Commit Graph

14962 Commits

Author SHA1 Message Date
Dominique Martinet
fd196452f0 systemd-confinement: handle ExecStarts etc being lists
systemd-confinement's automatic package extraction does not work correctly
if ExecStarts ExecReload etc are lists.

Add an extra flatten to make things smooth.

Fixes #96840.
2020-09-06 18:55:10 +02:00
Florian Klink
d7046947e5
Merge pull request #91121 from m1cr0man/master
Restructure acme module
2020-09-06 18:26:22 +02:00
Frederik Rietdijk
d362c0e54e Merge master into staging-next 2020-09-06 18:14:23 +02:00
elseym
aaf0002f68
prometheus-unifi-poller-exporter: init module 2020-09-06 17:48:19 +02:00
elseym
b381aacbba
nixos/unifi-poller: init unifi-poller service 2020-09-06 17:47:52 +02:00
Peter Hoeg
6e22c6ea6a
Merge pull request #96769 from peterhoeg/m/phpfpm
nixos/phpfpm: always restart service on failure
2020-09-06 21:41:38 +08:00
Florian Klink
569fdb2c35
Merge pull request #93424 from helsinki-systems/feat/gitlab-mailroom
nixos/gitlab: Support incoming mail
2020-09-06 15:34:02 +02:00
Julien Moutinho
fb6d63f3fd apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
Peter Hoeg
5483b1e216
Merge pull request #97123 from peterhoeg/m/fscache
nixos/cachefilesd: don't set up manually
2020-09-06 10:23:32 +08:00
Jan Tojnar
f0cb5c6a15
Revert "nixos/fontconfig: fix 50-user.conf handling"
This reverts commit 8425726f86.

This should have been reverted in https://github.com/NixOS/nixpkgs/pull/95358
but I forgot about it.
2020-09-06 02:56:31 +02:00
Lucas Savva
34b5c5c1a4
nixos/acme: More features and fixes
- Allow for key reuse when domains are the only thing that
  were changed.
- Fixed systemd service failure when preliminarySelfsigned
  was set to false
2020-09-06 01:28:19 +01:00
Evan Stoll
854a229ae5
nixos/terraria: allow dataDir to be configured (#89033)
* nixos/terraria: allow dataDir to be configured

add dataDir option to terraria module

* Update nixos/modules/services/games/terraria.nix

Co-authored-by: WORLDofPEACE <worldofpeace@protonmail.ch>

Co-authored-by: WORLDofPEACE <worldofpeace@protonmail.ch>
2020-09-05 16:37:52 -04:00
Lassulus
964606d40f
Merge pull request #96659 from doronbehar/module/syncthing
nixos/syncthing: add ignoreDelete folder option
2020-09-05 22:05:04 +02:00
WORLDofPEACE
d0972c9637
Merge pull request #95194 from ju1m/nixos-install
nixos-install: add support for flakes
2020-09-05 15:31:14 -04:00
Even Brenden
660882d883 nixos/displayManager: add XDG_SESSION_ID to systemd user environment
xss-lock needs XDG_SESSION_ID to respond to loginctl lock-session(s)
(and possibly other session operations such as idle hint management).
This change adds XDG_SESSION_ID to the list of imported environment
variables when starting systemctl.

Inspired by home-manager, add importVariables configuration.

Set session to XDG_SESSION_ID when running xss-lock as a service.

Co-authored-by: misuzu <bakalolka@gmail.com>
2020-09-05 20:36:18 +02:00
Florian Klink
98d6b55fdc nixos/testing: remove remaining coverage-data logic
This isn't used anymore as per
https://github.com/NixOS/nixpkgs/pull/72354#discussion_r451031449.
2020-09-05 16:07:59 +02:00
Oleksii Filonenko
d71cadacd9
nixos/caddy: use v2 by default 2020-09-05 14:09:17 +02:00
Oleksii Filonenko
8cc592abfa
nixos/caddy: add support for v2 2020-09-05 14:09:16 +02:00
lewo
d65002aff5
Merge pull request #93314 from tnias/nixos_opendkim_20200717
nixos/opendkim: systemd sandbox
2020-09-05 08:46:19 +02:00
Lucas Savva
f57824c915
nixos/acme: Update docs, use assert more effectively 2020-09-05 01:06:29 +01:00
Julien Moutinho
539ae5c932 Revert "apparmor: add apparmor_parser config file"
This reverts commit 2259fbdf4b.
2020-09-05 01:46:12 +02:00
Jan Tojnar
4f0f26771e
Merge pull request #95358 from jtojnar/global-fontconfig 2020-09-05 00:19:38 +02:00
Lucas Savva
67a5d660cb
nixos/acme: Run postRun script as root 2020-09-04 19:34:10 +01:00
Frederik Rietdijk
af81d39b87 Merge staging-next into staging 2020-09-04 20:03:30 +02:00
Florian Klink
176d5e090a
Merge pull request #97008 from andersk/cryptception-1
cryptsetup, lvm2, systemd: Break cyclic dependency at a different point
2020-09-04 19:12:53 +02:00
Jan Tojnar
7ecabdc22b
Merge pull request #96992 from jtojnar/fc-dtd-urn
treewide: use URN for fontconfig DTD
2020-09-04 17:12:29 +02:00
Peter Hoeg
6ef2152b5d nixos/cachefilesd: don't set up manually
Use our available infrastructure instead of manually handling setup.
2020-09-04 16:11:55 +08:00
Julien Moutinho
b03c506178 nixos-install: add support for flakes 2020-09-04 06:56:09 +02:00
Julien Moutinho
c6a3a0f4f5 nixos-rebuild: do not depend on nix.conf to activate flakes 2020-09-04 06:56:09 +02:00
Lucas Savva
1b6cfd9796
nixos/acme: Fix race condition, dont be smart with keys
Attempting to reuse keys on a basis different to the cert (AKA,
storing the key in a directory with a hashed name different to
the cert it is associated with) was ineffective since when
"lego run" is used it will ALWAYS generate a new key. This causes
issues when you revert changes since your "reused" key will not
be the one associated with the old cert. As such, I tore out the
whole keyDir implementation.

As for the race condition, checking the mtime of the cert file
was not sufficient to detect changes. In testing, selfsigned
and full certs could be generated/installed within 1 second of
each other. cmp is now used instead.

Also, I removed the nginx/httpd reload waiters in favour of
simple retry logic for the curl-based tests
2020-09-04 01:09:43 +01:00
Anders Kaseorg
f4b2c9dfe7 cryptsetup, lvm2, systemd: Break cyclic dependency at a different point
The cyclic dependency of systemd → cryptsetup → lvm2 → udev=systemd
needs to be broken somewhere.  The previous strategy of building
cryptsetup with an lvm2 built without udev (#66856) caused the
installer.luksroot test to fail.  Instead, build lvm2 with a udev built
without cryptsetup.

Fixes #96479.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-09-03 12:35:56 -07:00
Janne Heß
8cf4ec8b97
nixos/systemd: Don't use apply for $PATH
When not using apply, other modules can use $PATH as a list instead of
getting a colon-separated list to each /bin directory.
2020-09-03 20:27:55 +02:00
Philipp Bartsch
47928442a8 nixos/opendkim: add keyPath to ReadWritePaths 2020-09-03 17:54:16 +02:00
Philipp Bartsch
118f341723 nixos/opendkim: add systemd service sandbox 2020-09-03 17:54:15 +02:00
Daniël de Kok
7b73713a98 programs.zsh: remove unnecessary with 2020-09-03 08:42:24 +02:00
Jörg Thalheim
02a2649220
Merge pull request #89748 from heinic/krb5-lists 2020-09-03 07:31:22 +01:00
Jan Tojnar
6dd3b54ccc
treewide: use URN for fontconfig DTD
To match upstream change:

9c46ef4aac
2020-09-03 06:39:00 +02:00
WORLDofPEACE
8739e4235e
Merge pull request #96925 from jtojnar/gpaste-session-path
nixos/gpaste: return sessionPath
2020-09-02 15:43:53 -04:00
Lucas Savva
61dbf4bf89
nixos/acme: Add proper nginx/httpd config reload checks
Testing of certs failed randomly when the web server was still
returning old certs even after the reload was "complete". This was
because the reload commands send process signals and do not wait
for the worker processes to restart. This commit adds log watchers
which wait for the worker processes to be restarted.
2020-09-02 19:25:30 +01:00
Lucas Savva
982c5a1f0e
nixos/acme: Restructure module
- Use an acme user and group, allow group override only
- Use hashes to determine when certs actually need to regenerate
- Avoid running lego more than necessary
- Harden permissions
- Support "systemctl clean" for cert regeneration
- Support reuse of keys between some configuration changes
- Permissions fix services solves for previously root owned certs
- Add a note about multiple account creation and emails
- Migrate extraDomains to a list
- Deprecate user option
- Use minica for self-signed certs
- Rewrite all tests

I thought of a few more cases where things may go wrong,
and added tests to cover them. In particular, the web server
reload services were depending on the target - which stays alive,
meaning that the renewal timer wouldn't be triggering a reload
and old certs would stay on the web servers.

I encountered some problems ensuring that the reload took place
without accidently triggering it as part of the test. The sync
commands I added ended up being essential and I'm not sure why,
it seems like either node.succeed ends too early or there's an
oddity of the vm's filesystem I'm not aware of.

- Fix duplicate systemd rules on reload services

Since useACMEHost is not unique to every vhost, if one cert
was reused many times it would create duplicate entries in
${server}-config-reload.service for wants, before and
ConditionPathExists
2020-09-02 19:22:43 +01:00
Félix Baylac-Jacqué
09c383c17a
Merge pull request #94917 from ju1m/biboumi
nixos/biboumi: init
2020-09-02 17:43:27 +02:00
WORLDofPEACE
31008a8f15
Merge pull request #96937 from jtojnar/drop-strigi
strigi: drop
2020-09-02 08:53:24 -04:00
WORLDofPEACE
18348c7829
Merge pull request #96042 from rnhmjoj/loaOf
treewide: completely remove types.loaOf
2020-09-02 08:45:37 -04:00
Sascha Grunert
27b0c4b151 nixos/containers: add oci-seccomp-bpf-hook
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-02 21:53:37 +10:00
Julien Moutinho
f333296776 nixos/biboumi: init 2020-09-02 08:31:53 +02:00
WORLDofPEACE
765d0371a8
Merge pull request #96879 from romildo/rm.deepin.doc
deepin: register removal in release notes, aliases and module list
2020-09-02 02:25:43 -04:00
Orivej Desh
1a68e21d47
nixos/systemd: support adding and overriding tmpfiles.d via environment.etc (#96766)
This allows the user to configure systemd tmpfiles.d via
`environment.etc."tmpfiles.d/X.conf".text = "..."`, which after #93073
causes permission denied (with new X.conf):

```
ln: failed to create symbolic link '/nix/store/...-etc/etc/tmpfiles.d/X.conf': Permission denied
builder for '/nix/store/...-etc.drv' failed with exit code 1
```

or collision between environment.etc and systemd-default-tmpfiles
packages (with existing X.conf, such as tmp.conf):

```
duplicate entry tmpfiles.d/tmp.conf -> /nix/store/...-etc-tmp.conf
mismatched duplicate entry /nix/store/...-systemd-246/example/tmpfiles.d/tmp.conf <-> /nix/store/...-etc-tmp.conf
builder for '/nix/store/...-etc.drv' failed with exit code 1
```

Fixes #96755
2020-09-02 02:54:11 +00:00
John Ericson
1965a241fc
Merge pull request #61019 from volth/gcc.arch-amd
platform.gcc.arch: support for AMD CPUs
2020-09-01 22:31:16 -04:00
Jan Tojnar
77293baff0
strigi: drop
It has not been used by KDE for many years and depends on umaintained libraries we want to drop (Qt4 and Gamin).
2020-09-02 02:05:40 +02:00
rnhmjoj
bc62423a87
nixos/doc: convert loaOf options refs to attrsOf 2020-09-02 00:42:51 +02:00
rnhmjoj
20d491a317
treewide: completely remove types.loaOf 2020-09-02 00:42:50 +02:00
José Romildo Malaquias
b5c9c03fac nixos/deepin: register as a removed module 2020-09-01 19:42:08 -03:00
Jan Tojnar
3b68a757ff
nixos/gpaste: return sessionPath
GPaste ships keybindings for gnome-control-center. Those depend on GSettings schemas
but there is currently no mechanism for loading schemas other than using global ones
from $XDG_DATA_DIRS. Eventually, I want to add such mechanism but until then,
let's return the impure sessionPath option that was removed in
f63d94eba3
2020-09-01 22:21:09 +02:00
Aaron Andersen
c51e7b7874 nixos/beanstalkd: add openFirewall option 2020-09-01 10:07:28 -04:00
Sascha Grunert
46a0aa4176 nixos/cri-o: unset hooks dir to avoid dir creation on startup
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-09-01 18:04:54 +10:00
Lassulus
a081e99e41
Merge pull request #83780 from hax404/robustirc-bridge
robustirc-bridge: init at 1.8
2020-08-31 18:14:45 +02:00
Frederik Rietdijk
303e0bca3b
Merge pull request #96610 from romildo/rm.deepin
deepin: remove from nixpkgs
2020-08-31 17:58:11 +02:00
Peter Hoeg
07408cac94 nixos/phpfpm: always restart service on failure 2020-08-31 21:19:54 +08:00
Silvan Mosberger
6716867eb3
Merge pull request #96686 from nixy/add/tor-package-option
tor: Add option to tor service for package
2020-08-30 23:02:37 +02:00
Andrew R. M
168a9c8d38 Add option to tor service for package 2020-08-30 14:35:36 -04:00
José Romildo Malaquias
b768afb2e9 deepin: remove from nixpkgs
The Deepin Desktop Environment (DDE) is not yet fully packaged in
nixpkgs and it has shown a very difficult task to complete, as
discussed in https://github.com/NixOS/nixpkgs/issues/94870. The
conclusion is that it is better to completely remove it.
2020-08-30 15:27:42 -03:00
Georg Haas
9376dd8516
nixos/modules/robustirc-bridge: init 2020-08-30 18:34:22 +02:00
Doron Behar
5789ffc509 nixos/syncthing: add ignoreDelete folder option 2020-08-30 10:55:03 +03:00
Matthew Bauer
fc726e3494 Revert "nixos/nix-daemon.nix: assert distributedBuilds and buildMachines!=[]"
This reverts commit 67b6e56391.
This reverts commit 250885d0ca.

Causes issues for some configs, see 67b6e56391
2020-08-29 22:39:24 -05:00
edef
fcdfa881c8
Merge pull request #96589 from deviant/nre-improvements
`nixos-rebuild edit` improvements
2020-08-29 17:26:09 +00:00
Jan Tojnar
b49a769970
fontconfig: get rid of rest of versioned configs
The incompatibility does not seem to exist any more: programs linked against fc 2.12
on fc 2.14 system seem to at least display text, even while printing tons of errors
(as long as you generate fc cache manually), and same thing the other way around.
Hopefully it will not be an issue in the future.
2020-08-29 19:16:22 +02:00
Lassulus
a55bb108fc
Merge pull request #85328 from langston-barrett/lb/restart-dispatcher
nixos/networkmanager: restart dispatcher when nameservers change
2020-08-29 16:24:28 +02:00
Aaron Andersen
af25b37814
Merge pull request #96316 from aanderse/redmine
nixos/redmine: replace extraConfig option with settings option
2020-08-29 09:13:13 -04:00
Aaron Andersen
bcdcd5d9fc
Merge pull request #95880 from aanderse/postgresql-settings
nixos/postgresql: replace extraConfig option with settings option
2020-08-29 09:12:54 -04:00
Frederik Rietdijk
7b56d26ae3 Merge master into staging-next 2020-08-29 13:30:25 +02:00
Robert Hensing
4841b30784
Merge pull request #94804 from hercules-ci/init-nixos-hercules-ci-agent
nixos/hercules-ci-agent: init
2020-08-29 10:20:14 +02:00
V
e08bcdbec3 nixos-rebuild: don't quote $EDITOR
$EDITOR is allowed to contain flags, so it is important to allow the
shell to split this normally. For example, Sublime Text needs to be
passed --wait, since otherwise it will daemonise.
2020-08-29 09:54:14 +02:00
V
be193a2057 nixos-rebuild: make 'edit' work with directories
$NIXOS_CONFIG can be set to a directory, in which case the file used
is $NIXOS_CONFIG/default.nix. This updates 'nixos-rebuild edit' to
handle that case correctly.
2020-08-29 09:54:02 +02:00
Symphorien Gibol
7200fde2d5 nixos/dovecot: configure mailboxes for all processes
Notably fts plugins need them for fts_autoindex_exclude = \SomeFlag
2020-08-28 22:24:04 +02:00
Daniël de Kok
db77fb705e
Merge pull request #96497 from NickHackman/emacs-documentation-typo-fix
Fix typo in services/editors/emacs documentation
2020-08-28 10:43:50 +02:00
Joachim F
18c52dadfe
Merge pull request #96034 from saschagrunert/apparmor
apparmor: add apparmor_parser config file
2020-08-28 08:08:25 +00:00
Frederik Rietdijk
efb45f7638 Merge master into staging-next 2020-08-28 09:54:31 +02:00
Nick Hackman
626bd1f111 Fix typo in services/editors/emacs documentation
In section `sec-modify-via-packageOverrides`: is -> if
2020-08-27 16:58:52 -04:00
Lassulus
7c509270d6
Merge pull request #96460 from sorki/sdImage_post_build
nixos/sdImage: add postBuildCommands
2020-08-27 21:02:20 +02:00
Richard Marko
170e1afd84 nixos/sdImage: add postBuildCommands
This allows to perform `dd if= of=$img` after the image is built
which is handy to add e.g. uBoot SPL to the built image.

Instructions for some ARM boards sometimes contain this step
that needs to be performed manually, with this patch it can be
part of the nix file used to built the image.
2020-08-27 20:18:18 +02:00
Matthew Bauer
3814422afa
Merge pull request #96218 from matthewbauer/cage-supply-pam-environment
nixos/cage: supply pamEnvironment
2020-08-27 10:15:29 -05:00
Matthew Bauer
fe8d0c2e0b nixos/cage: supply pamEnvironment
Without this, you don’t get any of the sessionVariables in the cage
application. Things like XDG_DATA_DIRS, XCURSOR_PATH, etc. are
missing.
2020-08-27 10:11:45 -05:00
Lassulus
c265ca02ca
Merge pull request #85963 from seqizz/g_physlock_message
physlock: add optional lock message
2020-08-27 10:18:34 +02:00
Matthew Bauer
25ac498482
Merge pull request #96404 from matthewbauer/gcc-cross
Fix cycle detected in Darwin->Linux cross GCC
2020-08-26 16:17:14 -05:00
Aaron Andersen
2a44265608 nixos/postgresql: replace extraConfig option with settings option 2020-08-26 17:06:48 -04:00
Lassulus
e453860b8f
Merge pull request #86236 from ThibautMarty/fix-nullOr-types
treewide: fix modules options types where the default is null
2020-08-26 18:21:29 +02:00
Lassulus
12baef56e4
Merge pull request #96127 from hmenke/shadowsocks
shadowsocks service: support plugins
2020-08-26 16:49:55 +02:00
Joachim F
1ad014b3d0
Merge pull request #96080 from Izorkin/unprivileged-userns-clone
nixos/security/misc: add option unprivilegedUsernsClone
2020-08-26 14:20:51 +00:00
Robert Hensing
4d43de37b2 nixos/nixpkgs.nix: Correct crossSystem default literal
The default is null and the documentation should reflect that.
2020-08-26 13:35:35 +02:00
Aaron Andersen
a7c69047df nixos/redmine: remove database.password option 2020-08-26 07:08:07 -04:00
Aaron Andersen
6cf743e52d nixos/redmine: allow user to override contents of additional_environment.rb 2020-08-26 07:08:07 -04:00
Aaron Andersen
dee97b8b44 nixos/redmine: replace extraConfig option with settings option 2020-08-26 07:08:07 -04:00
Frederik Rietdijk
081bd762e5 Merge staging-next into staging 2020-08-26 08:43:29 +02:00
Frederik Rietdijk
f6286dea88 extra-utils: build a full lvm2 without udev support, fixes #96197
dmsetup was missing symbols.
https://github.com/NixOS/nixpkgs/pull/96290#issuecomment-680252830
2020-08-26 08:39:01 +02:00
Henri Menke
d35cb15153
nixos/shadowsocks: support plugins 2020-08-26 14:01:41 +12:00
Lassulus
e357d0ec8c
Merge pull request #95678 from helsinki-systems/upd/sogo
sogo: 4.3.2 -> 5.0.0
2020-08-26 00:04:36 +02:00
Herwig Hochleitner
49dba2c4ad
Merge pull request #96263 from bendlas/warn-wpa-supplicant-config
nixos: wpa_supplicant: warn on unused config
2020-08-25 23:34:18 +02:00
Anderson Torres
fffabfaefd
Merge pull request #96179 from bbigras/sssd
nixos/sssd: fix the module
2020-08-25 16:59:11 -03:00
Anderson Torres
213c004335
Merge pull request #79239 from andersk/mlocate-warning
locate: Clarify mlocate warning message
2020-08-25 16:58:02 -03:00
Jonathan Ringer
7e07d142e7 nixos/octoprint: improve example 2020-08-25 09:13:13 -07:00
Nico Heitmann
0bee87c400 nixos/krb5: add list to example configuration
Updated the relevant nixos test to match the example configuration.
2020-08-25 17:18:56 +02:00
Augustin Borsu
19a7012769 jupyterhub: fix authenticator configuration
authentication_class  is invalid, it should be authenticator_class cfr [project doc|https://tljh.jupyter.org/en/latest/topic/authenticator-configuration.html]
2020-08-25 13:50:18 +02:00
Izorkin
e21e5a9483 nixos/security/misc: add option unprivilegedUsernsClone 2020-08-25 14:18:24 +03:00
Herwig Hochleitner
8e3da733b1 nixos: wpa_supplicant: warn on unused config 2020-08-25 12:29:58 +02:00
Linus Heckemann
27f0ca6670 stage-1 find-libs: initialise left to empty array
declare -a is not sufficient to make the array variable actually
exist, which resulted in the script failing when the target object did
not have any DT_NEEDED entries. This in turn resulted in some
initramfs libraries not having their rpaths patched to point to
extra-utils, which in turn broke the extra-utils tests.
2020-08-25 12:10:30 +02:00
Sebastien Bariteau
db2de55cbe
nixos/espanso: init module (#93483)
nixos/espanso: init module
2020-08-24 20:37:33 -04:00
Eelco Dolstra
63b8d53640
Merge pull request #96103 from deviant/remove-rfkill
rfkill: remove
2020-08-24 18:14:14 +02:00
Bruno Bigras
5d36e00b7d nixos/sssd: fix the module
'system.nssModules' was not set correctly

fix #91242
2020-08-24 10:10:47 -04:00
Florian Klink
40d2968ebf
Merge pull request #94354 from flokli/systemd-246
systemd: 245.6 -> 246
2020-08-24 12:42:24 +02:00
Frederik Rietdijk
0a874ff2a6 Merge master into staging-next 2020-08-24 11:50:58 +02:00
V
b63b5eda68 rfkill: remove
rfkill was subsumed by util-linux in 2017 [1], and the upstream has not
been updated in over 5 years [2]. This package shadows the rfkill from
util-linux, so it can be completely removed with no breaking changes,
because util-linux is in the base package set in nixos/system-path.

[1] d17fb726b5
[2] https://git.sipsolutions.net/rfkill.git/log/
2020-08-24 02:49:27 +02:00
Robert Hensing
346a1b0ec6 nixos/hercules-ci-agent: init 2020-08-23 20:13:15 +02:00
Antoine Eiche
8595a0d6b9 Remove docker-preloader module and test 2020-08-23 10:49:13 +02:00
Lassulus
bfd706923e
Merge pull request #87700 from serokell/mkaito/upstream/prometheus-port
prometheus: Split options listenAddress and port
2020-08-23 09:29:01 +02:00
Lassulus
4165f9869e
Merge pull request #91586 from manveru/amazon-ssm-agent-2.3.1319.0
ssm-agent: 2.0.633.0 -> 2.3.1319.0
2020-08-23 08:48:16 +02:00
Jan Tojnar
91104b5417
Merge branch 'master' into staging-next 2020-08-23 02:00:50 +02:00
Sascha Grunert
ddfa221670 cri-o: add loobpack CNI config to module
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-23 09:32:40 +10:00
Sascha Grunert
2259fbdf4b
apparmor: add apparmor_parser config file
If the config does not exist, then apparmor_parser will throw a warning.
To avoid that and make the parser configurable, we now add a new option
to it.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-22 22:59:26 +02:00
Justin Humm
6a7b11055c
Merge pull request #93532 from erictapen/gollum-h1-title
nixos/gollum: introduce --h1-title option
2020-08-22 22:45:43 +02:00
Lassulus
2fb9ee9caa
Merge pull request #87553 from JoeDupuis/enhancing-monit-module
nixos/monit: Allow splitting the config in multiple files
2020-08-22 19:21:55 +02:00
Silvan Mosberger
af1ac757ff
Merge pull request #95986 from turboMaCk/imwheel-service
nixos/services.imwheel: sleep 3s before restarting
2020-08-22 16:51:48 +02:00
Silvan Mosberger
f8e6745ad3
Merge pull request #82817 from pacien/smartd-fix-hostname-notifications
smartmontools: fix missing hostname in notifications
2020-08-22 16:09:14 +02:00
Lassulus
6a2c73031a
Merge pull request #89353 from wizeman/u/fix-zfs-ebusy
stage-1: retry mounting ZFS root a few times
2020-08-22 15:42:32 +02:00
Marek Fajkus
dcaa2d2c74
nixos/services.imwheel: sleep 3s before restarting 2020-08-22 14:52:18 +02:00
Lassulus
8a141825a3
Merge pull request #89779 from jktr/acme-extra-flags
nixos/acme: extra lego flags
2020-08-22 14:29:39 +02:00
Lassulus
d8e671676d
Merge pull request #89785 from buckley310/logstash
logstash: fix support for multiple plugin paths
2020-08-22 14:07:20 +02:00
Lassulus
82b424453b
Merge pull request #86632 from Atemu/undervolt-timer-optional
Undervolt: Make timer optional
2020-08-22 11:48:30 +02:00
Atemu
ed83bac1d9 undervolt: make timer opt-in
It should no longer be needed but is worth keeping around in case it is
2020-08-22 10:42:20 +02:00
Atemu
e6f0a1e7eb undervolt: apply undervolt on boot and resume
The undervolt did not persist reboots or sleep/hibernation. With this
change you should no longer have to apply the undervolt on a timer
2020-08-22 10:42:19 +02:00
Silvan Mosberger
1b8a94db67
nixos/logrotate: Fix option reference
Fixes the manual build
2020-08-22 01:38:38 +02:00
Aaron Andersen
4df837063f
Merge pull request #95809 from aanderse/logrotate
nixos/logrotate: switch `paths` option type from listOf to attrsOf
2020-08-21 17:31:52 -04:00
Aaron Andersen
91db1c8aec
Merge pull request #87712 from aanderse/zabbix
zabbix: 4.4.8 -> 5.0.2
2020-08-21 17:11:55 -04:00
Aaron Andersen
06d17caf92 nixos/httpd: configure log rotation 2020-08-21 17:04:07 -04:00
Aaron Andersen
00f08005af nixos/logrotate: switch paths option type from listOf to attrsOf 2020-08-21 17:04:04 -04:00
Silvan Mosberger
bf777413f9
Merge pull request #95722 from Infinisil/dovecot-mailboxes-improved
nixos/dovecot: Improve mailboxes type
2020-08-21 22:40:50 +02:00
Jörg Thalheim
6f4141507b
meguca: remove (#95920) 2020-08-21 13:00:40 -07:00
Jörg Thalheim
b6e2e4c777
Merge pull request #93425 from helsinki-systems/feat/gitlab-shell-config 2020-08-21 19:20:42 +01:00
Janne Heß
ae1dada42f
nixos/gitlab: Support incoming mail
When incoming mails are enabled, an extra service is needed.
Closes #36125.
2020-08-21 18:56:20 +02:00
Lassulus
6f87509957
Merge pull request #91296 from cawilliamson/master
nixos/onlykey: fix typo
2020-08-21 18:27:46 +02:00
Lassulus
ebf11e405d
Merge pull request #95122 from rudolph9/nixos/xmonad
nixos/xmonad: Fix behavior of config opt
2020-08-21 08:51:42 +02:00
Sascha Grunert
71dd85bffa cri-o: add pinns path and witch to crio.conf.d config style
This adds the pinns path to the configuration let CRI-O start properly.
We also change the configuration to the new drop-in syntax.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-08-21 12:09:20 +10:00
adisbladis
7d6e7b3cd3
Merge pull request #95878 from adisbladis/emacs-26
emacs: Fix emacs26 attribute(s)
2020-08-21 01:26:44 +02:00
Aaron Andersen
b87b6abd17
Merge pull request #95294 from aanderse/postgresql-rootless
nixos/postgresql: run ExecStartPost as an unprivileged user
2020-08-20 19:16:23 -04:00
adisbladis
d1fdc67c53
nixos/editors: Remove any explicit mention of Emacs 25 2020-08-21 00:34:15 +02:00
Jan Tojnar
2adf17f8c2
Merge pull request #95869 from jtojnar/fc-local-regression
nixos/fontconfig: fix local.conf regression
2020-08-20 23:43:47 +02:00
Jan Tojnar
fe1b9ebaf1
nixos/fontconfig: fix local.conf regression
Another part of edf2541f02 was missed while
rebasing https://github.com/NixOS/nixpkgs/pull/93562, resulting in incorrect path
as described by https://github.com/NixOS/nixpkgs/issues/86601#issuecomment-675462227
2020-08-20 20:09:28 +02:00
davidak
5a3738d22b
nixos/systemPackages: clean up (#91213)
* nixos/systemPackages: clean up

* Update nixos/doc/manual/release-notes/rl-2009.xml

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>

* Update nixos/doc/manual/release-notes/rl-2009.xml

Co-authored-by: 8573 <8573@users.noreply.github.com>

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
Co-authored-by: 8573 <8573@users.noreply.github.com>
2020-08-20 13:45:54 +00:00
Aaron Andersen
fd250d57bb
Merge pull request #79123 from aanderse/apachectl
nixos/httpd: remove impurity from /etc
2020-08-19 20:56:51 -04:00
Anderson Torres
e7139f46cd
Merge pull request #93654 from Church-/jellyfin_10.6.0
jellyfin 10.5.5 -> 10.6.0
2020-08-19 10:21:16 -03:00
Frederik Rietdijk
4cf394ea3f Merge master into staging-next 2020-08-18 17:55:04 +02:00
Aaron Andersen
f6a3403055 nixos/zabbix: use proper character set and collation for mysql database 2020-08-18 10:30:27 -04:00
Silvan Mosberger
cfd599e117
Merge pull request #95743 from Ma27/qemu-test-out
nixos/test-instrumentation: properly import `options` for `qemu`-check
2020-08-18 14:29:50 +02:00
Silvan Mosberger
fc121e2813
nixos/dovecot: Improve mailboxes type
The previous use of types.either disallowed assigning a list at one
point and an attrset an another.
2020-08-18 14:25:51 +02:00
Maximilian Bosch
2fbddb0ccb
nixos/test-instrumentation: properly import options for qemu-check
If `qemu-vm.nix` is imported, the option `virtualisation.qemu.consoles`
should be set to make sure that the machine's output isn't rendered on
the graphical window of QEMU.

This is needed when interactively running a NixOS test or in conjunction
with `nixos-build-vms(8)`.

The patch 2578557530 tries to only do this
if the option actually exists, however this condition used to be always
false since `options` wasn't imported in the module and pointed to
`lib.options` due to the `with lib;`-clause.
2020-08-18 12:26:49 +02:00
Frederik Rietdijk
fe7bab33d7
Merge pull request #95553 from zowoq/rename-maintainers
maintainers: prefix number with underscore
2020-08-18 11:30:24 +02:00
Silvan Mosberger
7db9fd1dbc
Merge pull request #81467 from dawidsowa/rss-bridge
rss-bridge: init at 2020-02-26
2020-08-18 05:00:41 +02:00
zowoq
0052523a18 maintainers: 1000101 -> _1000101 2020-08-18 07:59:48 +10:00
zowoq
7d9c49f8e6 maintainers: 0x4A6F -> _0x4A6F 2020-08-18 07:59:44 +10:00
Silvan Mosberger
c6aa9e4af6
Merge pull request #95681 from flokli/fontconfig-penultimate-remove
nixos/fonts: remove fontconfig-penultimate
2020-08-17 23:47:52 +02:00
Florian Klink
8425726f86 nixos/fontconfig: fix 50-user.conf handling
Apparently, edf2541f02 was missed while
rebasing https://github.com/NixOS/nixpkgs/pull/93562.

Provide 50-user.conf in fontconfig if includeUserConf is true (the
default), and don't try removing the non-existent one if it's disabled

Fixes https://github.com/NixOS/nixpkgs/issues/95685
Fixes https://github.com/NixOS/nixpkgs/issues/95712
2020-08-17 23:12:57 +02:00
Jörg Thalheim
8b18e07c40
Merge pull request #95522 from doronbehar/fix/transmission
nixos/transmission: handle watch-dir
2020-08-17 19:54:48 +01:00
Jörg Thalheim
914d37cbc9
Merge pull request #95686 from ju1m/transmission-fix
transmission: fix BindReadOnlyPaths=
2020-08-17 19:52:27 +01:00
Frederik Rietdijk
0ac85bc455 Merge master into staging-next 2020-08-17 14:54:39 +02:00
Julien Moutinho
f6c3d4f723 transmission: fix BindReadOnlyPaths= 2020-08-17 14:09:12 +02:00
Martin Weinelt
a153452e54
Merge pull request #95508 from Ma27/nextcloud-nginx
nixos/nextcloud: update nginx config
2020-08-17 13:46:47 +02:00
Florian Klink
1d51b526e4 nixos/fonts/fontconfig-penultimate: remove module 2020-08-17 13:25:46 +02:00
ajs124
696357c376 sogo: remove SOGoZipPath
sogo links against libzip now
2020-08-17 12:15:16 +02:00
pacien
ea37c9caa1 smartmontools: use standard subject in notification emails
This makes the notification script use the subject generated by smartmontools
itself both for consistency with other distros and to include the hostname.
2020-08-16 20:48:42 +02:00
pacien
f1922cdbdc smartmontools: fix missing hostname in notifications
This properly registers some missing dependencies of smartd_warning.sh.
2020-08-16 20:48:03 +02:00
Florian Klink
bda86eee87
Merge pull request #95222 from eadwu/kresd/runtime-fixes
kresd: runtime fixes
2020-08-16 18:44:27 +02:00
Florian Klink
16fc531784
Merge pull request #95505 from flokli/remove-mathics
mathics: remove package, module and test
2020-08-16 18:42:10 +02:00
Vladimír Čunát
0a3386369c
qemu: fix build with environment.noXlibs = true
In some tests, e.g. -f nixos/release.nix tests.simple.x86_64-linux
we use noXlibs and qemu.ga.  Now that output is tiny but to get it
a full qemu build is done, and some dependencies like gtk3 won't build
with noXlibs due to their dependencies being too stripped down.

Therefore let's reduce qemu features in noXlibs case.
The `sdlSupport = false;` part probably wasn't needed,
but I added it for consistency.
2020-08-16 18:25:31 +02:00
Edmund Wu
68366adf3c
nixos/kresd: ensure /run/knot-resolver exists 2020-08-16 12:20:10 -04:00
Edmund Wu
6c67af2fac
nixos/kresd: ensure /var/lib/knot-resolver exists 2020-08-16 12:20:03 -04:00
Edmund Wu
1a6240bde4
nixos/kresd: fix CacheDirectory permissions as per tmpfiles 2020-08-16 12:18:32 -04:00
Edmund Wu
ed89d043dc
nixos/kresd: remove derivation from systemd.tmpfiles
Using per-unit directives as per https://github.com/NixOS/nixpkgs/pull/95222#issuecomment-674512571
2020-08-16 12:17:14 -04:00
Maximilian Bosch
e8bdadb864
Merge pull request #95109 from Ma27/nextcloud-reverse-proxy
nixos/nextcloud: add documentation for alternative reverse-proxies
2020-08-16 18:09:45 +02:00
Noah Hendrickson
ce9f0c42f9 nixos/jellyfin: added a package option to the options section, defaults to using the default jellyfin package if nixos version is 20.09 or greater, otherwise will default to using the new jellyfin_10_5 derivation for older systems. 2020-08-16 11:41:41 -04:00
Florian Klink
36a162edc3
Merge pull request #95342 from flokli/systemd-initctl
nixos/systemd: don't try to install systemd-initctl.{service,socket}
2020-08-16 17:17:18 +02:00
Doron Behar
ccee8dc09f nixos/mpd: Allow to configure a credentialsFile
Allow to specify a password file to be located outside the store, and be
read in `ExecStartPre`.
2020-08-16 18:03:47 +03:00
Ben Wolsieffer
23b4356a5f nixos/nixos-*: use runtimeShell
Fix shebangs and other shell uses in the NixOS tools, allowing them to work
correctly on cross-compiled systems.
2020-08-16 13:08:33 +00:00
Florian Klink
b2f3bbd3fb
Merge pull request #95507 from flokli/remove-mesos
mesos: remove package, module and test (and chronos/marathon which depends on it)
2020-08-16 14:46:24 +02:00
Jörg Thalheim
aeffd67cec
Merge pull request #95493 from Izorkin/nginx-unit 2020-08-16 13:20:31 +01:00
Robert Hensing
cf568e31f8
Merge pull request #95584 from hercules-ci/fix-nixos-test-instrumentation
nixos/test-instrumentation.nix: Fix evaluation error
2020-08-16 13:59:50 +02:00
Robert Hensing
2578557530 nixos/test-instrumentation.nix: Fix evaluation error
Discovered via https://github.com/NixOS/nixpkgs/pull/82743 which
improved option checking, causing an evaluation error that was
hard to understand without running the evaluation manually.
2020-08-16 13:50:53 +02:00
Ben Wolsieffer
8f1de2e7c0 environment.noXlibs: disable X11 support in cairo 2020-08-16 10:33:44 +00:00
Florian Klink
b3909d1cb1
Merge pull request #95565 from vcunat/p/symlinkJoin
nixos/systemd.tmpfiles.packages: fix an edge case
2020-08-16 12:27:19 +02:00
Florian Klink
609eb86db7
Merge pull request #95444 from doronbehar/fix/mount+s
nixos/wrappers: make mount have the +s bit.
2020-08-16 12:23:12 +02:00
paumr
d420369354 nixos/emacs: formatted with nixpkgs-fmt 2020-08-16 10:22:56 +00:00
Doron Behar
22abe3202f nixos/transmission: handle watch-dir as incomplete-dir
`watch-dir` was neglected after #92106 - this change makes using this
setting work.
2020-08-16 12:43:02 +03:00
Vladimír Čunát
3937923f81
nixos/systemd.tmpfiles.packages: fix an edge case
symlinkJoin can break (silently) when the passed paths contain symlinks
to directories.  This should work now.

Down-side: when lib/tmpfiles.d doesn't exist for some passed package,
the error message is a little less explicit, because we never get
to the postBuild phase (and symlinkJoin doesn't provide a better way):
/nix/store/HASH-NAME/lib/tmpfiles.d: No such file or directory

Also, it seemed pointless to create symlinks for whole package trees
and using only a part of the result (usually very small part).
2020-08-16 10:23:53 +02:00
Aaron Andersen
8e045b42fd nixos/postgresql: move ExecStartPost into postStart 2020-08-15 16:59:53 -04:00
Aaron Andersen
ec82ae3c39 nixos/postgresql: run ExecStartPost as an unprivileged user 2020-08-15 16:59:49 -04:00
Doron Behar
a854b77b08 nixos/wrappers: make (u)mount have the +s bit.
See
https://discourse.nixos.org/t/how-to-make-a-derivations-executables-have-the-s-permission/8555
and:
https://www.linuxquestions.org/questions/slackware-14/must-be-superuser-to-use-mount-fstab-is-correct-however-144932/
2020-08-15 21:57:16 +03:00
Florian Klink
01684d6e9b nixos/mathics: remove module 2020-08-15 20:16:13 +02:00
Florian Klink
b7be00ad5e
Merge pull request #93358 from helsinki-systems/fix/gitlab-customrb
nixos/gitlab: Fix extra-gitlab.rb
2020-08-15 20:13:28 +02:00
Maximilian Bosch
42f6244899
nixos/nextcloud: update nginx config
This patch ensures that latest Nextcloud works flawlessly again on our
`nginx`. The new config is mostly based on upstream recommendations
(again)[1]:

* Trying to access internals now results in a 404.
* All `.php`-routes get properly resolved now.
* Removed 404/403 handling from `nginx` as the app itself takes care of
  this. Also, this breaks the `/ocs`-API.
* `.woff2?`-files expire later than other assets like images.

Closes #95293

[1] https://docs.nextcloud.com/server/latest/admin_manual/installation/nginx.html
2020-08-15 17:12:11 +02:00
Florian Klink
645ea787c9 nixos/marathon: remove module
The corresponding package failed to build for >9 months.
2020-08-15 16:59:58 +02:00
Florian Klink
a90b929020 nixos/chronos: remove module
The chronos package has been broken for > 9 months due to the breakage
of the mesos package.
2020-08-15 16:59:38 +02:00
Florian Klink
34d91a8cba nixos/mesos*: remove
The mesos package has been broken for >9 months.
2020-08-15 16:59:37 +02:00