JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
178,688 Commits 2 Branches 0 Tags 13 GiB
4fcaded92b
Commit Graph

6529 Commits

Author SHA1 Message Date
Bas van Dijk
cd4486ecc3 nixos/prometheus/alertmanager: use DynamicUser instead of nobody 
See issue #55370
 2019-04-10 20:38:40 +02:00
Bas van Dijk
739bdff4a4 nixos/prometheus/alertmanager: use ExecStart instead of script 
This results in a simpler service unit which doesn't first have to
start a shell:

  > cat /nix/store/s95nsr8zbkblklanqpkiap49mkwbaq45-unit-alertmanager.service/alertmanager.service
  ...
  ExecStart=/nix/store/4g784lwcy7kp69hg0z2hfwkhjp2914lr-alertmanager-0.16.2-bin/bin/alertmanager \
    --config.file /nix/store/p2c7fyi2jkkwq04z2flk84q4wyj2ggry-checked-config \
    --web.listen-address [::1]:9093 \
    --log.level warn
  ...
 2019-04-10 15:03:09 +02:00
Linus Heckemann
4557373d68
Merge pull request #58858 from worldofpeace/pantheon/lightdm-gtk-greeter 
nixos/pantheon: enable lightdm gtk greeter
 2019-04-10 09:36:20 +02:00
Robin Gloster
f370553f8f
Merge pull request #58804 from Ma27/roundcube-fixes 
roundcube: minor fixes
 2019-04-09 18:30:00 +00:00
Frederik Rietdijk
d108b49168 Merge master into staging-next 2019-04-09 16:38:35 +02:00
Bas van Dijk
2f2e2971d6
Merge pull request #58255 from jbgi/prometheus2 
Add Prometheus 2 service in parallel with 1.x version (continuation)
 2019-04-09 14:14:18 +02:00
Bas van Dijk
c95179b52f nixos/prometheus: add back the option services.prometheus.dataDir 
This is to ensure more backwards compatibility. Note this is not 100%
backwards compatible because we now require dataDir to begin with /var/lib/.
 2019-04-09 13:13:34 +02:00
Robin Gloster
a58ab8fc05
Merge pull request #58398 from Ma27/package-documize 
documize-community: init at 2.2.1
 2019-04-08 22:34:11 +00:00
Maximilian Bosch
acbb74ed18
documize-community: init at 2.2.1 
Documize is an open-source alternative for wiki software like Confluence
based on Go and EmberJS. This patch adds the sources for the community
edition[1], for commercial their paid-plan[2] needs to be used.

For commercial use a derivation that bundles the commercial package and
contains a `$out/bin/documize` can be passed to
`services.documize.enable`.

The package compiles the Go sources, the build process also bundles the
pre-built frontend from `gui/public` into the binary.

The NixOS module generates a simple `systemd` unit which starts the
service as a dynamic user, database and a reverse proxy won't be
configured.

[1] https://www.documize.com/get-started/
[2] https://www.documize.com/pricing/
 2019-04-08 23:54:57 +02:00
worldofpeace
acedc516fe nixos/pantheon: use evince module 2019-04-08 16:40:54 -04:00
Ingo Blechschmidt
efff2e1aa6 iodine: improve password handling (#58806) 
Before this change, only passwords not containing shell metacharacters could be
used, and because the password was passed as a command-line argument, local
users could (in a very small window of time) record the password and (in an
indefinity window of time) record the length of the password.

We also use the opportunity to add a call to `exec` in the systemd start
script, so that no shell needs to hang around waiting for iodine to stop.
 2019-04-08 21:20:26 +02:00
Bas van Dijk
eed84d1f8d nixos/prometheus: fix indentation and unnecessary parenthesis 2019-04-08 19:14:42 +02:00
Bas van Dijk
7cf27feb2f
nixos/prometheus: get rid of empty arguments 
Previously the prometheus.service file looked like:

  ExecStart=/nix/store/wjkhfw3xgkmavz1akkqir99w4lbqhak7-prometheus-1.8.2-bin/bin/prometheus -storage.local.path=/var/lib/prometheus/metrics \
    -config.file=/nix/store/zsnvzw51mk3n1cxjd0351bj39k1j6j27-prometheus.yml-check-config-checked \
    -web.listen-address=0.0.0.0:9090 \
    -alertmanager.notification-queue-capacity=10000 \
    -alertmanager.timeout=10s \
     \

  Restart=always

Now it's:

  ExecStart=/nix/store/wjkhfw3xgkmavz1akkqir99w4lbqhak7-prometheus-1.8.2-bin/bin/prometheus \
    -storage.local.path=/var/lib/prometheus/metrics \
    -config.file=/nix/store/zsnvzw51mk3n1cxjd0351bj39k1j6j27-prometheus.yml-check-config-checked \
    -web.listen-address=0.0.0.0:9090 \
    -alertmanager.notification-queue-capacity=10000 \
    -alertmanager.timeout=10s
  Restart=always
 2019-04-08 14:59:12 +02:00
Bas van Dijk
a59c92903e
nixos/prometheus: use ExecStart instead of a shell script 
This uses fewer lines of code and one less process.
 2019-04-08 14:59:12 +02:00
Aneesh Agrawal
24ae4ae604 nixos/sshd: Remove obsolete Protocol options (#59136) 
OpenSSH removed server side support for the v.1 Protocol
in version 7.4: https://www.openssh.com/txt/release-7.4,
making this option a no-op.
 2019-04-08 09:49:31 +02:00
worldofpeace
8f93650fe4 nixos/pantheon: add warning when not using LightDM 2019-04-07 17:51:41 -04:00
worldofpeace
d3d5c674ba nixos/lightdm-greeters/pantheon: add warning 2019-04-07 17:51:19 -04:00
Florian Klink
2457510db4
Merge pull request #51918 from bobvanderlinden/var-run 
tree-wide: nixos: /var/run -> /run
 2019-04-07 20:09:46 +02:00
Frederik Rietdijk
7f7da0a16f Merge master into staging-next 2019-04-07 15:14:52 +02:00
Robin Gloster
0498ba6e06
Merge pull request #59078 from dtzWill/fix-and-update/nextcloud 
nextcloud: fix use of mismatched php versions, updates
 2019-04-07 09:55:39 +00:00
Frederik Rietdijk
4a125f6b20 Merge master into staging-next 2019-04-07 08:33:41 +02:00
Léo Gaspard
07fdcb348f
Merge pull request #59056 from aanderse/mod_php-sendmail 
nixos/httpd: replace ssmtp with system-sendmail
 2019-04-06 20:57:58 +02:00
Will Dietz
27d78f4c6c nextcloud: use same php package throughout! 
`phpPackage` is 7.3 by default, but `pkgs.php` is 7.2,
so this saves the need for an extra copy of php
for the purpose of running nextcloud's cron;
more importantly this fixes problems with extensions
not loading since they are built against a different php.
 2019-04-06 10:34:14 -05:00
Aaron Andersen
9c9a6f380e nixos/httpd: replace ssmtp with system-sendmail 2019-04-06 06:34:46 -04:00
Silvan Mosberger
82b8ff405b
Merge pull request #58778 from aanderse/davmail 
nixos/davmail: set logging default to warn, instead of debug
 2019-04-06 06:23:48 +02:00
Jeremy Apthorp
e8b68dd4f4 miniflux: add service 2019-04-06 03:52:15 +02:00
Gabriel Ebner
ad5cabf575 nixos/evince: init 2019-04-05 15:03:31 +02:00
Tor Hedin Brønner
c99a666aac
nixos/gnome3: add new default fonts 
- source-code-pro is now the default monospace font
- source-sans-pro seems to be used somewhere too:
  https://wiki.gnome.org/Engagement/BrandGuidelines
 2019-04-05 12:13:39 +02:00
Jan Tojnar
cb1a20499a
Merge branch 'master' into staging 2019-04-05 11:37:15 +02:00
Jörg Thalheim
6dd7483ce1
Merge pull request #57979 from 4z3/writeNginxConfig 
nixos/nginx: use nginxfmt and gixy
 2019-04-04 20:23:58 +01:00
Silvan Mosberger
fab50f0e91
Merge pull request #57716 from dasJ/redo-icingaweb2 
nixos/icingaweb2: Replace most options with toINI
 2019-04-04 21:20:01 +02:00
Maximilian Bosch
6b6348eaba
nixos/roundcube: only configure postgres config if localhost is used as database 
When using a different database, the evaluation fails as
`config.services.postgresql.package` is only set if `services.postgresql` is enabled.

Also, the systemd service shouldn't have a relation to postgres if a
remote database is used.
 2019-04-02 16:02:53 +02:00
Aaron Andersen
01cec5155f nixos/davmail: set logging default to warn, instead of debug 2019-04-02 09:52:32 -04:00
Franz Pletz
ff36d95878
nixos/quicktun: init 2019-04-02 12:16:48 +02:00
Simon Lackerbauer
88c31ae57c
nixos/openldap: add new options 2019-04-01 17:24:33 +02:00
John Ericson
4ccb74011f Merge commit '18aa59b0f26fc707e7313f8467e67159e61600c2' from master into staging 
There was one conflict in the NixOS manual; I checked that it still
built after resolving it.
 2019-04-01 00:40:03 -04:00
Silvan Mosberger
81e2fb5303
Merge pull request #58458 from worldofpeace/colord/no-root 
nixos/colord: don't run as root
 2019-03-30 04:06:55 +01:00
worldofpeace
099cc0482b nixos/pantheon: enable lightdm gtk greeter 
Pantheon's greeter has numerous issues that cannot be
fixed in a timely manner, and users are better off if they just
didn't use it by default.
 2019-03-29 21:29:59 -04:00
worldofpeace
f22fbe1175 nixos/colord: don't run as root 
Using systemd.packages because there's
a system colord service and colord-session user service
included.
 2019-03-29 20:56:06 -04:00
Florian Klink
aa2878cfcf
Merge pull request #58284 from bgamari/gitlab-rails 
nixos/gitlab: Package gitlab-rails
 2019-03-28 21:12:15 +01:00
Silvan Mosberger
9d4a6cceb7
Merge pull request #57550 from florianjacob/typed-mysql-options 
nixos/mysql: specify option types, add tests
 2019-03-28 18:55:53 +01:00
Ben Gamari
af909b3238 nixos/gitlab: Package gitlab-rails 
This utility (particularly `gitlab-rails console`) is packaged by GitLab
Omnibus and is used for diagnostics and maintenance operations.
 2019-03-28 11:45:31 -04:00
Ben Gamari
b90f5f03c2 nixos/gitaly: Run gitaly with procps in scope 
Gitaly uses `ps` to track the RSS of `gitlab-ruby` and kills it when it
detects excessive memory leakage. See
https://gitlab.com/gitlab-org/gitaly/issues/1562.
 2019-03-28 10:48:51 -04:00
Maximilian Bosch
3fc3096da8
Merge pull request #58432 from aanderse/mailcatcher 
nixos/mailcatcher: init module for existing package
 2019-03-27 16:11:15 +01:00
Aaron Andersen
395ec8c0d4 nixos/mailcatcher: init module for existing package 2019-03-27 09:15:47 -04:00
Benjamin Hipple
8b3500c650 nixos.cron: fix docstring sentence 2019-03-26 23:22:20 -04:00
Daiderd Jordan
018d329dbc
Merge pull request #57928 from averelld/plex-update 
plex: 1.14.1.5488 -> 1.15.1.791
 2019-03-26 20:22:34 +01:00
Florian Klink
476760bfeb
Merge pull request #57578 from bgamari/gitlab-extra-initializers 
nixos/gitlab: Allow configuration of extra initializers
 2019-03-26 11:08:11 +01:00
Matthew Bauer
d468f4b27e
Merge pull request #57139 from delroth/firewall-dedup 
nixos/firewall: canonicalize ports lists
 2019-03-25 22:15:17 -04:00
Ben Gamari
f2bdc91b35 nixos/gitlab: Allow configuration of extra initializers 
This adds a configuration option allowing the addition of additional
initializers in config/extra-gitlab.rb.
 2019-03-25 15:18:35 -04:00
Jean-Baptiste Giraudeau
0333d877c2
Use same user for both prometheus 1 and 2. Use StateDirectory. 2019-03-25 14:49:22 +01:00
Jean-Baptiste Giraudeau
5ae25922b5
Prometheus2: --web.external-url need two dash. 2019-03-25 14:36:48 +01:00
Jean-Baptiste Giraudeau
bfbae97cfa
Rollback versionning of services.prometheus.{exporters, alertmanager}. 2019-03-25 14:36:46 +01:00
Alberto Berti
e17b464a43
Fix alertmanager service definition. Thanks to @eonpatapon 2019-03-25 14:36:45 +01:00
Alberto Berti
1b6ce80c2b
Make it pass a minimal test 2019-03-25 14:36:44 +01:00
Alberto Berti
11b89720b7
Add prometheus2 configuration to the prometheus modules 
As the configuration for the exporters and alertmanager is unchanged
between the two major versions this patch tries to minimize
duplication while at the same time as there's no upgrade path from 1.x
to 2.x, it allows running the two services in parallel. See also #56037
 2019-03-25 14:36:44 +01:00
Danylo Hlynskyi
40cc269561
Merge branch 'master' into postgresql-socket-in-run 2019-03-25 01:06:59 +02:00
Bob van der Linden
1eefda5595
nixos/xpra: /var/run -> /run 2019-03-24 21:15:33 +01:00
Bob van der Linden
889bb1e91e
nixos/kodi: /var/run -> /run 2019-03-24 21:15:33 +01:00
Bob van der Linden
65710d1df5
nixos/mighttpd2: /var/run -> /run 2019-03-24 21:15:33 +01:00
Bob van der Linden
f09fb4d4dd
nixos/tt-rss: /var/run -> /run 2019-03-24 21:15:32 +01:00
Bob van der Linden
9b100c4e6f
nixos/selfoss: /var/run -> /run 2019-03-24 21:15:32 +01:00
Bob van der Linden
cdc6f2e484
nixos/restya-board: /var/run -> /run 2019-03-24 21:15:31 +01:00
Bob van der Linden
bde23ec9a3
nixos/codimd: /var/run -> /run 2019-03-24 21:15:31 +01:00
Bob van der Linden
60481ba3fd
nixos/hologram-agent: /var/run -> /run 2019-03-24 21:15:30 +01:00
Bob van der Linden
798931135e
nixos/fcron: /var/run -> /run 2019-03-24 21:15:30 +01:00
Bob van der Linden
0cf1944c36
nixos/cups: /var/run -> /run 2019-03-24 21:15:30 +01:00
Bob van der Linden
323e8ef375
nixos/xrdp: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden
210b7134d3
nixos/wpa_supplicant: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden
b9e27ec43e
nixos/supplicant: /var/run -> /run 2019-03-24 21:15:29 +01:00
Bob van der Linden
8062476f73
nixos/raccoon: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden
34738dea2a
nixos/ocserv: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden
cc5f08fed8
nixos/miniupnpd: /var/run -> /run 2019-03-24 21:15:28 +01:00
Bob van der Linden
321bc431cc
nixos/lldpd: /var/run -> /run 2019-03-24 21:15:27 +01:00
Bob van der Linden
1e48222cbe
nixos/ircd-hybrid: /var/run -> /run 2019-03-24 21:15:27 +01:00
Bob van der Linden
937e733c04
nixos/htpdate: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden
1a567685b2
nixos/hostapd: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden
82dee48ef2
nixos/bind: /var/run -> /run 2019-03-24 21:15:26 +01:00
Bob van der Linden
9afbe4c2bd
nixos/avahi-daemon: /var/run -> /run 2019-03-24 21:15:25 +01:00
Bob van der Linden
08558245a4
nixos/asterisk: /var/run -> /run 2019-03-24 21:13:19 +01:00
Dmitry Kalinkin
cf7f234ff5
Merge pull request #57527 from Chiiruno/dev/meguca 
Init: statik, Update: easyjson, quicktemplate, meguca, hydron
 2019-03-24 15:26:37 -04:00
worldofpeace
ffe35f3f76 nixos/pantheon: add meta.maintainers 2019-03-24 07:04:28 -04:00
worldofpeace
f812cba2cf nixos/pantheon/files: add meta.maintainers 2019-03-24 07:04:28 -04:00
worldofpeace
415bceed8e nixos/pantheon/contractor: add meta.maintainers 2019-03-24 07:04:28 -04:00
worldofpeace
3565b1775a nixos/gsignond: add meta.maintainers 2019-03-24 07:04:28 -04:00
Dmitry Kalinkin
6f95ac3588
Merge pull request #57988 from lopsided98/buildbot-update 
buildbot: 1.8.1 -> 2.1.0
 2019-03-23 20:38:20 -04:00
markuskowa
d71472beaf
Merge pull request #57434 from ck3d/user-dwm 
nixos dwm: start user installed dwm if available
 2019-03-23 23:49:34 +01:00
Francesco Gazzetta
58f682742e nixos/zeronet: add fileserverPort option 
Without it, zeronet tried to write one to the read-only config file and
crashed
 2019-03-23 17:58:57 +01:00
Ben Gamari
2036550a46 nixos/docker-registry: Allow use of non-filesystem storage 
Previously this module precluded use of storage backends other than
`filesystem`. It is now possible to configure another storage backend
manually by setting `services.dockerRegistry.storagePath` to `null` and
configuring the other backend via `extraConfig`.
 2019-03-23 10:32:56 +00:00
tv
59fac1a6d7 nixos/nginx: use writeNginxConfig 2019-03-23 11:16:14 +01:00
Frederik Rietdijk
23e431387b Merge staging-next into staging 2019-03-23 09:20:09 +01:00
Okina Matara
40d7079f79
nixos/meguca: Add videoPaths, set postgresql version to 11 2019-03-23 01:19:29 -05:00
Ben Wolsieffer
b2e11e0cdf buildbot: 1.8.1 -> 2.1.0 2019-03-22 18:43:15 -04:00
Averell Dalton
028a4b6a53 plex: 1.14.1.5488 -> 1.15.2.793 2019-03-22 20:33:22 +01:00
Sarah Brofeldt
78c95f561f
Merge pull request #58031 from dotlambda/elasticsearch-curator-application 
elasticsearch-curator: add top-level package using older click
 2019-03-22 20:11:54 +01:00
Dmitry Kalinkin
0e57b98b2c
Merge pull request #57596 from artemist/nginx-return 
nixos/nginx: add return option to location
 2019-03-22 14:08:33 -04:00
Vladimír Čunát
4c3ec0e325
nixos docs: run the formatting tool (no content change) 
As documented in the docs themselves :-)
 2019-03-22 14:44:11 +01:00
Vladimír Čunát
11d204a9c4
nixos docs: improve GPU driver documentation 
I'm not 100% sure about the incompatibility lines,
but I believe it's better to discourage these anyway.
If you find better information, feel free to amend...

The 32-bit thing is completely GPU-agnostic, so I can't see why we had
it separately for proprietary drivers and missing for the rest.
 2019-03-22 14:31:17 +01:00
Wael M. Nasreddine
5af0780492
Merge remote-tracking branch 'origin/master' into staging 
* origin/master: (693 commits)
  buildGoModule: use go_1_12 instead of go_1_11 (#58103)
  gitAndTools.lab: 0.15.2 -> 0.15.3 (#58091)
  signal-desktop: 1.22.0 -> 1.23.0
  added missing semicolon to documentation
  terminus_font_ttf: 4.46.0 -> 4.47.0
  buildGoModule: remove SSL env vars in favor of cacert in buildInputs (#58071)
  dav1d: init at 0.2.1
  dropbox-cli: 2018.11.28 -> 2019.02.14
  atlassian-confluence: 6.14.1 -> 6.14.2
  maintainers: update email for dywedir
  python.pkgs.hglib: use patch to specify hg path (#57926)
  chkrootkit: 0.52 -> 0.53
  radare2-cutter: 1.7.2 -> 1.8.0
  autorandr: 1.7 -> 1.8
  pythonPackages.pyhepmc: fix build
  llvm-polly/clang-polly: use latest llvm
  apulse: 0.1.11.1 -> 0.1.12, cleanup
  factorio: experimental 0.17.14 → 0.17.16 (#58000)
  sequeler: 0.6.7 -> 0.6.8
  nasc: 0.5.1 -> 0.5.2
  ...
 2019-03-21 21:01:25 -07:00
Robert Schütz
c0409de98d elasticsearch-curator: add top-level package using older click 
See https://github.com/NixOS/nixpkgs/pull/58023 for a discussion
of why this is necessary. The upstream issue can be found at
https://github.com/elastic/curator/pull/1280.
 2019-03-21 11:53:32 +01:00
Samuel Leathers
cafd07a54e
Merge pull request #56423 from Izorkin/nginx-unit 
unit: add service unit and update package
 2019-03-20 13:08:05 -04:00
Bob van der Linden
40679eb3c8 nixos/zabbix: /var/run -> /run 2019-03-20 00:02:46 +01:00
Bob van der Linden
3068252913 nixos/nagios: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
78acc82432 nixos/svnserve: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
3f17dcbbfd nixos/spice-vdagentd: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
231d815721 nixos/mbpfan: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
e1376ddd3d nixos/matrix-synapse: /var/run -> /run 2019-03-20 00:02:45 +01:00
Bob van der Linden
c67f2f0815 nixos/spamassassin: /var/run -> /run 2019-03-20 00:02:44 +01:00
Bob van der Linden
edd5c88086 nixos/postgrey: /var/run -> /run 2019-03-20 00:02:44 +01:00
Bob van der Linden
0438ad4712 nixos/pfix-srsd: /var/run -> /run 2019-03-20 00:02:44 +01:00
Bob van der Linden
e8434784bd nixos/rethinkdb: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
af0380997f nixos/redis: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
09d3ea4f67 nixos/openldap: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
660ee99293 nixos/mongodb: /var/run -> /run 2019-03-20 00:02:43 +01:00
Bob van der Linden
651f05c47c nixos/couchdb: /var/run -> /run 2019-03-20 00:02:42 +01:00
Bob van der Linden
66fb3aa1be nixos/bacula: /var/run -> /run 2019-03-20 00:01:45 +01:00
Jörg Thalheim
b488c60cdb network-manager: rename systemd service back to match upstream 
Compatibility with other distributions/software and expectation
of users coming from other systems should have higher priority over consistency.
In particular this fixes #51375, where the NetworkManager-wait-online.service
broke as a result of this.
 2019-03-19 23:48:08 +01:00
Yurii Izorkin
f56d507e06 nixos/datadog-agent: change start command (#57871) 2019-03-18 13:31:04 -07:00
Izorkin
42a99b1be2 nixos/unit: init service unit 2019-03-16 19:54:21 +03:00
Vladimír Čunát
3aecf21239
Merge #56922: nixos/knot: init basic service + tests 2019-03-16 09:17:15 +01:00
Janne Heß
b0daedd371 nixos/icingaweb2: Replace most options with toINI 2019-03-15 20:35:29 +01:00
Florian Jacob
5bec5e8cb1 nixos/mysql: specify option types 2019-03-15 16:32:36 +01:00
Silvan Mosberger
f8de52a2fe
Revert "nixos/nginx: support h2c" 2019-03-15 14:31:11 +01:00
Markus
2e29412e9c nixos/kubernetes: Add proxy client certs to apiserver 2019-03-15 13:21:43 +00:00
Ryan Mulligan
4b6a41a939
Merge pull request #57077 from callahad/brother-dsseries 
dsseries: init at 1.0.5-1
 2019-03-14 21:17:31 -07:00
aszlig
ef553788d0
postgresql: Move socket dir to /run/postgresql 
The default, which is /tmp, has a few issues associated with it:

One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.

Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.

We regularily run into issues with this in the past already (one example
would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new
systemd-confinement mode upcoming in
https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more
tedious to sandbox services.

I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
 2019-03-15 04:52:35 +01:00
Silvan Mosberger
fb879ae920
Merge pull request #57174 from worldofpeace/pantheon/cleanup 
nixos/pantheon cleanup
 2019-03-15 01:26:49 +01:00
Matthew Bauer
b703c4d998 plasma5: fix typo from pr #57037 
Thanks @Yarny0
 2019-03-14 14:09:13 -04:00
Martin Weinelt
a978d3dcd2
nixos/knot: init 2019-03-14 01:28:53 +01:00
Artemis Tosini
fee854ed01
nixos/nginx: add return option to location 2019-03-13 17:31:01 +00:00
Andrew Childs
c53703a6b2 nixos/prometheus: use append instead of insert for opening firewalls (#55224) 
Inserting with `-I` causes the rules to placed before `ctstate`
tracking, while `-A` places them alongside all other allow rules.
 2019-03-13 12:44:36 +02:00
Markus
7e71cd8292 nixos/flannel: Add iptables package to service path 2019-03-12 15:30:33 +00:00
Johan Thomsen
292c1ce7ff nixos/gitlab: added gzip and bzip2 as dependencies for gitaly 2019-03-12 15:04:45 +00:00
Matthew Bauer
7890494813
Merge pull request #57037 from matthewbauer/remove-xdg-desktop-menu-dummy 
plasma: handle kbuildsycoca5 better
 2019-03-11 22:58:40 -04:00
Christian Kögler
9f7f16cd7b nixos dwm: start user installed dwm if available 
dwm has no configuration file. The user has to install his own version.
 2019-03-11 20:18:08 +01:00
Christian Albrecht
e3a80ebc40
Cleanup pki: remove mkWaitCurl 2019-03-11 12:22:59 +01:00
Christian Albrecht
45e683fbd6
Cleanup pki: control-plane-online 2019-03-11 12:22:59 +01:00
Christian Albrecht
50c5f489ef
Cleanup pki: scheduler 2019-03-11 12:22:53 +01:00
Christian Albrecht
46653f84c9
Cleanup pki: proxy 2019-03-11 12:22:49 +01:00
Christian Albrecht
73657b7fcf
Cleanup pki: kubelet 2019-03-11 12:22:44 +01:00
Christian Albrecht
ea6985ffc1
Cleanup pki: flannel 2019-03-11 12:22:40 +01:00
Christian Albrecht
ce83dc2c52
Cleanup pki: controller-manager 2019-03-11 12:22:36 +01:00
Christian Albrecht
8ab50cb239
Cleanup pki: apiserver and etcd 2019-03-11 12:22:31 +01:00
Christian Albrecht
ee9dd4386a
Cleanup pki: addon-manager 2019-03-11 12:16:58 +01:00
worldofpeace
36d4dba317 nixos/pantheon: more mkDefault 2019-03-09 17:29:29 -05:00
worldofpeace
c41a2d28d3 nixos/pantheon: cleanup systemPackages 
We don't need gnome-bluetooth because its executables
path is already hardcoded into the contractor file, as that's
the only place it is needed.
Don't think we need gnome-power-manager either.

Also add programs like geary to removePackagesByName.
 2019-03-09 17:29:08 -05:00
Silvan Mosberger
6ad76ff1ba
Merge pull request #52096 from furrycatherder/davmail 
nixos/davmail: init
 2019-03-09 22:41:55 +01:00
Pierre Bourdon
18bc8203a1
nixos/firewall: canonicalize firewall ports lists 
Fixes #56086.
 2019-03-09 20:02:04 +01:00
Pierre Bourdon
843215ac1c
nixos/firewall: use types.port where appropriate 2019-03-09 19:45:11 +01:00
Sean Haugh
f2730d881b nixos/davmail: init 
Co-authored-by: Aaron Andersen <aaron@fosslib.net>
Co-authored-by: Silvan Mosberger <infinisil@icloud.com>
 2019-03-09 12:05:15 -06:00
scaroo
56aa491ad7 zonminder: Fix database name and username 
PR #56889 messed up db and use naming while fixing the scope of the initialDatabases property.
This patch fixes the issue.
 2019-03-09 17:21:29 +01:00
worldofpeace
fa64c63fa0
Merge pull request #56552 from worldofpeace/elementary-screenshot-tool/fix-conceal-text 
pantheon.elementary-screenshot-tool: fix conceal text
 2019-03-09 11:03:37 -05:00
Alexandre Mazari
d7f6cdeda4 Fix locally created database (#56889) 
* zoneminder: fix initial database creation

Move initialDatabases directive from the 'ensureUsers' scope to the correct outer 'mysql' one.

* zoneminder: Fix mysql username to match unix username

When database.createLocally is used, a mysql user is created with the ensureUsers directive.
It ensures that the unix user with the name provided exists and can connect to MySQL through socket.
Thus, the MySQL username used by php/perl scripts must match the unix user owning the server PID.

This patch sets the default mysql user to 'zoneminder' instead of 'zmuser'.
 2019-03-09 17:57:39 +02:00
Jonas Juselius
279716c330 nixos/kubernetes: add dns addonmanger reconcile mode option (#55834) 
Allow coredns ConfigMap and Depolyment to be editable by the user. An use
case is augmenting the default, generated dns records with local services.
 2019-03-09 12:57:41 +02:00
aanderse
d800bd923f nixos/redmine: replace imagemagickBig with imagemagick (#57078) 2019-03-08 23:47:11 +01:00
Jordan Johnson-Doyle
04425c6223
nixos/nginx: support h2c 2019-03-08 17:50:46 +00:00
Silvan Mosberger
a540993d62
Merge pull request #56171 from bachp/tautulli 
tautulli/plexpy: 1.4.25 -> 2.1.26 (renamed)
 2019-03-08 16:52:40 +01:00
Silvan Mosberger
21c6592a42
Merge pull request #56987 from bachp/nextcloud-ocm-provider 
nixos/nextcloud: fix escapings and ocm-provider
 2019-03-08 16:49:36 +01:00
Bas van Dijk
e44e2455d3 strongswan-swanctl: fix module by setting the new SWANCTL_DIR envvar 2019-03-08 16:11:38 +01:00
Dan Callahan
c80385d934
dsseries: init at 1.0.5-1 2019-03-08 15:02:22 +00:00
Silvan Mosberger
9fa52ae9a2
Merge pull request #56589 from johanot/kubernetes-module-stabilization 
nixos/kubernetes: minor module fixes
 2019-03-08 15:47:15 +01:00
Christian Albrecht
154356d820
nixos/kubernetes: Fix kube-control-plane-online must not be present 
outside kubernetes module.
 2019-03-08 09:36:59 +01:00
Johan Thomsen
80c4fd4f85 nixos/kubernetes: minor module fixes 
- mkDefault etcd instance name
- make sure ca-cert in mkKubeConfig can be overriden
- fix controller-manager "tls-private-key-file" flag name
 2019-03-08 09:18:51 +01:00
Ryan Mulligan
18f6dbe6be nixos/hdaps: automatically enable the hdapsd kernel module (#56309) 
patch by hpoussin via
https://discourse.nixos.org/t/hdapsd-automatically-enable-the-hdapsd-kernel-module/2183
 2019-03-08 09:50:02 +02:00
Silvan Mosberger
0036842e8d
Merge pull request #57006 from kyren/bepasty-fix 
nixos/bepasty: switch to python3Packages to match bepasty package
 2019-03-08 01:54:48 +01:00
Silvan Mosberger
4a9a596fbf
Merge pull request #56625 from aanderse/phpfpm 
set phpOptions per phpfpm pool, instead of applying to every phpfpm pool
 2019-03-08 01:53:18 +01:00
Matthew Bauer
393b359f13 plasma: handle ksycoca5 better 
- Remove xdg-desktop-menu-dummy.menu kbuildsycoca5. Not sure why we
  need it but it is a pretty big failure if it exists.
  See issue #56176.

- plasma: clear ksycoca cache before building

  This is needed to pick up on software removed since the last cache
  update. Otherwise it hangs around as zombies forever (or until the
  cache is cleared).

- Add the above + the icon cache cleanup to plasmaSetup

  This will be run for the logged in user on each nixos-rebuild.
  Unfortunately this only works if you are managing software through
  nixos-rebuild (nix-env users need to run this manually, otherwise
  log out and log back in).
 2019-03-07 15:11:04 -05:00
Silvan Mosberger
34e67f3f9f
Merge pull request #56578 from serokell/youtrack-hostname 
youtrack: add hostname to path
 2019-03-07 18:56:29 +01:00
Christian Höppner
c568dad253
nixos/youtrack: add hostname to path 2019-03-07 17:21:20 +01:00
Janne Heß
2a6f518b90 nixos/openldap: Fix quoting of log level 2019-03-07 14:19:50 +01:00
kyren
4bf1d8c67d nixos/bepasty: switch to python3Packages to match bepasty package 
I think the bepasty nixos service has been broken since c539c02, since
bepasty changed from using python2.7 to python3.7.  This updates the
nixos module to refer to the matching python version.
 2019-03-06 22:18:59 -05:00
Silvan Mosberger
502a4263a3
Merge pull request #55936 from tobim/modules/snapserver 
nixos/snapserver: init
 2019-03-07 00:00:48 +01:00
Tobias Mayer
085751b63b nixos/snapserver: init 
A nixos module for configuring the server side of pkgs.snapcast.
The module is named "snapserver" following upstream convention.
This commit does not provide module for the corresponding client.

Fix handling of port and controlPort

Fix stream uri generation & address review

Remove unused streams options & add description

Add missing description & Remove default fs path

Use types.port for ports & formatting improvements

Force mpd and mopidy to wait for snapserver
 2019-03-06 23:40:05 +01:00
Pascal Bach
415b927653 nixos/nextcloud: fix escapings and ocm-provider 2019-03-06 21:56:27 +01:00
Christian Albrecht
ff382c18c8
nixos/kubernetes: Address review: Move remaining paths to pki 2019-03-06 17:56:28 +01:00
Christian Albrecht
e148cb040b
nixos/kubernetes: Address review: rename node-online target 2019-03-06 17:17:20 +01:00
Christian Albrecht
5684034693
nixos/kubernetes: Address review: Remove restart from certmgr bootstrap service 2019-03-06 16:55:13 +01:00
Christian Albrecht
7323b77435
nixos/kubernetes: Address review: Separate preStart from certificates 2019-03-06 16:55:08 +01:00
Christian Albrecht
52fe1d2e7a
nixos/kubernetes: Address review: Move controller manager paths into pki 2019-03-06 16:55:04 +01:00
Christian Albrecht
6e9037fed0
nixos/kubernetes: Address review: Move bootstrapping addons into own service 2019-03-06 16:54:50 +01:00
Christian Albrecht
ff91d5818c
nixos/kubernetes: Address review: Rename targets and move proxy to node-online.target 2019-03-06 16:54:22 +01:00
Janne Heß
3de5726e9b nixos/nginx: Support additional listen parameters (#56835) 2019-03-06 11:42:46 +02:00
Wael Nasreddine
51fdca9cad
Merge pull request #56567 from Izorkin/datadog-agent 
datadog-agent: update go packages and sub-packages
 2019-03-05 16:59:21 -08:00
Silvan Mosberger
09c3fb0d75
Merge pull request #56774 from worldofpeace/mate/cleanup 
nixos/mate: cleanup
 2019-03-05 12:26:14 +01:00
Domen Kožar
f60459a023
Merge pull request #55142 from FlorianFranzen/thinkfan_smart 
thinkfan: add option for libatasmart support
 2019-03-05 17:47:13 +07:00
worldofpeace
a00c5e301e nixos/mate: cleanup 2019-03-04 21:07:01 -05:00
Silvan Mosberger
f274fc8656
Merge pull request #56550 from Infinisil/doc/xrandr/monitorConfig 
nixos/xserver: Point to man page for options available in monitorConfig
 2019-03-04 22:08:15 +01:00
Silvan Mosberger
8f33ad7ca9
Merge pull request #56243 from aanderse/redmine 
nixos/redmine: fix permissions & cleanup
 2019-03-04 22:06:33 +01:00
worldofpeace
59f47088fb nixos/pantheon: add elementary-redacted-script to fonts 
Needed by elementary-screenshot-tool to conceal text.
 2019-03-04 14:11:15 -05:00
Peter Hoeg
011fe4a246
Merge pull request #56571 from peterhoeg/u/mqtt 
mosquitto: 1.5.5 -> 1.5.8
 2019-03-04 12:23:45 +08:00
Silvan Mosberger
8c4babb8ba
Merge pull request #53463 from OlivierMarty/master 
nixos/duplicity: init
 2019-03-04 01:22:29 +01:00
Christian Albrecht
74962bf767
nixos/kubernetes: No need to restart services besides certmgr 
within the node join script, since certmgr is taking care of
restarting services.
 2019-03-03 19:43:15 +01:00
Christian Albrecht
7df88bd802
nixos/kubernetes: Put dashboard service account into bootstrapAddons 
to prevent errors in log about missing permissions when
addon manager starts the dashboard.
 2019-03-03 19:43:15 +01:00
Christian Albrecht
fd28c0a82a
nixos/kubernetes: Seed docker images before kubelet service start 
to speed up startup time because it can be parallelized.
 2019-03-03 19:43:14 +01:00
Christian Albrecht
cf8389c904
nixos/kubernetes: Add longer timeouts for waiting services 2019-03-03 19:43:14 +01:00
Christian Albrecht
51aeaaffc2
nixos/kubernetes: flannel needs iptables in service path 2019-03-03 19:43:13 +01:00
Christian Albrecht
62f03750e4
nixos/kubernetes: Stabilize services startup across machines 
by adding targets and curl wait loops to services to ensure services
are not started before their depended services are reachable.

Extra targets cfssl-online.target and kube-apiserver-online.target
syncronize starts across machines and node-online.target ensures
docker is restarted and ready to deploy containers on after flannel
has discussed the network cidr with apiserver.

Since flannel needs to be started before addon-manager to configure
the docker interface, it has to have its own rbac bootstrap service.

The curl wait loops within the other services exists to ensure that when
starting the service it is able to do its work immediately without
clobbering the log about failing conditions.

By ensuring kubernetes.target is only reached after starting the
cluster it can be used in the tests as a wait condition.

In kube-certmgr-bootstrap mkdir is needed for it to not fail to start.

The following is the relevant part of systemctl list-dependencies

default.target
● ├─certmgr.service
● ├─cfssl.service
● ├─docker.service
● ├─etcd.service
● ├─flannel.service
● ├─kubernetes.target
● │ ├─kube-addon-manager.service
● │ ├─kube-proxy.service
● │ ├─kube-apiserver-online.target
● │ │ ├─flannel-rbac-bootstrap.service
● │ │ ├─kube-apiserver-online.service
● │ │ ├─kube-apiserver.service
● │ │ ├─kube-controller-manager.service
● │ │ └─kube-scheduler.service
● │ └─node-online.target
● │   ├─node-online.service
● │   ├─flannel.target
● │   │ ├─flannel.service
● │   │ └─mk-docker-opts.service
● │   └─kubelet.target
● │     └─kubelet.service
● ├─network-online.target
● │ └─cfssl-online.target
● │   ├─certmgr.service
● │   ├─cfssl-online.service
● │   └─kube-certmgr-bootstrap.service
 2019-03-03 19:39:02 +01:00
Christian Albrecht
f9e2f76a59
nixos/kubernetes: Add systemd path units 
to protect services from crashing and clobbering the logs when
certificates are not in place yet and make sure services are activated
when certificates are ready.

To prevent errors similar to "kube-controller-manager.path: Failed to
enter waiting state: Too many open files"
fs.inotify.max_user_instances has to be increased.
 2019-03-03 19:34:57 +01:00
Andreas Rammhold
768336a74b
Merge pull request #56233 from jtojnar/nginx-tlsv13 
nixos/nginx: Enable TLS 1.3 support
 2019-03-03 14:19:38 +01:00
Aaron Andersen
cddb117b96 nixos/icingaweb2, nixos/restya-board, nixos/zoneminder: set phpOptions per phpfpm pool, instead of applying to every phpfpm pool 2019-03-03 07:33:25 -05:00