Commit Graph

11168 Commits

Author SHA1 Message Date
gnidorah
fe01afae42 nixos/jack: option to adjust dmix buffering (#62854) 2019-06-09 11:40:22 +02:00
Nikolay Amiantov
1d7d5d9be6
Merge pull request #62885 from abbradar/mtproxy
mtprotoproxy: init package and service
2019-06-09 12:17:41 +03:00
Nikolay Amiantov
05c1addde3 mtprotoproxy service: init 2019-06-09 11:49:03 +03:00
Izorkin
82ad143a51
nixos/zsh: move zsh setopt 2019-06-09 00:13:01 +02:00
Sarah Brofeldt
635e3b1e6f
Merge pull request #62758 from peterhoeg/f/zm
nixos/zoneminder: font files cannot be found
2019-06-08 14:36:04 +02:00
Samuel Dionne-Riel
fd0f8adaab nixos/desktop-managers/xterm: Defaults to xserver's state
This enhances #61423, which removed the gating of desktop-managers from
being linked to the xserver's state.

This, though, brought in xterm into all systems, even those without X
servers.

This change sets the *default* of the xterm desktop-manager to the state
of the xserver, keeping it enabled by default as a sane fallback.

The xterm desktop-manager can still be enabled or disabled as needed,
without it being affected by xserver's state.
2019-06-08 01:01:22 -04:00
Franz Pletz
2587df7f02
cryptsetup: enable kernel crypto api support again
This is needed for tcrypt and the benchmark subcommand. If enabled,
it is also used to unlock LUKS2 volumes and therefore the kernel modules
providing this feature need to be available in our initrd.

Fixes #42163. #54019.
2019-06-07 22:15:35 +02:00
Franz Pletz
3827343aec
Merge pull request #62452 from Ma27/package-wireguard-prometheus-exporter
prometheus-wireguard-exporter: init at 2.0.1
2019-06-07 16:50:39 +00:00
Maximilian Bosch
bf09e6a14e
prometheus-wireguard-exporter: init at 2.0.1
This is a simple exporter which exports the information
provided by `wg show all dump` to prometheus.

Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
2019-06-07 17:40:44 +02:00
zimbatm
18ae1ecf03
nixos/cryptpad: add module 2019-06-07 13:02:51 +02:00
Jörg Thalheim
48bb168e26
zfs: 0.7.13 -> 0.8.0 (#62763)
zfs: 0.7.13 -> 0.8.0
2019-06-07 11:15:37 +01:00
Peter Hoeg
255550e003 nixos/systemd: enable systemd-tmpfiles-setup and -clean for user sessions 2019-06-07 14:52:46 +08:00
Graham Christensen
9d11c30cf9
Merge pull request #62779 from grahamc/containers-restart
Restart declarative containers when their host environment configuration changes
2019-06-06 12:57:23 -04:00
Graham Christensen
b2fbbad107
nixos containers: restart containers with autoStart = true when their conf changes 2019-06-06 11:57:08 -04:00
Graham Christensen
e7872cda4b
nixos containers: don't shadow config, rename to containerConfig 2019-06-06 11:57:05 -04:00
Aaron Andersen
fae95c2c82
Merge pull request #60021 from aanderse/httpd-cleanup
nixos/httpd: cleanup old apache2.2 syntax
2019-06-06 06:46:05 -04:00
Eelco Dolstra
4bb48e7f99
wireguard: Don't fail if modprobe fails
This can lead to unnecessary failures if the kernel module is already
loaded:

  Jun 06 12:38:50 chef bglisn9bz0y5403vdw9hny0ij43r41jk-unit-script-wireguard-wg0-start[13261]: modprobe: FATAL: Module wireguard not found in directory /run/booted-system/kernel-modules/lib/modules/4.19.36
2019-06-06 12:40:30 +02:00
Jörg Thalheim
11b8a5f20e
zfs: 0.7.13 -> 0.8.0
Same as zfsUnstable for the moment.
We still keep the zfsUnstable expression as we likely
need it in the near future again.
Also remove spl since it is no longer needed.
2019-06-06 10:07:43 +01:00
Peter Hoeg
527876038e nixos/zoneminder: font files cannot be found 2019-06-06 14:15:01 +08:00
Matthew Bauer
f8c12edfdf
Merge pull request #62333 from kampka/buildPackages-for-config-builders
Build packages for config builders
2019-06-05 14:47:16 -04:00
Vladimír Čunát
c0ccf42c69
Merge branch 'staging-next' into staging 2019-06-05 11:12:34 +02:00
worldofpeace
094e150804
Merge pull request #61729 from worldofpeace/geoclue/no-root
nixos/geoclue2: don't run as root
2019-06-04 23:11:34 -04:00
worldofpeace
cc5ec447a0
Merge pull request #62623 from michaelpj/fix/localtime-geoclue
localtime: set geoclue config
2019-06-04 22:36:28 -04:00
worldofpeace
87ec4fa2d1
Merge pull request #62624 from michaelpj/fix/redshift-geoclue
redshift: add geoclue config
2019-06-04 22:35:25 -04:00
danbst
f7940bb95d nixos/containers: give a name to an anonymous container module
See https://github.com/NixOS/nixpkgs/issues/15747. Previously this module was called `<unknown-file>`
in error messages, now it is called a bit more close to real:
```
module at /home/danbst/dev/nixpkgs/nixos/modules/virtualisation/containers.nix:470
```
2019-06-05 03:11:09 +03:00
Michael Peyton Jones
efbd890f99
nixos: add throttled service 2019-06-04 22:30:38 +01:00
Silvan Mosberger
08f2e282e1
nixos/deluge: add autFile, config and port options (#58552)
nixos/deluge: add autFile, config and port options
2019-06-04 23:16:06 +02:00
Matthew Bauer
22039a182e
Merge pull request #62606 from Shados/fix-62602
nixos/grub: Add defaultText for font option
2019-06-04 14:34:13 -04:00
Brice Waegeneire
2fa256bd55 nixos/deluge: add authFile, config & port options 2019-06-04 18:08:11 +02:00
WilliButz
1800e49a0b
nixos/ids: remove avahi uid/gid 2019-06-04 00:22:49 +02:00
WilliButz
49302dc593
nixos/avahi: refactor module, add option extraServiceFiles
Types are now specified for all options.
The fixed uid and gid for the avahi user have been removed
and the user avahi is now in the group avahi.
The the generic opening of the firewall for UDP port 5353 is
now optional, but still defaults to true.

The option `extraServiceFiles` was added to specify avahi
service definitions, which are then placed in `/etc/avahi/services`.
2019-06-04 00:22:48 +02:00
Bas van Dijk
f6ba5b91e8
Merge pull request #62616 from basvandijk/strongswan-5.8.0
strongswan: 5.7.2 -> 5.8.0
2019-06-03 23:43:20 +02:00
Vladimír Čunát
ee86a325dd
Merge branch 'staging-next' into staging
Conflicts (simple):
	nixos/doc/manual/release-notes/rl-1909.xml
2019-06-03 22:34:49 +02:00
Silvan Mosberger
b9ffded489
jack module: init (#57712)
jack module: init
2019-06-03 19:18:04 +02:00
Michael Peyton Jones
01d06dc35f
redshift: add geoclue config
The geoclue module now lets us set application config. This should make
it more robust in desktop environments that don't define a geoclue
agent.

Fixes #45994.
2019-06-03 18:13:21 +01:00
Michael Peyton Jones
d3a4a5bd95
localtime: set geoclue config
The geoclue module now lets us set application config. This should make
it more robust in environments that don't provide a geoclue agent.

Fixes #44725.
2019-06-03 18:12:33 +01:00
Bas van Dijk
1959799d51 strongswan: 5.7.2 -> 5.8.0 2019-06-03 18:01:55 +02:00
Maximilian Bosch
0dbdb2e21d
Merge pull request #62528 from eadwu/compton/wintypes-conflict
compton: try not to conflict wintypes
2019-06-03 15:41:37 +02:00
Andreas Rammhold
7508490770
nixos/test: remove the stateVersion statement from the test-instrumentation
We set stateVersion to `mkDefault 18.03` in
`nixos/modules/testing/test-instrumentation.nix` and in
`modules/installer/cd-dvd/installation-cd-base.nix`.

Accessing the stateVersion in the module system from within the tests
results in the following error:
> The unique option `system.stateVersion' is defined multiple times, in
> `nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-base.nix' and
> `nixpkgs/nixos/modules/testing/test-instrumentation.nix'.

There are other tests that use it as well. Namely the radicale test also
verifies behaviour between state versions is as expected. It switches a
package default value. Others switched on the state directory default.
It seems like having the timesyncd switch as part of every rendered
activationScript might cause this weird error.

Removing this line seems like a reasonable thing to do since we actually
set the default to the very same value in the module system. This line
should have been no-op besides the issue that we've two statements
setting it in this very specific case.
2019-06-03 15:05:24 +02:00
Andreas Rammhold
9077623324
nixos/misc: warn when someone is using the nixops autoLuks module
The autoLuks module is not really compatible with the updated systemd
version anymore. We started dropping NixOS specific patches that caused
unwanted side effects that we had to work around otherwise.

This change points users towards the relevant PR and spits out a bit of
information on how to deal with the situation.
2019-06-03 15:05:23 +02:00
Andreas Rammhold
024a383d64
nixos/systemd: migrate systemd-timesync state when required
Somewhen between systemd v239 and v242 upstream decided to no longer run
a few system services with `DyanmicUser=1` but failed to provide a
migration path for all the state those services left behind.

For the case of systemd-timesync the state has to be moved from
/var/lib/private/systemd/timesync to /var/lib/systemd/timesync if
/var/lib/systemd/timesync is currently a symlink.

We only do this if the stateVersion is still below 19.09 to avoid
starting to have an ever growing activation script for (then) ancient
systemd migrations that are no longer required.

See https://github.com/systemd/systemd/issues/12131 for details about
the missing migration path and related discussion.
2019-06-03 15:05:19 +02:00
Andreas Rammhold
1b7b1dbe2f
nixos/networkd: rename GatewayOnlink to GatewayOnLink
This follows upstreams renaming of the option [1].

[1] 9cb8c55934
2019-06-03 15:05:17 +02:00
Andreas Rammhold
d600da7045
nixos/networkd: use the route section for default routes
With systemd v242 using the `Gateway` attribute of the `[Network]`
section will lead to "onlink" routes on all the device that are matched
by the default configuration (typically all devices) causing multiple
default routes (even on localhost).

We can only avoid that - while keeping our default route option - when
we mark the route as explicitly not on link. Only gateways that are
within a subnet of one of the assigned interface addresses will be
installed into the routing table.
2019-06-03 15:05:16 +02:00
Andreas Rammhold
a32cd7d84a
nixos/networkd: use no instead of none for DHCP= option
systemd has deprecated the use of `none` and recommends using `no`
instead.
2019-06-03 15:05:15 +02:00
Andreas Rammhold
1f03f6fc43
nixos/udev: switch networking.usePredicatableInterfaceNames to a kernel param
The udev rules we are shipping no longer work with systemd v242 and were
remove upstream some time ago. It seems like the entire renaming is now
done in C and not in the udev rules.
2019-06-03 15:05:12 +02:00
Jörg Thalheim
2a0f85d882
nixos/os-release: add documentation url 2019-06-03 15:05:10 +02:00
Jörg Thalheim
e8e1dc71c5
Merge pull request #62529 from danieldk/remove-btsync-module
nixos/btsync: remove
2019-06-03 13:21:58 +01:00
Alexei Robyn
fd9dec7177 nixos/grub: Add defaultText for font option
Fixes #62602.
2019-06-03 22:19:44 +10:00
Nikolay Amiantov
fa2e4bfb61 nixos/systemd-boot: don't remove directories from EFI dir
This will only result in an error. These directories might be created by, for example, fwupdmgr.
2019-06-03 11:55:48 +03:00
Daniël de Kok
c619bbbbef nixos/btsync: remove
Remove the btsync module. Bittorrent Sync was renamed to Resilio Sync in
2016, which is supported by the resilio module. Since Resilio Sync had
some security updates since 2016, it is not safe to run Bittorrent Sync
anymore.
2019-06-03 09:16:13 +02:00
worldofpeace
c6748ef63f
Merge pull request #61746 from abbradar/gnome-pa
nixos/gdm: use Fedora's PulseAudio configuration
2019-06-02 18:16:04 -04:00
Nikolay Amiantov
00972dc89c nixos/gdm: use Fedora's PulseAudio configuration
This is needed to avoid GDM PulseAudio instance acting as a network
source/sink or grabing the A2DP bluetooth sink making A2DP unusable
for any other user. In the future having this fixed in PulseAudio
would be preferred [0]. Current possible upstream fix could be [1].

[0]: https://github.com/NixOS/nixpkgs/pull/61746#issuecomment-493956980
[1]: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/merge_requests/10
2019-06-02 18:01:53 -04:00
Izorkin
5612650767 nixos/nginx: add ipv6 options to resolver 2019-06-02 19:29:30 +00:00
Edmund Wu
3207f7e1ce
compton: try not to conflict wintypes 2019-06-02 14:16:31 -04:00
Florian Klink
640afe964e
Barco clickshare (#59891)
Barco clickshare
2019-06-02 12:41:21 +02:00
Matthew Bauer
f21b846afe
Merge pull request #57752 from aanderse/limesurvey
limesurvey: 2.05_plus_141210 -> 3.17.1+190408, init module
2019-06-01 17:31:15 -04:00
Matthew Bauer
002cce23f7
Merge pull request #62050 from aanderse/hydron
nixos/hydron: replace deprecated usage of PermissionsStartOnly
2019-06-01 17:29:24 -04:00
Gabriel Ebner
a40660a6da
octoprint: 1.3.10 -> 1.3.11 (#62321)
octoprint: 1.3.10 -> 1.3.11
2019-06-01 11:27:56 +02:00
Matthew Bauer
f2a8948078 treewide: use buildPackages for config builders
Partially reapplies 35af6e3605

buildPackages need to be used only for image builders.
Otherwise, the bootloader builder may be setup using the wrong arch,
rendering it unusable
2019-05-31 23:27:49 +02:00
Christian Kampka
0d570e020e Revert "treewide: use buildPackages for config builders"
This reverts commit 35af6e3605.
2019-05-31 23:27:49 +02:00
Christian Kampka
fd15f37b37 Revert "extlinux-conf: fix cross compilation"
This reverts commit f17dd04f12.
2019-05-31 23:27:49 +02:00
Florian Klink
b3dd39ca0e
Merge pull request #62325 from grahamc/wireguard-master
wireguard: 0.0.20190406 -> 0.0.20190531 and Change peers without tearing down the interface, handle DNS failures better
2019-05-31 23:17:18 +02:00
Florian Klink
5ea7a3eb21 nixos/mysql: drop services.mysql.pidDir
mysql already has its socket path hardcoded to to
/run/mysqld/mysqld.sock.
There's not much value in making the pidDir configurable, which also
points to /run/mysqld by default.

We only seem to use `services.mysql.pidDir` in the wordpress startup
script, to wait for mysql to boot up, but we can also simply wait on the
(hardcoded) socket location too.

A much nicer way to accomplish that would be to properly describe a
dependency on mysqld.service. This however is not easily doable, due to
how the apache-httpd module was designed.
2019-05-31 22:27:55 +02:00
Florian Klink
edd10c12f7 nixos/mysql: run as mysql user and group
As we don't need to setup data directories from ExecStartPre= scripts
anymore, which required root, but use systemd.tmpfiles.rules instead,
everything can be run as just the mysql user.
2019-05-31 22:27:55 +02:00
Florian Klink
25494cc193 nixos/mysql: reformat, move logical steps into variables
define commands like "waiting for the mysql socket to appear" or "setup
initial databases" in a let expression, so the main control flow becomes
more readable.
2019-05-31 22:27:48 +02:00
Florian Klink
50dda813e2 nixos/mysql: use systemd.tmpfiles to setup dataDir and pidDir
We need to keep using `RuntimeDirectory=mysqld`, which translates to
`/run/mysqld`, as this is used for the location of the file socket, that
could differ with what is configured via `cfg.pidDir`.
2019-05-31 22:20:42 +02:00
Andreas Rammhold
d9238d723b
Merge pull request #62136 from flokli/tmux-tmpdir
tmux module: Fix escaping in TMUX_TMPDIR
2019-05-31 21:42:47 +02:00
Graham Christensen
1de35c7f5e
wireguard: attempt infinity times to resolve a peer 2019-05-31 14:51:31 -04:00
Graham Christensen
dc44fc1760
wireguard: add each peer in a separate service
Before, changing any peers caused the entire WireGuard interface to
be torn down and rebuilt. By configuring each peer in a separate
service we're able to only restart the affected peers.

Adding each peer individually also means individual peer
configurations can fail, but the overall interface and all other peers
will still be added.

A WireGuard peer's internal identifier is its public key. This means
it is the only reliable identifier to use for the systemd service.
2019-05-31 14:51:25 -04:00
WilliButz
ba17b32b43
nixos/prometheus-fritzbox-exporter: update binary name 2019-05-31 18:50:27 +02:00
adisbladis
b19e8388c9
nixos/pulseaudio: Set speex-float-5 as default resample-method
The upstream default (speex-float-1) results in audible artifacts
2019-05-31 16:05:39 +01:00
Klemens Nanni
7f104aa6e2 tmux module: Fix escaping in TMUX_TMPDIR
5404595b55 relocated code but kept
one backslah too many, leading to

	$ tmux
	error creating /run/user/$(id -u)/tmux-1000 (No such file or directory)

/run/user/$UID/ is created by pam_systemd(3) which also populates
XD_RUNTIME_DIR with that value.

Alternatively, TMUX_TMPDIR might simply default to XDG_RUNTIME_DIR
without providing the same directory yet again as default string in
parameter substitution, however such behaviour change is subject to
another patch.

In fact, with `security.polkit.enable = false` systemd_logind(8) fails
to start and /run/user/$UID/ is never created for unprivileged users
in proper login sessions;  XDG_RUNTIME_DIR would consequently not be
set either.

Removing the fallback to /run/user/$UID/ would have caused TMUX_TMPDIR
to be empty, which in turn would lead tmux(1) to use /tmp/.  This
effectively breaks the idea of isolated sockets entirely while hiding
errors from the user.
2019-05-31 15:09:59 +02:00
Will Dietz
a72d6f9349
Merge pull request #60954 from dtzWill/fix/network-online-actually-online-with-networkmanager
networkmanager: network-online --wants--> NetworkManager-wait-online
2019-05-30 23:05:57 -05:00
Janne Heß
672495d596 nixos/bird: Fix reload
When calling reload, bird attempts to reload the file that was given in
the command line. As the change of ${configFile} is never picked up,
bird will just reload the old file.
This way, the configuration is placed at a known location and updated.
2019-05-31 01:21:18 +02:00
Matthew Bauer
a472b1449d
Merge pull request #61104 from adisbladis/plasma5-no-qt56
nixos/plasma5: Remove phonon-backend-gstreamer pinned to Qt 5.6
2019-05-30 16:17:28 -04:00
Matthew Bauer
b64b2b57f0
Merge pull request #61423 from volth/de-xrdp
nixos/desktop-managers: let them work when 'services.xserver.enable = false'
2019-05-30 15:46:09 -04:00
Yarny0
b38bdf6d2f nixos/clickshare: init module
The clickshare-csc1 package brings a udev rule file
to grant access to the ClickShare dongle if connected.
This module provides an option to install that rule file.
Only users in the "clickshare" users group have access.
2019-05-30 19:58:45 +02:00
Gabriel Ebner
18f564b882 octoprint: 1.3.10 -> 1.3.11 2019-05-30 18:10:29 +02:00
Matthew Bauer
38fdc9f8f8
Merge pull request #59076 from Yarny0/cups-path-fix
nixos/printing: fix CUPS `SetEnv` directive placement
2019-05-30 10:52:28 -04:00
Nikolay Amiantov
f23c110692 murmur service: log to journald by default
Save an option to log to file with new `logFile` option.

As a side effect deprecate `pidfile` option and instead use systemd's
RuntimeDirectory.
2019-05-30 15:43:32 +03:00
gnidorah
ea82b7f98d nixos/jack: init 2019-05-30 07:25:30 +03:00
Pierre Bourdon
9e60eab8f5
nixos/malloc: apply allocator settings to systemd units
This uses systemd's system.conf/user.conf "DefaultEnvironment" feature
to set the allocator's LD_PRELOAD near-globally.
2019-05-30 12:07:34 +09:00
Matthew Bauer
0a2b9719fd
Merge pull request #62157 from Lassulus/syncthing-fix
nixos/syncthing: run init only if a devices or folders are set
2019-05-29 21:02:18 -04:00
Pierre Bourdon
1cc8ea7cb4
nixos/malloc: add scudo from LLVM compiler-rt 2019-05-30 02:35:50 +09:00
lassulus
87e9e65b6f nixos/syncthing: run init only if devices or folders are set 2019-05-29 13:57:39 +02:00
Aaron Andersen
5cf98d29e7 nixos/limesurvey: init module to replace apache subservice 2019-05-28 23:02:34 -04:00
lassulus
ddfb687d5e nixos/syncthing: better examples for declarative options 2019-05-29 07:12:14 +09:00
Daniel Schaefer
eccb90a2d9 compton: 0.1_beta2.5 -> 6.2 (#61681)
* compton-git: 5.1-rc2 -> 6.2

vsync is now a boolean option, see:
https://github.com/yshui/compton/pull/130

menu-opacity is deprecated and there's a warning that says:
Please use the wintype option `opacity` of `popup_menu` and
`dropdown_menu` instead.

* nixos/compton: Keep vSync option backwards compatible

The new upstream option tries to make the best choice for the user.
Therefore the behaviour should stay the same with this backwards
compatibility patch.

* compton-git: Remove DRM option

It's deprecated and shouldn't be used.
https://github.com/yshui/compton/pull/130/files#r285505456

* compton-git: Remove new_backends option

Was removed in "Let old/new backends co-exist"
b0c5db9f5aa500dc3568cc6fe68493df98794d4d

* compton: 0.1_beta2.5 -> 6.2

Drop the legacy, unmaintained version and use the fork for real.
2019-05-28 13:37:13 +02:00
José Romildo Malaquias
00d6232b47
Merge pull request #62035 from romildo/upd.lumina
lumina.lumina: 1.4.0-p1 -> 1.5.0
2019-05-27 17:41:58 -03:00
Silvan Mosberger
e383ed6a2d
nixos/xdg/mime: disable fdatasync when building the XDG MIME database (#62076)
nixos/xdg/mime: disable fdatasync when building the XDG MIME database
2019-05-27 18:18:54 +02:00
Ding Xiang Fei
359fd5b729 nixos/modules/virtualisation/google-compute-config.nix: pin filesystem type to ext4 for now
Fix #61859.
Assertion fails when a Google Compute Engine image is built, because
now choices of filesystem types are restricted to `f2fs` and `ext` family if
auto-resizing is enabled.
This change will pin the filesystem used on such an image to be `ext4` for now.
2019-05-27 14:15:02 +08:00
gnidorah
eac62f61d1 nixos/kvmgt: fix starting condition 2019-05-26 22:02:43 +03:00
Michael Peyton Jones
9131bf59a7
nixos: add StateDirectory for fprintd 2019-05-26 18:06:46 +01:00
Bryan Gardiner
2400191caf
nixos/xdg/mime: disable fdatasync when building the XDG MIME database
Back in 2013, update-mime-database started using fdatasync() to write out
its changes after processing each file in /share/mime, with the reasoning
that a corrupted database from an interruption midway would be
problematic for applications[1].  Unfortunately, this caused a
significant regression in the time required to run update-mime-database:
commonly from under a second to half a minute or more.

This delay affects the time required to build system-path on NixOS, when
xdg.mime.enable is true (the default).  For example, on one of my systems
system-path builds in ~48 seconds, 45 of which are update-mime-database.
This makes rapidly building new system configurations not fun.

This commit disables the calls to fdatasync().  update-mime-database
checks an environment variable, PKGSYSTEM_ENABLE_FSYNC, to determine
whether it should sync, and we can set this to false.  system-path
already only has whatever filesystem commit guarantees that the Nix
builder provides.  Furthermore, there is no risk of a failed MIME
database update messing up existing packages, because this is Nix.

(This issue was also reported at and discussed by Debian, Red Hat, and
Gentoo at least.)

[1] https://bugs.freedesktop.org/show_bug.cgi?id=70366
2019-05-25 21:00:25 -07:00
Silvan Mosberger
0040ca936e
Merge pull request #56175 from MostAwesomeDude/tahoe-service
Fix tahoe service
2019-05-25 21:53:23 +02:00
Markus Schneider
c30bd387d2 leftwm: enable service 2019-05-26 01:27:04 +09:00
Maximilian Bosch
5fa93517f5
Merge pull request #61971 from sjau/wg_client_start
wireguard: restart on failure\nAs a oneshot service, if the startup f…
2019-05-25 16:36:56 +02:00
sjau
1bff53cb84
wireguard: restart on failure
As a oneshot service, if the startup failed it would never be attempted again.
This is problematic when peer's addresses require DNS. DNS may not be reliably available at
the time wireguard starts. Converting this to a simple service with Restart
and RestartAfter directives allows the service to be reattempted, but at
the cost of losing the oneshot semantics.

Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
2019-05-25 16:32:14 +02:00
Florian Klink
e4de353830
wireguard service: allow empty interfaces (#61743)
wireguard service: allow empty interfaces
2019-05-25 16:30:27 +02:00
Aaron Andersen
d27be52b3d nixos/hydron: replace deprecated usage of PermissionsStartOnly
see #53852
2019-05-25 08:38:15 -04:00
phile314-fh
62d4c2b34a mongodb: Add authentication support
* nixos/mongodb: Add authentication support

* nixos/mongodb: Add initial script option

* nixos/mongodb: Make initial root password configurable

* nixos/mongodb: Start only on loopback interface for setup procedure

* nixos/mongodb: Test auth/initial script

* nixos/mongodb: Code formatting

Co-Authored-By: Lassulus <github@lassul.us>
2019-05-25 18:09:30 +09:00
Nikolay Amiantov
cfadd988e5 wireguard service: allow empty interfaces
This is needed in case one wants to use wg-quick on NixOS.
2019-05-25 11:17:36 +03:00
Milan Pässler
387d85b271 nixos/prosody: add authentication option (fixes #53134)
Passwords should not be stored in plain text by default. On existing
installations the next time a users user accounts will automatically
be upgraded from plain to hashed one-by-one as they log in.
2019-05-24 23:51:44 +02:00
José Romildo Malaquias
272fa9d41c lumina: init package set for the lumina desktop 2019-05-24 17:20:15 -03:00
Franz Pletz
5fa8cd257a
Merge pull request #51206 from krebs/xmonad-config
xmonad service: add .config option
2019-05-24 18:37:55 +00:00
Franz Pletz
eb7c11d552
Merge pull request #58718 from Ma27/validate-ssh-configs
nixos/sshd: validate ssh configs during build
2019-05-24 18:30:04 +00:00
Maximilian Bosch
00a5222499
nixos/sshd: validate ssh configs during build
With `sshd -t` config validation for SSH is possible. Until now, the
config generated by Nix was applied without any validation (which is
especially a problem for advanced config like `Match` blocks).

When deploying broken ssh config with nixops to a remote machine it gets
even harder to fix the problem due to the broken ssh that makes reverts
with nixops impossible.

This change performs the validation in a Nix build environment by
creating a store path with the config and generating a mocked host key
which seems to be needed for the validation. With a broken config, the
deployment already fails during the build of the derivation.

The original attempt was done in #56345 by adding a submodule for Match
groups to make it harder screwing that up, however that made the module
far more complex and config should be described in an easier way as
described in NixOS/rfcs#42.
2019-05-24 20:16:53 +02:00
Silvan Mosberger
f631167557
Merge pull request #58702 from florianjacob/fix-mysql
nixos/mysql: fix typing-induced bugs
2019-05-24 19:51:54 +02:00
markuskowa
3a28c99923
Merge pull request #61894 from mkenigs/fix-typo
docker: fix typo
2019-05-23 10:03:01 +02:00
Carl Dong
f15118a883 nixos/bitcoind: add bitcoind service 2019-05-22 15:48:57 -04:00
Malte Brandy
ab5926ba67 nixos/nextcloud: Improve autoUpdateApps description string 2019-05-22 19:07:42 +02:00
mkenigs
42232ebea4
docker: fix typo 2019-05-22 08:40:01 -07:00
Ingolf Wanger
e4f1e144a0 syncthing: made module more NixOps friendly 2019-05-22 22:39:34 +09:00
Yegor Timoshenko
6a63021eba
Merge pull request #60207 from volth/patch-329
nixos-generate-config: do not build btrfs-tools when btrfs is not used
2019-05-22 15:32:00 +03:00
Matthew Bauer
6d036d5b26
Merge pull request #61037 from bkchr/facetimehd_aarch64_fix
nixos/all-firmware: Enable facetimehd only for i686/x86_64
2019-05-21 16:14:15 -05:00
Malte Brandy
49f05a1760
nixos/nextcloud: Add options services.nextcloud.autoUpdateApps
nixos/nextcloud: Add documentation for nextcloud app installation and updates

nixos/nextcloud: Enable autoUpdateApps in nextcloud test

nixos/nextcloud: Fix typo in nixos/modules/services/web-apps/nextcloud.xml

Co-Authored-By: Florian Klink <flokli@flokli.de>

nixos/nextcloud: Escape html in option description

nixos/nextcloud: Fix autoUpdateApps URL in documentation.

Co-Authored-By: Florian Klink <flokli@flokli.de>
2019-05-21 13:24:23 +02:00
Matthew Bauer
022d8ab861
Merge pull request #61036 from cdepillabout/nixos-memtest-loader
nixos/systemd-boot: add support for memtest86 EFI app
2019-05-20 21:42:40 -05:00
(cdep)illabout
d88d675051
Change non-open-source to unfree in description. 2019-05-21 11:34:11 +09:00
worldofpeace
6543e794a6
Merge pull request #61546 from cizra/libfprint-vfs0090
libfprint: added a fork for Lenovo ThinkPad
2019-05-20 14:16:34 -04:00
Elmo Todurov
432944cdb3 fprintd: added option to use fork for Lenovo ThinkPad 2019-05-20 20:48:30 +03:00
William Casarin
9a81e9cd9e xinetd: exec xinetd on launch
I noticed xinetd process doesn't get exec'd on launch, exec here so the bash
process doesn't stick around.

Signed-off-by: William Casarin <jb55@jb55.com>
2019-05-20 10:37:35 +01:00
Florian Klink
cd96b50d90
nixos/postgresql: add ensureDatabases & ensureUsers options (#56720)
nixos/postgresql: add ensureDatabases & ensureUsers options
2019-05-20 10:58:48 +02:00
lassulus
a3e7e1bbc8 nixos/syncthing: add options for declarative device/folder config 2019-05-20 17:56:17 +09:00
worldofpeace
82135b6c81 nixos/geoclue2: don't run as root 2019-05-19 18:53:18 -04:00
Aaron Andersen
b5a0c38e55
Merge pull request #59401 from mguentner/mxisd_1_3
mxisd: 1.2.0 -> 1.4.3
2019-05-19 07:00:47 -04:00
Neil Mayhew
f14cf438b4 nixos/modules: Ensure the colord user is a system user
Ideally, it should have an assigned uid and gid
2019-05-18 16:48:34 -06:00
Robin Gloster
6e546e0326
Merge pull request #60087 from dasJ/icingaweb-etc
nixos/icingaweb2: Fix environment.etc assignment
2019-05-18 10:03:40 +00:00
Robin Gloster
a1dcac5104
Merge pull request #57523 from mayflower/kube-apiserver-preferred-address-types
nixos/kubernetes: Add preferredAddressTypes option to apiserver
2019-05-18 09:57:12 +00:00
Robin Gloster
6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
Robin Gloster
dac48ea4a1
Merge pull request #61025 from azazel75/upgrade-coredns
nixos/kubernetes: upgrade CoreDNS 1.3.1 -> 1.5.0
2019-05-18 09:19:04 +00:00
Silvan Mosberger
85c0a4dc33
Merge pull request #61512 from c0bw3b/pkg/winstone
winstone: drop package and service
2019-05-17 17:36:38 +02:00
Renaud
c5fd2a457e
Merge pull request #60670 from nyanloutre/factorio_sandbox
nixos/factorio: sandbox service using systemd
2019-05-17 13:40:02 +02:00
nyanloutre
85b3448e6a nixos/factorio: sandbox service using systemd
- DynamicUser enabled instead of static uid/gid
- Enables most sandboxing options systemd offers
2019-05-17 10:25:49 +02:00
Vladimír Čunát
fc67de1802
Merge branch 'staging-next'
A few thousand Darwin jobs are still pending, but there we're depending
on this merge to fix the channel-blocking lz4 failure.
https://hydra.nixos.org/eval/1519778?compare=1519770
2019-05-17 09:43:32 +02:00
LeOtaku
efcdac63fe nixos/pantheon: add geoclue application configuration
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
LeOtaku
00d8fc1cde nixos/gnome3: add geoclue application configuration
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
LeOtaku
2d93f57db5 nixos/geoclue2: make configurable, can whitelist applications
All options within geoclue.conf[0] have been made configurable.

Additonally, we can now specify whether or not GeoClue
should ask the agent to authorize an application like so:
```
services.geoclue2.appConfig."redshift" = {
  isAllowed = true;
  isSystem = true;
};
```

[0]: https://gitlab.freedesktop.org/geoclue/geoclue/blob/2.5.2/data/geoclue.conf.in

Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
Austin Seipp
e2bbc6fb46
nixos: fix services.foundationdb.traceFormat for older server versions
This was a testing oversight that came from #61009 -- I forgot to test
the new traceFormat option with older server versions while I was
working on FDB 6.1.

Since trace_format is only available in 6.1+, emitting it
unconditionally caused older versions of the database fail to start,
reporting an error. We simply gate it behind a version check instead,
and assert the format is always XML on older versions. This avoids the
case where the user has an old version, changes traceFormat willingly,
and then is confused by why it didn't work.

As reported by @TimothyKlim in the comments on commit
c55b9236f0. See

    c55b9236f0 (r33566132)

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-16 15:16:50 -05:00
Maximilian Güntner
1a84bfc0a2
mxisd: 1.2.0 -> 1.4.3 2019-05-16 21:14:13 +02:00
Frederik Rietdijk
d4464ff8fe Merge master into staging-next 2019-05-16 08:17:55 +02:00
c0bw3b
582fd549fb winstone: drop package and service
Close #56294
Upstream package is unmaintained for years
and nixpkgs provides alternatives
2019-05-15 20:30:48 +02:00
Austin Seipp
2525b88c80
nixos/foundationdb: default to ssd storage engine
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp
427f1e58a4
nixos/foundationdb: chmod 0770 for logs/data files
Slight oversight: this allows members of the FoundationDB group to read
logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp
c55b9236f0
nixos: add services.foundationdb.traceFormat option
This allows us to specify JSON trace logging, which is useful for
tooling to injest/transform logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Linus Heckemann
89b64ab5e1 nixos-generate-config: add rudimentary high-DPI detection
Fixes the main remaining part of #12345
2019-05-15 06:34:40 +02:00
Linus Heckemann
2b13c29c3c
Merge pull request #60231 from mayflower/tinc-allow-networking-interfaces
nixos/tinc: remove ordering dependency on network.target
2019-05-14 17:51:20 +02:00
Frederik Rietdijk
8abe5ee07e Merge master into staging-next 2019-05-14 10:23:13 +02:00
volth
b51aae10e0
nixos/desktop-managers: let them work when services.xserver.enable=false 2019-05-13 16:57:09 +00:00
worldofpeace
b5f26f3803
Merge pull request #59480 from worldofpeace/fprintd-systemd
nixos/fprintd: use systemd.packages
2019-05-13 03:30:24 -04:00
Eelco Dolstra
de9e238469
FIx some malformed XML in option descriptions
E.g. these were using "<para>" at the *end* of a description. The real
WTF is that this is possible at all...
2019-05-13 09:15:17 +02:00