Commit Graph

17762 Commits

Author SHA1 Message Date
Daniel Fullmer
d7e3312ab1 qemu-vm: split EFI NVRAM into CODE and VARS 2020-07-06 12:08:41 -07:00
Daniel Fullmer
b278a7d75a nixos/systemd-boot: test for EFI boot entry 2020-07-06 12:07:50 -07:00
Daniel Fullmer
4d14826825 qemu-vm: allow bootloader to set EFI vars
Without this, systemd-boot does not add an EFI boot entry for itself.
The reason it worked before this fix is because it would fall back to
the default installed \EFI\BOOT\BOOTX64.EFI
2020-07-06 12:07:49 -07:00
Timo Kaufmann
ed72058658
Merge pull request #85023 from symphorien/update-ihatemony
python3Packages.ihatemoney: 4.1 -> 4.2
2020-07-06 19:24:01 +02:00
Symphorien Gibol
2b0cfa48ab remove workaround for uwsgi < 2.0.19 2020-07-06 18:35:35 +02:00
Symphorien Gibol
2e342f4c59 nixos/tests/ihatemoney: fix 2020-07-06 18:35:34 +02:00
Symphorien Gibol
3603c4e163 nixos/ihatemoney: work around bug in uwsgi
happens when dowbloading csv reports
2020-07-06 18:35:21 +02:00
Symphorien Gibol
7971042b20 nixos/tests/ihatemoney: fix 2020-07-06 18:35:20 +02:00
Imran Hossain
9b80955720 nixos/tests: Add rclone repository to restic test 2020-07-06 10:30:43 -04:00
Imran Hossain
7dd656a037 nixos/restic: Add options for rclone repositories 2020-07-06 10:27:55 -04:00
Aaron Andersen
5cecdd145b
Merge pull request #91042 from datafoo/fix-issue-86184
nixos/acme: execute a single lego command
2020-07-06 07:26:05 -04:00
Robert Hensing
581937d380
Merge pull request #92255 from utdemir/stream_layered_image_fixes
dockerTools: Support files directly under /nix/store
2020-07-06 10:12:26 +02:00
Utku Demir
06db331922
dockerTools: Verify nix-store contents on buildLayeredImage test 2020-07-06 16:59:58 +12:00
Eric Wolf
8af58eda12
postfix: Add submissions option for postfix and test (#91691)
RFC 8314 suggests, for end user submission of
mails, SMTP over TLS on port 465 should be used.

Closes #91690
2020-07-06 03:37:56 +02:00
Benjamin Hipple
152a29fef8
Merge pull request #77557 from c0deaddict/feature/nginx-sso-package-option
nixos/nginx.sso: add package option
2020-07-05 21:24:22 -04:00
Benjamin Hipple
1e835d98c5
Merge pull request #89498 from 0x4A6F/master-xandikos
xandikos: 0.1.0 -> 0.2.2
2020-07-05 20:04:50 -04:00
Benjamin Hipple
f688b2b421
Merge pull request #91979 from zowoq/runc
runc: 1.0.0-rc90 -> 1.0.0-rc91
2020-07-05 19:39:18 -04:00
Matthew Bauer
c34507d795
Merge pull request #90431 from euank/nixos-install-warn
nixos-install: error out if $mountPoint has bad permissions
2020-07-05 18:55:43 -04:00
Fabian Möller
de00fa1041
nixos/manual: Fix invalid link reference in release notes 2020-07-05 18:01:00 +02:00
Vincent Breitmoser
6d52e2e897 nixos/nix-daemon: mention potential breakage in release notes 2020-07-05 16:53:38 +02:00
Vincent Breitmoser
5395397fd6 nixos/nix-daemon: work on buildMachines submodule 2020-07-05 16:51:55 +02:00
John Ericson
1ed248eac2 nixos/nix-daemon: Organize buildMachine options with a submodule 2020-07-05 16:51:55 +02:00
Benjamin Asbach
632104e5a4 postfix: deprecated sslCACert in favour of tlsTrustedAuthorities
`sslCACert` was used for trust store of client and server certificates. Since `smtpd_tls_ask_ccert` defaults to no the setup of `smtpd_tls_CApath` was removed.

>By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty.
see http://www.postfix.org/postconf.5.html#smtpd_tls_CAfile
2020-07-05 14:53:34 +02:00
Benjamin Asbach
9d697837f0 postfix: used recommended configuration key to enable tls
> With Postfix 2.3 and later use smtp_tls_security_level instead.

http://www.postfix.org/postconf.5.html#smtp_use_tls
2020-07-05 14:50:40 +02:00
Lassulus
e0f07f9b8d
Merge pull request #63165 from CRTified/module/initrd-ovpn
nixos/system/boot/initrd-openvpn: New openvpn options for initrd
2020-07-05 14:32:52 +02:00
Jan Tojnar
07cebeffb8
Merge pull request #86473 from bachp/virtualbox-vmsvga 2020-07-05 04:11:44 +02:00
worldofpeace
d3a40e7cfc
Merge pull request #92270 from samuelgrf/fix/whether-typo
nixos/*: fix misspellings of whether
2020-07-04 09:34:28 -04:00
Samuel Gräfenstein
5bb0b72720
nixos/*: wheter -> whether 2020-07-04 15:20:41 +02:00
Samuel Gräfenstein
850d7d1790
nixos/*: wether -> whether 2020-07-04 15:17:03 +02:00
Niklas Hambüchen
7c903ca1d2
Merge pull request #92205 from chkno/qemu-vm-cleanup
qemu-vm device name cleanup
2020-07-04 15:08:52 +02:00
Niklas Hambüchen
5b16d4c9ce qemu-vm.nix: Fix device name hardcodes on useBootLoader.
boot.loader.grub.device` was hardcoded to `bootDevice`, which is
wrong, because that's the device for `/`, and with `useBootLoader`
the boot loader is not on that device.

This bug probably came into existence because of bad naming;
`virtualisation.bootDevice` has description
"The disk to be used for the root filesystem", which is very confusing;
it should be `.rootDevice` then!
Unfortunately, the description is right and the attribute name is wrong,
so it is not easy to change this without deprecation.

This commit ensures that even if you use `useBootLoader` and
`diskInterface == "scsi"`, the created VM can boot through, and can run
`nixos-rebuild afterwards.

It also adds extra commentary to explain what's going on in this module
in general in relation to `useBootLoader`.
2020-07-04 14:47:36 +02:00
Niklas Hambüchen
2fa351b6a5 qemu-vm.nix: Do not mount /boot read-only.
There does not seem to be a good reason to do this, and it breaks running
`nixos-rebuild boot --install-bootloader` inside the VM.
2020-07-04 14:44:33 +02:00
Chuck
e74755c422 nixos/qemu-vm: Don't assume boot drive is always vdb 2020-07-04 14:40:42 +02:00
rnhmjoj
c37347af7e
nixos/users-groups: handle password hashes with special meaning 2020-07-04 12:21:49 +02:00
rnhmjoj
99899e2e46
nixos/users-groups: add assertion for ":" in hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
751c2ed6e4
nixos/users-groups: do not check validity of empty hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
900ae97569
nixos/users-groups: clearly document special hash values
This explanation was contained in the description of
security.initialRootPassword but got lost when it was deprecated
a long ago (f496c3c) and removed.
2020-07-04 12:21:48 +02:00
rnhmjoj
a6ed7d4845
nixos/users-groups: remove ancient security.initialRootPassword option
This option has been deprecated for a long time because is redundant
(users.users.root.initialHashedPassword exists).
Moreover, being of type string, it required to handle the special value
"!" separately, instead of using just `null`.
2020-07-04 12:14:37 +02:00
Utku Demir
cc46362929
dockerTools: Support files directly under /nix/store
Also makes sure that the files inside a layer added in a sorted order
to make the results more deterministic.
2020-07-04 22:00:57 +12:00
Jörg Thalheim
b2aa673d5a
nixos: fix manual build
https://github.com/NixOS/nixpkgs/pull/92240#issuecomment-653740926
2020-07-04 10:23:25 +01:00
Jörg Thalheim
81aeaeb252
Merge pull request #92240 from nh2/better-empty-password-docs
docs: Explain how to set password-less logins.
2020-07-04 07:24:37 +01:00
Chuck
a5e211dd7f nixos/qemu-vm: Generalize drive naming 2020-07-03 19:36:45 -07:00
Niklas Hambüchen
06b8b96500 docs: Explain how to set password-less logins.
This explains the

    # Allow the user to log in as root without a password.
    users.users.root.initialHashedPassword = "";

that the NixOS installer live systems use in
`profiles/installation-device.nix`.
2020-07-04 02:05:03 +02:00
Pascal Bach
3e7d650bcc nixos/unifi: restart service on package update
Currently the service doesn't detect if on of the packages is updated
and doesn't restart.

By manually adding a trigger we make sure the service restarts if any of
the involved packages update.
2020-07-03 22:34:29 +02:00
Chuck
800639f287 nixos/qemu-vm: Refactor: Combine duplicate disk definitions 2020-07-03 11:31:43 -07:00
Peter Hoeg
8bc7721fb1
Merge pull request #91765 from asdf8dfafjk/onedrive_module
nixos/onedrive: init
2020-07-03 10:08:42 +08:00
Graham Christensen
9d335706a0
Merge pull request #92092 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Update description for requestEncryptionCredentials
2020-07-02 17:25:53 -04:00
Will Fancher
b5f7b79a2d ZFS: Update description for requestEncryptionCredentials 2020-07-02 16:08:50 -04:00
Graham Christensen
105e63469d
Merge pull request #91344 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
2020-07-02 14:15:18 -04:00
Will Fancher
e2f1594695 ZFS: Set IFS=$'\t' for the read command in stage 2 load-key
Co-authored-by: Graham Christensen <graham@grahamc.com>
2020-07-02 13:50:29 -04:00
Will Fancher
05f8cba1b6 ZFS: Pipe /dev/null into the stage 2 load-key script
Just in case something reads stdin, so that `while read ds kl` doesn't
miss anything
2020-07-02 13:50:28 -04:00
Will Fancher
c128229dce plymouth: Enable systemd-ask-password-plymouth 2020-07-02 13:50:23 -04:00
zowoq
f1cf202dbb nixos/podman: restrict test to x86_64-linux 2020-07-03 00:17:15 +10:00
Markus Kowalewski
61fceac1bb
nixos/slurm: add pmix to test and cleanup test
* use tmpfiles to create key for munge
* add mpitest source
* add a subtest for PMIx/MPI startup
2020-07-02 15:39:47 +02:00
Konrad Förstner
7ec38adfdc nixos/doc/manual: Fix parted's set subcommand for esp partition
With 'set 3 boot on' the error 'file system "/boot" is not a FAT EFI
system partition (ESP) file system' occurs when running
"nixos-install" during the basic installation (tested in in a
VirtualBox VM).
2020-07-02 08:40:01 +02:00
Samuel Dionne-Riel
736c7ca712
Merge pull request #82718 from misuzu/armv7l-ext4-fs-fix
nixos/lib/make-ext4-fs: use mkfs.ext4 instead of cptofs
2020-07-01 21:38:07 -04:00
Vincent Ambo
c0122d335b nixos/openldap: add option for configuring OpenLDAP package to use
In certain cases, for example when custom OpenLDAP modules are
compiled into the binary, users may want to override the package used
for OpenLDAP.

This is especially common in setups where LDAP is the primary
authentication source, as good password hashing mechanisms need to be
enabled as extra modules.
2020-07-01 20:49:04 +01:00
misuzu
9ac1ab10c9 nixos/lib/make-ext4-fs: use mkfs.ext4 instead of cptofs
This fixes image creation on armv7l when image is bigger than 2G.
Also fix some reproducibility issues and other cptofs issues.
2020-07-01 11:32:28 +03:00
Michele Guerini Rocco
dab676b2d7
Merge pull request #65231 from buckley310/grub-password
grub: add support for passwords
2020-07-01 09:04:30 +02:00
Alexandre Esteves
e10e7d6a8b
testing-python: fix typo 2020-06-30 22:31:32 -05:00
CRTified
c684398c6a nixos/system/boot/initrd-openvpn: Add openvpn options for initrd
nixos/tests/initrd-openvpn: Add test for openvpn in the initramfs

The module in this commit adds new options that allows the
integration of an OpenVPN client into the initrd.
This can be used e.g. to remotely unlock LUKS devices.

This commit also adds two tests for `boot.initrd.network.openvpn`.
The first one is a basic test to validate that a failing connection
does not prevent the machine from booting.

The second test validates that this module actually creates a valid
openvpn connection.
For this, it spawns three nodes:

  - The client that uses boot.initrd.network.openvpn
  - An OpenVPN server that acts as gateway and forwards a port
    to the client
  - A node that is external to the OpenVPN network

The client connects to the OpenVPN server and spawns a netcat instance
that echos a value to every client.
Afterwards, the external node checks if it receives this value over the
forwarded port on the OpenVPN gateway.
2020-07-01 00:08:55 +02:00
Profpatsch
1c04554e4b lorri: 1.0 -> 1.1 2020-06-30 17:12:03 +02:00
Michele Guerini Rocco
5abeb133de
Merge pull request #91794 from rnhmjoj/fish-mandb
nixos/fish: enable man cache generation
2020-06-30 13:43:22 +02:00
Lancelot SIX
a3db82fe45
Merge pull request #91756 from JJJollyjim/fix-graphite-web-patch
graphite-web: fix patch
2020-06-30 08:26:35 +01:00
rnhmjoj
5b59329234
nixos/fish: enable man cache generation 2020-06-29 22:28:32 +02:00
_
a3b0864bb0 nixos/onedrive: init 2020-06-29 19:56:41 +05:30
misuzu
fc9f994ee5
nixos/gitlab-runner: add more global options (#86946) 2020-06-29 13:35:21 +00:00
Jamie McClymont
3f31678607 nixos/graphite: ensure graphite-api is properly tested
Until now, it was failing to start in the test, as it was searching for an
influxdb database
2020-06-29 22:04:23 +12:00
Jamie McClymont
3c8762de8e nixos/graphite: unmark test as broken 2020-06-29 21:42:29 +12:00
Florian Klink
aed85b7279
Merge pull request #85223 from arianvp/acme-fix-nginx-after
nixos/acme: Fix ordering of certificate requests (#81482)
2020-06-29 10:17:25 +02:00
Linus Heckemann
5b8b201e44 Revert "traefik: unify TOML generation"
This reverts commit a5e6901702.

yj doesn't distinguish floats and ints, which breaks some configs.
2020-06-29 09:34:41 +02:00
Florian Klink
9e248c9ec9
Merge pull request #91046 from NinjaTrappeur/nin-delete-vm-state
test-driver.py: delete VM state directory after test run
2020-06-28 18:41:38 +02:00
Robert Schütz
595a3d14b7
Merge pull request #91168 from dotlambda/radicale-3.0.3
radicale: 2.1.11 -> 3.0.3
2020-06-28 12:48:56 +02:00
Maximilian Bosch
d651626eb9
Merge pull request #91545 from Frostman/docker-19.03.12
docker: 19.03.11 -> 19.03.12
2020-06-27 16:01:11 +02:00
Graham Christensen
38060ee399
Merge pull request #91666 from Atemu/undervolt-warning
undervolt: clarify that the service is unofficial
2020-06-27 08:39:55 -04:00
Atemu
2c7402b54d undervolt: clarify that the service is unofficial
The original warning almost made it sound like the service was made by or
somehow connected to Intel which is not the case
2020-06-27 14:21:58 +02:00
Sergey Lukjanov
afc8bd6a7b docker: use git tags instead of revs 2020-06-26 14:55:52 -07:00
Christoph Hrdinka
b2655b6a34
Merge pull request #91514 from NinjaTrappeur/nin-fix-nsdconf
nixos/nsd: symlink conf file to /etc/nsd
2020-06-26 23:24:30 +02:00
Marek Mahut
bb7c60708a
Merge pull request #91497 from 1000101/blockbook
nixos/blockbook-frontend: init
2020-06-26 21:17:36 +02:00
Félix Baylac-Jacqué
7020dc8eac
nixos/nsd: symlink conf file to /etc/nsd
We remove the configFile build flag override in the NixOS module.

Instead of embedding the conf file link to the binaries, we symlink it
to /etc/nsd/nsd.nix, the hardcoded config file location for the
various CLI nsd utilities.

This config file build option override is triggerring a nsd rebuild
for each configuration change. This prevent us to use the nixos cache
in many cases.

Co-authored-by: Erjo <erjo@cocoba.work>
2020-06-26 20:18:33 +02:00
Niklas Hambüchen
5c5f7a22fe
Merge pull request #90701 from nh2/issue-90613-fix-consul-reboot-test
consul.passthru.tests: Fix failure on current consul versions, add more tests
2020-06-26 19:40:10 +02:00
Marek Mahut
31cd000bb6
Merge pull request #91613 from 1000101/1000101
maintainers: fix previously uncaught name issues
2020-06-26 17:12:34 +02:00
1000101
6c3b36212a maintainers: fix previously uncaught name issues 2020-06-26 16:38:27 +02:00
1000101
c6d346b323 nixos/blockbook-frontend: add tests 2020-06-26 16:16:49 +02:00
1000101
de3c56ffd8 nixos/blockbook-frontend: init 2020-06-26 16:16:49 +02:00
zowoq
a8efeed583
Merge pull request #91138 from zowoq/podman
podman: 1.9.3 -> 2.0.1
2020-06-26 12:14:22 +10:00
zowoq
29b75dc074
Merge pull request #91458 from mdlayher/mdl-corerad-0.2.7
corerad: 0.2.6 -> 0.2.7
2020-06-26 09:45:59 +10:00
zowoq
e89446656d nixos/{podman,containers}: libpod.conf -> containers.conf 2020-06-26 08:09:36 +10:00
zowoq
033ba9c73d nixos/podman: use cgroupfs for rootless crun test 2020-06-26 08:09:36 +10:00
Frederik Rietdijk
bef20b38ef Merge master into staging-next 2020-06-25 13:48:05 +02:00
Kim Lindberger
c00bf081d9
Merge pull request #88940 from stigtsp/package/convos-init
convos: init at 4.22
2020-06-25 09:32:33 +02:00
Matt Layher
09f0d65317
nixos/corerad: set systemd unit Type=notify
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-24 22:09:20 -04:00
Timo Kaufmann
41ba255e23
Merge pull request #77982 from symphorien/sshl_ipv6
nixos/sslh: make it possible (and the default) to listen on ipv6, plus regression test
2020-06-24 22:13:19 +02:00
Frederik Rietdijk
16287a8cb8 Merge master into staging-next 2020-06-24 19:04:03 +02:00
rnhmjoj
33c4a4bdd5
nixos/tests: add test for grub authentication 2020-06-24 10:22:53 +02:00
rnhmjoj
b520055df6
nixos/lib/test-driver: add wait_for_console_text
This method is similar to wait_for_text but is based on matching
serial console lines instead of the VGA output.
2020-06-24 10:22:53 +02:00
Fabian Möller
c07a6f8743
nixos/generic-extlinux-compatible: fix docbook syntax 2020-06-23 20:51:02 +02:00
Vladimír Čunát
64cf1e79dd
Merge #91363: small treewide: his -> theirs/its 2020-06-23 19:11:13 +02:00
Sean Buckley
37ec7c488a
grub: add support for passwords
This patch adds support for user accounts/passwords in GRUB 2.
When configured, everything but the default option is password-protected.
2020-06-23 19:01:43 +02:00
Florian Klink
d227d81c9a
Merge pull request #91195 from flokli/extlinux-conf-builder-dtbname
extlinux-conf-builder: expose and use base builder command, allow a custom FDT to be specified
2020-06-23 18:07:31 +02:00