Alertmanager 0.13.0 doesn't support single dash long options, so '-config.file'
for example is parsed as '-c', which leads to the service not starting.
Previously the parameters were just dropped. Now they can be read
from within the handler script. An example to show this is added.
Makes use of the new writeShellScript function as suggested in:
issue #21557
resolves: #21557
Inspired from the dhcpd service implementation
Only 2 configurations options at the moment:
- enabled
- path to config directory (defaults to /etc/raddb)
Implementation was also inspired from ArchLinux
systemd file and corrected with @dotlambda and
@fpletz help.
If you have more than 1 User with hasedPassword Option set it generates
```
rm -f /var/lib/mosquitto/passwd
touch /var/lib/mosquitto/passwd
echo 'user1:$6$xxx' > /var/lib/mosquitto/passwd
echo 'user2:$6$xxx' > /var/lib/mosquitto/passwd
```
Which ends up in only having 1 user.
l2tp saves its secrets into /etc/ipsec.d but strongswan would not read
them. l2tp checks for /etc/ipsec.secrets includes /etc/ipsec.d and if
not tries to write into it.
Solution:
Have the strongswan module create /etc/ipsec.d and /etc/ipsec.secrets
when networkmanager_l2tp is installed.
Include /etc/ipsec.secrets in
/nix/store/hash-strongswan/etc/ipsec.secrets so that it can find l2tp
secrets.
Also when the ppp 'nopeerdns' option is used, the DNS resolver tries to
write into an alternate file /etc/ppp/resolv.conf. This fails when
/etc/ppp does not exist so the module creates it by default.
* The environment variables NIX_CONF_DIR, NIX_BUILD_HOOK and
NIX_REMOTE are no longer needed.
* A /bin/sh (from busybox) is provided by default in sandboxes.
* Various options were renamed.
`services.postfix.config` is now correctly merged with the default attrset
specified in the module. Some options that are lists in postfix also
have to be lists in nix to be merged correctly. Other default options are
now set with `mkDefault` so they can be overridden via the module system.
This was only applicable to very specific hardware, and the only person
with an apparent interest in maintaining it (me) no longer uses the
hardware in question.
When a domain has a lot of subdomains, it is quite easy to hit the rate limit:
https://letsencrypt.org/docs/rate-limits/
Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.
This makes memoization of Nixpkgs evaluation less effective, since
some Nixpkgs invocations may have 'config = {}' while others may have
'config = { xorg = {}; }'.
Instead set 'config = {}'.
This reverts commit 45c5a915980fbe1fa6f0ff80ab2d11b60b844d9e.
This breaks PredictableNetworkInterfaceNames on systems without networkd.
We should only include this file from systemd, when networkd is enabled.
in read-only way. If the cache directory is empty and you use the
very same service for system's DNS, kresd is unable to bootstrap root
trust anchors, as it would need a DNS lookup.
Also, if we don't rely on bootstrap, the extra lua deps of kresd could
be dropped by default, but let's not do that now, as the difference in
closure size is only ~4 MB, and there may be other use cases than
running the package as nixos service this way.
mate-control-center depends on mate-settings-daemon, but the later needs
gsettings schemas provided by the former. To fix this the gsettings schema
path from mate-control-center is added to XDG_DATA_DIRS at session
startup.
Udev changed its internal naming, so this rule file no longer applied correctly.
Therefore some properties such as network driver no longer matched in
systemd-networkd.
After updating we have more properties in systemd-networkd:
$ sudo networkctl status wlp3s0
...
Driver: iwlwifi
...
To prevent this in future, the file is no copied from systemd directly
The unnecessary dependency of sockets.target on kresd.service causes a
dependency cycle preventing kresd.service from starting at boot:
sockets.target -> kresd.service -> basic.target -> sockets.target
This allows to configure additional configuration files for Synapse. This way
secrets can be kept in a secure place on the file system without a need to go
through the Nix store.
before:
- /var/run/memcached is a bad default for a socket path, since its
parent directory must be writeable by memcached.
- Socket directory was not created by the module itself -> this was
left as a burden to the user?
- Having a static uid with a dynamic user name is not very useful.
after:
- Replace services.memcached.socket by a boolean flag. This simplifies
our code, since we do not have to check if the user specifies a
path with a parent directory that should be owned by memcached
(/run/memcached/memcached.sock -> /run/memcached).
- Remove fixed uid/gid allocation. The only file ever owned by the
daemon is the socket that will be recreated on every start.
Therefore user and group ids do not need to be static.
- only create the memcached user, if the user has not specified a
different one. The major use case for changing option is to allow
existing services (such as php-fpm) opening the local unix socket.
If we would unconditionally create a user that option would be
useless.
apps.plugin requires capabilities for full process monitoring. with
1.9.0, netdata allows multiple directories to search for plugins and the
setuid directory can be specified here.
the module is backwards compatible with older configs. a test is
included that verifies data gathering for the elevated privileges. one
additional attribute is added to make configuration more generic than
including configuration in string form.
Instead of polluting the environment with environment variables which
are inherited by processes spawned from awesome, use the command line
argument "--search" to add things to the search path.
cc #33169
This enables znapzend users to specify its full configuration through
NixOS options, without ever needing to use the stateful `znapzendzetup`
command.
This works by running znapzendzetup with the specified config in
ExecPre, just before the znapzend daemon is started.
There is also the `pure` option which will clear all previous znapzend setups,
making it as stateless as can get, as only the setup declared in
configuration.nix will be persisted.
This makes the commonHook option work also for (read-only) Nix store
paths. Currently it fails on the second activation, because the
destination is read-only.
(originally from f9415cb621)
feh is used to set background image for desktop managers that do not
support it directly, however there is no need to include it in PATH.
Fixes#17450.
Now there are separate `xfce4.xfce4mixer_pulse` and `xfce4.xfcevolumed_pulse` attributes for PulseAudio versions of these packages, instead of relying on Nixpkgs option. Mind that xfce4-volumed and xfce4-volumed-pulse are actually two separate programs without much overlap.
* Add options:
- enable
- davUser (default: "davfs2")
- davGroup (default: "davfs2)
* Add davfs2 user or group if they are not specified in the
configuration
In commit ec9dc73 restarting NetworkManager after resume from
suspend/hibernate was introduced.
When I initially switch to NixOS I started noticing a high delay between
wakeup and re-connecting to WiFi & wired networks. The delay increased
from a few seconds (on my previous distro, same software stack) to
almost half a minute with NixOS.
I (locally) applied the change in this commit a few weeks ago and tested
since then. The notebook/mobile device experience has improved a lot.
Reconnects are as before switching to NixOS.
Issue #24401 could be related to this. Since I am not using KDE/plasma5
I can only guess…
These packages will be placed into an environment using
`backendsToPackages`. This function explicitly maps backends to
`pkgs.nodePackages.${type}` unless it's a builtin. This ensures that only
valid backends that work on NixOS are used (if not, the build already
breaks at evaluation time).
The log will be redirected to `stdout` to be able to watch the entire
output using `journalctl`.
Configuration parameters for the backends need to be set using
`services.statsd.extraConfig` as each backend has its own options and
all of them shouldn't be validated and checked explicitly and manually.
Tunnel configuration has no member named "host" - i2pd does but it's called "address" in the options. As a result, no tunnel configuration is generated.
* Fix attribute check in inTunnels
* Fix integer to string coercion in inTunnels
* Add destinationPort option for outTunnels
Added the boolean option:
networking.networkmanager.enableStrongSwan
which enables the networkmanager_strongswan plugin and adds
strongswanNM to the dbus packages.
This was contributed by @wucke13, @eqyiel and @globin.
Fixes: #29873
There are security fixes in multiple packages /cc #32117,
so I'm merging a little earlier, with a few thousand jobs
still not finished on Hydra for x86_64-darwin and aarch64-linux.
For some reason, the GNOME 3.26 update broke the overrides. It turns
out the overrides now need to come before the overridden schemas in the
XDG_DATA_DIRS variable. This is not possible in general due to applications
prefixing the variable (e.g. in wrapGAppsHook).
To fix this, a new environment variable NIX_GSETTINGS_OVERRIDES_DIR
was introduced. It has greater priority than XDG_DATA_DIRS but lower
than GSETTINGS_SCHEMA_DIR. A separate variable was chosen in order not
to block the built-in one for users.
With libinput used for keyboard, base rules produce incorrect keyboard
layouts. We are removing the option as recommended in the XKB configuration
guide [1] to let X server choose the ruleset. It looks like it chooses
evdev rules which seem to work for some reason
[1]: https://www.x.org/releases/X11R7.6/doc/xorg-docs/input/XKB-Config.html#id2521360
The munin-node service used wrapProgram to inject environment variables.
This doesn't work because munin plugins depend on argv[0], which is
overwritten when the executable is a script with a shebang line (example
below).
This commit removes the wrappers and instead passes the required
environment variables to munin-node.
Eliminating the wrappers resulted in some broken plugins, e.g., meminfo
and hddtemp_smartctl. That was fixed with the per-plugin configuration.
Example:
The plugin if_eth0 is a symlink to /.../plugins/if_, which uses $0
to determine that it should monitor traffic on the eth0 interface.
if_ is a wrapped program, and runs `exec -a "$0" .if_-wrapped`
.if_-wrapped has a "#!/nix/.../bash" line, which results in bash
changing $0, and as a result the plugin thinks my interface
is called "-wrapped".
While BOINC itself is open source, many of the project applications
it runs are not. Additionally, these project applications are
checksummed before they are run, so they can't be patched. This
means we can't make the project applications find required binaries/libraries
on a NixOS system. The solution is therefore to make said binaries
and libraries appear in the expected locations, by wrapping BOINC
in an FHS-compatible environment [1].
An `extraEnvPackages` is also added to allow more packages to
be added into this environment. The documentation for this option
describes some practical use cases for it.
[1] https://nixos.org/nixpkgs/manual/#sec-fhs-environments
Version 2: fixed Docbook list formatting, minor rewording
Version 3: rebase onto master (9c048f4fb6)
Version 4: fix usage of targetPkgs argument to buildFHSUserEnv
* nghttpx: Add a new NixOS module for the nghttpx proxy server
This change also adds a global `uid` and `gid` for a `nghttpx` user
and group as well as an integration test.
* nixos/nghttpx: fix building manual
For some reason, the GNOME 3.26 update broke the overrides. It turns
out the overrides now need to come before the overriden schemas in the
XDG_DATA_DIRS variable. This is not possible in general due to applications
prefixing the variable (e.g. in wrapGAppsHook).
To fix this, a new environment variable NIX_GSETTINGS_OVERRIDES_DIR
was introduced. It has greater priority than XDG_DATA_DIRS but lower
than GSETTINGS_SCHEMA_DIR. A separate variable was chosen in order not
to block the built-in one for users.
Comparing packages via equality will lead to different results when package and module are from different
`nixpkgs` checkouts.
Also, because MariaDB is actually supported, added a note to option description to make this knowledge more discover-able.
`nixos-option` evals the description and the '`' is used to
define shell commands.
Due to this, the following error appears:
```
$ nixos-option services.postgresql.superUser
Value:
"root"
Default:
"root"
Description:
/run/current-system/sw/bin/nixos-option: line 294: root: command not found
/run/current-system/sw/bin/nixos-option: line 294: postgres: command not found
NixOS traditionally used as superuser, most other distros use .
From 17.09 we also try to follow this standard. Internal since changing this value
would lead to breakage while setting up databases.
```
In the previous version multiple default values would generate an
invalid babeld config file since all options would be concatenated
without any separator.
The error got introduced by 4f3d971ef5,
which removed the *Text attributes from the option.
This in turn leads to an evaluation error while building the
manual/manpage, because oraclejre8 is marked unfree.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @jbgi, @orivej, @globin
Only the Oracle JRE is supported by Atlassian appsAtlassian apps
(see https://jira.atlassian.com/browse/JRASERVER-46152)
Plus Atlassian apps are non free so the switch logic always chose
Oracle JRE anyway.
Option is kept in case someone want to patch apps to support openjdk.
I don't know where this comes from (I accidentally did that as well
once), but some derivations seem to use `buildPhases` rather than
`phases` in their derivations.
This kills all improper usages as the lack of a `phases` argument
didn't break the build, so this can be safely removed.
This reverts commit 93c54acf97.
This reopens#30517 @nbp @Ma27
Breaking people's config for this is hardly reasonable as is. If it
absolutely cannot be avoided, at the very least, we need to provide
clear instructions on what people need to upgrade in their config. I
actually had to bisect to the commit, to even find out what property I
should change or define, as the error message was useless. It didn't
even mention a property name.
Discussion on the PR seems to be ongoing, so I'm reverting this, so we
don't break people's systems on unstable.