Merge branch 'master' into staging

This commit is contained in:
obadz 2016-08-28 13:33:13 +01:00
commit c7142c1aa3
18 changed files with 185 additions and 137 deletions

View File

@ -105,8 +105,12 @@ rec {
/* Massage a module into canonical form, that is, a set consisting
of options, config and imports attributes. */
unifyModuleSyntax = file: key: m:
let metaSet = if m ? meta
then { meta = m.meta; }
else {};
in
if m ? config || m ? options then
let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file"]; in
let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file" "meta"]; in
if badAttrs != {} then
throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'. This is caused by assignments to the top-level attributes `config' or `options'."
else
@ -114,14 +118,14 @@ rec {
key = toString m.key or key;
imports = m.imports or [];
options = m.options or {};
config = m.config or {};
config = mkMerge [ (m.config or {}) metaSet ];
}
else
{ file = m._file or file;
key = toString m.key or key;
imports = m.require or [] ++ m.imports or [];
options = {};
config = removeAttrs m ["key" "_file" "require" "imports"];
config = mkMerge [ (removeAttrs m ["key" "_file" "require" "imports"]) metaSet ];
};
applyIfFunction = key: f: args@{ config, options, lib, ... }: if isFunction f then
@ -503,19 +507,25 @@ rec {
/* Return a module that causes a warning to be shown if the
specified option is defined. For example,
mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ]
mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] "<replacement instructions>"
causes a warning if the user defines boot.loader.grub.bootDevice.
replacementInstructions is a string that provides instructions on
how to achieve the same functionality without the removed option,
or alternatively a reasoning why the functionality is not needed.
replacementInstructions SHOULD be provided!
*/
mkRemovedOptionModule = optionName:
mkRemovedOptionModule = optionName: replacementInstructions:
{ options, ... }:
{ options = setAttrByPath optionName (mkOption {
visible = false;
});
config.warnings =
let opt = getAttrFromPath optionName options; in
optional opt.isDefined
"The option definition `${showOption optionName}' in ${showFiles opt.files} no longer has any effect; please remove it.";
optional opt.isDefined ''
The option definition `${showOption optionName}' in ${showFiles opt.files} no longer has any effect; please remove it.
${replacementInstructions}'';
};
/* Return a module that causes a warning to be shown if the

View File

@ -25,14 +25,10 @@ effect after you run <command>nixos-rebuild</command>.</para>
<xi:include href="linux-kernel.xml" />
<xi:include href="grsecurity.xml" />
<!-- FIXME: auto-include NixOS module docs -->
<xi:include href="postgresql.xml" />
<xi:include href="gitlab.xml" />
<xi:include href="taskserver.xml" />
<xi:include href="acme.xml" />
<xi:include href="input-methods.xml" />
<xi:include href="emacs.xml" />
<xi:include href="modules.xml" xpointer="xpointer(//section[@id='modules']/*)" />
<!-- Apache; libvirtd virtualisation -->
</part>

View File

@ -1,4 +1,4 @@
{ pkgs, options, version, revision, extraSources ? [] }:
{ pkgs, options, config, version, revision, extraSources ? [] }:
with pkgs;
@ -51,6 +51,14 @@ let
sources = lib.sourceFilesBySuffices ./. [".xml"];
modulesDoc = builtins.toFile "modules.xml" ''
<section xmlns:xi="http://www.w3.org/2001/XInclude" id="modules">
${(lib.concatMapStrings (path: ''
<xi:include href="${path}" />
'') (lib.catAttrs "value" config.meta.doc))}
</section>
'';
copySources =
''
cp -prd $sources/* . # */
@ -61,6 +69,7 @@ let
cp ${../../modules/security/acme.xml} configuration/acme.xml
cp ${../../modules/i18n/input-method/default.xml} configuration/input-methods.xml
cp ${../../modules/services/editors/emacs.xml} configuration/emacs.xml
ln -s ${modulesDoc} configuration/modules.xml
ln -s ${optionsDocBook} options-db.xml
echo "${version}" > version
'';

View File

@ -385,6 +385,41 @@ services.syncthing = {
the github issue</link>.
</para>
</listitem>
<listitem>
<para>
The <literal>services.xserver.startGnuPGAgent</literal> option has been removed.
GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
longer requires (or even supports) the "start everything as a child of the
agent" scheme we've implemented in NixOS for older versions.
To configure the gpg-agent for your X session, add the following code to
<filename>~/.bashrc</filename> or some file thats sourced when your shell is started:
<programlisting>
GPG_TTY=$(tty)
export GPG_TTY
</programlisting>
If you want to use gpg-agent for SSH, too, add the following to your session
initialization (e.g. <literal>displayManager.sessionCommands</literal>)
<programlisting>
gpg-connect-agent /bye
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh"
</programlisting>
and make sure that
<programlisting>
enable-ssh-support
</programlisting>
is included in your <filename>~/.gnupg/gpg-agent.conf</filename>.
You will need to use <command>ssh-add</command> to re-add your ssh keys.
If gpgs automatic transformation of the private keys to the new format fails,
you will need to re-import your private keyring as well:
<programlisting>
gpg --import ~/.gnupg/secring.gpg
</programlisting>
The <command>gpg-agent(1)</command> man page has more details about this subject,
i.e. in the "EXAMPLES" section.
</para>
</listitem>
</itemizedlist>

View File

@ -62,4 +62,9 @@ in
environment.systemPackages = [ cfg.package gtk2_cache gtk3_cache ];
};
meta = {
maintainers = with lib.maintainers; [ ericsagnes ];
doc = ./default.xml;
};
}

View File

@ -57,7 +57,5 @@ in
};
};
config = {
meta.maintainers = singleton lib.maintainers.pierron;
};
}

View File

@ -29,7 +29,7 @@ with lib;
(mkRenamedOptionModule [ "jobs" ] [ "systemd" "services" ])
(mkRenamedOptionModule [ "services" "gitlab" "stateDir" ] [ "services" "gitlab" "statePath" ])
(mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ])
(mkRemovedOptionModule [ "services" "gitlab" "satelliteDir" ] "")
# Old Grub-related options.
(mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ])
@ -112,7 +112,7 @@ with lib;
(mkRenamedOptionModule [ "services" "iodined" "domain" ] [ "services" "iodine" "server" "domain" ])
(mkRenamedOptionModule [ "services" "iodined" "ip" ] [ "services" "iodine" "server" "ip" ])
(mkRenamedOptionModule [ "services" "iodined" "extraConfig" ] [ "services" "iodine" "server" "extraConfig" ])
(mkRemovedOptionModule [ "services" "iodined" "client" ])
(mkRemovedOptionModule [ "services" "iodined" "client" ] "")
# Grsecurity
(mkRemovedOptionModule [ "security" "grsecurity" "kernelPatch" ])
@ -141,18 +141,18 @@ with lib;
(mkRenamedOptionModule [ "fonts" "fontconfig" "ultimate" "rendering" ] [ "fonts" "fontconfig" "ultimate" "preset" ])
# Options that are obsolete and have no replacement.
(mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ])
(mkRemovedOptionModule [ "programs" "bash" "enable" ])
(mkRemovedOptionModule [ "services" "samba" "defaultShare" ])
(mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ])
(mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ])
(mkRemovedOptionModule [ "ec2" "metadata" ])
(mkRemovedOptionModule [ "services" "openvpn" "enable" ])
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ])
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ])
(mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ])
(mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ])
(mkRemovedOptionModule [ "services" "dovecot2" "package" ])
(mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ] "")
(mkRemovedOptionModule [ "programs" "bash" "enable" ] "")
(mkRemovedOptionModule [ "services" "samba" "defaultShare" ] "")
(mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ] "")
(mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ] "")
(mkRemovedOptionModule [ "ec2" "metadata" ] "")
(mkRemovedOptionModule [ "services" "openvpn" "enable" ] "")
(mkRemovedOptionModule [ "services" "printing" "cupsFilesConf" ] "")
(mkRemovedOptionModule [ "services" "printing" "cupsdConf" ] "")
(mkRemovedOptionModule [ "services" "xserver" "startGnuPGAgent" ]
"See the 16.03 release notes for more information.")
(mkRemovedOptionModule [ "services" "phpfpm" "phpIni" ] "")
(mkRemovedOptionModule [ "services" "dovecot2" "package" ] "")
];
}

View File

@ -290,9 +290,10 @@ in
systemd.targets."acme-certificates" = {};
})
{ meta.maintainers = with lib.maintainers; [ abbradar fpletz globin ];
meta.doc = ./acme.xml;
}
];
meta = {
maintainers = with lib.maintainers; [ abbradar fpletz globin ];
doc = ./acme.xml;
};
}

View File

@ -253,4 +253,6 @@ in
};
meta.doc = ./postgresql.xml;
}

View File

@ -556,4 +556,7 @@ in {
};
};
meta.doc = ./gitlab.xml;
}

View File

@ -17,7 +17,7 @@ let
Caveat: even if the package is reached by a different means,
the path above will be shown and not e.g. `${config.services.foo.package}`. */
manual = import ../../../doc/manual {
inherit pkgs;
inherit pkgs config;
version = config.system.nixosRelease;
revision = "release-${config.system.nixosRelease}";
options =

View File

@ -534,6 +534,7 @@ in {
(mkIf (cfg.enable && cfg.listenHost != "localhost") {
networking.firewall.allowedTCPPorts = [ cfg.listenPort ];
})
{ meta.doc = ./taskserver.xml; }
];
meta.doc = ./doc.xml;
}

View File

@ -95,8 +95,7 @@ in
###### implementation
config = mkMerge [
(mkIf cfg.enable {
config = mkIf cfg.enable {
users.users.teamspeak = {
description = "Teamspeak3 voice communication server daemon";
group = group;
@ -133,9 +132,7 @@ in
PermissionsStartOnly = true;
};
};
})
{
};
meta.maintainers = with lib.maintainers; [ arobyn ];
}
];
}

View File

@ -111,8 +111,7 @@ in {
};
};
config = mkMerge [
(mkIf cfg.enable {
config = mkIf cfg.enable {
assertions = flip mapAttrsToList cfg.networks (name: cfg: {
assertion = cfg.psk == null || cfg.pskRaw == null;
message = ''networking.wireless."${name}".psk and networking.wireless."${name}".pskRaw are mutually exclusive'';
@ -159,9 +158,7 @@ in {
services.udev.extraRules = ''
ACTION=="add|remove", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", RUN+="${config.systemd.package}/bin/systemctl try-restart wpa_supplicant.service"
'';
})
{
};
meta.maintainers = with lib.maintainers; [ globin ];
}
];
}

View File

@ -306,7 +306,8 @@ in
};
imports = [
(mkRemovedOptionModule [ "services" "xserver" "displayManager" "desktopManagerHandlesLidAndPower" ])
(mkRemovedOptionModule [ "services" "xserver" "displayManager" "desktopManagerHandlesLidAndPower" ]
"The option is no longer necessary because all display managers have already delegated lid management to systemd.")
];
}

View File

@ -500,7 +500,7 @@ in
imports =
[ (mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ])
[ (mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ] "")
(mkRenamedOptionModule [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ])
(mkRenamedOptionModule [ "boot" "extraGrubEntries" ] [ "boot" "loader" "grub" "extraEntries" ])
(mkRenamedOptionModule [ "boot" "extraGrubEntriesBeforeNixos" ] [ "boot" "loader" "grub" "extraEntriesBeforeNixOS" ])

View File

@ -18,7 +18,7 @@ let
# revision/hash as well. See
# http://download.virtualbox.org/virtualbox/${version}/SHA256SUMS
# for hashes.
version = "5.0.20";
version = "5.0.26";
forEachModule = action: ''
for mod in \
@ -39,12 +39,12 @@ let
'';
# See https://github.com/NixOS/nixpkgs/issues/672 for details
extpackRevision = "106931";
extpackRevision = "108824";
extensionPack = requireFile rec {
name = "Oracle_VM_VirtualBox_Extension_Pack-${version}-${extpackRevision}.vbox-extpack";
# IMPORTANT: Hash must be base16 encoded because it's used as an input to
# VBoxExtPackHelperApp!
sha256 = "11f40842a56ebb17da1bbc82a21543e66108a5330ebd54ded68038a990aa071b";
sha256 = "2f2302c7ba3d00a1258fe8e7767a6eb08dccdc3c31f6e3eeb74063c2c268b104";
message = ''
In order to use the extension pack, you need to comply with the VirtualBox Personal Use
and Evaluation License (PUEL) available at:
@ -63,7 +63,7 @@ in stdenv.mkDerivation {
src = fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2";
sha256 = "0asc5n9an2dzvrd4isjz3vac2h0sm6dbzvrc36hn8ag2ma3hg75g";
sha256 = "78dec1369d2c8feefea3c682d95e76c0e99414c56626388035cf4061d4dad62e";
};
buildInputs =
@ -99,14 +99,7 @@ in stdenv.mkDerivation {
set +x
'';
patches = optional enableHardening ./hardened.patch
++ [
(fetchurl rec {
name = "fix-detect-gcc-5.4.patch";
url = "https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=827193;filename=${name};msg=5";
sha256 = "0y6v5dc6fqj9iv27cl8q2g87v1kxg19129mpas4vjg7g0529v4g9";
})
];
patches = optional enableHardening ./hardened.patch;
postPatch = ''
sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \

View File

@ -12,7 +12,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso";
sha256 = "1rh1dw0fqz1zhdbpnwxclh1bfj889xh27dm2m23v5wg54bymkfvg";
sha256 = "7458ee5a7121a7d243fd6a7528ba427945d9120c5efc7cd75b3951fb01f09c59";
};
KERN_DIR = "${kernel.dev}/lib/modules/*/build";