Commit Graph

17999 Commits

Author SHA1 Message Date
Vincent Breitmoser
6d52e2e897 nixos/nix-daemon: mention potential breakage in release notes 2020-07-05 16:53:38 +02:00
Vincent Breitmoser
5395397fd6 nixos/nix-daemon: work on buildMachines submodule 2020-07-05 16:51:55 +02:00
John Ericson
1ed248eac2 nixos/nix-daemon: Organize buildMachine options with a submodule 2020-07-05 16:51:55 +02:00
Benjamin Asbach
632104e5a4 postfix: deprecated sslCACert in favour of tlsTrustedAuthorities
`sslCACert` was used for trust store of client and server certificates. Since `smtpd_tls_ask_ccert` defaults to no the setup of `smtpd_tls_CApath` was removed.

>By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty.
see http://www.postfix.org/postconf.5.html#smtpd_tls_CAfile
2020-07-05 14:53:34 +02:00
Benjamin Asbach
9d697837f0 postfix: used recommended configuration key to enable tls
> With Postfix 2.3 and later use smtp_tls_security_level instead.

http://www.postfix.org/postconf.5.html#smtp_use_tls
2020-07-05 14:50:40 +02:00
Lassulus
e0f07f9b8d
Merge pull request #63165 from CRTified/module/initrd-ovpn
nixos/system/boot/initrd-openvpn: New openvpn options for initrd
2020-07-05 14:32:52 +02:00
Jan Tojnar
07cebeffb8
Merge pull request #86473 from bachp/virtualbox-vmsvga 2020-07-05 04:11:44 +02:00
worldofpeace
d3a40e7cfc
Merge pull request #92270 from samuelgrf/fix/whether-typo
nixos/*: fix misspellings of whether
2020-07-04 09:34:28 -04:00
Samuel Gräfenstein
5bb0b72720
nixos/*: wheter -> whether 2020-07-04 15:20:41 +02:00
Samuel Gräfenstein
850d7d1790
nixos/*: wether -> whether 2020-07-04 15:17:03 +02:00
Niklas Hambüchen
7c903ca1d2
Merge pull request #92205 from chkno/qemu-vm-cleanup
qemu-vm device name cleanup
2020-07-04 15:08:52 +02:00
Niklas Hambüchen
5b16d4c9ce qemu-vm.nix: Fix device name hardcodes on useBootLoader.
boot.loader.grub.device` was hardcoded to `bootDevice`, which is
wrong, because that's the device for `/`, and with `useBootLoader`
the boot loader is not on that device.

This bug probably came into existence because of bad naming;
`virtualisation.bootDevice` has description
"The disk to be used for the root filesystem", which is very confusing;
it should be `.rootDevice` then!
Unfortunately, the description is right and the attribute name is wrong,
so it is not easy to change this without deprecation.

This commit ensures that even if you use `useBootLoader` and
`diskInterface == "scsi"`, the created VM can boot through, and can run
`nixos-rebuild afterwards.

It also adds extra commentary to explain what's going on in this module
in general in relation to `useBootLoader`.
2020-07-04 14:47:36 +02:00
Niklas Hambüchen
2fa351b6a5 qemu-vm.nix: Do not mount /boot read-only.
There does not seem to be a good reason to do this, and it breaks running
`nixos-rebuild boot --install-bootloader` inside the VM.
2020-07-04 14:44:33 +02:00
Chuck
e74755c422 nixos/qemu-vm: Don't assume boot drive is always vdb 2020-07-04 14:40:42 +02:00
rnhmjoj
c37347af7e
nixos/users-groups: handle password hashes with special meaning 2020-07-04 12:21:49 +02:00
rnhmjoj
99899e2e46
nixos/users-groups: add assertion for ":" in hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
751c2ed6e4
nixos/users-groups: do not check validity of empty hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
900ae97569
nixos/users-groups: clearly document special hash values
This explanation was contained in the description of
security.initialRootPassword but got lost when it was deprecated
a long ago (f496c3c) and removed.
2020-07-04 12:21:48 +02:00
rnhmjoj
a6ed7d4845
nixos/users-groups: remove ancient security.initialRootPassword option
This option has been deprecated for a long time because is redundant
(users.users.root.initialHashedPassword exists).
Moreover, being of type string, it required to handle the special value
"!" separately, instead of using just `null`.
2020-07-04 12:14:37 +02:00
Utku Demir
cc46362929
dockerTools: Support files directly under /nix/store
Also makes sure that the files inside a layer added in a sorted order
to make the results more deterministic.
2020-07-04 22:00:57 +12:00
Jörg Thalheim
b2aa673d5a
nixos: fix manual build
https://github.com/NixOS/nixpkgs/pull/92240#issuecomment-653740926
2020-07-04 10:23:25 +01:00
Jörg Thalheim
81aeaeb252
Merge pull request #92240 from nh2/better-empty-password-docs
docs: Explain how to set password-less logins.
2020-07-04 07:24:37 +01:00
Chuck
a5e211dd7f nixos/qemu-vm: Generalize drive naming 2020-07-03 19:36:45 -07:00
Niklas Hambüchen
06b8b96500 docs: Explain how to set password-less logins.
This explains the

    # Allow the user to log in as root without a password.
    users.users.root.initialHashedPassword = "";

that the NixOS installer live systems use in
`profiles/installation-device.nix`.
2020-07-04 02:05:03 +02:00
Pascal Bach
3e7d650bcc nixos/unifi: restart service on package update
Currently the service doesn't detect if on of the packages is updated
and doesn't restart.

By manually adding a trigger we make sure the service restarts if any of
the involved packages update.
2020-07-03 22:34:29 +02:00
Chuck
800639f287 nixos/qemu-vm: Refactor: Combine duplicate disk definitions 2020-07-03 11:31:43 -07:00
Peter Hoeg
8bc7721fb1
Merge pull request #91765 from asdf8dfafjk/onedrive_module
nixos/onedrive: init
2020-07-03 10:08:42 +08:00
Graham Christensen
9d335706a0
Merge pull request #92092 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Update description for requestEncryptionCredentials
2020-07-02 17:25:53 -04:00
Will Fancher
b5f7b79a2d ZFS: Update description for requestEncryptionCredentials 2020-07-02 16:08:50 -04:00
Graham Christensen
105e63469d
Merge pull request #91344 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
2020-07-02 14:15:18 -04:00
Will Fancher
e2f1594695 ZFS: Set IFS=$'\t' for the read command in stage 2 load-key
Co-authored-by: Graham Christensen <graham@grahamc.com>
2020-07-02 13:50:29 -04:00
Will Fancher
05f8cba1b6 ZFS: Pipe /dev/null into the stage 2 load-key script
Just in case something reads stdin, so that `while read ds kl` doesn't
miss anything
2020-07-02 13:50:28 -04:00
Will Fancher
c128229dce plymouth: Enable systemd-ask-password-plymouth 2020-07-02 13:50:23 -04:00
zowoq
f1cf202dbb nixos/podman: restrict test to x86_64-linux 2020-07-03 00:17:15 +10:00
Markus Kowalewski
61fceac1bb
nixos/slurm: add pmix to test and cleanup test
* use tmpfiles to create key for munge
* add mpitest source
* add a subtest for PMIx/MPI startup
2020-07-02 15:39:47 +02:00
Konrad Förstner
7ec38adfdc nixos/doc/manual: Fix parted's set subcommand for esp partition
With 'set 3 boot on' the error 'file system "/boot" is not a FAT EFI
system partition (ESP) file system' occurs when running
"nixos-install" during the basic installation (tested in in a
VirtualBox VM).
2020-07-02 08:40:01 +02:00
Samuel Dionne-Riel
736c7ca712
Merge pull request #82718 from misuzu/armv7l-ext4-fs-fix
nixos/lib/make-ext4-fs: use mkfs.ext4 instead of cptofs
2020-07-01 21:38:07 -04:00
Vincent Ambo
c0122d335b nixos/openldap: add option for configuring OpenLDAP package to use
In certain cases, for example when custom OpenLDAP modules are
compiled into the binary, users may want to override the package used
for OpenLDAP.

This is especially common in setups where LDAP is the primary
authentication source, as good password hashing mechanisms need to be
enabled as extra modules.
2020-07-01 20:49:04 +01:00
misuzu
9ac1ab10c9 nixos/lib/make-ext4-fs: use mkfs.ext4 instead of cptofs
This fixes image creation on armv7l when image is bigger than 2G.
Also fix some reproducibility issues and other cptofs issues.
2020-07-01 11:32:28 +03:00
Michele Guerini Rocco
dab676b2d7
Merge pull request #65231 from buckley310/grub-password
grub: add support for passwords
2020-07-01 09:04:30 +02:00
Alexandre Esteves
e10e7d6a8b
testing-python: fix typo 2020-06-30 22:31:32 -05:00
CRTified
c684398c6a nixos/system/boot/initrd-openvpn: Add openvpn options for initrd
nixos/tests/initrd-openvpn: Add test for openvpn in the initramfs

The module in this commit adds new options that allows the
integration of an OpenVPN client into the initrd.
This can be used e.g. to remotely unlock LUKS devices.

This commit also adds two tests for `boot.initrd.network.openvpn`.
The first one is a basic test to validate that a failing connection
does not prevent the machine from booting.

The second test validates that this module actually creates a valid
openvpn connection.
For this, it spawns three nodes:

  - The client that uses boot.initrd.network.openvpn
  - An OpenVPN server that acts as gateway and forwards a port
    to the client
  - A node that is external to the OpenVPN network

The client connects to the OpenVPN server and spawns a netcat instance
that echos a value to every client.
Afterwards, the external node checks if it receives this value over the
forwarded port on the OpenVPN gateway.
2020-07-01 00:08:55 +02:00
Profpatsch
1c04554e4b lorri: 1.0 -> 1.1 2020-06-30 17:12:03 +02:00
Michele Guerini Rocco
5abeb133de
Merge pull request #91794 from rnhmjoj/fish-mandb
nixos/fish: enable man cache generation
2020-06-30 13:43:22 +02:00
Lancelot SIX
a3db82fe45
Merge pull request #91756 from JJJollyjim/fix-graphite-web-patch
graphite-web: fix patch
2020-06-30 08:26:35 +01:00
rnhmjoj
5b59329234
nixos/fish: enable man cache generation 2020-06-29 22:28:32 +02:00
_
a3b0864bb0 nixos/onedrive: init 2020-06-29 19:56:41 +05:30
misuzu
fc9f994ee5
nixos/gitlab-runner: add more global options (#86946) 2020-06-29 13:35:21 +00:00
Jamie McClymont
3f31678607 nixos/graphite: ensure graphite-api is properly tested
Until now, it was failing to start in the test, as it was searching for an
influxdb database
2020-06-29 22:04:23 +12:00
Jamie McClymont
3c8762de8e nixos/graphite: unmark test as broken 2020-06-29 21:42:29 +12:00
Florian Klink
aed85b7279
Merge pull request #85223 from arianvp/acme-fix-nginx-after
nixos/acme: Fix ordering of certificate requests (#81482)
2020-06-29 10:17:25 +02:00
Linus Heckemann
5b8b201e44 Revert "traefik: unify TOML generation"
This reverts commit a5e6901702.

yj doesn't distinguish floats and ints, which breaks some configs.
2020-06-29 09:34:41 +02:00
Florian Klink
9e248c9ec9
Merge pull request #91046 from NinjaTrappeur/nin-delete-vm-state
test-driver.py: delete VM state directory after test run
2020-06-28 18:41:38 +02:00
Robert Schütz
595a3d14b7
Merge pull request #91168 from dotlambda/radicale-3.0.3
radicale: 2.1.11 -> 3.0.3
2020-06-28 12:48:56 +02:00
Maximilian Bosch
d651626eb9
Merge pull request #91545 from Frostman/docker-19.03.12
docker: 19.03.11 -> 19.03.12
2020-06-27 16:01:11 +02:00
Graham Christensen
38060ee399
Merge pull request #91666 from Atemu/undervolt-warning
undervolt: clarify that the service is unofficial
2020-06-27 08:39:55 -04:00
Atemu
2c7402b54d undervolt: clarify that the service is unofficial
The original warning almost made it sound like the service was made by or
somehow connected to Intel which is not the case
2020-06-27 14:21:58 +02:00
Sergey Lukjanov
afc8bd6a7b docker: use git tags instead of revs 2020-06-26 14:55:52 -07:00
Christoph Hrdinka
b2655b6a34
Merge pull request #91514 from NinjaTrappeur/nin-fix-nsdconf
nixos/nsd: symlink conf file to /etc/nsd
2020-06-26 23:24:30 +02:00
Marek Mahut
bb7c60708a
Merge pull request #91497 from 1000101/blockbook
nixos/blockbook-frontend: init
2020-06-26 21:17:36 +02:00
Félix Baylac-Jacqué
7020dc8eac
nixos/nsd: symlink conf file to /etc/nsd
We remove the configFile build flag override in the NixOS module.

Instead of embedding the conf file link to the binaries, we symlink it
to /etc/nsd/nsd.nix, the hardcoded config file location for the
various CLI nsd utilities.

This config file build option override is triggerring a nsd rebuild
for each configuration change. This prevent us to use the nixos cache
in many cases.

Co-authored-by: Erjo <erjo@cocoba.work>
2020-06-26 20:18:33 +02:00
Niklas Hambüchen
5c5f7a22fe
Merge pull request #90701 from nh2/issue-90613-fix-consul-reboot-test
consul.passthru.tests: Fix failure on current consul versions, add more tests
2020-06-26 19:40:10 +02:00
Marek Mahut
31cd000bb6
Merge pull request #91613 from 1000101/1000101
maintainers: fix previously uncaught name issues
2020-06-26 17:12:34 +02:00
1000101
6c3b36212a maintainers: fix previously uncaught name issues 2020-06-26 16:38:27 +02:00
1000101
c6d346b323 nixos/blockbook-frontend: add tests 2020-06-26 16:16:49 +02:00
1000101
de3c56ffd8 nixos/blockbook-frontend: init 2020-06-26 16:16:49 +02:00
zowoq
a8efeed583
Merge pull request #91138 from zowoq/podman
podman: 1.9.3 -> 2.0.1
2020-06-26 12:14:22 +10:00
zowoq
29b75dc074
Merge pull request #91458 from mdlayher/mdl-corerad-0.2.7
corerad: 0.2.6 -> 0.2.7
2020-06-26 09:45:59 +10:00
zowoq
e89446656d nixos/{podman,containers}: libpod.conf -> containers.conf 2020-06-26 08:09:36 +10:00
zowoq
033ba9c73d nixos/podman: use cgroupfs for rootless crun test 2020-06-26 08:09:36 +10:00
Frederik Rietdijk
bef20b38ef Merge master into staging-next 2020-06-25 13:48:05 +02:00
Kim Lindberger
c00bf081d9
Merge pull request #88940 from stigtsp/package/convos-init
convos: init at 4.22
2020-06-25 09:32:33 +02:00
Matt Layher
09f0d65317
nixos/corerad: set systemd unit Type=notify
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-24 22:09:20 -04:00
Timo Kaufmann
41ba255e23
Merge pull request #77982 from symphorien/sshl_ipv6
nixos/sslh: make it possible (and the default) to listen on ipv6, plus regression test
2020-06-24 22:13:19 +02:00
tmplt
a30294388c nixos/zfs-replication: document expected lz4 on host system 2020-06-24 19:41:36 +02:00
Frederik Rietdijk
16287a8cb8 Merge master into staging-next 2020-06-24 19:04:03 +02:00
rnhmjoj
33c4a4bdd5
nixos/tests: add test for grub authentication 2020-06-24 10:22:53 +02:00
rnhmjoj
b520055df6
nixos/lib/test-driver: add wait_for_console_text
This method is similar to wait_for_text but is based on matching
serial console lines instead of the VGA output.
2020-06-24 10:22:53 +02:00
Fabian Möller
c07a6f8743
nixos/generic-extlinux-compatible: fix docbook syntax 2020-06-23 20:51:02 +02:00
Vladimír Čunát
64cf1e79dd
Merge #91363: small treewide: his -> theirs/its 2020-06-23 19:11:13 +02:00
Sean Buckley
37ec7c488a
grub: add support for passwords
This patch adds support for user accounts/passwords in GRUB 2.
When configured, everything but the default option is password-protected.
2020-06-23 19:01:43 +02:00
Florian Klink
d227d81c9a
Merge pull request #91195 from flokli/extlinux-conf-builder-dtbname
extlinux-conf-builder: expose and use base builder command, allow a custom FDT to be specified
2020-06-23 18:07:31 +02:00
Profpatsch
517be84135 small treewide: his -> theirs/its
SJW brigade represent. ;)

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
2020-06-23 16:49:50 +02:00
Will Fancher
0d55d48f0f ZFS: Ask for stage 2 encryption passwords using systemd-ask-password 2020-06-23 06:25:21 -04:00
Robert Schütz
d77fb3729d nixos/radicale: use radicale3 2020-06-23 12:02:27 +02:00
Markus S. Wamser
e4356601d3
tests/taskserver: fix gnutls invocation
test failed because gnutls-cli does not properly report connection
errors any more, fixed by increasing the debug level for gnutls-cli

Fixes: #84507
Closes: #90718
2020-06-23 12:01:54 +02:00
Michele Guerini Rocco
1b5e0d480e
Merge pull request #91261 from rnhmjoj/intel
nixos/doc: add section on Intel DDX drivers
2020-06-23 11:29:38 +02:00
Jörg Thalheim
7aaffa71dc
Merge pull request #91216 from Mic92/nixos-config-generate
nixos-generate-config: refer to nixos-hardware
2020-06-22 23:52:48 +01:00
Jörg Thalheim
e943489f24
nixos-generate-config: refer to nixos-hardware 2020-06-22 23:51:08 +01:00
rnhmjoj
1b17b3b915
nixos/doc: add section on Intel DDX drivers 2020-06-22 17:50:18 +02:00
Stig Palmquist
a71fd5cb20
nixos/convos: add test 2020-06-22 13:58:35 +02:00
Stig Palmquist
042a2d8baf
nixos/convos: init 2020-06-22 13:58:34 +02:00
Frederik Rietdijk
7481da9cbd Merge master into staging-next 2020-06-22 08:46:16 +02:00
Florian Klink
44d75efd7f
Merge pull request #91214 from flokli/make-ext4-fs-fudge-factor
nixos/make-ext4-fs: increase fudge factor from 1.03 to 1.10
2020-06-21 22:13:12 +02:00
Jörg Thalheim
9aa668ef04
Merge pull request #91154 from Mic92/homeassistant 2020-06-21 13:59:28 +01:00
Florian Klink
387f3b58d2 hardware.deviceTree: add name
This can be used to explicitly specify a specific dtb file, relative to
the dtb base.

Update the generic-extlinux-compatible module to make use of this option.
2020-06-21 13:48:22 +02:00
Florian Klink
bd8137aef1 extlinux-conf-builder.sh: allow a custom FDT to be specified
Some bootloaders might not properly detect the model.
If the specific model is known by configuration, provide a way to
explicitly point to a specific dtb in the extlinux.conf.
2020-06-21 13:48:22 +02:00
Florian Klink
afa627730e nixos/sd-image-*: use boot.loader.generic-extlinux-compatible.populateCmd
While getting rid of the separate extlinux-conf-builder import, this now
also honors boot.loader.timeout in the initial sd card image if
specified.
2020-06-21 13:48:17 +02:00
Florian Klink
54129e72b4 nixos/generic-extlinux-compatible: introduce boot.loader.generic-extlinux-compatible.populateCmd
This option exposes the builder command used to populate an image,
honoring all options except the -c <path-to-default-configuration>
argument.

Useful to have for sdImage.populateRootCommands.

Special care needs to be taken w.r.t cross - the populate command runs
on the host platform, the activation script on the build platform (so
the builders differ)
2020-06-21 13:41:22 +02:00
Jörg Thalheim
a68c7e0fa7
nixos/home-assistant: fix tests 2020-06-21 10:58:29 +01:00
edef
c27fc6a5e5
nixos/gerrit: allow configuring replication declaratively (#91200) 2020-06-21 08:54:14 +00:00
Florian Klink
43424688db nixos/deviceTree: fix description
hardware.deviceTree.base points to a path, not a package (and also if of
types.path)

It defaults to ${config.boot.kernelPackages.kernel}/dtbs.
2020-06-21 10:39:10 +02:00
Félix Baylac-Jacqué
7e7aa529d9
test-driver.py: delete VM state directory after test run
Keeping the VM state test across several run sometimes lead to subtle
and hard to spot errors in practice. We delete the VM state which
contains (among other things) the qcow volume.

We also introduce a -K (--keep-vm-state) flag making VM state to
persist after the test run. This flag makes test-driver.py to match
its previous behaviour.
2020-06-21 10:27:51 +02:00
Florian Klink
079de14fd3 nixos/make-ext4-fs: increase fudge factor from 1.03 to 1.10
Turns out, on smaller images (~800MiB uncompressed sdcard image size),
the current fudge factor is way too small to even get the system to the
phase where it can resize itself.

I first tried with 1.05, but it wasn't enough.
2020-06-21 09:47:02 +02:00
Edmund Wu
00f7558225
Revert "libinput: ensure that we only apply touchpad options to touchpads"
This reverts commit 912a58428c.
2020-06-20 20:46:17 -04:00
Samuel Dionne-Riel
f203b8b277
Merge pull request #90119 from samueldr/feature/rpi4-fixups
Fix some pitfalls from the Raspberry Pi 4 specific sd image
2020-06-20 17:02:51 -04:00
Michael Raskin
132ace5fe6
Merge pull request #89344 from JJJollyjim/openresty-no-perl
openresty: disable perl module by default
2020-06-20 18:45:44 +00:00
Michele Guerini Rocco
1eef920a8d
Merge pull request #91128 from bbigras/rslsync-localhost
nixos/resilio: listen on [::1] by default
2020-06-20 20:43:04 +02:00
Bruno Bigras
dbb5bdfa09 nixos/resilio: listen on [::1] by default 2020-06-20 14:28:23 -04:00
Maximilian Bosch
c9462630bd
Merge pull request #91149 from nlewo/nextcloud-expose-occ
nixos/nextcloud: add occ internal option
2020-06-20 19:28:25 +02:00
Marek Mahut
0ff1bdb7c0
Merge pull request #90884 from mmahut/wasabi
nixos/wasabibackend: init 1.1.11.1
2020-06-20 15:30:32 +02:00
Graham Christensen
5d0725a063
Revert "Merge nixos-hardware into nixpkgs under /nixos/hardware" 2020-06-20 08:21:15 -04:00
Profpatsch
cc0bf76d2f
Merge pull request #91160 from Profpatsch/nixos-hardware-merge
Merge nixos-hardware into nixpkgs under `/nixos/hardware`
2020-06-20 14:02:35 +02:00
lewo
2fd146f6ae
Merge pull request #89427 from Ma27/nextcloud19
nextcloud19: init at 19.0.0
2020-06-20 13:59:47 +02:00
Profpatsch
2c282fb537 nixos/hardware: remove .travis.yml
We are going to have to integrate the tests differently, but it’s fine
for now.
2020-06-20 13:26:51 +02:00
Symphorien Gibol
4593482d4e nixos: add test for sslh 2020-06-20 13:24:19 +02:00
Profpatsch
b89f6adb84 nixos/hardware: remove .gitignore
It’s a full subset of the toplevel .gitignore.
2020-06-20 13:06:18 +02:00
Profpatsch
ba2dcbce23 nixos/hardware: move CODEOWNERS to toplevel 2020-06-20 13:05:20 +02:00
Profpatsch
ef3f3a4eb0 Merge branch 'nixos-hardware-merge-preparations' into nixos-hardware-merge
Merges https://github.com/NixOS/nixos-hardware into nixpkgs.

This will give better discoverability, and considering the low
turnover (less than 100 commits in the last year and only 350 total)
it won’t make any dent on the size of nixpkgs.

We have a monorepo, let’s use it
2020-06-20 12:57:47 +02:00
Profpatsch
b9a7e21ef6 nixos-hardware: prepare for merge by moving to nixos/hardware
It is going to be merged into nixpkgs, under `nixos/hardware`.

This will give better discoverability, and considering the low
turnover (less than 100 commits in the last year and only 350 total)
it won’t make any dent on the size of nixpkgs.

We have a monorepo, let’s use it.
2020-06-20 12:55:55 +02:00
Symphorien Gibol
433f227f70 nixos/sslh: make it possible (and the default) to listen on ipv6 2020-06-20 12:54:36 +02:00
Jörg Thalheim
26e9a3498b
nixos/home-assistant: make service reloadable
This allows quick reloads using the following trick:

$(nix-build --show-trace --no-out-link \
  -E '(with import <nixpkgs/nixos> {};
       pkgs.writeScript "update-hass-config"
       config.systemd.services.home-assistant.preStart)')
systemctl reload home-assistant
2020-06-20 10:31:27 +01:00
Maximilian Bosch
f326e5a35e
nixos/nextcloud: update upgrade-path for nextcloud19
Enhance the heuristics to make sure that a user doesn't accidentally
upgrade across two major versions of Nextcloud (e.g. from v17 to v19).

The original idea/discussion has been documented in the nixpkgs manual[1].

This includes the following changes:

* `nextcloud19` will be selected automatically when having a stateVersion
  greater or equal than 20.09. For existing setups, the package has to
  be selected manually to avoid accidental upgrades.

* When using `nextcloud18` or older, a warning will be thrown which recommends
  upgrading to `nextcloud19`.

* Added a brief paragraph about `nextcloud19` in the NixOS 19.09 release
  notes.

* Restart `phpfpm` if the Nextcloud-package (`cfg.package`) changes[2].

[1] https://nixos.org/nixos/manual/index.html#module-services-nextcloud-maintainer-info
[2] https://github.com/NixOS/nixpkgs/pull/89427#issuecomment-638885727
2020-06-20 11:30:11 +02:00
Michele Guerini Rocco
34f19a4686
Merge pull request #86253 from erictapen/printers-example
nixos/printers: fix example for hardware.printers.ensurePrinters.*.model
2020-06-20 10:15:30 +02:00
Michele Guerini Rocco
fe1245d555
Merge pull request #87270 from martinetd/mpd-fluidsynth
mpd: add services.mpd.fluidsynth option
2020-06-20 10:14:06 +02:00
Antoine Eiche
7d994ad445 nixos/nextcloud: add occ internal option
This option exposes the prefconfigured nextcloud-occ
program. nextcloud-occ can then be used in other systemd services or
added in environment.systemPackages.

The nextcloud test shows how it can be add in
environment.systemPackages.
2020-06-20 09:59:27 +02:00
Michele Guerini Rocco
41e1bd6021
Merge pull request #90635 from Twey/libinput-touchpad
libinput: ensure that we only apply touchpad options to touchpads
2020-06-20 09:58:47 +02:00
Michele Guerini Rocco
003bf184c0
Merge pull request #91116 from bbigras/rslsync-group
nixos/resilio: fix group name in documentation
2020-06-20 09:54:17 +02:00
Frederik Rietdijk
9c5e7367d1 Merge master into staging-next 2020-06-20 07:38:17 +02:00
Evils
73a90b0154 nixos/tuptime: change group/user to match upstream 2020-06-20 05:34:37 +02:00
Timo Kaufmann
4843eab3a1
Merge pull request #84135 from symphorien/btrfs-scrub-success
nixos/btrfs autoScrub: don't fail when scrub finishes successfully
2020-06-19 22:55:19 +02:00
Maximilian Bosch
a2a5aa2634
nextcloud19: init at 19.0.0
https://nextcloud.com/blog/nextcloud-hub-brings-productivity-to-home-office/
2020-06-19 22:16:52 +02:00
Bruno Bigras
ad13beeebc nixos/resilio: fix group name in documentation 2020-06-19 15:15:33 -04:00
Marek Mahut
d07ba3e962
nixos/wasabibackend: fixing description
Co-authored-by: 1000101 <b1000101@pm.me>
2020-06-19 20:07:55 +02:00
Alyssa Ross
4e69b0a899
Merge pull request #89744 from vojta001/traefik-indent-config
traefik: unify TOML generation
2020-06-19 15:23:55 +00:00
Marek Mahut
75e1819394 tests/wasabibackend: init 2020-06-19 16:44:21 +02:00
Marek Mahut
b62df8ab46 nixos/wasabibackend: init 2020-06-19 16:44:21 +02:00
datafoo
cc37d7edd7 nixos/acme: execute a single lego command
Stop trying to execute `lego renew` if that is not necessary.

Fix #86184.
2020-06-19 14:56:17 +02:00
Robert Hensing
06469493de
Merge pull request #91085 from hercules-ci/fix-dockerTools-nix-symlinks
Fix docker tools nix symlinks
2020-06-19 12:01:47 +02:00
Frederik Rietdijk
e4cd7a48f3 Merge staging-next into staging 2020-06-19 10:49:25 +02:00
Robert Hensing
caf47063b4 dockerTools: test that tar keeps nix binary symlinks intact 2020-06-19 10:08:34 +02:00
Linus Heckemann
aea806b8ea
Merge pull request #86177 from mayflower/mailman-upstream
Mailman refactor
2020-06-19 07:54:41 +02:00
Euan Kemp
460c0d608f nixos-install: error out if $mountPoint has bad permissions
The nix store more-or-less requires o+rx on all parent directories.
This is primarily because nix runs builders in a uid/gid mapped
user-namespace, and those builders have to be able to operate on the nix
store.

This check is especially helpful because nix does not produce a helpful
error on its own (rather, creating directories and such works, it's not
until 'mount --bind' that it gets an EACCES).

Helps users who run into this opaque error, such as in #67465.
Possibly fixes that issue if bad permissions were the only cause.
2020-06-18 20:10:26 -07:00
Florian Klink
a84cbb60f0
Merge pull request #91073 from danielfullmer/systemd-string-format
nixos/systemd-boot: fix incorrect string formatting
2020-06-19 02:23:25 +02:00
Daniel Fullmer
1d4dc149df nixos/systemd-boot: fix incorrect string formatting
Currently, this always writes "default nixos-generation-%d.conf" without
replacing the "%d" in the string.
Python .format() is not equivalent to "%"
2020-06-18 19:58:50 -04:00
Florian Klink
757ba1931f
Merge pull request #91068 from flokli/nixos-systemd-unit-path-types
nixos/systemd: allow str in systemd.services.<name>.path
2020-06-19 00:25:32 +02:00
Florian Klink
f5f8b08f16
Merge pull request #91065 from Infinisil/move-fontultimate
nixos/fontconfig: Move deprecated ultimate removals to relevant module
2020-06-19 00:07:46 +02:00
Florian Klink
1c9e02b911 nixos/systemd: allow str in systemd.services.<name>.path
Turns out, #75510 was too restrictive.

We also need to allow str here, as some modules set this to
"/run/wrappers" to bring `/run/wrappers/bin` into $PATH of a unit.
2020-06-19 00:02:51 +02:00
Florian Klink
c1e7366483
Merge pull request #75510 from helsinki-systems/systemd-path-type
nixos/systemd: Use a proper type for unit paths
2020-06-18 23:50:42 +02:00
Silvan Mosberger
78453e6ba6
nixos/fontconfig: Move deprecated ultimate removals to relevant module
This was a mistake in https://github.com/NixOS/nixpkgs/pull/61570, this
does not belong to prometheus
2020-06-18 23:12:18 +02:00
Florian Klink
e051dab9ff
Merge pull request #91043 from flokli/buildbot-reporters
nixos/buildbot-master: support reporters, migrate away from status
2020-06-18 23:00:44 +02:00
Linus Heckemann
d5cc8fb892 nixos/mailman: fix search index location 2020-06-18 17:23:34 +02:00
Linus Heckemann
176bc68a69 mailman: log to journal 2020-06-18 17:23:33 +02:00
Linus Heckemann
3dbbc786f5 nixos/mailman: RFC42-ise 2020-06-18 17:23:33 +02:00
Linus Heckemann
1b8af3e1ae nixos/mailman: fix clearing static files 2020-06-18 17:23:33 +02:00
Linus Heckemann
32c556b039 nixos/mailman: document, add maintainers 2020-06-18 17:23:29 +02:00
Linus Heckemann
b478e0043c nixos/mailman: refactor
- Add serve.enable option, which configures uwsgi and nginx to serve
  the mailman-web application;
- Configure services to log to the journal, where possible. Mailman
  Core does not provide any options for this, but will now log to
  /var/log/mailman;
- Use a unified python environment for all components, with an
  extraPackages option to allow use of postgres support and similar;
- Configure mailman's postfix module such that it can generate the
  domain and lmtp maps;
- Fix formatting for option examples;
- Provide a mailman-web user to run the uwsgi service by default
- Refactor Hyperkitty's periodic jobs to reduce repetition in the
  expressions;
- Remove service dependencies not related to functionality included in
  the module, such as httpd -- these should be configured in user config
  when used;
- Move static files root to /var/lib/mailman-web-static by default. This avoids
  permission issues when a static file web server attempts to access
  /var/lib/mailman which is private to mailman. The location can still
  be changed by setting services.mailman.webSettings.STATIC_ROOT;
- Remove the webRoot option, which seems to have been included by
  accident, being an unsuitable directory for serving via HTTP.
- Rename mailman-web.service to mailman-web-setup.service, since it
  doesn't actually serve mailman-web. There is now a
  mailman-uwsgi.service if serve.enable is set to true.
2020-06-18 17:21:41 +02:00
Florian Klink
9538bf50ae nixos/buildbot-master: support reporters, migrate away from status
Since Buildbot 0.9.0, status targets were deprecated and ignored.
There's a very small line on startup explaining that, and status simply
isn't reported. Avoid others the same headaches, and do it right in the
NixOS module.

As there might have been changes in the way reporters are organized, and
configuration might need to be migrated remove the old option, and not
just provide an alias.
2020-06-18 16:49:26 +02:00
John Ericson
1a26ee315f
Merge pull request #90693 from obsidiansystems/ipfs-socket-unit-precision
IPFS NixOS module: Socket unit file more precise
2020-06-18 10:36:49 -04:00
Jan Tojnar
51dad85947
nixos/hamster: fix eval
Fixes

	error: The option value `meta.maintainers' in `nixos/modules/programs/hamster.nix' is not of type `list of maintainers'.
2020-06-18 16:22:13 +02:00
Jan Tojnar
33d79f110d
nixos/openldap: fix eval
Fixes

	error: The option value `meta.maintainers' in `nixos/modules/services/databases/openldap.nix' is not of type `list of maintainers'.
2020-06-18 16:20:20 +02:00
Lassulus
7dcb8dc239
Merge pull request #90144 from pbogdan/undervolt
nixos/undervolt: misc cleanups / fixes
2020-06-18 11:52:09 +02:00
WilliButz
57a3249994
Merge pull request #90662 from srhb/redis-exporter
prometheus-redis-exporter: init at 1.7.0
2020-06-18 11:25:23 +02:00
Sarah Brofeldt
344e64a4d9 nixos/prometheus-redis-exporter: init 2020-06-18 11:13:25 +02:00
rnhmjoj
4dd95c0cfc
nixos/release-notes: mention new man.generateCaches option 2020-06-18 10:36:24 +02:00
rnhmjoj
edc6a76cc0
nixos/documentation: add option to generate caches
Previously the NixOS-specific configuration for man-db was in the
package itself and /etc/man.conf was completely ignored.
This change moves it to /etc/man_db.conf, making declarative
configuration practical again.

It's now possible to generate the mandb caches for all packages
installed through NixOS `environment.systemPackages` at build-time.
The standard location for the stateful cache (/var/cache/man) is also
configured to allow users to run `mandb` manually if they wish.

Since generating the cache can be expensive the option is off by
default.
2020-06-18 10:17:04 +02:00
Daniël de Kok
f3867b2a0d
Merge pull request #89492 from asbachb/update-netbeans
netbeans: 11.3 -> 12.0
2020-06-18 06:58:21 +02:00
Niklas Hambüchen
b3b27ed008 consul.passthru.tests: Add 2 more tests 2020-06-18 03:06:24 +02:00
Niklas Hambüchen
bcdac2e2fd consul.passthru.tests: Refactor: Extract function 2020-06-18 03:05:54 +02:00
Niklas Hambüchen
811bcbe74a consul.passthru.tests: Use correct server health test.
From: https://github.com/hashicorp/consul/issues/8118#issuecomment-645330040
2020-06-18 02:49:27 +02:00
Niklas Hambüchen
701c0eb489 consul.passthru.tests: Refactor into functions.
For better naming and commentary.
2020-06-18 02:49:27 +02:00
Cole Helbling
13e2c75c93
nixos/sudo: default rule should be first
In /etc/sudoers, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.
2020-06-17 17:48:51 -07:00
Niklas Hambüchen
a59a972413 consul.passthru.tests: Fix failure on current consul. Fixes #90613.
Done by setting `autopilot.min_quorum = 3`.

Techncially, this would have been required to keep the test correct since
Consul's "autopilot" "Dead Server Cleanup" was enabled by default (I believe
that was in Consul 0.8). Practically, the issue only occurred with our NixOS
test with releases >= `1.7.0-beta2` (see #90613). The setting itself is
available since Consul 1.6.2.

However, this setting was not documented clearly enough for anybody to notice,
and only the upstream issue https://github.com/hashicorp/consul/issues/8118
I filed brought that to light.

As explained there, the test could also have been made pass by applying the
more correct rolling reboot procedure

    -m.wait_until_succeeds("[ $(consul members | grep -o alive | wc -l) == 5 ]")
    +m.wait_until_succeeds(
    +    "[ $(consul operator raft list-peers | grep true | wc -l) == 3 ]"
    +)

but we also intend to test that Consul can regain consensus even if
the quorum gets temporarily broken.
2020-06-18 02:22:31 +02:00
Niklas Hambüchen
25d665634a consul.passthru.tests: Refactor: Extract variable 2020-06-18 02:22:29 +02:00
Niklas Hambüchen
777d1c0944 consul.passthru.tests: Refactor let bindings 2020-06-18 02:22:26 +02:00
Niklas Hambüchen
f795df26cf consul.passthru.tests: Refactor: Extract variable 2020-06-18 02:22:23 +02:00
Maximilian Bosch
0510cbe849
Merge pull request #90646 from Ma27/matrix-maintainer-team
maintainers/teams: add matrix team
2020-06-18 00:23:55 +02:00
John Ericson
4044d81d5c IPFS NixOS module: Socket unit file more precise
The systemd socket unit files now more precisely track the IPFS
configuration, by including any multaddr they can make a `ListenStream`
for. (The daemon doesn't currently support anything which would use
`ListDatagram`, so we don't need to worry about that.)

The tests use some of these features.
2020-06-17 21:43:04 +00:00
Benjamin Asbach
275a913971 netbeans: updated jdk to latest lts release 2020-06-17 23:11:53 +02:00
lewo
b20f9112d2
Merge pull request #89486 from Ma27/dovecot-mailboxes
nixos/dovecot2: turn `mailboxes`-option into an attr-set
2020-06-17 22:19:09 +02:00
Maximilian Bosch
e826a6ce03
nixos/dovecot2: refactor mailboxes option
Specifying mailboxes as a list isn't a good approach since this makes it
impossible to override values. For backwards-compatibility, it's still
possible to declare a list of mailboxes, but a deprecation warning will
be shown.
2020-06-17 22:05:58 +02:00
Maximilian Bosch
650617253e
maintainers/teams: add matrix team 2020-06-17 21:55:29 +02:00
Pascal Bach
f29063ff0b nixos/virtualbox-image: change graphics adapter to vmswga 2020-06-17 18:43:28 +02:00
Pascal Bach
6c2d12f1fa nixos/manual: recommend VMSVGA as graphics adapter
Virtualbox recommends VMSVGA for Linux guests.

It is also currently the only one supporting 3D acceleration
and it works out of the box with NixOS and auto screen resizing.
2020-06-17 18:43:27 +02:00
Pascal Bach
ec9792a3f5 nixos/virtualbox-guest: add vmware driver
VMSGVA is recommended by virtualbox for Linux clients.
Compared to VBoxVGA and VBoxSVGA it also supports 3D acceleration.

Adding the driver makes nixos work with all three supported graphics card
types.
2020-06-17 18:43:27 +02:00
Silvan Mosberger
f03e85f703
Merge pull request #74589 from tmplt/fix-physlock
nixos/physlock: add suspend-then-hibernate to lockOn.suspend units
2020-06-17 18:06:52 +02:00
Michele Guerini Rocco
4ddf9b763b
Merge pull request #83171 from rnhmjoj/hash
nixos/users: validate password hashes
2020-06-17 17:25:34 +02:00
Lassulus
98cac435f3
Merge pull request #89814 from alexfmpe/patch-3
Fix typo
2020-06-17 16:22:27 +02:00
jakobrs
2ee84ca8e2
nixos/manual: Document boot.debug1mounts and clarify what exit does with shell_on_fail (#89365)
* nixos/manual: document boot.debug1mounts

* nixos/manual: clarify what `exit` does with shell_on_fail
2020-06-17 15:36:06 +02:00
Maximilian Bosch
fc179ef8a6
nixos/dovecot2: add autoexpunge setting
To automatically purge old email.

See also https://wiki.dovecot.org/MailboxSettings
2020-06-17 01:07:27 +02:00
tmplt
51e995cc05 nixos/physlock: add suspend-then-hibernate to suspend/hibernate units 2020-06-16 23:42:56 +02:00
Florian Klink
d72530162a
Merge pull request #90604 from maralorn/systemd-oneshot-warning
nixos/systemd: Update warning for restarting oneshots
2020-06-16 23:35:22 +02:00
Jan Tojnar
75e756b8e1
Merge pull request #90051 from fabianhauser/hamster-time-tracker 2020-06-16 23:08:45 +02:00
Malte Brandy
0d4134de4a
nixos/systemd: Update warning for restarting oneshots
Restart= can be anything other than on-success and always for onehost units as of
10e72727ee
which is contained in systemd 245.
2020-06-16 22:10:12 +02:00
James Kay
912a58428c libinput: ensure that we only apply touchpad options to touchpads 2020-06-16 20:44:10 +01:00
Jörg Thalheim
a9a5016644
Merge pull request #87833 from Izorkin/sandbox-mysql 2020-06-16 18:13:43 +01:00
Jan Tojnar
7c20a53506
Merge pull request #90539 from r-ryantm/auto-update/fwupd 2020-06-16 16:43:33 +02:00
Aaron Andersen
b6108e021b
Merge pull request #89327 from mweinelt/go-neb-module
nixos/go-neb: init
2020-06-16 06:30:29 -04:00
Florian Klink
ac7a5f3685
Merge pull request #90386 from danielfullmer/systemd-bootctl-update
nixos/systemd-boot: update bootloader if needed
2020-06-16 11:33:48 +02:00
Jan Tojnar
0f0bcec11c
fwupd: Add passthru consistency test
We need to keep the passthru.filesInstalledToEtc and passthru.defaultBlacklistedPlugins in sync with the package contents so let's add a test to enforce that.
2020-06-16 11:20:55 +02:00
Florian Klink
42b92250b9 nixos/systemd-boot: fix default boot entry selection
6cd12ebcfe
changed behaviour - now the "default" entry needs to identity an entry
with its full name, including the ".conf".

Reported-In: https://github.com/NixOS/nixpkgs/issues/86422
2020-06-15 20:22:45 -04:00
Daniel Fullmer
5cd28326db nixos/systemd-boot: add test for updating 2020-06-15 20:22:45 -04:00
Daniel Fullmer
7e3519a7cf nixos/systemd-boot: update bootloader if needed 2020-06-15 20:22:45 -04:00
Andreas Rammhold
55c09a884a nixos/modules/system/boot/networkd: enable socket activation
Since cd1dedac67 systemd-networkd has it's
netlink socket created via a systemd.socket unit. One might think that
this doesn't make much sense since networkd is just going to create it's
own socket on startup anyway. The difference here is that we have
configuration-time control over things like socket buffer sizes vs
compile-time constants.

For larger setups where networkd has to create a lot of (virtual)
devices the default buffer size of currently 128MB is not enough.

A good example is a machine with >100 virtual interfaces (e.g.,
wireguard tunnels, VLANs, …) that all have to be brought up during
startup. The receive buffer size will spike due to all the generated
message from the new interfaces. Eventually some of the message will be
dropped since there is not enough (permitted) buffer space available.

By having networkd start through / with a netlink socket created by
systemd we can configure the `ReceiveBufferSize` parameter in the socket
options without recompiling networkd.

Since the actual memory requirements depend on hardware, timing, exact
configurations etc. it isn't currently possible to infer a good default
from within the NixOS module system. Administrators are advised to
monitor the logs of systemd-networkd for `rtnl: kernel receive buffer
overrun` spam and increase the memory as required.

Note: Increasing the ReceiveBufferSize doesn't allocate any memory.  It
just increases the upper bound on the kernel side. The memory allocation
depends on the amount of messages that are queued on the kernel side of
the netlink socket.
2020-06-16 00:41:41 +02:00
Samuel Dionne-Riel
04161c4c72
Merge pull request #90391 from samueldr/fix/manual-zstd-note
nixos/release-notes: Amend note about image compression
2020-06-15 14:58:39 -04:00
Samuel Dionne-Riel
0f7fb7d62f nixos/release-notes: Amend note about image compression 2020-06-15 14:46:22 -04:00
rnhmjoj
470ce4784e
nixos/users: validate password hashes 2020-06-15 20:08:36 +02:00
Florian Klink
af3c1000a4
Merge pull request #90343 from flokli/hardware-u2f-remove
hardware/u2f: remove module
2020-06-15 17:53:47 +02:00
Arian van Putten
0952336d1d nixos/acme: Move regression test into acme.nix 2020-06-15 11:05:00 +02:00
Arian van Putten
cfd672a94d nixos/acme: Also fix ordering for apache 2020-06-15 11:05:00 +02:00
Arian van Putten
681cc105ce nixos/acme: Make sure nginx is running before certs are requested
This fixes https://github.com/NixOS/nixpkgs/issues/81842

We should probably also fix this for Apache, which recently also learned
to use ACME.
2020-06-15 11:04:59 +02:00
Arian van Putten
60247e8560 nixos/acme: Add regression test for #81842 2020-06-15 11:02:31 +02:00
Arian van Putten
61f834833b nixos/acme: turn around test probes' dependencies
Reads a bit more naturally, and now the changes to the
acme-${cert}.service actually reflect what would be needed were you to
do the same in production.

e.g.  "for dns-01, your service that needs the cert needs to pull in the
cert"
2020-06-15 11:02:30 +02:00
Frederik Rietdijk
59dda0a42a Merge master into staging-next 2020-06-15 08:07:00 +02:00
Silvan Mosberger
4c67f879f0
Merge pull request #90380 from mdlayher/mdl-corerad-passasfile
nixos/corerad: use passAsFile while converting settings JSON to TOML
2020-06-15 00:42:25 +02:00
Maximilian Bosch
e8245546f8
Merge pull request #90297 from lheckemann/other-distro-tool-install-command
manual: use less weird way of installing nixos tools
2020-06-15 00:37:57 +02:00
Matt Layher
562beabff3
nixos/corerad: use passAsFile while converting settings JSON to TOML
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-14 13:30:17 -04:00
Silvan Mosberger
00e448172f
Merge pull request #89781 from mdlayher/mdl-corerad-settings 2020-06-14 16:48:54 +02:00
Matt Layher
f1a4b100fd
nixos/corerad: add settings option to supersede configFile
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-14 10:07:16 -04:00
Florian Klink
89c3e73dad hardware/u2f: remove module
udev gained native support to handle FIDO security tokens, so we don't
need a module which only added the now obsolete udev rules.

Fixes: https://github.com/NixOS/nixpkgs/issues/76482
2020-06-14 15:13:31 +02:00
eyjhb
7279428096
boot.initrd.luks.devices: add preOpenCommands and postOpenCommands 2020-06-14 12:03:00 +02:00
Linus Heckemann
01ee5c9271 manual: use less weird way of installing nixos tools 2020-06-14 10:39:43 +02:00
Peter Hoeg
eb62c7edc8
Merge pull request #90261 from prusnak/installer-zstd-rm
images: remove original files when using zstd for compression
2020-06-14 10:39:10 +08:00
rnhmjoj
14aa8d9b75
nixos/tests/ncdns: add test 2020-06-14 01:09:33 +02:00
rnhmjoj
e23c57c347
nixos/ncdns: init module 2020-06-14 01:09:33 +02:00
Pavol Rusnak
490fc040be
images: remove original files when using zstd for compression 2020-06-14 00:19:11 +02:00
Michele Guerini Rocco
1d924f0354
Merge pull request #89772 from rnhmjoj/dnschain
dnschain: remove
2020-06-13 13:37:02 +02:00
rnhmjoj
8fa6c0d12d
nixos/release-notes: document dnschain removal 2020-06-13 12:33:31 +02:00
rnhmjoj
2e5019b92c
dnschain: remove package and NixOS module
The software is unmaintained since ~2014 and the package
can't be built anymore (issue #89205).
2020-06-13 12:33:31 +02:00
Arian van Putten
71a6d32c18 nixos/timesyncd: Make dbus-activatible
Upstream has this alias too; so that dbus activation works.
What I don't fully understand is why this would ever be useful given
this unit is already started way in early boot; even before dbus is up.
But lets just keep behaviour similar to upstream and then ask these
questions to upstream.
2020-06-13 12:23:45 +02:00
Arian van Putten
cd1dedac67 nixos/networkd: Make activatible through dbus and netlink
With this systemd buffers netlink messages in early boot from the kernel
itself; and passes them on to networkd for processing once it's started.
Makes sure no routing messages are missed.

Also makes an alias so that dbus can activate this unit. Upstream has
this too.
2020-06-13 12:23:45 +02:00
Arian van Putten
0e18e5db99 nixos/resolved: Include dbus alias of resolved unit
This will make dbus socket activation for it work

When `systemd-resolved` is restarted; this would lead to unavailability
of DNS lookups.  You're supposed to use DBUS socket activation to buffer
resolved requests; such that restarts happen without downtime
2020-06-13 12:23:45 +02:00
Frederik Rietdijk
1523382160 Merge master into staging-next 2020-06-13 11:02:21 +02:00
Emery Hemingway
b8a9e3eea1 nixos/lib/make-disk-image.nix: VDI support 2020-06-13 11:08:48 +05:30
John Ericson
1c4480e931
Merge pull request #90157 from obsidiansystems/socket-based-ipfs
Add socket-based IPFS support
2020-06-12 18:31:01 -04:00
Matthew Bauer
2c2f6c0b38 nixos/ipfs: only set listenstream when gateway/api is default 2020-06-12 17:15:34 -05:00
Matthew Bauer
982a17a48e nixos/ipfs: always expose sockets 2020-06-12 17:15:34 -05:00
Matthew Bauer
fa06d8f961 nixos/ipfs: actually use upstream systemd units 2020-06-12 17:15:34 -05:00
Matthew Bauer
b36ef706fb nixos/ipfs: add startWhenNeeded option
This makes it possible to only start IPFS when needed. So a user’s
IPFS daemon only starts when they actually use it.

A few important warnings though:

  - This probably shouldn’t be mixed with services.ipfs.autoMount
    since you want /ipfs and /ipns aren’t activated like this
  - ipfs.socket assumes that you are using ports 5001 and 8080 for the
    API and gateway respectively. We could do some parsing to figure
    out what is in apiAddress and gatewayAddress, but that’s kind of
    difficult given the nonstandard address format.
  - Apparently? this doesn’t work with the --api commands used in the tests.

Of course you can always start automatically with startWhenNeeded =
false, or just running ‘systemctl start ipfs.service’.

Tested with the following test (modified from tests/ipfs.nix):

  import ./make-test-python.nix ({ pkgs, ...} : {
    name = "ipfs";

    nodes.machine = { ... }: {
      services.ipfs = {
        enable = true;
        startWhenNeeded = true;
      };
    };

    testScript = ''
      start_all()

      machine.wait_until_succeeds("ipfs id")
      ipfs_hash = machine.succeed("echo fnord | ipfs add | awk '{ print $2 }'")

      machine.succeed(f"ipfs cat /ipfs/{ipfs_hash.strip()} | grep fnord")
    '';
  })

Fixes #90145

Update nixos/modules/services/network-filesystems/ipfs.nix

Co-authored-by: Florian Klink <flokli@flokli.de>
2020-06-12 17:15:27 -05:00
Jörg Thalheim
8df5edc153
Merge pull request #87178 from hax404/teeworlds-module-test
nixos/{modules,tests}/teeworlds: init
2020-06-12 19:52:06 +01:00
Maximilian Bosch
267b93da34
Merge pull request #89662 from aanderse/ssmtp
nixos/ssmtp: add settings option
2020-06-12 16:09:13 +02:00
Michele Guerini Rocco
a2fd1ba544
Merge pull request #89159 from datafoo/fix-issue-89158
nixos/networking: check interface state files exist before acting on them
2020-06-12 15:31:57 +02:00
Aaron Andersen
ad2330f642 nixos/ssmtp: drop authPass option in favor of authPassFile, or services.ssmtp.settings.AuthPass if absolutely required 2020-06-12 06:41:56 -04:00
Frederik Rietdijk
febc27b59a Merge master into staging-next 2020-06-12 08:57:26 +02:00
Matthew Bauer
c5f40198f3 nixos/ipfs: consolidate services into one ipfs.service
Previously we had three services for different config flavors. This is
confusing because only one instance of IPFS can run on a host / port
combination at once. So move all into ipfs.service, which contains the
configuration specified in services.ipfs.

Also remove the env wrapper and just use systemd env configuration.
2020-06-11 15:27:22 -05:00
Matthew Bauer
74ff433320 nixos/ipfs: remove unused auto migrate feature 2020-06-11 14:32:06 -05:00
Samuel Dionne-Riel
476c8e0754 sd-image-raspberrypi4: mount boot partition
This should have been done initially, as otherwise it gets awfully
awkward to boot into new generations by default.

This system-specific image wasn't expected to be long-lived, thus why it
didn't end up being polished much.

Reality shows us we may be stuck with it for a bit longer, so let's make
it easier to use for new users.
2020-06-11 14:41:18 -04:00
Samuel Dionne-Riel
34caab71bb sd-image: Make firmware partition name configurable
This will be helpful in the now too-long-lived image for the Raspberry
Pi 4. We'll be able to properly configure the partition to be useful.
2020-06-11 14:41:18 -04:00
Samuel Dionne-Riel
37e50ca635 raspberrypi-builder: ensure scripts fails on error
The way this ends up being called with the raspberry pi 4 image builder
ends up not using the `-e` from the shebang.

In turn, the builds fails during cross-compilation. The wrong coreutils
ends up being used, but this is not made apparent.

The issue I faced is already fixed on master, but this ensures no one
ends up with a failed build "succeeding".
2020-06-11 14:41:18 -04:00
adisbladis
a5a52e8c73
Merge pull request #88718 from adisbladis/vmware-xorg-driver-defaults
services.x11.videoDrivers: Don't include vmware driver on non-x86 platforms
2020-06-11 19:03:24 +02:00
adisbladis
1a5dafcd5b
services.x11.videoDrivers: Don't include vmware driver by default
A better option for vmware guests is to set `virtualisation.vmware.guest.enable`.
2020-06-11 18:49:29 +02:00
Martin Milata
876bf3abc9 nixos/prometheus-lnd-exporter: init 2020-06-11 18:23:54 +02:00
Matthew Bauer
656783a3d1
Merge pull request #89540 from Patryk27/fixes/lxd-lxcfs
Fix `lxd`, so that it works with `lxcfs`
2020-06-11 10:49:40 -05:00
Matthew Bauer
a4959d36ef
Merge pull request #90128 from vcunat/p/locales-priority
nixos i18n.supportedLocales: increase systemPackages priority
2020-06-11 10:44:35 -05:00
Piotr Bogdan
afae933693 nixos/undervolt: simplify CLI args generation 2020-06-11 15:24:28 +01:00
Piotr Bogdan
24e0e05654 nixos/undervolt: use int type for numeric options 2020-06-11 15:24:28 +01:00
Piotr Bogdan
f224b243db nixos/undervolt: fix up options' descriptions
The default `undervolt` package does not accept floating point numbers for any of its numeric
arguments. This also mentions in what units are the values expressed.
2020-06-11 15:24:28 +01:00
Piotr Bogdan
6fb11e5227 nixos/undervolt: add a warning for the enable option
Also use the convenience `mkEnableOption` function for simplicity.
2020-06-11 15:24:28 +01:00
WilliButz
3190ba12f7
Merge pull request #90077 from mdlayher/mdl-nixos-apcupsd
nixos/prometheus-apcupsd-exporter: new module
2020-06-11 15:23:33 +02:00
WilliButz
016a538f71
Merge pull request #89810 from mdlayher/mdl-keylight-exporter
prometheus-keylight-exporter: init at 0.1.1
2020-06-11 15:14:17 +02:00
Vladimír Čunát
92aa60918f
nixos i18n.supportedLocales: increase systemPackages priority
https://discourse.nixos.org/t/conflict-between-glibc-and-glibclocales-workaround-inside/7608
2020-06-11 10:22:20 +02:00
Matt Layher
e45146d94b
nixos/prometheus-apcupsd-exporter: new module
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-10 17:33:41 -04:00
Fabian Hauser
9c95e8150a hamster: init at 3.0.2 2020-06-10 22:05:18 +02:00
Jörg Thalheim
7a4ee350b0
Merge pull request #90027 from Mic92/redis
nixos/redis: add redis group
2020-06-10 19:02:15 +01:00
Vladimír Čunát
13add13388
Merge branch 'master' into staging-next
... to resolve a trivial conflict in libpcap.
2020-06-10 20:00:44 +02:00
David Izquierdo
f2d1568282 transmission: add libstdc++ and libgcc_s permissions to apparmor profile 2020-06-10 19:50:24 +02:00
Matt Layher
e77426822f
nixos/prometheus-keylight-exporter: new module
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-10 13:12:43 -04:00
Vladimír Čunát
a5f5d020c6
Merge branch 'staging-next' 2020-06-10 16:13:48 +02:00
José Romildo Malaquias
a421af29e4
nixos/opensmtpd: add a setgid wrapper for smtpctl (#89962)
The setgid is currently required for offline enqueuing, and
unfortunately smtpctl is currently not split from sendmail so there's
little running around it.
2020-06-10 15:08:36 +02:00
Izorkin
eed170d9ab nixos/mysql: fix init databases on first start in sandbox mode 2020-06-10 12:38:42 +03:00
Izorkin
a9d5f088b5 nixos/mysql: update tmpfiles rules 2020-06-10 12:38:42 +03:00
Izorkin
df7e52814d nixos/mysql: enable sandbox mode 2020-06-10 12:38:40 +03:00
Jörg Thalheim
10acf9ae00
nixos/redis: add redis group 2020-06-10 08:58:34 +01:00
Vladimír Čunát
16024fcaec
Merge branch 'staging-next' into staging
In particular, this fixes ISO evaluation.
2020-06-10 09:42:36 +02:00
Vladimír Čunát
6e9bb30566
Merge branch 'master' into staging-next
In particular, this fixes ISO evaluation.
2020-06-10 09:41:53 +02:00
Vladimír Čunát
bc69d29164
Merge #89903: nixos/make-iso9660: fix zstd input 2020-06-10 08:40:03 +02:00
Peter Hoeg
5a0e9e63c7
Merge pull request #89457 from NixOS/f/pam_ordering
nixos/pam: mount encrypted home earlier
2020-06-10 10:12:21 +08:00
Jan Tojnar
acb53e0698
Merge branch 'staging-next' into staging 2020-06-10 04:10:57 +02:00
Jan Tojnar
c637cbe992
Merge branch 'master' into staging-next 2020-06-10 04:10:34 +02:00
zimbatm
9494fdeeb3
Merge pull request #70327 from abbradar/synapse-plugins
Refactor Synapse plugins, add matrix-synapse-pam
2020-06-09 23:54:54 +02:00
Jan Tojnar
35159ca5a2
Merge pull request #89881 from zowoq/gnome-artwork
nixos/gnome3: nixos-artwork -> pkgs.nixos-artwork
2020-06-09 15:10:18 +02:00
Finn Behrens
f73436b374
nixos/make-iso9660: fix zstd input 2020-06-09 11:39:26 +02:00
Eelco Dolstra
51e8a82f1e
Merge pull request #89297 from Ma27/bump-hydra
hydra-unstable: 2020-04-16 -> 2020-06-01
2020-06-09 11:19:47 +02:00
zowoq
fa607bc939 nixos/gnome3: nixos-artwork -> pkgs.nixos-artwork 2020-06-09 15:33:37 +10:00
Patryk Wychowaniec
8ae7ac9e8c
lxd: Add tests 2020-06-08 21:35:47 +02:00
Izorkin
1086ae52fb nixos/ssh: add crypto options 2020-06-08 22:10:36 +03:00
Alexandre Esteves
063043fa63
Fix typo 2020-06-08 16:47:46 +01:00
Frederik Rietdijk
8576d24b2a Merge staging-next into staging 2020-06-08 12:08:51 +02:00
Frederik Rietdijk
dc33419285 Merge master into staging-next 2020-06-08 12:06:12 +02:00
Florian Klink
b56c66e7e8
Merge pull request #89762 from nlewo/nextcloud-oc_pass
nixos/nextcloud: preserve OC_PASS env variable in the occ wrapper
2020-06-08 10:57:49 +02:00
Florian Klink
3590f02e7d
Merge pull request #88574 from JJJollyjim/qemu-vm-qboot-opt
nixos/qemu-vm: add option to use qboot
2020-06-08 10:46:11 +02:00
Jamie McClymont
55912f3535 nixos/qemu-vm: add option to use a non-standard BIOS
I'd like to change the default on x86 platforms to qboot at some point, since it
saves a fair bit of startup time.
2020-06-08 11:21:53 +12:00
Antoine Eiche
cb682317b0 nixos/nextcloud: preserve OC_PASS env variable in the occ wrapper
The OC_PASS environment variable can be used to create a user with
`occ user:add --password-from-env`. It is currently not possible to
use the `nextcloud-occ` to "non-interactively" create a user since
this variable is ignored by sudo.
2020-06-07 20:47:11 +02:00
worldofpeace
d508591039
Merge pull request #86163 from worldofpeace/wallpaper-refactor
Gnome and Pantheon: install nixos wallpapers
2020-06-07 14:44:59 -04:00
Marek Mahut
7b9d7cc05d
Merge pull request #85947 from prusnak/images-zstd
Use zstd for ISO and SD images
2020-06-07 19:09:43 +02:00
Nadrieril
e4f445008e
boot: fix order of arguments for hasPrefix (#89751) 2020-06-07 18:43:15 +02:00
Vojtěch Káně
a5e6901702 traefik: unify TOML generation
As a side effect, the dynamic config file is now indented
2020-06-07 17:19:45 +02:00
Aaron Andersen
6394b12a07 nixos/ssmtp: add settings option 2020-06-07 10:28:22 -04:00
Frederik Rietdijk
d0532e79ae Merge staging-next into staging 2020-06-07 09:25:46 +02:00
Frederik Rietdijk
6b8223e634 Merge master into staging-next 2020-06-07 09:25:12 +02:00
Georg Haas
6d1ca7db4a
nixos/{modules,tests}/teeworlds: init
add module and test
2020-06-06 17:06:23 +02:00
Janne Heß
644f9e74e7
nixos/freeswitch: Unit improvements and add fs_cli
This switches the unit to Restart=on-failure and switches the CPU policy
to fifo (the daemon tries to do that itself, but is denied permission).

Also add the package to $PATH to be able to use fs_cli easily.
2020-06-05 20:16:43 +02:00
Frederik Rietdijk
1c68570ab2 Merge staging-next into staging 2020-06-05 19:42:16 +02:00
Frederik Rietdijk
43f71029cc Merge master into staging-next 2020-06-05 19:40:53 +02:00
Jörg Thalheim
7048a817b2
Merge pull request #85418 from lopsided98/grub-initrd-secrets 2020-06-05 16:03:48 +01:00
Patryk Wychowaniec
6c6924b2eb
lxd: When lxcfs is enabled, start lxd with explicit LXD_LXC_TEMPLATE_CONFIG 2020-06-05 16:37:31 +02:00
Patryk Wychowaniec
72e80cdc54
lxd: Add proper support for nftables 2020-06-05 16:37:31 +02:00
Florian Klink
47d4cd2c31
Merge pull request #87878 from Izorkin/mariadb-update
mariadb: 10.4.12 -> 10.4.13
2020-06-05 15:15:36 +02:00
Eelco Dolstra
b00463d406
Merge pull request #89479 from edolstra/nix-2.4-completion
Don't enable nix-bash-completions when using Nix 2.4
2020-06-05 13:29:10 +02:00
Jörg Thalheim
abb2f6038c
Merge pull request #89525 from Mic92/cgmanager 2020-06-05 11:46:42 +01:00
Florian Klink
c055fc0319
Merge pull request #89510 from flokli/buildbot-pbPort
nixos/buildbot-master: fix typo in services.buildbot-master.bpPort
2020-06-05 11:50:25 +02:00
Jörg Thalheim
073d2fc4d5
cgmanager: remove
fixes #30023
2020-06-05 09:47:12 +01:00
Vladimír Čunát
677e3960b5
Merge #82342: rustPlatform: increase build-speed of checkPhase
...for rust-packages (into staging)
2020-06-05 09:12:30 +02:00
Florian Klink
1fd972bd50 nixos/buildbot-master: fix typo in services.buildbot-master.bpPort
It's pbPort, and it's also a connection string, meaning
listen-on-localhost is also possible. Provide an alias for the old
option name, so old configs still work.
2020-06-05 01:29:03 +02:00
Ben Wolsieffer
14eceb5991 nixos/grub: support initrd secrets 2020-06-04 18:30:46 -04:00
Ben Wolsieffer
50a5e5597a nixos/stage-1: make boot.initrd.secrets appear in the manual 2020-06-04 17:53:29 -04:00
Frederik Rietdijk
b7ff746540 python3: now points to python38
Note this also means python3Minimal is now also Python 3.8.

This reverts commit eb1369670b and adds more.
2020-06-04 18:08:29 +02:00
Frederik Rietdijk
08900c0554 Merge master into staging-next 2020-06-04 15:25:54 +02:00
Robin Gloster
79454f15ac
gitlab: 12.10.8 -> 13.0.3
https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
https://about.gitlab.com/releases/2020/05/29/gitlab-13-0-3-released/

The gitaly gitlab-shell config has moved into gitaly.toml. See
https://gitlab.com/gitlab-org/gitaly/-/issues/2182 for more info.
2020-06-04 14:32:39 +02:00
Eelco Dolstra
bbfc47326b Don't enable nix-bash-completions when using Nix 2.4
2.4 has its own completion script which collides with
nix-bash-completions.
2020-06-04 14:18:18 +02:00
Peter Hoeg
66e040eaac nixos/pam: mount encrypted home earlier
This patch was done by curro:

The generated /etc/pam.d/* service files invoke the pam_systemd.so
session module before pam_mount.so, if both are enabled (e.g. via
security.pam.services.foo.startSession and
security.pam.services.foo.pamMount respectively).

This doesn't work in the most common scenario where the user's home
directory is stored in a pam-mounted encrypted volume (because systemd
will fail to access the user's systemd configuration).
2020-06-04 13:14:30 +08:00
Martin Weinelt
d72a7360c2
nixos/tests/go-neb: init
Simple test to start the unit with a dummy client and a dummy service
and check if it can receive webhooks.
2020-06-04 01:44:33 +02:00
Michael Weiss
a448d9156b
Merge pull request #89407 from primeos/empty-hostname-fix
nixos: Allow empty hostnames again
2020-06-03 16:18:28 +02:00
Michael Weiss
a6afdbb70b
nixos: Allow empty hostnames again
This fixes a regression from 993baa587c which requires
networking.hostName to be a valid DNS label [0].
Unfortunately we missed the fact that the hostnames may also be empty,
if the user wants to obtain it from a DHCP server. This is even required
by a few modules/images (e.g. Amazon EC2, Azure, and Google Compute).

[0]: https://github.com/NixOS/nixpkgs/pull/76542#issuecomment-638138666
2020-06-03 15:23:37 +02:00
Eelco Dolstra
aef2bc1330
nix: 2.3.6 -> 2.3.6 2020-06-03 14:57:39 +02:00
Jörg Thalheim
4cbf76797e
Merge pull request #89337 from mweinelt/hass-yaml-fun 2020-06-03 11:19:03 +01:00
Symphorien Gibol
11d6318a01 Revert "Revert "ibus: fix dconf db installation""
This reverts commit ee5cba24c3.
2020-06-02 22:34:59 +02:00
Symphorien Gibol
3dbd629fa4 ibus: fix installation of dconf database
Fixes this warning at ibus-daemon startup:

(ibus-dconf:15691): dconf-WARNING **: 21:49:24.018: unable to open file '/etc/dconf/db/ibus': Failed to open file ?/etc/dconf/db/ibus?: open() failed: No such file or directory; expect degraded performance
2020-06-02 22:32:03 +02:00
Martin Weinelt
da6b277f96
nixos/home-assistant: allow arbitrary yaml functions 2020-06-02 15:51:35 +02:00
Maximilian Bosch
c18016cfbf
hydra-unstable: 2020-04-16 -> 2020-06-01 2020-06-02 15:39:42 +02:00
Martin Weinelt
642e9916c6
nixos/go-neb: init 2020-06-02 15:25:05 +02:00
Graham Christensen
4512cd1385
Merge pull request #60174 from exarkun/patch-2
Fix the rootPartitionUUID description
2020-06-02 08:54:51 -04:00
Jamie McClymont
44007dec5c nixos/nginx: ensure all variants have a basic level of testing 2020-06-02 21:55:48 +12:00
Jörg Thalheim
53d0dc6638
Merge pull request #51270 from aneeshusa/enable-setuid-wrapper-for-chsh
nixos/shadow: create setuid wrapper for chsh
2020-06-02 10:50:31 +01:00
Florian Klink
8a388c8296
Merge pull request #82258 from erikarvstedt/fix-xchg-caching
fix inconsistent caching of VM xchg dirs
2020-06-01 22:34:48 +02:00
Erik Arvstedt
d85dc4f690
qemu-vm: fix inconsistent caching of xchg dirs
xchg is advertised as a bidirectional exchange dir, but file content
transfer from host to VM fails due to caching:
If a file is read in the VM and then modified on the host, subsequent
re-reads in the VM can yield old, cached data.
This is caused by the use of 9p's cache=loose mode that is explicitly
meant for read-only mounts.

9p doesn't provide any suitable cache modes, so fix this by disabling
caching.

Also, remove a now unnecessary sync in the test driver.
2020-06-01 21:55:33 +02:00
Lassulus
29062cec8d
Merge pull request #88744 from davidak/chromium-example
nixos/chromium: add example and update description
2020-06-01 18:24:01 +02:00
Florian Klink
a2eccf3a30
Merge pull request #89274 from flokli/nscd-disable-positive-hosts-caching
nixos/nscd: set positive hosts caching ttl to 0
2020-06-01 17:24:02 +02:00
Maximilian Bosch
78ca0c506b
Merge pull request #89240 from jakobrs/formally-to-formerly
nixos/libvirtd: correct spelling
2020-06-01 17:14:54 +02:00
Wout Mertens
976187729e
Merge pull request #73350 from NixOS/wmertens-nixos-boot-doc
nixos boot doc: document boot.debug1devices
2020-06-01 12:01:58 +02:00
Notkea
ab327b27a1
nixos/mautrix-telegram: add module (#63589) 2020-06-01 08:45:04 +00:00
Notkea
523743157a
matrix-appservice-discord: init at 0.5.2 (#62744)
* matrix-appservice-discord: init at 0.5.2

* nixos/matrix-appservice-discord: add module
2020-06-01 08:43:38 +00:00
Nikolay Amiantov
cd92184f3d
matrix-synapse service: add plugins option 2020-06-01 10:30:22 +02:00
Tom Fitzhenry
f3c8acc0bb nixos/doc: update stale fn name s/copy_file_from_host/copy_from_host/
This was renamed in the Perl -> Python test driver migration.
2020-06-01 18:05:58 +10:00
Florian Klink
09244cbd98 nixos/nscd: set positive hosts caching ttl to 0
This effectively disables nscd's built-in hosts cache, which turns out
to be erratic in some cases.

We only use nscd these days as a more ABI-neutral NSS dispatcher
mechanism.

Local caching should still be possible with local resolvers in
/etc/resolv.conf (via the `dns` NSS module), or without local resolvers
via systemd-networkd (via the `resolve` nss module)

We don't set enable-cache to no due to
https://github.com/NixOS/nixpkgs/pull/50316#discussion_r241035226.
2020-06-01 01:12:43 +02:00
Mario Rodas
c9d9ba0f7b
Merge pull request #83307 from servalcatty/fix/v2ray-check
nixos/v2ray: check v2ray config during the build time
2020-05-31 16:32:03 -05:00
Florian Klink
09a7612cbe
Merge pull request #88434 from pstch/patch-2
nixos/haproxy: add reloading support, use upstream service hardening
2020-05-31 23:11:44 +02:00
Hugo Geoffroy
c784d3ab76 nixos/haproxy: add reloading support, use upstream service hardening
Refactor the systemd service definition for the haproxy reverse proxy,
using the upstream systemd service definition. This allows the service
to be reloaded on changes, preserving existing server state, and adds
some hardening options.
2020-05-31 22:35:27 +02:00
Florian Klink
4cd605f3ca
Merge pull request #62671 from kfiz/networking-proxy_arp-fix
tasks/network-interfaces.nix: Enable ip_forwarding for ipv4 and p…
2020-05-31 22:22:49 +02:00
Maximilian Bosch
59e8e7a129
rust: improve docs
Co-authored-by: cole-h <cole.e.helbling@outlook.com>
Co-authored-by: asymmetric <lorenzo@mailbox.org>
2020-05-31 21:47:32 +02:00