about summary refs log tree commit diff
path: root/nixos
Commit message (Collapse)AuthorAge
...
| * | | | | | | | | nixos/udisks2: enable polkitMartin Weinelt2022-03-02
| | | | | | | | | |
| * | | | | | | | | nixos/tests/tinywl: enable polkitMartin Weinelt2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tinywl just segfaults when polkit is missing, probably because it can't access required resources.
| * | | | | | | | | nixos/cage: enable polkitMartin Weinelt2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Wayland requires polkit for access to logind, the tty and the DRI device.
| * | | | | | | | | nixos/xserver: don't require polkitMartin Weinelt2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | X11 itself does not require it and it a desktop environment or any other service requires it, then it should enable it itself.
| * | | | | | | | | nixos/lightdm: enable polkitMartin Weinelt2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Required as visible in the lightdm tests: > Error updating user /org/freedesktop/Accounts/User1001: GDBus.Error:org.freedesktop.Accounts.Error.PermissionDenied: Not authorized: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name org.freedesktop.PolicyKit1 was not provided by any .service files
| * | | | | | | | | nixos/sway: enable polkitMartin Weinelt2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without polkit the tests would stop working.
| * | | | | | | | | nixos/networkmanager: enable polkitMartin Weinelt2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allows user in the networkmanager group to control the daemon.
| * | | | | | | | | nixos/polkit: don't enable by defaultMartin Weinelt2022-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SUID wrappers really shouldn't be enabled by default, unless a consumer relies on them. So in my opinion this falls upon the desktop environments if needed or a user to explicltly enable this if wanted. Most desktop environments and services like CUPS already enable polkit by default, that should really be sufficient.
* | | | | | | | | | Merge pull request #160482 from jansol/pipewireSandro2022-03-05
|\ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | nixos/pipewire: use standalone config when no session manger enabledJan Solanti2022-02-17
| | | | | | | | | | |
| * | | | | | | | | | pipewire: 0.3.45 -> 0.3.46Jan Solanti2022-02-17
| | | | | | | | | | |
* | | | | | | | | | | Merge pull request #162529 from mweinelt/home-assistantMartin Weinelt2022-03-05
|\ \ \ \ \ \ \ \ \ \ \ | |_|_|/ / / / / / / / |/| | | | | | | | | |
| * | | | | | | | | | nixos/tests/home-assistant: drop mqtt testsMartin Weinelt2022-03-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With Home Assistant 2022.3.0 the MQTT configuration cannot be done declaratively anymore, so this test scenario has been rendered moot.
* | | | | | | | | | | Merge pull request #162496 from Baughn/masterPascal Bach2022-03-04
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | pam: Fix google-authenticator reference
| * | | | | | | | | | | pam: Fix google-authenticator referenceSvein Ove Aas2022-03-02
| | |_|_|_|_|_|_|_|_|/ | |/| | | | | | | | |
* | | | | | | | | | | nixos/snowflake-proxy: initYaya2022-03-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit introduces snowflake-proxy [1], a system to circumvent internet censorship. [1] https://snowflake.torproject.org/
* | | | | | | | | | | nixos/earlyoom: remove useKernelOOMKillerNaïm Favier2022-03-04
| |/ / / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This option is deprecated and ignored by earlyoom since 1.2.
* | | | | | | | | | Merge pull request #161838 from helsinki-systems/feat/stc-less-socket-restartsJanne Heß2022-03-04
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | nixos/switch-to-configuration: Document and test handling of socket-activated services
| * | | | | | | | | | nixos/switchTest: Make checks more preciseJanne Heß2022-03-03
| | | | | | | | | | |
| * | | | | | | | | | nixos/switch-to-configuration: Document and test socket-activated servicesJanne Heß2022-03-03
| | | | | | | | | | |
* | | | | | | | | | | nixos/firejail: Fix order of extrsArgs before profile wrappedBinaries optionJonas Heinrich2022-03-03
| | | | | | | | | | |
* | | | | | | | | | | nixos/os-release: generate from attrsetPeter Hoeg2022-03-04
|/ / / / / / / / / /
* | | | | | | | | | Merge pull request #162612 from hercules-ci/update-nixopsUnstableRobert Hensing2022-03-03
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | nixopsUnstable: 2.0.0-pre (2021-12-01) -> 2.0.0-pre (2022-02-21)
| * | | | | | | | | | nixopsUnstable -> nixops_unstableRobert Hensing2022-03-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conform to https://nixos.org/manual/nixpkgs/unstable/#sec-package-naming
* | | | | | | | | | | Merge pull request #161401 from yurrriq/kops-1.22.4Sandro2022-03-03
|\ \ \ \ \ \ \ \ \ \ \
| * | | | | | | | | | | kops: 1.22.2 -> 1.22.4Eric Bailey2022-02-22
| | | | | | | | | | | |
* | | | | | | | | | | | Merge pull request #162582 from JJJollyjim/cntr-testJörg Thalheim2022-03-03
|\ \ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | nixos/tests: fix flaky cntr test
| * | | | | | | | | | | | nixos/tests: fix flaky cntr testJamie McClymont2022-03-03
| | |_|_|/ / / / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cntr sometimes hangs until the 10-hour hydra limit. This behaviour appears to be an edge-case related to the type of TTY in which the cntr command runs during test execution. We can work around this by running the command as a background job. I additionally added a wait_for_open_port to fix nondeterministic test failures I observed after fixing the hanging issue.
* | | | | | | | | | | | nixos/opensnitch: Add options to configure daemonJonas Heinrich2022-03-02
| |_|/ / / / / / / / / |/| | | | | | | | | |
* | | | | | | | | | | nixos/release: disable nfs3.simplezowoq2022-03-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | follow up from 56828530275888e4d79ee64f8ff772bdbfe34637
* | | | | | | | | | | Remove F-PROT package and service module (EoL) (#160372)Renaud2022-03-02
| | | | | | | | | | |
* | | | | | | | | | | nixos/systemd-confinement: Allow shipped unit fileaszlig2022-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In issue #157787 @martined wrote: Trying to use confinement on packages providing their systemd units with systemd.packages, for example mpd, fails with the following error: system-units> ln: failed to create symbolic link '/nix/store/...-system-units/mpd.service': File exists This is because systemd-confinement and mpd both provide a mpd.service file through systemd.packages. (mpd got updated that way recently to use upstream's service file) To address this, we now place the unit file containing the bind-mounted paths of the Nix closure into a drop-in directory instead of using the name of a unit file directly. This does come with the implication that the options set in the drop-in directory won't apply if the main unit file is missing. In practice however this should not happen for two reasons: * The systemd-confinement module already sets additional options via systemd.services and thus we should get a main unit file * In the unlikely event that we don't get a main unit file regardless of the previous point, the unit would be a no-op even if the options of the drop-in directory would apply Another thing to consider is the order in which those options are merged, since systemd loads the files from the drop-in directory in alphabetical order. So given that we have confinement.conf and overrides.conf, the confinement options are loaded before the NixOS overrides. Since we're only setting the BindReadOnlyPaths option, the order isn't that important since all those paths are merged anyway and we still don't lose the ability to reset the option since overrides.conf comes afterwards. Fixes: https://github.com/NixOS/nixpkgs/issues/157787 Signed-off-by: aszlig <aszlig@nix.build>
* | | | | | | | | | | Merge pull request #149689 from Infinisil/types-typeSilvan Mosberger2022-03-02
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Introduce `types.optionType` and use it for `freeformType`
| * | | | | | | | | | | lib.types: Introduce `types.optionType`Silvan Mosberger2022-03-01
| | |_|_|_|_|_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This type correctly merges multiple option types together while also annotating them with file information. In a future commit this will be used for `_module.freeformType`
* | | | | | | | | | | Merge pull request #161008 from rhysmdnz/xoneKevin Cox2022-03-02
|\ \ \ \ \ \ \ \ \ \ \ | |_|_|_|/ / / / / / / |/| | | | | | | | | | xone: init package and module
| * | | | | | | | | | nixos/xone: initRhys Davies2022-02-20
| | | | | | | | | | |
| * | | | | | | | | | xow_dongle-firmware: init at 2017-07Rhys Davies2022-02-20
| | | | | | | | | | |
* | | | | | | | | | | nixos/release tested job: drop `nano` testVladimír Čunát2022-03-01
| |_|_|_|_|/ / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | It doesn't exist since PR #161707 (commit 7ef8df87679).
* | | | | | | | | | Merge pull request #158613 from ConnorBaker/masterRok Garbas2022-03-01
|\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | hadoop: add aarch64 support
| * | | | | | | | | | hadoop: add back dots in names of nixos testsConnor Baker2022-02-23
| | | | | | | | | | |
| * | | | | | | | | | hadoop: add aarch64 supportConnor Baker2022-02-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit also changes the names of the tests for Hadoop so they use dashes instead of dots, and makes the default `hadoop` test what would have been `hadoop-all` after the rename. This change should mean that we're able to run `nix build github:nixos/nixpkgs/master#nixosTests.hadoop` which I was unable to do prior to this change.
* | | | | | | | | | | Merge pull request #155207 from rapenne-s/freshclam_when_internetMaximilian Bosch2022-03-01
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | clamav: start freshclan after network-online target
| * | | | | | | | | | | clamav: remove freshclam service dependencySolene Rapenne2022-02-28
| | | | | | | | | | | |
* | | | | | | | | | | | vsftpd: enable seccomp (#158974)ajs1242022-03-01
| |_|_|/ / / / / / / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * vsftpd: enable seccomp * nixos/tests/vsftpd: add basic test * vsftpd: add test to passthru
* | | | | | | | | | | pkgs-lib: Implement settings format for ElixirMinijackson2022-02-28
| | | | | | | | | | |
* | | | | | | | | | | Merge pull request #161507 from ↵Kim Lindberger2022-02-28
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | talyz/genJqSecretsReplacementSnippet-error-handling genJqSecretsReplacementSnippet: Fix error handling
| * | | | | | | | | | | genJqSecretsReplacementSnippet: Fix error handlingtalyz2022-02-23
| | |_|_|_|/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the previous change that enabled error propagation through `inherit_errexit`, the script would fail if `errexit` was set, but `inherit_errexit` was not. This is due to `shopt -p` exiting with an error if the option is disabled. To work around this, use the exit code instead of the text value returned by `shopt -p`. Fixes #160869.
* | | | | | | | | | | Merge pull request #161929 from martinetd/switchTestJanne Heß2022-02-28
|\ \ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | logrotate: do not enable logrotate.service itself
| * | | | | | | | | | | nixosTests.switchTest: fix race condition on /testpathNaïm Favier2022-02-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the test-watch.service gets started in a loop as long as /testpath exists, so `rm /testpath /testpath-modified` runs into a race condition where if the service was just getting activated, it will create /testpath-modified and make the test fail. This is fixed by making the service RemainAfterExit so that it only starts once, and stopping it manually after we remove /testpath.
| * | | | | | | | | | | logrotate: do not enable logrotate.service itselfDominique Martinet2022-02-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | logrotate.timer is enough for rotating logs. Enabling logrotate.service would make the service start on every configuration switch, leading to tests failure when logrotate is enabled. Also update test to make sure the timer is active and runs the service on date change.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-21 18:09:57 +0000