Commit Graph

5040 Commits

Author SHA1 Message Date
Uli Baum
8dbd8f4d69 nixos/dnscrypt-proxy: fix apparmor profile and test
Test failed because of an incomplete apparmor profile.
- fix apparmor profile
- improve test timing, prevent non-deterministic failure
2018-05-20 02:25:42 +02:00
Kirill Elagin
865abfa609
wireguard: Enable tools on other platforms
Wireguard is now split into two pretty much independent packages:
`wireguard` (Linux-specific kernel module) and `wireguard-tools`,
which is cross-platform.
2018-05-19 01:17:26 +03:00
Jan Tojnar
bd648f321c
nixos/nginx: emphasize that useACMEHost does not create certs
It was not entirely clean that `services.nginx.virtualHosts.<name>.useACMEHost` does not create certificates, see https://github.com/NixOS/nixpkgs/issues/40593
2018-05-17 20:48:02 +02:00
Andreas Rammhold
8a93595550
sysprof: 1.2.0 -> 3.28.1 2018-05-16 16:54:12 +02:00
Jan Tojnar
75cc398b97
Merge pull request #39615 from jtojnar/gdm-wayland
GDM wayland improvements
2018-05-16 16:39:12 +02:00
Jan Tojnar
54135fc733
gnome3.gdm: allow choosing user account without GNOME
Account chooser depends on AccountsService, which is normally enabled by
GNOME module but it was missing when using GDM without GNOME.
2018-05-16 16:25:22 +02:00
baroncharlus
380cdd8dd7 Add stubby resolver daemon service module (#38667)
* networking/stubby.nix: implementing systemd service module for stubby

This change implements stubby, the DNS-over-TLS stub resolver daemon.
The motivation for this change was the desire to use stubby's
DNS-over-TLS funcitonality in tandem with unbound, which requires
passing certain configuration parameters. This module implements those
config parameters by exposing them for use in configuration.nix.

* networking/stubby.nix: merging back module list

re-merging the module list to remove unecessary changes.

* networking/stubby.nix: removing unecessary capabilities flag

This change removes the unecessary flag for toggling the capabilities
which allows the daemon to bind to low ports.

* networking/stubby.nix: adding debug level logging bool

Adding the option to turn on debug logging.

* networking/stubby.nix: clarifying idleTimeout and adding systemd target

Improving docs to note that idleTimeout is expressed in ms. Adding the
nss-lookup `before' target to the systemd service definition.

* networking/stubby.nix: Restrict options with types.enum

This change restricts fallbackProtocol and authenticationMode to accept
only valid options instead of any list or str types (respectively). This
change also fixes typo in the CapabilityBoundingSet systemd setting.

* networking/stubby.nix: cleaning up documentation

Cleaning up docs, adding literal tags to settings, and removing
whitespace.

* networking/stubby.nix: fixing missing linebreak in comments

* networking/stubby.nix: cleaning errant comments
2018-05-16 15:16:30 +02:00
Jan Tojnar
d5060ac3a7
Merge pull request #33371 from jtojnar/flatpak
Flatpak
2018-05-15 14:19:33 +02:00
Jan Tojnar
d614f32e7a
nixos/flatpak: add docs 2018-05-15 14:18:45 +02:00
Maximilian Bosch
91365cd23a nexus: fix setup and nixos test (#40522)
The original `nexus` derivation required `/run/sonatype-work/nexus3`
which explicitly depended on the NixOS path structure.

This would break `nexus` for everyone using `nixpkgs` on a non-NixOS
system, additionally the module never created `/run/sonatype-work`, so
the systemd unit created in `services.nexus` fails as well. The issue
wasn't actively known as the `nixos/nexus` test wasn't registered in
Hydra (see #40257).

This patch contains the following changes:

* Adds `tests.nexus` to `release.nix` to run the test on Hydra.

* Makes JVM parameters configurable: by default all JVM options were located
  in `result/bin/nexus.vmoptions` which made it quite hard to patch
  these parameters. Now it's possible to override all parameters by
  running `VM_OPTS_FILE=custom-nexus.vmoptions ./result/bin/nexus run`
  (after patching the `nexus` shell script), additionally it's possible
  to override these parameters with `services.nexus.vmoptions`.

* Bumped Nexus from 3.5.1 to 3.11.0

* Run the `nexus` test on Hydra with `callTest` in `nixos/release.nix`,
  furthermore the test checks if the UI is available on the specified
  port.

* Added myself as maintainer for the NixOS test and the package to have
  some more people in case of further breakage.

* Added sufficient disk space to the `nexus` test, otherwise the service
  fails with the following errors:

  ```
  com.orientechnologies.orient.core.exception.ODatabaseException: Cannot create database 'accesslog'
  com.orientechnologies.orient.core.exception.OLowDiskSpaceException: Error occurred while executing
    a write operation to database 'accesslog' due to limited free space on the disk (242 MB). The database
    is now working in read-only mode. Please close the database (or stop OrientDB), make room on your hard
    drive and then reopen the database. The minimal required space is 256 MB. Required space is now set to
    256MB (you can change it by setting parameter storage.diskCache.diskFreeSpaceLimit) .
  ```

/cc @ironpinguin @xeji
2018-05-15 14:10:29 +02:00
Jan Tojnar
ec80c5e4c4
nixos/flatpak: allow specifying extra portals 2018-05-15 13:31:13 +02:00
Jan Tojnar
e0a42d991c
nixos/flatpak: init 2018-05-15 13:28:29 +02:00
Arcadio Rubio García
efde5fefb3 nixos: stumpwm: switch from package marked as broken to working quicklisp package (#40501) 2018-05-14 18:37:53 +02:00
xeji
c482b41f40
Merge pull request #40373 from xeji/fix-mesos-test
nixos/mesos: fix non-deterministic service and test failure
2018-05-13 19:57:24 +02:00
xeji
8c78d3a527
Merge pull request #40416 from oxij/os/fix-some-types
nixos: fix some types
2018-05-13 18:15:55 +02:00
Jan Malakhovski
44d612d6e5 nixos: services.xserver.desktopManager.xterm.enable: fix type 2018-05-13 01:15:23 +00:00
Jan Malakhovski
095fe5b43d nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1 2018-05-12 19:27:09 +00:00
Uli Baum
ec00b6fbb3 nixos/mesos-slave: start after docker
If docker is enabled, start mesos-slave.service after docker.service
to avoid a race condition that could result in mesos-slave to fail
with "Failed to create docker: Timed out getting docker version"
2018-05-11 19:37:31 +02:00
Robert Schütz
d283368d73
Merge pull request #39681 from pstn/gnunet-service
nixos/gnunet: create switch for package.
2018-05-11 14:13:17 +02:00
Philipp Steinpass
c3dba0b7a7 nixos/gnunet: create switch for package. 2018-05-11 13:54:00 +02:00
Yegor Timoshenko
35375aa7ed
hostapd: remove assertion (allow 5GHz channels) 2018-05-11 13:56:18 +03:00
aszlig
67a8c66f68
nixos/dovecot: Fix usage of dhparams option
The pull request that added dhparams (#39507) was made at the time where
the dhparams module overhaul (#39526) wasn't done yet, so it's still
using the old mechanics of the module.

As stated in the release notes:

  Module implementers should not set a specific bit size in order to let
  users configure it by themselves if they want to have a different bit
  size than the default (2048).

  An example usage of this would be:

    { config, ... }:

    {
      security.dhparams.params.myservice = {};
      environment.etc."myservice.conf".text = ''
        dhparams = ${config.security.dhparams.params.myservice.path}
      '';
    }

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @qknight, @abbradar, @hrdinka, @leenaars
2018-05-10 08:29:29 +02:00
Sarah Brofeldt
3befef8279
Merge pull request #39671 from johanot/keepalived-vrrpInstanceTracking
nixos/keepalived: Implemented vrrp-instance track scripts and track interfaces
2018-05-09 20:54:36 +02:00
Nikolay Amiantov
a08645e9be nginx module: add upstream extraConfig 2018-05-08 16:32:11 +03:00
Joachim Schiele
851d5d72a3 dovecot2: added ssl_dh using security.dhparams
The 18.03 channel includes dovecot 2.3, which requires ssl_dh to be set.
-> fixes https://github.com/nixcloud/nixcloud-webservices/issues/21
2018-05-08 15:51:39 +03:00
jD91mZM2
6c4c36fcbc
NetworkManager: add noDns option 2018-05-08 13:42:39 +02:00
Johan Thomsen
41d4bd29ac nixos/keepalived: Implemented vrrp-instance tracking scripts and interfaces.
Tracking scripts in particular, cannot be included in extraOpts, because script declaration has to be above script usage in keepalived.conf.
Changes are fully backward compatible.
2018-05-08 11:25:53 +02:00
aszlig
1eeeceb9c7
nixos/nsd: Allow to configure root zone
When trying to run NSD to serve the root zone, one gets the following
error message:

error: illegal name: '.'

This is because the name of the zone is used as the derivation name for
building the zone file. However, Nix doesn't allow derivation names
starting with a period.

So whenever the zone is "." now, the file name generated is "root"
instead of ".".

I also added an assertion that makes sure the user sets
services.nsd.rootServer, otherwise NSD will fail at runtime because it
prevents serving the root zone without an explicit compile-time option.

Tested this by adding a root zone to the "nsd" NixOS VM test.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @hrdinka, @qknight
2018-05-07 04:05:41 +02:00
Joachim F
e97d8fc0cb
Merge pull request #39455 from Ekleog/matterbridge-configfile
matterbridge module: add configPath option as a workaround, waiting for nix encryption
2018-05-06 17:29:43 +00:00
Tristan Helmich
560e91f1a7 nixos/matrix-synapse service: url_preview_url_blacklist fix (#40027)
Moved list of ip ranges to url_preview_ip_range_blacklist defaults.
Fixes #40017
2018-05-06 09:49:04 +00:00
xeji
cd960b965f
Merge pull request #38622 from obadz/minidlna-module
nixos/minidlna: add loglevel config
2018-05-06 00:13:39 +02:00
xeji
76c8e5ea3b
Merge pull request #39055 from abbradar/reload-stop
firewall service: run stop commands in reload
2018-05-05 22:13:15 +02:00
Jaka Hudoklin
3ec4528dcf
Merge pull request #39991 from xeji/remove-fleet
fleet, panamax: remove
2018-05-05 08:07:14 +02:00
gnidorah
9f1da66587 ndppd module: init (#35533) 2018-05-05 00:33:20 -05:00
bricewge
21b926003d sshguard: service creates /var/lib/sshguard 2018-05-05 00:29:44 -05:00
Uli Baum
c3eefe801a fleet: remove package, module, test
deprecated and unmaintained upstream
2018-05-05 00:28:16 +02:00
Uli Baum
f039bf9abc panamax: remove packages, module and test
was broken and depends on (deprecated) fleet
packages: panamax_api, panamax_ui
2018-05-05 00:27:15 +02:00
Pascal Bach
7f53ee8412 restic-rest-server module: init 2018-05-04 16:55:06 +02:00
WilliButz
27eb2859f2 prometheus-nginx-exporter: fix bool to string coercion 2018-05-02 16:18:20 +02:00
Robin Gloster
fe9096ef09
Merge branch 'master' into docker-registry-enhancements 2018-05-02 13:12:57 +02:00
Samuel Leathers
78f09c9102 nixos/prometheus-surfboard-exporter: add new module 2018-05-02 13:04:34 +02:00
Austin Seipp
5a24d99fa6 foundationdb: split into multiple, major-versioned packages to make upgrades user-controllable
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
Austin Seipp
55eec81118 nixos: add TLS support to FoundationDB module, and tweak setup a bit
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
Austin Seipp
ed5cbbbc44 foundationdb: install the java client library
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-05-01 15:47:36 -05:00
WilliButz
cb4c2834ef nixos/prometheus-varnish-exporter: update module 2018-05-01 18:00:53 +02:00
Matthew Justin Bauer
4e58e23262
Merge pull request #39478 from pngwjpgh/infinoted
nixos/infinoted: Abstract over libinfinity version
2018-05-01 10:22:25 -05:00
Michael Weiss
1b8642dff6
nixos/monetdb: init (#39812) 2018-05-01 16:44:12 +02:00
WilliButz
de60146f59 nixos/promtheus-nginx-exporter: update module 2018-05-01 15:45:48 +02:00
Michele Catalano
afd3136e8e
nixos/docker-registry: Add support for garbage collector to docker registry 2018-05-01 15:23:47 +02:00
Maximilian Bosch
593dc45141
nixos/docker-registry: cleanup module definition & enhance testcase
The following changes have been applied:

- the property `http.headers.X-Content-Type-Options` must a list of
  strings rather than a serialized list
- instead of `/etc/docker/registry/config.yml` the configuration will be
  written with `pkgs.writeText` and the store path will be used to run
  the registry. This reduces the risk of possible impurities by relying
  on the Nix store only.
- cleaned up the property paths to easy readability and reduce the
  verbosity.
- enhanced the testcase to ensure that digests can be deleted as well
- the `services.docker-registry.extraConfig` object will be merged with
  `registryConfig`

/cc @ironpinguin
2018-05-01 15:23:39 +02:00