Commit Graph

10111 Commits

Author SHA1 Message Date
edef
54a13b07d5 switch-to-configuration: use Net::DBus to retrieve the list of units
This resolves the FIXME, and opens up the possibility of using more of
the systemd DBus interface to make things more robust.
2018-05-03 20:19:23 +02:00
Rob Vermaas
41512bfdae
Merge pull request #39654 from AmineChikhaoui/issue-38623
GCE: pull the ssh host keys from the metadata service as expected by NixOps.
2018-05-03 17:16:26 +02:00
Matthew Bauer
ca30c5e061 Revert "Merge pull request #28206 from edef1c/net-dbus-list-units"
This reverts commit e508f0eec1, reversing
changes made to bead42df5d.
2018-05-02 15:02:29 -05:00
Antoine Eiche
d35dcb1280 dockerTools.pullImage: documentation and release note 2018-05-02 21:32:20 +02:00
Matthew Justin Bauer
e508f0eec1
Merge pull request #28206 from edef1c/net-dbus-list-units
switch-to-configuration: use Net::DBus to retrieve the list of units
2018-05-02 12:49:37 -05:00
WilliButz
27eb2859f2 prometheus-nginx-exporter: fix bool to string coercion 2018-05-02 16:18:20 +02:00
Robin Gloster
fe9096ef09
Merge branch 'master' into docker-registry-enhancements 2018-05-02 13:12:57 +02:00
Samuel Leathers
78f09c9102 nixos/prometheus-surfboard-exporter: add new module 2018-05-02 13:04:34 +02:00
Graham Christensen
eca5c99bf8
nixos docs: format =) 2018-05-01 19:57:09 -04:00
Graham Christensen
fd2dce9708
nixos docs: ignore generated files 2018-05-01 19:50:02 -04:00
Graham Christensen
9d4b966c4d
nixos docs: fixup 2018-05-01 19:43:52 -04:00
Graham Christensen
4f5a995b03
Merge pull request #39786 from grahamc/format-nixpkgs-docs-target
nixpkgs doc: add format Make target
2018-05-01 19:39:31 -04:00
Graham Christensen
374a3bdf5b
nixos docs: makefile for formatting 2018-05-01 18:03:25 -04:00
Matthew Justin Bauer
c46c5b8f4e
Merge pull request #39836 from flokli/virtualbox-5.2.10
virtualbox: 5.2.8 -> 5.2.10
2018-05-01 16:32:48 -05:00
Florian Klink
d3527d947f virtualisation.virtualbox.host: migrate from mkOption to mkEnableOption 2018-05-01 22:47:54 +02:00
Florian Klink
92e559212a virtualisation.virtualbox.host: introduce enableExtensionPack 2018-05-01 22:47:46 +02:00
Austin Seipp
5a24d99fa6 foundationdb: split into multiple, major-versioned packages to make upgrades user-controllable
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
Austin Seipp
55eec81118 nixos: add TLS support to FoundationDB module, and tweak setup a bit
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
Austin Seipp
ed5cbbbc44 foundationdb: install the java client library
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
edef
1a18fedae4 nixos doc: mananager -> manager 2018-05-01 19:58:50 +02:00
WilliButz
cb4c2834ef nixos/prometheus-varnish-exporter: update module 2018-05-01 18:00:53 +02:00
Matthew Justin Bauer
4e58e23262
Merge pull request #39478 from pngwjpgh/infinoted
nixos/infinoted: Abstract over libinfinity version
2018-05-01 10:22:25 -05:00
Michael Weiss
1b8642dff6
nixos/monetdb: init (#39812) 2018-05-01 16:44:12 +02:00
WilliButz
de60146f59 nixos/promtheus-nginx-exporter: update module 2018-05-01 15:45:48 +02:00
Michele Catalano
afd3136e8e
nixos/docker-registry: Add support for garbage collector to docker registry 2018-05-01 15:23:47 +02:00
Maximilian Bosch
593dc45141
nixos/docker-registry: cleanup module definition & enhance testcase
The following changes have been applied:

- the property `http.headers.X-Content-Type-Options` must a list of
  strings rather than a serialized list
- instead of `/etc/docker/registry/config.yml` the configuration will be
  written with `pkgs.writeText` and the store path will be used to run
  the registry. This reduces the risk of possible impurities by relying
  on the Nix store only.
- cleaned up the property paths to easy readability and reduce the
  verbosity.
- enhanced the testcase to ensure that digests can be deleted as well
- the `services.docker-registry.extraConfig` object will be merged with
  `registryConfig`

/cc @ironpinguin
2018-05-01 15:23:39 +02:00
Michele Catalano
f5c0b3f887
nixos/docker-registry: add more configuration options for docker-registry 2018-05-01 14:53:50 +02:00
Graham Christensen
5d03cce7ed
Merge pull request #38351 from grahamc/user-channels
Add user channels to the default nix path
2018-05-01 07:19:38 -04:00
Graham Christensen
8ab8d9cb74
Add user channels to the default nix path 2018-05-01 06:30:31 -04:00
Julien Langlois
519b64592d hitch: init at 1.4.8 + service + test (#39358)
Add the Hitch TLS reverse proxy as an option for TLS termination.
2018-05-01 10:36:36 +01:00
Jörg Thalheim
101dca2d9a
Merge pull request #39798 from lheckemann/nixos-install-chroot-doc
nixos-install manual: remove --chroot option
2018-05-01 08:21:31 +01:00
Linus Heckemann
152454d987 nixos-install manual: remove --chroot option
This option has been removed from the tool in favour of nixos-enter.
2018-05-01 07:36:35 +01:00
Graham Christensen
ab1648bf0d
nixpkgs doc: add format Make target 2018-04-30 22:37:58 -04:00
Graham Christensen
d1165dba99
Merge pull request #38831 from rdnetto/improve-cross-refs
Improve cross referencing in NixOS Manual
2018-04-30 21:30:20 -04:00
Milo
b405a6537c nixos/bspwm: spawn bpswm process in the background and properly set waiPID (#39707) 2018-04-30 17:03:05 +00:00
Maximilian Bosch
e12cc85b07
nixos/osquery: add test
Some time ago I fixed the broken package `osquery` (see #39336).
I had to test the package manually by starting the daemon locally,
however this doesn't ensure that the module is still functional.

In order to cover the package *and* the integration with the NixOS
module I thought that adding a testcase might be the best idea.

The current testcase does the following things:

* Starts an `osqueryd` service in a test machine with customized logger
  path and PID file

* Ensures that the `osqueryd.service` unit is running

* Checks if the customized flags (`pidfile`, `logger_path`) are applied
  to `osquery`.

* Performs a simple test query against the `etc_hosts` database to check
  if the basic funcitonality of `osquery` (storing system information into
  a database) works fine.
2018-04-30 16:49:38 +02:00
Michael Raskin
fd8dcdfa9d
Merge pull request #39416 from Ma27/fix-.version-config
.version: don't read from `.version` and deduplicate `.version-suffix` references
2018-04-30 08:33:19 +00:00
aszlig
b3d5ca8359
nixos/dhparams: Set default bit size to 2048
@Ekleog writes in https://github.com/NixOS/nixpkgs/pull/39526:

> I think a default of 4096 is maybe too much? See certbot/certbot#4973;
> Let's Encrypt supposedly know what they are doing and use a
> pre-generated 2048-bit DH params (and using the same DH params as
> others is quite bad, even compared to lower bit size, if I correctly
> remember the attacks available -- because it increases by as much the
> value of breaking the group).

> Basically I don't have anything personal against 4096, but fear it may
> re-start the arms race: people like having "more security" than their
> distributions, and having NixOS already having more security than is
> actually useful (I personally don't know whether a real-size quantum
> computer will come before or after our being able to break 2048-bit
> keys, let alone 3072-bit ones -- see wikipedia for some numbers).

> So basically, I'd have set it to 3072 in order to both decrease build
> time and avoid having people setting it to 8192 and complaining about
> how slow things are, but that's just my opinion. :)

While he suggests is 3072 I'm using 2048 now, because it's the default
of "openssl dhparam". If users want to have a higher value, they can
still change it.

Signed-off-by: aszlig <aszlig@nix.build>
2018-04-30 05:53:38 +02:00
Graham Christensen
8caaec894e
Merge pull request #39649 from grahamc/hacking-docs
NixOS docs: making it easier to hack on
2018-04-29 21:56:45 -04:00
aszlig
f148c5c4a1
nixos/tests: Fix QEMU flags for SCSI disks
The ability to specify "-drive if=scsi" has been removed in QEMU version
2.12 (introduced in 3e3b39f173).

Quote from https://wiki.qemu.org/ChangeLog/2.12#Incompatible_changes:

> The deprecated way of configuring SCSI devices with "-drive if=scsi"
> on x86 has been removed. Use an appropriate SCSI controller together
> "-device scsi-hd" or "-device scsi-cd" and a corresponding "-blockdev"
> parameter instead.

So whenever the diskInterface is "scsi" we use the new way to specify
the drive and fall back to the deprecated way for the time being. The
reason why I'm not using the new way for "virtio" and "ide" as well is
because there is no simple generic way anymore to specify these.

This also turns the type of the virtualisation.qemu.diskInterface option
to be an enum, so the user knows which values are allowed but we can
also make sure the right value is provided to prevent typos.

I've tested this against a few non-disk-related NixOS VM tests but also
the installer.grub1 test (because it uses "ide" as its drive interface),
the installer.simple test (just to be sure it still works with
"virtio") and all the tests in nixos/tests/boot.nix.

In order to be able to run the grub1 test I had to go back to
8b1cf100cd (which is a known commit where
that test still works) and apply the QEMU update and this very commit,
because right now the test is broken.

Apart from the tests here in nixpkgs, I also ran another[1] test in
another repository which uses the "scsi" disk interface as well (in
comparison to most of the installer tests, this one actually failed
prior to this commit).

All of them now succeed.

[1]: 9b5a119972/tests/system/kernel/bfq.nix

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edostra, @grahamc, @dezgeg, @abbradar, @ts468
2018-04-30 03:02:59 +02:00
aszlig
1907120f23
nixos/tests/udisks2: Fix USB device hotplug
The usb_add and usb_del monitor commands have been removed in QEMU
version 2.12 (introduced in 3e3b39f173).

Quote from https://wiki.qemu.org/ChangeLog/2.12#Incompatible_changes:

> The deprecated HMP commands "usb_add" and "usb_del" have been removed.
> Use "device_add" and "device_del" as replacement instead.

So we're doing exactly that and the udisks2 test now works again.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @edolstra
2018-04-30 03:02:57 +02:00
Matthew Justin Bauer
f12b93162a
rl-1809: add netcat note 2018-04-29 18:30:42 -05:00
aszlig
146cb02542
nixos/tests/hibernate: Fix netcat flags
I'm not sure why 024b501907 used -q 0
because even netcat-openbsd has the -N flag which IMO is the better way
to shutdown the socket on EOF.

Our default netcat implementation has changed once again[1] in
3c3b82234a and we're now using LibreSSL's
implementation, which doesn't have a -q flag.

See https://github.com/NixOS/nixpkgs/pull/39634 for the pull request
introducing the switch.

[1]: https://github.com/NixOS/nixpkgs/pull/19982

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @matthewbauer, @dtzWill, @Mic92
2018-04-29 23:46:47 +02:00
xeji
1937b810b6
Merge pull request #39340 from xeji/interim-fix-39069
nixos/networkd: wait for udev to settle before starting networkd
2018-04-29 20:45:09 +02:00
Ben Gamari
7d68eadf37 nixos/acme: Fix broken post-stop script
Previously the script would contain an empty `if` block (which is invalid
syntax) if both `data.activationDelay == null` and `data.postRun == ""`. Fix
this by adding a no-op `true`.
2018-04-29 13:32:02 -04:00
aszlig
97adb03a9e
nixos/tests/predictable-interface-names: Refactor
The Nix expression here is really hard to read with multiple (and
unnecessarily) nested lets and it also generates attribute names based
on the derivation generated by makeTest, which will result in these
attribute names:

  * vm-test-run-predictableInterfaceNames
  * vm-test-run-predictableInterfaceNames-with-networkd
  * vm-test-run-unpredictableInterfaceNames
  * vm-test-run-unpredictableInterfaceNames-with-networkd

With the refactor the attribute names are now:

  * predictable
  * predictableNetworkd
  * unpredictable
  * unpredictableNetworkd

So now the code is even shorter and IMHO slightly more readable.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @symphorien, @fpletz, @adisbladis
2018-04-29 15:36:56 +02:00
Peter Hoeg
3c63bda681
Merge pull request #39137 from peterhoeg/m/lcd
nixos lcdproc: module for lcdd/lcdproc
2018-04-28 22:57:59 +00:00
Tim Steinbach
9774c8a0de
linux-copperhead: Fix test 2018-04-28 20:20:47 +00:00
AmineChikhaoui
f514a68969
barf if pulling the ssh host keys fails 2018-04-28 17:07:54 +01:00
AmineChikhaoui
4a86f8c9ab
remove the entire temporary directory 2018-04-28 17:06:25 +01:00
AmineChikhaoui
3b8c7424d1
pull the ssh host keys from the metadata service as expected by NixOps.
Issues: #38623 https://github.com/NixOS/nixops/issues/930.
2018-04-28 16:52:46 +01:00
aszlig
1b1b76f70a
nixos/tests/chromium: Wait 10s after new window
This is a very very very ugly workaround and it's because Chromium seems
to eat keystroke for a few seconds after a new window is created.

I haven't found a better solution yet, so let's at least unbreak the
test until we come up with a better way.

Thanks to @vcunat for bringing this to my attention and also doing the
initial bisect.

The change that brought up this problem was 2b29e40153,
which updated Chromium from version 65.0.3325.181 to version
66.0.3359.117. Unfortunately the upstream changelog[1] is way too large
to actually guess what the breaking change is.

[1]: https://chromium.googlesource.com/chromium/src/+log/65.0.3325.181..66.0.3359.117?pretty=fuller&n=10000

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @bendlas, @vcunat
2018-04-28 17:35:13 +02:00
Maximilian Bosch
9274ea3903
treewide: rename version attributes
As suggested in https://github.com/NixOS/nixpkgs/pull/39416#discussion_r183845745
the versioning attributes in `lib` should be consistent to
`nixos/version` which implicates the following changes:

* `lib.trivial.version` -> `lib.trivial.release`
* `lib.trivial.suffix` -> `lib.trivial.versionSuffix`
* `lib.nixpkgsVersion` -> `lib.version`

As `lib.nixpkgsVersion` is referenced several times in `NixOS/nixpkgs`,
`NixOS/nix` and probably several user's setups. As the rename will cause
a notable impact it's better to keep `lib.nixpkgsVersion` as alias with
a warning yielded by `builtins.trace`.
2018-04-28 14:23:53 +02:00
Maximilian Bosch
39909289f4
lib: deduplicate version/suffix references
The logic regarding the generated `.version-suffix` file is already
defined in `lib/trivial.nix` and shouldn't be duplicated in
`nixos/version`.
2018-04-28 14:23:13 +02:00
Jörg Thalheim
f9fe798f95
Merge pull request #39612 from bgamari/cupsd-loglevel
cupsd: Introduce services.printing.logLevel option
2018-04-28 12:50:48 +01:00
Tuomas Tynkkynen
dda74d9e50 nixos/qemu-vm: Always add a virtio RNG device to the quest
mke2fs has this annoying property that it uses getrandom() to get random
numbers (for whatever purposes) which blocks until the kernel's secure
RNG has sufficient entropy, which it usually doesn't in the early boot
(except if your CPU supports RDRAND) where we may need to create the
root disk.

So let's give the VM a virtio RNG to avoid the boot getting stuck at
mke2fs.
2018-04-28 12:48:06 +03:00
Graham Christensen
74fcb1c770
nixos docs: include note about make for debugging the nixos docs 2018-04-28 04:15:16 -04:00
Graham Christensen
a77dc213a7
nixos manual: update xi:include for configuruation.nix's options-db 2018-04-28 04:04:56 -04:00
Graham Christensen
0ff0d138e4
nixos docs: Add a makefile for hacking on the nixos docs 2018-04-28 04:00:55 -04:00
Graham Christensen
59f8b1e844
nixos docs: Move generated XML in to a specific subdirectory to allow easier hacking 2018-04-27 22:44:51 -04:00
Graham Christensen
68d48cecf6
Merge pull request #31418 from ryantm/doc-nixos-extra-module-path
lib/eval-config: document NIXOS_EXTRA_MODULE_PATH
2018-04-27 21:26:06 -04:00
Sarah Brofeldt
b15e884f80
Merge pull request #39617 from Mic92/nixos-generate-config
nixos/nixos-generate-config: update search command
2018-04-28 00:33:21 +02:00
Matthew Justin Bauer
1c9dc7daa1
Merge pull request #39459 from oxij/nixos/isolinux
nixos: installer: cleanup a bit
2018-04-27 17:30:51 -05:00
Badi Abdul-Wahid
df3566c956 unifi, nixos/unifi: support LTS (5.6.36) and release (5.7.20)
Ubiquiti has both a LTS and current version of their Unifi controller software.

The latter adds new features, but may drop support for some devices.

This adds the capability to use either for the unifi module but defaults
to the LTS version, which was the previous behavior.
2018-04-28 00:27:33 +02:00
Jörg Thalheim
91e58ad48a
Merge pull request #39613 from bgamari/networkd-requiredforonline
networkd: Allow RequiredForOnline field in [Link] section
2018-04-27 23:21:34 +01:00
Jörg Thalheim
468f3ce0ed nixos/xserver: remove nvidiaLegacy173 from videoDrivers.examples
see 92265e807e (commitcomment-28773179)
2018-04-27 23:02:09 +01:00
xeji
06a3f2033f
Merge pull request #39431 from fdietze/patch-1
nixos manual: Fix typo in Syntax Summary
2018-04-27 23:10:26 +02:00
Yegor Timoshenko
6e33df0f6f
Merge pull request #39008 from serokell/youtrack
Youtrack package and service
2018-04-27 22:16:57 +03:00
Yegor Timoshenko
e71c36369f
Merge pull request #39002 from serokell/oauth2_proxy_mod
oauth2_proxy: refactor service
2018-04-27 22:15:50 +03:00
Jörg Thalheim
e8d5070e23 nixos/nixos-generate-config: update search command 2018-04-27 18:19:05 +01:00
Jan Malakhovski
92265e807e nixos: xserver: add related packages 2018-04-27 18:10:04 +01:00
Jan Malakhovski
5ec94de03c nixos: alsa: better docstring 2018-04-27 18:07:19 +01:00
Profpatsch
900cec79a0 lib/debug: add replacement instructions & release notes
for every deprecated function.
2018-04-27 18:59:39 +02:00
Profpatsch
b90104ea0e lib/debug: fix use-sites of deprecated debug functions 2018-04-27 18:59:39 +02:00
Ben Gamari
192352ff2f nixos/cupsd: Introduce services.printing.logLevel option
Previously we indirectly suggested that the user use
services.printing.extraConf to set this, but this doesn't work with the
default merge ordering. Fix this by making it an independent option.
Fixes #39611.
2018-04-27 16:41:49 +00:00
Ben Gamari
65c1cfce3f nixos/networkd: Allow RequiredForOnline field in [Link] section
This was previously missing.
2018-04-27 16:41:16 +00:00
Yorick van Pelt
000482ffc4
youtrack: add service 2018-04-27 17:33:41 +02:00
Yorick van Pelt
048c991eb0
oauth2_proxy: use explicit upstream default for setXauthrequest 2018-04-27 16:45:38 +02:00
Rodney Lorrimar
3e446ecd56 nixos/buildkite-agent: fix variable expansion in hook scripts
@cleverca found this bug in the declarative hooks config. Any shell
variables referenced in a hook script would get expanded by the hooks
directory builder.

Prevent variable expansion by quoting the here doc limit string.
2018-04-27 12:17:40 +01:00
Matthieu Coudron
ca0604190e qemu-guest-agent: init module
Allow out of band communication between qemu VMs and the host.
Useful to retrieve IPs of VMs from the host (for instance when libvirt can't analyze
DHCP requests because VMs are configured with static addresses or when
there is connectivity default).
2018-04-27 18:32:15 +09:00
Vladimír Čunát
88695c6e94
Revert "release-combined: don't include tests.chromium"
This reverts commit 1d06254998.
We now get a build and maybe have a workaround #39570; /cc #39476.
2018-04-27 02:42:12 +02:00
Franz Pletz
dc62e8509a
nixos/caddy: fix ca api endpoint, now uses v2 2018-04-27 01:11:54 +02:00
Matthew Justin Bauer
1d06254998
release-combined: don't include tests.chromium
The chromium package will frequently time out . Note that this is unrelated to the test but a side effect because the test depends on chromium.

https://hydra.nixos.org/job/nixos/trunk-combined/nixos.tests.chromium.x86_64-linux

See also #39476
2018-04-26 10:14:51 -05:00
Nikolay Amiantov
b827307c52 dante service: default for logoutput
Log to journald via syslog by default; also improve option type.
2018-04-26 13:57:11 +03:00
Nikolay Amiantov
bd140fb41d dante service: restart only on failure
Normal exit code shouldn't result in a restart.
2018-04-26 13:57:11 +03:00
Gregor Kleen
274579cc95 nixos/infinoted: Abstract over libinfinity version 2018-04-26 08:35:00 +02:00
aszlig
ce87773867
nixos/dhparams: Clean up module expression
First of all let's start with a clean up the multiline string
indentation for descriptions, because having two indentation levels
after description is a waste of screen estate.

A quick survey in the form of the following also reveals that the
majority of multiline strings in nixpkgs is starting the two beginning
quotes in the same line:

$ find -name '*.nix' -exec sed -n -e '/=$/ { n; /'\'\''/p }' {} + | wc -l
817
$ find -name '*.nix' -exec grep "= *'' *\$" {} + | wc -l
14818

The next point is to get the type, default and example attributes on top
of the description because that's the way it's rendered in the manual.

Most services have their enable option close to the beginning of the
file, so let's move it to the top.

Also, I found the script attribute for dhparams-init.service a bit hard
to read as it was using string concatenation to split a "for" loop.

Now for the more substantial clean ups rather than just code style:

  * Remove the "with lib;" at the beginning of the module, because it
    makes it easier to do a quick check with "nix-instantiate --parse".
  * Use ConditionPathExists instead of test -e for checking whether we
    need to generate the dhparams file. This avoids spawning a shell if
    the file exists already and it's probably more common that it will
    exist, except for the initial creation of course.
  * When cleaning up old dhparams file, use RemainAfterExit so that the
    unit won't be triggered again whenever we stop and start a service
    depending on it.
  * Capitalize systemd unit descriptions to be more in par with most
    other unit descriptions (also see 0c5e837b66).
  * Use "=" instead of "==" for conditionals using []. It's just a very
    small nitpick though and it will only fail for POSIX shells. Bash on
    the other side accepts it anyway.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Ekleog
2018-04-26 08:04:52 +02:00
aszlig
3e11ff6e0d
nixos/dhparams: Introduce a 'stateful' option
This option allows us to turn off stateful generation of Diffie-Hellman
parameters, which in some way is still stateful as the generated DH
params file is non-deterministic.

However what we can avoid with this is to have an increased surface for
failures during system startup, because generation of the parameters is
done during build-time.

Another advantage of this is that we no longer need to take care of
cleaning up the files that are no longer used and in my humble opinion I
would have preferred that #11505 (which puts the dhparams in the Nix
store) would have been merged instead of #22634 (which we have now).

Luckily we can still change that and this change gives the user the
option to put the dhparams into the Nix store.

Beside of the more obvious advantages pointed out here, this also
effects test runtime if more services are starting to use this (for
example see #39507 and #39288), because generating DH params could take
a long time depending on the bit size which adds up to test runtime.

If we generate the DH params in a separate derivation, subsequent test
runs won't need to wait for DH params generation during bootup.

Of course, tests could still mock this by force-disabling the service
and adding a service or activation script that places pre-generated DH
params in /var/lib/dhparams but this would make tests less readable and
the workaround would have to be made for each test affected.

Note that the 'stateful' option is still true by default so that we are
backwards-compatible with existing systems.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Ekleog, @abbradar, @fpletz
2018-04-26 08:04:50 +02:00
aszlig
761266bd18
nixos/dhparams: Turn params into a submodule
We're going to implement an option which allows us to turn off stateful
handling of Diffie-Hellman parameter files by putting them into the Nix
store.

However, modules now might need a way to reference these files, so we
add a now path option to every param specified, which carries a
read-only value of the path where to find the corresponding DH params
file.

I've also improved the description of security.dhparams.params a bit so
that it uses <warning/> and <note/>.

The NixOS VM test also reflects this change and checks whether the old
way to specify the bit size still works.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Ekleog
2018-04-26 08:04:48 +02:00
aszlig
4de774a63b
nixos/dhparams: Add a VM test
We're going to make changes to the dhparams module so we really want to
make sure we don't break it, so having a NixOS VM test is to make sure
we don't blow things up and can iterate on it.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Ekleog
2018-04-26 08:04:45 +02:00
Robin Gloster
94f5e5ad14
Revert "gitlab: disable"
This reverts commit 68c4605f1a.

Gitlab has been fixed
2018-04-26 00:15:24 +02:00
Robin Gloster
783fb86de4
gitlab module: update to gitlab 10.7 2018-04-26 00:15:24 +02:00
Matthew Justin Bauer
e4d2d32a32
Merge pull request #33679 from flokli/deluge-module
Deluge: use mkEnableOption, add test
2018-04-25 14:54:34 -05:00
Matthew Justin Bauer
a4a2626cd9
Merge pull request #35280 from markus1189/logkeys
Logkeys: Update and add `device` option to service
2018-04-25 14:48:29 -05:00
John Ericson
ba52ae5048 treewide: isArm -> isAarch32
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.

The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:

```
ISA:             ARMv8   {-A, -R, -M}
                 /    \
Mode:     Aarch32     Aarch64
             |         /   \
Encoding:   A64      A32   T32
```

At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.

The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.

[1]: https://developer.arm.com/products/architecture/a-profile
2018-04-25 15:28:55 -04:00
Peter Hoeg
077811ebe3 nixos lcdproc: module for lcdd/lcdproc 2018-04-25 22:16:07 +08:00
Ben Wolsieffer
4d40adb86d nginx: allow basic auth passwords to be specified in a file 2018-04-25 15:37:09 +02:00
Sarah Brofeldt
25abc29f47
Merge pull request #39473 from xeji/update-keymap-test
nixos/tests/keymap: wait for xdotool to succeed
2018-04-25 11:17:53 +02:00
xeji
6891bda370 nixos/tests/keymap: wait for xdotool to succeed
xdotool failed in rare cases when a window was already created
but not yet decorated by the window manager.
also prevent a (never observed but possible) race condition
2018-04-25 10:16:52 +02:00
Austin Seipp
e4e8562806 nixos: typofixes/tab deletion in some foundationdb docs/module
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-04-25 00:05:18 -05:00
Peter Hoeg
45f1205bab
Merge pull request #39304 from peterhoeg/f/ha
home-assistant: add a few knobs and make config YAML
2018-04-25 01:35:12 +00:00
Jan Malakhovski
2460063575 nixos: installer: cleanup a bit 2018-04-25 00:55:22 +00:00
Léo Gaspard
e199143f11
matterbridge module: add configPath option as a workaround, waiting for nix encryption 2018-04-25 01:37:37 +02:00
Felix Dietze
2ac306c91c
nixos manual: Fix typo in Syntax Summary 2018-04-24 21:57:51 +02:00
Robert Schütz
e4a6e320bb home-assistant: simplify definition of configFile 2018-04-24 20:49:16 +02:00
Matthew Justin Bauer
1b0a7bfe38
Merge pull request #31833 from pngwjpgh/feat/acme/delay
nixos/acme: Allow for time window between cert issue and activation
2018-04-24 10:06:02 -05:00
Sarah Brofeldt
65abd2e63f
Merge pull request #39400 from xeji/improve-keymap-tests
nixos/tests/keymap: improve keymap tests
2018-04-24 11:49:53 +02:00
xeji
84a6e18947 nixos/tests/keymap: improve keymap tests
simplify tests, prevent timeouts and non-deterministic failures
2018-04-24 11:13:48 +02:00
Michael Raskin
6048470df1
Merge pull request #39342 from samueldr/fix/nixos-enter-efivarfs
nixos-enter: Ensures presence of full /sys tree. (for efivarfs)
2018-04-23 21:42:12 +00:00
gnidorah
ce8f347ca8 nixos/hans, nixos/iodine: fix passwordFile attribute 2018-04-23 23:40:47 +03:00
Austin Seipp
18f28a6413 nixos: add foundationdb module, documentation
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-04-23 12:13:09 -05:00
Matthew Justin Bauer
14e66c1659
Merge pull request #36734 from gnidorah/hans
nixos/hans: init
2018-04-23 11:42:09 -05:00
Jan Malakhovski
fbd4563b53 nixos: documentation: implement documentation.dev.enable option
I know that "devinfo" output does not currently exist, but so does "devman".
It is mentioned in the nixpkgs manual, but no derivation in nixpkgs actually uses it.
2018-04-23 15:08:58 +02:00
Jan Malakhovski
483815a743 nixos: documentation: move some code around, make docstrings more informative 2018-04-23 15:08:58 +02:00
adisbladis
dd486e64e5
Merge pull request #39322 from elitak/trezor
trezord: Added Trezor Model-T (v2) udev rules
2018-04-23 18:14:20 +08:00
Peter Hoeg
b886faa6b6 home-assistant: use remarshal to convert configuration to YAML
HA doesn't mind the configuration being JSON instead of YAML but since YAML is
the official language, use that as it allows users to easily exchange config
data with other parties in the community.
2018-04-23 16:53:13 +08:00
Peter Hoeg
4cd88807d8 home-assistant: make port configurable so we can use it elsewhere
Additionally, some settings based on NixOS configuation is set via defaultConfig
which is then merged with the user provided configration.

For now that just means http port and time zone but others can easily be added.
2018-04-23 16:53:12 +08:00
Jörg Thalheim
54bcf06084
Merge pull request #39155 from NixOS/zramSwap-one-dev
zramSwap: default to 1 device
2018-04-23 08:44:16 +01:00
Samuel Dionne-Riel
14cab1ac57 nixos-enter: Ensures presence of full /sys tree.
This partially reverts a change from e88f28965a
which removed the `mount --rbind /sys`.

While true that the activation scripts will mount `sysfs` at `/sys`,
none of the mountpoints lower in the `/sys` tree are handled by the
activation script, which includes `efivarfs`.

This fixes #38477 since it ensures the presence of `efivarfs` in the
`/sys` tree, which is why the systemd-boot installation failed.
2018-04-22 16:02:57 -04:00
Tuomas Tynkkynen
6a819c8f8c nixos/iso-image.nix: Fix typo 2018-04-22 22:12:17 +03:00
xeji
236703f9f3 nixos/systemd-networkd: wait for udev to settle
... to avoid race condition between udevd renaming and
networkd configuring interfaces (39069)
2018-04-22 21:02:57 +02:00
Nikolay Amiantov
7c90a86770 wireguard service: use scripts instead of ExecStarts/Stops
This is more in line with what other services do; also looks cleaner.
It changes configuration entries for pre-and post-hooks type to lines from
lists of strings which are more logical for them; coersion is provided for
backwards compatibility.

Finally, add several steps to improve robustness:

1. Load kernel module on start if not loaded;
2. Don't remove wireguard interface on start; it is removed on service stop. If
   it's not something is wrong.
2018-04-22 13:33:11 -05:00
Joachim F
f442bfc02a
Merge pull request #39048 from oxij/nixos/fix-rename-bugs
nixos: fix rename.nix bugs
2018-04-22 17:46:09 +00:00
Bastian Köcher
6ed495cf13 raspberrypi-bootloader: Adds firmwareConfig config option
The `firmwareConfig` option will be appended to `/boot/config.txt`.
2018-04-22 18:27:17 +03:00
Bastian Köcher
8bc970bbc7 raspberrypi-bootloader: Adds support for using uboot
Uboot is copied into `/boot` in the installation process.
The boot entries are created by calling the `generic-extlinux-compatible` builder.
2018-04-22 18:27:17 +03:00
Jörg Thalheim
fecda3498b
Merge pull request #27117 from cjxgm/fix-nspawn-missing-suffix
systemd.nspawn: fix missing suffix
2018-04-22 15:21:07 +01:00
Eric Litak
4bf61fa67a trezord: Added Trezor Model-T (v2) udev rules 2018-04-21 22:04:47 -07:00
Matthew Justin Bauer
e4717c902f
Merge pull request #27958 from LumiGuide/strongswan-swanctl
nixos: add the strongswan-swanctl service
2018-04-21 15:47:39 -05:00
Gregor Kleen
79eebad055 Fix incorrect merge 2018-04-21 22:34:39 +02:00
Gregor Kleen
e11cb1d2a9 Merge branch 'master' of github.com:NixOS/nixpkgs into feat/acme/delay 2018-04-21 22:34:01 +02:00
Matthew Justin Bauer
29dc27c5a3
Merge pull request #30908 from kierdavis/boinc-fhs
boinc service: use an FHS environment (CI now passing)
2018-04-21 15:25:58 -05:00
Matthew Justin Bauer
1eea73eaa8
Merge branch 'master' into feat/acme/delay 2018-04-21 14:53:23 -05:00
Matthew Justin Bauer
7a516cd0c3
Merge branch 'master' into feat/nsd/dnssec 2018-04-21 14:48:30 -05:00
Matthew Justin Bauer
aeff4242db
Merge pull request #31969 from Assassinkin/master
Update sssd integration with pam as documented by RedHat
2018-04-21 14:36:47 -05:00
Jörg Thalheim
dc0653f54f
Merge pull request #38816 from Ekleog/dovecot-lda-test
dovecot module: test dovecot's LDA
2018-04-21 19:55:23 +01:00
Jörg Thalheim
862f5b0b34
Merge pull request #35541 from xeji/containers-extraflags
nixos/containers: add extraFlags option
2018-04-21 14:16:49 +01:00
Jörg Thalheim
a3e197a222
Merge pull request #39300 from erikarvstedt/openvpn-no-timestamps
openvpn: remove redundant timestamps from log output
2018-04-21 13:18:48 +01:00
Erik Arvstedt
683eeab299 openvpn: remove redundant timestamps from log output
The systemd journal is already logging and showing timestamps
2018-04-21 14:17:22 +02:00
Jörg Thalheim
bf6998bdfa
Merge pull request #39297 from xeji/tests/gnome3-gdm
nixos/tests/gnome3-gdm: fix broken test
2018-04-21 11:40:52 +01:00
Lassulus
6db2057f00 nixos/restic: init (#38948) 2018-04-21 11:12:43 +01:00
xeji
4c14202bd1 nixos/tests/gnome3-gdm: fix broken test
test always failed due to multiple bugs
2018-04-21 12:09:30 +02:00
Peter Hoeg
e10718f0ff
Merge pull request #39232 from Infinisil/sshd-options
nixos/sshd: add options for kexAlgorithms, ciphers and MACs
2018-04-21 04:45:18 +00:00
Matthew Justin Bauer
6b11a5ff13
Merge pull request #38979 from xeji/tests-systemd
nixos/tests/systemd: fix broken test
2018-04-20 18:04:12 -05:00
Eelco Dolstra
03b36522e7
nix: 2.0 -> 2.0.1 2018-04-20 23:37:18 +02:00
Daiderd Jordan
58fd592019
Merge pull request #38356 from Infinisil/fix/environment
nixos/systemd: Fix environment type -> allows overriding
2018-04-20 22:22:05 +02:00
Wout Mertens
77a1993b46
Merge pull request #38918 from gnidorah/gitweb
nixos/gitweb: add gitwebTheme option
2018-04-20 21:32:34 +02:00
Franz Pletz
d65a6cc6c9
Merge pull request #39165 from WilliButz/update-postfix-exporter
prometheus-postfix-exporter: 2017-06-01 -> 0.1.1, update module
2018-04-20 18:26:50 +00:00
Silvan Mosberger
ee3fd4ad53
nixos/sshd: add options for kexAlgorithms, ciphers and MACs 2018-04-20 19:05:19 +02:00
Daniel Peebles
ec569fc482
Merge pull request #39164 from ngortheone/master
Fix root volume resizing on EC2 KVM instances (M5, C5, etc)
2018-04-20 09:04:38 -04:00
aszlig
a9cd8ef23e
nixos/tests/containers-imperative: Fix eval
The commit c6f7d43678 changed the system
attribute to be below config.nixpkgs.localSystem, but the test still
uses the old attribute.

I have not tested whether the test actually succeeds but just checked
whether evaluation works and it evaluates successfully now.

Signed-off-by: aszlig <aszlig@nix.build>
2018-04-20 12:25:04 +02:00
John Ericson
53686e8995
Merge pull request #38485 from obsidiansystems/nixos-nixpkgs-options
nixpkgs module: Clean up platform options
2018-04-19 14:59:58 -04:00
WilliButz
c3d46165db
nixos/prometheus-postfix-exporter: update module 2018-04-19 19:47:13 +02:00
Ihor Antonov
3a47c7e8f6 growPartition: fix volume resizing on EC2 NVME instances
The previous code for this accidentally picked up a "p" when computing the partition number.
This logic should be more robust
2018-04-19 13:36:03 -04:00
Wout Mertens
8e3a14549f
zramSwap: remove mentions of old kernels 2018-04-19 16:53:40 +02:00
Wout Mertens
dd5e2a08fb
zramSwap: default to 1 device
One device per cpu is only needed for kernel 3.14
2018-04-19 16:44:08 +02:00
Peter Hoeg
740bafa9a0
Merge pull request #36864 from peterhoeg/f/ddclient
nixos ddclient: support multiple domains and run via systemd timer [WIP]
2018-04-19 05:12:29 +00:00
Matthew Justin Bauer
8fb93be481
Merge pull request #38705 from tokudan/murmur_tmpfix
murmur: fix /tmp usage
2018-04-18 22:12:29 -05:00
WilliButz
01af301443 prometheus-exporters: add dovecot exporter module 2018-04-19 00:35:27 +02:00
Robert Schütz
5bd12c694b
nixos/tor: use RuntimeDirectory, StateDirectory (#39083) 2018-04-18 09:42:45 +02:00
Bas van Dijk
ae94825b4a elasticsearch6: fix startup due to missing jvm.options 2018-04-18 00:38:48 +02:00
Jörg Thalheim
6bd83e624c
Merge pull request #39072 from jbgi/azure-agent-mount-resource-option
Azure agent mount resource option + bash to path
2018-04-17 21:12:36 +01:00
Jörg Thalheim
a2ce342bf1
Merge pull request #39074 from jbgi/jira-updates
atlassian-jira: 7.7.0 -> 7.9 and add bash to service path
2018-04-17 19:51:54 +01:00
gnidorah
9029ed933c nixos/gitweb: add gitwebTheme option 2018-04-17 20:07:01 +03:00
Matthew Justin Bauer
8691bb57d3
Merge pull request #36406 from alesguzik/bluez-midi
Bluetooth MIDI support
2018-04-17 10:54:23 -05:00
Matthew Justin Bauer
ef7f1c5e03
Merge pull request #36440 from dywedir/iwd
iwd: 2017-12-14 -> 0.1
2018-04-17 10:53:37 -05:00
Matthew Justin Bauer
4fe1c9e35f
Merge pull request #37388 from acowley/mlocate-updatedb
update-locatedb: fix update-locatedb service for mlocate
2018-04-17 10:42:20 -05:00
Matthew Justin Bauer
9e01411a7c
Merge pull request #37515 from MHOOO/patch-2
Fix permission on working directory
2018-04-17 10:40:49 -05:00
Matthew Justin Bauer
1a1f26ab3f
Merge pull request #37786 from woffs/fixing-quagga
quagga service: fix service and re-enable test
2018-04-17 10:12:11 -05:00
Matthew Justin Bauer
12ce909ac9
Merge pull request #38303 from LumiGuide/fix-pgmanage-sql_root
pgmanage: the data_root option is renamed to sql_root
2018-04-17 10:08:15 -05:00
Jean-Baptiste Giraudeau
15e44477b3
Add bash to jira PATH: required by health checks. 2018-04-17 16:44:04 +02:00
Jean-Baptiste Giraudeau
28e352cff8
azure-agent: add bash to service path.
as is often required by linux extensions.
2018-04-17 16:26:04 +02:00
Jean-Baptiste Giraudeau
1d971b7a9f
azure-agent: add option to control auto mount
of resource disk.
2018-04-17 16:04:04 +02:00
Graham Christensen
f4ff297cd5
Merge pull request #39031 from teto/loglevel
kernel: fix boot.consoleLogLevel description
2018-04-17 08:51:14 -04:00
Graham Christensen
1f4cf80639
Merge pull request #39066 from ckauhaus/submit/38674-installdocs-mkfs
Clarify installation steps w.r.t. disk partitions
2018-04-17 08:49:41 -04:00
Christian Kauhaus
bca80d67a0 Clarify installation steps w.r.t. disk partitions
- mkfs.fat needs `-n` to set a partition label, not `-L`.
- create /mnt/boot before mounting
- leave out detailed LVM example as advanced users already how to create
  LVs while it is detracting for novices.

Re #38674
2018-04-17 14:29:07 +02:00
Nikolay Amiantov
4fc0b4edca acme service: generate a CA for self-signed certificate
This is needed because simp_le expects two certificates in fullchain.pem, leading to error:

> Not enough PEM encoded messages were found in fullchain.pem; at least 2 were expected, found 1.

We now create a CA and sign the key with it instead, providing correct fullchain.pem.

Also cleanup service a bit -- use PATH and a private temporary directory (which
is more suitable).
2018-04-17 12:53:29 +03:00
Gabriel Ebner
d91caac6c3 services.tt-rss: do not unnecessarily start nginx 2018-04-17 11:44:52 +02:00
Nikolay Amiantov
b81aa02800 firewall service: run stop commands in reload
Do cleanup of user-created additional rules.

Of course it'd be much better to just use iptables-{save,restore} for
declarative management, but as it's still not there...
2018-04-17 12:41:36 +03:00
Jan Malakhovski
b57a6e9a5f nixos: rename.nix: fix bugs
Introduced in 286b007bd3 and then
in 2e6b796761.

This a proper fix for what 70c6f6572d tried to do.
Removing the "config" prefix triggers the bug on pure nixos too, not only
on nixops.
2018-04-17 09:05:21 +00:00
Jan Malakhovski
4018d44641 Revert "nixos/version: fix nixops pre 1.6 compatibility"
This reverts commit 70c6f6572d.
2018-04-17 09:05:20 +00:00
Matthieu Coudron
9f7eabcc21 kernel: fix boot.consoleLogLevel description
The current description describes the opposite influence of the setting
https://www.kernel.org/doc/Documentation/admin-guide/kernel-parameters.txt
2018-04-17 10:45:30 +09:00
Reuben D'Netto
7292c5a570 Fixed indentation 2018-04-17 09:19:55 +10:00
Joachim F
4881002e10
Merge pull request #38982 from das-g/patch-2
nixos manual: add missing space after "copytoram"
2018-04-16 20:52:16 +00:00
Tuomas Tynkkynen
333a24a628 nixos/release.nix: Add SD images for ARMv6 + ARMv7
These don't have affect the default Hydra setup (you need to pass
the relevant system in the supportedSystem list) but let's add it for
completeness and convenience.
2018-04-16 20:39:51 +03:00
Tuomas Tynkkynen
bd77849b2f nixos/installer/channel: Add some files that the channel also has
Nothing probably uses this, but let's be pedantic and have the
pre-included channel on the install media be as close as possible to
what 'nix-channel --update' will give them.

The only remaining difference is that the channel adds programs.sqlite,
which is fundamentally unfixable.
2018-04-16 20:39:51 +03:00
Yorick van Pelt
a037cbd46b
oauth2_proxy: add keyFile, make some options optional 2018-04-16 14:06:22 +02:00
adisbladis
247c97b699
Merge pull request #35896 from wucke13/master
Solving #30396
2018-04-16 20:04:52 +08:00
Yorick van Pelt
b901c40a8e
oauth2_proxy: update module for extraConfig support 2018-04-16 13:10:31 +02:00
Raphael Das Gupta
368947a3a5
nixos manual: add missing space after "copytoram" 2018-04-16 01:14:23 +02:00
xeji
9d5af5871d nixos/test/systemd: fix broken test
timing bug resulted in sporadic test failures on hydra
2018-04-16 00:43:33 +02:00
Peter Hoeg
642c8a8d8d nixos ddclient: support multiple domains and run via systemd timer
a) Some providers can update multiple domains - support that.

b) Make "zone" and "script" configurable. Some providers require these.

c) Instead of leaving the ddclient daemon running all the time, use a systemd
timer to kick it off.

d) Don't use a predefined user - run everything via DynamicUser

e) Add documentation
2018-04-15 10:17:46 +08:00
Jörg Thalheim
02dfbab3be nixos/pulseaudio: pulseaudio.enable should imply sound.enable
cc @fpletz
2018-04-14 19:12:47 +01:00
Jörg Thalheim
eeb27ae6ab
Merge pull request #38929 from Mic92/lxd
lxd: 2.16 -> 3.0.0; fixes build
2018-04-14 17:50:53 +01:00
Daiderd Jordan
d538fc06e2
docker-tools: add a test for permissions issues with AUFS/overlay
docker# [   11.054736] d24d6cdd57c9[763]: /bin/bash: error while loading
shared libraries: libreadline.so.7: cannot open shared object file:
Permission denied
docker# /bin/bash: error while loading shared libraries:
libreadline.so.7: cannot open shared object file: Permission denied
docker: exit status 127
docker: output:
error: command `docker run --rm -u 1000:1000 bash /bin/bash --version'
did not succeed (exit code 127)
command `docker run --rm -u 1000:1000 bash /bin/bash --version' did not
succeed (exit code 127)
2018-04-14 14:11:14 +02:00
Jörg Thalheim
7663de114a lxd: 2.16 -> 3.0.0 2018-04-14 11:02:24 +01:00
Ricardo M. Correia
0f3a628400 nixos/transmission: fix AppArmor profile to include libkrb5 2018-04-13 20:53:34 +02:00
Bjørn Forsman
80b6513fbf nixos: enable bash command completion by default
Because it improves out-of-the-box user experience a lot (IMHO).
(zsh completion is already on by default.)

Remove "programs.bash.enableCompletion = true" from
nixos-generate-config.pl, which feels superflous now.
2018-04-13 18:36:51 +02:00
Tim Steinbach
0625f77256
Fix kernel-copperhead test 2018-04-13 09:02:26 -04:00
Nikolay Amiantov
803dca34bb
Merge pull request #38896 from abbradar/shadowsocks
Update shadowsocks-libuv and add shadowsocks service
2018-04-13 15:55:55 +03:00
Nikolay Amiantov
dccd5a8601 dnscache service: cleanup and add forwardOnly 2018-04-13 15:38:13 +03:00