Commit Graph

11370 Commits

Author SHA1 Message Date
Léo Gaspard
b9faae955c
redsocks module: add self as maintainer 2018-10-31 01:06:14 +09:00
Léo Gaspard
930bcbda83
dkimproxy-out module: add self as maintainer 2018-10-31 01:06:04 +09:00
Léo Gaspard
9b34f47b7c
clamsmtp module: add self as maintainer 2018-10-31 01:05:49 +09:00
Léo Gaspard
888034f6ca
dhparams module: add self as maintainer 2018-10-31 01:05:35 +09:00
Jörg Thalheim
6c7ec02503
Merge pull request #48499 from aneeshusa/restart-salt-on-config-changes
nixos/salt: restart on config changes
2018-10-30 15:40:56 +00:00
xeji
1d9481a127
Merge pull request #49395 from dtzWill/update/upower-0.99.9
upower: 0.99.7 -> 0.99.9, lock down service
2018-10-30 15:57:11 +01:00
Lancelot SIX
f68cf486d8
Merge pull request #48664 from alyssais/postgres11
postgresql_11: init at 11.0
2018-10-30 15:54:42 +01:00
Lassulus
334dd6f964 nixos/bitlbee: use purple-2 as purple_plugin_path (#49440) 2018-10-30 15:37:41 +01:00
Alyssa Ross
5bde0f6002
release notes: update for postgres rename 2018-10-30 14:33:36 +00:00
Alyssa Ross
91c746cacc
postgresql_11: init at 11.0 2018-10-30 14:33:35 +00:00
Alyssa Ross
c6c7d55790
postgresql*: use underscores in version numbers 2018-10-30 14:32:21 +00:00
Eelco Dolstra
be6e4b8af8
Merge pull request #49326 from c0bw3b/nixos/installation-device
nixos/installation-device: set GC initial heap size to 1MB
2018-10-30 14:13:59 +01:00
Alyssa Ross
94360c11e9
docs: update sample postgresql package
postgresql90 no longer exists in nixpkgs.
2018-10-30 12:40:24 +00:00
Alyssa Ross
9594b59f13
postgresql10: rename from postgresql100 2018-10-30 12:40:20 +00:00
Tuomas Tynkkynen
2380f6a4fa nixos/tests/rsyslogd: Fix eval 2018-10-30 14:27:44 +02:00
xeji
8bbdee09dd
Merge pull request #49441 from srhb/debug-hydra-failures
NixOS tests: Wait for shell for 10x longer (50m)
2018-10-30 11:37:41 +01:00
Sarah Brofeldt
9bc10e1291 NixOS tests: Wait for shell for 10x longer (50m) 2018-10-30 09:22:42 +01:00
Eric Wolf
30d2792091 nixos/release-notes for 18.09: fix missing entry
- the addition of the groups kvm and render breaks the configuration of
   users, which added them
2018-10-30 08:41:13 +01:00
xeji
21a7ca7c08
Merge pull request #49074 from c0bw3b/pkg/veracrypt
veracrypt: 1.22 -> 1.23 / truecrypt: remove and alias to veracrypt
2018-10-29 23:53:29 +01:00
Eelco Dolstra
0d15004cba
Merge pull request #49401 from aherrmann/stringify-modules-path
nixos/lib/eval-config.nix: toString modulesPath
2018-10-29 16:21:09 +01:00
Andreas Herrmann
044ceae280 nixos/lib/eval-config.nix: toString modulesPath
Referencing modulesPath in NixOS configurations can cause evaluation
errors in restricted mode.  If used as `${modulesPath}` (as in all
use-sites in nixpkgs) the modules subtree is copied into its own store
path. Access to this path will be forbidden in restricted mode.

Converting to a string solves this issue.
`${builtins.toString modulesPath}` will point to a subdirectory of the
nixpkgs tree out of which evalModules is called.

This change converts modulesPath to a string by default so that the
call-site doesn't have to anymore.
2018-10-29 15:46:20 +01:00
Will Dietz
d7e4c49ffc nixos/upower: lockdown service using upstream settings 2018-10-29 08:09:52 -05:00
Robert Schütz
6017fdfe91 nixos/tests/home-assistant: no longer ignore "Timer got out of sync" error
That error message was removed in https://github.com/home-assistant/home-assistant/pull/17398.
2018-10-29 13:30:06 +01:00
Pavel Goran
a57bbf4e63 nixos/tomcat: add purifyOnStart option
With this option enabled, before creating file/directories/symlinks in baseDir
according to configuration, old occurences of them are removed.

This prevents remainders of an old configuration (libraries, webapps, you name
it) from persisting after activating a new configuration.
2018-10-29 18:26:22 +07:00
Matthew Bauer
a943bc9e04
Merge pull request #48801 from matthewbauer/cloneConfigExtra
ova: add cloneConfigExtra option
2018-10-28 19:05:16 -05:00
Jörg Thalheim
eb70af18f4
Merge pull request #48875 from Izorkin/nginx-prestart
nginx: add custom options
2018-10-28 23:13:20 +00:00
Silvan Mosberger
74854265b1
Merge pull request #49317 from c0bw3b/nixos/demovm
nixos/virtualbox-image: increase disk to 50G
2018-10-28 22:21:37 +01:00
Silvan Mosberger
04b4ca37bd
Merge pull request #49360 from tadfisher/logind-suspend-then-hibernate
nixos/systemd: support "suspend-then-hibernate" logind option
2018-10-28 22:18:39 +01:00
Silvan Mosberger
0ab2621a7f
Merge pull request #49350 from c0bw3b/nixos/rngd
nixos/rngd: fix exec flags and udev rules
2018-10-28 22:15:21 +01:00
Tad Fisher
8520839b6a nixos/systemd: support "suspend-then-hibernate" logind option 2018-10-28 13:41:21 -07:00
Jörg Thalheim
4249dc2fe7
Merge pull request #49355 from Mic92/sddm
nixos/plasma5: disable ocr tests
2018-10-28 19:58:16 +00:00
Jörg Thalheim
f974b979a5
nixos/plasma5: disable ocr tests
This is brittle and breaks the test
2018-10-28 19:13:12 +00:00
Renaud
deacd0bd73
nixos/rngd: fix exec flags and udev rules
TPM1.2 support has been dropped in rng-tools v6.5
see caef8cce97

rngd won't access /dev/tpm0 anymore and the "--no-tpm=1" option is now unrecognised
2018-10-28 17:31:35 +01:00
FeepingCreature
83a65a9182 improve shell.nix warning messages 2018-10-28 14:08:01 +01:00
obadz
07db5f1c8c
Merge pull request #48901 from Ekleog/opensmtpd-6.4.0
opensmtpd: 6.0.3p1 -> 6.4.0
2018-10-28 13:00:57 +00:00
Joachim F
e5ce19f6ab
Merge pull request #46330 from geistesk/wavemon-module
nixos/wavemon: create module
2018-10-28 10:16:54 +00:00
Renaud
fc476599ad
installation-device: set GC initial heap size to 1MB
100000 (100kB) is too aggressive (too low) and gets ignored by the GC
See issue #43339
2018-10-28 10:48:00 +01:00
Renaud
7ab76cc5e8
nixos/virtualbox-image: increase disk to 50G
100GB breaks cptofs but 50GB is fine and benchmarks shows it takes the same time as building the demo VBox VM with a 10GB disk

+ enabled VM sound output by default
+ set USB controller in USB2.0 mode
+ add manifest file in the OVA as it allows integrity checking on imports
2018-10-28 00:53:54 +02:00
aanderse
1381019e49 nixos/rsyslogd & nixos/syslog-ng: fix broken module (#47306)
* journald: forward message to syslog by default if a syslog implementation is installed

* added a test to ensure rsyslog is receiving messages when expected

* added rsyslogd tests to release.nix
2018-10-27 19:01:30 +02:00
xeji
6419bdac05
Merge pull request #47241 from oxij/pull/36261-fix-local-hostname-alternative
nixos/networking: add hostname to /etc/hosts by default, simplify
2018-10-27 16:55:10 +02:00
Tuomas Tynkkynen
ad7f2d120e nixos/installation-cd-minimal: Drop fontconfig
Shouldn't be needed for anything.
2018-10-27 15:17:13 +03:00
Tuomas Tynkkynen
cc92fc0a83 nixos/installation-device: Move systemPackages additions to profiles/base
Other package additions are there as well.
2018-10-27 15:17:13 +03:00
Tuomas Tynkkynen
717206010f nixos/installer: Drop extra copy of w3m
The nixos-manual service already uses w3m-nographics for a variant that
drops unnecessary junk like various image libraries.

iso_minimal closure (i.e. uncompressed) goes from 1884M -> 1837M.
2018-10-27 13:16:30 +03:00
Bas van Dijk
0b381dd9ca
Merge pull request #49197 from LumiGuide/strongswan-swanctl-5.7.1
strongswan-swanctl: adapt options to strongswan-5.7.1
2018-10-27 09:34:53 +01:00
Léo Gaspard
58f701ab74 opensmtpd: 6.0.3p1 -> 6.4.0p1 2018-10-27 12:15:09 +09:00
Silvan Mosberger
932e27c53f
Merge pull request #49152 from 1000101/master
nixos/trezord: revised and updated udev rules
2018-10-27 01:18:46 +02:00
Silvan Mosberger
d67da5ba9b
Merge pull request #49064 from jslight90/users
nixos/users: fix users home directory with isNormalUser
2018-10-27 00:59:16 +02:00
Silvan Mosberger
f374addc10
Merge pull request #48844 from c0bw3b/svc/ddclient
nixos/ddclient: make RuntimeDirectory and configFile private
2018-10-27 00:29:18 +02:00
Bas van Dijk
ca655e8b14 strongswan-swanctl: adapt options to strongswan-5.7.1
The changes were found by executing the following in the strongswan
repo (https://github.com/strongswan/strongswan):

git diff 5.6.3..5.7.1 src/swanctl/swanctl.opt
2018-10-26 23:46:02 +02:00
Jan Tojnar
82218835c5
Merge pull request #43133 from worldofpeace/gsignond
gsignond: init at 1.0.7
2018-10-26 19:29:56 +02:00
Ján Hrnko
a88e0ef9aa nixos/trezord: revised and updated udev rules 2018-10-26 14:53:31 +02:00
Michael Weiss
163adc5039
Merge pull request #48916 from colemickens/sway-module
programs.sway-beta: module init (temporary until sway-beta becomes sway-1.0)
2018-10-25 19:12:38 +02:00
Marwan Aljubeh
8ddefe857d nixos/nextcloud: fix a typo
The NextCloud `adminpass` option sets the admin password, not the database password.
2018-10-25 18:04:36 +02:00
Maximilian Bosch
5dc1748043
Merge pull request #48728 from qolii/eternal-terminal-module
nixos/eternal-terminal: init new module.
2018-10-25 14:51:22 +02:00
qolii
c0d90b57d6 Address more review feedback. 2018-10-24 17:57:33 -07:00
Cole Mickens
da960bb899 sway-beta: module init 2018-10-24 14:56:29 -07:00
c0bw3b
b47fccff0a truecrypt: remove and alias to veracrypt
TrueCrypt has been retired for a while now and the source archive we
pointed to is gone. Moreover the VeraCrypt fork is available, maintained
and fixes issues previous audits found in TrueCrypt.
2018-10-24 20:34:17 +02:00
Jeff Slight
d7fcd1dcbf nixos/users: fix users home directory with isNormalUser 2018-10-24 10:38:56 -07:00
Renaud
b2f6aa0069
nixos/rngd: use new name pkgs.rng-tools
Instead of pkgs.rng_tools which is now an alias
2018-10-24 13:46:08 +02:00
Michael Weiss
2eb372d59d
nixos/rootston: Remove the module and the package (#48905)
Rootston is just a reference compositor so it doesn't make that much
sense to have a module for it. Upstream doesn't really like it as well:

"Rootston will never be intended for downstream packages, it's an
internal thing we use for testing." - SirCmpwn [0]

Removing the package and the module shouldn't cause much problems
because it was marked as broken until
886131c243. If required the package can
still be accessed via wlroots.bin (could be useful for testing
purposes).

[0]: https://github.com/NixOS/nixpkgs/issues/38344#issuecomment-378449256
2018-10-23 20:38:33 +02:00
Izorkin
af8ae49395 nginx: add custom options 2018-10-23 21:04:07 +03:00
Rob Vermaas
debbed29d1 datadog-agent: add option to enable trace agent 2018-10-23 12:30:06 +02:00
Renaud
ab5380ec82
nixos/ddclient: make configFile private
/run/ddclient/ddclient.conf should be installed in mode 660 (readable and writeable only by ddclient.service user and group)
2018-10-23 00:43:41 +02:00
Renaud
f76a9eb526
nixos/ddclient: make RuntimeDirectory private
ddclient will raise a warning if /run/ddclient/ is world-readable
2018-10-22 23:58:12 +02:00
Jörg Thalheim
9a7bca27cc
Merge pull request #48834 from dhess/dovenull-group-fix
dovecot: dovenull user should have its own group.
2018-10-22 22:46:17 +01:00
Arian van Putten
9f72791516 nixos/containers: Introduce several tweaks to systemd-nspawn from upstream systemd
* Lets container@.service  be activated by machines.target instead of
  multi-user.target

  According to the systemd manpages, all containers that are registered
  by machinectl, should be inside machines.target for easy stopping
  and starting container units altogether

* make sure container@.service and container.slice instances are
  actually located in machine.slice

  https://plus.google.com/112206451048767236518/posts/SYAueyXHeEX
  See original commit: https://github.com/NixOS/systemd/commit/45d383a3b8

* Enable Cgroup delegation for nixos-containers

  Delegate=yes should be set for container scopes where a systemd instance
  inside the container shall manage the hierarchies below its own cgroup
  and have access to all controllers.

  This is equivalent to enabling all accounting options on the systemd
  process inside the system container.  This means that systemd inside
  the container is responsible for managing Cgroup resources for
  unit files that enable accounting options inside.  Without this
  option, units that make use of cgroup features within system
  containers might misbehave

  See original commit: https://github.com/NixOS/systemd/commit/a931ad47a8

  from the manpage:
    Turns on delegation of further resource control partitioning to
    processes of the unit. Units where this is enabled may create and
    manage their own private subhierarchy of control groups below the
    control group of the unit itself. For unprivileged services (i.e.
    those using the User= setting) the unit's control group will be made
    accessible to the relevant user. When enabled the service manager
    will refrain from manipulating control groups or moving processes
    below the unit's control group, so that a clear concept of ownership
    is established: the control group tree above the unit's control
    group (i.e. towards the root control group) is owned and managed by
    the service manager of the host, while the control group tree below
    the unit's control group is owned and managed by the unit itself.
    Takes either a boolean argument or a list of control group
    controller names. If true, delegation is turned on, and all
    supported controllers are enabled for the unit, making them
    available to the unit's processes for management. If false,
    delegation is turned off entirely (and no additional controllers are
    enabled). If set to a list of controllers, delegation is turned on,
    and the specified controllers are enabled for the unit. Note that
    additional controllers than the ones specified might be made
    available as well, depending on configuration of the containing
    slice unit or other units contained in it. Note that assigning the
    empty string will enable delegation, but reset the list of
    controllers, all assignments prior to this will have no effect.
    Defaults to false.

    Note that controller delegation to less privileged code is only safe
    on the unified control group hierarchy. Accordingly, access to the
    specified controllers will not be granted to unprivileged services
    on the legacy hierarchy, even when requested.

    The following controller names may be specified: cpu, cpuacct, io,
    blkio, memory, devices, pids. Not all of these controllers are
    available on all kernels however, and some are specific to the
    unified hierarchy while others are specific to the legacy hierarchy.
    Also note that the kernel might support further controllers, which
    aren't covered here yet as delegation is either not supported at all
    for them or not defined cleanly.
2018-10-22 22:36:08 +02:00
Drew Hess
fa388534e4
dovecot: dovenull user should have its own group.
Quoting from https://wiki.dovecot.org/UserIds#dovenulluser:

"It should belong to its own private dovenull group where no one else
belongs to..."
2018-10-22 15:01:47 -04:00
Victor SENE
2a164f598c nixos/nextcloud: extend documentation for nginx configuration
Co-authored-by: Robin Gloster <mail@glob.in>
2018-10-22 19:50:37 +02:00
Léo Gaspard
5cd6c65054 wasm: remove alias to unbreak the channel
Nixpkgs' channel currently can't move forward so long as there is a
trace in evaluating the top-level arguments. Which means that it isn't
possible to add a warning message to warn users of future package
removal.

So the only way forward appears to be just removing the alias
altogether.

(cherry picked from commit b4133ebc17c2742a76d912f4f0bf46719bc7800e)
2018-10-22 09:58:00 +02:00
Jörg Thalheim
0a5b4fda63
Merge pull request #48791 from markuskowa/fix-munge
nixos/munge: do not create unnecessary log dir
2018-10-21 22:59:51 +01:00
Matthew Bauer
1902adb437 ova: add cloneConfigExtra option
Customize virtualbox ovas to contain a clone config option giving some
useful hints.

Fixes #38429
2018-10-21 14:52:49 -05:00
Arian van Putten
3be00fa60c nixos/systemd-nspawn: Remove dependency on bogus "machine.target"
"machine.target" doesn't actually exist, it's misspelled version
of "machines.target".  However, the "systemd-nspawn@.service"
unit already has a default dependency on "machines.target"
2018-10-21 21:51:51 +02:00
Markus Kowalewski
e3a86019d6
nixos/munge: do not create unnecessary log dir
/var/log/munge is not used. All log messages go to syslog
2018-10-21 20:46:09 +02:00
Joachim F
ca127588c1
Merge pull request #48625 from exarkun/48622.tor-disable-socksport
nixos/tor: better support non-anonymous services
2018-10-21 18:27:02 +00:00
Ben Wolsieffer
eadb9c822b raspberrypi-bootloader: pass initrd to kernel
NixOS is unable to boot using the RPi bootloader (w/o U-Boot) unless the initrd
is configured.
2018-10-21 17:44:11 +03:00
Ben Wolsieffer
e2fbada6f8 raspberrypi-bootloader: uboot: allow specification of target directory 2018-10-21 17:44:11 +03:00
Ben Wolsieffer
1afff7c10b raspberrypi-bootloader: support Raspberry Pi 3 w/o U-Boot and explicitly support
Raspberry Pi Zero
2018-10-21 17:44:11 +03:00
Ben Wolsieffer
bcb9e17bba raspberrypi-bootloader: allow specification of target directory 2018-10-21 17:44:11 +03:00
Jörg Thalheim
c4a7ebb46b
Merge pull request #47070 from Mic92/grafana-improvements
Grafana: secrets outside of the nix store + smtp
2018-10-21 14:21:09 +01:00
Linus Heckemann
45981145ad nixos/wrappers: remove outdated upgrade code
As mentioned in the code comments themselves, this was only necessary
for 16.09 -> 17.03 and as such is obsolete.
2018-10-21 15:12:36 +02:00
Renaud
cb9237d16f
Merge pull request #47775 from florianjacob/munin-var-run-to-run
nixos/munin: move from /var/run to /run
2018-10-21 10:07:25 +02:00
Michael Raskin
3491dd06a1
Merge pull request #47224 from pvgoran/tomcat-virtualhost-aliases
nixos/tomcat: add aliases sub-option for virtual hosts
2018-10-21 07:54:52 +00:00
qolii
ee0444576f Address review feedback. 2018-10-20 13:52:43 -07:00
qolii
af1a285017 nixos/eternal-terminal: init new module. 2018-10-20 13:52:12 -07:00
Silvan Mosberger
1fa1bcbab0
nixos/znc: Fix confOptions.uriPrefix not being applied
This was overlooked on a rebase of mine on master, when I didn't realize
that in the time of me writing the znc changes this new option got
introduced.
2018-10-20 20:56:30 +02:00
Silvan Mosberger
039fc37f9c
nixos/znc: Fix confOptions.extraZncConf being applied to wrong section
This bug was introduced in https://github.com/NixOS/nixpkgs/pull/41467
2018-10-20 20:36:18 +02:00
Pierre Bourdon
cf58856d90 nixos/prometheus: add webExternalUrl option
Similar to the prometheus.alertmanager.webExternalUrl option, but for
Prometheus itself.
2018-10-20 13:45:55 +02:00
Matthew Bauer
5b73b46aec
Merge pull request #48689 from Tmplt/fix-compton
nixos/compton: fix corrupt colours with Mesa 18 on AMD
2018-10-19 15:40:43 -05:00
Maximilian Bosch
e8fb77a944
Merge pull request #46152 from Ma27/fix-setxkbmap-completion
zsh: patch `_setxkbmap` completion script
2018-10-19 14:33:04 +02:00
worldofpeace
4f4e20bc79 nixos/gsignond: init 2018-10-19 06:29:04 -04:00
Jörg Thalheim
e37892744f
Merge pull request #48640 from gnidorah/kvmgt
kvmgt module: add restart on failure
2018-10-19 10:45:04 +01:00
Sarah Brofeldt
58717759b3
Merge pull request #48546 from andrew-d/andrew/hide-zfs-import-warning
nixos/zfs: Hide useless errors when waiting for zpool to be ready
2018-10-19 10:07:09 +02:00
Tmplt
df41d53f9d nixos/compton: fix corrupt colours with Mesa 18 on AMD
On AMD hardware with Mesa 18, compton renders some colours incorrectly
when using the glx backend. This patch sets an environmental variable
for compton so colours are rendered correctly.

Topical bug: <https://bugs.freedesktop.org/show_bug.cgi?id=104597>
2018-10-19 01:10:11 +02:00
Jörg Thalheim
5a1f0f9aa3
tinc: remove unnecessary networking.interfaces
This breaks with networking backends enabled and
also creates large delays on boot when some services depends
on the network target. It is also not really required
because tinc does create those interfaces itself.

fixes #27070
2018-10-18 21:37:56 +01:00
gnidorah
a6603fd8a8 kvmgt module: add service restart on failure 2018-10-18 22:35:32 +03:00
Jörg Thalheim
2ce94fafcd
Merge pull request #48571 from spacefrogg/openafs
Openafs security updates
2018-10-18 16:08:04 +01:00
Michael Raitza
290a7d2ee9 nixos/openafs: Add defaultText to avoid evaluating packages 2018-10-18 13:11:52 +02:00
adisbladis
78c0e1aa11
nixos/pulseaudio: Add extraModules config option 2018-10-18 16:27:43 +08:00
Silvan Mosberger
77e90ef365
Merge pull request #45030 from eadwu/nvidia_x11_beta/396.51
nvidia_x11_beta: reinit at 410.57
2018-10-18 09:10:05 +02:00
Edmund Wu
21bb1fa004
nvidia_x11_beta: reinit at 410.57 2018-10-17 19:30:44 -04:00