Commit Graph

7841 Commits

Author SHA1 Message Date
Jan Tojnar
0f21306ca3
Merge pull request #33900 from jtojnar/nginx-acme
nixos/nginx: allow using existing ACME certificate
2018-01-29 01:38:45 +01:00
Graham Christensen
f596aa0f4a
Revert "openssh: Build with Kerberos by default"
This reverts commit a232dd66ee.

Moving to staging
2018-01-28 16:32:52 -05:00
Aneesh Agrawal
a232dd66ee
openssh: Build with Kerberos by default
This can be disabled with the `withKerberos` flag if desired.
Make the relevant assertions lazy,
so that if an overlay is used to set kerberos to null,
a later override can explicitly set `withKerberos` to false.

Don't build with GSSAPI by default;
the patchset is large and a bit hairy,
and it is reasonable to follow upstream who has not merged it
in not enabling it by default.
2018-01-28 16:30:46 -05:00
Franz Pletz
36103e9863
nixos/powerManagement: remove duplicate definition
When not set just use the kernel default. `nixos-generate-config` will pick
a reasonable default.

cc #34350
2018-01-28 21:53:07 +01:00
Franz Pletz
50dda062d8
Merge pull request #34350 from Ma27/fix-powermanagement-default
nixos/powerManagement: set `cpuFreqGovernor` with `mkOptionDefault`
2018-01-28 14:46:51 +00:00
Jesper
2b270c1596 nixos/containers: Enable use of the network.useHostResolvConf option (#34354) 2018-01-28 14:42:15 +00:00
Maximilian Bosch
8ed3a90cdf
nixos/powerManagement: set cpuFreqGovernor with mkOptionDefault
`nixos-generate-config` detects the `cpuFreqGovernor` suited best for my
machine, e.g. `powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";`.

However the `powerManagement` module sets a sensitive default for
`cpuFreqGovernor` using `mkDefault` to avoid breackage with older
setups. Since 140ac2f1 the `hardware-configuration.nix` sets the
gorvernor with `mkDefault` as well which causes evaluation errors if the
powermanagement module is enabled:

```
error: The unique option `powerManagement.cpuFreqGovernor' is defined multiple times, in `/home/ma27/Projects/nixos-config/hardware-configuration.nix' and `/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/config/power-management.nix'.
```

Using `mkOptionDefault` rather than `mkDefault` in the powermanagement
module fixes this issue as it decreases the priority of the module and
prefers the value set in `hardware-configuration.nix`.

I have confirmed the change using the following VM declaration:

```
{
  cpuFreq = { lib, ... }: {
    powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
    powerManagement.enable = true;
  };
}
```
2018-01-28 09:38:45 +01:00
Luke Adams
1537ce9dc7 samba4/sambaMaster: Modify services to align with Samba project usage 2018-01-26 22:37:17 +01:00
Franz Pletz
cb7fe51ee6
nixos/postfix: separate list option elements with commas 2018-01-26 14:10:17 +01:00
WilliButz
9bd7798d9c
nixos/postfix: fix default postfix config
`services.postfix.config` is now correctly merged with the default attrset
specified in the module. Some options that are lists in postfix also
have to be lists in nix to be merged correctly. Other default options are
now set with `mkDefault` so they can be overridden via the module system.
2018-01-24 23:35:28 +01:00
Tuomas Tynkkynen
d02c2d694e nixos/sd-image-*.nix: Bring back high consoleLogLevel
3d040f9305 removed it from installation-device.nix, but the default
loglevel is just too low for ARM and the like.
2018-01-24 18:23:32 +02:00
Tuomas Tynkkynen
cd2e740dde nixos/sd-image-aarch64.nix: Set avoid_warnings in RPi config.txt
Also add some comments on the existing config settings as well.
2018-01-24 18:23:31 +02:00
Jörg Thalheim
e45dfded2b
Merge pull request #34052 from volth/patch-86
nixos/libvirtd: add qemu-img to $PATH of the daemon
2018-01-22 14:39:29 +00:00
Tuomas Tynkkynen
95880aaf06 nixos/initrd: Don't include some x86-specific modules unconditionally 2018-01-22 12:53:33 +02:00
Tuomas Tynkkynen
962e79ef32 nixos/make-disk-image.nix: Support EFI images
- Add a new parameter `imageType` that can specify either "efi" or
  "legacy" (the default which should see no change in behaviour by
  this patch).

- EFI images get a GPT partition table (instead of msdos) with a
  mandatory ESP partition (so we add an assert that `partitioned`
  is true).

- Use the partx tool from util-linux to determine exact start + size
  of the root partition. This is required because GPT stores a secondary
  partition table at the end of the disk, so we can't just have
  mkfs.ext4 create the filesystem until the end of the disk.

- (Unrelated to any EFI changes) Since we're depending on the
  `-E offset=X` option to mkfs which is only supported by e2fsprogs,
  disallow any attempts of creating partitioned disk images where
  the root filesystem is not ext4.
2018-01-22 11:18:23 +02:00
Graham Christensen
931a0b8be8
Merge pull request #34128 from teto/doc_simple
Doc: simple precisions
2018-01-21 22:40:36 -05:00
Matthieu Coudron
91648a2f22 environment.variables: give an example 2018-01-22 10:40:23 +09:00
Matthieu Coudron
d9ebd0d35b zsh doc: precise environment.shellAliases 2018-01-22 10:40:23 +09:00
Jörg Thalheim
a1e2f2a339 nixos/initrd-network: fix docbook syntax 2018-01-22 00:01:49 +00:00
Svein Ove Aas
5c5259d68d initrd-network: Document the need for modules 2018-01-21 17:43:41 +00:00
Leon Schuermann
04c4c01089 nixos/stunnel: add module (#33151) 2018-01-21 11:23:07 +00:00
Sarah Brofeldt
ed792d3a45
Merge pull request #33842 from mimadrid/fix/resilio-sync
resilio-sync: fixed typo knownHosts -> entry.knownHosts
2018-01-21 12:11:29 +01:00
Vladimír Čunát
5402412b97
Merge #33600: xfce: cleanup, hyphenate attributes 2018-01-21 09:52:58 +01:00
Jörg Thalheim
dfa6a81a31
Merge pull request #33331 from cransom/netdata-module
netdata service: fix permissions for apps.plugin
2018-01-19 23:19:29 +00:00
volth
c4eb23062e
nixos/libvirtd: add qemu-img to $PATH of the daemon
...because daemon's $PATH does not include "/run/current-system/sw/bin"
2018-01-19 16:28:01 +00:00
Jan Tojnar
d2d1a2dfba
Merge pull request #28882 from jtojnar/chrome-gnome-shell
chrome-gnome-shell: refactor
2018-01-19 13:40:42 +01:00
Leon Schuermann
c61a9dfd2e
sshd: provide option to disable firewall altering 2018-01-18 22:55:28 +08:00
Rob Vermaas
38538f3206
Merge pull request #33423 from AmineChikhaoui/gce-ssh-keys
Fix ssh keys retrieval in GCE instances
2018-01-18 13:06:00 +01:00
Leon Schuermann
f297ddb5c9 sudo: define extra rules in Nix language (#33905) 2018-01-17 14:56:08 +00:00
Francesco Gazzetta
356eeb0d4f nixos/mighttpd2: init 2018-01-16 21:04:09 +00:00
Robin Gloster
9bceb2b353
oh-my-zsh module: reword & fix manual build
docbook interpreted this as a tag and this sounded as if the option
defaulted to putting the cached directory into the nix store.

cc @Ma27 @fpletz
2018-01-16 21:02:54 +01:00
Maximilian Bosch
b55d4c0564 programs.zsh.ohMyZsh: add cacheDir option (#33150)
The default cache directory set by oh-my-zsh is $ohMyZsh/cache which
lives in the Nix store in our case. This causes issues with several
completion plugins provided by oh-my-zsh.
2018-01-16 17:29:46 +00:00
Jörg Thalheim
822c949833
Merge pull request #33915 from lheckemann/remove-amd-hybrid-graphics
amd-hybrid-graphics module: remove
2018-01-16 15:57:37 +00:00
Leon Schuermann
22e83d2667 openvpn: add warning about world-readable credentials 2018-01-16 11:40:16 +07:00
Linus Heckemann
730f8530a8 amd-hybrid-graphics module: remove
This was only applicable to very specific hardware, and the only person
with an apparent interest in maintaining it (me) no longer uses the
hardware in question.
2018-01-15 23:17:12 +00:00
Jan Tojnar
41d252d7a4
nixos/nginx: allow using existing ACME certificate
When a domain has a lot of subdomains, it is quite easy to hit the rate limit:

https://letsencrypt.org/docs/rate-limits/

Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.
2018-01-15 13:48:45 +01:00
Leon Schuermann
e45a06ebd1 openvpn: add option to store credentials 2018-01-15 14:34:58 +07:00
Joachim F
b6c696cc6f
Merge pull request #33444 from rnhmjoj/dnscrypt-wrapper
nixos/dnscrypt-wrapper: fix rotate script failing to restart the service
2018-01-14 11:33:02 +00:00
Sarah Brofeldt
ee4e6ebbfa
Merge pull request #32822 from LumiGuide/elk6
ELK: 5.6.1 -> 5.6.5 & add ELK 6.1.0
2018-01-14 10:40:50 +01:00
Miguel Madrid Mencía
22341c42e7
resilio-sync: fixed typo knownHosts -> entry.knownHosts 2018-01-13 23:44:39 +01:00
Jan Tojnar
38b6d7b60e
nixos/chrome-gnome-shell: init 2018-01-13 15:19:19 +01:00
Joachim F
ed250d8093
Merge pull request #27131 from richardlarocque/mosquitto_pw
mosquitto: Explicitly configure password file
2018-01-13 12:02:45 +00:00
Eelco Dolstra
dddcd10ecc
Don't set 'config.xorg = {}'
This makes memoization of Nixpkgs evaluation less effective, since
some Nixpkgs invocations may have 'config = {}' while others may have
'config = { xorg = {}; }'.

Instead set 'config = {}'.
2018-01-11 19:31:05 +01:00
zimbatm
1276a3b12a
nixos/acme: configurable TOS hash (#33522)
This hash tends to change and upstream simp_le doesn't seem to keep up
with the changes.
2018-01-11 14:19:15 +00:00
Jörg Thalheim
788c5195f3 Revert "nixos/udev: fix outdated udev rules for network devices"
This reverts commit 45c5a915980fbe1fa6f0ff80ab2d11b60b844d9e.

This breaks PredictableNetworkInterfaceNames on systems without networkd.
We should only include this file from systemd, when networkd is enabled.
2018-01-11 11:21:16 +00:00
Eelco Dolstra
6bbd67d45a
EC2 AMIs: 17.09.2356.cb751f9b1c3 -> 17.09.2681.59661f21be6 2018-01-10 13:16:49 +01:00
Joachim F
a6912f589e
Merge pull request #33629 from rnhmjoj/dnscrypt-proxy
Restore dnscrypt-proxy
2018-01-09 21:34:14 +00:00
John Ericson
eec050f395
Merge pull request #33577 from dtzWill/fix/cross-2
Minor cross fixes, 2
2018-01-09 12:36:53 -05:00
Vladimír Čunát
d6bf8eb71b
Merge #33614: nixos/kresd improvements
The PR was extended with other fixes.  All tested by me atop 17.09.
2018-01-09 17:26:31 +01:00
Ben Gamari
b2cbffae64 nixos/security-wrapper: Fix cross-compilation 2018-01-09 11:25:19 -05:00