Commit Graph

7000 Commits

Author SHA1 Message Date
Franz Pletz
7566b36259
zfs.autoScrub service: init 2017-03-02 17:13:54 +01:00
Gregor Kleen
3deb85bc63 locate: fix security.wrappers 2017-03-02 13:41:31 +01:00
Vladimír Čunát
45344fdf19
tested job: drop the hibernate test on i686 for now
/cc #23107.
2017-03-02 07:28:47 +01:00
Vladimír Čunát
fcec3e1c72
Revert "modules: add support for module replacement with disabledModules"
This reverts commit 3f2566689d for now.
Evaluation of the tested job got broken, blocking nixos-unstable.
2017-03-01 21:56:01 +01:00
Nikolay Amiantov
516a7fc7bd kmscon service: disable systemd-vconsole-setup
cc #22470.
2017-03-01 13:47:34 +03:00
Vladimír Čunát
b43614a6bb
Merge branch 'staging'
(Truly, this time :-)
2017-03-01 11:34:44 +01:00
Nikolay Amiantov
a6c6d08430 samba test: fix race condition 2017-03-01 03:16:35 +03:00
Nikolay Amiantov
2e80b50a7e cura, curaengine: 14.04 -> 2.4.0
Move old Cura to {cura,curaengine}_stable
2017-03-01 02:23:18 +03:00
Daiderd Jordan
3f2566689d modules: add support for module replacement with disabledModules
This is based on a prototype Nicolas B. Pierron worked on during a
discussion we had at FOSDEM.
2017-02-28 00:14:48 +01:00
Franz Pletz
ec4ead0bfe
phpfpm service: add target and slice 2017-02-28 00:00:57 +01:00
Franz Pletz
e3d58dae7f
phpfpm service: one service per pool for isolation 2017-02-27 23:38:53 +01:00
Vladimír Čunát
81b43ccd57
17.09 release notes: fix typos 2017-02-27 23:03:16 +01:00
Robin Gloster
755902b543
release-notes: add 17.09 2017-02-27 20:46:34 +01:00
Robin Gloster
b7d15edd9e
bump version to 17.10
This will be the Hummingbird release
2017-02-27 20:21:13 +01:00
Vladimír Čunát
a1919db7cd
Merge branch 'master' into staging 2017-02-27 20:15:27 +01:00
Dan Peebles
8def08a56c apache-kafka.service: pass in log4j config more explicitly
The implicit behavior of pulling it out of the classpath seemed not
to work properly and could be thrown off by other things on the
classpath also providing the properties file. This guarantees that
our settings stick.
2017-02-27 18:32:12 +00:00
Thomas Tuegel
127bf18a35
extra-cmake-modules: Lift Qt dependency 2017-02-27 11:49:46 -06:00
Thomas Tuegel
f21d4d0015
nixos/plasma5: Rename Plasma 5 desktop
- There is no such thing as KDE 5
2017-02-27 11:49:31 -06:00
Thomas Tuegel
8eb4d2afbc
Remove top-level kde5 attribute
- There is no such thing as KDE 5
2017-02-27 11:49:10 -06:00
Dan Peebles
6018cf4a69 amazon-init.service: fix starting services at startup
We now make it happen later in the boot process so that multi-user
has already activated, so as to not run afoul of the logic in
switch-to-configuration.pl. It's not my favorite solution, but at
least it works. Also added a check to the VM test to catch the failure
so we don't break in future.

Fixes #23121
2017-02-27 16:51:36 +00:00
Franz Pletz
bccac381b2
microcode updates: prepend first in initrd
Prevents crashing the kernel on boot if other blobs are prepended
before the microkernel update image.

Fixes #22674.
2017-02-27 17:12:33 +01:00
Edward Tjörnhammar
fa367c2d02
nixos, dhcpd: make machines assignable 2017-02-27 10:52:21 +01:00
Domen Kožar
c013f9240e Merge pull request #23168 from nlewo/nova-image-refactoring
Nova image refactoring and partition resizing
2017-02-27 10:03:13 +01:00
Fabian Schmitthenner
ae67f060f2 phpfpm: eliminate build at evaluation time
phpfpm currently uses `readFile` to read the php.ini file from the
phpPackage. This causes php to be build at evaluation time.

This eliminates the use of readFile and builds the php.ini at build
time.
2017-02-26 23:35:12 +01:00
Graham Christensen
4f3d06dc7d Merge pull request #23214 from grahamc/mcelog-service
mcelog: init Machine Check Exception Logging Daemon service
2017-02-26 11:42:56 -05:00
Graham Christensen
1430506666
mcelog: init Machine Check Exception Logging Daemon service 2017-02-26 11:42:00 -05:00
obadz
4b6f021251 Revert "lightdm: obbey services.xserver.{window/desktop}Manager.default"
This reverts commit 29caa185a7.

Not clear what the proper thing to do is. cf94cdb59b renders this
question mostly moot. Reverting before 17.03 branch to avoid a repeat
of #19054.
2017-02-26 16:22:21 +00:00
Jörg Thalheim
6c36d9fa20
nftables: make default configuration null
reason:
 - We currently have an open discussion regarding a more modular
   firewall (https://github.com/NixOS/nixpkgs/issues/23181) and
   leaving null makes future extension easier.
 - the current default might not cover all use cases (different ssh port)
   and might break setups, if applied blindly
2017-02-26 16:24:20 +01:00
Frederik Rietdijk
f69292ddc0 Python: explain deterministic builds in release notes 2017-02-26 14:51:26 +01:00
Jookia
e2c95b46e5
nftables module: Add new module for nftables firewall settings
fixes #18842
2017-02-26 13:41:14 +01:00
Tomasz Czyż
0b27c74eb2 pgjwt: init at 0.0.1 (#22644) 2017-02-26 11:14:32 +01:00
Daniel Peebles
2f36be3816 Merge pull request #23190 from primeos/os-release
[RFC] version: Extend /etc/os-release
2017-02-26 00:03:33 -05:00
Dan Peebles
e798f573f0 make-disk-image.nix: set last fsck time on ext4 images to enable resize-on-startup 2017-02-26 02:02:22 +00:00
Michael Weiss
7e97cbe5a4 version: Extend /etc/os-release
- Provide additional link for support and bug reporting.
- Use HTTPS links (related: "The IAB encourages all web servers to
employ TLS to protect their content, and use OCSP stapling to improve
the efficiency and privacy of revocation checking." [0].
- Add VERSION_CODENAME

[0]: https://www.iab.org/documents/correspondence-reports-documents/2017-2/iab-statement-on-ocsp-stapling/
2017-02-25 22:24:34 +01:00
Franz Pletz
26a2822cf0
nginx service: restart instead of stop to reduce downtime
cc #23127
2017-02-25 20:12:37 +01:00
Thomas Tuegel
a1431f35db Merge pull request #23169 from Kendos-Kenlen/kde-hack
kde5: Install default monospace font, Hack
2017-02-25 11:59:33 -06:00
Franz Pletz
3a4dd97c55
nginx module: fix acme if vhost name != serverName
cc #21931 @bobvanderlinden
2017-02-25 08:04:38 +01:00
Gauthier POGAM--LE MONTAGNER
b65cc5c59e kde5: add hack font dependency (fix #22975) 2017-02-25 00:35:59 +01:00
Antoine Eiche
386c19a224 nova-image: support partition resizing 2017-02-24 22:19:53 +01:00
Antoine Eiche
dec7ecbbbc nova-image: refactoring
The nova image configuration is separated from the image build.
2017-02-24 22:17:52 +01:00
Benjamin Staffin
1c555e772e Merge pull request #23155 from doshitan/fix-prometheus-basic-auth
prometheus service: fix basic auth option
2017-02-24 15:08:35 -05:00
Tanner Doshier
b846ce5243 prometheus service: fix basic auth option
If some configuration is provided, we need to filter out the `_module` key or
else it breaks prometheus.
2017-02-24 13:32:01 -06:00
Ryan Mulligan
41b56b4b8a f2fs module: add crc32 dependency to initrd kernel modules, closes #23093
f2fs.fsck depends on crc32 module being present in the initrd system,
otherwise, if f2fs is used as the root disk, the system is unbootable.
2017-02-24 18:32:50 +01:00
Robin Gloster
8f60b43d9c Merge pull request #23130 from grahamc/insecure-packages-with-docs
nixpkgs: allow packages to be marked insecure (this time with docs)
2017-02-24 13:44:28 +01:00
Graham Christensen
a9c875fc2e
nixpkgs: allow packages to be marked insecure
If a package's meta has `knownVulnerabilities`, like so:

    stdenv.mkDerivation {
      name = "foobar-1.2.3";

      ...

      meta.knownVulnerabilities = [
        "CVE-0000-00000: remote code execution"
        "CVE-0000-00001: local privilege escalation"
      ];
    }

and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:

    error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.

    Known issues:

     - CVE-0000-00000: remote code execution
     - CVE-0000-00001: local privilege escalation

    You can install it anyway by whitelisting this package, using the
    following methods:

    a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
       `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
       like so:

         {
           nixpkgs.config.permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

    b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
    ‘foobar-1.2.3’ to `permittedInsecurePackages` in
    ~/.config/nixpkgs/config.nix, like so:

         {
           permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

Adding either of these configurations will permit this specific
version to be installed. A third option also exists:

  NIXPKGS_ALLOW_INSECURE=1 nix-build ...

though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
Eelco Dolstra
8e1fa01f3a
nix: 1.11.6 -> 1.11.7 2017-02-24 12:53:53 +01:00
Franz Pletz
4730993ca6 Merge pull request #23109 from dtzWill/update/neo4j
neo4j: update and fix JVM parameters in NixOS module
2017-02-23 19:02:32 +01:00
Franz Pletz
d508ef88f7 Merge pull request #23082 from mayflower/graylog_update
graylog: update + module plugin support
2017-02-23 17:42:57 +01:00
Robin Gloster
940492cef5 Merge pull request #22634 from Ekleog/dhparams
dhparams module: initialize
2017-02-23 17:16:04 +01:00
Franz Pletz
4905c1c54f
prosody service: needs working network connectivity 2017-02-23 16:07:41 +01:00