Commit Graph

11027 Commits

Author SHA1 Message Date
Sarah Brofeldt
358a1c8a28 nixos/tests/nix-ssh-serve.nix: Use stable nix (#47584) 2018-10-01 23:01:38 +02:00
lewo
56b4db9710
Merge pull request #47411 from graham-at-target/multi-layered-images-crafted
Multi-Layered Docker Images
2018-10-01 09:48:24 +02:00
xeji
9afdcb20f9
Merge pull request #46400 from oxij/nixos/release-config
nixos: release.nix: add `configuration` parameter
2018-09-30 21:00:42 +02:00
Johan Thomsen
a91c293aaf kubernetes: 1.11.3 -> 1.12.0
- kubelet CAdvisor port has been removed
2018-09-30 14:49:26 +02:00
Graham Christensen
8413f22bb3
docs: format 2018-09-29 20:51:11 -04:00
Graham Christensen
9622cd3b38
Revert "Revert "doc: Update section about imperative containers""
I fixed the problem.

This reverts commit 74df71bc8b.
2018-09-29 20:43:06 -04:00
Will Dietz
243e28bc96 nix-daemon: only add channels dir to NIX_PATH if exists
Per reviewer comment (thanks!).
2018-09-29 20:29:33 -04:00
Will Dietz
f3a114e088 NIX_PATH: don't prepend $HOME-based value in session variable, set later
environment.sessionVariables cannot refer to the values of env vars,
and as a result this has caused problems in a variety of scenarios.

One use for these is that they're injected into /etc/profile,
elewhere these are used to populate an 'envfile' for pam
(`pam 5 pam_env.conf`) which mentions use of HOME being
potentially problematic.

Anyway if the goal is to make things easier for users,
simply do the NIX_PATH modification as extraInit.

This fixes the annoying problems generated by the current approach
(#40165 and others) while hopefully serving the original goal.

One way to check if things are borked is to try:

$ sudo env | grep NIX_PATH

Which (before this change) prints NIX_PATH variable with
an unexpanded $HOME in the value.

-------

This does mean the following won't contain user channels for 'will':
$ sudo -u will nix-instantiate --eval -E builtins.nixPath

However AFAICT currently they won't be present either,
due to unescaped $HOME.  Unsure if similar situation for other users
of sessionVariables (not sudo) work with current situation
(if they exist they will regress after this change AFAIK).
2018-09-29 20:29:33 -04:00
Tuomas Tynkkynen
74df71bc8b Revert "doc: Update section about imperative containers"
This reverts commit f309440ee3.

Breaks manual build:

https://nix-cache.s3.amazonaws.com/log/wnjcy6n5f871bpyy9nd06smiz1ggv99c-nixos-manual-combined.drv
2018-09-30 03:18:58 +03:00
Elis Hirwing
aba95986d2
lidarr: init at 0.3.1.471
Fork of sonarr (as radarr) but for music instead of series and movies.
2018-09-29 21:40:29 +02:00
Matthew Bauer
21c26ca390
Merge pull request #46607 from rembo10/sickbeard
Sickbeard/Sickgear/Sickrage: Init and module
2018-09-29 13:58:43 -05:00
Jörg Thalheim
d6665b43dd
Merge pull request #47473 from arianvp/imperative-doc-fix
doc: Update section about imperative containers
2018-09-29 19:18:29 +01:00
Maximilian Bosch
1e211a70cb nixos/zsh: use `escapeShelLArg' for shell aliases (#47471)
Previously single quotes were used by default for aliases and the module
never warned about possible collisions when having a shell alias which
relies on single quotes.

Adding `escapeShellArg` works around this fixes the issue and ensures that a
properly quoted value is written to `/etc/zshrc`.
2018-09-28 23:42:55 +02:00
xeji
f7c434b2a6
Merge pull request #47449 from griff/remove-rspamd-socket-activation
nixos/rspamd: Remove non-working socket activation
2018-09-28 21:03:04 +02:00
Brian Olsen
783a58f363
nixos/rspamd: Remove non-working socket activation
The socket activation I added to the rspamd module doesn't actually work
and can't be made to work without changes to rspamd.

See: #47421
See: rspamd/rspamd#2035
2018-09-28 19:43:34 +02:00
aszlig
fd8bca45c9
nixos/kexec: Fix typo in meta.platforms
Evaluation error introduced in 599c4df46a.

There is only a "platformS" attribute in kexectools.meta, so let's use
this and from the code in the kexec module it operates on a list,
matching the corresponding platforms, so this seems to be the attribute
the original author intended.

Tested by building nixos/tests/kexec.nix on x86_64-linux and while it
evaluates now, the test still fails by timing out shortly after the
kexec:

machine: waiting for the VM to finish booting
machine# Cannot find the ESP partition mount point.

This however seems to be an unrelated issue and was also the case before
the commit mentioned above.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra, @dezgeg
2018-09-28 17:44:42 +02:00
Tuomas Tynkkynen
599c4df46a nixos/kexec: Replace meta.available checks
This sort of code breaks config.{allowBroken, allowUnsupportedSystem} =
true by making them do unpredictable things.
2018-09-28 15:01:00 +03:00
Arian van Putten
f309440ee3 doc: Update section about imperative containers
Nix commands inside the container have been broken since 18.03,
and no fix is yet in sight.  Lets remove from the documentation
that this is a usecase that we support, as it doesn't seem
likely that this will be fixed before 18.09 either.

See #40355
2018-09-28 13:52:29 +02:00
Jörg Thalheim
1d65e473e7
Merge pull request #47462 from Mic92/fix-logind-user-temp
systemd: don't restart user-runtime-dir@ on upgrades
2018-09-28 12:10:02 +01:00
Jörg Thalheim
aa69bb5743 systemd: don't restart user-runtime-dir@ on upgrades
Likewise logind we should not try to restart this service after upgrade,
the user's current session depends on it.
2018-09-28 11:37:20 +01:00
Tuomas Tynkkynen
d6e3db44cf Add ssh backdoor to VM tests infrastructure.
Thanks to @dezgeg for prototype implementation, I've
cleaned it up and added documentation.
2018-09-28 10:53:08 +01:00
Graham Christensen
fb2d153dac
dockerTools: test buildLayeredImage 2018-09-27 14:19:43 -04:00
Jörg Thalheim
2dc1d75eb4
Merge pull request #35690 from griff/rspamd-socketruntime
nixos/rspamd: Preserve runtime directory when using socket activation
2018-09-27 14:09:12 +01:00
Franz Pletz
e7ca9af4cc
shairport-sync: fix pulseaudio support & default arguments 2018-09-26 18:12:02 +02:00
Domen Kožar
82feb4b66e
postgresql: give postgres user a shell 2018-09-26 12:11:40 +01:00
zimbatm
9fb79868ab google-compute-engine: 20180510 -> 20180905
The list of corresponding NixOS services are also updated
2018-09-26 11:48:16 +02:00
aszlig
9bfd864c59
Merge reording asserts in NixOS eval (#47293)
Changes the evaluation order in that it evaluates assertions before
warnings, so that eg. the following would work:

  { config, lib, ... }:

  {
    options.foo = lib.mkOption {
      type = lib.types.bool;
      default = true;
      description = "...";
    };

    options.bar = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = "...";
    };

    config = lib.mkMerge [
      (lib.mkIf config.bar {
        system.build.bar = "foobar";
      })
      (lib.mkIf config.foo {
        assertions = lib.singleton {
          assertion = config.bar;
          message = "Bar needs to be enabled";
        };
        systemd.services.foo = {
          description = "Foo";
          serviceConfig.ExecStart = config.system.build.bar;
        };
      })
    ];
  }

This is because the systemd module includes definitions for warnings
that would trigger evaluation of the config.system.build.bar definition.

The original pull request references a breakage due to the following:

  {
    services.nixosManual.enable = false;
    services.nixosManual.showManual = true;
  }

However, changing the eval order between asserts and warnings clearly is
a corner case here and it only happens because of the aforementioned
usage of warnings in the systemd module and needs more discussion.

Nevertheless, this is still useful because it lowers the evaluation time
whenever an assertion is hit, which is a hard failure anyway.
2018-09-26 01:18:41 +02:00
aszlig
c5bb43188d
nixos: Fix eval error for documentation.nixos
Introduced by 0f3b89bbed.

If services.nixosManual.showManual is enabled and
documentation.nixos.enable is not, there is no
config.system.build.manual available, so evaluation fails. For example
this is the case for the installer tests.

There is however an assertion which should catch exactly this, but it
isn't thrown because the usage of config.system.build.manual is
evaluated earlier than the assertions.

So I split the assertion off into a separate mkIf to make sure it is
shown appropriately and also fixed the installation-device profile to
enable documentation.nixos.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @oxij
2018-09-25 23:39:44 +02:00
Alexey Lebedeff
afa2be4464 rabbitmq module: modernize after package upgrade
- Use socket-activated epmd - that way there won't be any trouble when
  more than one erlang system is used within a single host.
- Use new automation-friendly configuration file format
- Use systemd notifications instead of buggy 'rabbitmqctl wait' for
  confirming successful server startup.
  'wait' bug: https://github.com/rabbitmq/rabbitmq-server/issues/463
- Use 'rabbitmqctl shutdown' instead of 'stop', because it's not
  pid-file based
- Use sane systemd unit defaults from RabbitMQ repo:
  https://github.com/rabbitmq/rabbitmq-server/blob/master/docs/rabbitmq-server.service.example
- Support for external plugins
2018-09-25 11:19:23 +02:00
Alexey Lebedeff
a6ff5865d1 rabbitmq-server: 3.6.10 -> 3.7.8
- New dependency on 'getconf' binary for
  3aa619e9ef/src/vm_memory_monitor.erl (L448)
- New dependency on 'socat' for systemd notifications
  4a3ee3a336/src/rabbit.erl (L361)
- elixir_1_6 for a new 'rabbitmqctl' tool
- Replace patching with providing custom PATH, as we already have some
  other things here
- Renamed package in all-packages.nix from a legacy spelling
2018-09-25 11:19:23 +02:00
Sarah Brofeldt
ded8f28c3a Revert "virtualization/qemu-vm: fix and improve virtio/scsi switching"
This reverts commit f777d2b719.
cc #34409
This breaks evaluation of the tested job:
attribute 'diskInterface' missing, at /nix/store/5k9kk52bv6zsvsyyvpxhm8xmwyn2yjvx-source/pkgs/build-support/vm/default.nix:316:24
2018-09-25 11:10:10 +02:00
Michael Raskin
61abf3bbd9
Merge pull request #47298 from oxij/nixos/doc-in-installer
nixos: fix fallout from #46193
2018-09-25 09:00:43 +00:00
WilliButz
78ad8d4a62 nixos/gitlab: rebuild authorized_keys during preStart
This updates the path to the 'gitlab-shell' to the
correct store path when gitlab is restarted.
2018-09-25 03:53:32 +02:00
Robin Gloster
dc915565ba gitlab module: workhorse may start before gitlab 2018-09-25 03:53:32 +02:00
Kristoffer Thømt Ravneberg
f17f59ca8e nixos/gitlab: avoid creating recursive symlinks, add gitlab-rake deps 2018-09-25 03:53:32 +02:00
xeji
bc22265e65
Merge pull request #47296 from matthewbauer/closure-size-reductions
ISO/OVA closure size reductions
2018-09-24 23:21:02 +02:00
Jan Malakhovski
1a6ce11518 nixos: doc: fix minimal profile and installer configs 2018-09-24 21:07:59 +00:00
Jan Malakhovski
3c0cced272 nixos: doc: nixos-manual: fix assert 2018-09-24 21:07:55 +00:00
Austin Seipp
0ce90d58cc nixos/chrony: clean up, rework to be a little closer to upstream
Most importantly, this sets PrivateTmp, ProtectHome, and ProtectSystem
so that Chrony flaws are mitigated, should they occur.

Moving to ProtectSystem=full however, requires moving the chrony key
files under /var/lib/chrony -- which should be fine, anyway.

This also ensures ConditionCapability=CAP_SYS_TIME is set, ensuring
that chronyd will only be launched in an environment where such a
capability can be granted.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-09-24 15:42:44 -05:00
Michael Raskin
ce411911e8
Merge pull request #47289 from 1000101/master
trezord: 2.0.14 -> 2.0.19 and nixos/trezord: revised and updated udev rules
2018-09-24 20:08:44 +00:00
Matthew Bauer
2b7d6e463e nixos: don’t enableQt4Support for installer profile
This is already done in
installer/cd-dvd/installation-cd-graphical-kde.nix but not in
profiles/graphical.nix. Related to #47256.
2018-09-24 15:07:25 -05:00
Jan Malakhovski
563d5b1c87 nixos: top-level: indent 2018-09-24 19:45:16 +00:00
Jan Malakhovski
fece91537b nixos: top-level: evaluate assertions before warnings
or else at least the following config will fail with an evaluation error
instead of an assert

```
{
  services.nixosManual.enable = false;
  services.nixosManual.showManual = true;
}
```
2018-09-24 19:45:15 +00:00
Domen Kožar
6eacc17157
nixos tests: move common configuration into separate file
This allows tests outside nixos to use acme setup.
2018-09-24 20:07:33 +01:00
1000101
082bf52e31 nixos/trezord: revised and updated udev rules
nixos/trezord: revised and updated udev rules
2018-09-24 19:55:14 +02:00
xeji
9163c057e7
Merge pull request #47155 from xeji/p/installer-tests
nixos/tests/installer: prevent race between parted and udev
2018-09-24 18:59:50 +02:00
xeji
c525111133
nixos/tests/hound: fix non-deterministic failure (#47152)
The test failed on Hydra in one instance because a request to the
server was sent before indexing was finished.
Retry the request until it succeeds (or times out).
2018-09-24 17:31:46 +02:00
Edward Tjörnhammar
8ab4cbdac3 nixos: initrd/luks: make uuid specified devices discoverable 2018-09-24 16:35:46 +02:00
Jörg Thalheim
21b29cdd43
Merge pull request #34409 from steveeJ/steveej-qemu-vm-fixes
qemu-vm: fix script syntax and VM args
2018-09-24 11:59:52 +01:00
Eelco Dolstra
9c53116d49
Revert "nixos: set nixos in nixPath"
This reverts commit 67c8c49177.

'nix run nixos.firefox' is *not* supposed to work - the Nix 2.x
interface attempts to standardize on nixpkgs.*, to get rid of the
nixos/nixpkgs confusion that existed with the channels interface. So
let's not bring that confusion back.
2018-09-24 10:42:01 +02:00