Commit Graph

9114 Commits

Author SHA1 Message Date
Jan Tojnar
41d252d7a4
nixos/nginx: allow using existing ACME certificate
When a domain has a lot of subdomains, it is quite easy to hit the rate limit:

https://letsencrypt.org/docs/rate-limits/

Instead you can define the certificate manually in `security.acme.certs` and list the subdomains in the `extraDomains` option.
2018-01-15 13:48:45 +01:00
Leon Schuermann
e45a06ebd1 openvpn: add option to store credentials 2018-01-15 14:34:58 +07:00
Vladimír Čunát
67e8392383
Merge #33057: stdenv meta checks: make them lazy
Closes #22277 - it's superseded;  I have some WIP on evaluation
performance, but best do that in a separate PR/thread.
2018-01-14 21:41:31 +01:00
Vladimír Čunát
799b941a2b
release notes: mention removal of lib.addPassthru 2018-01-14 21:34:55 +01:00
Joachim F
b6c696cc6f
Merge pull request #33444 from rnhmjoj/dnscrypt-wrapper
nixos/dnscrypt-wrapper: fix rotate script failing to restart the service
2018-01-14 11:33:02 +00:00
Sarah Brofeldt
ee4e6ebbfa
Merge pull request #32822 from LumiGuide/elk6
ELK: 5.6.1 -> 5.6.5 & add ELK 6.1.0
2018-01-14 10:40:50 +01:00
Miguel Madrid Mencía
22341c42e7
resilio-sync: fixed typo knownHosts -> entry.knownHosts 2018-01-13 23:44:39 +01:00
Jörg Thalheim
91ec1f784a
Merge pull request #33755 from srhb/keymap-test-disable-xterm-dm
nixos/tests/keymap: disable xterm DM
2018-01-13 17:03:53 +00:00
Jan Tojnar
38b6d7b60e
nixos/chrome-gnome-shell: init 2018-01-13 15:19:19 +01:00
Joachim F
ed250d8093
Merge pull request #27131 from richardlarocque/mosquitto_pw
mosquitto: Explicitly configure password file
2018-01-13 12:02:45 +00:00
Sarah Brofeldt
4488e7c435 nixos/tests/keymap: disable xterm DM 2018-01-11 20:12:49 +01:00
Eelco Dolstra
dddcd10ecc
Don't set 'config.xorg = {}'
This makes memoization of Nixpkgs evaluation less effective, since
some Nixpkgs invocations may have 'config = {}' while others may have
'config = { xorg = {}; }'.

Instead set 'config = {}'.
2018-01-11 19:31:05 +01:00
zimbatm
1276a3b12a
nixos/acme: configurable TOS hash (#33522)
This hash tends to change and upstream simp_le doesn't seem to keep up
with the changes.
2018-01-11 14:19:15 +00:00
Jörg Thalheim
788c5195f3 Revert "nixos/udev: fix outdated udev rules for network devices"
This reverts commit 45c5a915980fbe1fa6f0ff80ab2d11b60b844d9e.

This breaks PredictableNetworkInterfaceNames on systems without networkd.
We should only include this file from systemd, when networkd is enabled.
2018-01-11 11:21:16 +00:00
Eelco Dolstra
6bbd67d45a
EC2 AMIs: 17.09.2356.cb751f9b1c3 -> 17.09.2681.59661f21be6 2018-01-10 13:16:49 +01:00
Joachim F
a6912f589e
Merge pull request #33629 from rnhmjoj/dnscrypt-proxy
Restore dnscrypt-proxy
2018-01-09 21:34:14 +00:00
John Ericson
eec050f395
Merge pull request #33577 from dtzWill/fix/cross-2
Minor cross fixes, 2
2018-01-09 12:36:53 -05:00
Vladimír Čunát
d6bf8eb71b
Merge #33614: nixos/kresd improvements
The PR was extended with other fixes.  All tested by me atop 17.09.
2018-01-09 17:26:31 +01:00
Ben Gamari
b2cbffae64 nixos/security-wrapper: Fix cross-compilation 2018-01-09 11:25:19 -05:00
Ben Gamari
a2215da9a1 make-ext4-fs: Dependencies are nativeBuildInputs 2018-01-09 11:25:19 -05:00
Ben Gamari
d680678d0a makeSquashfs: Inputs are nativeBuildInputs 2018-01-09 11:25:19 -05:00
Vladimír Čunát
4bc4c08838
nixos/kresd: service nitpicks 2018-01-09 17:25:18 +01:00
Vladimír Čunát
3ab85ed1ac
nixos/kresd: use DNSSEC root trust anchor from nixpkgs
in read-only way.  If the cache directory is empty and you use the
very same service for system's DNS, kresd is unable to bootstrap root
trust anchors, as it would need a DNS lookup.

Also, if we don't rely on bootstrap, the extra lua deps of kresd could
be dropped by default, but let's not do that now, as the difference in
closure size is only ~4 MB, and there may be other use cases than
running the package as nixos service this way.
2018-01-09 17:24:49 +01:00
Vladimír Čunát
f312e6d993
nixos/kresd: use systemd.tmpfiles
Since 4e4161c212 it works on nixos-rebuild.
2018-01-09 17:11:36 +01:00
José Romildo Malaquias
8b416450ea mate: let caja find extensions and gsettings schemas 2018-01-09 02:40:04 +02:00
José Romildo Malaquias
598c6c13f0 mate-panel: let mate-panel find applets in config system path 2018-01-09 02:40:04 +02:00
José Romildo Malaquias
ca27392d9c mate-control-center: add gsettings schemas path to XDG vars
mate-control-center depends on mate-settings-daemon, but the later needs
gsettings schemas  provided by the former. To fix this the gsettings schema
path from mate-control-center is added to XDG_DATA_DIRS at session
startup.
2018-01-09 02:40:04 +02:00
José Romildo Malaquias
1bacb88c6a mate-session-manager: add debug option to mate service 2018-01-09 02:40:04 +02:00
Andreas Rammhold
637d5dd00c tomcat9: 9.0.0.M17 -> 9.0.2
also renamed from tomcatUnstable to tomcat9
2018-01-09 01:31:06 +01:00
rnhmjoj
94d28f3672
nixos/dnscrypt-proxy: use new dyne.org repository 2018-01-09 00:33:19 +01:00
Jörg Thalheim
71cce26342 nixos/udev: fix outdated udev rules for network devices
Udev changed its internal naming, so this rule file no longer applied correctly.
Therefore some properties such as network driver no longer matched in
systemd-networkd.

After updating we have more properties in systemd-networkd:

$ sudo networkctl status wlp3s0
...
   Driver: iwlwifi
...

To prevent this in future, the file is no copied from systemd directly
2018-01-08 16:59:33 +01:00
Andrey Golovizin
f19d959ef1 nixos/kresd: fix systemd dependency cycle
The unnecessary dependency of sockets.target on kresd.service causes a
dependency cycle preventing kresd.service from starting at boot:

sockets.target -> kresd.service -> basic.target -> sockets.target
2018-01-08 15:52:26 +01:00
Yegor Timoshenko
85b84527f6
mopidy: fix, resolves #32234 2018-01-08 14:32:36 +00:00
rnhmjoj
4ebb9621f4
Revert "nixos/dnscrypt-proxy: remove"
This reverts commit 5dc2853981.
The project has a new maintainer.
2018-01-08 15:09:33 +01:00
Yegor Timoshenko
f7a9f96725
nixos/xfce: clean up, use hyphenated attributes 2018-01-08 05:12:05 +00:00
Johannes Bornhold
a88b4d4db1 nixos/matrix-synapse: Add module parameter extraConfigFiles (#33276)
This allows to configure additional configuration files for Synapse. This way
secrets can be kept in a secure place on the file system without a need to go
through the Nix store.
2018-01-07 20:13:48 +00:00
Joachim Fasting
5dc2853981 nixos/dnscrypt-proxy: remove
The upstream project ceased.

See https://github.com/NixOS/nixpkgs/issues/33540
2018-01-07 17:00:32 +01:00
Peter Hoeg
42f2a9ddde
Merge pull request #33531 from vdm/patch-1
Update macos USB instructions
2018-01-07 15:12:00 +08:00
Robin Gloster
e606bb252b
gitlab module: config changes for gitlab 10.3 2018-01-07 05:02:56 +01:00
Robin Gloster
69c396f273
gitlab module: gitaly fixes 2018-01-07 05:02:35 +01:00
Jörg Thalheim
6249d32486
Merge pull request #33418 from Ma27/test-driver/mention-changes-in-manual
test-driver: mention `$user` argument in the NixOS manual and the Impala release notes
2018-01-07 02:33:21 +01:00
Graham Christensen
013580caf0
Merge pull request #30518 from Infinisil/usbmuxd-service
usbmuxd service: init
2018-01-06 15:53:42 -05:00
Vincent Murphy
bd09ef9c21
Update macos USB instructions
"Ejecting" from the Finder ejects the entire device which is then not available for dd. diskutil unmountDisk does the right thing. Furthermore writing to diskN instead of rdiskN failed to complete even after waiting >10 minutes.
2018-01-06 18:13:58 +00:00
Jaakko Luttinen
eeaa82bde1 nixos/availableKernelModules: add logitech hid
This adds support for Logitech (wireless) USB keyboards at boot
2018-01-06 17:11:30 +00:00
Léo Gaspard
7b878a443a
nixos/clamav: replace mkIf [] with optional 2018-01-06 16:52:14 +01:00
Léo Gaspard
cb506e6e2e
nixos/clamsmtp: init 2018-01-06 16:08:54 +01:00
zimbatm
eddf30cc93
nixos: introduce boot.growPartition (#33521)
Move it from being a profile
2018-01-06 13:52:51 +00:00
Maximilian Bosch
e18b0b6033
test-driver: mention $user argument in the NixOS manual and the Impala release notes 2018-01-06 10:09:18 +01:00
Orivej Desh
bc7f0162f5
Merge pull request #33406 from samueldr/doc/usb-device
Documentation: reword "Obtaining NixOS" paragraph to remove contradiction + update link
2018-01-06 03:25:25 +00:00
Orivej Desh
b249907d04
Merge pull request #33197 from bgamari/gitlab-jws-fix
gitlab: Rename jws_private_key to openid_connect_signing_key
2018-01-06 03:08:57 +00:00
José Romildo Malaquias
d0eb40b311 lightdm-gtk-greater: add configuration options for clock format and indicators 2018-01-06 02:20:53 +00:00
zimbatm
80f13dc31d fixup! buildkite-agent: change hooksPath type to 'path' (and prevent it from hitting the store) 2018-01-05 22:55:20 +00:00
Robin Gloster
cfed96ca51 nixos/service.tt-rss: improve pgsql support, do not use static uid/gid 2018-01-05 14:47:54 +01:00
Jaakko Luttinen
c26ff43905 nixos/service.tt-rss: improve mysql automatic setup
If the user chooses MySQL, it is enabled by default. Also, the used database is
created automatically along with the user and permissions.
2018-01-05 14:47:54 +01:00
Jaakko Luttinen
68855595ce nixos/service.tt-rss: enable nginx automatically 2018-01-05 14:47:54 +01:00
Jaakko Luttinen
13eaae1610 nixos/service.tt-rss: use tt_rss user
- Add tt_rss system user.
- Use tt_rss as the user by default.
- Create tt_rss user and group automatically if used.
2018-01-05 14:47:54 +01:00
Jaakko Luttinen
c9b46ccea1 nixos/service.tt-rss: fix #27048 2018-01-05 14:47:54 +01:00
rnhmjoj
c883311327
nixos/dnscrypt-wrapper: fix rotate script failing to restart the service 2018-01-05 02:37:09 +01:00
Jörg Thalheim
f29ecd56c1
Merge pull request #33372 from Mic92/memcache
nixos/memcached: make unix sockets usuable
2018-01-04 18:39:48 +01:00
AmineChikhaoui
5dba59d494
Fixes https://github.com/NixOS/nixops/issues/756.
Seems the google compute metadata service behavior changed a bit
recently which caused this issue ?
see: https://cloud.google.com/compute/docs/storing-retrieving-metadata
2018-01-04 16:50:05 +01:00
Peter Hoeg
423dd6cc29
Merge pull request #33415 from peterhoeg/p/hv
hyperv-daemons: package and nixos module
2018-01-04 21:11:34 +08:00
Peter Hoeg
85e507ebea hyperv-daemons: add nixos module 2018-01-04 21:09:01 +08:00
Jörg Thalheim
2387c15d68
Merge pull request #33370 from Mic92/redis
nixos/redis: remove static uid/gid assignment
2018-01-04 09:46:24 +01:00
Jörg Thalheim
814b38541f
Merge pull request #32845 from Ma27/test-driver/allow-user-units
test-driver: support testing user units
2018-01-04 09:40:41 +01:00
Samuel Dionne-Riel
0e6346f16a doc: Obtaining NixOS: New link to section in wiki.
This adds a link to the new section in the new wiki that refers to the
same contents as the previously removed link.
2018-01-03 19:35:40 -05:00
Samuel Dionne-Riel
dd602120a0 doc: Obtaining NixOS now refers to USB media creation chapter.
This:

 * Removes contradiction with information in the later paragraph.
 * Removes a dead link to the Wiki.
2018-01-03 19:34:32 -05:00
Jörg Thalheim
c9c8a2c5b3 nixos/memcached: make unix sockets usuable
before:
  - /var/run/memcached is a bad default for a socket path, since its
    parent directory must be writeable by memcached.
  - Socket directory was not created by the module itself -> this was
    left as a burden to the user?
  - Having a static uid with a dynamic user name is not very useful.

after:
  - Replace services.memcached.socket by a boolean flag. This simplifies
    our code, since we do not have to check if the user specifies a
    path with a parent directory that should be owned by memcached
    (/run/memcached/memcached.sock -> /run/memcached).
  - Remove fixed uid/gid allocation. The only file ever owned by the
    daemon is the socket that will be recreated on every start.
    Therefore user and group ids do not need to be static.
  - only create the memcached user, if the user has not specified a
    different one. The major use case for changing option is to allow
    existing services (such as php-fpm) opening the local unix socket.
    If we would unconditionally create a user that option would be
    useless.
2018-01-03 12:33:36 +01:00
Jörg Thalheim
453e15ec91 nixos/redis: remove static uid/gid assignment
all files are chowned on startup
2018-01-03 11:18:04 +01:00
Léo Gaspard
aa241aed14 nixos/dkimproxy-out: init (#33229) 2018-01-03 01:23:02 +00:00
Casey Ransom
f3cba4f6bb netdata service: fix permissions for apps.plugin
apps.plugin requires capabilities for full process monitoring. with
1.9.0, netdata allows multiple directories to search for plugins and the
setuid directory can be specified here.

the module is backwards compatible with older configs. a test is
included that verifies data gathering for the elevated privileges. one
additional attribute is added to make configuration more generic than
including configuration in string form.
2018-01-02 17:57:19 -05:00
Ryan Trinkle
f1a6fa6eec
Merge pull request #32258 from ryantrinkle/add-nat-extraCommands
nat: add extraCommands option
2018-01-02 14:32:42 -05:00
Maximilian Bosch
e538e00404
test-driver: support testing user units
It is quite complicated to test services using the test-driver when
declaring user services with `systemd.user.services` such as many
X11-based services like `xautolock.service`.

This change adds an optional `$user` parameter to each systemd-related
function in the test-driver and runs `systemctl --user` commands using
`su -l $user -c ...` and sets the `XDG_RUNTIME_DIR` variable
accordingly and a new function named `systemctl` which is able to run a
systemd command with or without a specified user.

The change can be confirmed with a simple VM declaration like this:

```
import ./nixos/tests/make-test.nix ({ pkgs, lib }:

with lib;

{
  name = "systemd-user-test";

  nodes.machine = {
    imports = [ ./nixos/tests/common/user-account.nix ];

    services.xserver.enable = true;
    services.xserver.displayManager.auto.enable = true;
    services.xserver.displayManager.auto.user = "bob";
    services.xserver.xautolock.enable = true;
  };

  testScript = ''
    $machine->start;
    $machine->waitForX;

    $machine->waitForUnit("xautolock.service", "bob");
    $machine->stopJob("xautolock.service", "bob");
    $machine->startJob("xautolock.service", "bob");
    $machine->systemctl("list-jobs --no-pager", "bob");
    $machine->systemctl("show 'xautolock.service' --no-pager", "bob");
  '';
})
```
2018-01-02 20:14:27 +01:00
Frederik Rietdijk
804285f589 Merge remote-tracking branch 'upstream/staging' into HEAD 2018-01-02 19:10:45 +01:00
Uli Schlachter
5465d6f7de awesome: Use --search instead of $LUA_PATH/$LUA_CPATH
Instead of polluting the environment with environment variables which
are inherited by processes spawned from awesome, use the command line
argument "--search" to add things to the search path.

cc #33169
2018-01-02 17:24:56 +00:00
Jörg Thalheim
310ad4345b
Merge pull request #30686 from gnidorah/keyring
pam: add optional pam_gnome_keyring integration
2018-01-02 14:58:45 +01:00
Jörg Thalheim
54b16bcd11
Merge pull request #33227 from Ekleog/fcron-opensmtpd
fcron module: be compatible with non-wrapped sendmail's, like opensmt…
2018-01-02 09:26:53 +01:00
Bas van Dijk
803077ef1c elk: add elasticsearch6, logstash6, kibana6 and the beats at v6.1.0
This change is backwards compatible since the ELK tools at version 5.x
remain unchanged.

The test suite now both tests ELK-5 and ELK-6.
2018-01-02 01:15:29 +01:00
Franz Pletz
1a69b2029f
Merge pull request #33273 from fadenb/patch-1
lldpd module: create a lldpd user as system user
2018-01-01 23:46:50 +00:00
gnidorah
f15fad898b pam: add optional pam_gnome_keyring integration 2018-01-01 21:58:37 +03:00
Frederik Rietdijk
4cc2a38854 Merge remote-tracking branch 'upstream/master' into HEAD 2018-01-01 18:15:13 +01:00
Jörg Thalheim
0bbf671b5a
Merge pull request #31157 from sorki/lxcfs_pam_related
[wip] lxcfs,pam: disable cgmanager, enable pam_cgfs, lxcfs 2.0.7 -> 2.0.8
2018-01-01 15:42:03 +01:00
Frederik Rietdijk
1869e7e5b0 Merge remote-tracking branch 'upstream/master' into HEAD 2018-01-01 15:09:55 +01:00
Tristan Helmich
3b74349661
lldpd module: create a lldpd user as system user 2018-01-01 14:22:58 +01:00
Léo Gaspard
70a085b62f nixos/rspamd: add extraConfig parameter (#33226) 2017-12-31 15:11:15 +00:00
Vladimír Čunát
1fcd92ce92
Merge branch 'master' into staging
A few thousand rebuilds from master, again.
Hydra: ?compare=1422362
2017-12-31 09:53:49 +01:00
Orivej Desh
dac8f27f96 nixos/beegfs: fix the build of the NixOS manual 2017-12-31 07:52:32 +00:00
Markus Kowalewski
b7fdefc8a4 beegfs: init at 6.17
package, kernel module, nixos module, and nixos test
2017-12-31 07:07:02 +00:00
Yegor Timoshenko
0dd6bd214d
xfce: resolve conflict with KDE
This resolves some aspects of #33231, but GDK_PIXBUF_MODULE_FILE doesn't really belong to any DE module.
2017-12-31 05:22:15 +00:00
John Ericson
4d2b763817
Merge pull request #26805 from obsidiansystems/cross-elegant
Make cross compilation elegant
2017-12-30 22:58:02 -05:00
Orivej Desh
54d01b0e97
Merge pull request #32914 from Infinisil/znapzendzetup
znapzend service: stateless setup
2017-12-31 03:45:40 +00:00
John Ericson
a98e68676d doc: Breaking change release not for dependency propagation logic 2017-12-30 22:42:15 -05:00
John Ericson
553fd19e67 Merge branch 'ericson2314-cross-base' into staging 2017-12-30 22:39:19 -05:00
Léo Gaspard
341583b2d2
fcron module: be compatible with non-wrapped sendmail's, like opensmtpd's 2017-12-31 03:34:11 +01:00
John Ericson
fa9f0e574d
Merge pull request #33196 from obsidiansystems/bintools-release-note
doc: Breaking change release note for bintools-wrapper
2017-12-30 19:37:06 -05:00
John Ericson
d67e0921e9 doc: Breaking change release note for bintools-wrapper 2017-12-30 19:27:52 -05:00
Yegor Timoshenko
c31ac41810
libinput: disableWhileTyping = false by default 2017-12-30 22:02:16 +00:00
Frederik Rietdijk
2d0bead714 Merge remote-tracking branch 'upstream/master' into HEAD 2017-12-30 17:04:54 +01:00
Ben Gamari
b95cdd4f6c gitlab: Rename jws_private_key to openid_connect_signing_key
See
24d56df29b
2017-12-29 22:11:04 -05:00
Vladimír Čunát
a1a3e54ac9
Merge branch 'master' into staging
Haskell rebuild :-)
Hydra: ?compare=1421865
2017-12-29 18:39:36 +01:00
gnidorah
766ae1ecf9 tmux module: add secureSocket option 2017-12-29 15:05:20 +03:00