Daniel Fullmer
d7e3312ab1
qemu-vm: split EFI NVRAM into CODE and VARS
2020-07-06 12:08:41 -07:00
Daniel Fullmer
b278a7d75a
nixos/systemd-boot: test for EFI boot entry
2020-07-06 12:07:50 -07:00
Daniel Fullmer
4d14826825
qemu-vm: allow bootloader to set EFI vars
...
Without this, systemd-boot does not add an EFI boot entry for itself.
The reason it worked before this fix is because it would fall back to
the default installed \EFI\BOOT\BOOTX64.EFI
2020-07-06 12:07:49 -07:00
Timo Kaufmann
ed72058658
Merge pull request #85023 from symphorien/update-ihatemony
...
python3Packages.ihatemoney: 4.1 -> 4.2
2020-07-06 19:24:01 +02:00
Symphorien Gibol
2b0cfa48ab
remove workaround for uwsgi < 2.0.19
2020-07-06 18:35:35 +02:00
Symphorien Gibol
2e342f4c59
nixos/tests/ihatemoney: fix
2020-07-06 18:35:34 +02:00
Symphorien Gibol
3603c4e163
nixos/ihatemoney: work around bug in uwsgi
...
happens when dowbloading csv reports
2020-07-06 18:35:21 +02:00
Symphorien Gibol
7971042b20
nixos/tests/ihatemoney: fix
2020-07-06 18:35:20 +02:00
Imran Hossain
9b80955720
nixos/tests: Add rclone repository to restic test
2020-07-06 10:30:43 -04:00
Imran Hossain
7dd656a037
nixos/restic: Add options for rclone repositories
2020-07-06 10:27:55 -04:00
Aaron Andersen
5cecdd145b
Merge pull request #91042 from datafoo/fix-issue-86184
...
nixos/acme: execute a single lego command
2020-07-06 07:26:05 -04:00
Robert Hensing
581937d380
Merge pull request #92255 from utdemir/stream_layered_image_fixes
...
dockerTools: Support files directly under /nix/store
2020-07-06 10:12:26 +02:00
Utku Demir
06db331922
dockerTools: Verify nix-store contents on buildLayeredImage test
2020-07-06 16:59:58 +12:00
Eric Wolf
8af58eda12
postfix: Add submissions option for postfix and test ( #91691 )
...
RFC 8314 suggests, for end user submission of
mails, SMTP over TLS on port 465 should be used.
Closes #91690
2020-07-06 03:37:56 +02:00
Benjamin Hipple
152a29fef8
Merge pull request #77557 from c0deaddict/feature/nginx-sso-package-option
...
nixos/nginx.sso: add package option
2020-07-05 21:24:22 -04:00
Benjamin Hipple
1e835d98c5
Merge pull request #89498 from 0x4A6F/master-xandikos
...
xandikos: 0.1.0 -> 0.2.2
2020-07-05 20:04:50 -04:00
Benjamin Hipple
f688b2b421
Merge pull request #91979 from zowoq/runc
...
runc: 1.0.0-rc90 -> 1.0.0-rc91
2020-07-05 19:39:18 -04:00
Matthew Bauer
c34507d795
Merge pull request #90431 from euank/nixos-install-warn
...
nixos-install: error out if $mountPoint has bad permissions
2020-07-05 18:55:43 -04:00
Fabian Möller
de00fa1041
nixos/manual: Fix invalid link reference in release notes
2020-07-05 18:01:00 +02:00
Vincent Breitmoser
6d52e2e897
nixos/nix-daemon: mention potential breakage in release notes
2020-07-05 16:53:38 +02:00
Vincent Breitmoser
5395397fd6
nixos/nix-daemon: work on buildMachines submodule
2020-07-05 16:51:55 +02:00
John Ericson
1ed248eac2
nixos/nix-daemon: Organize buildMachine options with a submodule
2020-07-05 16:51:55 +02:00
Benjamin Asbach
632104e5a4
postfix: deprecated sslCACert
in favour of tlsTrustedAuthorities
...
`sslCACert` was used for trust store of client and server certificates. Since `smtpd_tls_ask_ccert` defaults to no the setup of `smtpd_tls_CApath` was removed.
>By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty.
see http://www.postfix.org/postconf.5.html#smtpd_tls_CAfile
2020-07-05 14:53:34 +02:00
Benjamin Asbach
9d697837f0
postfix: used recommended configuration key to enable tls
...
> With Postfix 2.3 and later use smtp_tls_security_level instead.
http://www.postfix.org/postconf.5.html#smtp_use_tls
2020-07-05 14:50:40 +02:00
Lassulus
e0f07f9b8d
Merge pull request #63165 from CRTified/module/initrd-ovpn
...
nixos/system/boot/initrd-openvpn: New openvpn options for initrd
2020-07-05 14:32:52 +02:00
Jan Tojnar
07cebeffb8
Merge pull request #86473 from bachp/virtualbox-vmsvga
2020-07-05 04:11:44 +02:00
worldofpeace
d3a40e7cfc
Merge pull request #92270 from samuelgrf/fix/whether-typo
...
nixos/*: fix misspellings of whether
2020-07-04 09:34:28 -04:00
Samuel Gräfenstein
5bb0b72720
nixos/*: wheter -> whether
2020-07-04 15:20:41 +02:00
Samuel Gräfenstein
850d7d1790
nixos/*: wether -> whether
2020-07-04 15:17:03 +02:00
Niklas Hambüchen
7c903ca1d2
Merge pull request #92205 from chkno/qemu-vm-cleanup
...
qemu-vm device name cleanup
2020-07-04 15:08:52 +02:00
Niklas Hambüchen
5b16d4c9ce
qemu-vm.nix: Fix device name hardcodes on useBootLoader
.
...
boot.loader.grub.device` was hardcoded to `bootDevice`, which is
wrong, because that's the device for `/`, and with `useBootLoader`
the boot loader is not on that device.
This bug probably came into existence because of bad naming;
`virtualisation.bootDevice` has description
"The disk to be used for the root filesystem", which is very confusing;
it should be `.rootDevice` then!
Unfortunately, the description is right and the attribute name is wrong,
so it is not easy to change this without deprecation.
This commit ensures that even if you use `useBootLoader` and
`diskInterface == "scsi"`, the created VM can boot through, and can run
`nixos-rebuild afterwards.
It also adds extra commentary to explain what's going on in this module
in general in relation to `useBootLoader`.
2020-07-04 14:47:36 +02:00
Niklas Hambüchen
2fa351b6a5
qemu-vm.nix: Do not mount /boot
read-only.
...
There does not seem to be a good reason to do this, and it breaks running
`nixos-rebuild boot --install-bootloader` inside the VM.
2020-07-04 14:44:33 +02:00
Chuck
e74755c422
nixos/qemu-vm: Don't assume boot drive is always vdb
2020-07-04 14:40:42 +02:00
rnhmjoj
c37347af7e
nixos/users-groups: handle password hashes with special meaning
2020-07-04 12:21:49 +02:00
rnhmjoj
99899e2e46
nixos/users-groups: add assertion for ":" in hashes
2020-07-04 12:21:49 +02:00
rnhmjoj
751c2ed6e4
nixos/users-groups: do not check validity of empty hashes
2020-07-04 12:21:49 +02:00
rnhmjoj
900ae97569
nixos/users-groups: clearly document special hash values
...
This explanation was contained in the description of
security.initialRootPassword but got lost when it was deprecated
a long ago (f496c3c
) and removed.
2020-07-04 12:21:48 +02:00
rnhmjoj
a6ed7d4845
nixos/users-groups: remove ancient security.initialRootPassword option
...
This option has been deprecated for a long time because is redundant
(users.users.root.initialHashedPassword exists).
Moreover, being of type string, it required to handle the special value
"!" separately, instead of using just `null`.
2020-07-04 12:14:37 +02:00
Utku Demir
cc46362929
dockerTools: Support files directly under /nix/store
...
Also makes sure that the files inside a layer added in a sorted order
to make the results more deterministic.
2020-07-04 22:00:57 +12:00
Jörg Thalheim
b2aa673d5a
nixos: fix manual build
...
https://github.com/NixOS/nixpkgs/pull/92240#issuecomment-653740926
2020-07-04 10:23:25 +01:00
Jörg Thalheim
81aeaeb252
Merge pull request #92240 from nh2/better-empty-password-docs
...
docs: Explain how to set password-less logins.
2020-07-04 07:24:37 +01:00
Chuck
a5e211dd7f
nixos/qemu-vm: Generalize drive naming
2020-07-03 19:36:45 -07:00
Niklas Hambüchen
06b8b96500
docs: Explain how to set password-less logins.
...
This explains the
# Allow the user to log in as root without a password.
users.users.root.initialHashedPassword = "";
that the NixOS installer live systems use in
`profiles/installation-device.nix`.
2020-07-04 02:05:03 +02:00
Pascal Bach
3e7d650bcc
nixos/unifi: restart service on package update
...
Currently the service doesn't detect if on of the packages is updated
and doesn't restart.
By manually adding a trigger we make sure the service restarts if any of
the involved packages update.
2020-07-03 22:34:29 +02:00
Chuck
800639f287
nixos/qemu-vm: Refactor: Combine duplicate disk definitions
2020-07-03 11:31:43 -07:00
Peter Hoeg
8bc7721fb1
Merge pull request #91765 from asdf8dfafjk/onedrive_module
...
nixos/onedrive: init
2020-07-03 10:08:42 +08:00
Graham Christensen
9d335706a0
Merge pull request #92092 from ElvishJerricco/zfs-encryption-systemd-ask-password
...
ZFS: Update description for requestEncryptionCredentials
2020-07-02 17:25:53 -04:00
Will Fancher
b5f7b79a2d
ZFS: Update description for requestEncryptionCredentials
2020-07-02 16:08:50 -04:00
Graham Christensen
105e63469d
Merge pull request #91344 from ElvishJerricco/zfs-encryption-systemd-ask-password
...
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
2020-07-02 14:15:18 -04:00
Will Fancher
e2f1594695
ZFS: Set IFS=$'\t' for the read command in stage 2 load-key
...
Co-authored-by: Graham Christensen <graham@grahamc.com>
2020-07-02 13:50:29 -04:00
Will Fancher
05f8cba1b6
ZFS: Pipe /dev/null into the stage 2 load-key script
...
Just in case something reads stdin, so that `while read ds kl` doesn't
miss anything
2020-07-02 13:50:28 -04:00
Will Fancher
c128229dce
plymouth: Enable systemd-ask-password-plymouth
2020-07-02 13:50:23 -04:00
zowoq
f1cf202dbb
nixos/podman: restrict test to x86_64-linux
2020-07-03 00:17:15 +10:00
Markus Kowalewski
61fceac1bb
nixos/slurm: add pmix to test and cleanup test
...
* use tmpfiles to create key for munge
* add mpitest source
* add a subtest for PMIx/MPI startup
2020-07-02 15:39:47 +02:00
Konrad Förstner
7ec38adfdc
nixos/doc/manual: Fix parted's set subcommand for esp partition
...
With 'set 3 boot on' the error 'file system "/boot" is not a FAT EFI
system partition (ESP) file system' occurs when running
"nixos-install" during the basic installation (tested in in a
VirtualBox VM).
2020-07-02 08:40:01 +02:00
Samuel Dionne-Riel
736c7ca712
Merge pull request #82718 from misuzu/armv7l-ext4-fs-fix
...
nixos/lib/make-ext4-fs: use mkfs.ext4 instead of cptofs
2020-07-01 21:38:07 -04:00
Vincent Ambo
c0122d335b
nixos/openldap: add option for configuring OpenLDAP package to use
...
In certain cases, for example when custom OpenLDAP modules are
compiled into the binary, users may want to override the package used
for OpenLDAP.
This is especially common in setups where LDAP is the primary
authentication source, as good password hashing mechanisms need to be
enabled as extra modules.
2020-07-01 20:49:04 +01:00
misuzu
9ac1ab10c9
nixos/lib/make-ext4-fs: use mkfs.ext4 instead of cptofs
...
This fixes image creation on armv7l when image is bigger than 2G.
Also fix some reproducibility issues and other cptofs issues.
2020-07-01 11:32:28 +03:00
Michele Guerini Rocco
dab676b2d7
Merge pull request #65231 from buckley310/grub-password
...
grub: add support for passwords
2020-07-01 09:04:30 +02:00
Alexandre Esteves
e10e7d6a8b
testing-python: fix typo
2020-06-30 22:31:32 -05:00
CRTified
c684398c6a
nixos/system/boot/initrd-openvpn: Add openvpn options for initrd
...
nixos/tests/initrd-openvpn: Add test for openvpn in the initramfs
The module in this commit adds new options that allows the
integration of an OpenVPN client into the initrd.
This can be used e.g. to remotely unlock LUKS devices.
This commit also adds two tests for `boot.initrd.network.openvpn`.
The first one is a basic test to validate that a failing connection
does not prevent the machine from booting.
The second test validates that this module actually creates a valid
openvpn connection.
For this, it spawns three nodes:
- The client that uses boot.initrd.network.openvpn
- An OpenVPN server that acts as gateway and forwards a port
to the client
- A node that is external to the OpenVPN network
The client connects to the OpenVPN server and spawns a netcat instance
that echos a value to every client.
Afterwards, the external node checks if it receives this value over the
forwarded port on the OpenVPN gateway.
2020-07-01 00:08:55 +02:00
Profpatsch
1c04554e4b
lorri: 1.0 -> 1.1
2020-06-30 17:12:03 +02:00
Michele Guerini Rocco
5abeb133de
Merge pull request #91794 from rnhmjoj/fish-mandb
...
nixos/fish: enable man cache generation
2020-06-30 13:43:22 +02:00
Lancelot SIX
a3db82fe45
Merge pull request #91756 from JJJollyjim/fix-graphite-web-patch
...
graphite-web: fix patch
2020-06-30 08:26:35 +01:00
rnhmjoj
5b59329234
nixos/fish: enable man cache generation
2020-06-29 22:28:32 +02:00
_
a3b0864bb0
nixos/onedrive: init
2020-06-29 19:56:41 +05:30
misuzu
fc9f994ee5
nixos/gitlab-runner: add more global options ( #86946 )
2020-06-29 13:35:21 +00:00
Jamie McClymont
3f31678607
nixos/graphite: ensure graphite-api is properly tested
...
Until now, it was failing to start in the test, as it was searching for an
influxdb database
2020-06-29 22:04:23 +12:00
Jamie McClymont
3c8762de8e
nixos/graphite: unmark test as broken
2020-06-29 21:42:29 +12:00
Florian Klink
aed85b7279
Merge pull request #85223 from arianvp/acme-fix-nginx-after
...
nixos/acme: Fix ordering of certificate requests (#81482 )
2020-06-29 10:17:25 +02:00
Linus Heckemann
5b8b201e44
Revert "traefik: unify TOML generation"
...
This reverts commit a5e6901702
.
yj doesn't distinguish floats and ints, which breaks some configs.
2020-06-29 09:34:41 +02:00
Florian Klink
9e248c9ec9
Merge pull request #91046 from NinjaTrappeur/nin-delete-vm-state
...
test-driver.py: delete VM state directory after test run
2020-06-28 18:41:38 +02:00
Robert Schütz
595a3d14b7
Merge pull request #91168 from dotlambda/radicale-3.0.3
...
radicale: 2.1.11 -> 3.0.3
2020-06-28 12:48:56 +02:00
Maximilian Bosch
d651626eb9
Merge pull request #91545 from Frostman/docker-19.03.12
...
docker: 19.03.11 -> 19.03.12
2020-06-27 16:01:11 +02:00
Graham Christensen
38060ee399
Merge pull request #91666 from Atemu/undervolt-warning
...
undervolt: clarify that the service is unofficial
2020-06-27 08:39:55 -04:00
Atemu
2c7402b54d
undervolt: clarify that the service is unofficial
...
The original warning almost made it sound like the service was made by or
somehow connected to Intel which is not the case
2020-06-27 14:21:58 +02:00
Sergey Lukjanov
afc8bd6a7b
docker: use git tags instead of revs
2020-06-26 14:55:52 -07:00
Christoph Hrdinka
b2655b6a34
Merge pull request #91514 from NinjaTrappeur/nin-fix-nsdconf
...
nixos/nsd: symlink conf file to /etc/nsd
2020-06-26 23:24:30 +02:00
Marek Mahut
bb7c60708a
Merge pull request #91497 from 1000101/blockbook
...
nixos/blockbook-frontend: init
2020-06-26 21:17:36 +02:00
Félix Baylac-Jacqué
7020dc8eac
nixos/nsd: symlink conf file to /etc/nsd
...
We remove the configFile build flag override in the NixOS module.
Instead of embedding the conf file link to the binaries, we symlink it
to /etc/nsd/nsd.nix, the hardcoded config file location for the
various CLI nsd utilities.
This config file build option override is triggerring a nsd rebuild
for each configuration change. This prevent us to use the nixos cache
in many cases.
Co-authored-by: Erjo <erjo@cocoba.work>
2020-06-26 20:18:33 +02:00
Niklas Hambüchen
5c5f7a22fe
Merge pull request #90701 from nh2/issue-90613-fix-consul-reboot-test
...
consul.passthru.tests: Fix failure on current consul versions, add more tests
2020-06-26 19:40:10 +02:00
Marek Mahut
31cd000bb6
Merge pull request #91613 from 1000101/1000101
...
maintainers: fix previously uncaught name issues
2020-06-26 17:12:34 +02:00
1000101
6c3b36212a
maintainers: fix previously uncaught name issues
2020-06-26 16:38:27 +02:00
1000101
c6d346b323
nixos/blockbook-frontend: add tests
2020-06-26 16:16:49 +02:00
1000101
de3c56ffd8
nixos/blockbook-frontend: init
2020-06-26 16:16:49 +02:00
zowoq
a8efeed583
Merge pull request #91138 from zowoq/podman
...
podman: 1.9.3 -> 2.0.1
2020-06-26 12:14:22 +10:00
zowoq
29b75dc074
Merge pull request #91458 from mdlayher/mdl-corerad-0.2.7
...
corerad: 0.2.6 -> 0.2.7
2020-06-26 09:45:59 +10:00
zowoq
e89446656d
nixos/{podman,containers}: libpod.conf -> containers.conf
2020-06-26 08:09:36 +10:00
zowoq
033ba9c73d
nixos/podman: use cgroupfs for rootless crun test
2020-06-26 08:09:36 +10:00
Frederik Rietdijk
bef20b38ef
Merge master into staging-next
2020-06-25 13:48:05 +02:00
Kim Lindberger
c00bf081d9
Merge pull request #88940 from stigtsp/package/convos-init
...
convos: init at 4.22
2020-06-25 09:32:33 +02:00
Matt Layher
09f0d65317
nixos/corerad: set systemd unit Type=notify
...
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-24 22:09:20 -04:00
Timo Kaufmann
41ba255e23
Merge pull request #77982 from symphorien/sshl_ipv6
...
nixos/sslh: make it possible (and the default) to listen on ipv6, plus regression test
2020-06-24 22:13:19 +02:00
Frederik Rietdijk
16287a8cb8
Merge master into staging-next
2020-06-24 19:04:03 +02:00
rnhmjoj
33c4a4bdd5
nixos/tests: add test for grub authentication
2020-06-24 10:22:53 +02:00
rnhmjoj
b520055df6
nixos/lib/test-driver: add wait_for_console_text
...
This method is similar to wait_for_text but is based on matching
serial console lines instead of the VGA output.
2020-06-24 10:22:53 +02:00
Fabian Möller
c07a6f8743
nixos/generic-extlinux-compatible: fix docbook syntax
2020-06-23 20:51:02 +02:00
Vladimír Čunát
64cf1e79dd
Merge #91363 : small treewide: his -> theirs/its
2020-06-23 19:11:13 +02:00
Sean Buckley
37ec7c488a
grub: add support for passwords
...
This patch adds support for user accounts/passwords in GRUB 2.
When configured, everything but the default option is password-protected.
2020-06-23 19:01:43 +02:00
Florian Klink
d227d81c9a
Merge pull request #91195 from flokli/extlinux-conf-builder-dtbname
...
extlinux-conf-builder: expose and use base builder command, allow a custom FDT to be specified
2020-06-23 18:07:31 +02:00