works when $HOME and the user homedir are in sync.
On top of that, we provision ssh keys in /var/lib/buildkite-agent, which
doesn't work if that other users' homedir points elsewhere (we can cheat
by setting $HOME, but then getent and $HOME provide conflicting
results).
So after all, it's better to only run the system-wide buildkite agent as
the "buildkite-agent" user only - if one wants to run buildkite as
different users, systemd user services might be a better fit.
* nixosTests.buildkite-agent: add node with separate user and no ssh key
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* properly expand the command using arrays instead of strings
* also handle sudo on the localhost
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
was broken by 4371ecb8a61f672b3bbf82fca32efbb418a3730f due to the
switch to buildGoModule
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
There is no need to stop/start the unit when the machine is online or
offline.
This should fix the shutdown locking issues.
nixos zerotier: sometimes it doesn't shutdown
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
unit: 1.13.0 -> 1.14.0
|
| | | | | | | | | |
|
| |\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
nixos/multitouch: remove (properly known as mtrack)
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
On numerous occasions I have seen users mistake this
module as libinput because it being called "multitouch"
and them being unaware that the actually module they want
is libinput. They then run into several decrepit bugs due
to the completely out-of-date nature of the underlying package.
The underlying package hasn't been changed to an up-to-date
fork in a period of 8 years. I don't consider this to be production quality.
However, I'm not opposed for the module being readded to NixOS
with new packaging, and a better name.
|
| |\ \ \ \ \ \ \ \ \
| |_|_|_|/ / / / /
|/| | | | | | | | |
nixos/traceroute: init
|
| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | |
| | | | | | | | | | |
nixos/buildkite: add option to configure user, add nix-required packages to runtime, add test
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
When only cloning public repos, or when the ssh key is provided by
different means, we don't need to manage it here.
|
| | | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
These are required for nix to do builtins.fetchTarball and
builtins.fetchGit, so most likely we want them to be around.
|
| | | | | | | | | | | |
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This allows buildkite-agent to run as another user.
It'll still run builds from /var/lib/buildkite-agent and setup things in
there.
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Some things were provided by default, some by systemd unit and some
were just miraculously working. This turns them into explicit
dependencies of the package itself, making everything properly
overrideable.
+ providing glibcLocales fixes elixir compile warnings
+ providing systemd dependency allows rabbit to use systemctl for unit
activation check instead of falling back to sleep. This was seen as
a warning during startup.
|
| |\ \ \ \ \ \ \ \ \ \
| |/ / / / / / / / /
|/| | | | | | | | | |
test-driver.py: Share the shared dir between VMs
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
The docstring says it uses a directory shared among all vms, although
that doesn't seem necessary for the functionality. However, it does need
to be consistent between the guest and host.
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This changes the python test driver to match the behavior of the perl
test driver. I.e. the directory mounted into /tmp/shared should be the
same for all machines.
This probably fixes many tests, but I found this while investigating
failures in nixos/tests/ceph-multi-node.nix.
|
| |\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
nixos/tests/certmgr: Fix file permissions
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
This test has been broken since 2a413da57efc4, which stopped running the
nginx master process as root.
|
| |\ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | |
| | | | | | | | | | | | |
nixos/buildkite-agent: move to v3
|
| | | | | | | | | | | | | |
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
This is called tags in the buildkite 3.
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
This gets passed to BUILDKITE_SHELL, which will specify the shell being
used to executes script in.
Defaults to `${pkgs.bash}/bin/bash -e -c`, matching how buildkite
behaves on other distros.
|
| | | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
This improves behaviour when the service is being stopped.
|