Commit Graph

13029 Commits

Author SHA1 Message Date
Andreas Rammhold
7508490770
nixos/test: remove the stateVersion statement from the test-instrumentation
We set stateVersion to `mkDefault 18.03` in
`nixos/modules/testing/test-instrumentation.nix` and in
`modules/installer/cd-dvd/installation-cd-base.nix`.

Accessing the stateVersion in the module system from within the tests
results in the following error:
> The unique option `system.stateVersion' is defined multiple times, in
> `nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-base.nix' and
> `nixpkgs/nixos/modules/testing/test-instrumentation.nix'.

There are other tests that use it as well. Namely the radicale test also
verifies behaviour between state versions is as expected. It switches a
package default value. Others switched on the state directory default.
It seems like having the timesyncd switch as part of every rendered
activationScript might cause this weird error.

Removing this line seems like a reasonable thing to do since we actually
set the default to the very same value in the module system. This line
should have been no-op besides the issue that we've two statements
setting it in this very specific case.
2019-06-03 15:05:24 +02:00
Andreas Rammhold
9077623324
nixos/misc: warn when someone is using the nixops autoLuks module
The autoLuks module is not really compatible with the updated systemd
version anymore. We started dropping NixOS specific patches that caused
unwanted side effects that we had to work around otherwise.

This change points users towards the relevant PR and spits out a bit of
information on how to deal with the situation.
2019-06-03 15:05:23 +02:00
Andreas Rammhold
024a383d64
nixos/systemd: migrate systemd-timesync state when required
Somewhen between systemd v239 and v242 upstream decided to no longer run
a few system services with `DyanmicUser=1` but failed to provide a
migration path for all the state those services left behind.

For the case of systemd-timesync the state has to be moved from
/var/lib/private/systemd/timesync to /var/lib/systemd/timesync if
/var/lib/systemd/timesync is currently a symlink.

We only do this if the stateVersion is still below 19.09 to avoid
starting to have an ever growing activation script for (then) ancient
systemd migrations that are no longer required.

See https://github.com/systemd/systemd/issues/12131 for details about
the missing migration path and related discussion.
2019-06-03 15:05:19 +02:00
Florian Klink
bc71b6eaf6
nixosTests.containers-imperative: add tmpfiles test
(cherry picked from commit 92600a90e248aa27f2aedcce4ad309f987a390df)
2019-06-03 15:05:18 +02:00
Andreas Rammhold
1b7b1dbe2f
nixos/networkd: rename GatewayOnlink to GatewayOnLink
This follows upstreams renaming of the option [1].

[1] 9cb8c55934
2019-06-03 15:05:17 +02:00
Andreas Rammhold
d600da7045
nixos/networkd: use the route section for default routes
With systemd v242 using the `Gateway` attribute of the `[Network]`
section will lead to "onlink" routes on all the device that are matched
by the default configuration (typically all devices) causing multiple
default routes (even on localhost).

We can only avoid that - while keeping our default route option - when
we mark the route as explicitly not on link. Only gateways that are
within a subnet of one of the assigned interface addresses will be
installed into the routing table.
2019-06-03 15:05:16 +02:00
Andreas Rammhold
a32cd7d84a
nixos/networkd: use no instead of none for DHCP= option
systemd has deprecated the use of `none` and recommends using `no`
instead.
2019-06-03 15:05:15 +02:00
Andreas Rammhold
4743ad7392
nixos/tests/radicale: be a bit more permissive when matching logs
With the systemd update to v242 five lines are not longer sufficient to
verify that the storage was verified. In order to reduce future test
failures increasing it to 10 lines sounds like a sane amount.
2019-06-03 15:05:14 +02:00
Andreas Rammhold
1f03f6fc43
nixos/udev: switch networking.usePredicatableInterfaceNames to a kernel param
The udev rules we are shipping no longer work with systemd v242 and were
remove upstream some time ago. It seems like the entire renaming is now
done in C and not in the udev rules.
2019-06-03 15:05:12 +02:00
Jörg Thalheim
2a0f85d882
nixos/os-release: add documentation url 2019-06-03 15:05:10 +02:00
lassulus
ddfb687d5e nixos/syncthing: better examples for declarative options 2019-05-29 07:12:14 +09:00
Daniel Schaefer
eccb90a2d9 compton: 0.1_beta2.5 -> 6.2 (#61681)
* compton-git: 5.1-rc2 -> 6.2

vsync is now a boolean option, see:
https://github.com/yshui/compton/pull/130

menu-opacity is deprecated and there's a warning that says:
Please use the wintype option `opacity` of `popup_menu` and
`dropdown_menu` instead.

* nixos/compton: Keep vSync option backwards compatible

The new upstream option tries to make the best choice for the user.
Therefore the behaviour should stay the same with this backwards
compatibility patch.

* compton-git: Remove DRM option

It's deprecated and shouldn't be used.
https://github.com/yshui/compton/pull/130/files#r285505456

* compton-git: Remove new_backends option

Was removed in "Let old/new backends co-exist"
b0c5db9f5aa500dc3568cc6fe68493df98794d4d

* compton: 0.1_beta2.5 -> 6.2

Drop the legacy, unmaintained version and use the fork for real.
2019-05-28 13:37:13 +02:00
José Romildo Malaquias
00d6232b47
Merge pull request #62035 from romildo/upd.lumina
lumina.lumina: 1.4.0-p1 -> 1.5.0
2019-05-27 17:41:58 -03:00
Silvan Mosberger
e383ed6a2d
nixos/xdg/mime: disable fdatasync when building the XDG MIME database (#62076)
nixos/xdg/mime: disable fdatasync when building the XDG MIME database
2019-05-27 18:18:54 +02:00
Ding Xiang Fei
359fd5b729 nixos/modules/virtualisation/google-compute-config.nix: pin filesystem type to ext4 for now
Fix #61859.
Assertion fails when a Google Compute Engine image is built, because
now choices of filesystem types are restricted to `f2fs` and `ext` family if
auto-resizing is enabled.
This change will pin the filesystem used on such an image to be `ext4` for now.
2019-05-27 14:15:02 +08:00
Michael Peyton Jones
9131bf59a7
nixos: add StateDirectory for fprintd 2019-05-26 18:06:46 +01:00
Bryan Gardiner
2400191caf
nixos/xdg/mime: disable fdatasync when building the XDG MIME database
Back in 2013, update-mime-database started using fdatasync() to write out
its changes after processing each file in /share/mime, with the reasoning
that a corrupted database from an interruption midway would be
problematic for applications[1].  Unfortunately, this caused a
significant regression in the time required to run update-mime-database:
commonly from under a second to half a minute or more.

This delay affects the time required to build system-path on NixOS, when
xdg.mime.enable is true (the default).  For example, on one of my systems
system-path builds in ~48 seconds, 45 of which are update-mime-database.
This makes rapidly building new system configurations not fun.

This commit disables the calls to fdatasync().  update-mime-database
checks an environment variable, PKGSYSTEM_ENABLE_FSYNC, to determine
whether it should sync, and we can set this to false.  system-path
already only has whatever filesystem commit guarantees that the Nix
builder provides.  Furthermore, there is no risk of a failed MIME
database update messing up existing packages, because this is Nix.

(This issue was also reported at and discussed by Debian, Red Hat, and
Gentoo at least.)

[1] https://bugs.freedesktop.org/show_bug.cgi?id=70366
2019-05-25 21:00:25 -07:00
Silvan Mosberger
0040ca936e
Merge pull request #56175 from MostAwesomeDude/tahoe-service
Fix tahoe service
2019-05-25 21:53:23 +02:00
Markus Schneider
c30bd387d2 leftwm: enable service 2019-05-26 01:27:04 +09:00
Maximilian Bosch
5fa93517f5
Merge pull request #61971 from sjau/wg_client_start
wireguard: restart on failure\nAs a oneshot service, if the startup f…
2019-05-25 16:36:56 +02:00
sjau
1bff53cb84
wireguard: restart on failure
As a oneshot service, if the startup failed it would never be attempted again.
This is problematic when peer's addresses require DNS. DNS may not be reliably available at
the time wireguard starts. Converting this to a simple service with Restart
and RestartAfter directives allows the service to be reattempted, but at
the cost of losing the oneshot semantics.

Signed-off-by: Maximilian Bosch <maximilian@mbosch.me>
2019-05-25 16:32:14 +02:00
Florian Klink
e4de353830
wireguard service: allow empty interfaces (#61743)
wireguard service: allow empty interfaces
2019-05-25 16:30:27 +02:00
phile314-fh
62d4c2b34a mongodb: Add authentication support
* nixos/mongodb: Add authentication support

* nixos/mongodb: Add initial script option

* nixos/mongodb: Make initial root password configurable

* nixos/mongodb: Start only on loopback interface for setup procedure

* nixos/mongodb: Test auth/initial script

* nixos/mongodb: Code formatting

Co-Authored-By: Lassulus <github@lassul.us>
2019-05-25 18:09:30 +09:00
Nikolay Amiantov
cfadd988e5 wireguard service: allow empty interfaces
This is needed in case one wants to use wg-quick on NixOS.
2019-05-25 11:17:36 +03:00
Milan Pässler
387d85b271 nixos/prosody: add authentication option (fixes #53134)
Passwords should not be stored in plain text by default. On existing
installations the next time a users user accounts will automatically
be upgraded from plain to hashed one-by-one as they log in.
2019-05-24 23:51:44 +02:00
José Romildo Malaquias
272fa9d41c lumina: init package set for the lumina desktop 2019-05-24 17:20:15 -03:00
Franz Pletz
5fa8cd257a
Merge pull request #51206 from krebs/xmonad-config
xmonad service: add .config option
2019-05-24 18:37:55 +00:00
Franz Pletz
eb7c11d552
Merge pull request #58718 from Ma27/validate-ssh-configs
nixos/sshd: validate ssh configs during build
2019-05-24 18:30:04 +00:00
Maximilian Bosch
00a5222499
nixos/sshd: validate ssh configs during build
With `sshd -t` config validation for SSH is possible. Until now, the
config generated by Nix was applied without any validation (which is
especially a problem for advanced config like `Match` blocks).

When deploying broken ssh config with nixops to a remote machine it gets
even harder to fix the problem due to the broken ssh that makes reverts
with nixops impossible.

This change performs the validation in a Nix build environment by
creating a store path with the config and generating a mocked host key
which seems to be needed for the validation. With a broken config, the
deployment already fails during the build of the derivation.

The original attempt was done in #56345 by adding a submodule for Match
groups to make it harder screwing that up, however that made the module
far more complex and config should be described in an easier way as
described in NixOS/rfcs#42.
2019-05-24 20:16:53 +02:00
Silvan Mosberger
f631167557
Merge pull request #58702 from florianjacob/fix-mysql
nixos/mysql: fix typing-induced bugs
2019-05-24 19:51:54 +02:00
worldofpeace
713bbb769c
Merge pull request #47153 from Ma27/hunspell-fr_FR-dictionary
hunspellDict.fr-any: Link `fr-moderne.dic` to `fr_FR.dic`
2019-05-23 13:30:05 -04:00
Florian Klink
1e739293bc
nixosTests.signal-desktop: add test (#61916)
nixosTests.signal-desktop: add test
2019-05-23 15:59:09 +02:00
Maximilian Bosch
a9d67d54b0
hunspellDicts.fr-any: link fr-moderne to fr_FR
Some packages like `ibus-engines.typing-booster` require the dictionary
`fr_FR.dic` to provide proper support for the french language.

Until now the hunspell package set of nixpkgs didn't provide this
dictionary. It has been recommended to use `fr-moderne` as base and link
`fr_FR.dic` from it as done by other distros such as ArchLinux.

See https://github.com/NixOS/nixpkgs/issues/46940#issuecomment-423684570

Fixes #46940
2019-05-23 15:53:50 +02:00
markuskowa
3a28c99923
Merge pull request #61894 from mkenigs/fix-typo
docker: fix typo
2019-05-23 10:03:01 +02:00
Florian Klink
5695696664 nixosTests.signal-desktop: add test 2019-05-23 00:56:46 +02:00
Carl Dong
f15118a883 nixos/bitcoind: add bitcoind service 2019-05-22 15:48:57 -04:00
Malte Brandy
ab5926ba67 nixos/nextcloud: Improve autoUpdateApps description string 2019-05-22 19:07:42 +02:00
mkenigs
42232ebea4
docker: fix typo 2019-05-22 08:40:01 -07:00
Renaud
42c0ce80e6
Merge pull request #61610 from worldofpeace/init/graphene
graphene: init at 1.8.6
2019-05-22 17:26:46 +02:00
Ingolf Wanger
e4f1e144a0 syncthing: made module more NixOps friendly 2019-05-22 22:39:34 +09:00
Yegor Timoshenko
6a63021eba
Merge pull request #60207 from volth/patch-329
nixos-generate-config: do not build btrfs-tools when btrfs is not used
2019-05-22 15:32:00 +03:00
Matthew Bauer
6d036d5b26
Merge pull request #61037 from bkchr/facetimehd_aarch64_fix
nixos/all-firmware: Enable facetimehd only for i686/x86_64
2019-05-21 16:14:15 -05:00
Malte Brandy
49f05a1760
nixos/nextcloud: Add options services.nextcloud.autoUpdateApps
nixos/nextcloud: Add documentation for nextcloud app installation and updates

nixos/nextcloud: Enable autoUpdateApps in nextcloud test

nixos/nextcloud: Fix typo in nixos/modules/services/web-apps/nextcloud.xml

Co-Authored-By: Florian Klink <flokli@flokli.de>

nixos/nextcloud: Escape html in option description

nixos/nextcloud: Fix autoUpdateApps URL in documentation.

Co-Authored-By: Florian Klink <flokli@flokli.de>
2019-05-21 13:24:23 +02:00
Matthew Bauer
022d8ab861
Merge pull request #61036 from cdepillabout/nixos-memtest-loader
nixos/systemd-boot: add support for memtest86 EFI app
2019-05-20 21:42:40 -05:00
(cdep)illabout
d88d675051
Change non-open-source to unfree in description. 2019-05-21 11:34:11 +09:00
worldofpeace
6543e794a6
Merge pull request #61546 from cizra/libfprint-vfs0090
libfprint: added a fork for Lenovo ThinkPad
2019-05-20 14:16:34 -04:00
Elmo Todurov
432944cdb3 fprintd: added option to use fork for Lenovo ThinkPad 2019-05-20 20:48:30 +03:00
Vladimír Čunát
dd917dc71a nixos/release-notes: mention length of release support
I took the date for 19.03 from the announcement:
https://discourse.nixos.org/t/nixos-19-03-release/2652
2019-05-20 12:31:24 +01:00
William Casarin
9a81e9cd9e xinetd: exec xinetd on launch
I noticed xinetd process doesn't get exec'd on launch, exec here so the bash
process doesn't stick around.

Signed-off-by: William Casarin <jb55@jb55.com>
2019-05-20 10:37:35 +01:00
Florian Klink
cd96b50d90
nixos/postgresql: add ensureDatabases & ensureUsers options (#56720)
nixos/postgresql: add ensureDatabases & ensureUsers options
2019-05-20 10:58:48 +02:00