Commit Graph

6561 Commits

Author SHA1 Message Date
Izorkin
42a99b1be2 nixos/unit: init service unit 2019-03-16 19:54:21 +03:00
Vladimír Čunát
3aecf21239
Merge #56922: nixos/knot: init basic service + tests 2019-03-16 09:17:15 +01:00
Janne Heß
b0daedd371 nixos/icingaweb2: Replace most options with toINI 2019-03-15 20:35:29 +01:00
Florian Jacob
5bec5e8cb1 nixos/mysql: specify option types 2019-03-15 16:32:36 +01:00
Silvan Mosberger
f8de52a2fe
Revert "nixos/nginx: support h2c" 2019-03-15 14:31:11 +01:00
Markus
2e29412e9c nixos/kubernetes: Add proxy client certs to apiserver 2019-03-15 13:21:43 +00:00
Ryan Mulligan
4b6a41a939
Merge pull request #57077 from callahad/brother-dsseries
dsseries: init at 1.0.5-1
2019-03-14 21:17:31 -07:00
aszlig
ef553788d0
postgresql: Move socket dir to /run/postgresql
The default, which is /tmp, has a few issues associated with it:

One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.

Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.

We regularily run into issues with this in the past already (one example
would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new
systemd-confinement mode upcoming in
https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more
tedious to sandbox services.

I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
2019-03-15 04:52:35 +01:00
Silvan Mosberger
fb879ae920
Merge pull request #57174 from worldofpeace/pantheon/cleanup
nixos/pantheon cleanup
2019-03-15 01:26:49 +01:00
Matthew Bauer
b703c4d998 plasma5: fix typo from pr #57037
Thanks @Yarny0
2019-03-14 14:09:13 -04:00
Martin Weinelt
a978d3dcd2
nixos/knot: init 2019-03-14 01:28:53 +01:00
Artemis Tosini
fee854ed01
nixos/nginx: add return option to location 2019-03-13 17:31:01 +00:00
Andrew Childs
c53703a6b2 nixos/prometheus: use append instead of insert for opening firewalls (#55224)
Inserting with `-I` causes the rules to placed before `ctstate`
tracking, while `-A` places them alongside all other allow rules.
2019-03-13 12:44:36 +02:00
Markus
7e71cd8292 nixos/flannel: Add iptables package to service path 2019-03-12 15:30:33 +00:00
Johan Thomsen
292c1ce7ff nixos/gitlab: added gzip and bzip2 as dependencies for gitaly 2019-03-12 15:04:45 +00:00
Matthew Bauer
7890494813
Merge pull request #57037 from matthewbauer/remove-xdg-desktop-menu-dummy
plasma: handle kbuildsycoca5 better
2019-03-11 22:58:40 -04:00
Christian Kögler
9f7f16cd7b nixos dwm: start user installed dwm if available
dwm has no configuration file. The user has to install his own version.
2019-03-11 20:18:08 +01:00
Christian Albrecht
e3a80ebc40
Cleanup pki: remove mkWaitCurl 2019-03-11 12:22:59 +01:00
Christian Albrecht
45e683fbd6
Cleanup pki: control-plane-online 2019-03-11 12:22:59 +01:00
Christian Albrecht
50c5f489ef
Cleanup pki: scheduler 2019-03-11 12:22:53 +01:00
Christian Albrecht
46653f84c9
Cleanup pki: proxy 2019-03-11 12:22:49 +01:00
Christian Albrecht
73657b7fcf
Cleanup pki: kubelet 2019-03-11 12:22:44 +01:00
Christian Albrecht
ea6985ffc1
Cleanup pki: flannel 2019-03-11 12:22:40 +01:00
Christian Albrecht
ce83dc2c52
Cleanup pki: controller-manager 2019-03-11 12:22:36 +01:00
Christian Albrecht
8ab50cb239
Cleanup pki: apiserver and etcd 2019-03-11 12:22:31 +01:00
Christian Albrecht
ee9dd4386a
Cleanup pki: addon-manager 2019-03-11 12:16:58 +01:00
worldofpeace
36d4dba317 nixos/pantheon: more mkDefault 2019-03-09 17:29:29 -05:00
worldofpeace
c41a2d28d3 nixos/pantheon: cleanup systemPackages
We don't need gnome-bluetooth because its executables
path is already hardcoded into the contractor file, as that's
the only place it is needed.
Don't think we need gnome-power-manager either.

Also add programs like geary to removePackagesByName.
2019-03-09 17:29:08 -05:00
Silvan Mosberger
6ad76ff1ba
Merge pull request #52096 from furrycatherder/davmail
nixos/davmail: init
2019-03-09 22:41:55 +01:00
Pierre Bourdon
18bc8203a1
nixos/firewall: canonicalize firewall ports lists
Fixes #56086.
2019-03-09 20:02:04 +01:00
Pierre Bourdon
843215ac1c
nixos/firewall: use types.port where appropriate 2019-03-09 19:45:11 +01:00
Sean Haugh
f2730d881b nixos/davmail: init
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
Co-authored-by: Silvan Mosberger <infinisil@icloud.com>
2019-03-09 12:05:15 -06:00
scaroo
56aa491ad7 zonminder: Fix database name and username
PR #56889 messed up db and use naming while fixing the scope of the initialDatabases property.
This patch fixes the issue.
2019-03-09 17:21:29 +01:00
worldofpeace
fa64c63fa0
Merge pull request #56552 from worldofpeace/elementary-screenshot-tool/fix-conceal-text
pantheon.elementary-screenshot-tool: fix conceal text
2019-03-09 11:03:37 -05:00
Alexandre Mazari
d7f6cdeda4 Fix locally created database (#56889)
* zoneminder: fix initial database creation

Move initialDatabases directive from the 'ensureUsers' scope to the correct outer 'mysql' one.

* zoneminder: Fix mysql username to match unix username

When database.createLocally is used, a mysql user is created with the ensureUsers directive.
It ensures that the unix user with the name provided exists and can connect to MySQL through socket.
Thus, the MySQL username used by php/perl scripts must match the unix user owning the server PID.

This patch sets the default mysql user to 'zoneminder' instead of 'zmuser'.
2019-03-09 17:57:39 +02:00
Jonas Juselius
279716c330 nixos/kubernetes: add dns addonmanger reconcile mode option (#55834)
Allow coredns ConfigMap and Depolyment to be editable by the user. An use
case is augmenting the default, generated dns records with local services.
2019-03-09 12:57:41 +02:00
aanderse
d800bd923f nixos/redmine: replace imagemagickBig with imagemagick (#57078) 2019-03-08 23:47:11 +01:00
Jordan Johnson-Doyle
04425c6223
nixos/nginx: support h2c 2019-03-08 17:50:46 +00:00
Silvan Mosberger
a540993d62
Merge pull request #56171 from bachp/tautulli
tautulli/plexpy: 1.4.25 -> 2.1.26 (renamed)
2019-03-08 16:52:40 +01:00
Silvan Mosberger
21c6592a42
Merge pull request #56987 from bachp/nextcloud-ocm-provider
nixos/nextcloud: fix escapings and ocm-provider
2019-03-08 16:49:36 +01:00
Bas van Dijk
e44e2455d3 strongswan-swanctl: fix module by setting the new SWANCTL_DIR envvar 2019-03-08 16:11:38 +01:00
Dan Callahan
c80385d934
dsseries: init at 1.0.5-1 2019-03-08 15:02:22 +00:00
Silvan Mosberger
9fa52ae9a2
Merge pull request #56589 from johanot/kubernetes-module-stabilization
nixos/kubernetes: minor module fixes
2019-03-08 15:47:15 +01:00
Christian Albrecht
154356d820
nixos/kubernetes: Fix kube-control-plane-online must not be present
outside kubernetes module.
2019-03-08 09:36:59 +01:00
Johan Thomsen
80c4fd4f85 nixos/kubernetes: minor module fixes
- mkDefault etcd instance name
- make sure ca-cert in mkKubeConfig can be overriden
- fix controller-manager "tls-private-key-file" flag name
2019-03-08 09:18:51 +01:00
Ryan Mulligan
18f6dbe6be nixos/hdaps: automatically enable the hdapsd kernel module (#56309)
patch by hpoussin via
https://discourse.nixos.org/t/hdapsd-automatically-enable-the-hdapsd-kernel-module/2183
2019-03-08 09:50:02 +02:00
Silvan Mosberger
0036842e8d
Merge pull request #57006 from kyren/bepasty-fix
nixos/bepasty: switch to python3Packages to match bepasty package
2019-03-08 01:54:48 +01:00
Silvan Mosberger
4a9a596fbf
Merge pull request #56625 from aanderse/phpfpm
set phpOptions per phpfpm pool, instead of applying to every phpfpm pool
2019-03-08 01:53:18 +01:00
Matthew Bauer
393b359f13 plasma: handle ksycoca5 better
- Remove xdg-desktop-menu-dummy.menu kbuildsycoca5. Not sure why we
  need it but it is a pretty big failure if it exists.
  See issue #56176.

- plasma: clear ksycoca cache before building

  This is needed to pick up on software removed since the last cache
  update. Otherwise it hangs around as zombies forever (or until the
  cache is cleared).

- Add the above + the icon cache cleanup to plasmaSetup

  This will be run for the logged in user on each nixos-rebuild.
  Unfortunately this only works if you are managing software through
  nixos-rebuild (nix-env users need to run this manually, otherwise
  log out and log back in).
2019-03-07 15:11:04 -05:00
Silvan Mosberger
34e67f3f9f
Merge pull request #56578 from serokell/youtrack-hostname
youtrack: add hostname to path
2019-03-07 18:56:29 +01:00
Christian Höppner
c568dad253
nixos/youtrack: add hostname to path 2019-03-07 17:21:20 +01:00
Janne Heß
2a6f518b90 nixos/openldap: Fix quoting of log level 2019-03-07 14:19:50 +01:00
kyren
4bf1d8c67d nixos/bepasty: switch to python3Packages to match bepasty package
I think the bepasty nixos service has been broken since c539c02, since
bepasty changed from using python2.7 to python3.7.  This updates the
nixos module to refer to the matching python version.
2019-03-06 22:18:59 -05:00
Silvan Mosberger
502a4263a3
Merge pull request #55936 from tobim/modules/snapserver
nixos/snapserver: init
2019-03-07 00:00:48 +01:00
Tobias Mayer
085751b63b nixos/snapserver: init
A nixos module for configuring the server side of pkgs.snapcast.
The module is named "snapserver" following upstream convention.
This commit does not provide module for the corresponding client.

Fix handling of port and controlPort

Fix stream uri generation & address review

Remove unused streams options & add description

Add missing description & Remove default fs path

Use types.port for ports & formatting improvements

Force mpd and mopidy to wait for snapserver
2019-03-06 23:40:05 +01:00
Pascal Bach
415b927653 nixos/nextcloud: fix escapings and ocm-provider 2019-03-06 21:56:27 +01:00
Christian Albrecht
ff382c18c8
nixos/kubernetes: Address review: Move remaining paths to pki 2019-03-06 17:56:28 +01:00
Christian Albrecht
e148cb040b
nixos/kubernetes: Address review: rename node-online target 2019-03-06 17:17:20 +01:00
Christian Albrecht
5684034693
nixos/kubernetes: Address review: Remove restart from certmgr bootstrap service 2019-03-06 16:55:13 +01:00
Christian Albrecht
7323b77435
nixos/kubernetes: Address review: Separate preStart from certificates 2019-03-06 16:55:08 +01:00
Christian Albrecht
52fe1d2e7a
nixos/kubernetes: Address review: Move controller manager paths into pki 2019-03-06 16:55:04 +01:00
Christian Albrecht
6e9037fed0
nixos/kubernetes: Address review: Move bootstrapping addons into own service 2019-03-06 16:54:50 +01:00
Christian Albrecht
ff91d5818c
nixos/kubernetes: Address review: Rename targets and move proxy to node-online.target 2019-03-06 16:54:22 +01:00
Janne Heß
3de5726e9b nixos/nginx: Support additional listen parameters (#56835) 2019-03-06 11:42:46 +02:00
Wael Nasreddine
51fdca9cad
Merge pull request #56567 from Izorkin/datadog-agent
datadog-agent: update go packages and sub-packages
2019-03-05 16:59:21 -08:00
Silvan Mosberger
09c3fb0d75
Merge pull request #56774 from worldofpeace/mate/cleanup
nixos/mate: cleanup
2019-03-05 12:26:14 +01:00
Domen Kožar
f60459a023
Merge pull request #55142 from FlorianFranzen/thinkfan_smart
thinkfan: add option for libatasmart support
2019-03-05 17:47:13 +07:00
worldofpeace
a00c5e301e nixos/mate: cleanup 2019-03-04 21:07:01 -05:00
Silvan Mosberger
f274fc8656
Merge pull request #56550 from Infinisil/doc/xrandr/monitorConfig
nixos/xserver: Point to man page for options available in monitorConfig
2019-03-04 22:08:15 +01:00
Silvan Mosberger
8f33ad7ca9
Merge pull request #56243 from aanderse/redmine
nixos/redmine: fix permissions & cleanup
2019-03-04 22:06:33 +01:00
worldofpeace
59f47088fb nixos/pantheon: add elementary-redacted-script to fonts
Needed by elementary-screenshot-tool to conceal text.
2019-03-04 14:11:15 -05:00
Peter Hoeg
011fe4a246
Merge pull request #56571 from peterhoeg/u/mqtt
mosquitto: 1.5.5 -> 1.5.8
2019-03-04 12:23:45 +08:00
Silvan Mosberger
8c4babb8ba
Merge pull request #53463 from OlivierMarty/master
nixos/duplicity: init
2019-03-04 01:22:29 +01:00
Christian Albrecht
74962bf767
nixos/kubernetes: No need to restart services besides certmgr
within the node join script, since certmgr is taking care of
restarting services.
2019-03-03 19:43:15 +01:00
Christian Albrecht
7df88bd802
nixos/kubernetes: Put dashboard service account into bootstrapAddons
to prevent errors in log about missing permissions when
addon manager starts the dashboard.
2019-03-03 19:43:15 +01:00
Christian Albrecht
fd28c0a82a
nixos/kubernetes: Seed docker images before kubelet service start
to speed up startup time because it can be parallelized.
2019-03-03 19:43:14 +01:00
Christian Albrecht
cf8389c904
nixos/kubernetes: Add longer timeouts for waiting services 2019-03-03 19:43:14 +01:00
Christian Albrecht
51aeaaffc2
nixos/kubernetes: flannel needs iptables in service path 2019-03-03 19:43:13 +01:00
Christian Albrecht
62f03750e4
nixos/kubernetes: Stabilize services startup across machines
by adding targets and curl wait loops to services to ensure services
are not started before their depended services are reachable.

Extra targets cfssl-online.target and kube-apiserver-online.target
syncronize starts across machines and node-online.target ensures
docker is restarted and ready to deploy containers on after flannel
has discussed the network cidr with apiserver.

Since flannel needs to be started before addon-manager to configure
the docker interface, it has to have its own rbac bootstrap service.

The curl wait loops within the other services exists to ensure that when
starting the service it is able to do its work immediately without
clobbering the log about failing conditions.

By ensuring kubernetes.target is only reached after starting the
cluster it can be used in the tests as a wait condition.

In kube-certmgr-bootstrap mkdir is needed for it to not fail to start.

The following is the relevant part of systemctl list-dependencies

default.target
● ├─certmgr.service
● ├─cfssl.service
● ├─docker.service
● ├─etcd.service
● ├─flannel.service
● ├─kubernetes.target
● │ ├─kube-addon-manager.service
● │ ├─kube-proxy.service
● │ ├─kube-apiserver-online.target
● │ │ ├─flannel-rbac-bootstrap.service
● │ │ ├─kube-apiserver-online.service
● │ │ ├─kube-apiserver.service
● │ │ ├─kube-controller-manager.service
● │ │ └─kube-scheduler.service
● │ └─node-online.target
● │   ├─node-online.service
● │   ├─flannel.target
● │   │ ├─flannel.service
● │   │ └─mk-docker-opts.service
● │   └─kubelet.target
● │     └─kubelet.service
● ├─network-online.target
● │ └─cfssl-online.target
● │   ├─certmgr.service
● │   ├─cfssl-online.service
● │   └─kube-certmgr-bootstrap.service
2019-03-03 19:39:02 +01:00
Christian Albrecht
f9e2f76a59
nixos/kubernetes: Add systemd path units
to protect services from crashing and clobbering the logs when
certificates are not in place yet and make sure services are activated
when certificates are ready.

To prevent errors similar to "kube-controller-manager.path: Failed to
enter waiting state: Too many open files"
fs.inotify.max_user_instances has to be increased.
2019-03-03 19:34:57 +01:00
Andreas Rammhold
768336a74b
Merge pull request #56233 from jtojnar/nginx-tlsv13
nixos/nginx: Enable TLS 1.3 support
2019-03-03 14:19:38 +01:00
Aaron Andersen
cddb117b96 nixos/icingaweb2, nixos/restya-board, nixos/zoneminder: set phpOptions per phpfpm pool, instead of applying to every phpfpm pool 2019-03-03 07:33:25 -05:00
worldofpeace
812b88f902 nixos/mate: use gsd module 2019-03-03 04:02:25 -05:00
Aaron Andersen
43258201b9 nixos/redmine: fix permissions & cleanup 2019-03-02 23:16:19 -05:00
Robert Schütz
77482629b0 nixos/home-assistant: use preferLocalBuild = true for configuration 2019-03-02 12:37:48 +01:00
Robert Schütz
971187eada nixos/home-assistant: account for "The Great Migration"
See https://developers.home-assistant.io/blog/2019/02/19/the-great-migration.html
and https://github.com/NixOS/nixpkgs/issues/55958#issuecomment-466793526.
2019-03-02 12:37:48 +01:00
worldofpeace
a589f6e1dc
Merge pull request #56562 from worldofpeace/module/gsd
nixos/gnome-settings-daemon: init
2019-03-01 22:01:26 -05:00
Franz Pletz
542e384916
Merge pull request #56496 from bachp/nextcloud-nginx-recommended
nixos/nextcloud: Update recommended nginx settings
2019-03-02 01:18:18 +00:00
Julien Moutinho
2a61c058c6 rmilter: fix inetSocket
IPv6 address has to be between [] and the port after.
2019-03-02 01:12:21 +00:00
Franz Pletz
e4808a6587
Merge pull request #56489 from Ma27/add-nextcloud-overwriteprotocol-option
nixos/nextcloud: add overwriteProtocol option
2019-03-02 00:21:26 +00:00
Pascal Bach
390b6108a2 nixos/nextcloud: don't make phpPackages configurable
It needs to match the version in phpfm which is hard coded.
So there is no point in being able to change it.
2019-03-02 00:16:57 +01:00
Pascal Bach
f0c0b8d949 nixos/nextcloud: move phpPackage and phpOptions into pool
This allows to have a php configuration for nextcloud that is independent
of the global configuration.
2019-03-02 00:16:56 +01:00
Pascal Bach
8f1b163b00 nixos/nextcloud: use PHP 7.3 instead of 7.1 by default 2019-03-02 00:16:55 +01:00
Pascal Bach
7f8620900a nixos/nextcloud: update recommended nginx settings
This updates the configuration to the recommendations in
https://docs.nextcloud.com/server/15/admin_manual/installation/nginx.html
2019-03-02 00:16:55 +01:00
worldofpeace
a2b665446a nixos/pantheon: use gnome-settings-daemon module 2019-03-01 14:55:12 -05:00
worldofpeace
5ce2eba776 nixos/gnome-settings-daemon: init 2019-03-01 14:55:12 -05:00
worldofpeace
b5df81f1a1
Merge pull request #56553 from worldofpeace/plasma/xdg-user-dirs
nixos/plasma5: add xdg-user-dirs to create user directories
2019-03-01 13:25:58 -05:00
Peter Hoeg
0e40b7bfc2 mosquitto (nixos): notify systemd when started 2019-03-01 18:54:24 +08:00
David Duarte
b381c27b58 nixos/coredns: init (#54931) 2019-03-01 11:10:44 +02:00
Frederik Rietdijk
2fcb11a244 Merge staging-next into master 2019-03-01 09:06:20 +01:00
Izorkin
35b6943507 datadog-trace-agent: trace-agent moved to datadog-agent 2019-03-01 10:47:02 +03:00
worldofpeace
2e5f64bb83 nixos/plasma5: add xdg-user-dirs to create user directories 2019-02-28 19:12:28 -05:00
Silvan Mosberger
94411a4c08
nixos/xserver: Point to man page for options available in monitorConfig 2019-03-01 00:44:19 +01:00
Yurii Izorkin
fa20f98571 datadog-agent: 6.9.0 -> 6.10.0 (#56523) 2019-02-28 11:48:49 -08:00
Pascal Bach
8b3ffebcdc tautulli/plexpy: 1.4.25 -> 2.1.26 (renamed)
PlexPy was renamed to Tautulli.

This renames the module as well as the application accordingly.
Aliases are kept for backwards compatibility.

# Conflicts:
#	nixos/modules/services/misc/tautulli.nix
2019-02-28 19:07:00 +01:00
Aaron Andersen
51c897c37d nixos/plexpy: replace deprecated usage of PermissionsStartOnly
see https://github.com/NixOS/nixpkgs/issues/53852
2019-02-28 18:54:34 +01:00
José Romildo Malaquias
8705341dc9 mate: enable gvfs service (#56469) 2019-02-28 15:24:37 +01:00
Maximilian Bosch
b42c24f7f2
nixos/nextcloud: add overwriteProtocol option
The overwriteprotocol option can be used to force Nextcloud to generate
URLs with the given protocol. This is useful for instances behind
reverse proxies that serve Nextcloud with HTTPS.

In this case Nextcloud can't determine the proper protocol and it needs
to be configured manually.
2019-02-27 22:14:35 +01:00
Dmitry Kalinkin
c9d5546635
openafs: minor documentation fix 2019-02-26 14:49:59 -05:00
Tom F
9f07fa719c Document the addresses Alertmanager will listen on (#56409)
https://github.com/golang/go/issues/9334 describes how net.Listen (as used by Alertmanager):
* listens on 127.0.0.1 if the listenAddress is "localhost"
* listens on all interfaces if the listenAddress is ""
2019-02-26 14:59:11 +01:00
Matthieu Coudron
20bbfc39e4 services.nextcloud: add logLevel (#56400)
a vlaue between 0 and 4 to help debug problems
2019-02-26 09:18:08 +01:00
Jan Tojnar
f93ff28c62 nixos/nginx: Enable TLS 1.3 support 2019-02-25 16:47:19 +01:00
Andreas Rammhold
64c60a813d nixos/gnunet: fix typo in PrivateTmp parameter (#56343)
Systemd expects `PrivateTmp` and not `PrivateTemp` in the service
configuration.

I found this by chance while grepping through nixpkgs…
2019-02-25 15:53:36 +01:00
Linus Heckemann
dd25140305
Merge pull request #56326 from uvNikita/openssh/fix-socket
sshd: fix startWhenNeeded and listenAddresses combination
2019-02-25 12:06:11 +01:00
Elis Hirwing
0d3230f339
Merge pull request #56335 from Izorkin/nginx-fix-config
nginx: fix formating the config file
2019-02-25 10:59:37 +01:00
Nikita Uvarov
131e31cd1b
sshd: fix startWhenNeeded and listenAddresses combination
Previously, if startWhenNeeded was set, listenAddresses option was
ignored and daemon was listening on all interfaces.
Fixes #56325.
2019-02-25 00:51:58 +01:00
Izorkin
569248b3c2 nginx: fix formating the config file 2019-02-24 19:50:58 +03:00
Léo Gaspard
5fa2c13696
Merge pull request #56257 from pacien/synapse-0.99.1.1-homeserverscript
matrix-synapse: restore service wrapper script
2019-02-24 17:11:41 +01:00
Frederik Rietdijk
c2eac6741b Merge master into staging-next 2019-02-24 09:19:12 +01:00
Elis Hirwing
d7ba376435
Merge pull request #56280 from Izorkin/nginx-config
nginx: formating the config file
2019-02-24 08:57:31 +01:00
Izorkin
0394b177c7 nginx: formating the config file 2019-02-24 10:17:11 +03:00
Will Dietz
b5c0aa9ea3
squeezelite: fix 'cfg' reference (#56271) 2019-02-23 18:28:02 -06:00
Ryan Mulligan
7776de07f4
Merge pull request #38033 from peterhoeg/f/slite
squeezelite: 2016-05-27 -> 2018-08-14
2019-02-23 15:10:06 -08:00
pacien
cb15d762f4 Revert "nixos/matrix-synapse: use python to launch synapse"
This reverts commit eb753318b3.

The homeserver script has been restored with commit
0c663e9032.
2019-02-23 20:58:28 +01:00
Robert Schütz
63b7732ed6
Merge pull request #56202 from dotlambda/home-assistant-availableComponents
nixos/home-assistant: use availableComponents of configured package
2019-02-23 13:38:03 +01:00
Silvan Mosberger
c0318efe9a
Merge pull request #50504 from symphorien/local-closureInfo
nixos: add preferLocalBuild=true; on derivations for config files and closureInfo
2019-02-22 20:53:17 +01:00
Symphorien Gibol
a915b33315 nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
Vladimír Čunát
71f4ba29a3
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1506218
2019-02-22 17:51:01 +01:00
Robert Schütz
e211f55d87 nixos/home-assistant: use availableComponents of configured package
fixes #55958
2019-02-22 17:33:18 +01:00
aanderse
e5405f9ae8 nixos/beanstalkd: new service for existing package (#55953) 2019-02-22 14:10:02 +01:00
Adam Finn Tulinius
291c809888 nixos/kubernetes: add missing systemd restart options 2019-02-21 14:57:57 +01:00
Jörg Thalheim
183919a0c0
Merge pull request #56004 from eskimor/add-nix-serve-help
nixos-nix-serve: Add some hint on howto get valid signing keys.
2019-02-21 09:43:50 +00:00
Michael Raskin
95039d0668
nixos/xserver: drop intel from videoDrivers (#55583)
* nixos/xserver: drop intel from videoDrivers

* Some more notes about possible regressions
2019-02-21 09:42:11 +00:00
Frederik Rietdijk
e2cd07b997 Merge staging-next into staging 2019-02-21 07:54:33 +01:00
Franz Pletz
2935a67eb9
Merge pull request #45670 from johanot/kubernetes-1.11
nixos/kubernetes: Module refactor
2019-02-20 23:31:47 +00:00
Jaka Hudoklin
97a27fd2d2
nixos/kubernetes: fix flannel and kubelet startup 2019-02-21 00:26:11 +01:00
Tor Hedin Brønner
bba6de611a
Merge pull request #56046 from callahad/bolt
Add and enable Bolt to support Thunderbolt 3 settings in GNOME
2019-02-20 21:43:02 +01:00
Franz Pletz
3a02205496
nixos/kubernetes: bootstrap docker without networking
Before flannel is ready there is a brief time where docker will be
running with a default docker0 bridge. If kubernetes happens to spawn
containers before flannel is ready, docker can't be restarted when
flannel is ready because some containers are still running on the
docker0 bridge with potentially different network addresses.

Environment variables in `EnvironmentFile` override those defined via
`Environment` in the systemd service config.

Co-authored-by: Christian Albrecht <christian.albrecht@mayflower.de>
2019-02-20 21:08:58 +01:00
Johan Thomsen
7028fac35b
nixos/kubernetes: use system.path to handle dependency on flannel subnet.env
The current postStart step on flannel causes flannel.service to
sometimes hang, even when it's commanded to stop.
2019-02-20 21:08:56 +01:00
Johan Thomsen
466beb0214
nixos/kubernetes: let flannel use kubernetes as storage backend
+ isolate etcd on the master node by letting it listen only on loopback
+ enabling kubelet on master and taint master with NoSchedule

The reason for the latter is that flannel requires all nodes to be "registered"
in the cluster in order to setup the cluster network. This means that the
kubelet is needed even at nodes on which we don't plan to schedule anything.
2019-02-20 21:08:56 +01:00
Johan Thomsen
1f49c2160a
nixos/kubernetes: CoreDNS privileges has to be assigned by addon manager bootstrap
- because the kube-addon-manager drops most of its privileges after
startup.
2019-02-20 21:08:55 +01:00
Johan Thomsen
6334796370
nixos/kubernetes: use the certmgr-selfsigned variant 2019-02-20 21:08:54 +01:00
Johan Thomsen
e2380e79e1
nixos/kubernetes: major module refactor
- All kubernetes components have been seperated into different files
- All TLS-enabled ports have been deprecated and disabled by default
- EasyCert option added to support automatic cluster PKI-bootstrap
- RBAC has been enforced for all cluster components by default
- NixOS kubernetes test cases make use of easyCerts to setup PKI
2019-02-20 21:08:01 +01:00
aanderse
a9358c4356 nixos/httpd: update documentation to reflect changes from https://github.com/NixOS/nixpkgs/pull/54529 (#56079) 2019-02-20 14:43:25 +02:00
Robert Klotzner
9f3fe63b5f Add some hint on howto get valid signing keys. 2019-02-20 12:32:08 +01:00
Vladimír Čunát
32767d139f
Merge branch 'staging-next'
This round is without the systemd CVE,
as we don't have binaries for that yet.
BTW, I just ignore darwin binaries these days,
as I'd have to wait for weeks for them.
2019-02-20 09:38:45 +01:00
Elis Hirwing
f342be2c06
Merge pull request #56062 from elseym/jackett-module
jackett module: add more options and refactor
2019-02-20 09:14:36 +01:00
Elis Hirwing
66404f0742
Merge pull request #56061 from elseym/radarr-module
radarr module: add more options and refactor
2019-02-20 09:14:23 +01:00
Florian Klink
c8b33d15d1
Merge pull request #56076 from telotortium/patch-1
tt-rss: Fix syntax error in config.php DB_PASS field
2019-02-20 01:58:28 +01:00
Florian Klink
11699d03bc
Merge pull request #56072 from bgamari/gitlab-database-config
nixos/gitlab: Introduce database pool size option
2019-02-20 01:56:28 +01:00
Robert Irelan
7ae4b4897a
tt-rss: Fix syntax error in config.php DB_PASS field
Empty password case would write `define('DB_PASS', )` instead of `define('DB_PASS', '')`.
2019-02-19 16:24:17 -08:00
Ben Gamari
bd5ba09b79 nixos/gitlab: Introduce database pool size option
As well as a extraDatabaseConfig option.
2019-02-19 17:49:15 -05:00
Dan Callahan
d20ad56ca7
nixos/gnome3: enable bolt by default
GNOME's support for Thunderbolt 3 requires the bolt daemon.

Fixes #55938
2019-02-19 20:54:39 +00:00
Dan Callahan
139e12323f
nixos/bolt: init at 0.7 2019-02-19 20:54:38 +00:00
elseym
a73817ed82
jackett module: add more options and refactor 2019-02-19 20:45:00 +01:00
elseym
7b58ca7797
radarr module: add more options and refactor 2019-02-19 20:25:58 +01:00
Matthew Bauer
b1bbd94bb6 Merge remote-tracking branch 'NixOS/master' into staging 2019-02-18 20:36:48 -05:00
Johan Thomsen
f738618637 nixos/kubernetes: dashboard 1.8.3 -> 1.10.1
- add option to specify extra cmdline arguments to the dashboard
2019-02-18 17:34:30 +01:00
Johan Thomsen
5af74e19e6 nixos/kubernetes: coredns 1.2.5 -> 1.3.1 2019-02-18 17:34:30 +01:00
Frederik Rietdijk
815b77cbe6 Merge master into staging-next 2019-02-18 14:18:04 +01:00
Silvan Mosberger
a3f85f0dc0
Merge pull request #55410 from aanderse/apache-defaults
nixos/httpd: improve security in configuration file
2019-02-18 03:27:18 +01:00
Silvan Mosberger
ac953a4a6b
Merge pull request #55766 from Lucus16/bump-quassel
nixos/quassel: Add support for certificate file
2019-02-18 03:04:56 +01:00
rembo10
8e151c1e86
Merge branch 'master' into headphones 2019-02-18 09:14:14 +08:00
Ryan Mulligan
a52d280cc4
Merge pull request #55955 from rnhmjoj/diod
Fixes for diod
2019-02-17 14:23:26 -08:00
Ryan Mulligan
c3f9fdbf42
Merge pull request #55957 from dasJ/icingaweb2-module
nixos/icingaweb2: Init the module
2019-02-17 11:12:23 -08:00
Janne Heß
1caa886f6c nixos/icingaweb2: Init the module
The module is indeed very large but allows configuring every aspect of
icingaweb2. The built-in monitoring module is in an own file because
there are actually more (third-party) modules and this structure means
every module can get an own file.
2019-02-17 19:08:47 +01:00
rnhmjoj
6871e43937
nixos/diod: fix permissions 2019-02-17 18:26:00 +01:00
Torsten Schmits
97bb693927 nixos/tt-rss: fix syntax error in pre-start script 2019-02-17 10:50:24 +01:00
Frederik Rietdijk
fd48a94b62 Merge staging-next into staging 2019-02-16 09:30:46 +01:00
Frederik Rietdijk
6fe10d2779 Merge master into staging-next 2019-02-16 09:29:54 +01:00
Jan Tojnar
23eff453a2
Merge pull request #55742 from aanderse/php-fpm
nixos/phpfpm: allow configuring php.ini files per-pool
2019-02-16 07:28:07 +01:00
Graham Christensen
a1525c5d48
docs: give matomo an ID 2019-02-15 17:51:00 -05:00
Jaka Hudoklin
5ae048071d
Merge pull request #55649 from johanot/flannel-with-kubernetes-backend
nixos/flannel: add kubernetes as storage backend (and fix test)
2019-02-15 19:55:56 +01:00
Peter Hoeg
507855e56c
Merge pull request #55667 from amazari/master
zoneminder: fix build issue when using createLocally database
2019-02-15 22:00:31 +08:00
Silvan Mosberger
b1bda29f5c
Merge pull request #55517 from florianjacob/cups-fix-ssl-dir
nixos/cups: Fix Unable to encrypt connection:
2019-02-14 21:19:57 +01:00
Silvan Mosberger
8a5925b7eb
Merge pull request #55301 from telotortium/tt-rss_disable_automatic_updates
Remove option config.services.tt-rss.checkForUpdates (forced to false)
2019-02-14 21:15:30 +01:00
Silvan Mosberger
3df95cfd9a
Merge pull request #55540 from florianjacob/matomo
Security: Matomo 3.7.0 -> 3.8.1
2019-02-14 21:13:57 +01:00
Silvan Mosberger
c84488329b
Merge pull request #47747 from florianjacob/matomo-archive-processing-service
Matomo archive processing service
2019-02-14 21:05:16 +01:00
Florian Jacob
33b3272692 nixos/cups: Fix Unable to encrypt connection:
Unable to create server credentials
by creating /var/lib/cups/ssl directory.
2019-02-14 20:43:26 +01:00
Silvan Mosberger
80480598d4
Merge pull request #55515 from rycee/wpa_supplicant_citerefentry
nixos/wpa_supplicant: use `<citerefentry>`
2019-02-14 20:38:05 +01:00
Silvan Mosberger
cf2f5850e2
nixos/znapzend: Run znapzendzetup import in parallel
Patch by @Baughn, who noticed these imports being very slow when run
serially with many datasets, so much that the service would time out and
fail, this fixes it.
2019-02-14 18:33:59 +01:00
Lars Jellema
85675c139f
nixos/quassel: Add support for certificate file 2019-02-14 14:36:21 +01:00
Frederik Rietdijk
a25d48cd4f Merge master into staging 2019-02-14 11:35:50 +01:00
Jan Tojnar
606ceda352
gnome3: stop using aliases 2019-02-14 02:31:15 +01:00
Aaron Andersen
5eef3590ae nixos/phpfpm: allow configuring php.ini files per-pool 2019-02-13 19:58:02 -05:00
Michael Raskin
f539a6a70e
Merge pull request #55138 from oxij/tree/random-fixes
random cleanups and a tiny fix
2019-02-13 20:16:07 +00:00
Alex Whitt
58d6951971 nzbget: Fix script for copying default config file template (#51235)
* nzbget: Fix configFile / dataDir checking in service script

* nzbget: improve the description for the `configFile` option

* nzbget: Add detail to the `configFile` option description

* nzbget: Improve wording of `configFile` option

* nzbget: Refactor dataDir management into systemd config

* nzbget: Remove debug
2019-02-13 17:38:32 +01:00
Johan Thomsen
94136fdc1b nixos/flannel: node name needs to be configured for flannel to work with kubernetes storage backend 2019-02-13 17:17:52 +01:00
Frederik Rietdijk
7257dedd7c Merge master into staging-next 2019-02-13 12:33:29 +01:00
Francesco Zanini
ab912cf744 atlassian services: allow overriding package (#55685) 2019-02-13 08:08:13 +00:00
Alexandre Mazari
b93ea9c26f zoneminder: fix build issue when using createLocally database 2019-02-12 22:32:11 +01:00
Johan Thomsen
9522ca5ce9 nixos/flannel: add options to configure kubernetes as config backend for flannel 2019-02-12 18:26:39 +01:00
Franz Pletz
adb837eea7
Merge pull request #55024 from telotortium/airsonic-virtualHost
airsonic: Add virtualHost option to set up nginx virtual host
2019-02-12 02:09:25 +00:00
Florian Jacob
faac33bc77 nixos/matomo: 3.8.0 introduces matomo.{php,js} files 2019-02-11 17:33:44 +01:00
Michael Francis
34cf79c6d2
Push plex logs to syslog/journald 2019-02-11 10:47:21 +08:00
Robert Helgesson
488a3f09cd
nixos/wpa_supplicant: use <citerefentry>
Fixes #55505
2019-02-10 13:23:28 +01:00
Jörg Thalheim
393b1510c9
Merge pull request #55440 from Mic92/teamspeak
nixos/teamspeak: ipv6 support
2019-02-10 09:02:20 +00:00
Jörg Thalheim
d59f9c0e5f
Merge pull request #55432 from Mic92/ttrss
ttrss: database.passwordFile, ldap plugin, configureable socket
2019-02-10 09:01:45 +00:00
Lorenzo
1dca9d763c
nixos/xautolock: improve doc of time parameer
Specify that the `time` parameter expresses minutes.
2019-02-09 20:47:01 +01:00
Matthew Bauer
5c09d977c7 Merge remote-tracking branch 'origin/master' into staging 2019-02-09 12:14:06 -05:00
Robert Schütz
efe98cbdc8 nixos/home-assistant: make config.http.server_port an integer 2019-02-09 15:26:55 +01:00
Sarah Brofeldt
8049fafb5d
Merge pull request #55443 from ptman/patch-1
nixos/docker-registry: fix listenAddress
2019-02-08 20:01:22 +01:00
Maximilian Bosch
6fb825b057 nixos/roundcube: add package option
With this option it's possible to specify a custom expression for
`roundcube`, i.e. a roundcube environment with third-party plugins as
shown in the testcase.
2019-02-08 13:35:09 +00:00
Paul Tötterman
23a84e939e nixos/docker-registry: fix listenAddress
listenAddress config option was previously unused in config generation
2019-02-08 14:39:22 +02:00
Jörg Thalheim
6c28dd858b
teamspeak: ipv6 support
Unlike the options descriptions the service was not listen to any
IPs because the address family was limited to ipv4.
2019-02-08 10:28:20 +00:00
Jörg Thalheim
f636bb2016
tt-rss: read listen socket from pool
This allows to use a different socket.
The configuration was tested on my server.
2019-02-08 07:08:13 +00:00
Jörg Thalheim
367b1e10cb
tt-rss: add database.passwordFile option 2019-02-08 07:08:10 +00:00
Lily Ballard
b0e79359bd nixos/unifi: Update TCP ports
Fixes #55377
2019-02-07 13:18:57 -08:00
Aaron Andersen
1bec75301b nixos/httpd: don't advertise php 2019-02-07 14:25:55 -05:00
Aaron Andersen
70be5b6bb2 nixos/httpd: disable HTTP TRACE method by default 2019-02-07 14:13:45 -05:00
Aaron Andersen
dd610ce84f nixos/httpd: disable TLSv1 by default for better security 2019-02-07 14:05:44 -05:00
Léo Gaspard
a59a9a7e60
Merge branch 'pr-55320'
* pr-55320:
  nixos/release-notes: mention breaking changes with matrix-synapse update
  nixos/matrix-synapse: reload service with SIGHUP
  nixos/tests/matrix-synapse: generate ca and certificates
  nixos/matrix-synapse: use python to launch synapse
  pythonPackages.pymacaroons-pynacl: remove unmaintained fork
  matrix-synapse: 0.34.1.1 -> 0.99.0
  pythonPackages.pymacaroons: init at 0.13.0
2019-02-07 17:12:04 +01:00
Graham Christensen
11a819c724
Manual: make reproducible 2019-02-06 22:35:58 -05:00
Maximilian Bosch
de79d418ba
Merge pull request #53874 from atopuzov/grafana-config
Grafana configuration
2019-02-06 23:41:25 +01:00
Ioannis Koutras
6642f3f213 nixos/syncthing: setup user only on system service 2019-02-06 20:23:13 +01:00
nyanloutre
524e26c69a nixos/matrix-synapse: reload service with SIGHUP
This is used to load new certificates without restarting the service
2019-02-06 16:28:18 +01:00
nyanloutre
eb753318b3 nixos/matrix-synapse: use python to launch synapse
launch synapse with the python executable because the startup script is
no longer available
2019-02-06 16:21:07 +01:00
Aleksandar Topuzović
092eab7228
nixos/grafana: implement dashboard & datasource provisioning
Adds the ability to automatically provision datasources and dashboards.
2019-02-06 12:50:24 +01:00
Robert Irelan
eab69d998b Remove option config.services.tt-rss.checkForUpdates (forced to false)
Force this option to false. Leaving this as true (currently the default)
is dangerous. If the TT-RSS installation upgrades itself to a newer
version requiring a schema update, the installation will break the next
time the TT-RSS systemd service is restarted.

Ideally, the installation itself should be immutable (see
https://github.com/NixOS/nixpkgs/issues/55300).
2019-02-05 23:05:23 -08:00
Peter Hoeg
7003a28916
Merge pull request #54541 from dotlambda/home-assistant-0.86
home-assistant: 0.85.1 -> 0.86.4
2019-02-06 09:02:28 +08:00
Silvan Mosberger
dfce20e4e3
Merge pull request #51980 from ToxicFrog/munin-plugins
nixos/munin: New options (and some bugfixes) for service configuration
2019-02-05 19:35:03 +01:00
aanderse
b8a9c3fbfd redmine: 3.4.8 -> 4.0.1 (#55234)
* redmine: 3.4.8 -> 4.0.1

* nixos/redmine: update nixos test to run against both redmine 3.x and 4.x series

* nixos/redmine: default new installs from 19.03 onward to redmine 4.x series, while keeping existing installs on redmine 3.x series

* nixos/redmine: add comment about default redmine package to 19.03 release notes

* redmine: add aandersea as a maintainer
2019-02-05 11:51:33 +00:00
Robert Irelan
027d4188b2 airsonic: Add virtualHost option to set up nginx virtual host
Modeled after nixos/modules/services/web-apps/tt-rss.nix. The setup is
slightly non-intuitive, so I think it's worth adding upstream.
2019-02-05 00:15:54 -08:00
Ben Kelly
ace4855cf6 nixos/munin: enable munin_update and disable munin_stats
munin_update relies on a stats file that exists, but isn't found in the
default location on NixOS; the appropriate plugin configuration is
added.

munin_stats relies on munin-cron writing a logfile, which the NixOS
build of munin does not. (This is probably fixable in the munin package,
but I don't have time to dig into that right now.)
2019-02-04 20:17:26 -05:00
Ben Kelly
e7c1449ae9 nixos/munin: add types to Munin options
Some options were missing their types.
2019-02-04 20:17:26 -05:00
Ben Kelly
c4437fee7e nixos/munin: add extraCSS option
This permits custom styling of the generated HTML without needing to
build your own Munin package from source. Also comes with an example
that works as a passable dark theme for Munin.
2019-02-04 20:17:26 -05:00
Ben Kelly
6c907851f4 nixos/munin: add extraPlugins and extraAutoPlugins options [#17895]
extraAutoPlugins lets you list plugins and plugin directories to be
autoconfigured, and extraPlugins lets you enable plugins on a one-by-one
basis. This can be used to enable plugins from contrib (although you'll
need to download and check out contrib yourself, then point these
options at it), or plugins you've written yourself.
2019-02-04 20:17:26 -05:00
Ben Kelly
b5b82b2cae nixos/munin: require DejaVu fonts if enabled
munin-graph is hardcoded to use DejaVu Mono for the graph legends; if it
can't find it, there's no guarantee it finds a monospaced font at all,
and if it can't find a monospaced font the legends come out badly
misformatted.
2019-02-04 20:17:26 -05:00
Ben Kelly
0c3208a8e4 nixos/munin: add disabledPlugins option
This is just a set of globs to remove from the active plugins directory
after autoconfiguration is complete.

I also removed the hard-coded disabling of "diskstats", since it seems
to work just fine now.
2019-02-04 20:17:26 -05:00
Ben Kelly
c74abf763a nixos/munin: add extraPluginConfig option
This lets you specify additional plugin-specific configuration to go in
plugin-conf.d, and complements the extraConfig and extraGlobalConfig
options.
2019-02-04 20:17:26 -05:00
Ben Kelly
c02564e37c nixos/munin: fix documentation links
Since this module was written, Munin has moved their documentation from
munin-monitoring.org/wiki to guide.munin-monitoring.org. Most of the
links were broken, and the ones that weren't went to "please use the new
site" pages.
2019-02-04 20:17:26 -05:00
Silvan Mosberger
2d6f84c109
Merge pull request #45412 from costrouc/costrouc/minecraft-server
minecraft-server: 1.12.2 -> 1.13.2 + service refactor
2019-02-05 01:49:24 +01:00
Maximilian Bosch
ae7e8c6a2f
Merge pull request #55222 from thefloweringash/nextcloud-nginx-config
nixos/nextcloud: use matching nginx package when configuring nginx
2019-02-05 00:46:43 +01:00
Maximilian Bosch
5a3a543078
Merge pull request #55122 from elseym/ndppd-module
ndppd module: refactor and fix
2019-02-04 21:51:00 +01:00
Andrew Childs
a7d9dcab7e nixos/nextcloud: use matching nginx package when configuring nginx
NixOS currently defaults services.nginx.package to
nginxStable. Including configuration files from nginxMainline could
potentially cause incompatible configuration.
2019-02-05 02:59:42 +09:00
Michael Raskin
7ff8a16f07
Merge pull request #55050 from aanderse/redmine-extra-env
nixos/redmine: add an extraEnv option, enable automatic log rotation
2019-02-04 16:28:58 +00:00
Florian Franzen
1278615a48 thinkfan: add option for libatasmart support 2019-02-03 22:34:41 +01:00
Jan Malakhovski
cefbe69105 nixos: rippled: fix type
The old state is clearly a bug.
2019-02-03 20:10:13 +00:00
Jan Malakhovski
08cabdf4a9 nixos: rippled: fix indent 2019-02-03 20:10:11 +00:00
Olivier Marty
7a878660a7 nixos/duplicity: init
Add a simple module that wrap duplicity in a systemd service.
2019-02-03 19:13:01 +01:00
Franz Pletz
2746973061
ndppd: don't use weird upstream systemd service unit 2019-02-03 14:39:28 +01:00
elseym
4ce1c59389
ndppd module: refactor 2019-02-03 14:28:54 +01:00
Robert Schütz
f85453f060 nixos/home-assistant: add configWritable option 2019-02-03 13:08:11 +01:00
Franz Pletz
14dd9ca1b2
Merge pull request #54706 from pbogdan/lightdm-cursors
nixos/lightdm: allow cursor theme customisation.
2019-02-03 09:09:48 +00:00
Franz Pletz
60c4686bb9
Merge pull request #54709 from pbogdan/lightdm-dpi
nixos/lightdm: inherit DPI settings from xserver config
2019-02-03 09:08:07 +00:00
Franz Pletz
65b26c6555
Merge pull request #54959 from jslight90/gitlab-depenencies
gitlab: add openssh dependency to gitaly
2019-02-03 08:48:16 +00:00
Chris Ostrouchov
58c89ec26a
nixos/mincraft-server: refactor
- allow for options to (added 2 options):
   - agree to eula (eula.txt) true/false will create symlink over
     existing eula.txt to `/nix/store/...`.
   - whitelist users (optional and will symlink over existing
     whitelist.json and create backup)
   - server.properties can be configured with the serverProperties
     option. If there is an existing server.properties it will
     copy it to a server.properties.old to keep the old
     one. server.properties MUST be writable thus symlinking is not
     an option.
  - all ports that are stated in `server.properties` are exposed
    properly in the firewall.

(infinisil) nixos/minecraft-server: Fix, refactor and polish

Adds an option `declarative` (defaulted to false), in order to stay
(mostly) backwards compatible. The only thing that's not backwards
compatible is that you now need to agree to the EULA on evaluation time,
but that's guarded by an assertion and therefore doesn't need a release
note.
2019-02-03 02:16:11 +01:00
Aaron Andersen
52bd7c5f2a nixos/redmine: add an extraEnv option (which could be used to turn on debug logging, etc...), enable automatic log rotation 2019-02-01 09:17:05 -05:00
Vladimír Čunát
8ba516664b
Merge branch 'staging-next' into staging 2019-02-01 09:42:53 +01:00
Jan Tojnar
65e6d80ecd
Merge pull request #53425 from dtzWill/update/fwupd-1.2.3
fwupd: 1.2.1 -> 1.2.3

Co-authored-by: Jan Tojnar <jtojnar@gmail.com>
2019-01-31 23:22:38 +01:00
forficate
dd705fb45f nixos/transmission: Bug fix Appamor Transmission startup errors (#54873) 2019-01-31 17:51:48 +00:00
aanderse
c6cd07707b nixos/httpd: rename apache log files to have a .log file extension (#54529)
nixos/httpd: rename apache log files to have a .log file extension
2019-01-31 04:04:58 +02:00
Danylo Hlynskyi
30c312341f
Merge pull request #54637 from danbst/small-eval-optimization
module system: small eval optimization
2019-01-31 00:42:24 +02:00
danbst
27982b408e types.optionSet: deprecate and remove last usages 2019-01-31 00:41:10 +02:00
Jeff Slight
059e5e0ba0 gitlab: add openssh dependency to gitaly 2019-01-30 11:29:32 -08:00
Chris Ostrouchov
5a5def3753
munge: fix module munge.key permissions from 0700 -> 0400 readonly 2019-01-30 12:53:54 -05:00
Franz Pletz
72f324dbc7
Merge pull request #45567 from johanot/certmgr-rootca-patch
certmgr: Add patch for optional trust of self-signed certificates at remote cfssl apiserver
2019-01-30 17:37:42 +00:00
Robert Schütz
0525fa54e8
Merge pull request #54739 from Nadrieril/fix-ffsync
Fix firefox sync-server
2019-01-30 16:26:31 +01:00
Nadrieril
375020cf99 nixos/syncserver: mild cleanup 2019-01-30 15:59:01 +01:00
Nadrieril
63c7fe0819 nixos/syncserver: use gunicorn
As described in `syncserver`'s documentation.
Makes it possible to run behind a reverse proxy.
2019-01-30 15:59:00 +01:00
Nadrieril
957d0589ad pythonPackages.syncserver: move to all-packages.nix and fix dependencies 2019-01-30 15:59:00 +01:00
worldofpeace
50b83e7b6a nixos/pantheon: use gnome3.file-roller 2019-01-29 19:37:41 -05:00
Michael Raskin
423e26a1c5
Merge pull request #54524 from aanderse/redmine
redmine: add missing 'migrate' command prior to starting the application
2019-01-29 22:27:57 +00:00
Silvan Mosberger
400912df0f
Merge pull request #53002 from delroth/nginx-sso
nginx-sso: init at 0.15.1 (+ nixos service/test)
2019-01-29 20:10:37 +01:00
Silvan Mosberger
997cd3159e
Merge pull request #54475 from Izorkin/mysql-restartTrigger
mysql: add restartTrigger for my.cnf
2019-01-29 19:54:24 +01:00
Pierre Bourdon
43fcfc274d
nixos: add nginx-sso service 2019-01-29 19:54:14 +01:00
Aaron Andersen
d13d35104d Merge remote-tracking branch 'upstream/master' into redmine 2019-01-29 09:24:33 -05:00
Silvan Mosberger
f73df1862c
Merge pull request #54495 from peterhoeg/f/sshguard
nixos/sshguard: fix syslog identifiers and pid file
2019-01-29 09:35:36 +01:00
Robert Schütz
f908f6c982 nixos/home-assistant: don't run json2yaml at every start 2019-01-29 08:56:51 +01:00
Robert Schütz
7cc7c5374c nixos/home-assistant: add lovelaceConfig option 2019-01-29 08:56:51 +01:00
Silvan Mosberger
2146511740
Merge pull request #54562 from pjones/pjones/netdata-plugins/master
nixos/netdata: Add option to include extra plugins
2019-01-28 19:56:24 +01:00
Piotr Bogdan
6e581656d1 nixos/lightdm: inherit DPI settings from xserver config 2019-01-28 18:00:28 +00:00
Piotr Bogdan
4ad82dd6cd nixos/lightdm: allow cursor theme customisation. 2019-01-28 17:59:28 +00:00
Peter Jones
0da9489c6a
nixos/netdata: Add option to include extra plugins
New option `extraPluginPaths' that allows users to supply additional
paths for netdata plugins.  Very useful for when you want to use
custom collection scripts.
2019-01-28 09:02:47 -07:00
Elis Hirwing
ab5dcc7068
nixos/sks: Add option to configure database settings
This can be used for options to tweak the behavior around the database.
2019-01-28 11:14:37 +01:00
Peter Hoeg
ee472e4521 nixos/sshguard: fix syslog ids, no more pid file, cleanups
1. Allow syslog identifiers with special characters
2. Do not write a pid file as we are running in foreground anyway
3. Clean up the module for readability

Without this, when deploying using nixops, restarting sshguard would make
nixops show an error about restarting the service although the service is
actually being restarted.
2019-01-28 11:36:29 +08:00
Jan Tojnar
dd06999e32
fwupd: fix installed tests 2019-01-28 00:15:00 +01:00
Will Dietz
55fa570046
fwupd: blacklist test plugin by default
Don't add the testing "webcam" device,
which is unexpected to see when querying
what devices fwupd believes exist :).

Won't change behavior for anyone defining
the blacklistPlugin option already,
but doesn't seem worth making more complicated.
2019-01-27 21:26:42 +01:00
Silvan Mosberger
f2daf4295e
Merge pull request #54708 from erictapen/unifi-maintainer
unifi, nixos/unifi: add erictapen as maintainer
2019-01-27 19:02:40 +01:00
Justin Humm
38f23046a3
unifi, nixos/unifi: add erictapen as maintainer 2019-01-27 17:28:15 +01:00
Maximilian Bosch
acbadcdbba
nixos/wpa_supplicant: escape interface names to listen on
Systemd provides some functionality to escape strings that are supposed
to be part of a unit name[1]. This seems to be used for interface names
in `sys-subsystem-net-devices-{interface}.device` and breaks
wpa_supplicant if the wireless interface name has a dash which is
encoded to \x2d.

Such an interface name is rather rare, but used i.e. when configuring
multiple wireless interfaces with `networking.wlanInterfaces`[2] to have on
interface for `wpa_supplicant` and another one for `hostapd`.

[1] https://www.freedesktop.org/software/systemd/man/systemd-escape.html
[2] https://nixos.org/nixos/options.html#networking.wlaninterfaces
2019-01-27 11:59:18 +01:00
Matthew Bauer
92f0f8dd68 Merge remote-tracking branch 'NixOS/master' into staging 2019-01-27 00:01:13 -05:00
Jörg Thalheim
e9b5bd9813
Merge pull request #54600 from volth/patch-301
nixos/collectd: restart on failure
2019-01-26 11:23:02 +00:00
Milan Pässler
24d5e30b5f nixos/prosody: add ExecReload
Add an ExecReload command to the prosody service, to allow reloading
prosody by sending SIGHUP to the main process, for example to update
certificates without restarting the server. This is exactly how the
`prosodyctl` tool does it.

Note: Currently there is a bug which prevents mod_http from reloading the
certificates properly: https://issues.prosody.im/1216.
2019-01-26 03:12:09 +01:00
volth
b3c5e9ac1e
nixos/collectd: restart on failure
`collectd' might fail because of a failure in any of numerous plugins.
For example `virt' plugin sometimes fails if `collectd' is started before `libvirtd'
2019-01-26 00:31:32 +00:00
worldofpeace
78da8d668b pantheon: init a 5.0 2019-01-24 20:54:14 +00:00
Janne Heß
9a1b53304a nixos/mysql: Support bootstrapping a Galera cluster
The default galera_new_cluster script tries to set this environment
variable using systemctl set-environment which doesn't work if the
variable is not being used in the unit file ;)
2019-01-24 17:39:19 +01:00
Franz Pletz
4602b43a33
certmgr service: add package option 2019-01-24 12:11:15 +01:00
John Wiegley
0305c55888
Merge pull request #53702 from aanderse/apache-ssl-opt
nixos/httpd: add options sslCiphers & sslProtocols
2019-01-23 19:27:17 -08:00
Silvan Mosberger
968eb6b3e0
Merge pull request #54514 from LeOtaku/fix/restic-timer-config
nixos/restic: change type of timerConfig option
2019-01-24 00:40:52 +01:00
Silvan Mosberger
7222fd9e21
Merge pull request #53986 from Ma27/document-dovecot-prometheus-exporter-issues
nixos/prometheus-dovecot-exporter: enhance `socketPath` documentation
2019-01-24 00:17:20 +01:00
Maximilian Bosch
ca72dbd125
nixos/prometheus-dovecot-exporter: enhance socketPath documentation
In Dovecot 2.3[1] the stats module changed and now the UNIX socket
provided by Dovecot by default isn't compatible anymore with the
exporter[2]. By enabling the `old-stats` plugin in Dovecot this issue
can be solved which should be documented in this module.

[1] https://wiki2.dovecot.org/Upgrading/2.3
[2] https://github.com/kumina/dovecot_exporter/issues/8
2019-01-23 23:51:48 +01:00
Pascal Bach
8347722775 nixos/plex: allow access to hardware acceleration libraries
CUDA and OpenCL libraries are located in /run/opengldriver/lib and Plex
can make use of them if available.
2019-01-23 23:07:40 +01:00
Silvan Mosberger
d9f39b7252
Merge pull request #54310 from Mic92/postgresq-backup
nixos/postgresqlBackup: add backupAll option
2019-01-23 21:40:39 +01:00
LeOtaku
63ed962e4b nixos/restic: change type of timerConfig option to attrsOf unitOption
This is needed for correctly passing the option to "systemd.timer"
2019-01-23 21:29:02 +01:00
Jörg Thalheim
6ad1271a4c
Merge pull request #54113 from telotortium/xrdp-clipboard-fix
xrdp: fix clipboard for non-ASCII characters
2019-01-22 18:51:04 +00:00
Izorkin
ea02ddc0be mysql: add restartTrigger for my.cnf 2019-01-22 21:05:21 +03:00
Robert Irelan
8844f09d53 xrdp: fix clipboard for non-ASCII characters
Without this line, attempting to copy and paste non-ASCII characters
will result in error messages like the following (and pasting from the
server to the client will not work):

```
CLIPBOARD  clipboard_send_data_response_for_text: 823 : ERROR: clipboard_send_data_response_for_text: bad string
```
2019-01-22 09:52:53 -08:00
Silvan Mosberger
120ce2f399
Merge pull request #54197 from dermetfan/fix/nixos-mysql
nixos/mysql: fix option `ensureDatabases`
2019-01-22 15:35:16 +01:00
Silvan Mosberger
2f9ef8c563
Merge pull request #54051 from Ma27/optional-prometheus-source_labels
nixos/prometheus: make `source_labels` optional
2019-01-22 15:18:06 +01:00
Jan Tojnar
dd3626c036
Merge pull request #53695 from chpatrick/gnome-flashback-session
nixos/gnome3: add GNOME Flashback sessions option
2019-01-21 12:01:32 +01:00
Patrick Chilton
b25095bcda nixos/gnome3: add GNOME Flashback sessions option 2019-01-21 11:17:49 +01:00
Wout Mertens
e445eabbe8
Merge pull request #41440 from wmertens/php-per-pool
phpfpm: allow configuring PHP package per-pool
2019-01-21 08:35:49 +01:00
Jörg Thalheim
1af4f366ca
nixos/postgresqlBackup: add backupAll option
For large setups it is useful to list all databases explicit
(for example if temporary databases are also present) and store them in extra
files.
For smaller setups it is more convenient to just backup all databases at once,
because it is easy to forget to update configuration when adding/renaming
databases. pg_dumpall also has the advantage that it backups users/passwords.

As a result the module becomes easier to use because it is sufficient
in the default case to just set one option (services.postgresqlBackup.enable).
2019-01-19 11:41:06 +00:00
worldofpeace
9d6fc7ad04 nixos/file-roller: init 2019-01-18 15:04:36 -05:00
Peter Hoeg
9f5b5fee9c
Merge pull request #48101 from peterhoeg/f/pykms_master
nixos pykms: run via DynamicUser
2019-01-18 15:52:12 +08:00
Peter Hoeg
eaa665e243
Merge pull request #53495 from peterhoeg/p/zm
zoneminder: init at 1.32.3 and add NixOS module
2019-01-18 15:49:28 +08:00
Robin Stumm
429c0bf60c nixos/mysql: fix option ensureDatabases
The database name needs to be quoted
in case it contains special characters
so the MySQL service does not fail to start.
2019-01-17 19:08:50 +01:00
Jan Tojnar
23c1a234dc
Merge pull request #54124 from jtojnar/remove-packages-by-name
nixos/desktops: deduplicate removePackagesByName
2019-01-17 16:05:14 +01:00
Jan Tojnar
bedc81fcb6
nixos/desktops: deduplicate removePackagesByName
GNOME, MATE and LxQt all use removePackagesByName. Let’s move it to a single
place, rename the attributes to meaningful name and add docs.
2019-01-17 07:13:25 +01:00
Maximilian Bosch
003132c2dd
nixos/prometheus: make source_labels optional
It's possible to skip `source_labels` entirely, an example for this is
the blackbox exporter configuration:

https://github.com/prometheus/blackbox_exporter#prometheus-configuration
2019-01-16 14:01:43 +01:00
Vladyslav M
95a0e24381
Merge pull request #53952 from Ma27/improve-gitea-module
nixos/gitea: minor fixes
2019-01-15 23:55:16 +02:00
Peter Hoeg
982354284d zoneminder (nixos): add basic module 2019-01-15 21:27:45 +08:00
Franz Pletz
d947944d70
Merge pull request #53962 from elseym/sonarr
sonarr service: add more options to module
2019-01-14 19:33:58 +00:00
elseym
44e1aabd02
nzbget service: fix preStart script and add more options to module 2019-01-14 20:30:44 +01:00
elseym
31ad79f432
sonarr service: add more options to module 2019-01-14 20:30:10 +01:00
Maximilian Bosch
f90bd42c89
nixos/gitea: add git to the service path
Otherwise commands like `git push` will fail if the machine doesn't have
git installed.
2019-01-14 16:04:02 +01:00
Maximilian Bosch
ad3a50e25b
nixos/gitea: add option to disable registration
Although this can be added to `extraOptions` I figured that it makes
sense to add an option to explicitly promote this feature in our
documentation since most of the self-hosted gitea instances won't be
intended for common use I guess.

Also added a notice that this should be added after the initial deploy
as you have to register yourself using that feature unless the install
wizard is used.
2019-01-14 16:04:02 +01:00
Jan Tojnar
e35acd7f1c gnome3: link nautilus-python paths to environment 2019-01-13 17:43:33 +01:00
Yorick
4d68e82dbc nixos/borgbackup: use coercedTo instead of apply on paths (#53756)
so multiple declarations merge properly
2019-01-10 16:34:02 +01:00
Vladimír Čunát
829ada37bf
Merge #53365: nixos/nsd: Don't override bind via nixpkgs.config 2019-01-10 11:00:40 +01:00
Aaron Andersen
fd5a88687c nixos/httpd: add options sslCiphers & sslProtocols 2019-01-09 11:30:19 -05:00
Robin Gloster
c75571d66c
Merge pull request #53598 from mayflower/atlassian-updates
atlassian updates
2019-01-08 17:56:13 +00:00
wedens
5798d12842 nixos/earlyoom: add notificationsCommand option
Add option for specifying command that will be used for sending notifications.
See https://github.com/rfjakob/earlyoom#notifications for details.
2019-01-08 22:14:48 +07:00
Silvan Mosberger
6a942aec5b
Merge pull request #52765 from Izorkin/datadog-agent
datadog-agent: 6.4.2 -> 6.8.3
2019-01-08 16:01:26 +01:00
Izorkin
47a8b13efa datadog-agent: 6.4.2 -> 6.8.3 2019-01-08 11:16:44 +03:00
Robin Gloster
89d24aca93
atlassian-crowd: 3.2.5 -> 3.3.3 2019-01-07 21:54:23 +01:00
Franz Pletz
b60f8fc6e2
atlassian modules: don't chown home recursively
This can take a long time and should not be necassary anyway.
2019-01-07 21:54:20 +01:00
Matthew Bauer
de30f4e61d
Merge pull request #51570 from eonpatapon/cassandra-logging
cassandra: add option to configure logging
2019-01-07 12:41:07 -06:00
Bas van Dijk
6ac10cd764
Merge pull request #53399 from LumiGuide/feat-wordpress-copy-plugins
apache-httpd/wordpress: copy plugins and themes instead of symlinking
2019-01-07 13:41:29 +01:00
Tim Steinbach
289fe57eea
urxvt: Allow switching out package 2019-01-07 07:35:20 -05:00
Falco Peijnenburg
9d2c9157d7 nixos/apache-httpd/wordpress: copy plugins and themes instead of symlinking
Symlinking works for most plugins and themes, but Avada, for instance, fails to
understand the symlink, causing its file path stripping to fail. This results in
requests that look like:

https://example.com/wp-content//nix/store/...plugin/path/some-file.js

Since hard linking directories is not allowed, copying is the next best thing.
2019-01-06 17:51:31 +01:00
Frederik Rietdijk
e5381cdece Merge master into staging-next 2019-01-06 09:36:23 +01:00
Jörg Thalheim
09fb07e4af
Merge pull request #52943 from ck3d/vdr-enableLirc
nixos vdr: introduce option enableLirc
2019-01-05 17:51:41 +01:00
Jörg Thalheim
9b2f0fbcdd
nixos/lirc: expose socket path via passthru 2019-01-05 13:22:39 +01:00
Frederik Rietdijk
9618abe87c Merge master into staging-next 2019-01-04 21:13:19 +01:00
aszlig
6446d9eee8
nixos/nsd: Improve checking for empty dnssec zones
While at it (see previous commit), using attrNames in combination with
length is a bit verbose for checking whether the filtered attribute set
is empty, so let's just compare it against an empty attribute set.

Signed-off-by: aszlig <aszlig@nix.build>
2019-01-04 01:59:28 +01:00
aszlig
751bdacc9b
nixos/nsd: Don't override bind via nixpkgs.config
When generating values for the services.nsd.zones attribute using values
from pkgs, we'll run into an infinite recursion because the nsd module
has a condition on the top-level definition of nixpkgs.config.

While it would work to push the definition a few levels down, it will
still only work if we don't use bind tools for generating zones.

As far as I could see, Python support for BIND seems to be only needed
for the dnssec-* tools, so instead of using nixpkgs.config, we now
directly override pkgs.bind instead of globally in nixpkgs.

To illustrate the problem with a small test case, instantiating the
following Nix expression from the nixpkgs source root will cause the
mentioned infinite recursion:

  (import ./nixos {
    configuration = { lib, pkgs, ... }: {
      services.nsd.enable = true;
      services.nsd.zones = import (pkgs.writeText "foo.nix" ''
        { "foo.".data = "xyz";
          "foo.".dnssec = true;
        }
      '');
    };
  }).vm

With this change, generating zones via import-from-derivation is now
possible again.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @pngwjpgh
2019-01-04 01:49:50 +01:00
Jean-Philippe Braun
4f99f8d2cb nixos/prometheus-bind-exporter: add module 2019-01-03 21:14:21 +01:00
Frederik Rietdijk
2da31b80bb Merge master into staging-next 2019-01-03 20:07:35 +01:00
Silvan Mosberger
2b1c9fd8a7
Merge pull request #53301 from cdepillabout/remove-cpufreqgov-alias
nixos/cpufreq: Remove the alias to set the cpu frequency governor
2019-01-03 17:47:53 +01:00
(cdep)illabout
46ecec8239
nixos/cpufreq: Remove the alias to set the cpu frequency governor
This PR temporarily fixes the issue with PR 53041 as explained
here:

https://github.com/NixOS/nixpkgs/pull/53041#commitcomment-31825338

The alias `powerManagement.cpufreq.governor` to
`powerManagement.cpuFreqGovernor` has been removed.
2019-01-03 20:57:49 +09:00
Сухарик
a285cead44 nixos/display-managers: allow pure wayland sessions 2019-01-03 09:38:36 +03:00
Frederik Rietdijk
092e3b50a8 Merge master into staging-next 2019-01-02 21:08:27 +01:00
ajs124
325e314aae
sshd: Add restartTrigger for sshd_config
Co-Authored-By: Franz Pletz <fpletz@fnordicwalking.de>
2019-01-02 20:11:01 +01:00
Franz Pletz
0ea65cd96c
shairport-sync service: fix default arguments 2019-01-02 19:17:22 +01:00
(cdep)illabout
b0f10d2d53
cpufreq: add option for setting the cpu max and min frequencies
This adds a NixOS option for setting the CPU max and min frequencies
with `cpufreq`.  The two options that have been added are:

- `powerManagement.cpufreq.max`
- `powerManagement.cpufreq.min`

It also adds an alias to the `powerManagement.cpuFreqGovernor` option as
`powerManagement.cpufreq.governor`.  This updates the installer to use
the new option name.  It also updates the manual with a note about
the new name.
2019-01-01 19:18:12 +09:00
Frederik Rietdijk
070290bda7 Merge master into staging-next 2018-12-31 12:00:36 +01:00
Silvan Mosberger
070254317e
Revert "nixos/ddclient: make RuntimeDirectory and configFile private" 2018-12-29 16:53:43 +01:00
Christian Kögler
987fdea1a8 nixos vdr: introduce option enableLirc
also introduce option socket for lirc, to have access to socket path
2018-12-26 22:59:06 +01:00