Commit Graph

17254 Commits

Author SHA1 Message Date
Andreas Rammhold
819e8bb35f
nixos/networkd: rename the networkd dhcpConfig option to dhcpV4Config
This follows upstreams change in documentation. While the `[DHCP]`
section might still work it is undocumented and we should probably not
be using it anymore. Users can just upgrade to the new option without
much hassle.

I had to create a bit of custom module deprecation code since the usual
approach doesn't support wildcards in the path.
2020-05-01 13:33:54 +02:00
Andreas Rammhold
bb9b61e2b7
nixos/networkd: introduce the DHCPv6 network section eqivalent
You can now specify option for the `[DHCPv6]` section with
`systemd.network.<name>.dhcpV6Config.…`. Previously you could only use
the combined legacy DHCP configuration.
2020-05-01 13:33:54 +02:00
Andreas Rammhold
fc960a0123
nixos/networkd: add MaxAttempts and SendRelease to the DHCP options 2020-05-01 13:33:54 +02:00
Andreas Rammhold
7b78f0f098
nixos/networkd: remove CriticalConnection= fields in favor of KeepConnection
Systemd upstream has deprecated CriticalConnection with v244 in favor of
KeepConnection as that seems to be more flexible:

  The CriticalConnection= setting in .network files is now deprecated,
  and replaced by a new KeepConfiguration= setting which allows more
  detailed configuration of the IP configuration to keep in place.
2020-05-01 13:33:53 +02:00
Florian Klink
4e14ff6eac
Merge pull request #84139 from misuzu/gitlab-runner-multi
nixos/gitlab-runner: support multiple services
2020-05-01 12:37:28 +02:00
Michele Guerini Rocco
6c142fddb1
Merge pull request #84330 from das-g/xonsh-source-nixos-env
nixos/xonsh: source NixOS environment
2020-05-01 12:26:13 +02:00
misuzu
3853c27111 nixos/gitlab-runner: support multiple services 2020-05-01 12:52:43 +03:00
zowoq
b815de00f7 podman: use $out instead of $bin with buildGoPackage 2020-05-01 18:24:09 +10:00
Frederik Rietdijk
5a0a47050b nixos/release.nix: closures.lapp: use enablePHP, fixes metrics job #86439
Still building but this should fix the metrics job.
2020-05-01 10:07:04 +02:00
Frederik Rietdijk
484ee79050 Merge staging-next into staging 2020-05-01 08:57:10 +02:00
Aaron Andersen
5445b8d8d0
Merge pull request #83436 from mmilata/mediawiki-default-extensions
nixos/mediawiki: allow using default extensions
2020-04-30 21:03:15 -04:00
Florian Klink
3cdd558a6f nixosTests: drop nr_tests and failed_tests variables
With the tests now bailing out early on a failing subtest, we don't need
to keep a list of failed tests, or the number of total tests
2020-05-01 01:22:42 +02:00
Jacek Galowicz
b139bc0d87 nixosTests: Reraise exception in subtests 2020-05-01 01:22:42 +02:00
Félix Baylac-Jacqué
353a8b58e6
nixos/prosody: leverage systemd sandbox features to harden service
We are leveraging the systemd sandboxing features to prevent the
service accessing locations it shouldn't do. Most notably, we are here
preventing the prosody service from accessing /home and providing it
with a private /dev and /tmp.

Please consult man systemd.exec for further informations.
2020-04-30 20:40:00 +02:00
Félix Baylac-Jacqué
8aea528872
nixos/prosody: make defaults comply with XEP-0423
Setting up a XMPP chat server is a pretty deep rabbit whole to jump in
when you're not familiar with this whole universe. Your experience
with this environment will greatly depends on whether or not your
server implements the right set of XEPs.

To tackle this problem, the XMPP community came with the idea of
creating a meta-XEP in charge of listing the desirable XEPs to comply
with. This meta-XMP is issued every year under an new XEP number. The
2020 one being XEP-0423[1].

This prosody nixos module refactoring makes complying with XEP-0423
easier. All the necessary extensions are enabled by default. For some
extensions (MUC and HTTP_UPLOAD), we need some input from the user and
cannot provide a sensible default nixpkgs-wide. For those, we guide
the user using a couple of assertions explaining the remaining manual
steps to perform.

We took advantage of this substential refactoring to refresh the
associated nixos test.

Changelog:
- Update the prosody package to provide the necessary community
  modules in order to comply with XEP-0423. This is a tradeoff, as
  depending on their configuration, the user might end up not using them
  and wasting some disk space. That being said, adding those will
  allow the XEP-0423 users, which I expect to be the majority of
  users, to leverage a bit more the binary cache.
- Add a muc submodule populated with the prosody muc defaults.
- Add a http_upload submodule in charge of setting up a basic http
  server handling the user uploads. This submodule is in is
  spinning up an HTTP(s) server in charge of receiving and serving the
  user's attachments.
- Advertise both the MUCs and the http_upload endpoints using mod disco.
- Use the slixmpp library in place of the now defunct sleekxmpp for
  the prosody NixOS test.
- Update the nixos test to setup and test the MUC and http upload
  features.
- Add a couple of assertions triggered if the setup is not xep-0423
  compliant.

[1] https://xmpp.org/extensions/xep-0423.html
2020-04-30 20:39:54 +02:00
adisbladis
1a70e4ffa6
Merge pull request #86097 from zowoq/docker
nixos/podman: add assertion for dockerCompat
2020-04-30 19:26:05 +02:00
Florian Klink
4b71b6f8fa nixos/google-oslogin: Move nsswitch config into the module
Motivation: #86350
2020-04-30 17:51:13 +02:00
Peter Hoeg
0ae7a683b5
Merge pull request #86273 from matthewbauer/dont-require-network-online-for-boot
nixos/systemd.nix: don’t require online for multi-user.target
2020-04-30 12:53:06 +08:00
Andreas Rammhold
0bdc8d7a58 nixos/networkd: add RoutesToDNS to DHCP section 2020-04-30 01:15:40 +02:00
Lucas Savva
47da7aafdf
nixos/acme: update documentation 2020-04-29 20:31:17 +01:00
Elis Hirwing
3e10bd8762
nixosTests.php: Add maintainer team as maintainers 2020-04-29 20:17:08 +02:00
Elis Hirwing
27b9b7b3af
Merge pull request #85026 from talyz/php_buildenv_override
php.buildEnv: Make the exported php package overridable, improve handling of currently enabled extensions, etc
2020-04-29 19:57:37 +02:00
Elis Hirwing
410c38f317
Revert "PHP maintainer team" 2020-04-29 19:56:37 +02:00
Elis Hirwing
3b21abb3d3
Merge pull request #85575 from etu/php-maintainer-team
PHP maintainer team
2020-04-29 19:56:03 +02:00
Jörg Thalheim
b0196cacec
Merge pull request #84476 from jakobrs/installation-cd-base-terminus 2020-04-29 17:20:49 +01:00
Bas van Dijk
e26ec76d0d
Merge pull request #86321 from basvandijk/fix-elk-test
nixos/tests/elk.nix: fix issue in the elasticsearch-curator
2020-04-29 17:06:57 +02:00
adisbladis
f0c83319a6
Merge pull request #86249 from adisbladis/podman-wrapper
podman: Wrap packages required to run containers
2020-04-29 17:05:41 +02:00
Bas van Dijk
dcb01353b3 nixos/tests/elk.nix: fix issue in the elasticsearch-curator
The elasticsearch-curator was not deleting indices because the indices
had ILM policies associated with them. This is now fixed by
configuring the elasticsearch-curator with `allow_ilm_indices: true`.

Also see: https://github.com/elastic/curator/issues/1490
2020-04-29 15:23:50 +02:00
Florian Klink
21da5c4f6f nixos/oslogin: put mockuser and mockadmin in constants, rename
This allows us to change them easily without search/replacing.
Afterwards, we rename them to look a bit more like they are on GCP.
2020-04-29 14:36:35 +02:00
Florian Klink
f38e45c2e0 nixos/google-oslogin: improve mock server
some slightly better error handling for nonexistent users, less parsing
of URLs and query strings by hand.
2020-04-29 14:36:35 +02:00
adisbladis
78cba5ac1e
nixos.podman: Expose extraPackages from the podman wrapper 2020-04-29 11:53:06 +01:00
adisbladis
b2a9a3e9cb
podman: Wrap packages required to run containers 2020-04-29 11:40:44 +01:00
Florian Klink
f046de4210
Merge pull request #86168 from lblasc/sof-firmware
Sound Open Firmware support, sof-firmware: init at 1.4.2, update kernel config
2020-04-29 12:36:53 +02:00
talyz
c3d5d92f4a
php.buildEnv: Add phpIni attribute for easy access to the php.ini 2020-04-29 12:12:59 +02:00
Jan Tojnar
2874eebfd2
Merge branch 'staging-next' into staging 2020-04-29 08:35:47 +02:00
worldofpeace
a6dc21fa2d nixos/pantheon: fix doc typo 2020-04-29 01:20:03 -04:00
Pavel Goran
c678d68cdb nixos/pykms: add SyslogIdentifier 2020-04-29 03:53:47 +00:00
Matthew Bauer
764c8203b8 nixos/systemd.nix: don’t require online for multi-user.target
Not all systems need to be online to boot up. So, don’t pull
network-online.target into multi-user.target. Services that need
online network can still require it.

This increases my boot time from ~9s to ~5s.
2020-04-28 18:59:48 -05:00
Florian Klink
c01ac3ed12
Merge pull request #85998 from helsinki-systems/make-nsswitch-more-flexible
nixos/nsswitch: Make databases more configurable
2020-04-29 01:28:33 +02:00
worldofpeace
10bf212b4f
Merge pull request #85589 from emilazy/add-acme-maintainers-team
Add ACME maintainers team
2020-04-28 18:38:12 -04:00
worldofpeace
a0ebabf60a
Merge pull request #80896 from clkamp/pam-unix-add-nodelay
nixos/security/pam: Add nodelay option
2020-04-28 17:50:42 -04:00
Eelco Dolstra
4426104c8c
Merge pull request #85711 from worldofpeace/gnome-iso
nixos/release: add GNOME ISO
2020-04-28 21:03:03 +02:00
Janne Heß
edddc7c82a
nixos/sss: Move nsswitch config into the module 2020-04-28 17:02:46 +02:00
adisbladis
4a8a2145d7
Merge pull request #86202 from hyperfekt/fish_prevent_completions
nixos/fish: prevent fish from generating completions on first run
2020-04-28 15:17:40 +02:00
Jörg Thalheim
a110c227a3
Merge pull request #86180 from Mic92/prey-bash-client 2020-04-28 14:01:47 +01:00
hyperfekt
c0fe9d609d nixos/fish: prevent fish from generating completions on first run 2020-04-28 14:05:28 +02:00
zowoq
c59c4e3589 nixos/*: use $out instead of $bin with buildGoPackage 2020-04-28 20:30:29 +10:00
zowoq
3f17518490 buildGoPackage: use $out instead of $bin 2020-04-28 20:30:23 +10:00
Jörg Thalheim
72773b9c97
prey-bash-client: remove
prey-bash-client is deprecated since 2018
2020-04-28 09:44:55 +01:00
talyz
c0a838df38
nixos/gitlab: Fix services.gitlab.enableStartTLSAuto
'toString false' results in an empty string, which, in this context,
is a syntax error. Use boolToString instead.

Fixes #86160
2020-04-28 09:05:26 +02:00
Luka Blaskovic
fe7f770666 sof-firmware: init at 1.4.2 2020-04-28 05:25:38 +00:00
Maximilian Bosch
1f6d33ef26
Merge pull request #86013 from Ma27/cups-allow-from
nixos/printing: make access to web-interface configurable
2020-04-28 02:56:16 +02:00
worldofpeace
a7ca287ecb nixos/qemu-vm: don't set -vga std
This has been default since QEMU 2.2, it also prevents using a different
-vga
2020-04-27 20:04:03 +02:00
Jörg Thalheim
2bd4ff03cb
Merge pull request #86113 from colemickens/azure-local-nixpkgs 2020-04-27 13:04:33 +01:00
Jörg Thalheim
e92b11d964
Merge pull request #86104 from xaverdh/options-types 2020-04-27 11:03:43 +01:00
Cole Mickens
7c7e76450b
nixos/azure-new: use local nixpkgs 2020-04-27 02:11:10 -07:00
Dominik Xaver Hörl
c10d82358f treewide: add types to boolean / enable options or make use of mkEnableOption 2020-04-27 09:32:01 +02:00
zowoq
3c83386c6b nixos/podman: add assertion for dockerCompat 2020-04-27 14:08:19 +10:00
talyz
72636bc2f6
php: Get rid of all config.php parameters
Since all options controlled by the config.php parameters can now be
overridden directly, there's no reason to keep them around.
2020-04-26 16:43:23 +02:00
talyz
2ba7926959
php.buildEnv: Provide a list of currently enabled extensions
Rework withExtensions / buildEnv to handle currently enabled
extensions better and make them compatible with override. They now
accept a function with the named arguments enabled and all, where
enabled is a list of currently enabled extensions and all is the set
of all extensions. This gives us several nice properties:

 - You always get the right version of the list of currently enabled
   extensions

 - Invocations chain

 - It works well with overridden PHP packages - you always get the
   correct versions of extensions

As a contrived example of what's possible, you can add ImageMagick,
then override the version and disable fpm, then disable cgi, and
lastly remove the zip extension like this:

{ pkgs ? (import <nixpkgs>) {} }:
with pkgs;

let
  phpWithImagick = php74.withExtensions ({ all, enabled }: enabled ++ [ all.imagick ]);

  phpWithImagickWithoutFpm743 = phpWithImagick.override {
    version = "7.4.3";
    sha256 = "wVF7pJV4+y3MZMc6Ptx21PxQfEp6xjmYFYTMfTtMbRQ=";
    fpmSupport = false;
  };

  phpWithImagickWithoutFpmZip743 = phpWithImagickWithoutFpm743.withExtensions (
    { enabled, all }:
      lib.filter (e: e != all.zip) enabled);

  phpWithImagickWithoutFpmZipCgi743 = phpWithImagickWithoutFpmZip743.override {
    cgiSupport = false;
  };
in
  phpWithImagickWithoutFpmZipCgi743
2020-04-26 16:43:05 +02:00
AmineChikhaoui
9cf9e66e6f
ec2-amis.nix: add NixOS 20.03 images
Fixes #85857.
2020-04-26 09:54:10 -04:00
Janne Heß
bc2a4b341a
nixos/nsswitch: Make databases more configurable
Instead of hardcoding all nss modules that are added into nsswitch,
there are now options exposed.
This allows users to add own nss modules (I had this issue with
winbindd, for example).
Also, nss modules could be moved to their NixOS modules which would
make the nsswitch module slimmer.

As the lists are now handled by the modules system, we can use mkOrder
to ensure a proper order as well as mkForce to override one specific
database type instead of the entire file.
2020-04-26 03:16:57 +02:00
Aaron Andersen
16ab83760f
Merge pull request #85043 from aanderse/httpd-2020
nixos/httpd: modernize module standards
2020-04-25 20:04:05 -04:00
Graham Christensen
a2e9965d74
Merge pull request #82414 from AmineChikhaoui/update-ec2-amis-19-09
ec2 amis: update 19.09 AMIs
2020-04-25 18:15:41 -04:00
Florian Klink
02b57e72bb
Merge pull request #86010 from flokli/nscd-disable
nixos/nscd: be more specific in the nscd.enable description on what breaks
2020-04-26 00:05:25 +02:00
Maximilian Bosch
4062592f3a
nixos/printing: make access to web-interface configurable
Otherwise you'd always get a 403 when hosting the web-interface of cups
at a different location than `localhost`.
2020-04-25 19:48:34 +02:00
Florian Klink
2ececf1ed9 nixos/nscd: be more specific in the nscd.enable description on what breaks 2020-04-25 18:11:10 +02:00
adisbladis
1ca6909514
Merge pull request #74378 from ttuegel/lxc-container
docker-container: Remove /etc symlink
2020-04-25 16:25:15 +02:00
Jacek Galowicz
002b553b14
Merge pull request #85781 from blitz/spike-test
Add spike integration test to nixosTests
2020-04-25 15:50:38 +02:00
misuzu
5700232c3f nixos/nixos-installer: use temporary directory on target filesystem
nix build should store it's temporary files on target filesystem.
This should fix 'No space left on device' on systems
with low amount of RAM when there is a need to build something
like Linux kernel
2020-04-25 14:37:36 +03:00
lewo
fcf547d0e2
Merge pull request #85813 from johnae/fix-k3s-systemd-units
The systemd unit for k3s should differ between agents and servers
2020-04-25 09:45:49 +02:00
worldofpeace
ee5cba24c3
Revert "ibus: fix dconf db installation" 2020-04-24 18:22:59 -04:00
worldofpeace
78a9359b2a
Merge pull request #85892 from symphorien/ibus-db
ibus: fix dconf db installation
2020-04-24 15:49:01 -04:00
worldofpeace
90e16f7ed6
Merge pull request #84242 from gnidorah/qt
nixos/qt5: support adwaita-dark theme
2020-04-24 08:47:21 -04:00
Symphorien Gibol
5b7ffe6140 nixos/tests/ibus: fix test 2020-04-24 12:00:00 +00:00
Symphorien Gibol
a71dc0b27e ibus: fix installation of dconf database
Fixes this warning at ibus-daemon startup:

(ibus-dconf:15691): dconf-WARNING **: 21:49:24.018: unable to open file '/etc/dconf/db/ibus': Failed to open file ?/etc/dconf/db/ibus?: open() failed: No such file or directory; expect degraded performance
2020-04-24 13:15:56 +02:00
zowoq
b464d76126 nixos/cri-o: share registries with nixos/containers 2020-04-24 20:53:36 +10:00
adisbladis
67a61fbd34
nixos/podman: Add rootless containers to test 2020-04-24 10:50:17 +01:00
adisbladis
5a3b818368
Merge pull request #85894 from zowoq/podman-crio
podman team: add cri-o packages/module
2020-04-24 11:34:07 +02:00
zowoq
0944d77fc0 nixos/containers: move libpod to nixos/podman 2020-04-24 15:34:05 +10:00
Aaron Andersen
218049c5c2 nixos/gitea: add settings option 2020-04-23 21:06:26 -04:00
zowoq
4484e7981e nixos/cri-o: update maintainers 2020-04-24 08:08:27 +10:00
Florian Klink
06a34e69ad
Merge pull request #85832 from benley/benley/grub-serial
installer test: Fix grub extraConfig syntax
2020-04-23 13:38:30 +02:00
Florian Klink
25605d2e3f
Merge pull request #85735 from nh2/journald-storage-limit-logs
journald service docs: Add helpful comments about the journal getting full
2020-04-23 13:35:12 +02:00
adisbladis
0dc3e485a1
Merge pull request #85822 from zowoq/cni-collision
nixos/{cri-o,podman}: remove cni-plugins from environment.systemPackages
2020-04-23 11:22:01 +02:00
Florian Klink
04e308a496
Merge pull request #85815 from arianvp/fix-85800
Fix networkd not restarting on unit changes
2020-04-23 10:36:57 +02:00
Arian van Putten
f332109ebf nixos/datadog-agent: Fix restartTriggers
Fixes #85800

1d61efb7f1 accidentially changed the
restartTriggers of `datadog-agent.service` to point to the attribute
name (in this case, a location relative to `/etc`), instead of the
location of the config files in the nix store.

This caused datadog to not get restarted on activation of new
config, if the file name hasn't changed.

Fix this, by pointing this back to the location in the nix store.
2020-04-23 09:58:18 +02:00
Arian van Putten
14395cc687 nixos/networkd: Fix restartTriggers
1d61efb7f1 accidentially changed the
restartTriggers of systemd-networkd.service` to point to the attribute
name (in this case, a location relative to `/etc`), instead of the
location of the network-related unit files in the nix store.

This caused systemd-networkd to not get restarted on activation of new
networking config, if the file name hasn't changed.

Fix this, by pointing this back to the location in the nix store.
2020-04-23 09:53:44 +02:00
Frederik Rietdijk
cff0669a48 Merge master into staging-next 2020-04-23 08:11:16 +02:00
John Axel Eriksson
41a95b1b7d
The systemd unit for k3s should differ between agents and servers 2020-04-23 07:55:23 +02:00
Benjamin Staffin
f09b8be73d installer test: Fix grub extraConfig syntax
It looks like `terminal_output.serial` is incorrect, according to the
grub documentation:

https://www.gnu.org/software/grub/manual/grub/html_node/Serial-terminal.html

Related PR: #79406
2020-04-22 20:30:19 -04:00
zowoq
4102db2127 nixos/podman: remove cni-plugins from environment.systemPackages 2020-04-23 10:29:17 +10:00
zowoq
54b59dd6c0 nixos/cri-o: remove cni-plugins from environment.systemPackages 2020-04-23 10:29:11 +10:00
Niklas Hambüchen
811411db6e journald service: Add helpful comments about the journal getting full 2020-04-23 02:24:50 +02:00
Florian Klink
32516e4fee
Merge pull request #80103 from tfc/port-systemd-confinement-test
nixosTests.systemd-confinement: Port to Python
2020-04-23 01:00:51 +02:00
Piotr Bogdan
830733db24 nixos/manual: fix build 2020-04-22 16:56:44 +01:00
Frederik Rietdijk
8374a2a0ee Merge master into staging-next 2020-04-22 17:20:20 +02:00
Julian Stecklina
a33ce7e4fb spike: add test to nixosTests 2020-04-22 14:45:12 +02:00
Bas van Dijk
784aa2913a
Merge pull request #79840 from knl/update-oauth2_proxy-to-5.0.0
oauth2_proxy: 3.2.0 -> 5.1.0
2020-04-22 12:15:07 +02:00
Jörg Thalheim
6eb1020cbf
Merge pull request #85746 from iblech/patch-11 2020-04-22 10:47:28 +01:00
Jacek Galowicz
0b1bef70a9 nixosTests.redmine: Port to python 2020-04-22 08:36:27 +02:00
Elis Hirwing
9be2cbf27b
nixosTests.php: Add maintainer team as maintainers 2020-04-22 06:48:06 +02:00
Ingo Blechschmidt
2e2da182fe
nixos-containers: add docs about nested containers 2020-04-22 05:30:48 +02:00
Jan Tojnar
b231ac2101
Merge pull request #85402 from jtojnar/httpd-php 2020-04-22 04:23:24 +02:00
Aaron Andersen
7bc9f24fb6 nixos/httpd: update release notes 2020-04-21 20:34:55 -04:00
Aaron Andersen
d0de970279 nixos/httpd: some mod_php cleanup 2020-04-21 20:33:18 -04:00
Aaron Andersen
ee030b121b nixos/httpd: set modern default values for mpm and http2 2020-04-21 20:33:18 -04:00
Aaron Andersen
20f37a4430 nixos/httpd: run as non root user 2020-04-21 20:33:18 -04:00
Alexandre Esteves
4cc383dd9a
Fix typos (#85693) 2020-04-22 01:02:11 +02:00
worldofpeace
af2009a800
Merge pull request #85710 from worldofpeace/gnome-iso-wayland-default
installation-cd-graphical-gnome: don't run xorg default
2020-04-21 18:19:44 -04:00
davidak
6a7e0562de
Update link in /etc/os-release (#85723) 2020-04-22 00:16:22 +02:00
Ismaël Bouya
3dbd3f2651 rl-2003: Update the release documentation
It currently says that everything will be backward compatible between lego and simp-le certificates, but it’s not.

(cherry picked from commit 21c4a33ceef77dec2b821f7164e13971862d5575)
2020-04-21 23:51:12 +02:00
adisbladis
2d91da909e
Merge pull request #85604 from adisbladis/podman-module
nixos/virtualisation.podman: Init module
2020-04-21 23:48:48 +02:00
Raphael Borun Das Gupta
347e251261 nixos/xonsh: source NixOS environment
Without doing that, xonsh is unusable as login shell
2020-04-21 23:43:37 +02:00
Florian Klink
c1a6e60335
Merge pull request #85598 from danderson/tailscale-fix-cachedir
nixos/tailscale: set a CacheDir in the systemd unit.
2020-04-21 22:38:32 +02:00
Florian Klink
6ba4ef6580
Merge pull request #85708 from Beskhue/fix-documentation
nixos/phpfpm: fix erroneous pools example
2020-04-21 22:16:15 +02:00
Florian Klink
cece19e0d8
Merge pull request #73505 from tomfitzhenry/networkd-dhcp-server-test
systemd-networkd: add DHCPServer test
2020-04-21 21:49:47 +02:00
worldofpeace
873f20f63e rl-2009: GNOME ISO 2020-04-21 15:46:20 -04:00
worldofpeace
6464d8f4af nixos/release: add GNOME ISO 2020-04-21 15:44:09 -04:00
worldofpeace
37e146c255 nixos/manual: fix build 2020-04-21 15:43:20 -04:00
worldofpeace
1f12a07179 installation-cd-graphical-gnome: don't run xorg default
If for some reason the Wayland session fails to start
it will just start the Xorg session.
2020-04-21 15:26:25 -04:00
Florian Klink
91e3358f62
Merge pull request #85692 from nh2/systemd-update-default-rate-limit
journald service: Increase default rate limit 1000 -> 10000.
2020-04-21 21:06:48 +02:00
Thomas Churchman
8880957042 nixos/phpfpm: fix erroneous pools example 2020-04-21 20:59:52 +02:00
Frederik Rietdijk
23be4a8b4d Merge master into staging-next 2020-04-21 19:59:56 +02:00
worldofpeace
9b20a24d4d
Merge pull request #85643 from petabyteboy/feature/generate-config
nixos/tools: adapt for renamed console options
2020-04-21 12:50:55 -04:00
Niklas Hambüchen
d16d34732c journald service: Increase default rate limit 1000 -> 10000.
Follows the upstream change of this default:

https://github.com/systemd/systemd/pull/8660
2020-04-21 18:29:03 +02:00
Domen Kožar
a85868fee9
Merge pull request #85685 from nh2/remove-unused-allSupportedNixpkgs
release-combined: Remove unused value `allSupportedNixpkgs`
2020-04-21 17:01:30 +02:00
Robin Gloster
134c66b584
privacyidea module: init 2020-04-21 16:54:51 +02:00
Niklas Hambüchen
1da6613de1 release-combined: Remove unused value allSupportedNixpkgs.
It was made obsolete by commit

    2de3caf0 -  nixos/release-combined.nix: List constituents of the 'tested' job by name

see also f996744fd3 (r38642487).
2020-04-21 16:41:41 +02:00
Tom Fitzhenry
0a49d329cb systemd-networkd: add DHCPServer test 2020-04-22 00:12:00 +10:00
adisbladis
43f383c464
nixos.virtualisation.containers: Init common /etc/containers configuration module
What's happening now is that both cri-o and podman are creating
/etc/containers/policy.json.

By splitting out the creation of configuration files we can make the
podman module leaner & compose better with other container software.
2020-04-21 10:38:39 +01:00
adisbladis
650df709fb
nixos.virtualisation: Move containers.nix to nixos-containers.nix
In anticipation of the new containers module.
2020-04-21 10:36:56 +01:00
adisbladis
f0a92ef1d9
nixos/podman: Add maintainer team & add myself to podman team 2020-04-21 10:03:22 +01:00
adisbladis
b512a788a4
nixos/virtualisation.podman: Init module 2020-04-21 10:03:18 +01:00
Dominik Xaver Hörl
0412bde942 treewide: add bool type to enable options, or make use of mkEnableOption
Add missing type information to manually specified enable options or replace them by mkEnableOption where appropriate.
2020-04-21 08:55:36 +02:00
Frederik Rietdijk
803b3d296c Merge staging-next into staging 2020-04-21 08:29:51 +02:00
Milan Pässler
d19089e1e7 nixos/tools: adapt for renamed console options 2020-04-21 02:07:53 +02:00
David Anderson
cee5ddbb28 nixos/tailscale: set a CacheDir in the systemd unit.
Fixes a bug where tailscaled drops some files into / when CacheDir
is unset.

Signed-off-by: David Anderson <dave@natulte.net>
2020-04-20 15:35:55 -07:00
Marek Mahut
60100a7c92
Merge pull request #83769 from dadada/nixos/dokuwiki-multi-server
nixos/dokuwiki: add support for multi-site, additional plugins and templates
2020-04-20 19:39:48 +02:00
worldofpeace
e9e9582986
Merge pull request #85186 from worldofpeace/20.03-readme
README.md: 20.03 release
2020-04-20 11:57:45 -04:00
worldofpeace
6380be302a rl-2003: release date 2020-04-20 11:52:57 -04:00
Eelco Dolstra
f76d7b5e41
Merge pull request #85620 from matthewbauer/use-modulesPath-for-nixos-generate-config
nixos/nixos-generate-config.pl: use modulesPath instead of <nixpkgs>
2020-04-20 17:25:17 +02:00
Matthew Bauer
c45295d47e nixos/nixos-generate-config.pl: use modulesPath instead of <nixpkgs>
For imports, it is better to use ‘modulesPath’ than rely on <nixpkgs>
being correctly set. Some users may not have <nixpkgs> set correctly.
In addition, when ‘pure-eval=true’, <nixpkgs> is unset.
2020-04-20 09:57:17 -05:00
Léo Gaspard
203955fa0c
Merge pull request #82714 from delroth/s3tc
libtxc_dxtn{,_s2tc}: remove from nixpkgs + hardware.opengl options
2020-04-20 13:41:47 +02:00
Jörg Thalheim
2f0ee4bd0b
Merge pull request #85371 from Mic92/tmpfiles 2020-04-20 10:32:58 +01:00
Kirill Elagin
daac85d991 fixup! systemd: Add prefix to unit script derivations
* Avoid extra string interpolation.
2020-04-20 12:01:54 +03:00
Nikola Knezevic
3c551848be oauth2_proxy: Update NixOS module
Update to match the current flags and apply fixes to all breaking changes.
2020-04-20 10:11:46 +02:00
adisbladis
ab37d7e7ea
nixos-containers: Add support for custom nixpkgs argument 2020-04-20 07:33:46 +01:00
Pierre Bourdon
1b89bffcf4
libtxc_dxtn{,_s2tc}: remove from nixpkgs + hardware.opengl options
Context: discussion in https://github.com/NixOS/nixpkgs/pull/82630

Mesa has been supporting S3TC natively without requiring these libraries
since the S3TC patent expired in December 2017.
2020-04-20 03:19:41 +02:00
Emily
bfffee9364 nixos/tests/acme: set maintainers to acme team 2020-04-20 01:39:31 +01:00
Emily
ef7e6eeaf4 nixos/acme: set maintainers to acme team 2020-04-20 01:39:31 +01:00
Florian Klink
ab0da25762
Merge pull request #85503 from emilazy/acme-test-cleanups
ACME test cleanups
2020-04-19 23:57:03 +02:00
Florian Klink
a88d17bc69
Merge pull request #83301 from evils/tuptime
Tuptime: Init Package, Module and Test
2020-04-19 23:38:53 +02:00
worldofpeace
f882896cc8
Merge pull request #73934 from flokli/nixos-test-port-cockroachdb
nixosTests.cockroachdb: port to python
2020-04-19 16:30:45 -04:00
Yegor Timoshenko
4f7e4a6b59 nixos/release-small: drop latestKernel.login
This partially reverts e133e396df.
2020-04-19 22:20:07 +03:00
Yegor Timoshenko
6f1165a0cb
Merge pull request #84522 from emilazy/add-linux-hardened-patches
linux_*_hardened: use linux-hardened patch set
2020-04-19 20:01:35 +03:00
Michael Weiss
0e4417f118
Revert "nixos: Introduce nix.buildLocation option"
This reverts commit 5291925fd2.
Reason: This started to cause severe regressions, see:
- https://github.com/NixOS/nixpkgs/issues/85552
- https://github.com/NixOS/nixpkgs/pull/83166#pullrequestreview-395960588
Fixes #85552.
2020-04-19 15:16:08 +02:00
dadada
2d86cca35e
nixos/dokuwiki: change default of aclFile and usersFile
`aclFile` and `usersFile` will be set to a default value if `aclUse` is
specified and aclFile is not overriden by `acl`.
2020-04-18 23:37:19 +02:00
dadada
9460fb5788
nixos/dokuwiki: modify usersFile and aclFile
Use types.str instead of types.path to exclude private information from
the derivation.
Add a warinig about the contents of acl beeing included in the nix
store.
2020-04-18 23:37:19 +02:00
dadada
2b67a89f29
nixos/dokuwiki: dokuwiki user 2020-04-18 23:37:19 +02:00
dadada
2e699f1db1
nixos/dokuwiki: add option disableActions 2020-04-18 23:37:18 +02:00
dadada
a58dc30d34
nixos/dokuwiki: set default value for usersFile
If usersFile is not set, a file is created along the stateDir that can
hold the users and supports dynamically adding users using the web GUI.
2020-04-18 23:37:18 +02:00
dadada
0228046eec
nixos/dokuwiki: add assertion for usersFile 2020-04-18 23:37:18 +02:00
dadada
af6a7a0486
nixos/dokuwiki: add plugins and templates options
Adds support for additional plugins and templates similarly to how
wordpress.nix does it.

Plugins and templates need to be packaged as in the example.
2020-04-18 23:37:18 +02:00
dadada
71baf4801c
nixos/dokuwiki: refactor 2020-04-18 23:37:18 +02:00
dadada
dc7ed06615
nixos/dokuwiki: add <name?> option
Enables multi-site configurations.

This break compatibility with prior configurations that expect options
for a single dokuwiki instance in `services.dokuwiki`.
2020-04-18 23:37:18 +02:00
Vladimír Čunát
e233a9d4dd
Merge #84442: staging-next branch 2020-04-18 23:11:00 +02:00
John Ericson
1ea80c2cc3 Merge remote-tracking branch 'upstream/master' into staging 2020-04-18 15:40:49 -04:00
Jan Tojnar
09c4736405
Merge pull request #83755 from jtojnar/jcat-0.1 2020-04-18 20:38:24 +02:00
Jörg Thalheim
35eb7793a3
Merge pull request #83166 from avnik/nix-build-location 2020-04-18 18:37:15 +01:00
Alexander V. Nikolaev
5291925fd2 nixos: Introduce nix.buildLocation option
Allow to specify where package build will happens.
It helps big packages (like browsers) not to overflow tmpfs.
2020-04-18 20:31:04 +03:00
worldofpeace
996ae856b6
Merge pull request #85365 from immae/fix_acme_postrun
nixos/acme: Fix postRun in acme certificate being ran at every run
2020-04-18 13:16:16 -04:00
Alyssa Ross
1b0d8015fe nixos/rss2email: globally install rss2email
For man pages.
2020-04-18 14:16:00 +00:00
Pavol Rusnak
fadcfc3ea4
treewide: per RFC45, remove more unquoted URLs 2020-04-18 14:04:37 +02:00
Edmund Wu
4727e95eb6
manual/rl-2009.xml: fix build (#85478)
16a4332d60 (diff-43de86228df91216c5cfc9446cb041feL249)
2020-04-18 07:51:06 +02:00
Vladimír Čunát
d96487b9ca
Merge branch 'master' into staging-next
Hydra nixpkgs: ?compare=1582510
2020-04-18 07:42:26 +02:00
Emily
21f183a3fe nixos/tests/common/acme: don't set nameservers for client
The resolver is mainly useful for the ACME server, and acme.nix uses its
own DNS server to test DNS-01 challenges.
2020-04-18 05:15:47 +01:00
Emily
e6d5e83cf1 nixos/tests/common/acme: enable Pebble strict mode
This lets us get early warning about any bugs or backwards-compatibility
hazards in lego.

Pebble will default to this in the future, but doesn't currently;
see https://github.com/letsencrypt/pebble/blob/v2.3.0/README.md#strict-mode.
2020-04-18 05:15:47 +01:00
Emily
695fd78ac4 nixos/tests/acme: use CAP_NET_BIND_SERVICE 2020-04-18 05:15:47 +01:00
Emily
d0f04c1623 nixos/tests/acme: use *.test domains
Shimming out the Let's Encrypt domain name to reuse client configuration
doesn't work properly (Pebble uses different endpoint URL formats), is
recommended against by upstream,[1] and is unnecessary now that the ACME
module supports specifying an ACME server. This commit changes the tests
to use the domain name acme.test instead, and renames the letsencrypt
node to acme to reflect that it has nothing to do with the ACME server
that Let's Encrypt runs. The imports are renamed for clarity:

* nixos/tests/common/{letsencrypt => acme}/{common.nix => client}
* nixos/tests/common/{letsencrypt => acme}/{default.nix => server}

The test's other domain names are also adjusted to use *.test for
consistency (and to avoid misuse of non-reserved domain names such
as standalone.com).

[1] https://github.com/letsencrypt/pebble/issues/283#issuecomment-545123242

Co-authored-by: Yegor Timoshenko <yegortimoshenko@riseup.net>
2020-04-18 05:15:47 +01:00
Emily
352e30df8a nixos/tests/acme: don't restrict to x86_64
This was added in aade4e577b, but the
implementation of the ACME module has been entirely rewritten since
then, and the test seems to run fine on AArch64.
2020-04-18 05:15:47 +01:00
John Ericson
e3d50e5cb0 Merge branch 'master' of github.com:NixOS/nixpkgs into staging 2020-04-18 00:10:08 -04:00
Milan Pässler
16a4332d60 nixos/deluge: support 2.x 2020-04-18 02:00:04 +02:00
John Ericson
33c2a76c5e Merge remote-tracking branch 'upstream/master' into staging 2020-04-17 18:40:51 -04:00
Ismaël Bouya
8e88b8dce2
nixos/acme: Fix postRun in acme certificate being ran at every run 2020-04-17 22:16:50 +02:00
worldofpeace
40f3faedbd nixos/manual: 19.09 -> 20.03 2020-04-17 12:41:24 -04:00
Emily
2e31fb407e nixos/release-combined: add {,latestKernel.}hardened
These now depend on an external patch set; add them to the release tests
to ensure that the build doesn't break silently as new kernel updates
are merged.
2020-04-17 16:13:39 +01:00
Emily
e133e396df nixos/release-{small,combined}: add latestKernel.login
Seems like a good idea to ensure that you can always use the latest
stable upstream kernel.
2020-04-17 16:13:39 +01:00
Emily
fe031d07f8 nixos/tests/hardened: add latestKernel argument 2020-04-17 16:13:39 +01:00
Emily
b0d5032ee4 nixos/hardened: add emily to maintainers 2020-04-17 16:13:39 +01:00
Emily
ad9bfe2254 nixos/hardened: enable user namespaces for root
linux-hardened sets kernel.unprivileged_userns_clone=0 by default; see
anthraxx/linux-hardened@104f44058f.

This allows the Nix sandbox to function while reducing the attack
surface posed by user namespaces, which allow unprivileged code to
exercise lots of root-only code paths and have lead to privilege
escalation vulnerabilities in the past.

We can safely leave user namespaces on for privileged users, as root
already has root privileges, but if you're not running builds on your
machine and really want to minimize the kernel attack surface then you
can set security.allowUserNamespaces to false.

Note that Chrome's sandbox requires either unprivileged CLONE_NEWUSER or
setuid, and Firefox's silently reduces the security level if it isn't
allowed (see about:support), so desktop users may want to set:

    boot.kernel.sysctl."kernel.unprivileged_userns_clone" = true;
2020-04-17 16:13:39 +01:00
Emily
84f258bf09 nixos/hardened: don't set vm.unprivileged_userfaultfd
Upstreamed in anthraxx/linux-hardened@a712392b88.
2020-04-17 16:13:39 +01:00
Emily
cc28d51237 nixos/hardened: don't set vm.mmap_min_addr
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd.
2020-04-17 16:13:39 +01:00
Emily
46d12cca56 nixos/hardened: don't set vm.mmap_rnd{,_compat}_bits
Upstreamed in anthraxx/linux-hardened@ae6d85f437.
2020-04-17 16:13:39 +01:00
Emily
af4f57b2c4 nixos/hardened: don't set net.core.bpf_jit_harden
Upstreamed in anthraxx/linux-hardened@82e384401d.
2020-04-17 16:13:39 +01:00
Emily
71bbd876b7 nixos/hardened: don't set kernel.unprivileged_bpf_disabled
Upstreamed in anthraxx/linux-hardened@1a3e0c2830.
2020-04-17 16:13:39 +01:00
Emily
9da578a78f nixos/hardened: don't set kernel.dmesg_restrict
Upstreamed in anthraxx/linux-hardened@e3d3f13ffb.
2020-04-17 16:13:39 +01:00
Emily
cf1bce6a7a nixos/hardened: don't set vsyscall=none
Upstreamed in anthraxx/linux-hardened@d300b0fdad.
2020-04-17 16:13:39 +01:00
Emily
3b32cd2a5b nixos/hardened: don't set slab_nomerge
Upstreamed in anthraxx/linux-hardened@df29f9248c.
2020-04-17 16:13:39 +01:00
Euan Kemp
bc138f407f
nixos/k3s: add initial k3s service
* nixos/k3s: simplify config expression

* nixos/k3s: add config assertions and trim unneeded bits

* nixos/k3s: add a test that k3s works; minor module improvements

This is a single-node test. Eventually we should also have a multi-node
test to verify the agent bit works, but that one's more involved.

* nixos/k3s: add option description

* nixos/k3s: add defaults for token/serveraddr

Now that the assertion enforces their presence, we dont' need to use the typesystem for it.

* nixos/k3s: remove unneeded sudo in test

* nixos/k3s: add to test list
2020-04-17 16:39:54 +02:00
Jan Tojnar
4816b426a0
nixos/httpd: remove unnecessary override
This was introduced in c801cd1a04
but it no longer seems necessary.
2020-04-17 14:41:21 +02:00
Jan Tojnar
23a6903bb7
nixosTests.php.fpm: Clean up to match httpd test 2020-04-17 14:41:20 +02:00
Jan Tojnar
b69556c580
nixosTests.php.pcre: Clean up
And add assertion messages
2020-04-17 14:41:20 +02:00
Jan Tojnar
aac9832b96
nixosTests.php.httpd: init 2020-04-17 14:40:12 +02:00
Jan Tojnar
c214e63f2e
nixos/httpd: Use extensions from php package
After the recent rewrite, enabled extensions are passed to php programs
through an extra ini file by a wrapper. Since httpd uses shared module
instead of program, the wrapper did not affect it and no extensions
other than built-ins were loaded.

To fix this, we are passing the extension config another way – by adding it
to the service's generated config.

For now we are hardcoding the path to the ini file. It would be nice to add
the path to the passthru and use that once the PHP expression settles down.
2020-04-17 14:38:29 +02:00
adisbladis
5340ebe085
mopidy: Create a mopidyPackages set
This is to avoid mixing python versions in the same plugin closure.
2020-04-17 12:39:03 +01:00
Kirill Elagin
a9e9d37fc8 systemd: Add prefix to unit script derivations
Add a distinctive `unit-script` prefix to systemd unit scripts to make
them easier to find in the store directory. Do not add this prefix to
actual script file name as it clutters logs.
2020-04-17 13:55:48 +03:00
Kirill Elagin
f1a78e1b5e fixup! systemd: Simplify unit script names 2020-04-17 13:44:48 +03:00
Kirill Elagin
5822d03851 systemd: Simplify unit script names
Current journal output from services started by `script` rather than
`ExexStart` is unreadable because the name of the file (which journalctl
records and outputs) quite literally takes 1/3 of the screen (on smaller
screens).

Make it shorter. In particular:

* Drop the `unit-script` prefix as it is not very useful.
* Use `writeShellScriptBin` to write them because:
  * It has a `checkPhase` which is better than no checkPhase.
  * The script itself ends up having a short name.
2020-04-17 10:17:46 +03:00
Maximilian Bosch
ab0a10b39b
Merge pull request #85341 from Ma27/bump-hydra
hydra: 2020-04-07 -> 2020-04-16
2020-04-16 21:48:45 +02:00
Yegor Timoshenko
8262ecd369
Merge pull request #85004 from emilazy/add-initrd-secrets-path-assertion
nixos/stage-1: check secret paths before copying
2020-04-16 17:42:40 +03:00
worldofpeace
b61999e4ad
Merge pull request #85332 from arianvp/revert-acme
Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
2020-04-16 08:43:36 -04:00
Jörg Thalheim
4cc7c2e55a
tmpfiles: load user-defined entries first
systemd-tmpfiles will load all files in lexicographic order and ignores rules
for the same path in later files with a warning Since we apply the default rules
provided by systemd, we should load user-defines rules first so users have a
chance to override defaults.
2020-04-16 13:02:24 +01:00
Maximilian Bosch
74d6e86ec2
nixos/doc: fix database-setup example for matrix-synapse
Closes #85327
2020-04-16 11:38:15 +02:00
Arian van Putten
5c1c642939 Revert "nixos/acme: Fix allowKeysForGroup not applying immediately"
This reverts commit 5532065d06.

As far as I can tell setting RemainAfterExit=true here completely breaks
certificate renewal, which is really bad!

the sytemd timer will activate the service unit every OnCalendar=,
however with RemainAfterExit=true the service is already active! So the
timer doesn't rerun the service!

The commit also broke the actual tests, (As it broke activation too)
but this was fixed later in https://github.com/NixOS/nixpkgs/pull/76052
I wrongly assumed that PR fixed renewal too, which it didn't!

testing renewals is hard, as we need to sleep in tests.
2020-04-16 10:37:04 +02:00
Jan Tojnar
4b706490da
Merge branch 'staging-next' into staging 2020-04-16 10:10:38 +02:00
Jan Tojnar
3d8e436917
Merge branch 'master' into staging-next 2020-04-16 10:09:43 +02:00
Maximilian Bosch
5e124e5abd
nixos/tests: fix inclusion of hydra test 2020-04-16 02:17:25 +02:00
Maximilian Bosch
2d55f9c01a
Merge pull request #84266 from Ma27/nspawn-overrides
nixos/systemd-nspawn: disallow multiple packages with `.nspawn`-units
2020-04-16 00:24:33 +02:00
Maximilian Bosch
70ecf83c33
Merge pull request #82339 from Ma27/captive-browser-xdg
nixos/captive-browser: set chromium's data-dir to a XDG-compliant location
2020-04-16 00:06:12 +02:00
Jan Tojnar
1fade973fc
libjcat: init at 0.1.1 2020-04-15 20:30:06 +02:00
Florian Klink
7835641e77
Merge pull request #85252 from flokli/nixos-flannel-fix
nixosTests.flannel: port to python, unbreak
2020-04-15 20:01:13 +02:00
Maximilian Bosch
dca0b71876
Merge pull request #85162 from Ma27/build-vms-file-loc
nixos/build-vms: propagate file location
2020-04-15 17:42:12 +02:00
jakobrs
34f242c13d nixos/installer: Add terminus_font to installation_iso_base 2020-04-15 14:21:42 +02:00
Michele Guerini Rocco
da232ea497
Merge pull request #78129 from flyfloh/airsonic-vhost
airsonic: fix virtualHost option
2020-04-15 09:18:28 +02:00
Florian Klink
28ef43824b nixosTests.flannel: port to python, unbreak
For reasons yet unknown, the vxlan backend doesn't work (at least inside
the qemu networking), so this is moved to the udp backend.

Note changing the backend apparently also changes the interface name,
it's now `flannel0`, not `flannel.1`

fixes #74941
2020-04-14 23:56:42 +02:00
Matthew Bauer
57e20c5d87
Merge pull request #83362 from bachp/boinc
nixos/boinc: simplify setup of boinc service
2020-04-14 15:55:54 -04:00
Maximilian Bosch
57087ea280
Merge pull request #85165 from mayflower/alertmanager-clustering
prometheus/alertmanager: implement HA clustering support
2020-04-14 16:13:34 +02:00
worldofpeace
6304c9af48
Merge pull request #85222 from mayflower/libinput-manual-ref
nixos/libinput: refer to libinput manual
2020-04-14 09:42:55 -04:00
worldofpeace
e4c5e68fca
Merge pull request #84255 from prikhi/lightdm-mini-greeter-040
lightdm-mini-greeter: 0.3.4 -> 0.4.0
2020-04-14 08:38:23 -04:00
Linus Heckemann
9953a26be1 nixos/libinput: refer to libinput manual 2020-04-14 14:31:49 +02:00
Sander van der Burg
0ffb720e8c nixos/dysnomia: fix documentRoot property 2020-04-14 14:31:13 +02:00
Michele Guerini Rocco
86d71ddbed
Merge pull request #85170 from flokli/networking-virtual
nixos/networking: fix setting MAC Address and MTU in networkd, fix tests
2020-04-14 14:20:49 +02:00
Jörg Thalheim
fd438d5f09
Merge pull request #85185 from m1cr0man/legoaccounts
acme: share accounts between certificates
2020-04-14 13:12:57 +01:00
worldofpeace
57b862bb53
Merge pull request #85125 from iblech/patch-iodine-test
iodine: improve test in view of #58806
2020-04-14 08:03:23 -04:00
Thibaut Marty
8fb54e7168 herbstluftwm: add option to the X Window System manual chapter 2020-04-14 11:04:47 +02:00
Jaka Hudoklin
de6891ffd0
Merge pull request #83930 from xtruder/nixos/virtualisation/hyperv-image
modules/virtualisation: add hyperv-image
2020-04-14 03:27:22 +00:00
John Ericson
c8a6ea5161 Merge remote-tracking branch 'upstream/master' into staging 2020-04-13 22:17:15 -04:00
Lucas Savva
827d5e6b44
acme: share accounts between certificates
There are strict rate limits on account creation for Let's Encrypt
certificates. It is important to reuse credentails when possible.
2020-04-14 00:15:16 +01:00
Matthew Bauer
e520d6af29
Merge pull request #84415 from matthewbauer/mb-cross-fixes-april2020
Cross compilation fixes [april 2020]
2020-04-13 16:48:38 -04:00
Florian Klink
d1edd8b2f6 nixosTests.networking: test setting MTU and MAC Address
Both the scripted and networkd backend now support setting MTU and MAC
Address, so do this in a test to ensure it doesn't break.
2020-04-13 22:03:35 +02:00
Florian Klink
5150378c2f nixosTests.networking.virtual: fix with networkd
We only need to wait for network.target to get up, and the
network-addresses-${interfaceName} units are scripted networking only.
2020-04-13 22:03:35 +02:00
Florian Klink
1e1945319c nixosTests.networking: make routing table comparison more reliable
This was whitespace-sensitive, kept fighting with my editor and broke
the tests easily. To fix this, let python convert the output to
individual lines, and strip whitespace from them before comparing.
2020-04-13 22:03:35 +02:00
Florian Klink
532528190b nixos/networking: move network-link-${i.name} to scripted networking
The unit sets MTU and MAC Address even with networkd enabled, which
isn't necessary anymore, as networkd handles this by itself.
2020-04-13 22:03:35 +02:00
Florian Klink
ca391c8a4f nixos/networking: add assertion catching setting mac addresses on tun devices
Setting a MAC Address on a tun interface isn't supported, and invoking
the corresponding command fails.
2020-04-13 22:03:35 +02:00
Florian Klink
cddc7a28b8 nixos/networking: fix setting .macAddress and .mtu with networkd
This needs to be set in the .linkConfig of a .network
2020-04-13 22:03:35 +02:00
Jan Tojnar
a04625379a
Merge branch 'master' into staging-next 2020-04-13 18:50:35 +02:00
Robin Gloster
e484ca3d9b
alertmanager: implement HA clustering support 2020-04-13 18:39:51 +02:00
Jörg Thalheim
4c3f1d321a
Merge pull request #76723 from jokogr/u/traefik-2.1.1
Traefik: 1.7.14 -> 2.2.0
2020-04-13 17:16:54 +01:00
Maximilian Bosch
ec6bac99cc
nixos/build-vms: propagate file location
When trying to build a VM using `nixos-build-vms` with a configuration
that doesn't evaluate, an error "at `<unknown-file>`" is usually shown.

This happens since the `build-vms.nix` creates a VM-network of
NixOS-configurations that are attr-sets or functions and don't contain
any file information. This patch manually adds the `_file`-attribute to
tell the module-system which file contained broken configuration:

```
$ cat vm.nix
{ vm.invalid-option = 1; }

$ nixos-build-vms vm.nix
error: The option `invalid-option' defined in `/home/ma27/Projects/nixpkgs/vm.nix@node-vm' does not exist.
(use '--show-trace' to show detailed location information)
```
2020-04-13 17:50:13 +02:00
Mario Rodas
66e43c6588
Merge pull request #84599 from doronbehar/nodejs-python3
nodejs: use python3 if possible
2020-04-13 07:44:05 -05:00
Maximilian Bosch
1bf1ae3966
Merge pull request #85092 from mayflower/prometheus-local-config-gen
prometheus: use runCommandNoCCLocal for config gen
2020-04-13 11:03:16 +02:00
Ingo Blechschmidt
f379e74f1e iodine: improve test in view of #58806 2020-04-13 06:22:27 +02:00
Ioannis Koutras
9360e3723d nixos/traefik: add test 2020-04-12 22:50:36 +02:00
Ioannis Koutras
1f61fbf326 nixos/traefik: make config deep mergeable 2020-04-12 22:50:36 +02:00
Ioannis Koutras
bc766b003a nixos/traefik: Adapt to traefik v2
This commit:

1. Updates the path of the traefik package, so that the out output is
   used.
2. Adapts the configuration settings and options to Traefik v2.
3. Formats the NixOS traefik service using nixfmt.
2020-04-12 22:50:36 +02:00
John Ericson
923dc61c9b
Merge pull request #85085 from Ericson2314/document-haskell-env-changes
nixos/doc: Document breaking change to Haskell dev shells
2020-04-12 16:33:53 -04:00
Robin Gloster
0e040d16e8
prometheus: use runCommandNoCCLocal for config gen 2020-04-12 20:13:23 +02:00
John Ericson
8594285c25 nixos/doc: Document breaking change to Haskell dev shells 2020-04-12 11:58:05 -04:00
Graham Christensen
56c8b7eeda
Merge pull request #84946 from bqv/nftables
nixos/nftables: fix typo in ruleset example
2020-04-12 09:38:55 -04:00
Graham Christensen
35d8514a91
Merge pull request #81848 from grahamc/nested-specialisation
specialisation: replace nesting with named configurations
2020-04-12 08:56:11 -04:00
Graham Christensen
ec2d28e323
specialisation: replace nesting with named configurations
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2020-04-12 08:12:50 -04:00
Rouven Czerwinski
e670094109 rl-2003: remove section on intel GPU workaround
According to my analysis the last critical fix went into v5.4.23, I have
confirmed this by running WebGL over night and haven't seen a single
i915 GPU hang. Lets remove the notes from the release notes.

(cherry picked from commit da764d22ce3b698707861d58824843ded87cbb0a)
2020-04-12 06:05:42 -04:00
Emily
91c6809946 nixos/stage-1: check secret paths before copying
Fixes #84976.
2020-04-11 16:42:47 +01:00
Emily
8a37c3dd1a nixos/initrd-ssh: fix typo in docs 2020-04-11 16:19:48 +01:00
Frederik Rietdijk
f8c6921e97
hydra: wrap executables with hydra env vars
We already set the relevant env vars in the systemd services. That does
not help one when executing any of the executables outside a service,
e.g. when creating a new user.
2020-04-11 14:36:42 +02:00
Maximilian Bosch
c9504b0b68
Merge pull request #84940 from symphorien/rouncube-spell
roundcube: use pspell for spellchecking
2020-04-11 14:33:43 +02:00
worldofpeace
afd2e244c4 rl-2003: qa touchups
Fixes https://github.com/NixOS/nixpkgs/issues/82777

(cherry picked from commit 7c9f30befaa5360a9c3d7d566fdf1922f84ee6c5)
2020-04-11 12:13:47 +02:00
Florian Klink
3bc5c8bb5c nixos/release-notes/rl-2003.xml: add highlights
Fixes #79180.

(cherry picked from commit ec11fd21637535d87cdbac95c8caa095a73674ef)
2020-04-11 12:13:45 +02:00
Maximilian Bosch
9cddcac995
nixos/release-notes: fix minor spelling mistake in the Nextcloud section
As discovered by flokli.
2020-04-11 10:36:08 +02:00
worldofpeace
15d5a2adc1
Merge pull request #84849 from samueldr/fix/nextcloud-upgrade-wording
nextcloud: Review installation upgrade warning wording
2020-04-10 22:55:20 -04:00
Niklas Hambüchen
ba50a7a3f1 release notes: Explain how to run nginx master as root. Fixes #84391 2020-04-11 02:57:15 +02:00
Tony Olagbaiye
c1c9905aae nixos/nftables: fix typo in ruleset example 2020-04-10 23:48:52 +01:00
Eelco Dolstra
aa084e2a24
nix: Fix fallback paths 2020-04-10 21:13:15 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
edef
6fbacea8e5
Merge pull request #84602 from alyssais/ssh
nixos/ssh: don't accept ssh-dss keys
2020-04-10 16:05:36 +00:00
Eelco Dolstra
cea352d276
nix: 2.3.3 -> 2.3.4 2020-04-10 17:23:28 +02:00
Symphorien Gibol
9e417bc9e3 roundcube: use pspell for spellchecking
By default, upstream enables a third party service in the cloud:
https://github.com/roundcube/roundcubemail/blob/1.4.3/config/defaults.inc.php#L790-L798
2020-04-10 12:00:00 +00:00
Jan Tojnar
1ab03c3a76
Merge branch 'master' into staging-next 2020-04-10 12:12:56 +02:00
worldofpeace
df8c30fa25 iso-image: make $ARCH shorter
we use stdenv.hostPlatform.uname.processor, which I believe is just like
`uname -p`.

Example values:
```
(import <nixpkgs> { system = "x86_64-linux"; }).stdenv.hostPlatform.uname.processor
"x86_64"

(import <nixpkgs> { system = "aarch64-linux"; }).stdenv.hostPlatform.uname.processor
aarch64

(import <nixpkgs> { system = "armv7l-linux"; }).stdenv.hostPlatform.uname.processor
"armv7l"
```
2020-04-09 20:10:01 -04:00
worldofpeace
a775961c8f Revert "Revert "iso-image: normalize volumeID""
This reverts commit 21b50e6f68.
2020-04-09 20:06:32 -04:00
worldofpeace
21b50e6f68
Revert "iso-image: normalize volumeID" 2020-04-09 19:43:59 -04:00
worldofpeace
8583d99e42
Merge pull request #83551 from worldofpeace/iso-id
iso-image: normalize volumeID
2020-04-09 19:31:52 -04:00
Samuel Dionne-Riel
a1efbdb600 nextcloud: Review installation upgrade warning wording
The new wording does not assume the user is upgrading.

This is because a user could be setting up a new installation on 20.03
on a server that has a 19.09 or before stateVersion!!

The new wording ensures that confusion is reduced by stating that they
do not have to care about the assumed 16→17 transition.

Then, the wording explains that they should, and how to upgrade to
version 18.

It also reviews the confusing wording about "multiple" upgrades.

* * *

The only thing we cannot really do is stop a fresh install of 17 if
there was no previous install, as it cannot be detected. That makes a
useless upgrade forced for new users with old state versions.

It is also important to state that they must set their package to
Nextcloud 18, as future upgrades to Nextcloud will not allow an uprade
from 17!

I assume future warning messages will exist specifically stating what to
do to go from 18 to 19, then 19 to 20, etc...
2020-04-09 16:52:25 -04:00
Jörg Thalheim
d7ff6ab94a
acme: create certificates in subdirectory
This allows to have multiple certificates with the same common name.
Lego uses in its internal directory the common name to name the certificate.

fixes #84409
2020-04-09 08:26:07 +01:00
Maximilian Bosch
2577ec2932
Merge pull request #84570 from Mic92/max-jobs
nixos: default nix.maxJobs to auto
2020-04-09 00:36:14 +02:00
Justin Humm
788f572380 nixos/release-notes: mention that dhcpcd stopped giving IPv4 addresses to bridges by default
This is an backward incompatible change from upstream dhcpcd [0], as
this could have easily locked me out of my box.

As dhcpcd doesn't allow to use only a blacklist (denyinterfaces in
dhcpcd.conf) of devices and use all remaining devices, while explicitly
allowing some interfaces like bridges, I think the best option would be
to not change anything about it and just educate the users here about
that edge case and how to solve it.

[0] https://roy.marples.name/archives/dhcpcd-discuss/0002621.html

(cherry picked from commit eeeb2bf8035b309a636d596de6a3b1d52ca427b1)
2020-04-08 17:46:13 -04:00
Nejc Zupan
479c521af9
Automatically restart netdata on failures
I've had Netdata crash on me sometimes. Rarely but more than once. And I lost days of data before I noticed.

Let's be nice and restart it on failures by default.
2020-04-08 20:58:06 +01:00
Maximilian Bosch
e8a4b9fe9b
Merge pull request #84501 from Ma27/bump-hydra
hydra: 2020-03-24 -> 2020-04-07
2020-04-08 20:08:29 +02:00
devhell
beae5a9caf manual/rl-2009.xml: Fix literal closing tag
Cc: @flokli
2020-04-08 17:14:06 +01:00
Jan Tojnar
521ddb1397
Merge pull request #83400 from jtojnar/malcontent-0.7
malcontent: 0.6.0 → 0.7.0
2020-04-08 17:38:17 +02:00
Jörg Thalheim
0b5d6d9e39
Merge pull request #84556 from Mic92/runtime-shell
treewide: use runtimeShell in nixos/
2020-04-08 16:34:55 +01:00
worldofpeace
309fed2b2f
nixos/malcontent: enable accounts-daemon, tweak description 2020-04-08 17:08:16 +02:00
Jan Tojnar
f3d1333f0d
malcontent-ui: split from malcontent
The 0.7.0 update allows us to split the package.
2020-04-08 17:08:15 +02:00
B YI
07bc7b971d
nixos/initrd-ssh: fix typo (#84719) 2020-04-08 17:04:29 +02:00
Benno Fünfstück
918cb88d1f nixos/release-combined.nix: test hibernate only on x86_64 2020-04-08 14:30:53 +02:00
Benno Fünfstück
bb44abe563 nixos/release-combined.nix: fix tested/supportedSystems
This properly supports the `supportedSystems` and
`limitedSupportedSystems` arguments of `release-combined.nix`.
Previously, evaluation would fail if `x86_64-linux` was not part either
of those, since the tested job always referenced the `x86_64-linux`
nixos tests (which won't exist in an aarch64-only eval).

Since the hydra configuration for the jobset`trunk-combined` has both
`aarch64-linux` and `x86_64-linux` as supported systems, this will make
aarch64 be part of the tested job on that jobset.
2020-04-08 14:30:51 +02:00
Florian Klink
68d37fe0c0
Merge pull request #84663 from flokli/notmuch-multiple-output
notmuch: add separate `emacs` output
2020-04-08 13:31:52 +02:00
worldofpeace
94eb65a287 nixos/gnome-remote-desktop: enable pipewire
We need the pipewire service to actually use this.
Tested with g-c-c Sharing.
2020-04-08 10:18:23 +02:00
Florian Klink
d0dd8e6cca notmuch: make emacs a separate output
This puts all emacs-related binaries and code to a separate output,
removing emacs from the runtime closure of neomutt.
2020-04-07 22:02:48 +02:00