Commit Graph

5879 Commits

Author SHA1 Message Date
worldofpeace
94af8ebde2 nixos/displayManager: only install wayland sessions if they exist in extraSessionFilePackages
Not everyone is using wayland just yet.
2018-12-22 01:15:09 -05:00
Samuel Dionne-Riel
3c38cc8058
Merge pull request #51813 from samueldr/aarch64/disable-non-arm-builds-part-1
aarch64: ZHF for aarch64 (1/??)
2018-12-20 21:06:52 -05:00
Maximilian Bosch
87ebc2ad0b
Merge pull request #52345 from r-ryantm/auto-update/clickhouse
clickhouse: 18.14.9 -> 18.14.18
2018-12-20 18:48:37 +01:00
Maximilian Bosch
64d05bbdd2
clickhouse: fix module and package runtime
Although the package itself builds fine, the module fails because it
tries to log into a non-existant file in `/var/log` which breaks the
service. Patching to default config to log to stdout by default fixes
the issue. Additionally this is the better solution as NixOS heavily
relies on systemd (and thus journald) for logging.

Also, the runtime relies on `/etc/localtime` to start, as it's not
required by the module system we set UTC as sensitive default when using
the module.

To ensure that the service's basic functionality is available, a simple
NixOS test has been added.
2018-12-20 13:03:41 +01:00
Jeremy Apthorp
654c3124b2
shairport-sync: don't daemonize
This flag causes the shairport-sync server to attempt to daemonize, but it looks like systemd is already handling that. With the `-d` argument, shairport-sync immediately exits—it seems that something (systemd I'm guessing?) is sending it SIGINT or SIGTERM.

The [upstream systemd unit](https://github.com/mikebrady/shairport-sync/blob/master/scripts/shairport-sync.service.in#L10) doesn't pass `-d`.
2018-12-19 22:37:25 -08:00
Silvan Mosberger
9673380261
Merge pull request #52168 from cdepillabout/add-bluezFull-package
Add bluez full package
2018-12-17 03:01:49 +01:00
Satoshi Shishiku
5a93f6149a
prosody service: set cafile
Fix s2s_secure_auth.
2018-12-17 01:01:41 +01:00
Florian Klink
91c65721f7 owncloud: remove server
pkgs.owncloud still pointed to owncloud 7.0.15 (from May 13 2016)

Last owncloud server update in nixpkgs was in Jun 2016.
At the same time Nextcloud forked away from it, indicating users
switched over to that.

cc @matej (original maintainer)
2018-12-16 15:05:53 +01:00
Florian Klink
50500219af apache-httpd/limesurvey.nix: fix copypasta from owncloud 2018-12-16 15:05:53 +01:00
Florian Klink
34d45007e2
Merge pull request #51053 from Ma27/draft-nextcloud-module-docs
nixos/nextcloud: add basic module documentation and warn about current upgrading issues
2018-12-16 12:16:47 +01:00
Rickard Nilsson
b20fcce195 nixos/nm-setup-hostsdir: RemainAfterExist -> RemainAfterExit 2018-12-15 08:33:28 +01:00
(cdep)illabout
9039cc3f28
Add explanation of using the bluezFull package in nixos documentation. 2018-12-15 14:49:41 +09:00
Florian Klink
da6a3271bb
Merge pull request #51624 from dasJ/slapd-log
nixos/openldap: Support configuring the log level
2018-12-14 11:12:43 +01:00
Elis Hirwing
6fa51fe5cf
nixos/lightdm: Fix spelling of option in docs 2018-12-13 22:26:12 +01:00
Elis Hirwing
c974813b92
nixos/sddm: Fix spelling of option in docs 2018-12-13 22:25:19 +01:00
Janne Heß
3c54d6b2f8 nixos/openldap: Support configuring the log level 2018-12-13 15:14:59 +01:00
Arian van Putten
1d5f4cbb78 nixos/nscd: Add a descriptive comment to the nscd configuration 2018-12-12 15:35:46 +01:00
Arian van Putten
a74619c1ae nixos/nscd: also add netgroup to the config
It was the last database that wasn't listed.
2018-12-12 15:35:40 +01:00
Arian van Putten
de76c16f9c nixos/nscd: Merge nscd and sssd-nscd config 2018-12-12 15:35:40 +01:00
Arian van Putten
99d3279952 nixos/nscd: Disable negative caching of hosts
Hopefully fixes #50290
2018-12-12 15:35:40 +01:00
Arian van Putten
e712417936 nixos/nscd: Disable caching of group and passwd
Systemd provides an option for allocating DynamicUsers
which we want to use in NixOS to harden service configuration.
However, we discovered that the user wasn't allocated properly
for services. After some digging this turned out to be, of course,
a cache inconsistency problem.

When a DynamicUser creation is performed, Systemd check beforehand
whether the requested user already exists statically. If it does,
it bails out. If it doesn't, systemd continues with allocating the
user.

However, by checking whether the user exists,  nscd will store
the fact that the user does not exist in it's negative cache.
When the service tries to lookup what user is associated to its
uid (By calling whoami, for example), it will try to consult
libnss_systemd.so However this will read from the cache and tell
report that the user doesn't exist, and thus will return that
there is no user associated with the uid. It will continue
to do so for the cache duration time.  If the service
doesn't immediately looks up its username, this bug is not
triggered, as the cache will be invalidated around this time.
However, if the service is quick enough, it might end up
in a situation where it's incorrectly reported that the
user doesn't exist.

Preferably, we would not be using nscd at all. But we need to
use it because glibc reads  nss modules from /etc/nsswitch.conf
by looking relative to the global LD_LIBRARY_PATH.  Because LD_LIBRARY_PATH
is not set globally (as that would lead to impurities and ABI issues),
glibc will fail to find any nss modules.
Instead, as a hack, we start up nscd with LD_LIBRARY_PATH set
for only that service. Glibc will forward all nss syscalls to
nscd, which will then respect the LD_LIBRARY_PATH and only
read from locations specified in the NixOS config.
we can load nss modules in a pure fashion.

However, I think by accident, we just copied over the default
settings of nscd, which actually caches user and group lookups.
We already disable this when sssd is enabled, as this interferes
with the correct working of libnss_sss.so as it already
does its own caching of LDAP requests.
(See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/usingnscd-sssd)

Because nscd caching is now also interferring with libnss_systemd.so
and probably also with other nsss modules, lets just pre-emptively
disable caching for now for all options related to users and groups,
but keep it for caching hosts ans services lookups.

Note that we can not just put in /etc/nscd.conf:
enable-cache passwd no

As this will actually cause glibc to _not_ forward the call to nscd
at all, and thus never reach the nss modules. Instead we set
the negative and positive cache ttls  to 0 seconds as a workaround.
This way, Glibc will always forward requests to nscd, but results
will never be cached.

Fixes #50273
2018-12-12 15:35:40 +01:00
Jappie Klooster
e576c3b385 doc: Fix insecure nginx docs (#51840) 2018-12-11 11:02:56 +00:00
markuskowa
9fba490258
Merge pull request #50862 from markuskowa/fix-slurm-module
nixos/slurm: set slurmd KillMode and add extraConfigPaths
2018-12-11 00:45:47 +01:00
Samuel Dionne-Riel
abcb25bd8d aerospike: Disables build on aarch64
The issue with its inclusion in the manual has been side-stepped by
matching on the platforms in supports.
2018-12-10 14:55:19 -05:00
Tor Hedin Brønner
3c0e70402f nixos/displayManager: Note that sessionCommands aren't run on Wayland 2018-12-10 10:36:25 +01:00
Tor Hedin Brønner
cdd266c73b nixos/gnome3: Implement sessionPath through environment.extraInit
This will simply make the `sessionPath` more likely to work.
2018-12-10 10:36:25 +01:00
Tor Hedin Brønner
48a9a24910 nixos/sddm: Enable wayland-sessions
LightDM is unable to separate between `wayland-sessions/gnome.desktop` and
`xsessions/gnome.desktop` so I ommitted adding this to LightDM.
2018-12-10 10:36:24 +01:00
Tor Hedin Brønner
9895ce24b4 nixos/displayManager: Install wayland sessions from extraSessionFilePackages 2018-12-09 11:04:42 +01:00
markuskowa
9a7ce7d69a
Merge pull request #51728 from ck3d/fix-lirc-runtime-owner-ship
nixos lirc: fix owner-ship of runtime directory
2018-12-08 18:08:14 +01:00
Jörg Thalheim
da4e257fce
Merge pull request #51670 from Mic92/quassel-webserver
quassel-webserver: remove
2018-12-08 16:26:45 +00:00
Frederik Rietdijk
3e950d584c Merge staging-next into master 2018-12-08 16:29:21 +01:00
markuskowa
86d80a7b78
Merge pull request #51583 from WilliButz/grafana-update
grafana: 5.3.4 -> 5.4.0
2018-12-08 15:42:15 +01:00
Christian Kögler
4bb55815be nixos lirc: fix owner-ship of runtime directory 2018-12-08 14:37:02 +01:00
Frederik Rietdijk
e0950ae9ad Merge master into staging-next 2018-12-08 12:40:13 +01:00
Graham Christensen
ca3f089a83
Merge pull request #51314 from Izorkin/mariadb-my.cnf
mariadb: change location configuration file to /etc/my.cnf
2018-12-07 15:37:53 -05:00
Jörg Thalheim
40c8969b4c
quassel-webserver: remove
Package is broken and the original maintainer does not respond.
Unless someone wants to pick it up, I propose the removal.

fixes #51614
2018-12-07 16:46:36 +00:00
Frederik Rietdijk
5f554279ec Merge master into staging-next 2018-12-07 15:22:35 +01:00
Renaud
0eb2f4b5f5
Merge pull request #50809 from sorki/wireguard_containers_wont_modprobe
wireguard: don't modprobe if boot.isContainer is set
2018-12-07 11:06:28 +01:00
WilliButz
60eff0eecb
nixos/grafana: use new default for connMaxLifetime 2018-12-05 20:49:45 +01:00
Pierre Bourdon
3873f43fc3 prometheus/exporters: fix regression in DynamicUser behavior
Instead of setting User/Group only when DynamicUser is disabled, the
previous version of the code set it only when it was enabled. This
caused services with DynamicUser enabled to actually run as nobody, and
services without DynamicUser enabled to run as root.

Regression from fbb7e0c82f.
2018-12-05 11:26:38 +01:00
Pierre Bourdon
199b4c4743 prometheus/exporters/tor: make CPython happy by defining $HOME 2018-12-05 11:26:38 +01:00
Austin Seipp
2a22554092 nixos/cockroachdb: simplify dataDir management, tweaks
This cleans up the CockroachDB expression, with a few suggestions from
@aszlig.

However, it brought up the note of using systemd's StateDirectory=
directive, which is a nice feature for managing long-term data files,
especially for UID/GID assigned services. However, it can only manage
directories under /var/lib (for global services), so it has to introduce
a special path to make use of it at all in the case someone wants a path
at a different root.

While the dataDir directive at the NixOS level is _occasionally_ useful,
I've gone ahead and removed it for now, as this expression is so new,
and it makes the expression cleaner, while other kinks can be worked out
and people can test drive it.

CockroachDB's dataDir directive, instead, has been replaced with
systemd's StateDirectory management to place the data under
/var/lib/cockroachdb for all uses.

There's an included RequiresMountsFor= clause like usual though, so if
people want dependencies for any kind of mounted device at boot
time/before database startup, it's easy to specify using their own
mount/filesystems clause.

This can also be reverted if necessary, but, we can see if anyone ever
actually wants that later on before doing it -- it's a backwards
compatible change, anyway.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-04 19:44:16 -06:00
Red Davies
4173b845ca mediawiki: 1.29.1 -> 1.31.1
1.29.1 is out of support and has security vulnerabilities. 1.31.1 is current LTS.
2018-12-03 21:04:08 +00:00
Bjørn Forsman
bb94d419fb nixos/jenkins-job-builder: add accessTokenFile option
The new option allows storing the secret access token outside the world
readable Nix store.
2018-12-03 17:07:29 +01:00
Bjørn Forsman
8ebfd5c45c nixos/jenkins-job-builder: stop reloadScript on error
Currently there are two calls to curl in the reloadScript, neither which
check for errors. If something is misconfigured (like wrong authToken),
the only trace that something wrong happened is this log message:

  Asking Jenkins to reload config
  <h1>Bad Message 400</h1><pre>reason: Illegal character VCHAR='<'</pre>

The service isn't marked as failed, so it's easy to miss.

Fix it by passing --fail to curl.

While at it:
* Add $curl_opts and $jenkins_url variables to keep the curl command
  lines DRY.
* Add --show-error to curl to show short error message explanation when
  things go wrong (like HTTP 401 error).
* Lower-case the $CRUMB variable as upper case is for exported environment
  variables.

The new behaviour, when having wrong accessToken:

  Asking Jenkins to reload config
  curl: (22) The requested URL returned error: 401

And the service is clearly marked as failed in `systemctl --failed`.
2018-12-03 17:07:29 +01:00
Frederik Rietdijk
a510aa2672 Merge master into staging-next 2018-12-03 12:18:43 +01:00
Piotr Bogdan
9ca3414e05 nixos/cockroachdb: supply defaultText for the package option 2018-12-02 20:50:57 -06:00
Austin Seipp
4594b18070 nixos/chrony: fix misplaced ConditionCapability= directive
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-02 20:32:47 -06:00
Izorkin
953be3e283 mariadb: change location configuration file to /etc/my.cnf 2018-12-02 22:15:02 +03:00
Silvan Mosberger
4afae70e2b
Merge pull request #48423 from charles-dyfis-net/bees
bees: init at 0.6.1; nixos/modules: services.bees init
2018-12-02 18:38:47 +01:00