Peter Hoeg
f5c0607f8d
mcelog: use .service file from upstream
2017-07-27 13:06:20 +08:00
rnhmjoj
a912a6a291
nginx: make enabling SSL port-specific
2017-07-27 03:45:53 +02:00
Graham Christensen
d4ef5ac0e9
nixos/tahoe: fixup create-introducer, syntax regression from 90acbe5
, improperly patched in 72f85b9e07
2017-07-26 19:13:21 -04:00
Graham Christensen
72f85b9e07
nixos/tahoe: fixup create-introducer, syntax regression from 90acbe5
2017-07-26 19:05:26 -04:00
Martin Wohlert
9be26f81ca
change swap.randomEncryption config option to "coercedTo" for backwards compatibility
2017-07-26 20:57:10 +03:00
Martin Wohlert
c3d5cfdc3c
swap: extend randomEncryption to plainOpen and ability to select cipher
2017-07-26 20:57:10 +03:00
John Ericson
9be40841ea
Merge remote-tracking branch 'upstream/master' into staging-base
...
Conflicts:
pkgs/build-support/cc-wrapper/default.nix
pkgs/build-support/gcc-wrapper-old/builder.sh
pkgs/build-support/trivial-builders.nix
pkgs/desktops/kde-4.14/kde-package/default.nix
pkgs/development/compilers/openjdk-darwin/8.nix
pkgs/development/compilers/openjdk-darwin/default.nix
pkgs/development/compilers/openjdk/7.nix
pkgs/development/compilers/openjdk/8.nix
pkgs/development/compilers/oraclejdk/jdk-linux-base.nix
pkgs/development/compilers/zulu/default.nix
pkgs/development/haskell-modules/generic-builder.nix
pkgs/misc/misc.nix
pkgs/stdenv/generic/builder.sh
pkgs/stdenv/generic/setup.sh
2017-07-26 13:46:04 -04:00
Peter Hoeg
588e3da3f4
Merge pull request #26761 from gnidorah/master3
...
qt5ct module: expose qtstyleplugins
2017-07-26 22:44:45 +08:00
Nikolay Amiantov
358abce837
autofs service: fix the manual
...
Fixes #27202 .
2017-07-26 15:24:43 +03:00
k0ral
a3e6df6ee2
environment.noXlibs: Disable gnome when noXLibs is set ( #27567 )
2017-07-26 08:54:42 +02:00
edef
10c6df2e3c
nixos/…/swap.nix: don't create a LUKS header for randomEncryption
...
Creating and then erasing the key relies on the disk erasing data
correctly, and otherwise allows attackers to simply decrypt swap just
using "secretkey". We don't actually need a LUKS header, so we can save
ourselves some pointless disk writes and identifiability.
In addition, I wouldn't have made the awful mistake of backing up my swap partition's LUKS header instead of my zpool's. May my data rest in peace.
2017-07-26 08:45:50 +02:00
0xABAB
90acbe5449
Cleanup tahoe module
...
- Remove useless escape of question mark
- Fix and quoting
- Add some '&&s' for correctness
- Add escapeShellArg
- Remove &&s in preStart
Edited by grahamc: fixed the ${} typo on line 246
2017-07-25 22:09:43 -04:00
Volth
00512470ec
tinc service: add CLI tools to the $PATH
...
Now user can execute e.g. "sudo tinc.netname dump nodes"
2017-07-25 23:13:58 +02:00
Jörg Thalheim
97544a6c38
Merge pull request #27627 from volth/zookeeper-escape-shell
...
nixos/zookeeper: escape cfg.extraCmdLineOptions
2017-07-25 07:46:05 +01:00
Charles Strahan
c1fdf3341b
Merge pull request #27347 from cstrahan/osquery-new
...
osquery: init at 2.5.2
2017-07-24 21:51:10 -04:00
Charles Strahan
53426f6cb9
osquery: init at 2.5.2
2017-07-24 21:47:32 -04:00
Volth
f2bfb459c4
nixos/zookeeper: escape cfg.extraCmdLineOptions
2017-07-24 22:27:58 +00:00
Aristid Breitkreuz
63190540a8
wireguard: sometimes module tries to re-add the default route, which fails - use replace to make it succeed
2017-07-23 23:08:39 +02:00
Joachim F
1a768eba2a
Merge pull request #26632 from jazmit/nixpkgs
...
coturn: allow use of ports < 1024
2017-07-23 12:56:05 +01:00
gnidorah
9f61c7f947
qt5ct module: expose qtstyleplugins
2017-07-23 12:56:04 +03:00
Frederik Rietdijk
29f91c107f
Merge remote-tracking branch 'upstream/master' into HEAD
2017-07-23 11:23:43 +02:00
Jörg Thalheim
b1bff52a5c
Merge pull request #27469 from Ma27/oh-my-zsh/make-pkg-configurable
...
programs.zsh.ohMyZsh: add `package` option to make package overrides on module-base easier
2017-07-22 10:00:35 +01:00
Thomas Tuegel
6a004bf9c8
Merge branch 'master' into bugfix/staging/stdenv
2017-07-21 20:36:34 -05:00
Joel Thompson
9dc51dc00d
exhibitor: Fix bugs in previous package
...
The previous package didn't build properly due to a bug in the build
script, and the nixos module didn't evaluate due to missing descriptions
in the options. This fixes both issues.
It also adds missing command-line options that weren't able to be set
and properly converts bools to the strings exhibitor expects.
2017-07-21 16:14:04 -04:00
Franz Pletz
1697684591
docker module: fix autoPrune.enable description
...
cc #27503
2017-07-21 16:54:40 +02:00
Joel Thompson
4b42fc4b8a
exhibitor: init at 3.4.9
...
Initial Exhibitor nix package and nixos module for Netflix's Exhibitor,
which is a manager for Apache Zookeeper.
2017-07-21 09:45:37 -04:00
Rhys
8777174d60
nixos/oauth2_proxy: actually pass provider-specific options
...
Syntax errors prevented important parameters from being passed to
oauth2_proxy, which could have permitted unauthorised access to
services behind the proxy.
2017-07-21 00:27:06 +02:00
Pascal Bach
22acfd0327
docker service: add option to do automatic pruning
...
This allows to run the prune job periodically on a machine.
By default the if enabled the job is run once a week.
The structure is similar to how system.autoUpgrade works.
2017-07-20 20:33:16 +02:00
Michael Peyton Jones
b09c87ab47
Factorio service: fix typo in attribute path
2017-07-20 20:32:25 +02:00
Franz Pletz
00b6ac7bd3
Merge pull request #26419 from roblabla/feature-sasl
...
cyrus-sasl: Add saslauthd service and LDAP support
2017-07-20 20:23:52 +02:00
Maximilian Bosch
95bf0cc1cb
programs.zsh.ohMyZsh: add package
option to make package overrides on module-base easier
2017-07-20 08:54:10 +02:00
Graham Christensen
2b2a6f2070
nixos/ldap: remove tls_checkpeer no when using TLS
2017-07-19 19:23:40 -04:00
Daiderd Jordan
a03d6116ce
gitlab: fix archive urls for gitlab service
...
Accessing an url like https://gitlab.example.org/group/project/repository/archive.tar.gz?ref=master
requires tar/gzip to be in the path of the gitlab-workhorse service otherwise it fails.
2017-07-19 21:34:17 +02:00
zimbatm
14f53e5251
Merge pull request #26214 from zimbatm/google-compute-image
...
Google compute image
2017-07-19 09:49:20 +01:00
Benno Fünfstück
99fbd867ef
Merge pull request #27031 from jerith666/cnijfilter-2-80
...
cnijfilter: init at 2.80
2017-07-18 14:37:32 +02:00
Rob Vermaas
ec313abdce
Add file with Azure image locations, similar to ec2-amis.nix. Will be used by nixops.
...
(cherry picked from commit e93f26847ea41cce6633b6a0feb6ce31b0722d5d)
2017-07-18 09:18:51 +00:00
Rob Vermaas
412bfda422
Add file with GCE image locations, similar to ec2-amis.nix. Will be used by nixops.
...
(cherry picked from commit 9d810ddcc1938a90090fd60f8924f4e83acbeee2)
2017-07-18 09:16:15 +00:00
Eelco Dolstra
17642b5fd0
nix: 1.11.12 -> 1.11.13
2017-07-18 10:54:01 +02:00
Jörg Thalheim
26f85e4253
Merge pull request #27410 from florianjacob/journalwatch
...
journalwatch & journalwatch service: init at 1.1.0
2017-07-18 08:19:33 +01:00
Aristid Breitkreuz
9b0ff955fd
wireguard: allow not storing private keys in world-readable /nix/store ( #27433 )
...
* wireguard: allow not storing private keys in world-readable /nix/store
2017-07-17 23:55:31 +02:00
Falco Peijnenburg
b09d036342
Strongswan after network-online instead of network
...
The systemd service file shipped with strongswan has strongswan started after `network-online`. It turns out that this is for good reason: failure to connect on boot otherwise.
See this thread on the mailing list, which my colleague initiated after finding that our NixOS strongswan config wouldn't connect on boot:
https://lists.strongswan.org/pipermail/users/2017-January/010359.html
Tested on a local config (which has the strongswan service config overridden).
2017-07-17 20:17:58 +02:00
Wout Mertens
c4783a982b
nginx: add gzip_vary to recommended settings
...
Google PageSpeed recommends turning this on to allow proxies to cache
2017-07-17 20:15:59 +02:00
Jörg Thalheim
04c944cdb4
Merge pull request #27057 from Nadrieril/bitlbee-libpurple
...
bitlbee service: Add option to load libpurple plugins into bitlbee
2017-07-17 18:07:43 +01:00
Robin Gloster
b8d92a7840
programs.gnupg: use extraInit instead of interactiveShellInit
...
Otherwise some programmes cannot use the GPG agent, e.g. applications
started from dmenu.
Behaviour was changed in #26888 , this reverts that part.
2017-07-17 18:45:37 +02:00
Frederik Rietdijk
3eceecb90d
Merge remote-tracking branch 'upstream/master' into HEAD
2017-07-17 13:52:01 +02:00
Matt McHenry
67d02cd60a
cnijfilter: init at 2.80
...
this driver reads support files from lib/bjlib as well as lib/cups,
which is why the path in cupsd.nix is tweaked
2017-07-17 07:32:23 -04:00
Nadrieril
8669fb1f96
tinc service: BindToAddress and ListenAddress are different options, they should not be mistaken
2017-07-17 13:07:49 +02:00
Benno Fünfstück
1d78df2729
Merge pull request #27000 from Balletie/fix/pulseaudio-alsa-conf
...
pulseaudio: Resolve conflicting asound.conf of pulseaudio and alsa
2017-07-17 08:20:38 +02:00
volth
870375e19d
all-hardware.nix: add VMware support. ( #27430 )
...
NixOS does not boot in VMware guest without these modules
2017-07-17 02:38:10 +02:00
Graham Christensen
8df6d351c4
Merge pull request #26912 from knedlsepp/fix-autoResize
...
nixos: Force check the filesystem before resizing
2017-07-16 16:54:54 -04:00
Graham Christensen
3d176b7ff1
Merge pull request #25670 from Mic92/cups-hardening
...
cups: mount private /tmp
2017-07-16 16:41:33 -04:00
Graham Christensen
6b879ef36e
Merge pull request #23964 from benley/nixos-manual-launcher
...
nixos: nix snowflake logo for the nixos manual launcher
2017-07-16 16:28:30 -04:00
aszlig
b618843860
nixos/taskserver: Fix manual PKI management
...
The helper tool had a very early check whether the automatically created
CA key/cert are available and thus it would abort if the key was
unavailable even though we don't need or even want to have the CA key.
Unfortunately our NixOS test didn't catch this, because it was just
switching from a configuration with an automatically created CA to a
manual configuration without deleting the generated keys and certs.
This is done now in the tests and it's also fixed in the helper tool.
Reported-by: @jpotier
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-16 20:38:15 +02:00
Jörg Thalheim
c2cf696430
nixos/agetty: override upstream default
...
Since systemd 234 we keep default value for ExecStart in the upstream service file.
Therefor we need to override it in our module.
2017-07-16 18:29:57 +01:00
Nadrieril
65e38b7c52
bitlbee service: Add option to load libpurple plugins into bitlbee
2017-07-16 14:19:39 +01:00
Franz Pletz
951b932456
Merge pull request #27403 from rnhmjoj/nginx
...
nginx: make listen addresses configurable
2017-07-16 13:50:18 +02:00
Christian Kögler
e8a8f1233a
snapper: add nixos module
...
fixes #27154
2017-07-16 10:06:42 +01:00
Florian Jacob
63bb133373
journalwatch & journalwatch service: init at 1.1.0
2017-07-16 00:14:19 +02:00
zimbatm
c93d68b6ed
google-compute-image module: use google services
...
This adds a few google-specific services to setup the machine.
Accounts are now dynamically created using the google-accounts-daemon,
which allows to click on the "SSH" button in the console and have it
working.
The NixOS image now supports the userdata startup and shutdown scripts.
Misc:
* add all the google services from https://github.com/GoogleCloudPlatform/compute-image-packages/tree/master/google_compute_engine_init/systemd
* add udev rules for disk labels
* synched sysctl rules with https://github.com/GoogleCloudPlatform/compute-image-packages/blob/master/google_config/sysctl/11-gce-network-security.conf
2017-07-15 19:36:38 +01:00
Bjørn Forsman
b8e109d6ac
nixos/libvirt: prevent OVMF path from being garbage collected
...
Use xmlstarlet to update the OVMF path on each startup, like we do for
<emulator>...qemu-kvm</emulator>.
A libvirt domain using UEFI cannot start if the OVMF path is garbage
collected/missing.
2017-07-14 22:07:57 +02:00
Bjørn Forsman
292827b0e0
nixos/libvirt: modify xml with xmlstarlet
...
Instead of grep and sed, which is brittle.
(I don't know how to preserve the comment we currently add to say that
this line is auto-updated. But I don't think it adds much value, so I'm
not spending any effort on it.)
2017-07-14 22:07:57 +02:00
rnhmjoj
e40f3bea3e
nginx: make listen addresses configurable
2017-07-14 21:26:54 +02:00
Bjørn Forsman
407b56986e
nixos/lighttpd: fix indent (tab -> space)
2017-07-14 20:37:25 +02:00
Joachim Schiele
af7c7b42c1
postfix: complete remake of postfix service ( #27276 )
2017-07-14 16:55:53 +02:00
Bjørn Forsman
8a35f751d1
nixos/spice-vdagentd: remove needless shell
2017-07-14 16:28:25 +02:00
Daniel Fullmer
627260ddbf
gnupg agent module: Only set tty for interactive shells
2017-07-14 00:22:20 +02:00
Daniel Fullmer
38e971d2e1
gnupg agent module: Fix dirmngr.enable option
2017-07-14 00:22:20 +02:00
Daniel Fullmer
3d360a5ffb
gnupg agent module: Remove unnecessary unit configuration
...
These just seem to duplicate upstream systemd units, which are already
included in nixos configuration by systemd.packages
2017-07-14 00:22:20 +02:00
Eelco Dolstra
40cf34aaae
nix: 1.11.11 -> 1.11.12
2017-07-13 16:37:11 +02:00
florianjacob
9937f13308
resolved: use resolved's static resolv.conf ( #27144 )
...
because it is upstream's recommended mode of operation:
https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
2017-07-13 14:40:31 +01:00
Jörg Thalheim
b14bcd873a
Merge pull request #27142 from florianjacob/resolved-multicastdns-support
...
networkd: Allow new MulticastDNS setting
2017-07-13 14:35:23 +01:00
Jörg Thalheim
c29b5b5a40
Merge pull request #27350 from veprbl/slurm
...
Bump slurm, add pyslurm
2017-07-13 09:32:51 +01:00
Dmitry Kalinkin
b917a8760e
slurm: 15-08-5-1 -> 17.02.6, slurm-llnl -> slurm
2017-07-13 03:13:05 -04:00
Daniel Peebles
598d79ae7d
Merge pull request #27341 from lheckemann/installer-fixes
...
nixos-install: quote nixos-prepare-root arguments
2017-07-13 00:31:44 -04:00
Peter Hoeg
5cb11abc9e
systemd: paths and slices are supported for user units too
2017-07-13 11:55:48 +08:00
Linus Heckemann
fa5700544b
nixos-install: quote nixos-prepare-root arguments
...
This prevents the script from breaking when channel_root is empty.
2017-07-12 21:58:25 +01:00
Charles Strahan
c79e0b2ba0
Merge pull request #26907 from volth/vault
...
vault: 0.6.5 -> 0.7.3 with service
2017-07-11 15:02:29 -04:00
Pascal Bach
c725924dfd
gitlab-runner service: support graceful termination ( #27222 )
...
The current behavior was for gitlab-runner is to immediately terminate when there
was a restart required. This can lead to aborted builds and is annoying to users.
By enabling graceful mode gitlab-runner will wait for all builds to finish before
terminating. The disadvantage is that a nixos-rebuild switch needs to wait till
all jobs are done. Because of that it is not enabled by default.
2017-07-11 15:38:46 +01:00
Valentin Shirokov
d29fc731b3
Example of networking.hosts is now literalExample
2017-07-09 23:12:57 +03:00
Christian Albrecht
ebaff599ba
nixos/auditd: init at 2.7.6 ( #27261 )
...
#11864 Support Linux audit subsystem
Add the auditd.service as NixOS module to be able to
generate profiles from /var/log/audit/audit.log
with apparmor-utils.
auditd needs the folder /var/log/audit to be present on start
so this is generated in ExecPreStart.
auditd starts with -s nochange so that effective audit processing
is managed by the audit.service.
2017-07-09 17:59:09 +01:00
Jörg Thalheim
e86a7e439a
Merge pull request #27229 from bachp/minio-more-config
...
minio service: add additional config options
2017-07-09 16:38:45 +01:00
Pascal Bach
0fb8456b13
minio service: add additional config options
...
Set access and secret key and disable browser.
Tests extended to do real operations against minio.
2017-07-09 15:19:50 +02:00
Daiderd Jordan
8189811d3f
Merge pull request #25648 from yacinehmito/custom
...
Make zshrc more predictable
2017-07-09 10:45:40 +02:00
Joachim F
a00a880572
Merge pull request #27055 from jfrankenau/mpd-startWhenNeeded
...
mpd service: Start when needed and harden
2017-07-09 09:34:31 +01:00
Valentin Shirokov
163393865f
Style optimizations
2017-07-09 08:56:36 +03:00
Valentin Shirokov
2f97993992
Documentation fixes
2017-07-09 00:28:05 +03:00
Michael Raskin
0d2d5e2147
Merge pull request #27143 from florianjacob/networkmanager-support-resolved
...
networkmanager service: use resolved if enabled
2017-07-08 22:34:09 +02:00
Valentin Shirokov
396db6493d
Style adjustments
...
Also dangerous typo fix
2017-07-08 23:04:47 +03:00
Valentin Shirokov
ca54c3f1aa
Typo fix
2017-07-08 22:30:02 +03:00
Valentin Shirokov
5f2826fbed
Added networking.hosts and networking.fqdn options
2017-07-08 21:13:16 +03:00
Frederik Rietdijk
ea5b2df865
Merge pull request #27094 from nand0p/buildbot-0.9.9
...
buildbot: 0.9.7 -> 0.9.9.post2
2017-07-07 17:48:29 +02:00
Fernando J Pando
f6a7b851d4
buildbot: 0.9.7 -> 0.9.9.post2
...
- adds grid-view plugin
- module fixup
- tested on nixos
2017-07-07 10:00:37 -04:00
Eelco Dolstra
707703185d
nixos-rebuild: Respect empty NIX_REMOTE
...
Fixes #11384 .
Note: in Nix 1.12, you can set NIX_REMOTE to "local" to avoid
ambiguity.
2017-07-07 11:58:10 +02:00
Yacine Hmito
1f70f3801b
Make zshrc more predictable
...
Originially, `programs.zsh` sets default values for some
initialisation scripts.
Nix resolves the case of multiple values by concatenating them all.
It is however impossible to predict where the default script will be
inserted; but we never want the default value to override the
user-specified ones.
Now, it doesn't set default values; almost everything is hardcoded at
the begining of the file.
2017-07-06 22:43:05 +02:00
Michael Raskin
05aa2a58db
Merge pull request #25600 from johnramsden/nylas-mail
...
nylas-mail: 2.0.32
2017-07-06 02:04:24 +02:00
John Ramsden
407324faa9
Rename nylas-mail to nylas-mail-bin.
...
Change pkg in module, and name in pkg.
2017-07-05 16:28:01 -07:00
Florian Jacob
cd8a1a7ceb
networkd: Allow new MulticastDNS setting
...
which gained an implementation in systemd v233
2017-07-05 13:48:18 +02:00
Vladimír Čunát
5328aac7be
Merge branch 'staging'
...
Comparison looks OK; I'll try some fixes on master directly.
http://hydra.nixos.org/eval/1372577?compare=1372497
2017-07-05 08:55:26 +02:00
zimbatm
4d545297d8
lib: introduce imap0, imap1 ( #25543 )
...
* lib: introduce imap0, imap1
For historical reasons, imap starts counting at 1 and it's not
consistent with the rest of the lib.
So for now we split imap into imap0 that starts counting at zero and
imap1 that starts counting at 1. And imap is marked as deprecated.
See c71e2d4235 (commitcomment-21873221)
* replace uses of lib.imap
* lib: move imap to deprecated.nix
2017-07-04 23:29:23 +01:00
Florian Jacob
12f54a5746
networkmanager service: use resolved if enabled
2017-07-04 23:50:56 +02:00