Commit Graph

11509 Commits

Author SHA1 Message Date
Jamey Sharp
c38fa99757 nixos/nscd: don't need to specify username
Thanks to @arianvp for pointing out that when DynamicUser is true,
systemd defaults the value of User to be the name of the unit, which in
this case is already "nscd".
2019-07-06 09:24:49 -07:00
Vladimír Čunát
0746c4dbb4
Merge branch 'master' into staging-next
There are several thousand rebuilds from master already.
Hydra nixpkgs: ?compare=1528940
2019-07-06 13:44:40 +02:00
Jörg Thalheim
df65cd3734
nixos/zfs: enable requestEncryptionCredentials by default (#64316)
nixos/zfs: enable requestEncryptionCredentials by default
2019-07-06 09:02:45 +01:00
Jörg Thalheim
2143f6f34f
Merge pull request #64355 from Izorkin/hardwareKSM
nixos/ksm: add option sleep
2019-07-06 08:54:34 +01:00
Jörg Thalheim
e111f23233
Merge pull request #64329 from Izorkin/netdata
nixos/netdata: update service config
2019-07-06 08:52:41 +01:00
Izorkin
fb4d71a39f nixos/netdata: increase performance 2019-07-06 10:15:21 +03:00
Izorkin
6e592faa92 nixos/netdata: enable reload service and add PID file 2019-07-06 10:12:20 +03:00
Izorkin
8364ade833 nixos/ksm: add option sleep 2019-07-06 10:08:27 +03:00
Aaron Andersen
1cd3b98c3a nixos/tt-rss: remove deprecated usage of PermissionsStartOnly, specify a group to run service as, and fix local pgsql database creation 2019-07-05 22:04:56 -04:00
Silvan Mosberger
944e21cf7c
Merge pull request #63339 from Slabity/master
Fix restya-board's phpfpm.pools option
2019-07-06 03:00:52 +02:00
Tyler Slabinski
120cf906a6 nixos/restya-board: Fix phpfpm.pools option 2019-07-05 20:16:13 -04:00
Thomas Tuegel
56d5963382
Merge pull request #54525 from ttuegel/feature/qt-5/wrap-qt-apps
Wrap Qt applications
2019-07-05 14:38:10 -05:00
Thomas Tuegel
f79fd2e826
wrapQtAppsHook: wrap Qt applications for runtime dependencies 2019-07-05 10:41:41 -05:00
Elis Hirwing
823120765c
Merge pull request #64113 from davidtwco/lidarr/users-groups-firewalls
nixos/lidarr: add user/group/openFirewall opts.
2019-07-05 12:20:49 +02:00
Aaron Andersen
c7efe78963
Merge pull request #64274 from aanderse/limesurvey
nixos/limesurvey: module fixes & cleanup
2019-07-04 21:25:49 -04:00
Ivan Jager
a38449f159 nixos/zfs: enable requestEncryptionCredentials by default
Since zfsStable now supports encryption, it no longer makes sense to set
the default based on whether we're using zfsUnstable
2019-07-04 16:11:52 -05:00
Joachim Fasting
c3cc7034e2
nixos/hardened: harder inet defaults
See e.g., https://github.com/NixOS/nixpkgs/issues/63768

Forwarding remains enabled for now, need to determine its effects on
virtualization, if any.
2019-07-04 19:24:44 +02:00
Joachim Fasting
c233e24d54
nixos/hardened: disable ftrace by default 2019-07-04 19:24:41 +02:00
Joachim Fasting
44b6999614
nixos/malloc: use ld preload
This is more robust than setting via environment variable, though it does come
later in the load sequence.  An added benefit is affecting the current
session.
2019-07-04 19:24:40 +02:00
Matthieu Coudron
2ebeba4927 nixos/iperf: add openFirewall setting
Opens the specified tcp port.
2019-07-04 16:58:56 +02:00
Jörg Thalheim
5c80009d0d
netdata: update build config (#64241)
netdata: update build config
2019-07-04 13:35:20 +01:00
Aaron Andersen
5da6d04840 nixos/limesurvey: module fixes & cleanup 2019-07-04 06:16:59 -04:00
Izorkin
064a19afe2 nixos/netdata: add capabilites to freeipmi.plugin 2019-07-04 13:08:38 +03:00
Jamey Sharp
4c64375e91 nixos/nscd: delete redundant nscd.conf options
These options were being set to the same value as the defaults that are
hardcoded in nscd. Delete them so it's clear which settings are actually
important for NixOS.

One exception is `threads 1`, which is different from the built-in
default of 4. However, both values are equivalent because nscd forces
the number of threads to be at least as many as the number of kinds of
databases it supports, which is 5.
2019-07-03 15:34:44 -07:00
Jamey Sharp
de251704d6 nixos/nscd: run with a dynamic user
nscd doesn't create any files outside of /run/nscd unless the nscd.conf
"persistent" option is used, which we don't do by default. Therefore it
doesn't matter what UID/GID we run this service as, so long as it isn't
shared with any other running processes.

/run/nscd does need to be owned by the same UID that the service is
running as, but systemd takes care of that for us thanks to the
RuntimeDirectory directive.

If someone wants to turn on the "persistent" option, they need to
manually configure users.users.nscd and systemd.tmpfiles.rules so that
/var/db/nscd is owned by the same user that nscd runs as.

In an all-defaults boot.isContainer configuration of NixOS, this removes
the only user which did not have a pre-assigned UID.
2019-07-03 13:27:29 -07:00
Jamey Sharp
597563d248 nixos/nscd: let systemd manage directories
Previously this module created both /var/db/nscd and /run/nscd using
shell commands in a preStart script. Note that both of these paths are
hard-coded in the nscd source. (Well, the latter is actually
/var/run/nscd but /var/run is a symlink to /run so it works out the
same.)

/var/db/nscd is only used if the nscd.conf "persistent" option is turned
on for one or more databases, which it is not in our default config
file. I'm not even sure persistent mode can work under systemd, since
`nscd --shutdown` is not synchronous so systemd will always
unceremoniously kill nscd without reliably giving it time to mark the
databases as unused. Nonetheless, if someone wants to use that option,
they can ensure the directory exists using systemd.tmpfiles.rules.

systemd can create /run/nscd for us with the RuntimeDirectory directive,
with the added benefit of causing systemd to delete the directory on
service stop or restart. The default value of RuntimeDirectoryMode is
755, the same as the mode which this module was using before.

I don't think the `rm -f /run/nscd/nscd.pid` was necessary after NixOS
switched to systemd and used its PIDFile directive, because systemd
deletes the specified file after the service stops, and because the file
can't persist across reboots since /run is a tmpfs. Even if the file
still exists when nscd starts, it's only a problem if the pid it
contains has been reused by another process, which is unlikely. Anyway,
this change makes that deletion even less necessary, because now systemd
deletes the entire /run/nscd directory when the service stops.
2019-07-03 12:39:48 -07:00
Jamey Sharp
93f185df65 nixos/nscd: no longer need to wait for readiness
This postStart step was introduced on 2014-04-24 with the comment that
"Nscd forks into the background before it's ready to accept
connections."

However, that was fixed upstream almost two months earlier, on
2014-03-03, with the comment that "This, along with setting the nscd
service type to forking in its systemd configuration file, allows
systemd to be certain that the nscd service is ready and is accepting
connections."

The fix was released several months later in glibc 2.20, which was
merged in NixOS sometime before 15.09, so it certainly should be safe to
remove this workaround by now.
2019-07-03 12:26:47 -07:00
Aaron Andersen
aa05aad470 nixos/wordpress: create module to replace the httpd subservice 2019-07-03 11:47:33 -04:00
Aaron Andersen
8d7dc105b1
Merge pull request #63931 from aanderse/phpfpm
phpfpm: revert #63156
2019-07-03 07:04:17 -04:00
Aaron Andersen
9f2518da59
Merge pull request #64199 from thorstenweber83/fix-mysql-test
nixos/mysql: fix mysql test after #63862
2019-07-03 06:27:40 -04:00
Aaron Andersen
ec80ffc621
Merge pull request #62061 from aanderse/nagios
nixos/nagios: module updates
2019-07-03 06:19:35 -04:00
talyz
732af03ace networkmanager: Documentation cleanup.
- Refer to external documentation for dns option
- Clean up macAddress option
- Improve references
2019-07-03 09:40:05 +00:00
talyz
80acb28bee networkmanager: Add rc-manager option
Add an option to set the rc-manager parameter in NetworkManager.conf,
which controls how NetworkManager handles resolv.conf. This sets the
default rc-manager to "resolvconf", which solves #61490. It
additionally allows the user to change rc-manager without interference
from configuration activations.
2019-07-03 09:40:05 +00:00
Frederik Rietdijk
25a77b7210 Merge staging-next into staging 2019-07-03 08:59:42 +02:00
Thorsten Weber
46ea3ebc19 nixos/mysql: make ExecStartPost script fail on error 2019-07-03 08:50:21 +02:00
David Wood
16c394fe0f
nixos/deluge: Add extractor dependencies.
This commit adds the "Extractor" plugin dependencies to the PATH of the
`deluged` service.
2019-07-02 22:26:38 +01:00
David Wood
9837facf21
nixos/deluge: user, group and web firewall opts.
This commit adds new options to the Deluge service:

- Allow configuration of the user/group which runs the deluged daemon.
- Allow configuration of the user/group which runs the deluge web
  daemon.
- Allow opening firewall for the deluge web daemon.
2019-07-02 22:26:34 +01:00
Tadeo Kondrak
fef4dc526f
nixos/programs/shell.nix: don't use unnecessary GNU-specific option 2019-07-02 03:08:14 -06:00
Peter Hoeg
10dd03e0a3
Merge pull request #63551 from Steell/roon-server
roon-server: init at 100600401
2019-07-02 10:06:29 +08:00
Aaron Andersen
f2a499549f nixos/httpd: drop mercurial httpd subservice 2019-07-01 15:34:00 -04:00
David Wood
6ba90c2aae
nixos/lidarr: add user/group/openFirewall opts.
This commit adds new configuration options to the Lidarr module that
allows configuration of the user and group that Lidarr runs as; and to
open the firewall for the Lidarr port.
2019-07-01 16:17:18 +01:00
worldofpeace
3f4a353737 treewide: use dontUnpack 2019-07-01 04:23:51 -04:00
worldofpeace
cab7c6cbd9 treewide: use dontConfigure 2019-07-01 04:23:51 -04:00
Aaron Andersen
d0a147e841 nixos/mysql: run ExecStartPost as root (again) to preserve compatibility with installs that have been secured 2019-06-30 21:59:47 -04:00
Aaron Andersen
e0590da813 nixos/mysql: turn ExecStartPost into a shell script and simplify code 2019-06-30 21:58:27 -04:00
Aaron Andersen
26a5f32096 nixos/redmine: cosmetic cleanup 2019-06-30 07:24:23 -04:00
Aaron Andersen
e702468f6b nixos/redmine: add database.createLocally option 2019-06-30 07:24:18 -04:00
Aaron Andersen
278d867a9b Revert "Merge pull request #63156 from Izorkin/phpfpm-rootless"
This reverts commit b5478fd1a2, reversing
changes made to dbb00bfcbf.
2019-06-28 21:47:43 -04:00
Aaron Andersen
4b98e262a0 Revert "nixos/phpfpm: Remove usage of undefined variable fpmCfg"
This reverts commit 54645ce43a.
2019-06-28 21:47:17 -04:00
Ambroz Bizjak
c07fb9cebd nixos/opengl: Don't set XDG_DATA_DIRS.
This was added in #19936 so that vulkan-loader finds the ICD config files. It is
not needed any more after #62869 where it was ensured that the loader looks in
/run/opengl-driver(-32)/share.
2019-06-28 14:36:29 +02:00
worldofpeace
8789ff3179
Merge pull request #63822 from worldofpeace/dde-control-center/init
deepin.dde-control-center: init at 4.10.11
2019-06-27 22:15:52 -04:00
worldofpeace
8c2bcb181e nixos/deepin: add dde-control-center 2019-06-27 22:15:13 -04:00
Elis Hirwing
54645ce43a
nixos/phpfpm: Remove usage of undefined variable fpmCfg 2019-06-27 20:39:18 +02:00
Elis Hirwing
b5478fd1a2
Merge pull request #63156 from Izorkin/phpfpm-rootless
phpfpm: do not run anything as root
2019-06-27 19:13:53 +02:00
Elis Hirwing
dbb00bfcbf
Merge pull request #63726 from davidtwco/lidarr/specify-package
nixos/lidarr: allow specifying package
2019-06-27 19:06:51 +02:00
Aaron Andersen
fa01a229e7
Merge pull request #63101 from dasJ/gitea-jwt
nixos/gitea: Generate a JWT secret for git LFS
2019-06-27 13:06:17 -04:00
Aaron Andersen
ae02678a9d
Merge pull request #63786 from aanderse/mysql
mysql: drop support for deprecated package & module option
2019-06-27 12:14:35 -04:00
Domen Kožar
2072043efb
duplicati: fix StateDirectory 2019-06-27 14:15:37 +02:00
Peter Hoeg
67cca52fd9
Merge pull request #53204 from peterhoeg/m/libvirt
libvirt: support proper networking in user session
2019-06-27 11:39:48 +08:00
Janne Heß
8c3dd6f5e7 nixos/gitea: Generate a JWT secret for git LFS 2019-06-27 03:29:02 +02:00
Aaron Andersen
616e52e21b
Merge pull request #63622 from aanderse/zoneminder
nixos/zoneminder: fix some issues with database.createLocally option
2019-06-26 20:36:26 -04:00
Daniel Schaefer
19851ec1fc nixos/zoneminder: Fix nginx config check
NixOS wouldn't build because the nginx config checker fails.

Location without a trailing slash "could allow an attacker to read file
stored outside the target folder.", source:
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md

Shouldn't change the behaviour according to
https://serverfault.com/questions/607615/using-trailing-slashes-in-nginx-configuration/607731#607731
2019-06-26 20:45:55 +02:00
pacien
b05870d223 nixos/cgit: fix config example
The order of the keys matters: scan-path must be the last key for other settings
to be taken into account.
2019-06-26 19:59:31 +02:00
Eelco Dolstra
8e620e1bc5
Merge pull request #63810 from NixOS/binaryCaches-default
nix.binaryCaches: always set https://cache.nixos.org
2019-06-26 18:51:17 +02:00
Domen Kožar
f572d4eb91
duplicati: PermissionsStartOnly is deprecated 2019-06-26 15:52:00 +02:00
Domen Kožar
036728f3f4
nix.binaryCaches: always set https://cache.nixos.org
There are many support questions when people add a new binary cache
and they suddenly lose nixos substitutions.

Most of the users want to keep that, so we're doing a breaking change.

Previously to disable all binary caches one had to do:

  nix.binaryCache = [];

Now the same is possible via:

  nix.binaryCache = lib.mkForce;
2019-06-26 14:30:56 +02:00
Frederik Rietdijk
d843e16cb8 Merge master into staging-next 2019-06-26 13:22:30 +02:00
José Romildo Malaquias
b86c7b8568 nixos/deepin: add dde-launcher usb service 2019-06-26 00:40:17 -03:00
Samuel Dionne-Riel
6fba2c3565 sd-image-raspberrypi: populateBoot -> populateFirmware
Fixes an incomplete change from the last changes.
2019-06-25 20:49:34 -04:00
Graham Christensen
7b8a7cee78
Merge pull request #63699 from NinjaTrappeur/nin-hostapd-noscan
hostapd: add noscan mode
2019-06-25 18:08:58 -04:00
Graham Christensen
38c28ef10c
Merge pull request #56265 from aanderse/permissions-start-only
replace deprecated usage of PermissionsStartOnly (part 2)
2019-06-25 18:04:22 -04:00
Aaron Andersen
fb918a9254 nixos/mysql: drop rootPassword option 2019-06-25 17:26:53 -04:00
Aaron Andersen
74ff20fae7 nixos/zoneminder: fix some issues with database.createLocally option 2019-06-25 12:20:22 -04:00
Jan Tojnar
07d1d3ed68
Merge branch 'master' into staging 2019-06-25 18:06:43 +02:00
Frederik Rietdijk
4589a04299 Merge master into staging-next 2019-06-25 16:26:29 +02:00
Steve Elliott
725e2793dd roon-server: init at 100600401 2019-06-25 09:34:07 -04:00
Eelco Dolstra
aef7f1b31a
Typo 2019-06-25 14:46:04 +02:00
Domen Kožar
e8916cc6af
duplicati: allow changing the user 2019-06-25 14:28:03 +02:00
Vladimír Čunát
145a620802
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1527134
2019-06-25 14:04:12 +02:00
Aaron Andersen
931921664f
Merge pull request #63392 from ivan/cassandra-default-cluster-name
nixos/cassandra: use cassandra's default cluster name "Test Cluster"
2019-06-25 07:18:10 -04:00
Samuel Dionne-Riel
6bc2d30ee3
Merge pull request #62462 from samueldr/sd-image/fat-free
sd-image: FAT free /boot
2019-06-24 14:53:49 -04:00
Samuel Dionne-Riel
7c819989f9
Merge pull request #63147 from samueldr/aarch64/graphics-fixes
aarch64: misc. graphical boot fixes
2019-06-24 14:53:01 -04:00
Samuel Dionne-Riel
c4a12ee9c0
Merge pull request #62852 from samueldr/fix/xterm-desktop-manager-default
nixos/desktop-managers/xterm: Defaults to xserver's state
2019-06-24 14:48:58 -04:00
David Wood
7e38a64709
nixos/lidarr: allow specifying package
This commit allows users of `services.lidarr` to specify the package
that is used with `services.lidarr.package`.
2019-06-24 09:53:38 +01:00
Matthew Bauer
500c13ed46
Merge pull request #63609 from tokudan/udev-executable-check
udev: change error message if RUN entry is not executable
2019-06-23 21:43:31 -04:00
Matthew Bauer
8768d1c83a nixos: add hardware/network/intel-2200bg.nix to module-list
this is referenced by nixos-generate-config.pl. See
https://github.com/NixOS/nixpkgs/pull/63091 for more discussion.
2019-06-23 20:30:27 -04:00
Félix Baylac-Jacqué
5121f8d1e6
hostapd: starting hostapd systemd service at boot. 2019-06-24 00:26:27 +02:00
Félix Baylac-Jacqué
98deb87354
hostapd: Add noscan mode.
Applies OpenWRT's noscan patch to hostapd and the relevant option to
the hostapd module.

This noscan patch adds a new `noscan` option allowing us to create
some overlapping BSSs in HT40+/- mode.

Note: this option is disabled by default, we leave this up to the end
user whether it should be enabled or not.

Not being able to create those overlapping BSSs is basically
preventing us to use 802.11n in any urban area where chances to
overlap with another SSID are extremely high.

The patch we are using is a courtesy of the openwrt team and is
applied to the defaul hostapd package in both OpenWRT and Archlinux.
2019-06-24 00:26:20 +02:00
Frederik Rietdijk
dafee3d91a Merge master into staging-next 2019-06-23 15:38:41 +02:00
Matthew Bauer
9d9b98cdfb
Merge pull request #62891 from jtojnar/nixos-documentation-nixos-help-use-w3m-1-by-default
nixos/documentation: nixos-help: use w3m(1) by default
2019-06-22 21:37:22 -04:00
Domen Kožar
c687da8940
duplicati: change default interface to 127.0.0.1 for a saner default
Existing 'lo' didn't work for me as it was failing to assign an IP.
2019-06-22 20:26:18 +02:00
Domen Kožar
224a6562a4
Add configurationLimit to systemd-boot to prevent running out of disk space
Refs #23926
2019-06-22 20:11:11 +02:00
Vladimír Čunát
3e4b15f0c4
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1526638
2019-06-22 14:35:35 +02:00
Daniel Frank
b40a38fe8a udev: be more verbose about the error 2019-06-21 18:05:14 +02:00
Daniel Frank
f8cf9de7ce udev: change error message if RUN entry is not executable 2019-06-21 11:27:56 +02:00
Frederik Rietdijk
72d647f3d8 Merge master into staging-next 2019-06-21 08:20:26 +02:00
Peter Hoeg
28563ef5cb libvirtd (nixos): support bridging for user sessions 2019-06-21 11:11:48 +08:00
Silvan Mosberger
852fe410fc
nixos/zfs: Remove requestEncryptionCredentials assertion
zfs >= 0.8 supporting encryption is now stable
2019-06-21 03:33:09 +02:00
Ivan Kozik
41c6d7adfc nixos/prometheus-node-exporter: fix systemd unit for systemd 242 (#63540)
Avoid having a backslash at the end of ExecStart=.

See https://github.com/NixOS/nixpkgs/issues/63533 for details
about the change to systemd's unit parser.

Fixes #63383.
2019-06-20 17:04:36 -04:00
Matthew Bauer
2b8ea614b8
Merge pull request #63090 from NixOS/nomodeset
kernel.nix: boot.vesa implies nomodeset
2019-06-20 15:31:17 -04:00
Matthew Bauer
808d6fc7de
Merge pull request #63087 from matthiasbeyer/fix-ddclient-extraconfig
Fix ddclient extraConfig
2019-06-20 15:28:04 -04:00
worldofpeace
d672ceeb68
Merge pull request #63204 from michaelpj/imp/localtime-upstream
localtime: use upstream unit, fix polkit rules
2019-06-19 08:38:03 -04:00
Eelco Dolstra
7eb332af5d
Remove default value for nixpkgs.system
Using "builtins.currentSystem" doesn't work in pure evaluation mode,
and even when it's explicitly set (which it always is, in
nixos/lib/eval-config.nix), it breaks manual generation because the
manual tries to render the default value.
2019-06-19 14:07:45 +02:00
Michael Peyton Jones
0073c1fb0b
localtime: use upstream unit and fix polkit rule installation
Also don't allocate a user - the upstream unit uses DynamicUser.
2019-06-19 11:07:44 +01:00
Aaron Andersen
93412bc35f
Merge pull request #63413 from etu/gitea-183-update
gitea: 1.8.2 -> 1.8.3
2019-06-19 05:46:48 -04:00
Elis Hirwing
3576ba7c19
nixos/gitea: Add missing tmpfiles rules 2019-06-19 07:45:51 +02:00
Frederik Rietdijk
f120248daf Merge staging-next into staging 2019-06-18 11:07:56 +02:00
Frederik Rietdijk
41377252e5 Merge master into staging-next 2019-06-18 10:53:28 +02:00
Jan Tojnar
1ef7e40a9c
doc: Clean up programlisting & screen (#63316)
doc: Clean up programlisting & screen
2019-06-18 09:47:15 +02:00
Vladimír Čunát
0aa9f35a99
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1525828
2019-06-18 09:44:13 +02:00
Ivan Kozik
a476b9bf54 nixos/cassandra: use cassandra's default cluster name "Test Cluster"
The change to "NixOS Test Cluster" in #59179 broke startup of existing clusters
that used the previously-default cluster name "Test Cluster":

ERROR 23:00:47 Fatal exception during initialization
org.apache.cassandra.exceptions.ConfigurationException: Saved cluster name Test Cluster != configured name NixOS Test Cluster

Fixes #63388.
2019-06-18 00:36:46 +00:00
Matthew Bauer
4d6f65b81f
Merge pull request #62167 from matthewbauer/alias-libgl
Add libGL* aliases
2019-06-17 15:18:29 -04:00
Matthew Bauer
263f5891b6 treewide: mesa_noglu, mesa_drivers, libGL_driver -> mesa
Just use mesa for these to be more clear. Move these to aliases.nix
2019-06-17 14:43:18 -04:00
Jörg Thalheim
55e2c850a3
nixos/kvmgt: fix starting condition (#62096)
nixos/kvmgt: fix starting condition
2019-06-17 16:32:54 +01:00
Jan Tojnar
a3f2131eb6 doc: Use prompt more often 2019-06-17 13:25:50 +02:00
Jan Tojnar
11cb382a4c
nixos/doc: Fix spurious indentation 2019-06-17 12:28:26 +02:00
Izorkin
eee87b460e nixos/phpfpm: remove options services.phpfpm.poolConfigs 2019-06-17 09:15:51 +03:00
Izorkin
6093c04b67 nixos/tt-rss: fix work with phpfpm-rootless mode 2019-06-17 09:15:48 +03:00
Samuel Dionne-Riel
288118cdfa sd-image: Adds removed options for removed options
This will keep configuration configuring the size of the /boot partition
still build, while showing the deprecation warning.

In 99.9% of cases I assume ignoring the configuration is better, as the
sd-image builder already is pretty opinionated in that matter.
2019-06-16 17:47:32 -04:00
Samuel Dionne-Riel
c113c094cf sd-image: Pull less slack in the image by accounting for slack
The slack, seemingly, accounted for more than the minimum required for
slack plus the two partitions.

This change makes the gap a somewhat abstracted amount, but is not
configurable within the derivation.
2019-06-16 17:47:31 -04:00
Samuel Dionne-Riel
1843e00146 sd-image: Updates comments 2019-06-16 17:47:31 -04:00
Samuel Dionne-Riel
8634d5700d sd-image: firmware partition reduced to 20MiB 2019-06-16 17:47:31 -04:00
Samuel Dionne-Riel
53884e1b94 sd-image: Switch /boot to the ext4 partition 2019-06-16 17:47:31 -04:00
Samuel Dionne-Riel
6e9e78b618 sd-image: Moves /boot into rootfs
The current FAT32 partition is kept as it is required for the Raspberry
Pi family of hardware. It is where the firmware is kept.

The partition is kept bootable, and the boot files kept in there until
the following commits, to keep all commits of this series individually
bootable.
2019-06-16 17:47:30 -04:00
volth
f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Bjørn Forsman
8f551be935 nixos-generate-config: don't emit tmpfs entry for /tmp
Because it most likely comes from the boot.tmpOnTmpfs option in
configuration.nix (managed declaratively).
2019-06-16 16:21:54 +02:00
Bjørn Forsman
4213e48dd9 nixos-generate-config: add dm-snapshot module if LVM is detected
Without this, the system becomes unbootable if the user creates a LVM
snapshot and reboots.

Fixes https://github.com/NixOS/nixpkgs/issues/33646

(The same kind of problem was fixed in RHEL a few years back:
https://bugzilla.redhat.com/show_bug.cgi?id=1287940)
2019-06-16 15:30:54 +02:00
Bjørn Forsman
9e45f6feac nixos-generate-config: don't generate swapDevices for *files*
Up until now, the output has been the same for swap devices and swap
files:

  { device = "/var/swapfile"; }

Whereas for swap *files* it's easier to manage them declaratively in
configuration.nix:

  { device = "/var/swapfile"; size = 8192; }

(NixOS will create the swapfile, and later resize it, if the size
attribute is changed.)

With the assumption that swap files are specified in configuration.nix,
it's silly to output them to hardware-configuration.nix.
2019-06-16 15:26:33 +02:00
Izorkin
6290bf9067 nixos/selfoss: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
d44f759b55 nixos/restya-board: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
5b1a4730bc nixos/nextcloud: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
08dae69741 nixos/matomo: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
5d3805487a nixos/zoneminder: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
2172419101 nixos/icingaweb2: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
d49857a885 nixos/limesurvey: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
59a33f25e5 nixos/roundcube: fix work with phpfpm-rootless mode 2019-06-16 12:33:51 +03:00
Izorkin
320e8ab5d7 nixos/phpfpm: do not run anything as root 2019-06-16 12:33:49 +03:00
Frederik Rietdijk
7adbdd9758 Merge master into staging-next 2019-06-16 09:04:24 +02:00
Jan Tojnar
b1ee53d87b
nixos/enlightenment: fix build with config.allowAliases=false (#61421)
nixos/enlightenment: fix build with config.allowAliases=false
2019-06-16 04:07:26 +02:00
Samuel Dionne-Riel
5d92d16b49 sd-image-aarch64: Allows early modesetting for Allwinner boards
This will reduce the confusion at boot, where the only thing visible is
the last message from u-boot; where it looks like the board is
hung, while in reality it's likely resizing partitions.
2019-06-15 14:26:21 -04:00
Samuel Dionne-Riel
390f2071df sd-image-aarch64: Allows early modesetting for the Raspberry Pi
This will reduce the confusion at boot, where the only thing visible is
the last message from u-boot; where it looks like the Raspberry Pi is
hung, while in reality it's likely resizing partitions.
2019-06-15 14:26:20 -04:00
Frederik Rietdijk
395da1280e
Merge pull request #63100 from aanderse/phabricator-remove
drop unmaintained phabricator package, service, and httpd subservice
2019-06-15 13:08:48 +02:00
Frederik Rietdijk
482c74cfb8 Merge staging into staging-next 2019-06-15 10:49:30 +02:00
Frederik Rietdijk
9bd6c5d817
Merge staging-next into master 2019-06-15 10:46:55 +02:00
Yegor Timoshenko
d089f23390
Merge pull request #62853 from samueldr/fix/sshd-cross-compile-issue
nixos/sshd: fixes validation for cross-compilation
2019-06-15 10:37:35 +03:00
Frederik Rietdijk
31f22a5bb3 Merge staging-next into staging 2019-06-15 08:43:33 +02:00
Frederik Rietdijk
087b87758e Merge master into staging-next 2019-06-15 08:17:58 +02:00
Samuel Dionne-Riel
861bbbcb3c nixos/sshd: fixes validation for cross-compilation
See https://github.com/NixOS/nixpkgs/pull/62853
2019-06-15 00:56:42 -04:00
Samuel Dionne-Riel
8c14a6f641
Merge pull request #63135 from Ma27/captive-browser-regression
nixos/captive-browser: fix module
2019-06-14 21:29:26 -04:00
Florian Klink
e0818a1530
nixos/systemd: enable systemd-tmpfiles-setup and -clean for user sessions (#62813)
nixos/systemd: enable systemd-tmpfiles-setup and -clean for user sessions
2019-06-14 22:43:15 +02:00
Maximilian Bosch
d9f7bac91f
nixos/captive-browser: fix module
Fixes the broken metrics evaluation which was caused by a `trace`
warning in stdout which confused `jq` in `pkgs/top-level/metrics.nix`.

Also made the `bind-device` feature optional as suggested after the
merge.
2019-06-14 20:38:33 +02:00
Vladimír Čunát
788261a1a9
Merge branch 'master' into staging-next
Brings in Haskell rebuild.
Hydra nixpkgs: ?compare=1525186
2019-06-14 17:47:23 +02:00
aszlig
c26584f1e5
nixos: Fix build of manual
Manual build broken by 79f7f89442, which
is part of pull request #59179 (Fix Cassandra, improve config and
tests).

The issue was just a small error because of an unbalanced <literal/>
tag, so only a "/" was missing :-)

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @aanderse
2019-06-14 05:36:06 +02:00
Aaron Andersen
fadceeb075
Merge pull request #59179 from JohnAZoidberg/cassandra-module
Fix Cassandra, improve config and tests
2019-06-13 20:37:10 -04:00
Aaron Andersen
a49b546c92 nixos/httpd: remove unmaintained subservice (phabricator) 2019-06-13 17:12:13 -04:00
Aaron Andersen
e278ff48bc nixos/phd: remove unmaintained service 2019-06-13 17:09:45 -04:00
Lasse Blaauwbroek
0515392ed3 Fix ddclient extraConfig
The the extraConfig variable is added below the domain variable in the
ddclient config file. The domain variable should always be last.

(cherry picked from commit ba0ba6dc7934a6b4cc5d4090739a3a1c839afe67)
2019-06-13 18:25:59 +02:00
Wout Mertens
7938c1613d
kernel.nix: boot.vesa implies nomodeset
Without nomodeset the console is reset to 80x25 after Grub
2019-06-13 17:58:08 +02:00
Maximilian Bosch
d1990cff8d
Merge pull request #58036 from volth/captive-browser
nixos/programs.captive-browser: init
2019-06-13 14:05:13 +02:00
Danylo Hlynskyi
e718eb6243
Merge pull request #62712 from danbst/module-conflict-naming
NixOS module system: improve one of error messages
2019-06-13 11:59:54 +03:00
Daniel Schaefer
03503121da nixos/cassandra: Don't force SimpleSeedProvider
If the `seedAddresses` is not set, don't force `SimpleSeedProvider` to
be in `seed_provider`. This could cause problems in a multi-datacenter
deployment when a different seed provider is preferred.
2019-06-13 04:36:42 +02:00
Daniel Schaefer
79f7f89442 nixos/cassandra: Use docbook instead of markdown style 2019-06-13 04:36:41 +02:00
Daniel Schaefer
9ecd584785 nixos/cassandra: Add option for password file path
If you're on a multi user system you don't want to have the password in
the nix-store. With the new jmxRolesFile option you can specify your own
protected file instead.
2019-06-13 04:36:41 +02:00
Daniel Schaefer
35531f4016 nixos/cassandra: Allow setting JMX credentials
If we have the ability to enable remote JMX we should also support
setting credentials for that because they become required if you turn it
on.
2019-06-13 04:36:41 +02:00
Daniel Schaefer
c1991fb18d nixos/cassandra: Add clusterName 2019-06-13 04:36:41 +02:00
Daniel Schaefer
f0031432ce nixos/cassandra: Add nixos conf for Java env 2019-06-13 04:36:40 +02:00
Daniel Schaefer
746b82bd4a nixos/cassandra: Allow setting of seed addresses
Allow for more intuitive specifying of seed node addresses with Nix
syntax.
2019-06-13 04:34:03 +02:00
Daniel Schaefer
a2aa01be0c nixos/cassandra: Enable CQL server by default
Resolves #50954
2019-06-13 04:34:03 +02:00
Maximilian Bosch
401360e15b
Merge pull request #61923 from aanderse/gitea
nixos/gitea: make use of declarative features where applicable
2019-06-13 01:01:18 +02:00
Wael Nasreddine
da3ec20a72
Merge pull request #63035 from rvolosatovs/update/go
go: 1.12.5->1.12.6, 1.11.10->1.11.11
2019-06-12 08:50:39 -07:00
Eelco Dolstra
734b3e7758
Merge pull request #62966 from bjornfor/nixos-generate-config-bcache
nixos-generate-config: add support for bcache
2019-06-12 10:06:17 +02:00
Frederik Rietdijk
7953a65269 Merge staging-next into staging 2019-06-12 09:24:00 +02:00
Frederik Rietdijk
7184efb40a Merge master into staging-next 2019-06-12 09:22:07 +02:00
Franz Pletz
9b2ee2c057
Merge pull request #62838 from mayflower/fix/cryptsetup-kernel-crypto
cryptsetup: enable kernel crypto api support again
2019-06-12 05:05:38 +00:00
Robin Gloster
68c30f0d9b
Merge pull request #62153 from WilliButz/avahi-refactor
avahi: set service directory and refactor module
2019-06-11 14:04:33 +00:00
pacien
7cc0c50e39 nixos/cgit: mention filters in configText example 2019-06-11 15:27:56 +02:00
Jörg Thalheim
e829aeefa3
Merge pull request #62101 from michaelpj/imp/lenovo-throttled
throttled: fix for Intel CPU throttling issues
2019-06-11 11:10:52 +01:00
Lucas Savva
24e974b904
bind: Remove deprecated flag from rndc-confgen
Fixes bind.service startup issue after NixOS/nixpkgs#61619
2019-06-11 09:05:56 +02:00
worldofpeace
814c4c1b9d
Merge pull request #61366 from romildo/upd.deepin.dde-file-manager
deepin.dde-file-manager: init at 4.8.6.2
2019-06-11 02:00:43 -04:00
José Romildo Malaquias
057016a2c5 nixos/deepin: add dde-file-manager services 2019-06-11 01:57:16 -04:00
Matthew Bauer
02698c4a61
Merge pull request #59803 from volth/patch-316
nixos/netboot: import -> callPackage
2019-06-10 21:30:23 -04:00
Matthew Bauer
049884ba12
Merge pull request #62941 from woffs/openvpn-url
openvpn: fix static key mini howto url
2019-06-10 21:24:53 -04:00
Aaron Andersen
7145cf224c nixos/gitea: replace deprecated usage of PermissionsStartOnly
see #53852
2019-06-10 20:32:35 -04:00
Aaron Andersen
9d251d8b21 nixos/gitea: define a gitea group to avoid "nogroup" ownership 2019-06-10 20:32:35 -04:00
Aaron Andersen
615f8b8982 nixos/gitea: utilize mysql|postgresql.ensureDatabases & ensureUsers to provision databases 2019-06-10 20:32:28 -04:00
Bjørn Forsman
4755811a12 nixos-generate-config: add support for bcache
Add "bcache" to boot.initrd.availableKernelModules if a bcache device is
detected.

This fixes a problem I've had one too many times: I install NixOS and
forget to add "bcache", resulting in an unbootable machine (until fixed
with Live CD). Now NixOS will do it for me.
2019-06-10 21:22:07 +02:00
Nikolay Amiantov
493bb6035a networkmanager service: install strongswan configuration file only if enabled 2019-06-10 20:20:47 +03:00
Nikolay Amiantov
5be5991c80 networkmanager service: remove with pkgs
Avoid using `with` which isn't particularly needed.
2019-06-10 20:20:46 +03:00
Nikolay Amiantov
33b7e5f6c7 networkmanager service: fix simultaneous append and insert of nameservers
Before only one of them could work at the same time.
2019-06-10 18:54:32 +03:00
Nikolay Amiantov
68de116eb4 networkmanager service: override DNS when it's actually needed
Logic expression was incorrect before.
2019-06-10 18:54:27 +03:00
adisbladis
32b374f780
Merge pull request #62315 from adisbladis/pulseaudio/resample-method
nixos/pulseaudio: Set speex-float-5 as default resample-method
2019-06-10 15:05:44 +02:00
Frank Doepper
f7ef7bacb7 openvpn: fix static key mini howto url 2019-06-10 13:02:45 +02:00
Frederik Rietdijk
e58f0f6c99 Merge master into staging-next 2019-06-10 10:35:50 +02:00
Roman Volosatovs
8e489018d3
systemd-networkd: Only generate [Match] if present 2019-06-09 19:09:10 +02:00
Jörg Thalheim
98e3b90b6c
Merge pull request #62269 from dasJ/fix-bird-reload
nixos/bird: Fix reload
2019-06-09 17:34:30 +01:00
Klemens Nanni
03d6c406fc
nixos/documentation: nixos-help: use w3m(1) by default
It is referenced in various places, but does not work out of the box:

	$ nixos-help
	/run/current-system/sw/bin/nixos-help: unable to start a web browser; please set $BROWSER

In the user-hidden fallbacks to xdg-open(1) and w3m(1), `nixos-help`
expects tools to be deliberately installed by users.

For default installations and new users in general, this is unlikely to
be the case.  Conversely, chances to use `nixos-help` are even higher
in such cases.

Use w3m-nographics by default to ensure documentation is always
available.  The documentation browser on ttyS8 already does so, but is
not accessible in every installation, e.g. VMs with only ttyS0 and SSH
available.

This obsoletes including it in the base profile's systemPackages,
so remove the @TODO as done.
2019-06-09 17:11:20 +02:00
Frederik Rietdijk
d3afcac771 Merge master into staging-next 2019-06-09 12:28:52 +02:00
WilliButz
f491e94bac nixos/wireguard: add peer service to interface dependencies (#62828)
Previously each oneshot peer service only ran once and was not
restarted together with the interface unit. Because of this,
defined peers were missing after restarting their corresponding
interface unit.

Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
2019-06-09 11:51:45 +02:00
gnidorah
fe01afae42 nixos/jack: option to adjust dmix buffering (#62854) 2019-06-09 11:40:22 +02:00
Nikolay Amiantov
1d7d5d9be6
Merge pull request #62885 from abbradar/mtproxy
mtprotoproxy: init package and service
2019-06-09 12:17:41 +03:00
Nikolay Amiantov
05c1addde3 mtprotoproxy service: init 2019-06-09 11:49:03 +03:00
Izorkin
82ad143a51
nixos/zsh: move zsh setopt 2019-06-09 00:13:01 +02:00
Sarah Brofeldt
635e3b1e6f
Merge pull request #62758 from peterhoeg/f/zm
nixos/zoneminder: font files cannot be found
2019-06-08 14:36:04 +02:00
Samuel Dionne-Riel
fd0f8adaab nixos/desktop-managers/xterm: Defaults to xserver's state
This enhances #61423, which removed the gating of desktop-managers from
being linked to the xserver's state.

This, though, brought in xterm into all systems, even those without X
servers.

This change sets the *default* of the xterm desktop-manager to the state
of the xserver, keeping it enabled by default as a sane fallback.

The xterm desktop-manager can still be enabled or disabled as needed,
without it being affected by xserver's state.
2019-06-08 01:01:22 -04:00
Franz Pletz
2587df7f02
cryptsetup: enable kernel crypto api support again
This is needed for tcrypt and the benchmark subcommand. If enabled,
it is also used to unlock LUKS2 volumes and therefore the kernel modules
providing this feature need to be available in our initrd.

Fixes #42163. #54019.
2019-06-07 22:15:35 +02:00
Linus Heckemann
26317b02ae nixos/network-interfaces: always apply privacy extensions
Fixes #56306
2019-06-07 21:43:29 +02:00
Franz Pletz
3827343aec
Merge pull request #62452 from Ma27/package-wireguard-prometheus-exporter
prometheus-wireguard-exporter: init at 2.0.1
2019-06-07 16:50:39 +00:00
Maximilian Bosch
bf09e6a14e
prometheus-wireguard-exporter: init at 2.0.1
This is a simple exporter which exports the information
provided by `wg show all dump` to prometheus.

Co-authored-by: Franz Pletz <fpletz@fnordicwalking.de>
2019-06-07 17:40:44 +02:00
zimbatm
18ae1ecf03
nixos/cryptpad: add module 2019-06-07 13:02:51 +02:00
Jörg Thalheim
48bb168e26
zfs: 0.7.13 -> 0.8.0 (#62763)
zfs: 0.7.13 -> 0.8.0
2019-06-07 11:15:37 +01:00
Peter Hoeg
255550e003 nixos/systemd: enable systemd-tmpfiles-setup and -clean for user sessions 2019-06-07 14:52:46 +08:00
Graham Christensen
9d11c30cf9
Merge pull request #62779 from grahamc/containers-restart
Restart declarative containers when their host environment configuration changes
2019-06-06 12:57:23 -04:00
Graham Christensen
b2fbbad107
nixos containers: restart containers with autoStart = true when their conf changes 2019-06-06 11:57:08 -04:00
Graham Christensen
e7872cda4b
nixos containers: don't shadow config, rename to containerConfig 2019-06-06 11:57:05 -04:00
Aaron Andersen
fae95c2c82
Merge pull request #60021 from aanderse/httpd-cleanup
nixos/httpd: cleanup old apache2.2 syntax
2019-06-06 06:46:05 -04:00
Eelco Dolstra
4bb48e7f99
wireguard: Don't fail if modprobe fails
This can lead to unnecessary failures if the kernel module is already
loaded:

  Jun 06 12:38:50 chef bglisn9bz0y5403vdw9hny0ij43r41jk-unit-script-wireguard-wg0-start[13261]: modprobe: FATAL: Module wireguard not found in directory /run/booted-system/kernel-modules/lib/modules/4.19.36
2019-06-06 12:40:30 +02:00
Jörg Thalheim
11b8a5f20e
zfs: 0.7.13 -> 0.8.0
Same as zfsUnstable for the moment.
We still keep the zfsUnstable expression as we likely
need it in the near future again.
Also remove spl since it is no longer needed.
2019-06-06 10:07:43 +01:00
Peter Hoeg
527876038e nixos/zoneminder: font files cannot be found 2019-06-06 14:15:01 +08:00
Matthew Bauer
f8c12edfdf
Merge pull request #62333 from kampka/buildPackages-for-config-builders
Build packages for config builders
2019-06-05 14:47:16 -04:00
Vladimír Čunát
c0ccf42c69
Merge branch 'staging-next' into staging 2019-06-05 11:12:34 +02:00
worldofpeace
094e150804
Merge pull request #61729 from worldofpeace/geoclue/no-root
nixos/geoclue2: don't run as root
2019-06-04 23:11:34 -04:00
worldofpeace
cc5ec447a0
Merge pull request #62623 from michaelpj/fix/localtime-geoclue
localtime: set geoclue config
2019-06-04 22:36:28 -04:00
worldofpeace
87ec4fa2d1
Merge pull request #62624 from michaelpj/fix/redshift-geoclue
redshift: add geoclue config
2019-06-04 22:35:25 -04:00
danbst
f7940bb95d nixos/containers: give a name to an anonymous container module
See https://github.com/NixOS/nixpkgs/issues/15747. Previously this module was called `<unknown-file>`
in error messages, now it is called a bit more close to real:
```
module at /home/danbst/dev/nixpkgs/nixos/modules/virtualisation/containers.nix:470
```
2019-06-05 03:11:09 +03:00
Michael Peyton Jones
efbd890f99
nixos: add throttled service 2019-06-04 22:30:38 +01:00
Silvan Mosberger
08f2e282e1
nixos/deluge: add autFile, config and port options (#58552)
nixos/deluge: add autFile, config and port options
2019-06-04 23:16:06 +02:00
Matthew Bauer
22039a182e
Merge pull request #62606 from Shados/fix-62602
nixos/grub: Add defaultText for font option
2019-06-04 14:34:13 -04:00
Brice Waegeneire
2fa256bd55 nixos/deluge: add authFile, config & port options 2019-06-04 18:08:11 +02:00
WilliButz
1800e49a0b
nixos/ids: remove avahi uid/gid 2019-06-04 00:22:49 +02:00
WilliButz
49302dc593
nixos/avahi: refactor module, add option extraServiceFiles
Types are now specified for all options.
The fixed uid and gid for the avahi user have been removed
and the user avahi is now in the group avahi.
The the generic opening of the firewall for UDP port 5353 is
now optional, but still defaults to true.

The option `extraServiceFiles` was added to specify avahi
service definitions, which are then placed in `/etc/avahi/services`.
2019-06-04 00:22:48 +02:00
Bas van Dijk
f6ba5b91e8
Merge pull request #62616 from basvandijk/strongswan-5.8.0
strongswan: 5.7.2 -> 5.8.0
2019-06-03 23:43:20 +02:00
Vladimír Čunát
ee86a325dd
Merge branch 'staging-next' into staging
Conflicts (simple):
	nixos/doc/manual/release-notes/rl-1909.xml
2019-06-03 22:34:49 +02:00
Silvan Mosberger
b9ffded489
jack module: init (#57712)
jack module: init
2019-06-03 19:18:04 +02:00
Michael Peyton Jones
01d06dc35f
redshift: add geoclue config
The geoclue module now lets us set application config. This should make
it more robust in desktop environments that don't define a geoclue
agent.

Fixes #45994.
2019-06-03 18:13:21 +01:00
Michael Peyton Jones
d3a4a5bd95
localtime: set geoclue config
The geoclue module now lets us set application config. This should make
it more robust in environments that don't provide a geoclue agent.

Fixes #44725.
2019-06-03 18:12:33 +01:00
Bas van Dijk
1959799d51 strongswan: 5.7.2 -> 5.8.0 2019-06-03 18:01:55 +02:00
Maximilian Bosch
0dbdb2e21d
Merge pull request #62528 from eadwu/compton/wintypes-conflict
compton: try not to conflict wintypes
2019-06-03 15:41:37 +02:00
Andreas Rammhold
7508490770
nixos/test: remove the stateVersion statement from the test-instrumentation
We set stateVersion to `mkDefault 18.03` in
`nixos/modules/testing/test-instrumentation.nix` and in
`modules/installer/cd-dvd/installation-cd-base.nix`.

Accessing the stateVersion in the module system from within the tests
results in the following error:
> The unique option `system.stateVersion' is defined multiple times, in
> `nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-base.nix' and
> `nixpkgs/nixos/modules/testing/test-instrumentation.nix'.

There are other tests that use it as well. Namely the radicale test also
verifies behaviour between state versions is as expected. It switches a
package default value. Others switched on the state directory default.
It seems like having the timesyncd switch as part of every rendered
activationScript might cause this weird error.

Removing this line seems like a reasonable thing to do since we actually
set the default to the very same value in the module system. This line
should have been no-op besides the issue that we've two statements
setting it in this very specific case.
2019-06-03 15:05:24 +02:00
Andreas Rammhold
9077623324
nixos/misc: warn when someone is using the nixops autoLuks module
The autoLuks module is not really compatible with the updated systemd
version anymore. We started dropping NixOS specific patches that caused
unwanted side effects that we had to work around otherwise.

This change points users towards the relevant PR and spits out a bit of
information on how to deal with the situation.
2019-06-03 15:05:23 +02:00
Andreas Rammhold
024a383d64
nixos/systemd: migrate systemd-timesync state when required
Somewhen between systemd v239 and v242 upstream decided to no longer run
a few system services with `DyanmicUser=1` but failed to provide a
migration path for all the state those services left behind.

For the case of systemd-timesync the state has to be moved from
/var/lib/private/systemd/timesync to /var/lib/systemd/timesync if
/var/lib/systemd/timesync is currently a symlink.

We only do this if the stateVersion is still below 19.09 to avoid
starting to have an ever growing activation script for (then) ancient
systemd migrations that are no longer required.

See https://github.com/systemd/systemd/issues/12131 for details about
the missing migration path and related discussion.
2019-06-03 15:05:19 +02:00
Andreas Rammhold
1b7b1dbe2f
nixos/networkd: rename GatewayOnlink to GatewayOnLink
This follows upstreams renaming of the option [1].

[1] 9cb8c55934
2019-06-03 15:05:17 +02:00
Andreas Rammhold
d600da7045
nixos/networkd: use the route section for default routes
With systemd v242 using the `Gateway` attribute of the `[Network]`
section will lead to "onlink" routes on all the device that are matched
by the default configuration (typically all devices) causing multiple
default routes (even on localhost).

We can only avoid that - while keeping our default route option - when
we mark the route as explicitly not on link. Only gateways that are
within a subnet of one of the assigned interface addresses will be
installed into the routing table.
2019-06-03 15:05:16 +02:00
Andreas Rammhold
a32cd7d84a
nixos/networkd: use no instead of none for DHCP= option
systemd has deprecated the use of `none` and recommends using `no`
instead.
2019-06-03 15:05:15 +02:00
Andreas Rammhold
1f03f6fc43
nixos/udev: switch networking.usePredicatableInterfaceNames to a kernel param
The udev rules we are shipping no longer work with systemd v242 and were
remove upstream some time ago. It seems like the entire renaming is now
done in C and not in the udev rules.
2019-06-03 15:05:12 +02:00
Jörg Thalheim
2a0f85d882
nixos/os-release: add documentation url 2019-06-03 15:05:10 +02:00
Jörg Thalheim
e8e1dc71c5
Merge pull request #62529 from danieldk/remove-btsync-module
nixos/btsync: remove
2019-06-03 13:21:58 +01:00
Alexei Robyn
fd9dec7177 nixos/grub: Add defaultText for font option
Fixes #62602.
2019-06-03 22:19:44 +10:00
Nikolay Amiantov
fa2e4bfb61 nixos/systemd-boot: don't remove directories from EFI dir
This will only result in an error. These directories might be created by, for example, fwupdmgr.
2019-06-03 11:55:48 +03:00
Daniël de Kok
c619bbbbef nixos/btsync: remove
Remove the btsync module. Bittorrent Sync was renamed to Resilio Sync in
2016, which is supported by the resilio module. Since Resilio Sync had
some security updates since 2016, it is not safe to run Bittorrent Sync
anymore.
2019-06-03 09:16:13 +02:00
worldofpeace
c6748ef63f
Merge pull request #61746 from abbradar/gnome-pa
nixos/gdm: use Fedora's PulseAudio configuration
2019-06-02 18:16:04 -04:00