Commit Graph

13029 Commits

Author SHA1 Message Date
lassulus
a3e7e1bbc8 nixos/syncthing: add options for declarative device/folder config 2019-05-20 17:56:17 +09:00
Aaron Andersen
b5a0c38e55
Merge pull request #59401 from mguentner/mxisd_1_3
mxisd: 1.2.0 -> 1.4.3
2019-05-19 07:00:47 -04:00
Neil Mayhew
f14cf438b4 nixos/modules: Ensure the colord user is a system user
Ideally, it should have an assigned uid and gid
2019-05-18 16:48:34 -06:00
Maximilian Güntner
e2c58c19c4
tests: add mxisd to all-tests 2019-05-18 22:18:01 +02:00
Robin Gloster
6e546e0326
Merge pull request #60087 from dasJ/icingaweb-etc
nixos/icingaweb2: Fix environment.etc assignment
2019-05-18 10:03:40 +00:00
Robin Gloster
a1dcac5104
Merge pull request #57523 from mayflower/kube-apiserver-preferred-address-types
nixos/kubernetes: Add preferredAddressTypes option to apiserver
2019-05-18 09:57:12 +00:00
Robin Gloster
6cf583cf2f
Merge pull request #60406 from JohnAZoidberg/remove-isnull
treewide: Remove usage of isNull
2019-05-18 09:36:24 +00:00
Robin Gloster
dac48ea4a1
Merge pull request #61025 from azazel75/upgrade-coredns
nixos/kubernetes: upgrade CoreDNS 1.3.1 -> 1.5.0
2019-05-18 09:19:04 +00:00
Silvan Mosberger
85c0a4dc33
Merge pull request #61512 from c0bw3b/pkg/winstone
winstone: drop package and service
2019-05-17 17:36:38 +02:00
Renaud
c5fd2a457e
Merge pull request #60670 from nyanloutre/factorio_sandbox
nixos/factorio: sandbox service using systemd
2019-05-17 13:40:02 +02:00
nyanloutre
85b3448e6a nixos/factorio: sandbox service using systemd
- DynamicUser enabled instead of static uid/gid
- Enables most sandboxing options systemd offers
2019-05-17 10:25:49 +02:00
Vladimír Čunát
fc67de1802
Merge branch 'staging-next'
A few thousand Darwin jobs are still pending, but there we're depending
on this merge to fix the channel-blocking lz4 failure.
https://hydra.nixos.org/eval/1519778?compare=1519770
2019-05-17 09:43:32 +02:00
worldofpeace
cc7c76f206 nixosTests.graphene: init 2019-05-16 21:29:17 -04:00
Bas van Dijk
240ae5eb87
Merge pull request #61604 from basvandijk/tinydns-nixos-test
nixos: add test for tinydns
2019-05-17 01:48:40 +02:00
LeOtaku
efcdac63fe nixos/pantheon: add geoclue application configuration
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
LeOtaku
00d8fc1cde nixos/gnome3: add geoclue application configuration
Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
LeOtaku
2d93f57db5 nixos/geoclue2: make configurable, can whitelist applications
All options within geoclue.conf[0] have been made configurable.

Additonally, we can now specify whether or not GeoClue
should ask the agent to authorize an application like so:
```
services.geoclue2.appConfig."redshift" = {
  isAllowed = true;
  isSystem = true;
};
```

[0]: https://gitlab.freedesktop.org/geoclue/geoclue/blob/2.5.2/data/geoclue.conf.in

Co-authored-by: worldofpeace <worldofpeace@protonmail.ch>
2019-05-16 18:46:07 -04:00
Bas van Dijk
71fdb69314 nixos: add test for tinydns 2019-05-16 23:46:17 +02:00
Austin Seipp
e2bbc6fb46
nixos: fix services.foundationdb.traceFormat for older server versions
This was a testing oversight that came from #61009 -- I forgot to test
the new traceFormat option with older server versions while I was
working on FDB 6.1.

Since trace_format is only available in 6.1+, emitting it
unconditionally caused older versions of the database fail to start,
reporting an error. We simply gate it behind a version check instead,
and assert the format is always XML on older versions. This avoids the
case where the user has an old version, changes traceFormat willingly,
and then is confused by why it didn't work.

As reported by @TimothyKlim in the comments on commit
c55b9236f0. See

    c55b9236f0 (r33566132)

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-16 15:16:50 -05:00
Maximilian Güntner
1a84bfc0a2
mxisd: 1.2.0 -> 1.4.3 2019-05-16 21:14:13 +02:00
Frederik Rietdijk
d4464ff8fe Merge master into staging-next 2019-05-16 08:17:55 +02:00
Aaron Andersen
ed6ccd1b27
Merge pull request #61363 from aanderse/miniupnpc
miniupnpc_2: 2.1 -> 2.1.20190408, miniupnpd: 2.1 -> 2.1.20190502
2019-05-15 20:56:59 -04:00
c0bw3b
582fd549fb winstone: drop package and service
Close #56294
Upstream package is unmaintained for years
and nixpkgs provides alternatives
2019-05-15 20:30:48 +02:00
Austin Seipp
2525b88c80
nixos/foundationdb: default to ssd storage engine
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp
427f1e58a4
nixos/foundationdb: chmod 0770 for logs/data files
Slight oversight: this allows members of the FoundationDB group to read
logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Austin Seipp
c55b9236f0
nixos: add services.foundationdb.traceFormat option
This allows us to specify JSON trace logging, which is useful for
tooling to injest/transform logs.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-15 09:54:11 -05:00
Linus Heckemann
89b64ab5e1 nixos-generate-config: add rudimentary high-DPI detection
Fixes the main remaining part of #12345
2019-05-15 06:34:40 +02:00
Linus Heckemann
2b13c29c3c
Merge pull request #60231 from mayflower/tinc-allow-networking-interfaces
nixos/tinc: remove ordering dependency on network.target
2019-05-14 17:51:20 +02:00
Frederik Rietdijk
8abe5ee07e Merge master into staging-next 2019-05-14 10:23:13 +02:00
lewo
42ee7cdf9d
Merge pull request #61089 from nlewo/pr-fix-layer-order
dockerTools: Fix Docker layers order
2019-05-13 15:27:43 +02:00
worldofpeace
b5f26f3803
Merge pull request #59480 from worldofpeace/fprintd-systemd
nixos/fprintd: use systemd.packages
2019-05-13 03:30:24 -04:00
Eelco Dolstra
de9e238469
FIx some malformed XML in option descriptions
E.g. these were using "<para>" at the *end* of a description. The real
WTF is that this is possible at all...
2019-05-13 09:15:17 +02:00
John Ericson
395bcc0b27
Merge pull request #61257 from matthewbauer/add-binfmt-emulated-systems
nixos/binfmt: handle emulatedSystems
2019-05-12 19:11:52 -04:00
Markus Schmidl
147621f7db nixos/luksroot: GPG Smartcard support for luks encrypted volumes 2019-05-12 20:05:10 +02:00
Frederik Rietdijk
ef0dbef7f1 Merge master into staging-next 2019-05-12 19:59:09 +02:00
Joachim F
b4a43a278b
Merge pull request #60187 from joachifm/feat/configurable-malloc
nixos: configurable system-wide malloc
2019-05-12 15:18:07 +00:00
Joachim F
428ddf0619
Merge pull request #61306 from joachifm/feat/fix-apparmor-boot-linux_5_1
Fix apparmor boot on linux 5.1
2019-05-12 15:17:38 +00:00
Aaron Andersen
496d9f97e6 nixos/miniupnpd: update test to use pkgs.miniupnpc_2 2019-05-12 07:53:30 -04:00
Maximilian Bosch
fa2c6dc3c2
Merge pull request #61311 from turboMaCk/xss-lock-locker-options
xss-lock: improve locker options passing
2019-05-12 11:07:54 +02:00
Maximilian Bosch
d27431b362
nixos/xss-lock: add testcase for lockerCommand with several CLI options. 2019-05-12 03:22:29 +02:00
Maximilian Bosch
775146165d
nixos/xss-lock: improve module
* Don't use `literalExample`, raw Nix values can directly be specified
  as an option example which provides support for highlighting in the
  manual as well.

* Escape shell args for `extraOptions`: I.e. the `-n` option might be
  problematic as a longer notification command might be misinterpreted.
2019-05-12 03:20:44 +02:00
Renaud
e8d7f17c81
Merge pull request #61032 from dtzWill/feature/rngd-harden
rngd: harden service config, settings from arch
2019-05-11 23:36:57 +02:00
Marek Fajkus
7fef2e38ea xss-locker: improve options passing
- allow locker options without hacks
- add extraOptions
2019-05-11 19:33:10 +02:00
Joachim Fasting
92d41f83fd
nixos/tests/hardened: check that apparmor is properly loaded 2019-05-11 18:21:44 +02:00
Joachim Fasting
68f5d1fa4c
nixos/apparmor: ensure that apparmor is selected at boot
Otherwise we're subject to whatever defaults were selected at kernel build
time.

See also: https://github.com/NixOS/nixpkgs/issues/61145
2019-05-11 18:21:38 +02:00
Vladimír Čunát
e8f4ad0169
Merge branch 'master' into staging-next
~5k rebuilds per platform.
Hydra nixpkgs: ?compare=1518759
2019-05-11 09:41:36 +02:00
Matthew Bauer
93a522cf0c nixos/binfmt: fixup 2019-05-10 22:53:14 -04:00
Matthew Bauer
60381b7b11 binfmt: add more magics and masks
New ones taken from this script:

https://github.com/qemu/qemu/blob/master/scripts/qemu-binfmt-conf.sh
2019-05-10 21:00:21 -04:00
kolaente
29d35a9ddb maintainers: add kolaente 2019-05-11 02:01:08 +02:00
Matthew Bauer
153598ebb0 nixos/binfmt: handle emulatedSystems
Fixes #61248
2019-05-10 18:05:59 -04:00
worldofpeace
6c8bb26331
Merge pull request #61048 from Ma27/zmap-package
zmap: init at 2.1.1
2019-05-10 15:19:43 -04:00
Bas van Dijk
4b7aea9e8c
Merge pull request #61237 from basvandijk/journalbeat-fixes
NixOS: support journalbeat >= 6
2019-05-10 18:44:44 +02:00
Bas van Dijk
477c552c7d nixos/journalbeat: support journalbeat >= 6 & add test 2019-05-10 15:41:41 +02:00
Maximilian Bosch
3d6fe3d760
nixos/zmap: init module
The module installs `zmap` globally and links the config files to
`/etc/zmap`, the default location of config files for zmap.

The package provides pretty much a sensitive default, custom configs can
be created like this:

```
{ lib, ... }:
{
  environment.etc."zmap/blacklist.conf" = lib.mkForce {
    text = ''
      # custom zmap blacklist
      0.0.0.0/0
    '';
  };
}
```
2019-05-10 08:12:27 +02:00
Ambroz Bizjak
5bec9dc65b virtualbox: 5.2.28 -> 6.0.6
Quite some fixing was needed to get this to work.

Changes in VirtualBox and additions:

- VirtualBox is no longer officially supported on 32-bit hosts so i686-linux is removed from platforms
  for VirtualBox and the extension pack. 32-bit additions still work.

- There was a refactoring of kernel module makefiles and two resulting bugs affected us which had to be patched.
  These bugs were reported to the bug tracker (see comments near patches).

- The Qt5X11Extras makefile patch broke. Fixed it to apply again, making the libraries logic simpler
  and more correct (it just uses a different base path instead of always linking to Qt5X11Extras).

- Added a patch to remove "test1" and "test2" kernel messages due to forgotten debugging code.

- virtualbox-host NixOS module: the VirtualBoxVM executable should be setuid not VirtualBox.
  This matches how the official installer sets it up.

- Additions: replaced a for loop for installing kernel modules with just a "make install",
  which seems to work without any of the things done in the previous code.

- Additions: The package defined buildCommand which resulted in phases not running, including RUNPATH
  stripping in fixupPhase, and installPhase was defined which was not even run. Fixed this by
  refactoring using phases. Had to set dontStrip otherwise binaries were broken by stripping.
  The libdbus path had to be added later in fixupPhase because it is used via dlopen not directly linked.

- Additions: Added zlib and libc to patchelf, otherwise runtime library errors result from some binaries.
  For some reason the missing libc only manifested itself for mount.vboxsf when included in the initrd.

Changes in nixos/tests/virtualbox:

- Update the simple-gui test to send the right keys to start the VM. With VirtualBox 5
  it was enough to just send "return", but with 6 the Tools thing may be selected by
  default. Send "home" to reliably select Tools, "down" to move to the VM and "return"
  to start it.

- Disable the VirtualBox UART by default because it causes a crash due to a regression
  in VirtualBox (specific to software virtualization and serial port usage). It can
  still be enabled using an option but there is an assert that KVM nested virtualization
  is enabled, which works around the problem (see below).

- Add an option to enable nested KVM virtualization, allowing VirtualBox to use hardware
  virtualization. This works around the UART problem and also allows using 64-bit
  guests, but requires a kernel module parameter.

- Add an option to run 64-bit guests. Tested that the tests pass with that. As mentioned
  this requires KVM nested virtualization.
2019-05-09 23:36:57 +02:00
Renaud
c17ec06f66
Merge pull request #60569 from dtzWill/update/vnstat-2.2
vnstat: 2.1 -> 2.2
2019-05-09 20:09:40 +02:00
worldofpeace
bb7e5566c7
Merge pull request #44086 from erikarvstedt/paperless
paperless: add package and service
2019-05-08 17:17:49 -04:00
Alyssa Ross
7261ffc18e
Merge pull request #60776 from alyssais/xerror
nixos/xserver: improve DM error message when X off
2019-05-08 12:19:14 +00:00
Erik Arvstedt
80c3ddbad8
paperless service: init 2019-05-08 09:26:32 +02:00
Will Dietz
e5d049e469 rngd: harden service config, from arch 2019-05-07 22:53:09 -05:00
Will Dietz
a2bdd63c4f
Merge pull request #61072 from dtzWill/feature/rngd-debug-flag
rngd: add option to run w/debug flag
2019-05-07 14:59:39 -05:00
Frederik Rietdijk
87a5d8fede Merge staging-next into staging 2019-05-07 19:30:14 +02:00
Antoine Eiche
5ef1223f30 nixos/tests/docker-tools: verify order of layers in stacked images 2019-05-07 16:52:13 +02:00
Joachim Fasting
10d3a0e10b
nixos/tests/hardened: test hardened malloc 2019-05-07 13:45:42 +02:00
Joachim Fasting
48ff4f1197
nixos/hardened: use graphene-hardened malloc by default 2019-05-07 13:45:39 +02:00
Joachim Fasting
a84be28270
nixos/malloc: configure system-wide malloc provider
Currently, this uses the somewhat crude method of setting LD_PRELOAD in the
system environment.  This works, but should be considered a stepping stone to
a more robust solution.
2019-05-07 13:45:38 +02:00
David Izquierdo
b24a87fafe jellyfin: remove assertion if emby enabled: no emby module exists 2019-05-07 11:04:57 +02:00
Will Dietz
b809071ffb rngd: add option to run w/debug flag
Added while testing if adding hardening
directives to the service blocked access
to various sources, might be useful in the future.
2019-05-06 23:44:38 -05:00
Linus Heckemann
864f4f084a
Merge pull request #60237 from mayflower/kexec-no-clobber
nixos/kexec: don't clobber existing kexec-loaded kernel
2019-05-06 21:53:47 +02:00
Alberto Berti
f965fb26a9 nixos/kubernetes: upgrade CoreDNS 1.3.1 -> 1.5.0 2019-05-06 13:10:32 +02:00
Bastian Köcher
4806c8c38d nixos/all-firmware: Enable facetimehd only for i686/x86_64 2019-05-06 10:49:42 +02:00
(cdep)illabout
b12ea62ec9 nixos/systemd-boot: add support for memtest86 EFI app
This commit adds support for installing the memtest86 EFI app and adding
a boot entry for it with systemd-boot.
2019-05-06 17:08:55 +09:00
José Romildo Malaquias
b4941a463e
Merge pull request #59943 from romildo/fix.deepin.modules
nixos/deepin: use only one module for deepin services
2019-05-05 20:52:13 -03:00
volth
f3535aeea3
nix.systemFeatures: minor fix
following up #59148
I forgot the default case of the architectures which do not have minor brothers whose code they can run ("westmere" or any of of AMD)
2019-05-05 22:14:24 +00:00
Robert Schütz
1ea22b8868
Merge pull request #60217 from dotlambda/home-assistant-0.92
home-assistant: 0.91.4 -> 0.92.2
2019-05-05 23:31:31 +02:00
José Romildo Malaquias
78f176158c nixos/deepin: add deepin-anything service 2019-05-05 18:01:28 -03:00
José Romildo Malaquias
8ed9f9fedf nixos/deepin: add dde-dock dbus service 2019-05-05 17:37:46 -03:00
José Romildo Malaquias
9e9b96f073 nixos/deepin: install polkit local authority files in /etc 2019-05-05 17:14:42 -03:00
José Romildo Malaquias
9a1890cafb nixos/deepin: add deepin-screenshot dbus service 2019-05-05 17:14:42 -03:00
José Romildo Malaquias
65c6aff217 nixos/deepin: add deepin-image-viewer dbus service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
f239997fde nixos/deepin: add dde-session-ui dbus service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
1294aaece6 nixos/deepin: add dde-calendar dbus service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
788b45fa13 nixos/deepin: add deepin-turbo systemd service 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
77fa14725f nixos/deepin: move deepin-menu.nix into deepin.nix 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
6121a8e3b5 nixos/deepin: fix the deepin-daemon user and group 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
7c60ac71cf nixos/deepin: add dde-api services and user/group 2019-05-05 17:14:41 -03:00
José Romildo Malaquias
4fcaded92b nixos/deepin: rename dde-daemon module
The deepin module is used to set basic dbus and systedmd services, kernel modules,
groups and users needed by the Deepin Desktop Environment.
2019-05-05 17:14:41 -03:00
Michael Raskin
7770495cd7
Merge pull request #59148 from volth/gcc.arch.v3
compilation for particular x86_64 architecture
2019-05-05 19:12:12 +00:00
Andreas Rammhold
45f58cad33
nixos/misc/nixpkgs: fixed syntax error in overlays example
I was pointed towards a small syntax error in the `nixpkgs.overlays`
documentation. There was a trailing semicolon after the overlay
function.

I also aligned the code a bit better so opening and closing brackets can
be visually matched much better (IMO).
2019-05-04 17:29:04 +02:00
Robert Schütz
d280603bd1 nixos/home-assistant: account for introduction of manifest.json
The `availableComponents` now only contain a single attribute for
every integration.
2019-05-04 12:01:23 +02:00
Renaud
966ee252c2
Merge pull request #59367 from Ma27/fix-hostapd-interface-naming
nixos/hostapd: escape interface names for hostapd
2019-05-03 19:04:00 +02:00
worldofpeace
a01943c7f0
Merge pull request #59856 from c00w/external_gpu
nixos/nvidia: Add NVIDIA optimus option to allow external GPUs
2019-05-03 10:31:11 -04:00
Joachim F
5ad1e9f0bf
Merge pull request #60575 from dtzWill/feature/obfs4proxy
obfs4: init at 0.0.10, use in tor-browser-bundle's, tor service
2019-05-03 09:48:02 +00:00
Will Dietz
329df95958 vnstat: 2.1 -> 2.2
https://humdi.net/vnstat/CHANGES

* enable tests
* add hardening options from upstream's
  example service
* fix "documentation" setting in service:
  either needs to be `unitConfig.Documentation`
  (uppercase) or lowercase but not within unitConfig.
2019-05-03 01:47:57 -05:00
Elis Hirwing
6698c37fe1
Merge pull request #60630 from etu/drop-emby
emby: Drop package and module and refer to jellyfin
2019-05-03 07:58:30 +02:00
Silvan Mosberger
bc5b262c9c
Merge pull request #60333 from azazel75/fix-grafana_reporter
grafana_reporter: Fix library function name
2019-05-03 06:29:09 +02:00
Silvan Mosberger
be1ada3140
Merge pull request #60081 from Streetwalrus/nginx_stapling
nginx: use fullchain.pem for ssl_trusted_certificate
2019-05-03 06:28:38 +02:00
Colin L Rice
d67494972d nixos/nvidia: Add NVIDIA optimus option to allow external GPUs
Without this option - NVIDIA refuses to use an external GPU.
2019-05-02 23:57:28 -04:00
Hsiang-Cheng Yang
e775587d63 softether: 4.25 -> 4.29 (#60665)
* softether: 4.25 -> 4.29

* softether_4_29: restrict to x86_64-linux
Does not build on aarch64 because of upstream "-m64" compile flag
2019-05-02 19:38:37 +02:00
Silvan Mosberger
e3dfd6a8ad
Merge pull request #60543 from Infinisil/fix/znc-gen
nixos/znc: Fix config generator for certain null values
2019-05-02 18:23:10 +02:00