Commit Graph

17242 Commits

Author SHA1 Message Date
Jörg Thalheim
b96a4dcc60
uwsgi: make instance configuration deeply mergeable
allows to specify independent uwsgi instances in two modules.
2020-05-15 08:53:31 +01:00
Anderson Torres
0687add56e
Merge pull request #87716 from AndersonTorres/weird-window-mangers-upload
Small window managers:

- berry: init at 0.1.5
- smallwm: init at 2020-02-28
- yeahwm: init at 0.3.5
- lwm: init at 1.2.4
2020-05-14 22:22:07 -03:00
Eelco Dolstra
b7ddd316f1 postgresql: Use runuser instead of sudo
Currently, sudo doesn't work in a NixOS container running inside a Nix
build, because Nix's seccomp filter doesn't allow setuid programs. In
any case, runuser is a bit lower-overhead than sudo.
2020-05-15 00:25:27 +02:00
Dmitry Kalinkin
9943fd1a1d
Merge pull request #76653 from alexarice/agda-rework
Agda rework
2020-05-14 18:02:50 -04:00
Manuel Bärenz
b78a5a0e79
agda: Added test 2020-05-14 20:54:12 +01:00
Florian Klink
3c911d48cc
Merge pull request #87820 from nhey/port-kubernetes-test
nixosTests.kubernetes: port tests to python
2020-05-14 20:02:31 +02:00
Florian Klink
6f4f37d655 nixos/manual: fix build
This broke in https://github.com/NixOS/nixpkgs/pull/86376

Also, fix some stray trailing whitespaces
2020-05-14 18:18:34 +02:00
Ethan Glasser-Camp
b59b7414c3
nixos/manual: document use of systemd to mount filesystems (#87684)
* nixos/manual: document use of systemd to mount filesystems
2020-05-14 18:00:01 +02:00
Izorkin
da08b22e1a nixos/mysql-replication: ignore system databases in binary log 2020-05-14 17:29:40 +03:00
Izorkin
f52700fc14 nixos/tests/mysql-replication: fix test script
MariaDB 10.4 introduces a number of changes to the authentication
process, intended to make things easier and more intuitive.
2020-05-14 17:29:40 +03:00
Izorkin
90f30032f3 nixos/tests/mariadb-galera-rsync: fix test script
MariaDB 10.4 introduces a number of changes to the authentication
process, intended to make things easier and more intuitive.
2020-05-14 17:29:40 +03:00
Izorkin
963259d4ed nixos/tests/mariadb-galera-mariabackup: fix test script
MariaDB 10.4 introduces a number of changes to the authentication
process, intended to make things easier and more intuitive.
2020-05-14 17:29:40 +03:00
Izorkin
a4c7e0f502 nixos/mysql: add release notes 2020-05-14 17:29:40 +03:00
Izorkin
b8c8e810aa nixos/mysql: disable load pluginx auth_socket in mariadb 2020-05-14 17:29:40 +03:00
Izorkin
a40a811b17 mariadb-galera: 25.3.27 -> 26.4.3 2020-05-14 17:29:40 +03:00
Nikolaj Hey Hinnerskov
496bd1c706 nixosTests.kubernetes: port tests to python 2020-05-14 15:14:02 +02:00
Florian Klink
4a85559ffc
Merge pull request #87016 from flokli/nsswitch-cleanup
nixos/nsswitch cleanup nss modules
2020-05-14 14:55:43 +02:00
Eelco Dolstra
0ffc85d64b
Remove unused files 2020-05-14 14:34:50 +02:00
Jörg Thalheim
1694c0b3f7
Merge pull request #86376 from c00w/vendor_mod 2020-05-14 08:25:01 +01:00
Linus Heckemann
85a0587884
Merge pull request #87219 from serokell/kirelagin/postgres-no-time
postgres: Do not log timestamp
2020-05-14 08:34:44 +02:00
Colin L Rice
c5f18c44b1
go-modules: Doc updates 2020-05-14 07:21:52 +01:00
Jeff Slight
fe07adef7f
nixos/logrotate: add newline before extraConfig
Co-authored-by: Ryan Mulligan <ryan@ryantm.com>
2020-05-13 20:52:26 -07:00
AndersonTorres
1c2c0b2eb8 lwm: init at 1.2.4
lwm is a lightweight window manager
2020-05-13 21:32:54 -03:00
AndersonTorres
43ce2a5219 berry: init at 0.1.5
berry is a small window manager for X11
2020-05-13 21:32:54 -03:00
AndersonTorres
6aeaa1019c yeahwm: init at 0.3.5
yeahwm is a small window manager for X11, inspired by evilwm
2020-05-13 21:32:54 -03:00
AndersonTorres
58a93ee62d smallwm: init at 2020-02-28 2020-05-13 21:32:54 -03:00
Jeff Slight
90ce7f508a nixos/logrotate: add options for basic paths 2020-05-13 13:44:58 -07:00
Kirill Elagin
084bd32bad
postgresql: Fix formatting in option description
Co-authored-by: Mario Rodas <marsam@users.noreply.github.com>
2020-05-13 23:33:08 +03:00
Jeff Slight
c94911c5b7 nixos/logrotate: use lib.mkEnableOption 2020-05-13 11:58:51 -07:00
Jaka Hudoklin
9a29fe5808
Merge pull request #87576 from xtruder/pkgs/libvirtd/polkit
libvirtd: polkit integration, security fixes
2020-05-13 21:00:51 +07:00
Jaka Hudoklin
056ab3d278 nixos/libvirtd: use polkit for auth 2020-05-13 21:00:04 +07:00
Jörg Thalheim
6c437ef1bb
Merge pull request #85567 from Izorkin/nginx-sandbox 2020-05-13 10:34:02 +01:00
Dietrich Daroch
735c9a70d7 Services,IPFS,Fix: Require the ipfs-migrator package for handling upgrades.
Without it, the services get stuck on startup when the IPFS repo needs upgrades.
2020-05-13 00:15:50 -07:00
Linus Heckemann
db010c5537
Merge pull request #85687 from mayflower/privacyidea
Init privacyIDEA packages and modules
2020-05-13 09:08:57 +02:00
Timmy Xiao
fd13ca9f84 pam: fix spelling mistake in configuration 2020-05-12 15:56:37 -04:00
Izorkin
94391fce1d nixos/nginx: add option enableSandbox 2020-05-12 20:03:29 +03:00
Izorkin
aa12fb8adb nginxModules: add option allowMemoryWriteExecute
The allowMemoryWriteExecute option is required to checking enabled nginxModules
and disable the nginx sandbox mode MemoryDenyWriteExecute.
2020-05-12 20:03:29 +03:00
Izorkin
c7106610f1 nixos/tests: add nginx-sandbox test 2020-05-12 20:03:29 +03:00
Izorkin
af6d0095f7 nixos/tests: fix nginx-pubhtml test 2020-05-12 20:03:29 +03:00
Izorkin
97a0928ccb nixos/nginx: add release notes 2020-05-12 20:03:28 +03:00
Izorkin
628354c686 nixos/nginx: enable sandboxing 2020-05-12 20:03:27 +03:00
ajs124
e001f5760e nixosTests.sogo: init test 2020-05-12 18:49:43 +02:00
ajs124
511b578c93 nixos/sogo: init module 2020-05-12 18:49:43 +02:00
adisbladis
30236aceaf
Merge pull request #87581 from cole-h/doas
nixos/doas: default rule should be first
2020-05-12 18:38:51 +02:00
Jacek Galowicz
11f49fb94d
Merge pull request #79966 from chkno/bcache
nixos/bcache: Installer test for / on bcache
2020-05-12 18:21:44 +02:00
Silvan Mosberger
6440000547
Merge pull request #87599 from helsinki-systems/znapzend-oracle-mode 2020-05-12 15:39:25 +02:00
Silvan Mosberger
fea63944fd
Merge pull request #87280 from helsinki-systems/znapzend-mbuffer-path 2020-05-12 15:37:38 +02:00
betaboon
fd41795f58 nixos/pixiecore: fix escaping of cmdline 2020-05-12 15:14:49 +02:00
Florian Klink
d6f90e4f9e
Merge pull request #73530 from eadwu/nvidia/systemd-pm
nixos/nvidia: include systemd power management
2020-05-12 13:54:45 +02:00
Linus Heckemann
90c0191735
Merge pull request #85428 from serokell/kirelagin/unit-script-name
systemd: Simplify unit script names
2020-05-12 09:35:26 +02:00
Jacek Galowicz
efe0051a9d
Merge pull request #87632 from chkno/installer-test-machine-name-fix
nixos/tests/installer: Fix machine name
2020-05-12 09:32:44 +02:00
Anderson Torres
bae0829384
Merge pull request #87288 from AndersonTorres/tinywm-upload
tinywm: init at 2014-04-22
2020-05-11 21:31:41 -03:00
Chuck
f9091581e8 nixos/tests/installer: Fix machine name 2020-05-11 15:41:18 -07:00
Matthew Bauer
43545032af
Merge pull request #87314 from matthewbauer/bazel-flat
build-bazel-package: switch hash mode to “flat”
2020-05-11 15:27:48 -05:00
Matthew Bauer
fe48f63c3c build-bazel-package: Add hash change to changelog 2020-05-11 13:19:52 -05:00
Florian Klink
23ba506113 nixos/nsswitch: improve error message
Show the config option triggering the assertion, so people don't
necessary lookup the nixpkgs source code.
2020-05-11 16:14:51 +02:00
Florian Klink
90bc3ec9b9 nixos/sssd remove redundant condition
This is all inside a global cfg.enable conditional, so we don't need to
check here again.
2020-05-11 16:14:51 +02:00
Florian Klink
4a69bf2a1e nixos/systemd: enable systemd-provided nss modules unconditionally
A disabled nscd breaks nss module loading on NixOS, and systemd without
its nss modules doesn't really work either - instead of silently
disabling its nss modules if nscd is disabled, let the assertion in
nsswitch handle this.
2020-05-11 16:14:51 +02:00
Florian Klink
1df38e2a1d nixos/nsswitch: update comment next to assertion 2020-05-11 16:14:51 +02:00
Florian Klink
0f6f544aaf nixos/sssd: drop assertion
This is now already triggered by the nsswitch module, as we set
system.nssModules.
2020-05-11 16:14:51 +02:00
Florian Klink
1fb6c37597 nixos/samba: move nss database configuration into samba module 2020-05-11 16:14:50 +02:00
Florian Klink
fd21793de6 nixos/avahi: move nss database configuration into avahi module 2020-05-11 16:14:50 +02:00
Florian Klink
4f9c8ef791 nixos/ldap: move nss database configuration into ldap module
now that passwdArray and shadowArray aren't used anymore, these can be
folded.
2020-05-11 16:14:50 +02:00
Florian Klink
36b6e26d40 nixos/systemd: add to system.nssDatabases.group too
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the systemd module in
c0995d22ee, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Florian Klink
2297508783 nixos/google-oslogin: add to system.nssDatabases.group too
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the google-oslogin module in
4b71b6f8fa, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Florian Klink
ecf327d697 nixos/sssd: add to system.nssDatabases.group too
nixos/modules/config/nsswitch.nix uses `passwdArray` for both `passwd`
and `group`, but when moving this into the sss module in
edddc7c82a, it didn't get split
appropriately.
2020-05-11 16:14:50 +02:00
Michel Weitbrecht
90533bfde2
nixos/znapzend: Add oracleMode feature; add maintainer
The feature destroys snapshots one-by-one instead of all at once.
If many snapshots accumulated, destroying them all at once can fail
because the argument list is too long. See
https://github.com/oetiker/znapzend/blob/master/lib/ZnapZend/ZFS.pm#L284
2020-05-11 14:35:30 +02:00
Michel Weitbrecht
c46b26b9ad
nixos/znapzend: Use generic mbuffer path
The configured mbuffer path will be called on both the source and target
system. If you use pkgs.mbuffer from the source host and the target host
does not have this exact derivation, you will get a broken pipe when
sending snapshots. This is the case when transferring to a non-NixOS
system or to a host with a different mbuffer version.
2020-05-11 14:26:39 +02:00
Florian Klink
b12c08ca88
Merge pull request #87414 from chkno/specify-shell-when-sudoing-to-user-with-unknown-shell
nixos/test-driver: Specify /bin/sh shell when running a bourne shell script as the user
2020-05-11 13:32:46 +02:00
Michele Guerini Rocco
da19aa1319
Merge pull request #87593 from vojta001/monero
monero: fix rcp.restricted option
2020-05-11 12:39:16 +02:00
Jörg Thalheim
11c18faa4e
Merge pull request #85862 from Izorkin/nginx-paths 2020-05-11 11:17:04 +01:00
Vojtěch Káně
e7ab236cab monero: fix rcp.restricted option
According to https://monerodocs.org/interacting/monerod-reference/#node-rpc-api
the correct option is restricted-rpc, not restrict-rpc.
2020-05-11 12:11:58 +02:00
Cole Helbling
01b645e872
nixos/doas: default rule should be first
In /etc/doas.conf, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.
2020-05-10 22:14:16 -07:00
Dominique Martinet
d8fa2627f3 mpd: remove user/group from conf
the options should not be set as we already change user with service
file, man mpd.conf says "Do not use this option if you start MPD as an
unprivileged user"

The group option actually is not documented at all anymore and probably
no longer exists.

These options get in the way of setting up confinement for the service,
as it would otherwise be pretty straightforward to setup, but even if
mpd is not root it would check the user exists within the chroot which
is more work (need to get nss working):

  systemd.services.mpd = {
    serviceConfig.BindPaths = [
      # mpd state dir
      "/var/lib/mpd"
      # notify systemd service started up
      "/run/systemd/notify"
    ];
    serviceConfig.BindReadOnlyPaths = [
      "/path/to/music:/var/lib/mpd/music"
    ];
    # ProtectSystem is not compatible with confinement
    serviceConfig.ProtectSystem = lib.mkForce false;
    confinement = {
      enable = true;
      binSh = null;
      mode = "chroot-only";
    };
  };
2020-05-10 20:24:33 +02:00
Gaelan
4ed7e23636 nixos/device-tree: fix package name in examples
deviceTree_rpi got renamed to device-tree_rpi a while back, so this updates the examples to reflect that.
2020-05-10 20:13:54 +02:00
Dominique Martinet
4c81174f4c
nixos/confinement: add conflict for ProtectSystem service option
Systemd ProtectSystem is incompatible with the chroot we make
for confinement. The options is redundant with what we do anyway
so warn if it had been set and advise to disable it.

Merges: https://github.com/NixOS/nixpkgs/pull/87420
2020-05-10 19:25:41 +02:00
Edmund Wu
9a269f555a
nixos/nvidia: include systemd power management 2020-05-10 11:25:50 -04:00
Richard Marko
a6ac6d00f9 nixos/raspberrypi-builder: fix cross using buildPackages 2020-05-10 16:03:31 +02:00
Richard Marko
03ae0c0fe2 nixos/uboot-builder: fix cross using buildPackages 2020-05-10 16:03:31 +02:00
Andreas Rammhold
a432f832bf nixos/tests/gitdaemon: fix spurious test failures due to flaky network
This test is sometimes flaky on hydra as at the time of the `git clone`
the network isn't really configured yet[1]. That problem doesn't seem to
occur locally but if you run it on a machine with high enough load (such
as hydra build machines). Hopefully this will make the test not flaky
anymore.

[1] https://hydra.nixos.org/build/118710378/nixlog/21/raw
2020-05-10 15:58:54 +02:00
José Romildo Malaquias
be03474637
Merge pull request #77054 from formbay/nvidia-persistenced
nixos/nvidia : added nvidia-persistenced
2020-05-10 07:42:47 -03:00
adisbladis
68ee2396f6
Merge pull request #86488 from cole-h/doas
nixos/doas: init
2020-05-10 10:33:29 +02:00
Matthew Bauer
b907387ffe
Merge pull request #87212 from matthewbauer/dont-include-gdk-pixbuf-module-file
nixos/gdk-pixbuf.nix: don’t set GDK_PIXBUF_MODULE_FILE in cross
2020-05-09 14:06:48 -05:00
Florian Klink
8325e0db11 Revert "nixos/resolved: Include dbus alias of resolved unit"
This reverts commit 7fe539f799.
2020-05-09 20:05:01 +02:00
Chuck
751a27020e nixos/test-driver: Specify /bin/sh shell when running a bourne shell script as the user
The test harness provides the commands it wishes to run in Bourne
syntax.  This fails if the user uses a different shell.  For example,
with fish:

  machine.wait_for_unit("graphical-session.target", "alice")

machine # fish: Unsupported use of '='. To run '-u`' with a modified environment, please use 'env XDG_RUNTIME_DIR=/run/user/`id -u`…'
machine # XDG_RUNTIME_DIR=/run/user/`id -u` systemctl --user --no-pager show "graphical-session.target"
machine # ^
machine # [   16.329957] su[1077]: pam_unix(su:session): session closed for user alice
error: retrieving systemctl info for unit "graphical-session.target" under user "alice" failed with exit code 127
2020-05-09 11:01:17 -07:00
Florian Klink
d4c2f1ab5d
Merge pull request #87263 from arianvp/resolved-dbus
nixos/resolved: Include dbus alias of resolved unit
2020-05-09 18:06:50 +02:00
Robin Gloster
f1f0e82c50
privacyidea: address reviews 2020-05-09 12:11:44 +02:00
Eelco Dolstra
10d74709fe
Merge pull request #87191 from edolstra/no-nested-logs
testing{-python}.nix: Remove log pretty-printing cruft
2020-05-09 09:00:27 +02:00
Mario Rodas
72654dc57e
Merge pull request #87210 from Frostman/prom-2.18.0
prometheus: 2.17.2 -> 2.18.1
2020-05-08 14:03:15 -05:00
AndersonTorres
44d90b0619 tinywm: init at 2014-04-22
A tiny window manger for X11
2020-05-08 15:29:25 -03:00
Alexey Shmalko
afbab5a3f3
Merge pull request #85996 from misuzu/nixos-install-low-memory
nixos/nixos-installer: use temporary directory on target filesystem
2020-05-08 18:40:24 +03:00
Sergey Lukjanov
742e5bff36 prometheus: 2.17.2 -> 2.18.1 2020-05-08 07:40:38 -07:00
Michael Raskin
50684f118a
Merge pull request #87264 from prusnak/rfc45
treewide: per RFC45, remove more unquoted URLs
2020-05-08 14:30:09 +00:00
Jörg Thalheim
43b3c15228
Merge pull request #87255 from symphorien/dovecot-restart-module 2020-05-08 15:05:10 +01:00
Pavol Rusnak
6abf4a43ad
treewide: per RFC45, remove more unquoted URLs 2020-05-08 15:20:47 +02:00
Arian van Putten
7fe539f799 nixos/resolved: Include dbus alias of resolved unit
This will make dbus socket activation for it work

When `systemd-resolved` is restarted; this would lead to unavailability
of DNS lookups.  You're supposed to use DBUS socket activation to buffer
resolved requests; such that restarts happen without downtime
2020-05-08 14:21:25 +02:00
Symphorien Gibol
8fc8eec0e7 nixos/tt-rss.service: set syslogidentifier 2020-05-08 12:00:00 +00:00
Symphorien Gibol
0f3b4928b2 dovecot: restart when modules are changed 2020-05-08 12:00:00 +00:00
Symphorien Gibol
e96c52efdb tt-rss: restart on failure
as should be the default with all long-running services
2020-05-08 12:00:00 +00:00
Symphorien Gibol
c7db8c1927 tt-rss: make less insanely verbose.
Fixes #74427
2020-05-08 12:00:00 +00:00