Commit Graph

617 Commits

Author SHA1 Message Date
Michael Peyton Jones
1b11fdd0df
system-path: allow other modules to provide setup fragments 2018-08-16 21:23:34 +01:00
Michael Peyton Jones
13e2e19158
xdg: add modules for supporting various XDG specs 2018-08-16 21:23:34 +01:00
Alyssa Ross
98b8d4cfbc
environment.extraInit: fix description typo 2018-08-13 14:28:52 +01:00
Silvan Mosberger
7eb5ba7618
Merge pull request #44015 from alexshpilkin/resolv-unbound
nixos/networking: include local Unbound in resolv.conf
2018-07-24 22:53:53 +02:00
Alexander Shpilkin
81fa1ceeee nixos/networking: include local Unbound in resolv.conf
Previously, only BIND, dnsmasq and resolved were included in
resolv.conf. Recognize an Unbound installation as well.
2018-07-23 16:26:03 +02:00
volth
92b3e8f147 fix build with allowAliases=false 2018-07-23 00:12:23 +00:00
volth
2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
volth
87f5930c3f [bot]: remove unreferenced code 2018-07-20 18:48:37 +00:00
Matthew Bauer
2b4d7221a9
Merge pull request #42569 from spacefrogg/nscd-fix
resolvconf.conf: Remove forced NSCD service restart
2018-07-05 22:16:02 -04:00
Florian Klink
fff5923686 nixos/modules: users.(extraUsers|extraGroup->users|group) 2018-06-30 03:02:58 +02:00
Michael Raitza
d8c16bc54a resolvconf.conf: Remove forced NSCD service restart
Forcibly restarting NSCD is unnecessary and breaks setups that use SSSD for
authentication. NSCD is capable of detecting changes to /etc/resolv.conf and
invalidating its caches internally. Restarting NSCD/SSSD breaks user name and
UID resolution.
2018-06-25 16:25:15 +02:00
aszlig
fb2c132db4
nixos/no-x-libs: Switch to using nixpkgs.overlays
The usage of nixpkgs.config.packageOverrides is deprecated and we do
have overlays since quite a while.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra
2018-06-11 20:58:33 +02:00
Matthieu Coudron
1e0975f4c0 iproute2: module to create rt_table file & co
When doing source routing/multihoming, it's practical to give names to routing
tables. The absence of the rt_table file in /etc make this impossible.
This patch recreates these files on rebuild so that they can be modified
by the user see NixOS#38638.

iproute2 is modified to look into config.networking.iproute2.confDir instead of
/etc/iproute2.
2018-05-15 21:55:04 +09:00
John Ericson
ba52ae5048 treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.

The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:

```
ISA:             ARMv8   {-A, -R, -M}
                 /    \
Mode:     Aarch32     Aarch64
             |         /   \
Encoding:   A64      A32   T32
```

At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.

The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.

[1]: https://developer.arm.com/products/architecture/a-profile
2018-04-25 15:28:55 -04:00
Wout Mertens
8e3a14549f
zramSwap: remove mentions of old kernels 2018-04-19 16:53:40 +02:00
Wout Mertens
dd5e2a08fb
zramSwap: default to 1 device
One device per cpu is only needed for kernel 3.14
2018-04-19 16:44:08 +02:00
Jörg Thalheim
02dfbab3be nixos/pulseaudio: pulseaudio.enable should imply sound.enable
cc @fpletz
2018-04-14 19:12:47 +01:00
aszlig
99ba1cb424
Increase max group name length to 32 characters
With #36556, a check was introduced to make sure the user and group
names do not exceed their respective maximum length. This is in part
because systemd also enforces that length, but only at runtime.

So in general it's a good idea to catch as much as we can during
evaluation time, however the maximum length of the group name was set to
16 characters according groupadd(8).

The maximum length of the group names however is a compile-time option
and even systemd allows more than 16 characters. In the mentioned pull
request (#36556) there was already a report that this has broken
evaluation for people out there.

I have also checked what other distributions are doing and they set the
length to either 31 characters or 32 characters, the latter being more
common.

Unfortunately there is a difference between the maximum length enforced
by the shadow package and systemd, both for user name lengths and group
name lengths. However, systemd enforces both length to have a maximum of
31 characters and I'm not sure if this is intended or just a off-by-one
error in systemd.

Nevertheless, I choose 32 characters simply to bring it in par with the
maximum user name length.

For the NixOS assertion however, I use a maximum length of 31 to make
sure that nobody accidentally creates services that contain group names
that systemd considers invalid because of a length of 32 characters.

Signed-off-by: aszlig <aszlig@nix.build>
Closes: #38548
Cc: @vcunat, @fpletz, @qknight
2018-04-08 12:51:33 +02:00
Michael Raskin
b07ce1fb74
Merge pull request #38114 from oxij/nixos/doc-module
nixos: doc module
2018-04-05 07:09:32 +00:00
Michael Raskin
195521350a
Merge pull request #38111 from oxij/tree/cleanups
assorted cleanups
2018-04-05 07:08:05 +00:00
Joachim Schiele
1b0cb040d9 user/group assertion to not exceed the 32 character limit 2018-03-30 23:43:23 +02:00
Jan Malakhovski
98fd9b7f86 nixos: doc: introduce documentation config subtree 2018-03-30 06:52:26 +00:00
Jan Malakhovski
302c170e1c nixos: replace optionals -> optional in nsswitch 2018-03-30 06:44:18 +00:00
Jan Malakhovski
6d7854a9a8 nixos: users-groups: cleanup 2018-03-30 06:40:13 +00:00
Florian Klink
6ac74d60ad networkmanager-pptp: remove package
Currently broken on NixOS due to hardcoded modprobe binary path (see
bug #30756 from Oct 2017), no activity on a proposed fix for months.
As the protocol is terribly broken anyways, let's better remove it
completely, and not talk about anymore ;-)

Closes #30756.
2018-03-23 22:24:50 +01:00
Jan Malakhovski
7079e744d4 Merge branch 'master' into staging
Resolved the following conflicts (by carefully applying patches from the both
branches since the fork point):

   pkgs/development/libraries/epoxy/default.nix
   pkgs/development/libraries/gtk+/3.x.nix
   pkgs/development/python-modules/asgiref/default.nix
   pkgs/development/python-modules/daphne/default.nix
   pkgs/os-specific/linux/systemd/default.nix
2018-03-10 20:38:13 +00:00
Johannes Frankenau
833ef67312 nixos/i18n: add option for extra locale settings 2018-03-07 16:10:36 +01:00
Vladimír Čunát
b70c93f211
Merge branch 'master' into nix-2.0 2018-03-03 18:02:35 +01:00
Shea Levy
fec543436d
nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
Shea Levy
c54730dde8
gobjectIntrospection: Enable building without X11 support.
Also disable it when noXlibs in NixOS.
2018-03-01 07:36:36 -05:00
Shea Levy
aebb024b2f
nixos: Take glibcLocales from buildPackages.
No need to cross-compile pure data...
2018-02-28 15:01:32 -05:00
Eelco Dolstra
9fc786c3a4
Create /home with the right permissions
Without this, it will be created with 700 permissions.
2018-02-27 20:28:49 +01:00
Jan Tojnar
a31d98f312
tree-wide: autorename gnome packages to use dashes 2018-02-25 17:41:16 +01:00
Eelco Dolstra
cc0caac098
Move creation of /root to the activation script
...so it appears in a new installation before rebooting the system.
2018-02-05 22:12:18 +01:00
Franz Pletz
36103e9863
nixos/powerManagement: remove duplicate definition
When not set just use the kernel default. `nixos-generate-config` will pick
a reasonable default.

cc #34350
2018-01-28 21:53:07 +01:00
Maximilian Bosch
8ed3a90cdf
nixos/powerManagement: set cpuFreqGovernor with mkOptionDefault
`nixos-generate-config` detects the `cpuFreqGovernor` suited best for my
machine, e.g. `powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";`.

However the `powerManagement` module sets a sensitive default for
`cpuFreqGovernor` using `mkDefault` to avoid breackage with older
setups. Since 140ac2f1 the `hardware-configuration.nix` sets the
gorvernor with `mkDefault` as well which causes evaluation errors if the
powermanagement module is enabled:

```
error: The unique option `powerManagement.cpuFreqGovernor' is defined multiple times, in `/home/ma27/Projects/nixos-config/hardware-configuration.nix' and `/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/config/power-management.nix'.
```

Using `mkOptionDefault` rather than `mkDefault` in the powermanagement
module fixes this issue as it decreases the priority of the module and
prefers the value set in `hardware-configuration.nix`.

I have confirmed the change using the following VM declaration:

```
{
  cpuFreq = { lib, ... }: {
    powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
    powerManagement.enable = true;
  };
}
```
2018-01-28 09:38:45 +01:00
Matthieu Coudron
91648a2f22 environment.variables: give an example 2018-01-22 10:40:23 +09:00
Jan Tojnar
bd0d521774
pinentry: override pinentry_ncurses instead of the other way around 2017-12-16 04:39:29 +01:00
Jan Tojnar
ba67110de3
pinentry_qt: merge into pinentry 2017-12-16 03:26:30 +01:00
Orivej Desh
d5facd5df3 nixos/networking: support static resolv.conf 2017-12-04 13:58:54 +00:00
Orivej Desh
905672f524 nixos/pulseaudio: document audio group for system wide access 2017-11-30 06:37:01 +00:00
Peter Hoeg
80c5cf80f2
pulseaudio/nixos: set it as default for openal/libao if enabled (#32078)
- /var/run -> /run as the former is deprecated
- configure openal to use pulseaudio if pulseaudio is enabled
- configure libao to use pulseaudio if pulseaudio is enabled
2017-11-27 15:49:38 +08:00
Jörg Thalheim
3ea493430a
Merge pull request #31283 from michalrus/per-user-profiles-buildEnv
users-groups module: use `buildEnv` in per-user profiles
2017-11-25 15:28:58 +00:00
Benjamin Staffin
64a9f5f0eb
fonts: fix fontconfig.localConf when used with penultimate
Fixes #31500
2017-11-10 16:57:45 -05:00
Michal Rus
55344df089
users-groups module: use buildEnv in per-user profiles
Resolves #31253
2017-11-05 17:56:31 +01:00
Graham Christensen
ab8b14cf92 Merge pull request #30397 from grahamc/nix-help
nix-info: init
2017-10-16 21:37:00 -04:00
Jason A. Donenfeld
f6d8a96993 nsswitch: use [NOTFOUND=return] for mdns
Commit 987aac7 and issue #18183 were intended to fix support for other
things, but in the process, changed mdns_minimal to use the wrong return
setting, resulting in permanent failures in early boot, affecting things
like issue #30459.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-16 15:11:58 +02:00
Graham Christensen
b16f3b2131
nix-info: include in nixos' default system-path, nixpkgs's channel 2017-10-14 22:01:30 -04:00
Graham Christensen
55bc53d1dd Merge pull request #30258 from srhb/tz-nospace
nixos/config/timezone: Disallow spaces
2017-10-14 10:27:09 -04:00
Peter Hoeg
6fd4209594 Revert "networking: add option to toggle the wait-online service"
This reverts commit 8758f476b3.
2017-10-14 14:42:49 +08:00
Peter Hoeg
8758f476b3 networking: add option to toggle the wait-online service 2017-10-14 14:38:04 +08:00
Eelco Dolstra
ee9a15b323
Set $NIX_DEBUG_INFO_DIRS when environment.enableDebugInfo is enabled
This allows it to co-exist with other debug info directories, such as
the one used by dwarffs
(https://github.com/edolstra/dwarffs/blob/master/module.nix).
2017-10-10 12:04:57 +02:00
Sarah Brofeldt
7b81889394 nixos/config/timezone: Disallow spaces 2017-10-09 20:52:25 +02:00
Franz Pletz
eb59961855
Revert "pinentry: make GTK3 the default front-end"
This reverts commit 3f7e3db744.

This broke the gpg-agent user service. See #27468.
2017-10-04 02:16:37 +02:00
Jörg Thalheim
0b18fa4f09 Merge pull request #30014 from eqyiel/krb5-fixes
nixos/krb5: complete rewrite
2017-10-03 11:04:58 +01:00
Joerg Thalheim
1406e249b3 krb5: add deprecation date for old configuration 2017-10-03 11:01:05 +01:00
Ruben Maher
06e15e59f9 nixos/krb5: complete rewrite
The `krb5` service was a bit lacking.

Addresses NixOS/nixpkgs#11268, partially addresses NixOS/nixpkgs#29623.
2017-10-02 14:30:19 +10:30
Jan Tojnar
3f7e3db744
pinentry: make GTK3 the default front-end
See: https://github.com/NixOS/nixpkgs/issues/18559
2017-10-01 01:40:03 +02:00
Peter Simons
99f759de1c Revert "nixos: add option for bind to not resolve local queries (#29503)"
This reverts commit 670b4e29adc16e0a29aa5b4c126703dcca56aeb6. The change
added in this commit was controversial when it was originally suggested
in https://github.com/NixOS/nixpkgs/pull/29205. Then that PR was closed
and a new one opened, https://github.com/NixOS/nixpkgs/pull/29503,
effectively circumventing the review process. I don't agree with this
modification. Adding an option 'resolveLocalQueries' to tell the locally
running name server that it should resolve local DNS queries feels
outright nuts. I agree that the current state is unsatisfactory and that
it should be improved, but this is not the right way.

(cherry picked from commit 23a021d12e8f939cd0bfddb1c7adeb125028c1e3)
2017-09-23 16:41:34 +02:00
gwitmond
bd52618c9d
nixos: add option for bind to not resolve local queries (#29503)
When the user specifies the networking.nameservers setting in the
configuration file, it must take precedence over automatically
derived settings.

The culprit was services.bind that made the resolver set to
127.0.0.1 and ignore the nameserver setting.

This patch adds a flag to services.bind to override the nameserver
to localhost. It defaults to true. Setting this to false prevents the
service.bind and dnsmasq.resolveLocalQueries settings from
overriding the users' settings.

Also, when the user specifies a domain to search, it must be set in
the resolver configuration, even if the user does not specify any
nameservers.

(cherry picked from commit 670b4e29adc16e0a29aa5b4c126703dcca56aeb6)

This commit was accidentally merged to 17.09 but was intended for
master. This is the cherry-pick to master.
2017-09-18 22:54:29 +02:00
pbogdan
94a4183bda nixos/fontconfig: fix substitutions option (#28895) 2017-09-05 16:20:42 +00:00
Orivej Desh
7803d69b78 nixos: update glibc locales link 2017-09-03 18:00:35 +00:00
Symphorien Gibol
bd54589233 networkmanager_iodine: init at 1.2.0 2017-08-30 02:58:29 +02:00
gnidorah
0e28d3af1d nixos: add pathes for KDE applications 2017-08-06 12:55:10 +03:00
Daniel Fullmer
caaa79f246 nixos/pulseaudio: Fix for missing zeroconf module 2017-08-03 14:21:34 +02:00
Peter Hoeg
72a64ea4f1 nsswitch: add systemd module
In order for DynamicUser = true to work in services, we need the
nss-systemd module to be able to resolve the user and group names
generated dynamically.
2017-08-03 10:51:06 +08:00
aszlig
4f901203e8
nixos/timezone: Fix evaluation error
Evaluation error introduced in a0d464033c.

If the value for timeZone is null it shouldn't be even tried to coerce
it into a string.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @lheckemann, @joachifm
2017-07-31 17:15:30 +02:00
Linus Heckemann
a0d464033c nixos/timezone: support imperative timezone configuration (#26608)
Fixes #26469.
2017-07-31 15:55:24 +01:00
Valentin Shirokov
d30b2eb1c0 Removed networking.fqdn option
Adding it was a mistake which can only lead to problems and confusion.
2017-07-31 13:55:41 +02:00
Valentin Shirokov
a74c0c6652 Removed deprecation warning for networking.extraHosts 2017-07-31 10:04:01 +02:00
Vladimír Čunát
8177561e8f
Merge #27105: more correct form of /etc/hosts 2017-07-30 09:57:41 +02:00
Volth
faac018630 environment.etc: add user/group option
fixes #27546
2017-07-29 23:56:46 +01:00
Valentin Shirokov
635ecd802f Deprecation warning for networking.extraHosts 2017-07-28 00:15:17 +03:00
Martin Wohlert
9be26f81ca change swap.randomEncryption config option to "coercedTo" for backwards compatibility 2017-07-26 20:57:10 +03:00
Martin Wohlert
c3d5cfdc3c swap: extend randomEncryption to plainOpen and ability to select cipher 2017-07-26 20:57:10 +03:00
k0ral
a3e6df6ee2 environment.noXlibs: Disable gnome when noXLibs is set (#27567) 2017-07-26 08:54:42 +02:00
edef
10c6df2e3c nixos/…/swap.nix: don't create a LUKS header for randomEncryption
Creating and then erasing the key relies on the disk erasing data
correctly, and otherwise allows attackers to simply decrypt swap just
using "secretkey". We don't actually need a LUKS header, so we can save
ourselves some pointless disk writes and identifiability.

In addition, I wouldn't have made the awful mistake of backing up my swap partition's LUKS header instead of my zpool's. May my data rest in peace.
2017-07-26 08:45:50 +02:00
Graham Christensen
2b2a6f2070
nixos/ldap: remove tls_checkpeer no when using TLS 2017-07-19 19:23:40 -04:00
Benno Fünfstück
1d78df2729 Merge pull request #27000 from Balletie/fix/pulseaudio-alsa-conf
pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsa
2017-07-17 08:20:38 +02:00
florianjacob
9937f13308 resolved: use resolved's static resolv.conf (#27144)
because it is upstream's recommended mode of operation:
https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
2017-07-13 14:40:31 +01:00
Valentin Shirokov
d29fc731b3 Example of networking.hosts is now literalExample 2017-07-09 23:12:57 +03:00
Valentin Shirokov
163393865f Style optimizations 2017-07-09 08:56:36 +03:00
Valentin Shirokov
2f97993992 Documentation fixes 2017-07-09 00:28:05 +03:00
Valentin Shirokov
396db6493d Style adjustments
Also dangerous typo fix
2017-07-08 23:04:47 +03:00
Valentin Shirokov
ca54c3f1aa Typo fix 2017-07-08 22:30:02 +03:00
Valentin Shirokov
5f2826fbed Added networking.hosts and networking.fqdn options 2017-07-08 21:13:16 +03:00
Valentin Shirokov
f9ec52dedc Added networking.extraLocalHosts option
It adds its contents to '127.0.0.1' line of /etc/hosts
It makes possible to point multiple domains to localhost in correct way
2017-07-04 02:19:11 +03:00
Jörg Thalheim
343ad1697d Merge pull request #26897 from layus/nixos-terminfo
terminfo: symlink terminfo to /etc for ncurses
2017-07-01 09:27:24 +01:00
Balletie
44fadbb9bd
pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsa
Fixes issue #25790.
2017-07-01 00:06:34 +02:00
Guillaume Maudoux
bd562949cf terminfo: symlink terminfo to /etc for ncurses 2017-06-30 11:17:11 +02:00
Florian Jacob
e370e97f3d nsswitch: only add modules to nsswitch.conf if they can be loaded 2017-06-30 02:44:23 +02:00
Florian Jacob
7410b0c82c nsswitch: add assertions for enabled nscd 2017-06-30 02:44:22 +02:00
Florian Jacob
63fa3e7c62 nsswitch: fix typo specifying nss-resolve module
this had the effect of not being able to load nss-resolve
and falling back to dns module in all cases.
2017-06-30 02:40:49 +02:00
Jörg Thalheim
859267f627
systemd-resolved: fix case when dnsmasq is used as local resolver
fixes #25706
2017-05-31 23:30:35 +01:00
Franz Pletz
1e95e114e5
nixos/xsession: use graphical systemd user target
While systemd suggests using the pre-defined graphical-session user
target, I found that this interface is difficult to use. Additionally,
no other major distribution, even in their unstable versions, currently
use this mechanism.

The window or desktop manager is supposed to run in a systemd user service
which activates graphical-session.target and the user services that are
binding to this target. The issue is that we can't elegantly pass the
xsession environment to the window manager session, in particular
whereas the PassEnvironment option does work for DISPLAY, it for some
mysterious reason won't for PATH.

This commit implements a new graphical user target that works just like
default.target. Services which should be run in a graphical session just
need to declare wantedBy graphical.target. The graphical target will be
activated in the xsession before executing the window or display manager.

Fixes #17858.
2017-05-29 15:05:28 +02:00
Jörg Thalheim
323f28d40e
nsswitch: use libnss_resolve if resolved is enabled 2017-05-24 01:10:36 +01:00
Jörg Thalheim
9464df56a0 Merge pull request #25712 from 4z3/per-user-pkgs
users-groups module: add per-user packages
2017-05-17 22:18:19 +01:00
Joachim Fasting
e6c65ecb12
tree-wide: remove uses of features.grsecurity 2017-05-14 15:08:51 +02:00
tv
f46b3a038f users-groups module: add per-user packages 2017-05-12 20:30:22 +02:00
Jörg Thalheim
ddb6d0962e
environment.profileRelativeEnvVars: remove sbin from example
follow up of https://github.com/NixOS/nixpkgs/pull/25550
2017-05-09 08:51:04 +01:00
Michael Raskin
a5d36429dc Merge pull request #22489 from avnik/nixos-locales
nixos:  allow supply customized locale package
2017-04-30 18:19:31 +02:00
Franz Pletz
3ab45f4b36
treewide: use boolToString function 2017-04-11 18:18:53 +02:00
Timofei Kushnir
42e1314727 nixos: remove duplicate wrapperDir PATH addition (#24703) 2017-04-09 13:07:33 +01:00
Thomas Tuegel
2214b638a7
nixos/fonts: install gyre-fonts by default
gyre-fonts provides high-quality TrueType substitutes for standard PostScript
fonts. Unlike most other distributions, NixOS does not install Ghostscript and
its Type 1 fonts by default, so we must get the standard fonts elsewhere.
2017-04-08 09:33:21 -05:00
Thomas Tuegel
d0954b5494
nixos/fontconfig-ultimate: Restore presets
The `preset` option was accidentally removed.
2017-04-08 08:22:01 -05:00
Thomas Tuegel
89bfa112cf
fontconfig-penultimate: 0.2.1 -> 0.3.2 2017-04-03 09:26:19 -05:00
Thomas Tuegel
03942659ca
nixos/fontconfig: remove renderMonoTTFAsBitmap 2017-04-03 08:24:32 -05:00
Thomas Tuegel
21c9190a5f
nixos/fontconfig: remove forceAutohint option 2017-04-03 08:23:32 -05:00
Thomas Tuegel
7a78892c47
nixos/fontconfig: disable autohint by default 2017-04-03 08:22:03 -05:00
Eelco Dolstra
a57bcd38b4
update-users-groups.pl: Keep track of deallocated UIDs/GIDs
When a user or group is revived, this allows it to be allocated the
UID/GID it had before.

A consequence is that UIDs and GIDs are no longer reused.

Fixes #24010.
2017-03-29 18:13:18 +02:00
Jörg Thalheim
36fca93290
rename iana_etc to iana-etc
fixes #23621
2017-03-28 22:35:15 +02:00
Vladimír Čunát
c1a9dc3d37
Merge branch 'master' into staging 2017-03-23 13:31:28 +01:00
Eelco Dolstra
86721a5f78
Allow attaching to non-child processes by default
The inability to run strace or gdb is the kind of
developer-unfriendliness that we're used to from OS X, let's not do it
on NixOS.

This restriction can be re-enabled by setting

  boot.kernel.sysctl."kernel.yama.ptrace_scope" = 1;

It might be nice to have a NixOS module for enabling hardened defaults.

Xref #14392.

Thanks @abbradar.
2017-03-21 18:48:35 +01:00
Thomas Tuegel
1b0d9e9ae6 Merge pull request #23819 from ttuegel/freetype
FreeType 2.7.1 and Fontconfig defaults
2017-03-20 11:43:50 -05:00
Thomas Tuegel
a6fce585e4
nixos/fontconfig: set rendering defaults, not overrides 2017-03-17 13:50:10 -05:00
Thomas Tuegel
354ea69ae4
fontconfig-penultimate: init at 0.2
Also provides a NixOS module.
2017-03-17 13:50:05 -05:00
Franz Pletz
91744f31b0 Merge pull request #23623 from mayflower/fix/users-create-home
nixos/users-groups: chown home on createHome
2017-03-14 23:07:57 +01:00
Thomas Tuegel
65592837b6
freetype: 2.6.5 -> 2.7.1
The Infinality bytecode interpreter is removed in favor of the new v40 TrueType
interpreter. In the past, the Infinality interpreter provided support for
ClearType-style hinting instructions while the default interpreter (then v35)
provided support only for original TrueType-style instructions. The v40
interpreter corrects this deficiency, so the Infinality interpreter is no longer
necessary.

To understand why the Infinality interpreter is no longer necessary, we should
understand how ClearType differs from TrueType and how the v40 interpreter
works. The following is a summary of information available on the FreeType
website [1] mixed with my own editorializing.

TrueType instructions use horizontal and vertical hints to improve glyph
rendering. Before TrueType, fonts were only vertically hinted; horizontal hints
improved rendering by snapping stems to pixel boundaries. Horizontal hinting is
a risk because it can significantly distort glyph shapes and kerning. Extensive
testing at different resolutions is needed to perfect the TrueType
hints. Microsoft invested significant effort to do this with its "Core fonts for
the Web" project, but few other typefaces have seen this level of attention.

With the advent of subpixel rendering, the effective horizontal resolution of
most displays increased significantly. ClearType eschews horizontal hinting in
favor of horizontal supersampling. Most fonts are designed for the Microsoft
bytecode interpreter, which implements a compatibility mode with
TrueType-style (horizontal and vertical) instructions. However, applying the
full horizontal hints to subpixel-rendered fonts leads to color fringes and
inconsistent stem widths. The Infinality interpreter implements several
techniques to mitigate these problems, going so far as to embed font- and
glyph-specific hacks in the interpreter. On the other hand, the v40 interpreter
ignores the horizontal hinting instructions so that glyphs render as they are
intended to on the Microsoft interpreter. Without the horizontal hints, the
problems of glyph and kerning distortion, color fringes, and inconsistent stem
widths--the problems the Infinality interpreter was created to solve--simply
don't occur in the first place.

There are also security concerns which motivate removing the Infinality patches.
Although there is an updated version of the Infinality interpreter for FreeType
2.7, the lack of a consistent upstream maintainer is a security concern. The
interpreter is a Turing-complete virtual machine which has had security
vulnerabilities in the past. While the default interpreter is used in billions
of devices and is maintained by an active developer, the Infinality interpreter
is neither scrutinized nor maintained. We will probably never know if there are
defects in the Infinality interpreter, and if they were discovered they would
likely never be fixed. I do not think that is an acceptable situtation for a
core library like FreeType.

Dropping the Infinality patches means that font rendering will be less
customizable. I think this is an acceptable trade-off. The Infinality
interpreter made many compromises to mitigate the problems with horizontal
hinting; the main purpose of customization is to tailor these compromises to the
user's preferences. The new interpreter does not have to make these compromises
because it renders fonts as their designers intended, so this level of
customization is not necessary.

The Infinality-associated patches are also removed from cairo. These patches
only set the default rendering options in case they aren't set though
Fontconfig. On NixOS, the rendering options are always set in Fontconfig, so
these patches never actually did anything for us!

The Fontconfig test suite is patched to account for a quirk in the way PCF fonts
are named.

The fontconfig option `hintstyle` is no longer configurable in NixOS. This
option selects the TrueType interpreter; the v40 interpreter is `hintslight` and
the older v35 interpreter is `hintmedium` or `hintfull` (which have actually
always been the same thing). The setting may still be changed through the
`localConf` option or by creating a user Fontconfig file.

Users with HiDPI displays should probably disable hinting and antialiasing: at
best they have no visible effect.

The fontconfig-ultimate settings are still available in NixOS, but they are no
longer the default. They still work, but their main purpose is to set rendering
quirks which are no longer necessary and may actually be
detrimental (e.g. setting `hintfull` for some fonts). Also, the vast array of
font substitutions provided is not an appropriate default; the default setting
should be to give the user the font they asked for.

[1]. https://www.freetype.org/freetype2/docs/subpixel-hinting.html
2017-03-12 17:31:33 -05:00
Thomas Tuegel
e3cb24d1e0 Merge pull request #23503 from ttuegel/fontconfig
Generalize Fontconfig options
2017-03-09 19:29:28 -06:00
Franz Pletz
9ea35eae7a
nixos/users-groups: chown home on createHome
Fixes #23619.
2017-03-08 00:29:20 +01:00
Jaka Hudoklin
f5d81ed79b Merge pull request #20904 from offlinehacker/nixos/xserver/xpra
Add xpra display-manager
2017-03-05 01:32:23 +01:00
Thomas Tuegel
286b007bd3
nixos/fontconfig: lift some settings out of fontconfig.ultimate 2017-03-04 14:59:24 -06:00
Robin Gloster
274994785d
networking module: remove reference to removed ip-up.target 2017-02-23 15:25:19 +01:00
Alexander V. Nikolaev
2c54fa04be nixos: allow supply customized locale package
Overriding ``glibcLocales`` via nixpkgs.overlays not works,
so I added i18n.glibcLocales parameter, defaulted with
old override, using i18n.supportedLocales.
2017-02-06 07:30:15 +02:00
Parnell Springmeyer
6777e6f812
Merging with upstream 2017-01-29 05:54:01 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Mike Cooper
18eff26dd9
Fix typo in pulseaudio.nix 2017-01-26 20:52:33 +01:00
Parnell Springmeyer
a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy 2017-01-26 02:00:04 -08:00
Parnell Springmeyer
bae00e8aa8
setcap-wrapper: Merging with upstream master and resolving conflicts 2017-01-25 11:08:05 -08:00
Franz Pletz
ab90eac835
networking: fix typo in resolvconf option edns0 2017-01-21 20:41:11 +01:00
sternenseemann
9f56dd9d63 nixos/pulseaudio: make daemon.conf configurable (#20888)
This adds pulseaudio.daemon.config, which is a set of keys to values
which are directly translated to keys and values of pulseaudio's
daemon.conf, e. g.

    hardware.pulseaudio.daemon.config = { flat-volumes = "no"; }

becomes

    flat-volumes=no

in pulse/daemon.conf.
2017-01-14 22:58:16 +01:00
Vladimír Čunát
11696e290d
nixos networking.dnsExtensionMechanism = true; by default
https://github.com/NixOS/nixpkgs/issues/12470#issuecomment-266785641
I've been using it for weeks without encountering any problems.
2017-01-10 15:15:01 +01:00
Peter Hoeg
f1b8c3b119 pulseaudio nixos module: use the units provided by upstream (#21633)
I have left in 2 NixOS custom config directives, so the configuration
should be the same with the only change in behaviour being that the
service is not eagerly loaded but in fact only socket activated, which
it should be.
2017-01-09 13:47:33 +01:00
Alexander Kahl
61d125b842 sssd: init at 1.14.2
perlPackages.TextWrapI18N: init at 0.06
perlPackages.Po4a: init at 0.47
jade: init at 1.2.1
ding-libs: init at 0.6.0

Switch nscd to no-caching mode if SSSD is enabled.

abbradar: disable jade parallel building.

Closes #21150
2017-01-04 03:07:20 +03:00
gnidorah
90deca3a0c nixos-generate-config: detect CPU governor
* cpu-freq: Try powersave if ondemand is not available

* Revert "cpu-freq: Try powersave if ondemand is not available"

This reverts commit 4dc56db37e32dcfecd667ebbf88263e47b296097.
Consult available scaling governors; for freshly generated configs, this provides a better experience than relying on a default that might not work everywhere.
2017-01-02 17:20:28 +01:00
Peter Hoeg
987aac7794
/etc/hosts and /etc/nsswitch.conf cleanups
fixes #18183
2016-12-17 16:01:35 +01:00
Jörg Thalheim
1590461887 ntp: make timesyncd the new default
- most nixos user only require time synchronisation,
  while ntpd implements a battery-included ntp server (1,215 LOCs of C-Code vs 64,302)
- timesyncd support ntp server per interface (if configured through dhcp for instance)
- timesyncd is already included in the systemd package, switching to it would
  save a little disk space (1,5M)
2016-12-17 00:00:45 +01:00
michael bishop
e5cefadef7 fix indentation in several nixos option descriptions 2016-12-16 18:29:25 +01:00
Jörg Thalheim
3b763fef44 nssModules: include correct systemd output
fixes libnss_myhost, libnss_mymachines, libnss_resolve are located here
2016-12-15 20:23:16 +01:00
Jaka Hudoklin
c5607ceec5 pulseaudio module: set cookie env variable if running in systen wide mode 2016-12-04 22:24:00 +01:00
Joachim Fasting
f9f354faad
nixos/modules: use defaultText where applicable
Primarily to fix rendering of these default values in the manual but
it's also nice to avoid having to eval these things just to build the
manual.
2016-11-21 16:35:15 +01:00
Eric Sagnes
61efe92e68 fontconfig module: use enum 2016-11-16 22:35:46 +09:00
David McFarland
6bf27c2cae vulkan-loader: allow validation layers to be enabled
The loader now uses XDK_DATA_DIRS to find drivers and layers.
2016-11-13 12:44:27 -04:00
Eric Sagnes
1fe1cdecb2 types: loeOf -> listOf 2016-11-05 21:46:42 +01:00
Aneesh Agrawal
3d99eea852 docs: use overrideAttrs instead of overrideDerivation 2016-10-30 14:34:40 -04:00
Nikolay Amiantov
0762396d68 timezone service: link localtime to /etc/zoneinfo instead of tzinfo directly
This is needed so systemd can extract timezone from a symlink.
2016-10-11 16:55:52 +03:00
Franz Pletz
07289a3b71
debug-info: use pkgs.lib.overrideDerivation (fixed)
See 87793207e8.
2016-10-08 15:53:37 +02:00
Michael Stapelberg
87793207e8
debug-info: use pkgs.lib.overrideDerivation
Without this change, I get the error “undefined variable 'overrideDerivation'”

Fixes #18529.
2016-10-08 15:52:35 +02:00
Jörg Thalheim
3dbecd4f91 Merge pull request #19185 from Mic92/networking
networking: enable "multi on" in resolver settings
2016-10-03 16:51:02 +02:00
Jörg Thalheim
4792af66c3
networking: enable "multi on" in resolver settings
this allows to return ipv4/ipv6 addresses for the same host in /etc/hosts.
fixes #19148
2016-10-03 14:37:29 +02:00
Joachim F
7e80c42b0e Merge pull request #18511 from ericsagnes/feat/remove-optionSet
modules: optionSet -> submodule
2016-10-01 17:57:45 +02:00
aszlig
cb2f84e4d7
nixos/activation: Rename "tmpfs" to "specialfs"
Using "tmpfs" as a script part for system.activationScripts is a bit
misleading since 6efcfe03ae.

We no longer solely mount tmpfs within this script, so using "specialfs"
fits more nicely in terms of naming.

Tested against the "simple" NixOS installer test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-26 02:04:54 +02:00
Eric Sagnes
77f572f072 users-groups module: optionSet -> submodule 2016-09-13 12:53:09 +09:00
Alexander Ried
27bc34f1e4 treewide: deprecate ip-up.target (#18319)
Systemd upstream provides targets for networking. This also includes a target network-online.target.

In this PR I remove / replace most occurrences since some of them were even wrong and could delay startup.
2016-09-10 18:03:59 +02:00
Eelco Dolstra
5b5c2fb9c0 Make the default fonts conditional on services.xserver.enable
We were pulling in 44 MiB of fonts in the default configuration, which
is a bit excessive for headless configurations like EC2
instances. Note that dejavu_minimal ensures that remote X11-forwarded
applications still have a basic font regardless.
2016-09-05 15:51:37 +02:00
Eelco Dolstra
ab49ebe6fa Make it possible to disable "info" 2016-09-05 14:53:27 +02:00
Eelco Dolstra
0aa7520670 Revert "nixos: remove rsync from base install and add explicit path in nixos-install"
This reverts commit 582313bafe.

Removing rsync is actually pointless because nixos-install depends on
it. So if it's part of the system closure, we may as well provide it
to users.

Probably with the next Nix release we can drop the use of rsync and
use "nix copy" instead.
2016-09-05 13:45:59 +02:00
Tuomas Tynkkynen
e2c6740c37 Merge commit 'adaee73' from staging into master
This one was already merged into release-16.09, so let's not have the
stable branch is ahead of master and confuse things. In addition to
that, currently we have an odd situation that master has less things
actually finished building than in staging.

Conflicts:
	pkgs/data/documentation/man-pages/default.nix
2016-09-03 01:02:51 +03:00
Parnell Springmeyer
98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Tuomas Tynkkynen
8c4aeb1780 Merge staging into master
Brings in:
    - changed output order for multiple outputs:
      https://github.com/NixOS/nixpkgs/pull/14766
    - audit disabled by default
      https://github.com/NixOS/nixpkgs/pull/17916

 Conflicts:
	pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
Eelco Dolstra
8172cd734c docdev -> devdoc
It's "developer documentation", not "documentation developer" after
all.
2016-09-01 11:07:23 +02:00
obadz
a3621b1047 nixos/…/swap.nix: add some safety assertions for randomEncryption 2016-08-31 15:29:11 +01:00
Nikolay Amiantov
a4879c44c9 Merge pull request #18160 from obadz/swap-encryption
nixos/…/swap.nix: remove backslashes from deviceName
2016-08-31 17:59:45 +04:00
obadz
a7d238136d nixos/…/swap.nix: remove backslashes from deviceName
Fixes #8277

Prior to this, backslashes would end up in fstab and the swap partition
was not activated.  Swap files seemed to work fine.
2016-08-31 14:40:21 +01:00
Domen Kožar
e561edc322 update-users-groups.pl: correctly guard duplicate uids for declarative users
Verified that following nixos configuration:

    users.users.foo = {
      uid = 1000;
      name = "foo";
    };
    users.users.bar = {
      name = "bar";
    };

Before this commit both users will get uid of 1000, after it's applied
bar will correctly get 1001.
2016-08-30 17:14:14 +02:00
Vladimír Čunát
4f73633f26 treewide: stop using fontbhttf 2016-08-29 22:28:50 +02:00
obadz
3de6e5be50 Merge branch 'master' into staging
Conflicts:
      pkgs/applications/misc/navit/default.nix
      pkgs/applications/networking/mailreaders/alpine/default.nix
      pkgs/applications/networking/mailreaders/realpine/default.nix
      pkgs/development/compilers/ghc/head.nix
      pkgs/development/libraries/openssl/default.nix
      pkgs/games/liquidwar/default.nix
      pkgs/games/spring/springlobby.nix
      pkgs/os-specific/linux/kernel/perf.nix
      pkgs/servers/sip/freeswitch/default.nix
      pkgs/tools/archivers/cromfs/default.nix
      pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
Profpatsch
56a320d4a3 nixos/pulseaudio: remove stray load-modules
There was an additional load-modules put into `default.pa` which caused
pulse to fail.
2016-08-25 19:34:57 +02:00
Franz Pletz
c0fa26ef3b Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-08-24 11:01:53 +02:00
Markus Mueller
07c44b81c3 ldap: Add option for NSS integration 2016-08-23 21:12:51 +02:00
Markus Mueller
e04c3506eb ldap: Add option for login PAM integration 2016-08-23 21:12:51 +02:00
Robin Gloster
7413278f9b Revert "Remove lsh, broken & unmaintained"
This reverts commit 73f4c2bdf8.
2016-08-23 15:32:41 +00:00
Nikolay Amiantov
f961fc7dd1 freetype: re-add infinality patches
archfan has updated those patches for the new version.
2016-08-20 03:21:05 +03:00
cmfwyp
1c7114da69 freetype: 2.6.2 -> 2.6.5
The fontconfig-ultimate patches are unmaintained. Since they were
not updated for newer FreeType versions, this removes them and
disables fontconfig-ultimate by default.
2016-08-20 03:21:05 +03:00
Nikolay Amiantov
e3ab0826c2 fontconfig-ultimate: 2015-12-06 -> 2016-04-23
This removes our hardcoded presets which weren't updated for quite some time.
Infinality now has new hardcoded presets in freetype, which can be overriden if
desired with environment variables (as before). Accordingly, updated NixOS
module to set the hardcoded preset.

Additionally used a more "right" type for substitutions.
2016-08-20 03:21:05 +03:00
Eric Sagnes
e80e8b9dc9 fontconfig module: respect upstream definitions 2016-08-20 03:21:05 +03:00
Eric Sagnes
cd2948a72e fontconfig: fix etc priority 2016-08-20 03:21:05 +03:00
Nikolay Amiantov
5ff6e98486 modprobe service: drop kmod wrapper 2016-08-19 17:56:49 +03:00
Shea Levy
9adad8612b Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
Was meant to go into staging, sorry

This reverts commit 57b2d1e9b0, reversing
changes made to 760b2b9048.
2016-08-15 19:05:52 -04:00
Nikolay Amiantov
b2ebecd9e5 modprobe service: drop kmod wrapper 2016-08-16 00:19:25 +03:00
Robin Gloster
b7787d932e Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-12 09:46:53 +00:00
obadz
582313bafe nixos: remove rsync from base install and add explicit path in nixos-install
As per 60b3f95ad8 (commitcomment-18507812)
2016-08-09 21:39:40 +01:00
Robin Gloster
63c7b4f9a7 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-31 20:51:34 +00:00
Profpatsch
8a6047a525 nixos/pulseaudio: increase service restart time
Pulseaudio doesn’t like being restarted too quickly.
2016-07-30 23:42:54 +02:00
Profpatsch
5074a79937 nixos/pulseaudio: tcp streaming & zeroconf
Adds options for tcp streaming and avahi zeroconf support (so that the
server can be easily found by clients).
There is also an option to allow anonymous clients to stream to the
server (by default pulseaudio uses a cookie mechanism, see manpage).
2016-07-30 23:42:54 +02:00
Robin Gloster
f222d98746 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-25 12:47:13 +00:00
Robin Gloster
203846b9de Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-19 10:37:02 +00:00
Jiri Marsicek
7d0990b594 pulseaudio module: add extraClientConf option 2016-07-19 00:14:58 +02:00
Joachim F
8f43f111c0 Merge pull request #15840 from anderspapitto/pulse-jack
pulseaudio service: set DISPLAY
2016-07-16 13:26:39 +02:00
obadz
cfc0a5415b Revert "fontconfig: fix etc priority"
This reverts commit 1e53d4a777.

Closes #16983

cc @vcunat @ericsagnes @dezgeg
2016-07-15 20:44:21 +02:00
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Eric Sagnes
1e53d4a777 fontconfig: fix etc priority 2016-07-09 16:50:13 +02:00
Nikolay Amiantov
8b92103ae8 Merge branch 'master' into staging 2016-07-08 20:36:44 +03:00
Nikolay Amiantov
4ae98c2064 Merge branch 'kbd-paths' into staging
Closes #16642
2016-07-08 20:35:25 +03:00
Nikolay Amiantov
c89843b604 kbd: split keymaps into kbdKeymaps 2016-07-08 12:52:39 +03:00
Nikolay Amiantov
6c11d9dd55 kbd service: add system-wise console resources 2016-07-08 12:52:39 +03:00
Bjørn Forsman
b30852ed41 nixos/swap: support for resizing swapfile
Currently NixOS creates the swapfile (with the specified size) only if
it doesn't already exist. Changing the swapfile size afterwards will not
have any effect.

This commit changes that so the swapfile will be recreated whenever
swapDevices.*.size is changed (or more precisely, whenever the actual
file size differs from the configured one), allowing both growing and
shrinking the swapfile.

The service unit has "restartIfChanged = false", so we don't have to
worry about the swapfile being in use at the time this code is run (you
have to reboot for swapfile changes).

fallocate doesn't shrink files, use truncate for that. truncate can also
be used to grow files, but it creates "holes" in the file which doesn't
work with swapfiles.
2016-07-06 16:04:27 +02:00
Anders Papitto
eba3f92ef9 pulseaudio: set DISPLAY 2016-07-05 19:17:14 -07:00
Bjørn Forsman
6e528893a8 nixos/update-users-groups.pl: print UIDs and GIDs
Instead of showing this output from "nixos-rebuild switch":

  warning: not applying GID change of group ‘munin’
  warning: not applying UID change of user ‘ntp’

print this:

  warning: not applying GID change of group ‘munin’ (95 -> 102)
  warning: not applying UID change of user ‘ntp’ (3 -> 179)

This makes it possible for users to take action and fixup the UIDs/GIDs
that NixOS won't touch.
2016-07-01 13:13:46 +02:00
Profpatsch
56664c5fc6 modules/users-groups: add shell example 2016-06-25 19:41:24 +02:00