Merge branch 'master' into staging
This commit is contained in:
commit
c7142c1aa3
@ -105,8 +105,12 @@ rec {
|
||||
/* Massage a module into canonical form, that is, a set consisting
|
||||
of ‘options’, ‘config’ and ‘imports’ attributes. */
|
||||
unifyModuleSyntax = file: key: m:
|
||||
let metaSet = if m ? meta
|
||||
then { meta = m.meta; }
|
||||
else {};
|
||||
in
|
||||
if m ? config || m ? options then
|
||||
let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file"]; in
|
||||
let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file" "meta"]; in
|
||||
if badAttrs != {} then
|
||||
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by assignments to the top-level attributes `config' or `options'."
|
||||
else
|
||||
@ -114,14 +118,14 @@ rec {
|
||||
key = toString m.key or key;
|
||||
imports = m.imports or [];
|
||||
options = m.options or {};
|
||||
config = m.config or {};
|
||||
config = mkMerge [ (m.config or {}) metaSet ];
|
||||
}
|
||||
else
|
||||
{ file = m._file or file;
|
||||
key = toString m.key or key;
|
||||
imports = m.require or [] ++ m.imports or [];
|
||||
options = {};
|
||||
config = removeAttrs m ["key" "_file" "require" "imports"];
|
||||
config = mkMerge [ (removeAttrs m ["key" "_file" "require" "imports"]) metaSet ];
|
||||
};
|
||||
|
||||
applyIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then
|
||||
@ -503,19 +507,25 @@ rec {
|
||||
/* Return a module that causes a warning to be shown if the
|
||||
specified option is defined. For example,
|
||||
|
||||
mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ]
|
||||
mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] "<replacement instructions>"
|
||||
|
||||
causes a warning if the user defines boot.loader.grub.bootDevice.
|
||||
|
||||
replacementInstructions is a string that provides instructions on
|
||||
how to achieve the same functionality without the removed option,
|
||||
or alternatively a reasoning why the functionality is not needed.
|
||||
replacementInstructions SHOULD be provided!
|
||||
*/
|
||||
mkRemovedOptionModule = optionName:
|
||||
mkRemovedOptionModule = optionName: replacementInstructions:
|
||||
{ options, ... }:
|
||||
{ options = setAttrByPath optionName (mkOption {
|
||||
visible = false;
|
||||
});
|
||||
config.warnings =
|
||||
let opt = getAttrFromPath optionName options; in
|
||||
optional opt.isDefined
|
||||
"The option definition `${showOption optionName}' in ${showFiles opt.files} no longer has any effect; please remove it.";
|
||||
optional opt.isDefined ''
|
||||
The option definition `${showOption optionName}' in ${showFiles opt.files} no longer has any effect; please remove it.
|
||||
${replacementInstructions}'';
|
||||
};
|
||||
|
||||
/* Return a module that causes a warning to be shown if the
|
||||
|
@ -25,14 +25,10 @@ effect after you run <command>nixos-rebuild</command>.</para>
|
||||
<xi:include href="linux-kernel.xml" />
|
||||
<xi:include href="grsecurity.xml" />
|
||||
|
||||
<!-- FIXME: auto-include NixOS module docs -->
|
||||
<xi:include href="postgresql.xml" />
|
||||
<xi:include href="gitlab.xml" />
|
||||
<xi:include href="taskserver.xml" />
|
||||
<xi:include href="acme.xml" />
|
||||
<xi:include href="input-methods.xml" />
|
||||
<xi:include href="emacs.xml" />
|
||||
<xi:include href="modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
|
||||
|
||||
<!-- Apache; libvirtd virtualisation -->
|
||||
|
||||
</part>
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ pkgs, options, version, revision, extraSources ? [] }:
|
||||
{ pkgs, options, config, version, revision, extraSources ? [] }:
|
||||
|
||||
with pkgs;
|
||||
|
||||
@ -51,6 +51,14 @@ let
|
||||
|
||||
sources = lib.sourceFilesBySuffices ./. [".xml"];
|
||||
|
||||
modulesDoc = builtins.toFile "modules.xml" ''
|
||||
<section xmlns:xi="http://www.w3.org/2001/XInclude" id="modules">
|
||||
${(lib.concatMapStrings (path: ''
|
||||
<xi:include href="${path}" />
|
||||
'') (lib.catAttrs "value" config.meta.doc))}
|
||||
</section>
|
||||
'';
|
||||
|
||||
copySources =
|
||||
''
|
||||
cp -prd $sources/* . # */
|
||||
@ -61,6 +69,7 @@ let
|
||||
cp ${../../modules/security/acme.xml} configuration/acme.xml
|
||||
cp ${../../modules/i18n/input-method/default.xml} configuration/input-methods.xml
|
||||
cp ${../../modules/services/editors/emacs.xml} configuration/emacs.xml
|
||||
ln -s ${modulesDoc} configuration/modules.xml
|
||||
ln -s ${optionsDocBook} options-db.xml
|
||||
echo "${version}" > version
|
||||
'';
|
||||
|
@ -385,6 +385,41 @@ services.syncthing = {
|
||||
the github issue</link>.
|
||||
</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>services.xserver.startGnuPGAgent</literal> option has been removed.
|
||||
GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
|
||||
longer requires (or even supports) the "start everything as a child of the
|
||||
agent" scheme we've implemented in NixOS for older versions.
|
||||
To configure the gpg-agent for your X session, add the following code to
|
||||
<filename>~/.bashrc</filename> or some file that’s sourced when your shell is started:
|
||||
<programlisting>
|
||||
GPG_TTY=$(tty)
|
||||
export GPG_TTY
|
||||
</programlisting>
|
||||
If you want to use gpg-agent for SSH, too, add the following to your session
|
||||
initialization (e.g. <literal>displayManager.sessionCommands</literal>)
|
||||
<programlisting>
|
||||
gpg-connect-agent /bye
|
||||
unset SSH_AGENT_PID
|
||||
export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh"
|
||||
</programlisting>
|
||||
and make sure that
|
||||
<programlisting>
|
||||
enable-ssh-support
|
||||
</programlisting>
|
||||
is included in your <filename>~/.gnupg/gpg-agent.conf</filename>.
|
||||
You will need to use <command>ssh-add</command> to re-add your ssh keys.
|
||||
If gpg’s automatic transformation of the private keys to the new format fails,
|
||||
you will need to re-import your private keyring as well:
|
||||
<programlisting>
|
||||
gpg --import ~/.gnupg/secring.gpg
|
||||
</programlisting>
|
||||
The <command>gpg-agent(1)</command> man page has more details about this subject,
|
||||
i.e. in the "EXAMPLES" section.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
|
||||
|
@ -62,4 +62,9 @@ in
|
||||
environment.systemPackages = [ cfg.package gtk2_cache gtk3_cache ];
|
||||
};
|
||||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ ericsagnes ];
|
||||
doc = ./default.xml;
|
||||
};
|
||||
|
||||
}
|
||||
|
@ -57,7 +57,5 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
meta.maintainers = singleton lib.maintainers.pierron;
|
||||
};
|
||||
}
|
||||
|
@ -29,7 +29,7 @@ with lib;
|
||||
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
|
||||
|
||||
(mkRenamedOptionModule [ "services" "gitlab" "stateDir" ] [ "services" "gitlab" "statePath" ])
|
||||
(mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ])
|
||||
(mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ] "")
|
||||
|
||||
# Old Grub-related options.
|
||||
(mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ])
|
||||
@ -112,7 +112,7 @@ with lib;
|
||||
(mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ])
|
||||
(mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ])
|
||||
(mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ])
|
||||
(mkRemovedOptionModule [ "services" "iodined" "client" ])
|
||||
(mkRemovedOptionModule [ "services" "iodined" "client" ] "")
|
||||
|
||||
# Grsecurity
|
||||
(mkRemovedOptionModule [ "security" "grsecurity" "kernelPatch" ])
|
||||
@ -141,18 +141,18 @@ with lib;
|
||||
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "rendering" ] [ "fonts" "fontconfig" "ultimate" "preset" ])
|
||||
|
||||
# Options that are obsolete and have no replacement.
|
||||
(mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ])
|
||||
(mkRemovedOptionModule [ "programs" "bash" "enable" ])
|
||||
(mkRemovedOptionModule [ "services" "samba" "defaultShare" ])
|
||||
(mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ])
|
||||
(mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ])
|
||||
(mkRemovedOptionModule [ "ec2" "metadata" ])
|
||||
(mkRemovedOptionModule [ "services" "openvpn" "enable" ])
|
||||
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ])
|
||||
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ])
|
||||
(mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ])
|
||||
(mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ])
|
||||
(mkRemovedOptionModule [ "services" "dovecot2" "package" ])
|
||||
|
||||
(mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "")
|
||||
(mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
|
||||
(mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "")
|
||||
(mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ] "")
|
||||
(mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ] "")
|
||||
(mkRemovedOptionModule [ "ec2" "metadata" ] "")
|
||||
(mkRemovedOptionModule [ "services" "openvpn" "enable" ] "")
|
||||
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ] "")
|
||||
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ] "")
|
||||
(mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ]
|
||||
"See the 16.03 release notes for more information.")
|
||||
(mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "")
|
||||
(mkRemovedOptionModule [ "services" "dovecot2" "package" ] "")
|
||||
];
|
||||
}
|
||||
|
@ -290,9 +290,10 @@ in
|
||||
systemd.targets."acme-certificates" = {};
|
||||
})
|
||||
|
||||
{ meta.maintainers = with lib.maintainers; [ abbradar fpletz globin ];
|
||||
meta.doc = ./acme.xml;
|
||||
}
|
||||
];
|
||||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ abbradar fpletz globin ];
|
||||
doc = ./acme.xml;
|
||||
};
|
||||
}
|
||||
|
@ -253,4 +253,6 @@ in
|
||||
|
||||
};
|
||||
|
||||
meta.doc = ./postgresql.xml;
|
||||
|
||||
}
|
||||
|
@ -556,4 +556,7 @@ in {
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
meta.doc = ./gitlab.xml;
|
||||
|
||||
}
|
||||
|
@ -17,7 +17,7 @@ let
|
||||
Caveat: even if the package is reached by a different means,
|
||||
the path above will be shown and not e.g. `${config.services.foo.package}`. */
|
||||
manual = import ../../../doc/manual {
|
||||
inherit pkgs;
|
||||
inherit pkgs config;
|
||||
version = config.system.nixosRelease;
|
||||
revision = "release-${config.system.nixosRelease}";
|
||||
options =
|
||||
|
@ -534,6 +534,7 @@ in {
|
||||
(mkIf (cfg.enable && cfg.listenHost != "localhost") {
|
||||
networking.firewall.allowedTCPPorts = [ cfg.listenPort ];
|
||||
})
|
||||
{ meta.doc = ./taskserver.xml; }
|
||||
];
|
||||
|
||||
meta.doc = ./doc.xml;
|
||||
}
|
||||
|
@ -95,8 +95,7 @@ in
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf cfg.enable {
|
||||
config = mkIf cfg.enable {
|
||||
users.users.teamspeak = {
|
||||
description = "Teamspeak3 voice communication server daemon";
|
||||
group = group;
|
||||
@ -133,9 +132,7 @@ in
|
||||
PermissionsStartOnly = true;
|
||||
};
|
||||
};
|
||||
})
|
||||
{
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ arobyn ];
|
||||
}
|
||||
];
|
||||
}
|
||||
|
@ -111,8 +111,7 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf cfg.enable {
|
||||
config = mkIf cfg.enable {
|
||||
assertions = flip mapAttrsToList cfg.networks (name: cfg: {
|
||||
assertion = cfg.psk == null || cfg.pskRaw == null;
|
||||
message = ''networking.wireless."${name}".psk and networking.wireless."${name}".pskRaw are mutually exclusive'';
|
||||
@ -159,9 +158,7 @@ in {
|
||||
services.udev.extraRules = ''
|
||||
ACTION=="add|remove", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", RUN+="${config.systemd.package}/bin/systemctl try-restart wpa_supplicant.service"
|
||||
'';
|
||||
})
|
||||
{
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ globin ];
|
||||
}
|
||||
];
|
||||
}
|
||||
|
@ -306,7 +306,8 @@ in
|
||||
};
|
||||
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "xserver" "displayManager" "desktopManagerHandlesLidAndPower" ])
|
||||
(mkRemovedOptionModule [ "services" "xserver" "displayManager" "desktopManagerHandlesLidAndPower" ]
|
||||
"The option is no longer necessary because all display managers have already delegated lid management to systemd.")
|
||||
];
|
||||
|
||||
}
|
||||
|
@ -500,7 +500,7 @@ in
|
||||
|
||||
|
||||
imports =
|
||||
[ (mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ])
|
||||
[ (mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] "")
|
||||
(mkRenamedOptionModule [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ])
|
||||
(mkRenamedOptionModule [ "boot" "extraGrubEntries" ] [ "boot" "loader" "grub" "extraEntries" ])
|
||||
(mkRenamedOptionModule [ "boot" "extraGrubEntriesBeforeNixos" ] [ "boot" "loader" "grub" "extraEntriesBeforeNixOS" ])
|
||||
|
@ -18,7 +18,7 @@ let
|
||||
# revision/hash as well. See
|
||||
# http://download.virtualbox.org/virtualbox/${version}/SHA256SUMS
|
||||
# for hashes.
|
||||
version = "5.0.20";
|
||||
version = "5.0.26";
|
||||
|
||||
forEachModule = action: ''
|
||||
for mod in \
|
||||
@ -39,12 +39,12 @@ let
|
||||
'';
|
||||
|
||||
# See https://github.com/NixOS/nixpkgs/issues/672 for details
|
||||
extpackRevision = "106931";
|
||||
extpackRevision = "108824";
|
||||
extensionPack = requireFile rec {
|
||||
name = "Oracle_VM_VirtualBox_Extension_Pack-${version}-${extpackRevision}.vbox-extpack";
|
||||
# IMPORTANT: Hash must be base16 encoded because it's used as an input to
|
||||
# VBoxExtPackHelperApp!
|
||||
sha256 = "11f40842a56ebb17da1bbc82a21543e66108a5330ebd54ded68038a990aa071b";
|
||||
sha256 = "2f2302c7ba3d00a1258fe8e7767a6eb08dccdc3c31f6e3eeb74063c2c268b104";
|
||||
message = ''
|
||||
In order to use the extension pack, you need to comply with the VirtualBox Personal Use
|
||||
and Evaluation License (PUEL) available at:
|
||||
@ -63,7 +63,7 @@ in stdenv.mkDerivation {
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2";
|
||||
sha256 = "0asc5n9an2dzvrd4isjz3vac2h0sm6dbzvrc36hn8ag2ma3hg75g";
|
||||
sha256 = "78dec1369d2c8feefea3c682d95e76c0e99414c56626388035cf4061d4dad62e";
|
||||
};
|
||||
|
||||
buildInputs =
|
||||
@ -99,14 +99,7 @@ in stdenv.mkDerivation {
|
||||
set +x
|
||||
'';
|
||||
|
||||
patches = optional enableHardening ./hardened.patch
|
||||
++ [
|
||||
(fetchurl rec {
|
||||
name = "fix-detect-gcc-5.4.patch";
|
||||
url = "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=827193;filename=${name};msg=5";
|
||||
sha256 = "0y6v5dc6fqj9iv27cl8q2g87v1kxg19129mpas4vjg7g0529v4g9";
|
||||
})
|
||||
];
|
||||
patches = optional enableHardening ./hardened.patch;
|
||||
|
||||
postPatch = ''
|
||||
sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \
|
||||
|
@ -12,7 +12,7 @@ stdenv.mkDerivation {
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso";
|
||||
sha256 = "1rh1dw0fqz1zhdbpnwxclh1bfj889xh27dm2m23v5wg54bymkfvg";
|
||||
sha256 = "7458ee5a7121a7d243fd6a7528ba427945d9120c5efc7cd75b3951fb01f09c59";
|
||||
};
|
||||
|
||||
KERN_DIR = "${kernel.dev}/lib/modules/*/build";
|
||||
|
Loading…
Reference in New Issue
Block a user