Commit Graph

14530 Commits

Author SHA1 Message Date
Daniel Fullmer
d7e3312ab1 qemu-vm: split EFI NVRAM into CODE and VARS 2020-07-06 12:08:41 -07:00
Daniel Fullmer
4d14826825 qemu-vm: allow bootloader to set EFI vars
Without this, systemd-boot does not add an EFI boot entry for itself.
The reason it worked before this fix is because it would fall back to
the default installed \EFI\BOOT\BOOTX64.EFI
2020-07-06 12:07:49 -07:00
Imran Hossain
7dd656a037 nixos/restic: Add options for rclone repositories 2020-07-06 10:27:55 -04:00
Aaron Andersen
5cecdd145b
Merge pull request #91042 from datafoo/fix-issue-86184
nixos/acme: execute a single lego command
2020-07-06 07:26:05 -04:00
Divam
d127d85173 Options to add an extra disk in virtual box VM. 2020-07-06 15:45:18 +09:00
Eric Wolf
8af58eda12
postfix: Add submissions option for postfix and test (#91691)
RFC 8314 suggests, for end user submission of
mails, SMTP over TLS on port 465 should be used.

Closes #91690
2020-07-06 03:37:56 +02:00
Benjamin Hipple
152a29fef8
Merge pull request #77557 from c0deaddict/feature/nginx-sso-package-option
nixos/nginx.sso: add package option
2020-07-05 21:24:22 -04:00
Benjamin Hipple
1e835d98c5
Merge pull request #89498 from 0x4A6F/master-xandikos
xandikos: 0.1.0 -> 0.2.2
2020-07-05 20:04:50 -04:00
Matthew Bauer
c34507d795
Merge pull request #90431 from euank/nixos-install-warn
nixos-install: error out if $mountPoint has bad permissions
2020-07-05 18:55:43 -04:00
Vincent Breitmoser
5395397fd6 nixos/nix-daemon: work on buildMachines submodule 2020-07-05 16:51:55 +02:00
John Ericson
1ed248eac2 nixos/nix-daemon: Organize buildMachine options with a submodule 2020-07-05 16:51:55 +02:00
Benjamin Asbach
632104e5a4 postfix: deprecated sslCACert in favour of tlsTrustedAuthorities
`sslCACert` was used for trust store of client and server certificates. Since `smtpd_tls_ask_ccert` defaults to no the setup of `smtpd_tls_CApath` was removed.

>By default (see smtpd_tls_ask_ccert), client certificates are not requested, and smtpd_tls_CApath should remain empty.
see http://www.postfix.org/postconf.5.html#smtpd_tls_CAfile
2020-07-05 14:53:34 +02:00
Benjamin Asbach
9d697837f0 postfix: used recommended configuration key to enable tls
> With Postfix 2.3 and later use smtp_tls_security_level instead.

http://www.postfix.org/postconf.5.html#smtp_use_tls
2020-07-05 14:50:40 +02:00
Lassulus
e0f07f9b8d
Merge pull request #63165 from CRTified/module/initrd-ovpn
nixos/system/boot/initrd-openvpn: New openvpn options for initrd
2020-07-05 14:32:52 +02:00
Jan Tojnar
07cebeffb8
Merge pull request #86473 from bachp/virtualbox-vmsvga 2020-07-05 04:11:44 +02:00
worldofpeace
d3a40e7cfc
Merge pull request #92270 from samuelgrf/fix/whether-typo
nixos/*: fix misspellings of whether
2020-07-04 09:34:28 -04:00
Samuel Gräfenstein
5bb0b72720
nixos/*: wheter -> whether 2020-07-04 15:20:41 +02:00
Samuel Gräfenstein
850d7d1790
nixos/*: wether -> whether 2020-07-04 15:17:03 +02:00
Niklas Hambüchen
7c903ca1d2
Merge pull request #92205 from chkno/qemu-vm-cleanup
qemu-vm device name cleanup
2020-07-04 15:08:52 +02:00
Niklas Hambüchen
5b16d4c9ce qemu-vm.nix: Fix device name hardcodes on useBootLoader.
boot.loader.grub.device` was hardcoded to `bootDevice`, which is
wrong, because that's the device for `/`, and with `useBootLoader`
the boot loader is not on that device.

This bug probably came into existence because of bad naming;
`virtualisation.bootDevice` has description
"The disk to be used for the root filesystem", which is very confusing;
it should be `.rootDevice` then!
Unfortunately, the description is right and the attribute name is wrong,
so it is not easy to change this without deprecation.

This commit ensures that even if you use `useBootLoader` and
`diskInterface == "scsi"`, the created VM can boot through, and can run
`nixos-rebuild afterwards.

It also adds extra commentary to explain what's going on in this module
in general in relation to `useBootLoader`.
2020-07-04 14:47:36 +02:00
Niklas Hambüchen
2fa351b6a5 qemu-vm.nix: Do not mount /boot read-only.
There does not seem to be a good reason to do this, and it breaks running
`nixos-rebuild boot --install-bootloader` inside the VM.
2020-07-04 14:44:33 +02:00
Chuck
e74755c422 nixos/qemu-vm: Don't assume boot drive is always vdb 2020-07-04 14:40:42 +02:00
rnhmjoj
c37347af7e
nixos/users-groups: handle password hashes with special meaning 2020-07-04 12:21:49 +02:00
rnhmjoj
99899e2e46
nixos/users-groups: add assertion for ":" in hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
751c2ed6e4
nixos/users-groups: do not check validity of empty hashes 2020-07-04 12:21:49 +02:00
rnhmjoj
900ae97569
nixos/users-groups: clearly document special hash values
This explanation was contained in the description of
security.initialRootPassword but got lost when it was deprecated
a long ago (f496c3c) and removed.
2020-07-04 12:21:48 +02:00
rnhmjoj
a6ed7d4845
nixos/users-groups: remove ancient security.initialRootPassword option
This option has been deprecated for a long time because is redundant
(users.users.root.initialHashedPassword exists).
Moreover, being of type string, it required to handle the special value
"!" separately, instead of using just `null`.
2020-07-04 12:14:37 +02:00
Jörg Thalheim
b2aa673d5a
nixos: fix manual build
https://github.com/NixOS/nixpkgs/pull/92240#issuecomment-653740926
2020-07-04 10:23:25 +01:00
Jörg Thalheim
81aeaeb252
Merge pull request #92240 from nh2/better-empty-password-docs
docs: Explain how to set password-less logins.
2020-07-04 07:24:37 +01:00
Chuck
a5e211dd7f nixos/qemu-vm: Generalize drive naming 2020-07-03 19:36:45 -07:00
Niklas Hambüchen
06b8b96500 docs: Explain how to set password-less logins.
This explains the

    # Allow the user to log in as root without a password.
    users.users.root.initialHashedPassword = "";

that the NixOS installer live systems use in
`profiles/installation-device.nix`.
2020-07-04 02:05:03 +02:00
Pascal Bach
3e7d650bcc nixos/unifi: restart service on package update
Currently the service doesn't detect if on of the packages is updated
and doesn't restart.

By manually adding a trigger we make sure the service restarts if any of
the involved packages update.
2020-07-03 22:34:29 +02:00
Chuck
800639f287 nixos/qemu-vm: Refactor: Combine duplicate disk definitions 2020-07-03 11:31:43 -07:00
Peter Hoeg
8bc7721fb1
Merge pull request #91765 from asdf8dfafjk/onedrive_module
nixos/onedrive: init
2020-07-03 10:08:42 +08:00
Graham Christensen
9d335706a0
Merge pull request #92092 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Update description for requestEncryptionCredentials
2020-07-02 17:25:53 -04:00
Will Fancher
b5f7b79a2d ZFS: Update description for requestEncryptionCredentials 2020-07-02 16:08:50 -04:00
Graham Christensen
105e63469d
Merge pull request #91344 from ElvishJerricco/zfs-encryption-systemd-ask-password
ZFS: Ask for stage 2 encryption passwords using systemd-ask-password
2020-07-02 14:15:18 -04:00
Will Fancher
e2f1594695 ZFS: Set IFS=$'\t' for the read command in stage 2 load-key
Co-authored-by: Graham Christensen <graham@grahamc.com>
2020-07-02 13:50:29 -04:00
Will Fancher
05f8cba1b6 ZFS: Pipe /dev/null into the stage 2 load-key script
Just in case something reads stdin, so that `while read ds kl` doesn't
miss anything
2020-07-02 13:50:28 -04:00
Will Fancher
c128229dce plymouth: Enable systemd-ask-password-plymouth 2020-07-02 13:50:23 -04:00
Vincent Ambo
c0122d335b nixos/openldap: add option for configuring OpenLDAP package to use
In certain cases, for example when custom OpenLDAP modules are
compiled into the binary, users may want to override the package used
for OpenLDAP.

This is especially common in setups where LDAP is the primary
authentication source, as good password hashing mechanisms need to be
enabled as extra modules.
2020-07-01 20:49:04 +01:00
Michele Guerini Rocco
dab676b2d7
Merge pull request #65231 from buckley310/grub-password
grub: add support for passwords
2020-07-01 09:04:30 +02:00
CRTified
c684398c6a nixos/system/boot/initrd-openvpn: Add openvpn options for initrd
nixos/tests/initrd-openvpn: Add test for openvpn in the initramfs

The module in this commit adds new options that allows the
integration of an OpenVPN client into the initrd.
This can be used e.g. to remotely unlock LUKS devices.

This commit also adds two tests for `boot.initrd.network.openvpn`.
The first one is a basic test to validate that a failing connection
does not prevent the machine from booting.

The second test validates that this module actually creates a valid
openvpn connection.
For this, it spawns three nodes:

  - The client that uses boot.initrd.network.openvpn
  - An OpenVPN server that acts as gateway and forwards a port
    to the client
  - A node that is external to the OpenVPN network

The client connects to the OpenVPN server and spawns a netcat instance
that echos a value to every client.
Afterwards, the external node checks if it receives this value over the
forwarded port on the OpenVPN gateway.
2020-07-01 00:08:55 +02:00
Michele Guerini Rocco
5abeb133de
Merge pull request #91794 from rnhmjoj/fish-mandb
nixos/fish: enable man cache generation
2020-06-30 13:43:22 +02:00
rnhmjoj
5b59329234
nixos/fish: enable man cache generation 2020-06-29 22:28:32 +02:00
_
a3b0864bb0 nixos/onedrive: init 2020-06-29 19:56:41 +05:30
misuzu
fc9f994ee5
nixos/gitlab-runner: add more global options (#86946) 2020-06-29 13:35:21 +00:00
Florian Klink
aed85b7279
Merge pull request #85223 from arianvp/acme-fix-nginx-after
nixos/acme: Fix ordering of certificate requests (#81482)
2020-06-29 10:17:25 +02:00
Linus Heckemann
5b8b201e44 Revert "traefik: unify TOML generation"
This reverts commit a5e6901702.

yj doesn't distinguish floats and ints, which breaks some configs.
2020-06-29 09:34:41 +02:00
Robert Schütz
595a3d14b7
Merge pull request #91168 from dotlambda/radicale-3.0.3
radicale: 2.1.11 -> 3.0.3
2020-06-28 12:48:56 +02:00
Graham Christensen
38060ee399
Merge pull request #91666 from Atemu/undervolt-warning
undervolt: clarify that the service is unofficial
2020-06-27 08:39:55 -04:00
Atemu
2c7402b54d undervolt: clarify that the service is unofficial
The original warning almost made it sound like the service was made by or
somehow connected to Intel which is not the case
2020-06-27 14:21:58 +02:00
Christoph Hrdinka
b2655b6a34
Merge pull request #91514 from NinjaTrappeur/nin-fix-nsdconf
nixos/nsd: symlink conf file to /etc/nsd
2020-06-26 23:24:30 +02:00
Marek Mahut
bb7c60708a
Merge pull request #91497 from 1000101/blockbook
nixos/blockbook-frontend: init
2020-06-26 21:17:36 +02:00
Félix Baylac-Jacqué
7020dc8eac
nixos/nsd: symlink conf file to /etc/nsd
We remove the configFile build flag override in the NixOS module.

Instead of embedding the conf file link to the binaries, we symlink it
to /etc/nsd/nsd.nix, the hardcoded config file location for the
various CLI nsd utilities.

This config file build option override is triggerring a nsd rebuild
for each configuration change. This prevent us to use the nixos cache
in many cases.

Co-authored-by: Erjo <erjo@cocoba.work>
2020-06-26 20:18:33 +02:00
1000101
de3c56ffd8 nixos/blockbook-frontend: init 2020-06-26 16:16:49 +02:00
zowoq
a8efeed583
Merge pull request #91138 from zowoq/podman
podman: 1.9.3 -> 2.0.1
2020-06-26 12:14:22 +10:00
zowoq
29b75dc074
Merge pull request #91458 from mdlayher/mdl-corerad-0.2.7
corerad: 0.2.6 -> 0.2.7
2020-06-26 09:45:59 +10:00
zowoq
e89446656d nixos/{podman,containers}: libpod.conf -> containers.conf 2020-06-26 08:09:36 +10:00
Frederik Rietdijk
bef20b38ef Merge master into staging-next 2020-06-25 13:48:05 +02:00
Kim Lindberger
c00bf081d9
Merge pull request #88940 from stigtsp/package/convos-init
convos: init at 4.22
2020-06-25 09:32:33 +02:00
Matt Layher
09f0d65317
nixos/corerad: set systemd unit Type=notify
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-24 22:09:20 -04:00
Philip Nelson
81034b583c nixos/nextdns: init 2020-06-24 18:33:05 -07:00
Timo Kaufmann
41ba255e23
Merge pull request #77982 from symphorien/sshl_ipv6
nixos/sslh: make it possible (and the default) to listen on ipv6, plus regression test
2020-06-24 22:13:19 +02:00
tmplt
a30294388c nixos/zfs-replication: document expected lz4 on host system 2020-06-24 19:41:36 +02:00
Frederik Rietdijk
16287a8cb8 Merge master into staging-next 2020-06-24 19:04:03 +02:00
Fabian Möller
c07a6f8743
nixos/generic-extlinux-compatible: fix docbook syntax 2020-06-23 20:51:02 +02:00
Vladimír Čunát
64cf1e79dd
Merge #91363: small treewide: his -> theirs/its 2020-06-23 19:11:13 +02:00
Sean Buckley
37ec7c488a
grub: add support for passwords
This patch adds support for user accounts/passwords in GRUB 2.
When configured, everything but the default option is password-protected.
2020-06-23 19:01:43 +02:00
Florian Klink
d227d81c9a
Merge pull request #91195 from flokli/extlinux-conf-builder-dtbname
extlinux-conf-builder: expose and use base builder command, allow a custom FDT to be specified
2020-06-23 18:07:31 +02:00
Profpatsch
517be84135 small treewide: his -> theirs/its
SJW brigade represent. ;)

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
2020-06-23 16:49:50 +02:00
Will Fancher
0d55d48f0f ZFS: Ask for stage 2 encryption passwords using systemd-ask-password 2020-06-23 06:25:21 -04:00
Robert Schütz
d77fb3729d nixos/radicale: use radicale3 2020-06-23 12:02:27 +02:00
Jörg Thalheim
7aaffa71dc
Merge pull request #91216 from Mic92/nixos-config-generate
nixos-generate-config: refer to nixos-hardware
2020-06-22 23:52:48 +01:00
Jörg Thalheim
e943489f24
nixos-generate-config: refer to nixos-hardware 2020-06-22 23:51:08 +01:00
Stig Palmquist
042a2d8baf
nixos/convos: init 2020-06-22 13:58:34 +02:00
Frederik Rietdijk
7481da9cbd Merge master into staging-next 2020-06-22 08:46:16 +02:00
Jörg Thalheim
9aa668ef04
Merge pull request #91154 from Mic92/homeassistant 2020-06-21 13:59:28 +01:00
Florian Klink
387f3b58d2 hardware.deviceTree: add name
This can be used to explicitly specify a specific dtb file, relative to
the dtb base.

Update the generic-extlinux-compatible module to make use of this option.
2020-06-21 13:48:22 +02:00
Florian Klink
bd8137aef1 extlinux-conf-builder.sh: allow a custom FDT to be specified
Some bootloaders might not properly detect the model.
If the specific model is known by configuration, provide a way to
explicitly point to a specific dtb in the extlinux.conf.
2020-06-21 13:48:22 +02:00
Florian Klink
afa627730e nixos/sd-image-*: use boot.loader.generic-extlinux-compatible.populateCmd
While getting rid of the separate extlinux-conf-builder import, this now
also honors boot.loader.timeout in the initial sd card image if
specified.
2020-06-21 13:48:17 +02:00
Florian Klink
54129e72b4 nixos/generic-extlinux-compatible: introduce boot.loader.generic-extlinux-compatible.populateCmd
This option exposes the builder command used to populate an image,
honoring all options except the -c <path-to-default-configuration>
argument.

Useful to have for sdImage.populateRootCommands.

Special care needs to be taken w.r.t cross - the populate command runs
on the host platform, the activation script on the build platform (so
the builders differ)
2020-06-21 13:41:22 +02:00
edef
c27fc6a5e5
nixos/gerrit: allow configuring replication declaratively (#91200) 2020-06-21 08:54:14 +00:00
Florian Klink
43424688db nixos/deviceTree: fix description
hardware.deviceTree.base points to a path, not a package (and also if of
types.path)

It defaults to ${config.boot.kernelPackages.kernel}/dtbs.
2020-06-21 10:39:10 +02:00
Edmund Wu
00f7558225
Revert "libinput: ensure that we only apply touchpad options to touchpads"
This reverts commit 912a58428c.
2020-06-20 20:46:17 -04:00
Samuel Dionne-Riel
f203b8b277
Merge pull request #90119 from samueldr/feature/rpi4-fixups
Fix some pitfalls from the Raspberry Pi 4 specific sd image
2020-06-20 17:02:51 -04:00
Michele Guerini Rocco
1eef920a8d
Merge pull request #91128 from bbigras/rslsync-localhost
nixos/resilio: listen on [::1] by default
2020-06-20 20:43:04 +02:00
Bruno Bigras
dbb5bdfa09 nixos/resilio: listen on [::1] by default 2020-06-20 14:28:23 -04:00
Maximilian Bosch
c9462630bd
Merge pull request #91149 from nlewo/nextcloud-expose-occ
nixos/nextcloud: add occ internal option
2020-06-20 19:28:25 +02:00
Marek Mahut
0ff1bdb7c0
Merge pull request #90884 from mmahut/wasabi
nixos/wasabibackend: init 1.1.11.1
2020-06-20 15:30:32 +02:00
lewo
2fd146f6ae
Merge pull request #89427 from Ma27/nextcloud19
nextcloud19: init at 19.0.0
2020-06-20 13:59:47 +02:00
Symphorien Gibol
433f227f70 nixos/sslh: make it possible (and the default) to listen on ipv6 2020-06-20 12:54:36 +02:00
Jörg Thalheim
26e9a3498b
nixos/home-assistant: make service reloadable
This allows quick reloads using the following trick:

$(nix-build --show-trace --no-out-link \
  -E '(with import <nixpkgs/nixos> {};
       pkgs.writeScript "update-hass-config"
       config.systemd.services.home-assistant.preStart)')
systemctl reload home-assistant
2020-06-20 10:31:27 +01:00
Maximilian Bosch
f326e5a35e
nixos/nextcloud: update upgrade-path for nextcloud19
Enhance the heuristics to make sure that a user doesn't accidentally
upgrade across two major versions of Nextcloud (e.g. from v17 to v19).

The original idea/discussion has been documented in the nixpkgs manual[1].

This includes the following changes:

* `nextcloud19` will be selected automatically when having a stateVersion
  greater or equal than 20.09. For existing setups, the package has to
  be selected manually to avoid accidental upgrades.

* When using `nextcloud18` or older, a warning will be thrown which recommends
  upgrading to `nextcloud19`.

* Added a brief paragraph about `nextcloud19` in the NixOS 19.09 release
  notes.

* Restart `phpfpm` if the Nextcloud-package (`cfg.package`) changes[2].

[1] https://nixos.org/nixos/manual/index.html#module-services-nextcloud-maintainer-info
[2] https://github.com/NixOS/nixpkgs/pull/89427#issuecomment-638885727
2020-06-20 11:30:11 +02:00
Michele Guerini Rocco
34f19a4686
Merge pull request #86253 from erictapen/printers-example
nixos/printers: fix example for hardware.printers.ensurePrinters.*.model
2020-06-20 10:15:30 +02:00
Michele Guerini Rocco
fe1245d555
Merge pull request #87270 from martinetd/mpd-fluidsynth
mpd: add services.mpd.fluidsynth option
2020-06-20 10:14:06 +02:00
Antoine Eiche
7d994ad445 nixos/nextcloud: add occ internal option
This option exposes the prefconfigured nextcloud-occ
program. nextcloud-occ can then be used in other systemd services or
added in environment.systemPackages.

The nextcloud test shows how it can be add in
environment.systemPackages.
2020-06-20 09:59:27 +02:00
Michele Guerini Rocco
41e1bd6021
Merge pull request #90635 from Twey/libinput-touchpad
libinput: ensure that we only apply touchpad options to touchpads
2020-06-20 09:58:47 +02:00
Michele Guerini Rocco
003bf184c0
Merge pull request #91116 from bbigras/rslsync-group
nixos/resilio: fix group name in documentation
2020-06-20 09:54:17 +02:00
Frederik Rietdijk
9c5e7367d1 Merge master into staging-next 2020-06-20 07:38:17 +02:00
Evils
73a90b0154 nixos/tuptime: change group/user to match upstream 2020-06-20 05:34:37 +02:00
Timo Kaufmann
4843eab3a1
Merge pull request #84135 from symphorien/btrfs-scrub-success
nixos/btrfs autoScrub: don't fail when scrub finishes successfully
2020-06-19 22:55:19 +02:00
Maximilian Bosch
a2a5aa2634
nextcloud19: init at 19.0.0
https://nextcloud.com/blog/nextcloud-hub-brings-productivity-to-home-office/
2020-06-19 22:16:52 +02:00
Bruno Bigras
ad13beeebc nixos/resilio: fix group name in documentation 2020-06-19 15:15:33 -04:00
Marek Mahut
d07ba3e962
nixos/wasabibackend: fixing description
Co-authored-by: 1000101 <b1000101@pm.me>
2020-06-19 20:07:55 +02:00
Alyssa Ross
4e69b0a899
Merge pull request #89744 from vojta001/traefik-indent-config
traefik: unify TOML generation
2020-06-19 15:23:55 +00:00
Marek Mahut
b62df8ab46 nixos/wasabibackend: init 2020-06-19 16:44:21 +02:00
datafoo
cc37d7edd7 nixos/acme: execute a single lego command
Stop trying to execute `lego renew` if that is not necessary.

Fix #86184.
2020-06-19 14:56:17 +02:00
Frederik Rietdijk
e4cd7a48f3 Merge staging-next into staging 2020-06-19 10:49:25 +02:00
Linus Heckemann
aea806b8ea
Merge pull request #86177 from mayflower/mailman-upstream
Mailman refactor
2020-06-19 07:54:41 +02:00
Euan Kemp
460c0d608f nixos-install: error out if $mountPoint has bad permissions
The nix store more-or-less requires o+rx on all parent directories.
This is primarily because nix runs builders in a uid/gid mapped
user-namespace, and those builders have to be able to operate on the nix
store.

This check is especially helpful because nix does not produce a helpful
error on its own (rather, creating directories and such works, it's not
until 'mount --bind' that it gets an EACCES).

Helps users who run into this opaque error, such as in #67465.
Possibly fixes that issue if bad permissions were the only cause.
2020-06-18 20:10:26 -07:00
Florian Klink
a84cbb60f0
Merge pull request #91073 from danielfullmer/systemd-string-format
nixos/systemd-boot: fix incorrect string formatting
2020-06-19 02:23:25 +02:00
Daniel Fullmer
1d4dc149df nixos/systemd-boot: fix incorrect string formatting
Currently, this always writes "default nixos-generation-%d.conf" without
replacing the "%d" in the string.
Python .format() is not equivalent to "%"
2020-06-18 19:58:50 -04:00
Florian Klink
757ba1931f
Merge pull request #91068 from flokli/nixos-systemd-unit-path-types
nixos/systemd: allow str in systemd.services.<name>.path
2020-06-19 00:25:32 +02:00
Florian Klink
f5f8b08f16
Merge pull request #91065 from Infinisil/move-fontultimate
nixos/fontconfig: Move deprecated ultimate removals to relevant module
2020-06-19 00:07:46 +02:00
Florian Klink
1c9e02b911 nixos/systemd: allow str in systemd.services.<name>.path
Turns out, #75510 was too restrictive.

We also need to allow str here, as some modules set this to
"/run/wrappers" to bring `/run/wrappers/bin` into $PATH of a unit.
2020-06-19 00:02:51 +02:00
Florian Klink
c1e7366483
Merge pull request #75510 from helsinki-systems/systemd-path-type
nixos/systemd: Use a proper type for unit paths
2020-06-18 23:50:42 +02:00
Silvan Mosberger
78453e6ba6
nixos/fontconfig: Move deprecated ultimate removals to relevant module
This was a mistake in https://github.com/NixOS/nixpkgs/pull/61570, this
does not belong to prometheus
2020-06-18 23:12:18 +02:00
Florian Klink
e051dab9ff
Merge pull request #91043 from flokli/buildbot-reporters
nixos/buildbot-master: support reporters, migrate away from status
2020-06-18 23:00:44 +02:00
Linus Heckemann
d5cc8fb892 nixos/mailman: fix search index location 2020-06-18 17:23:34 +02:00
Linus Heckemann
176bc68a69 mailman: log to journal 2020-06-18 17:23:33 +02:00
Linus Heckemann
3dbbc786f5 nixos/mailman: RFC42-ise 2020-06-18 17:23:33 +02:00
Linus Heckemann
1b8af3e1ae nixos/mailman: fix clearing static files 2020-06-18 17:23:33 +02:00
Linus Heckemann
32c556b039 nixos/mailman: document, add maintainers 2020-06-18 17:23:29 +02:00
Linus Heckemann
b478e0043c nixos/mailman: refactor
- Add serve.enable option, which configures uwsgi and nginx to serve
  the mailman-web application;
- Configure services to log to the journal, where possible. Mailman
  Core does not provide any options for this, but will now log to
  /var/log/mailman;
- Use a unified python environment for all components, with an
  extraPackages option to allow use of postgres support and similar;
- Configure mailman's postfix module such that it can generate the
  domain and lmtp maps;
- Fix formatting for option examples;
- Provide a mailman-web user to run the uwsgi service by default
- Refactor Hyperkitty's periodic jobs to reduce repetition in the
  expressions;
- Remove service dependencies not related to functionality included in
  the module, such as httpd -- these should be configured in user config
  when used;
- Move static files root to /var/lib/mailman-web-static by default. This avoids
  permission issues when a static file web server attempts to access
  /var/lib/mailman which is private to mailman. The location can still
  be changed by setting services.mailman.webSettings.STATIC_ROOT;
- Remove the webRoot option, which seems to have been included by
  accident, being an unsuitable directory for serving via HTTP.
- Rename mailman-web.service to mailman-web-setup.service, since it
  doesn't actually serve mailman-web. There is now a
  mailman-uwsgi.service if serve.enable is set to true.
2020-06-18 17:21:41 +02:00
Florian Klink
9538bf50ae nixos/buildbot-master: support reporters, migrate away from status
Since Buildbot 0.9.0, status targets were deprecated and ignored.
There's a very small line on startup explaining that, and status simply
isn't reported. Avoid others the same headaches, and do it right in the
NixOS module.

As there might have been changes in the way reporters are organized, and
configuration might need to be migrated remove the old option, and not
just provide an alias.
2020-06-18 16:49:26 +02:00
John Ericson
1a26ee315f
Merge pull request #90693 from obsidiansystems/ipfs-socket-unit-precision
IPFS NixOS module: Socket unit file more precise
2020-06-18 10:36:49 -04:00
Jan Tojnar
51dad85947
nixos/hamster: fix eval
Fixes

	error: The option value `meta.maintainers' in `nixos/modules/programs/hamster.nix' is not of type `list of maintainers'.
2020-06-18 16:22:13 +02:00
Jan Tojnar
33d79f110d
nixos/openldap: fix eval
Fixes

	error: The option value `meta.maintainers' in `nixos/modules/services/databases/openldap.nix' is not of type `list of maintainers'.
2020-06-18 16:20:20 +02:00
Lassulus
7dcb8dc239
Merge pull request #90144 from pbogdan/undervolt
nixos/undervolt: misc cleanups / fixes
2020-06-18 11:52:09 +02:00
WilliButz
57a3249994
Merge pull request #90662 from srhb/redis-exporter
prometheus-redis-exporter: init at 1.7.0
2020-06-18 11:25:23 +02:00
Sarah Brofeldt
344e64a4d9 nixos/prometheus-redis-exporter: init 2020-06-18 11:13:25 +02:00
rnhmjoj
edc6a76cc0
nixos/documentation: add option to generate caches
Previously the NixOS-specific configuration for man-db was in the
package itself and /etc/man.conf was completely ignored.
This change moves it to /etc/man_db.conf, making declarative
configuration practical again.

It's now possible to generate the mandb caches for all packages
installed through NixOS `environment.systemPackages` at build-time.
The standard location for the stateful cache (/var/cache/man) is also
configured to allow users to run `mandb` manually if they wish.

Since generating the cache can be expensive the option is off by
default.
2020-06-18 10:17:04 +02:00
Cole Helbling
13e2c75c93
nixos/sudo: default rule should be first
In /etc/sudoers, the last-matched rule will override all
previously-matched rules. Thus, make the default rule show up first (but
still allow some wiggle room for a user to `mkBefore` it), before any
user-defined rules.
2020-06-17 17:48:51 -07:00
Maximilian Bosch
0510cbe849
Merge pull request #90646 from Ma27/matrix-maintainer-team
maintainers/teams: add matrix team
2020-06-18 00:23:55 +02:00
John Ericson
4044d81d5c IPFS NixOS module: Socket unit file more precise
The systemd socket unit files now more precisely track the IPFS
configuration, by including any multaddr they can make a `ListenStream`
for. (The daemon doesn't currently support anything which would use
`ListDatagram`, so we don't need to worry about that.)

The tests use some of these features.
2020-06-17 21:43:04 +00:00
lewo
b20f9112d2
Merge pull request #89486 from Ma27/dovecot-mailboxes
nixos/dovecot2: turn `mailboxes`-option into an attr-set
2020-06-17 22:19:09 +02:00
Maximilian Bosch
e826a6ce03
nixos/dovecot2: refactor mailboxes option
Specifying mailboxes as a list isn't a good approach since this makes it
impossible to override values. For backwards-compatibility, it's still
possible to declare a list of mailboxes, but a deprecation warning will
be shown.
2020-06-17 22:05:58 +02:00
Maximilian Bosch
650617253e
maintainers/teams: add matrix team 2020-06-17 21:55:29 +02:00
Pascal Bach
f29063ff0b nixos/virtualbox-image: change graphics adapter to vmswga 2020-06-17 18:43:28 +02:00
Pascal Bach
ec9792a3f5 nixos/virtualbox-guest: add vmware driver
VMSGVA is recommended by virtualbox for Linux clients.
Compared to VBoxVGA and VBoxSVGA it also supports 3D acceleration.

Adding the driver makes nixos work with all three supported graphics card
types.
2020-06-17 18:43:27 +02:00
Silvan Mosberger
f03e85f703
Merge pull request #74589 from tmplt/fix-physlock
nixos/physlock: add suspend-then-hibernate to lockOn.suspend units
2020-06-17 18:06:52 +02:00
Michele Guerini Rocco
4ddf9b763b
Merge pull request #83171 from rnhmjoj/hash
nixos/users: validate password hashes
2020-06-17 17:25:34 +02:00
Lassulus
98cac435f3
Merge pull request #89814 from alexfmpe/patch-3
Fix typo
2020-06-17 16:22:27 +02:00
Maximilian Bosch
fc179ef8a6
nixos/dovecot2: add autoexpunge setting
To automatically purge old email.

See also https://wiki.dovecot.org/MailboxSettings
2020-06-17 01:07:27 +02:00
tmplt
51e995cc05 nixos/physlock: add suspend-then-hibernate to suspend/hibernate units 2020-06-16 23:42:56 +02:00
Florian Klink
d72530162a
Merge pull request #90604 from maralorn/systemd-oneshot-warning
nixos/systemd: Update warning for restarting oneshots
2020-06-16 23:35:22 +02:00
Jan Tojnar
75e756b8e1
Merge pull request #90051 from fabianhauser/hamster-time-tracker 2020-06-16 23:08:45 +02:00
Malte Brandy
0d4134de4a
nixos/systemd: Update warning for restarting oneshots
Restart= can be anything other than on-success and always for onehost units as of
10e72727ee
which is contained in systemd 245.
2020-06-16 22:10:12 +02:00
James Kay
912a58428c libinput: ensure that we only apply touchpad options to touchpads 2020-06-16 20:44:10 +01:00
Jörg Thalheim
a9a5016644
Merge pull request #87833 from Izorkin/sandbox-mysql 2020-06-16 18:13:43 +01:00
Jan Tojnar
7c20a53506
Merge pull request #90539 from r-ryantm/auto-update/fwupd 2020-06-16 16:43:33 +02:00
Aaron Andersen
b6108e021b
Merge pull request #89327 from mweinelt/go-neb-module
nixos/go-neb: init
2020-06-16 06:30:29 -04:00
Florian Klink
ac7a5f3685
Merge pull request #90386 from danielfullmer/systemd-bootctl-update
nixos/systemd-boot: update bootloader if needed
2020-06-16 11:33:48 +02:00
Jan Tojnar
0f0bcec11c
fwupd: Add passthru consistency test
We need to keep the passthru.filesInstalledToEtc and passthru.defaultBlacklistedPlugins in sync with the package contents so let's add a test to enforce that.
2020-06-16 11:20:55 +02:00
Florian Klink
42b92250b9 nixos/systemd-boot: fix default boot entry selection
6cd12ebcfe
changed behaviour - now the "default" entry needs to identity an entry
with its full name, including the ".conf".

Reported-In: https://github.com/NixOS/nixpkgs/issues/86422
2020-06-15 20:22:45 -04:00
Daniel Fullmer
7e3519a7cf nixos/systemd-boot: update bootloader if needed 2020-06-15 20:22:45 -04:00
rnhmjoj
470ce4784e
nixos/users: validate password hashes 2020-06-15 20:08:36 +02:00
Florian Klink
af3c1000a4
Merge pull request #90343 from flokli/hardware-u2f-remove
hardware/u2f: remove module
2020-06-15 17:53:47 +02:00
Arian van Putten
cfd672a94d nixos/acme: Also fix ordering for apache 2020-06-15 11:05:00 +02:00
Arian van Putten
681cc105ce nixos/acme: Make sure nginx is running before certs are requested
This fixes https://github.com/NixOS/nixpkgs/issues/81842

We should probably also fix this for Apache, which recently also learned
to use ACME.
2020-06-15 11:04:59 +02:00
Matt Layher
562beabff3
nixos/corerad: use passAsFile while converting settings JSON to TOML
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-14 13:30:17 -04:00
Silvan Mosberger
00e448172f
Merge pull request #89781 from mdlayher/mdl-corerad-settings 2020-06-14 16:48:54 +02:00
Matt Layher
f1a4b100fd
nixos/corerad: add settings option to supersede configFile
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-14 10:07:16 -04:00
Florian Klink
89c3e73dad hardware/u2f: remove module
udev gained native support to handle FIDO security tokens, so we don't
need a module which only added the now obsolete udev rules.

Fixes: https://github.com/NixOS/nixpkgs/issues/76482
2020-06-14 15:13:31 +02:00
eyjhb
7279428096
boot.initrd.luks.devices: add preOpenCommands and postOpenCommands 2020-06-14 12:03:00 +02:00
Peter Hoeg
eb62c7edc8
Merge pull request #90261 from prusnak/installer-zstd-rm
images: remove original files when using zstd for compression
2020-06-14 10:39:10 +08:00
rnhmjoj
e23c57c347
nixos/ncdns: init module 2020-06-14 01:09:33 +02:00
Pavol Rusnak
490fc040be
images: remove original files when using zstd for compression 2020-06-14 00:19:11 +02:00
Michele Guerini Rocco
1d924f0354
Merge pull request #89772 from rnhmjoj/dnschain
dnschain: remove
2020-06-13 13:37:02 +02:00
rnhmjoj
2e5019b92c
dnschain: remove package and NixOS module
The software is unmaintained since ~2014 and the package
can't be built anymore (issue #89205).
2020-06-13 12:33:31 +02:00
Arian van Putten
71a6d32c18 nixos/timesyncd: Make dbus-activatible
Upstream has this alias too; so that dbus activation works.
What I don't fully understand is why this would ever be useful given
this unit is already started way in early boot; even before dbus is up.
But lets just keep behaviour similar to upstream and then ask these
questions to upstream.
2020-06-13 12:23:45 +02:00
Arian van Putten
cd1dedac67 nixos/networkd: Make activatible through dbus and netlink
With this systemd buffers netlink messages in early boot from the kernel
itself; and passes them on to networkd for processing once it's started.
Makes sure no routing messages are missed.

Also makes an alias so that dbus can activate this unit. Upstream has
this too.
2020-06-13 12:23:45 +02:00
Arian van Putten
0e18e5db99 nixos/resolved: Include dbus alias of resolved unit
This will make dbus socket activation for it work

When `systemd-resolved` is restarted; this would lead to unavailability
of DNS lookups.  You're supposed to use DBUS socket activation to buffer
resolved requests; such that restarts happen without downtime
2020-06-13 12:23:45 +02:00
John Ericson
1c4480e931
Merge pull request #90157 from obsidiansystems/socket-based-ipfs
Add socket-based IPFS support
2020-06-12 18:31:01 -04:00
Matthew Bauer
2c2f6c0b38 nixos/ipfs: only set listenstream when gateway/api is default 2020-06-12 17:15:34 -05:00
Matthew Bauer
982a17a48e nixos/ipfs: always expose sockets 2020-06-12 17:15:34 -05:00
Matthew Bauer
fa06d8f961 nixos/ipfs: actually use upstream systemd units 2020-06-12 17:15:34 -05:00
Matthew Bauer
b36ef706fb nixos/ipfs: add startWhenNeeded option
This makes it possible to only start IPFS when needed. So a user’s
IPFS daemon only starts when they actually use it.

A few important warnings though:

  - This probably shouldn’t be mixed with services.ipfs.autoMount
    since you want /ipfs and /ipns aren’t activated like this
  - ipfs.socket assumes that you are using ports 5001 and 8080 for the
    API and gateway respectively. We could do some parsing to figure
    out what is in apiAddress and gatewayAddress, but that’s kind of
    difficult given the nonstandard address format.
  - Apparently? this doesn’t work with the --api commands used in the tests.

Of course you can always start automatically with startWhenNeeded =
false, or just running ‘systemctl start ipfs.service’.

Tested with the following test (modified from tests/ipfs.nix):

  import ./make-test-python.nix ({ pkgs, ...} : {
    name = "ipfs";

    nodes.machine = { ... }: {
      services.ipfs = {
        enable = true;
        startWhenNeeded = true;
      };
    };

    testScript = ''
      start_all()

      machine.wait_until_succeeds("ipfs id")
      ipfs_hash = machine.succeed("echo fnord | ipfs add | awk '{ print $2 }'")

      machine.succeed(f"ipfs cat /ipfs/{ipfs_hash.strip()} | grep fnord")
    '';
  })

Fixes #90145

Update nixos/modules/services/network-filesystems/ipfs.nix

Co-authored-by: Florian Klink <flokli@flokli.de>
2020-06-12 17:15:27 -05:00
Jörg Thalheim
8df5edc153
Merge pull request #87178 from hax404/teeworlds-module-test
nixos/{modules,tests}/teeworlds: init
2020-06-12 19:52:06 +01:00
Maximilian Bosch
267b93da34
Merge pull request #89662 from aanderse/ssmtp
nixos/ssmtp: add settings option
2020-06-12 16:09:13 +02:00
Michele Guerini Rocco
a2fd1ba544
Merge pull request #89159 from datafoo/fix-issue-89158
nixos/networking: check interface state files exist before acting on them
2020-06-12 15:31:57 +02:00
Aaron Andersen
ad2330f642 nixos/ssmtp: drop authPass option in favor of authPassFile, or services.ssmtp.settings.AuthPass if absolutely required 2020-06-12 06:41:56 -04:00
Matthew Bauer
c5f40198f3 nixos/ipfs: consolidate services into one ipfs.service
Previously we had three services for different config flavors. This is
confusing because only one instance of IPFS can run on a host / port
combination at once. So move all into ipfs.service, which contains the
configuration specified in services.ipfs.

Also remove the env wrapper and just use systemd env configuration.
2020-06-11 15:27:22 -05:00
Matthew Bauer
74ff433320 nixos/ipfs: remove unused auto migrate feature 2020-06-11 14:32:06 -05:00
Samuel Dionne-Riel
476c8e0754 sd-image-raspberrypi4: mount boot partition
This should have been done initially, as otherwise it gets awfully
awkward to boot into new generations by default.

This system-specific image wasn't expected to be long-lived, thus why it
didn't end up being polished much.

Reality shows us we may be stuck with it for a bit longer, so let's make
it easier to use for new users.
2020-06-11 14:41:18 -04:00
Samuel Dionne-Riel
34caab71bb sd-image: Make firmware partition name configurable
This will be helpful in the now too-long-lived image for the Raspberry
Pi 4. We'll be able to properly configure the partition to be useful.
2020-06-11 14:41:18 -04:00
Samuel Dionne-Riel
37e50ca635 raspberrypi-builder: ensure scripts fails on error
The way this ends up being called with the raspberry pi 4 image builder
ends up not using the `-e` from the shebang.

In turn, the builds fails during cross-compilation. The wrong coreutils
ends up being used, but this is not made apparent.

The issue I faced is already fixed on master, but this ensures no one
ends up with a failed build "succeeding".
2020-06-11 14:41:18 -04:00
adisbladis
a5a52e8c73
Merge pull request #88718 from adisbladis/vmware-xorg-driver-defaults
services.x11.videoDrivers: Don't include vmware driver on non-x86 platforms
2020-06-11 19:03:24 +02:00
adisbladis
1a5dafcd5b
services.x11.videoDrivers: Don't include vmware driver by default
A better option for vmware guests is to set `virtualisation.vmware.guest.enable`.
2020-06-11 18:49:29 +02:00
Martin Milata
876bf3abc9 nixos/prometheus-lnd-exporter: init 2020-06-11 18:23:54 +02:00
Matthew Bauer
656783a3d1
Merge pull request #89540 from Patryk27/fixes/lxd-lxcfs
Fix `lxd`, so that it works with `lxcfs`
2020-06-11 10:49:40 -05:00
Matthew Bauer
a4959d36ef
Merge pull request #90128 from vcunat/p/locales-priority
nixos i18n.supportedLocales: increase systemPackages priority
2020-06-11 10:44:35 -05:00
Piotr Bogdan
afae933693 nixos/undervolt: simplify CLI args generation 2020-06-11 15:24:28 +01:00
Piotr Bogdan
24e0e05654 nixos/undervolt: use int type for numeric options 2020-06-11 15:24:28 +01:00
Piotr Bogdan
f224b243db nixos/undervolt: fix up options' descriptions
The default `undervolt` package does not accept floating point numbers for any of its numeric
arguments. This also mentions in what units are the values expressed.
2020-06-11 15:24:28 +01:00
Piotr Bogdan
6fb11e5227 nixos/undervolt: add a warning for the enable option
Also use the convenience `mkEnableOption` function for simplicity.
2020-06-11 15:24:28 +01:00
WilliButz
3190ba12f7
Merge pull request #90077 from mdlayher/mdl-nixos-apcupsd
nixos/prometheus-apcupsd-exporter: new module
2020-06-11 15:23:33 +02:00
WilliButz
016a538f71
Merge pull request #89810 from mdlayher/mdl-keylight-exporter
prometheus-keylight-exporter: init at 0.1.1
2020-06-11 15:14:17 +02:00
Vladimír Čunát
92aa60918f
nixos i18n.supportedLocales: increase systemPackages priority
https://discourse.nixos.org/t/conflict-between-glibc-and-glibclocales-workaround-inside/7608
2020-06-11 10:22:20 +02:00
Matt Layher
e45146d94b
nixos/prometheus-apcupsd-exporter: new module
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-10 17:33:41 -04:00
Fabian Hauser
9c95e8150a hamster: init at 3.0.2 2020-06-10 22:05:18 +02:00
Jörg Thalheim
7a4ee350b0
Merge pull request #90027 from Mic92/redis
nixos/redis: add redis group
2020-06-10 19:02:15 +01:00
David Izquierdo
f2d1568282 transmission: add libstdc++ and libgcc_s permissions to apparmor profile 2020-06-10 19:50:24 +02:00
Matt Layher
e77426822f
nixos/prometheus-keylight-exporter: new module
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2020-06-10 13:12:43 -04:00
Vladimír Čunát
a5f5d020c6
Merge branch 'staging-next' 2020-06-10 16:13:48 +02:00
José Romildo Malaquias
a421af29e4
nixos/opensmtpd: add a setgid wrapper for smtpctl (#89962)
The setgid is currently required for offline enqueuing, and
unfortunately smtpctl is currently not split from sendmail so there's
little running around it.
2020-06-10 15:08:36 +02:00
Izorkin
eed170d9ab nixos/mysql: fix init databases on first start in sandbox mode 2020-06-10 12:38:42 +03:00
Izorkin
a9d5f088b5 nixos/mysql: update tmpfiles rules 2020-06-10 12:38:42 +03:00
Izorkin
df7e52814d nixos/mysql: enable sandbox mode 2020-06-10 12:38:40 +03:00
Jörg Thalheim
10acf9ae00
nixos/redis: add redis group 2020-06-10 08:58:34 +01:00
Vladimír Čunát
6e9bb30566
Merge branch 'master' into staging-next
In particular, this fixes ISO evaluation.
2020-06-10 09:41:53 +02:00
Peter Hoeg
5a0e9e63c7
Merge pull request #89457 from NixOS/f/pam_ordering
nixos/pam: mount encrypted home earlier
2020-06-10 10:12:21 +08:00
Jan Tojnar
c637cbe992
Merge branch 'master' into staging-next 2020-06-10 04:10:34 +02:00
zimbatm
9494fdeeb3
Merge pull request #70327 from abbradar/synapse-plugins
Refactor Synapse plugins, add matrix-synapse-pam
2020-06-09 23:54:54 +02:00
zowoq
fa607bc939 nixos/gnome3: nixos-artwork -> pkgs.nixos-artwork 2020-06-09 15:33:37 +10:00
Izorkin
1086ae52fb nixos/ssh: add crypto options 2020-06-08 22:10:36 +03:00
Alexandre Esteves
063043fa63
Fix typo 2020-06-08 16:47:46 +01:00
Frederik Rietdijk
dc33419285 Merge master into staging-next 2020-06-08 12:06:12 +02:00
Florian Klink
b56c66e7e8
Merge pull request #89762 from nlewo/nextcloud-oc_pass
nixos/nextcloud: preserve OC_PASS env variable in the occ wrapper
2020-06-08 10:57:49 +02:00
Florian Klink
3590f02e7d
Merge pull request #88574 from JJJollyjim/qemu-vm-qboot-opt
nixos/qemu-vm: add option to use qboot
2020-06-08 10:46:11 +02:00
Jamie McClymont
55912f3535 nixos/qemu-vm: add option to use a non-standard BIOS
I'd like to change the default on x86 platforms to qboot at some point, since it
saves a fair bit of startup time.
2020-06-08 11:21:53 +12:00
Antoine Eiche
cb682317b0 nixos/nextcloud: preserve OC_PASS env variable in the occ wrapper
The OC_PASS environment variable can be used to create a user with
`occ user:add --password-from-env`. It is currently not possible to
use the `nextcloud-occ` to "non-interactively" create a user since
this variable is ignored by sudo.
2020-06-07 20:47:11 +02:00
worldofpeace
d508591039
Merge pull request #86163 from worldofpeace/wallpaper-refactor
Gnome and Pantheon: install nixos wallpapers
2020-06-07 14:44:59 -04:00
Marek Mahut
7b9d7cc05d
Merge pull request #85947 from prusnak/images-zstd
Use zstd for ISO and SD images
2020-06-07 19:09:43 +02:00
Nadrieril
e4f445008e
boot: fix order of arguments for hasPrefix (#89751) 2020-06-07 18:43:15 +02:00
Vojtěch Káně
a5e6901702 traefik: unify TOML generation
As a side effect, the dynamic config file is now indented
2020-06-07 17:19:45 +02:00
Aaron Andersen
6394b12a07 nixos/ssmtp: add settings option 2020-06-07 10:28:22 -04:00
Frederik Rietdijk
6b8223e634 Merge master into staging-next 2020-06-07 09:25:12 +02:00
Georg Haas
6d1ca7db4a
nixos/{modules,tests}/teeworlds: init
add module and test
2020-06-06 17:06:23 +02:00
Janne Heß
644f9e74e7
nixos/freeswitch: Unit improvements and add fs_cli
This switches the unit to Restart=on-failure and switches the CPU policy
to fifo (the daemon tries to do that itself, but is denied permission).

Also add the package to $PATH to be able to use fs_cli easily.
2020-06-05 20:16:43 +02:00
Frederik Rietdijk
43f71029cc Merge master into staging-next 2020-06-05 19:40:53 +02:00
Jörg Thalheim
7048a817b2
Merge pull request #85418 from lopsided98/grub-initrd-secrets 2020-06-05 16:03:48 +01:00
Patryk Wychowaniec
6c6924b2eb
lxd: When lxcfs is enabled, start lxd with explicit LXD_LXC_TEMPLATE_CONFIG 2020-06-05 16:37:31 +02:00
Patryk Wychowaniec
72e80cdc54
lxd: Add proper support for nftables 2020-06-05 16:37:31 +02:00
Eelco Dolstra
b00463d406
Merge pull request #89479 from edolstra/nix-2.4-completion
Don't enable nix-bash-completions when using Nix 2.4
2020-06-05 13:29:10 +02:00
Jörg Thalheim
abb2f6038c
Merge pull request #89525 from Mic92/cgmanager 2020-06-05 11:46:42 +01:00
Florian Klink
c055fc0319
Merge pull request #89510 from flokli/buildbot-pbPort
nixos/buildbot-master: fix typo in services.buildbot-master.bpPort
2020-06-05 11:50:25 +02:00
Jörg Thalheim
073d2fc4d5
cgmanager: remove
fixes #30023
2020-06-05 09:47:12 +01:00
Florian Klink
1fd972bd50 nixos/buildbot-master: fix typo in services.buildbot-master.bpPort
It's pbPort, and it's also a connection string, meaning
listen-on-localhost is also possible. Provide an alias for the old
option name, so old configs still work.
2020-06-05 01:29:03 +02:00
Ben Wolsieffer
14eceb5991 nixos/grub: support initrd secrets 2020-06-04 18:30:46 -04:00
Ben Wolsieffer
50a5e5597a nixos/stage-1: make boot.initrd.secrets appear in the manual 2020-06-04 17:53:29 -04:00
Frederik Rietdijk
08900c0554 Merge master into staging-next 2020-06-04 15:25:54 +02:00
Robin Gloster
79454f15ac
gitlab: 12.10.8 -> 13.0.3
https://about.gitlab.com/releases/2020/05/22/gitlab-13-0-released/
https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/
https://about.gitlab.com/releases/2020/05/29/gitlab-13-0-3-released/

The gitaly gitlab-shell config has moved into gitaly.toml. See
https://gitlab.com/gitlab-org/gitaly/-/issues/2182 for more info.
2020-06-04 14:32:39 +02:00
Eelco Dolstra
bbfc47326b Don't enable nix-bash-completions when using Nix 2.4
2.4 has its own completion script which collides with
nix-bash-completions.
2020-06-04 14:18:18 +02:00
Peter Hoeg
66e040eaac nixos/pam: mount encrypted home earlier
This patch was done by curro:

The generated /etc/pam.d/* service files invoke the pam_systemd.so
session module before pam_mount.so, if both are enabled (e.g. via
security.pam.services.foo.startSession and
security.pam.services.foo.pamMount respectively).

This doesn't work in the most common scenario where the user's home
directory is stored in a pam-mounted encrypted volume (because systemd
will fail to access the user's systemd configuration).
2020-06-04 13:14:30 +08:00
Michael Weiss
a448d9156b
Merge pull request #89407 from primeos/empty-hostname-fix
nixos: Allow empty hostnames again
2020-06-03 16:18:28 +02:00
Michael Weiss
a6afdbb70b
nixos: Allow empty hostnames again
This fixes a regression from 993baa587c which requires
networking.hostName to be a valid DNS label [0].
Unfortunately we missed the fact that the hostnames may also be empty,
if the user wants to obtain it from a DHCP server. This is even required
by a few modules/images (e.g. Amazon EC2, Azure, and Google Compute).

[0]: https://github.com/NixOS/nixpkgs/pull/76542#issuecomment-638138666
2020-06-03 15:23:37 +02:00
Eelco Dolstra
aef2bc1330
nix: 2.3.6 -> 2.3.6 2020-06-03 14:57:39 +02:00
Jörg Thalheim
4cbf76797e
Merge pull request #89337 from mweinelt/hass-yaml-fun 2020-06-03 11:19:03 +01:00