Jörg Thalheim
b96a4dcc60
uwsgi: make instance configuration deeply mergeable
...
allows to specify independent uwsgi instances in two modules.
2020-05-15 08:53:31 +01:00
Anderson Torres
0687add56e
Merge pull request #87716 from AndersonTorres/weird-window-mangers-upload
...
Small window managers:
- berry: init at 0.1.5
- smallwm: init at 2020-02-28
- yeahwm: init at 0.3.5
- lwm: init at 1.2.4
2020-05-14 22:22:07 -03:00
Eelco Dolstra
b7ddd316f1
postgresql: Use runuser instead of sudo
...
Currently, sudo doesn't work in a NixOS container running inside a Nix
build, because Nix's seccomp filter doesn't allow setuid programs. In
any case, runuser is a bit lower-overhead than sudo.
2020-05-15 00:25:27 +02:00
Dmitry Kalinkin
9943fd1a1d
Merge pull request #76653 from alexarice/agda-rework
...
Agda rework
2020-05-14 18:02:50 -04:00
Manuel Bärenz
b78a5a0e79
agda: Added test
2020-05-14 20:54:12 +01:00
Florian Klink
3c911d48cc
Merge pull request #87820 from nhey/port-kubernetes-test
...
nixosTests.kubernetes: port tests to python
2020-05-14 20:02:31 +02:00
Florian Klink
6f4f37d655
nixos/manual: fix build
...
This broke in https://github.com/NixOS/nixpkgs/pull/86376
Also, fix some stray trailing whitespaces
2020-05-14 18:18:34 +02:00
Ethan Glasser-Camp
b59b7414c3
nixos/manual: document use of systemd to mount filesystems ( #87684 )
...
* nixos/manual: document use of systemd to mount filesystems
2020-05-14 18:00:01 +02:00
Izorkin
da08b22e1a
nixos/mysql-replication: ignore system databases in binary log
2020-05-14 17:29:40 +03:00
Izorkin
f52700fc14
nixos/tests/mysql-replication: fix test script
...
MariaDB 10.4 introduces a number of changes to the authentication
process, intended to make things easier and more intuitive.
2020-05-14 17:29:40 +03:00
Izorkin
90f30032f3
nixos/tests/mariadb-galera-rsync: fix test script
...
MariaDB 10.4 introduces a number of changes to the authentication
process, intended to make things easier and more intuitive.
2020-05-14 17:29:40 +03:00
Izorkin
963259d4ed
nixos/tests/mariadb-galera-mariabackup: fix test script
...
MariaDB 10.4 introduces a number of changes to the authentication
process, intended to make things easier and more intuitive.
2020-05-14 17:29:40 +03:00
Izorkin
a4c7e0f502
nixos/mysql: add release notes
2020-05-14 17:29:40 +03:00
Izorkin
b8c8e810aa
nixos/mysql: disable load pluginx auth_socket in mariadb
2020-05-14 17:29:40 +03:00
Izorkin
a40a811b17
mariadb-galera: 25.3.27 -> 26.4.3
2020-05-14 17:29:40 +03:00
Nikolaj Hey Hinnerskov
496bd1c706
nixosTests.kubernetes: port tests to python
2020-05-14 15:14:02 +02:00
Florian Klink
4a85559ffc
Merge pull request #87016 from flokli/nsswitch-cleanup
...
nixos/nsswitch cleanup nss modules
2020-05-14 14:55:43 +02:00
Eelco Dolstra
0ffc85d64b
Remove unused files
2020-05-14 14:34:50 +02:00
Jörg Thalheim
1694c0b3f7
Merge pull request #86376 from c00w/vendor_mod
2020-05-14 08:25:01 +01:00
Linus Heckemann
85a0587884
Merge pull request #87219 from serokell/kirelagin/postgres-no-time
...
postgres: Do not log timestamp
2020-05-14 08:34:44 +02:00
Colin L Rice
c5f18c44b1
go-modules: Doc updates
2020-05-14 07:21:52 +01:00
Jeff Slight
fe07adef7f
nixos/logrotate: add newline before extraConfig
...
Co-authored-by: Ryan Mulligan <ryan@ryantm.com>
2020-05-13 20:52:26 -07:00
AndersonTorres
1c2c0b2eb8
lwm: init at 1.2.4
...
lwm is a lightweight window manager
2020-05-13 21:32:54 -03:00
AndersonTorres
43ce2a5219
berry: init at 0.1.5
...
berry is a small window manager for X11
2020-05-13 21:32:54 -03:00
AndersonTorres
6aeaa1019c
yeahwm: init at 0.3.5
...
yeahwm is a small window manager for X11, inspired by evilwm
2020-05-13 21:32:54 -03:00
AndersonTorres
58a93ee62d
smallwm: init at 2020-02-28
2020-05-13 21:32:54 -03:00
Jeff Slight
90ce7f508a
nixos/logrotate: add options for basic paths
2020-05-13 13:44:58 -07:00
Kirill Elagin
084bd32bad
postgresql: Fix formatting in option description
...
Co-authored-by: Mario Rodas <marsam@users.noreply.github.com>
2020-05-13 23:33:08 +03:00
Jeff Slight
c94911c5b7
nixos/logrotate: use lib.mkEnableOption
2020-05-13 11:58:51 -07:00
Jaka Hudoklin
9a29fe5808
Merge pull request #87576 from xtruder/pkgs/libvirtd/polkit
...
libvirtd: polkit integration, security fixes
2020-05-13 21:00:51 +07:00
Jaka Hudoklin
056ab3d278
nixos/libvirtd: use polkit for auth
2020-05-13 21:00:04 +07:00
Jörg Thalheim
6c437ef1bb
Merge pull request #85567 from Izorkin/nginx-sandbox
2020-05-13 10:34:02 +01:00
Dietrich Daroch
735c9a70d7
Services,IPFS,Fix: Require the ipfs-migrator package for handling upgrades.
...
Without it, the services get stuck on startup when the IPFS repo needs upgrades.
2020-05-13 00:15:50 -07:00
Linus Heckemann
db010c5537
Merge pull request #85687 from mayflower/privacyidea
...
Init privacyIDEA packages and modules
2020-05-13 09:08:57 +02:00
Timmy Xiao
fd13ca9f84
pam: fix spelling mistake in configuration
2020-05-12 15:56:37 -04:00
Izorkin
94391fce1d
nixos/nginx: add option enableSandbox
2020-05-12 20:03:29 +03:00
Izorkin
aa12fb8adb
nginxModules: add option allowMemoryWriteExecute
...
The allowMemoryWriteExecute option is required to checking enabled nginxModules
and disable the nginx sandbox mode MemoryDenyWriteExecute.
2020-05-12 20:03:29 +03:00
Izorkin
c7106610f1
nixos/tests: add nginx-sandbox test
2020-05-12 20:03:29 +03:00
Izorkin
af6d0095f7
nixos/tests: fix nginx-pubhtml test
2020-05-12 20:03:29 +03:00
Izorkin
97a0928ccb
nixos/nginx: add release notes
2020-05-12 20:03:28 +03:00
Izorkin
628354c686
nixos/nginx: enable sandboxing
2020-05-12 20:03:27 +03:00
ajs124
e001f5760e
nixosTests.sogo: init test
2020-05-12 18:49:43 +02:00
ajs124
511b578c93
nixos/sogo: init module
2020-05-12 18:49:43 +02:00
adisbladis
30236aceaf
Merge pull request #87581 from cole-h/doas
...
nixos/doas: default rule should be first
2020-05-12 18:38:51 +02:00
Jacek Galowicz
11f49fb94d
Merge pull request #79966 from chkno/bcache
...
nixos/bcache: Installer test for / on bcache
2020-05-12 18:21:44 +02:00
Silvan Mosberger
6440000547
Merge pull request #87599 from helsinki-systems/znapzend-oracle-mode
2020-05-12 15:39:25 +02:00
Silvan Mosberger
fea63944fd
Merge pull request #87280 from helsinki-systems/znapzend-mbuffer-path
2020-05-12 15:37:38 +02:00
betaboon
fd41795f58
nixos/pixiecore: fix escaping of cmdline
2020-05-12 15:14:49 +02:00
Florian Klink
d6f90e4f9e
Merge pull request #73530 from eadwu/nvidia/systemd-pm
...
nixos/nvidia: include systemd power management
2020-05-12 13:54:45 +02:00
Linus Heckemann
90c0191735
Merge pull request #85428 from serokell/kirelagin/unit-script-name
...
systemd: Simplify unit script names
2020-05-12 09:35:26 +02:00
Jacek Galowicz
efe0051a9d
Merge pull request #87632 from chkno/installer-test-machine-name-fix
...
nixos/tests/installer: Fix machine name
2020-05-12 09:32:44 +02:00
Anderson Torres
bae0829384
Merge pull request #87288 from AndersonTorres/tinywm-upload
...
tinywm: init at 2014-04-22
2020-05-11 21:31:41 -03:00
Chuck
f9091581e8
nixos/tests/installer: Fix machine name
2020-05-11 15:41:18 -07:00
Matthew Bauer
43545032af
Merge pull request #87314 from matthewbauer/bazel-flat
...
build-bazel-package: switch hash mode to “flat”
2020-05-11 15:27:48 -05:00
Matthew Bauer
fe48f63c3c
build-bazel-package: Add hash change to changelog
2020-05-11 13:19:52 -05:00
Florian Klink
23ba506113
nixos/nsswitch: improve error message
...
Show the config option triggering the assertion, so people don't
necessary lookup the nixpkgs source code.
2020-05-11 16:14:51 +02:00
Florian Klink
90bc3ec9b9
nixos/sssd remove redundant condition
...
This is all inside a global cfg.enable conditional, so we don't need to
check here again.
2020-05-11 16:14:51 +02:00
Florian Klink
4a69bf2a1e
nixos/systemd: enable systemd-provided nss modules unconditionally
...
A disabled nscd breaks nss module loading on NixOS, and systemd without
its nss modules doesn't really work either - instead of silently
disabling its nss modules if nscd is disabled, let the assertion in
nsswitch handle this.
2020-05-11 16:14:51 +02:00
Florian Klink
1df38e2a1d
nixos/nsswitch: update comment next to assertion
2020-05-11 16:14:51 +02:00
Florian Klink
0f6f544aaf
nixos/sssd: drop assertion
...
This is now already triggered by the nsswitch module, as we set
system.nssModules.
2020-05-11 16:14:51 +02:00
Florian Klink
1fb6c37597
nixos/samba: move nss database configuration into samba module
2020-05-11 16:14:50 +02:00
Florian Klink
fd21793de6
nixos/avahi: move nss database configuration into avahi module
2020-05-11 16:14:50 +02:00
Florian Klink
4f9c8ef791
nixos/ldap: move nss database configuration into ldap module
...
now that passwdArray and shadowArray aren't used anymore, these can be
folded.
2020-05-11 16:14:50 +02:00
Florian Klink
36b6e26d40
nixos/systemd: add to system.nssDatabases.group too
...
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the systemd module in
c0995d22ee
, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Florian Klink
2297508783
nixos/google-oslogin: add to system.nssDatabases.group too
...
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the google-oslogin module in
4b71b6f8fa
, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Florian Klink
ecf327d697
nixos/sssd: add to system.nssDatabases.group too
...
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the sss module in
edddc7c82a
, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Michel Weitbrecht
90533bfde2
nixos/znapzend: Add oracleMode feature; add maintainer
...
The feature destroys snapshots one-by-one instead of all at once.
If many snapshots accumulated, destroying them all at once can fail
because the argument list is too long. See
https://github.com/oetiker/znapzend/blob/master/lib/ZnapZend/ZFS.pm#L284
2020-05-11 14:35:30 +02:00
Michel Weitbrecht
c46b26b9ad
nixos/znapzend: Use generic mbuffer path
...
The configured mbuffer path will be called on both the source and target
system. If you use pkgs.mbuffer from the source host and the target host
does not have this exact derivation, you will get a broken pipe when
sending snapshots. This is the case when transferring to a non-NixOS
system or to a host with a different mbuffer version.
2020-05-11 14:26:39 +02:00
Florian Klink
b12c08ca88
Merge pull request #87414 from chkno/specify-shell-when-sudoing-to-user-with-unknown-shell
...
nixos/test-driver: Specify /bin/sh shell when running a bourne shell script as the user
2020-05-11 13:32:46 +02:00
Michele Guerini Rocco
da19aa1319
Merge pull request #87593 from vojta001/monero
...
monero: fix rcp.restricted option
2020-05-11 12:39:16 +02:00
Jörg Thalheim
11c18faa4e
Merge pull request #85862 from Izorkin/nginx-paths
2020-05-11 11:17:04 +01:00
Vojtěch Káně
e7ab236cab
monero: fix rcp.restricted option
...
According to https://monerodocs.org/interacting/monerod-reference/#node-rpc-api
the correct option is restricted-rpc, not restrict-rpc.
2020-05-11 12:11:58 +02:00
Cole Helbling
01b645e872
nixos/doas: default rule should be first
...
In /etc/doas.conf, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.
2020-05-10 22:14:16 -07:00
Dominique Martinet
d8fa2627f3
mpd: remove user/group from conf
...
the options should not be set as we already change user with service
file, man mpd.conf says "Do not use this option if you start MPD as an
unprivileged user"
The group option actually is not documented at all anymore and probably
no longer exists.
These options get in the way of setting up confinement for the service,
as it would otherwise be pretty straightforward to setup, but even if
mpd is not root it would check the user exists within the chroot which
is more work (need to get nss working):
systemd.services.mpd = {
serviceConfig.BindPaths = [
# mpd state dir
"/var/lib/mpd"
# notify systemd service started up
"/run/systemd/notify"
];
serviceConfig.BindReadOnlyPaths = [
"/path/to/music:/var/lib/mpd/music"
];
# ProtectSystem is not compatible with confinement
serviceConfig.ProtectSystem = lib.mkForce false;
confinement = {
enable = true;
binSh = null;
mode = "chroot-only";
};
};
2020-05-10 20:24:33 +02:00
Gaelan
4ed7e23636
nixos/device-tree: fix package name in examples
...
deviceTree_rpi got renamed to device-tree_rpi a while back, so this updates the examples to reflect that.
2020-05-10 20:13:54 +02:00
Dominique Martinet
4c81174f4c
nixos/confinement: add conflict for ProtectSystem service option
...
Systemd ProtectSystem is incompatible with the chroot we make
for confinement. The options is redundant with what we do anyway
so warn if it had been set and advise to disable it.
Merges: https://github.com/NixOS/nixpkgs/pull/87420
2020-05-10 19:25:41 +02:00
Edmund Wu
9a269f555a
nixos/nvidia: include systemd power management
2020-05-10 11:25:50 -04:00
Richard Marko
a6ac6d00f9
nixos/raspberrypi-builder: fix cross using buildPackages
2020-05-10 16:03:31 +02:00
Richard Marko
03ae0c0fe2
nixos/uboot-builder: fix cross using buildPackages
2020-05-10 16:03:31 +02:00
Andreas Rammhold
a432f832bf
nixos/tests/gitdaemon: fix spurious test failures due to flaky network
...
This test is sometimes flaky on hydra as at the time of the `git clone`
the network isn't really configured yet[1]. That problem doesn't seem to
occur locally but if you run it on a machine with high enough load (such
as hydra build machines). Hopefully this will make the test not flaky
anymore.
[1] https://hydra.nixos.org/build/118710378/nixlog/21/raw
2020-05-10 15:58:54 +02:00
José Romildo Malaquias
be03474637
Merge pull request #77054 from formbay/nvidia-persistenced
...
nixos/nvidia : added nvidia-persistenced
2020-05-10 07:42:47 -03:00
adisbladis
68ee2396f6
Merge pull request #86488 from cole-h/doas
...
nixos/doas: init
2020-05-10 10:33:29 +02:00
Matthew Bauer
b907387ffe
Merge pull request #87212 from matthewbauer/dont-include-gdk-pixbuf-module-file
...
nixos/gdk-pixbuf.nix: don’t set GDK_PIXBUF_MODULE_FILE in cross
2020-05-09 14:06:48 -05:00
Florian Klink
8325e0db11
Revert "nixos/resolved: Include dbus alias of resolved unit"
...
This reverts commit 7fe539f799
.
2020-05-09 20:05:01 +02:00
Chuck
751a27020e
nixos/test-driver: Specify /bin/sh shell when running a bourne shell script as the user
...
The test harness provides the commands it wishes to run in Bourne
syntax. This fails if the user uses a different shell. For example,
with fish:
machine.wait_for_unit("graphical-session.target", "alice")
machine # fish: Unsupported use of '='. To run '-u`' with a modified environment, please use 'env XDG_RUNTIME_DIR=/run/user/`id -u`…'
machine # XDG_RUNTIME_DIR=/run/user/`id -u` systemctl --user --no-pager show "graphical-session.target"
machine # ^
machine # [ 16.329957] su[1077]: pam_unix(su:session): session closed for user alice
error: retrieving systemctl info for unit "graphical-session.target" under user "alice" failed with exit code 127
2020-05-09 11:01:17 -07:00
Florian Klink
d4c2f1ab5d
Merge pull request #87263 from arianvp/resolved-dbus
...
nixos/resolved: Include dbus alias of resolved unit
2020-05-09 18:06:50 +02:00
Robin Gloster
f1f0e82c50
privacyidea: address reviews
2020-05-09 12:11:44 +02:00
Eelco Dolstra
10d74709fe
Merge pull request #87191 from edolstra/no-nested-logs
...
testing{-python}.nix: Remove log pretty-printing cruft
2020-05-09 09:00:27 +02:00
Mario Rodas
72654dc57e
Merge pull request #87210 from Frostman/prom-2.18.0
...
prometheus: 2.17.2 -> 2.18.1
2020-05-08 14:03:15 -05:00
AndersonTorres
44d90b0619
tinywm: init at 2014-04-22
...
A tiny window manger for X11
2020-05-08 15:29:25 -03:00
Alexey Shmalko
afbab5a3f3
Merge pull request #85996 from misuzu/nixos-install-low-memory
...
nixos/nixos-installer: use temporary directory on target filesystem
2020-05-08 18:40:24 +03:00
Sergey Lukjanov
742e5bff36
prometheus: 2.17.2 -> 2.18.1
2020-05-08 07:40:38 -07:00
Michael Raskin
50684f118a
Merge pull request #87264 from prusnak/rfc45
...
treewide: per RFC45, remove more unquoted URLs
2020-05-08 14:30:09 +00:00
Jörg Thalheim
43b3c15228
Merge pull request #87255 from symphorien/dovecot-restart-module
2020-05-08 15:05:10 +01:00
Pavol Rusnak
6abf4a43ad
treewide: per RFC45, remove more unquoted URLs
2020-05-08 15:20:47 +02:00
Arian van Putten
7fe539f799
nixos/resolved: Include dbus alias of resolved unit
...
This will make dbus socket activation for it work
When `systemd-resolved` is restarted; this would lead to unavailability
of DNS lookups. You're supposed to use DBUS socket activation to buffer
resolved requests; such that restarts happen without downtime
2020-05-08 14:21:25 +02:00
Symphorien Gibol
8fc8eec0e7
nixos/tt-rss.service: set syslogidentifier
2020-05-08 12:00:00 +00:00
Symphorien Gibol
0f3b4928b2
dovecot: restart when modules are changed
2020-05-08 12:00:00 +00:00
Symphorien Gibol
e96c52efdb
tt-rss: restart on failure
...
as should be the default with all long-running services
2020-05-08 12:00:00 +00:00
Symphorien Gibol
c7db8c1927
tt-rss: make less insanely verbose.
...
Fixes #74427
2020-05-08 12:00:00 +00:00